search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ARM: 7409/1: Do not call flush_cache_user_range with mmap_sem held
[linux/fpc-iii.git] / net / bluetooth / hci_core.c
blobcb9cb48c6e8812731c9a5266f2b645065340b077
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI core. */
26
27 #include <linux/jiffies.h>
28 #include <linux/module.h>
29 #include <linux/kmod.h>
30
31 #include <linux/types.h>
32 #include <linux/errno.h>
33 #include <linux/kernel.h>
34 #include <linux/sched.h>
35 #include <linux/slab.h>
36 #include <linux/poll.h>
37 #include <linux/fcntl.h>
38 #include <linux/init.h>
39 #include <linux/skbuff.h>
40 #include <linux/workqueue.h>
41 #include <linux/interrupt.h>
42 #include <linux/notifier.h>
43 #include <linux/rfkill.h>
44 #include <linux/timer.h>
45 #include <net/sock.h>
46
47 #include <asm/system.h>
48 #include <linux/uaccess.h>
49 #include <asm/unaligned.h>
50
51 #include <net/bluetooth/bluetooth.h>
52 #include <net/bluetooth/hci_core.h>
53
54 #define AUTO_OFF_TIMEOUT 2000
55
56 static void hci_cmd_task(unsigned long arg);
57 static void hci_rx_task(unsigned long arg);
58 static void hci_tx_task(unsigned long arg);
59
60 static DEFINE_RWLOCK(hci_task_lock);
61
62 /* HCI device list */
63 LIST_HEAD(hci_dev_list);
64 DEFINE_RWLOCK(hci_dev_list_lock);
65
66 /* HCI callback list */
67 LIST_HEAD(hci_cb_list);
68 DEFINE_RWLOCK(hci_cb_list_lock);
69
70 /* HCI protocols */
71 #define HCI_MAX_PROTO 2
72 struct hci_proto *hci_proto[HCI_MAX_PROTO];
73
74 /* HCI notifiers list */
75 static ATOMIC_NOTIFIER_HEAD(hci_notifier);
76
77 /* ---- HCI notifications ---- */
78
79 int hci_register_notifier(struct notifier_block *nb)
80 {
81 return atomic_notifier_chain_register(&hci_notifier, nb);
82 }
83
84 int hci_unregister_notifier(struct notifier_block *nb)
85 {
86 return atomic_notifier_chain_unregister(&hci_notifier, nb);
87 }
88
89 static void hci_notify(struct hci_dev *hdev, int event)
90 {
91 atomic_notifier_call_chain(&hci_notifier, event, hdev);
92 }
93
94 /* ---- HCI requests ---- */
95
96 void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
97 {
98 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result);
99
100 /* If this is the init phase check if the completed command matches
101 * the last init command, and if not just return.
102 */
103 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd)
104 return;
105
106 if (hdev->req_status == HCI_REQ_PEND) {
107 hdev->req_result = result;
108 hdev->req_status = HCI_REQ_DONE;
109 wake_up_interruptible(&hdev->req_wait_q);
110 }
111 }
112
113 static void hci_req_cancel(struct hci_dev *hdev, int err)
114 {
115 BT_DBG("%s err 0x%2.2x", hdev->name, err);
116
117 if (hdev->req_status == HCI_REQ_PEND) {
118 hdev->req_result = err;
119 hdev->req_status = HCI_REQ_CANCELED;
120 wake_up_interruptible(&hdev->req_wait_q);
121 }
122 }
123
124 /* Execute request and wait for completion. */
125 static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
126 unsigned long opt, __u32 timeout)
127 {
128 DECLARE_WAITQUEUE(wait, current);
129 int err = 0;
130
131 BT_DBG("%s start", hdev->name);
132
133 hdev->req_status = HCI_REQ_PEND;
134
135 add_wait_queue(&hdev->req_wait_q, &wait);
136 set_current_state(TASK_INTERRUPTIBLE);
137
138 req(hdev, opt);
139 schedule_timeout(timeout);
140
141 remove_wait_queue(&hdev->req_wait_q, &wait);
142
143 if (signal_pending(current))
144 return -EINTR;
145
146 switch (hdev->req_status) {
147 case HCI_REQ_DONE:
148 err = -bt_err(hdev->req_result);
149 break;
150
151 case HCI_REQ_CANCELED:
152 err = -hdev->req_result;
153 break;
154
155 default:
156 err = -ETIMEDOUT;
157 break;
158 }
159
160 hdev->req_status = hdev->req_result = 0;
161
162 BT_DBG("%s end: err %d", hdev->name, err);
163
164 return err;
165 }
166
167 static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
168 unsigned long opt, __u32 timeout)
169 {
170 int ret;
171
172 if (!test_bit(HCI_UP, &hdev->flags))
173 return -ENETDOWN;
174
175 /* Serialize all requests */
176 hci_req_lock(hdev);
177 ret = __hci_request(hdev, req, opt, timeout);
178 hci_req_unlock(hdev);
179
180 return ret;
181 }
182
183 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
184 {
185 BT_DBG("%s %ld", hdev->name, opt);
186
187 /* Reset device */
188 set_bit(HCI_RESET, &hdev->flags);
189 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
190 }
191
192 static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
193 {
194 struct hci_cp_delete_stored_link_key cp;
195 struct sk_buff *skb;
196 __le16 param;
197 __u8 flt_type;
198
199 BT_DBG("%s %ld", hdev->name, opt);
200
201 /* Driver initialization */
202
203 /* Special commands */
204 while ((skb = skb_dequeue(&hdev->driver_init))) {
205 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
206 skb->dev = (void *) hdev;
207
208 skb_queue_tail(&hdev->cmd_q, skb);
209 tasklet_schedule(&hdev->cmd_task);
210 }
211 skb_queue_purge(&hdev->driver_init);
212
213 /* Mandatory initialization */
214
215 /* Reset */
216 if (!test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
217 set_bit(HCI_RESET, &hdev->flags);
218 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
219 }
220
221 /* Read Local Supported Features */
222 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
223
224 /* Read Local Version */
225 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
226
227 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
228 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
229
230 #if 0
231 /* Host buffer size */
232 {
233 struct hci_cp_host_buffer_size cp;
234 cp.acl_mtu = cpu_to_le16(HCI_MAX_ACL_SIZE);
235 cp.sco_mtu = HCI_MAX_SCO_SIZE;
236 cp.acl_max_pkt = cpu_to_le16(0xffff);
237 cp.sco_max_pkt = cpu_to_le16(0xffff);
238 hci_send_cmd(hdev, HCI_OP_HOST_BUFFER_SIZE, sizeof(cp), &cp);
239 }
240 #endif
241
242 /* Read BD Address */
243 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
244
245 /* Read Class of Device */
246 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
247
248 /* Read Local Name */
249 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
250
251 /* Read Voice Setting */
252 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
253
254 /* Optional initialization */
255
256 /* Clear Event Filters */
257 flt_type = HCI_FLT_CLEAR_ALL;
258 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
259
260 /* Connection accept timeout ~20 secs */
261 param = cpu_to_le16(0x7d00);
262 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
263
264 bacpy(&cp.bdaddr, BDADDR_ANY);
265 cp.delete_all = 1;
266 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
267 }
268
269 static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt)
270 {
271 BT_DBG("%s", hdev->name);
272
273 /* Read LE buffer size */
274 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
275 }
276
277 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
278 {
279 __u8 scan = opt;
280
281 BT_DBG("%s %x", hdev->name, scan);
282
283 /* Inquiry and Page scans */
284 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
285 }
286
287 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
288 {
289 __u8 auth = opt;
290
291 BT_DBG("%s %x", hdev->name, auth);
292
293 /* Authentication */
294 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
295 }
296
297 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
298 {
299 __u8 encrypt = opt;
300
301 BT_DBG("%s %x", hdev->name, encrypt);
302
303 /* Encryption */
304 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
305 }
306
307 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
308 {
309 __le16 policy = cpu_to_le16(opt);
310
311 BT_DBG("%s %x", hdev->name, policy);
312
313 /* Default link policy */
314 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
315 }
316
317 /* Get HCI device by index.
318 * Device is held on return. */
319 struct hci_dev *hci_dev_get(int index)
320 {
321 struct hci_dev *hdev = NULL;
322 struct list_head *p;
323
324 BT_DBG("%d", index);
325
326 if (index < 0)
327 return NULL;
328
329 read_lock(&hci_dev_list_lock);
330 list_for_each(p, &hci_dev_list) {
331 struct hci_dev *d = list_entry(p, struct hci_dev, list);
332 if (d->id == index) {
333 hdev = hci_dev_hold(d);
334 break;
335 }
336 }
337 read_unlock(&hci_dev_list_lock);
338 return hdev;
339 }
340
341 /* ---- Inquiry support ---- */
342 static void inquiry_cache_flush(struct hci_dev *hdev)
343 {
344 struct inquiry_cache *cache = &hdev->inq_cache;
345 struct inquiry_entry *next = cache->list, *e;
346
347 BT_DBG("cache %p", cache);
348
349 cache->list = NULL;
350 while ((e = next)) {
351 next = e->next;
352 kfree(e);
353 }
354 }
355
356 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
357 {
358 struct inquiry_cache *cache = &hdev->inq_cache;
359 struct inquiry_entry *e;
360
361 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
362
363 for (e = cache->list; e; e = e->next)
364 if (!bacmp(&e->data.bdaddr, bdaddr))
365 break;
366 return e;
367 }
368
369 void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data)
370 {
371 struct inquiry_cache *cache = &hdev->inq_cache;
372 struct inquiry_entry *ie;
373
374 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
375
376 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
377 if (!ie) {
378 /* Entry not in the cache. Add new one. */
379 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
380 if (!ie)
381 return;
382
383 ie->next = cache->list;
384 cache->list = ie;
385 }
386
387 memcpy(&ie->data, data, sizeof(*data));
388 ie->timestamp = jiffies;
389 cache->timestamp = jiffies;
390 }
391
392 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
393 {
394 struct inquiry_cache *cache = &hdev->inq_cache;
395 struct inquiry_info *info = (struct inquiry_info *) buf;
396 struct inquiry_entry *e;
397 int copied = 0;
398
399 for (e = cache->list; e && copied < num; e = e->next, copied++) {
400 struct inquiry_data *data = &e->data;
401 bacpy(&info->bdaddr, &data->bdaddr);
402 info->pscan_rep_mode = data->pscan_rep_mode;
403 info->pscan_period_mode = data->pscan_period_mode;
404 info->pscan_mode = data->pscan_mode;
405 memcpy(info->dev_class, data->dev_class, 3);
406 info->clock_offset = data->clock_offset;
407 info++;
408 }
409
410 BT_DBG("cache %p, copied %d", cache, copied);
411 return copied;
412 }
413
414 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
415 {
416 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
417 struct hci_cp_inquiry cp;
418
419 BT_DBG("%s", hdev->name);
420
421 if (test_bit(HCI_INQUIRY, &hdev->flags))
422 return;
423
424 /* Start Inquiry */
425 memcpy(&cp.lap, &ir->lap, 3);
426 cp.length = ir->length;
427 cp.num_rsp = ir->num_rsp;
428 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
429 }
430
431 int hci_inquiry(void __user *arg)
432 {
433 __u8 __user *ptr = arg;
434 struct hci_inquiry_req ir;
435 struct hci_dev *hdev;
436 int err = 0, do_inquiry = 0, max_rsp;
437 long timeo;
438 __u8 *buf;
439
440 if (copy_from_user(&ir, ptr, sizeof(ir)))
441 return -EFAULT;
442
443 hdev = hci_dev_get(ir.dev_id);
444 if (!hdev)
445 return -ENODEV;
446
447 hci_dev_lock_bh(hdev);
448 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
449 inquiry_cache_empty(hdev) ||
450 ir.flags & IREQ_CACHE_FLUSH) {
451 inquiry_cache_flush(hdev);
452 do_inquiry = 1;
453 }
454 hci_dev_unlock_bh(hdev);
455
456 timeo = ir.length * msecs_to_jiffies(2000);
457
458 if (do_inquiry) {
459 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
460 if (err < 0)
461 goto done;
462 }
463
464 /* for unlimited number of responses we will use buffer with 255 entries */
465 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
466
467 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
468 * copy it to the user space.
469 */
470 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
471 if (!buf) {
472 err = -ENOMEM;
473 goto done;
474 }
475
476 hci_dev_lock_bh(hdev);
477 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
478 hci_dev_unlock_bh(hdev);
479
480 BT_DBG("num_rsp %d", ir.num_rsp);
481
482 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
483 ptr += sizeof(ir);
484 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
485 ir.num_rsp))
486 err = -EFAULT;
487 } else
488 err = -EFAULT;
489
490 kfree(buf);
491
492 done:
493 hci_dev_put(hdev);
494 return err;
495 }
496
497 /* ---- HCI ioctl helpers ---- */
498
499 int hci_dev_open(__u16 dev)
500 {
501 struct hci_dev *hdev;
502 int ret = 0;
503
504 hdev = hci_dev_get(dev);
505 if (!hdev)
506 return -ENODEV;
507
508 BT_DBG("%s %p", hdev->name, hdev);
509
510 hci_req_lock(hdev);
511
512 if (test_bit(HCI_UNREGISTER, &hdev->flags)) {
513 ret = -ENODEV;
514 goto done;
515 }
516
517 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
518 ret = -ERFKILL;
519 goto done;
520 }
521
522 if (test_bit(HCI_UP, &hdev->flags)) {
523 ret = -EALREADY;
524 goto done;
525 }
526
527 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
528 set_bit(HCI_RAW, &hdev->flags);
529
530 /* Treat all non BR/EDR controllers as raw devices for now */
531 if (hdev->dev_type != HCI_BREDR)
532 set_bit(HCI_RAW, &hdev->flags);
533
534 if (hdev->open(hdev)) {
535 ret = -EIO;
536 goto done;
537 }
538
539 if (!test_bit(HCI_RAW, &hdev->flags)) {
540 atomic_set(&hdev->cmd_cnt, 1);
541 set_bit(HCI_INIT, &hdev->flags);
542 hdev->init_last_cmd = 0;
543
544 ret = __hci_request(hdev, hci_init_req, 0,
545 msecs_to_jiffies(HCI_INIT_TIMEOUT));
546
547 if (lmp_le_capable(hdev))
548 ret = __hci_request(hdev, hci_le_init_req, 0,
549 msecs_to_jiffies(HCI_INIT_TIMEOUT));
550
551 clear_bit(HCI_INIT, &hdev->flags);
552 }
553
554 if (!ret) {
555 hci_dev_hold(hdev);
556 set_bit(HCI_UP, &hdev->flags);
557 hci_notify(hdev, HCI_DEV_UP);
558 if (!test_bit(HCI_SETUP, &hdev->flags))
559 mgmt_powered(hdev->id, 1);
560 } else {
561 /* Init failed, cleanup */
562 tasklet_kill(&hdev->rx_task);
563 tasklet_kill(&hdev->tx_task);
564 tasklet_kill(&hdev->cmd_task);
565
566 skb_queue_purge(&hdev->cmd_q);
567 skb_queue_purge(&hdev->rx_q);
568
569 if (hdev->flush)
570 hdev->flush(hdev);
571
572 if (hdev->sent_cmd) {
573 kfree_skb(hdev->sent_cmd);
574 hdev->sent_cmd = NULL;
575 }
576
577 hdev->close(hdev);
578 hdev->flags = 0;
579 }
580
581 done:
582 hci_req_unlock(hdev);
583 hci_dev_put(hdev);
584 return ret;
585 }
586
587 static int hci_dev_do_close(struct hci_dev *hdev)
588 {
589 BT_DBG("%s %p", hdev->name, hdev);
590
591 hci_req_cancel(hdev, ENODEV);
592 hci_req_lock(hdev);
593
594 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
595 del_timer_sync(&hdev->cmd_timer);
596 hci_req_unlock(hdev);
597 return 0;
598 }
599
600 /* Kill RX and TX tasks */
601 tasklet_kill(&hdev->rx_task);
602 tasklet_kill(&hdev->tx_task);
603
604 hci_dev_lock_bh(hdev);
605 inquiry_cache_flush(hdev);
606 hci_conn_hash_flush(hdev);
607 hci_dev_unlock_bh(hdev);
608
609 hci_notify(hdev, HCI_DEV_DOWN);
610
611 if (hdev->flush)
612 hdev->flush(hdev);
613
614 /* Reset device */
615 skb_queue_purge(&hdev->cmd_q);
616 atomic_set(&hdev->cmd_cnt, 1);
617 if (!test_bit(HCI_RAW, &hdev->flags)) {
618 set_bit(HCI_INIT, &hdev->flags);
619 __hci_request(hdev, hci_reset_req, 0,
620 msecs_to_jiffies(250));
621 clear_bit(HCI_INIT, &hdev->flags);
622 }
623
624 /* Kill cmd task */
625 tasklet_kill(&hdev->cmd_task);
626
627 /* Drop queues */
628 skb_queue_purge(&hdev->rx_q);
629 skb_queue_purge(&hdev->cmd_q);
630 skb_queue_purge(&hdev->raw_q);
631
632 /* Drop last sent command */
633 if (hdev->sent_cmd) {
634 del_timer_sync(&hdev->cmd_timer);
635 kfree_skb(hdev->sent_cmd);
636 hdev->sent_cmd = NULL;
637 }
638
639 /* After this point our queues are empty
640 * and no tasks are scheduled. */
641 hdev->close(hdev);
642
643 mgmt_powered(hdev->id, 0);
644
645 /* Clear flags */
646 hdev->flags = 0;
647
648 hci_req_unlock(hdev);
649
650 hci_dev_put(hdev);
651 return 0;
652 }
653
654 int hci_dev_close(__u16 dev)
655 {
656 struct hci_dev *hdev;
657 int err;
658
659 hdev = hci_dev_get(dev);
660 if (!hdev)
661 return -ENODEV;
662 err = hci_dev_do_close(hdev);
663 hci_dev_put(hdev);
664 return err;
665 }
666
667 int hci_dev_reset(__u16 dev)
668 {
669 struct hci_dev *hdev;
670 int ret = 0;
671
672 hdev = hci_dev_get(dev);
673 if (!hdev)
674 return -ENODEV;
675
676 hci_req_lock(hdev);
677 tasklet_disable(&hdev->tx_task);
678
679 if (!test_bit(HCI_UP, &hdev->flags))
680 goto done;
681
682 /* Drop queues */
683 skb_queue_purge(&hdev->rx_q);
684 skb_queue_purge(&hdev->cmd_q);
685
686 hci_dev_lock_bh(hdev);
687 inquiry_cache_flush(hdev);
688 hci_conn_hash_flush(hdev);
689 hci_dev_unlock_bh(hdev);
690
691 if (hdev->flush)
692 hdev->flush(hdev);
693
694 atomic_set(&hdev->cmd_cnt, 1);
695 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
696
697 if (!test_bit(HCI_RAW, &hdev->flags))
698 ret = __hci_request(hdev, hci_reset_req, 0,
699 msecs_to_jiffies(HCI_INIT_TIMEOUT));
700
701 done:
702 tasklet_enable(&hdev->tx_task);
703 hci_req_unlock(hdev);
704 hci_dev_put(hdev);
705 return ret;
706 }
707
708 int hci_dev_reset_stat(__u16 dev)
709 {
710 struct hci_dev *hdev;
711 int ret = 0;
712
713 hdev = hci_dev_get(dev);
714 if (!hdev)
715 return -ENODEV;
716
717 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
718
719 hci_dev_put(hdev);
720
721 return ret;
722 }
723
724 int hci_dev_cmd(unsigned int cmd, void __user *arg)
725 {
726 struct hci_dev *hdev;
727 struct hci_dev_req dr;
728 int err = 0;
729
730 if (copy_from_user(&dr, arg, sizeof(dr)))
731 return -EFAULT;
732
733 hdev = hci_dev_get(dr.dev_id);
734 if (!hdev)
735 return -ENODEV;
736
737 switch (cmd) {
738 case HCISETAUTH:
739 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
740 msecs_to_jiffies(HCI_INIT_TIMEOUT));
741 break;
742
743 case HCISETENCRYPT:
744 if (!lmp_encrypt_capable(hdev)) {
745 err = -EOPNOTSUPP;
746 break;
747 }
748
749 if (!test_bit(HCI_AUTH, &hdev->flags)) {
750 /* Auth must be enabled first */
751 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
752 msecs_to_jiffies(HCI_INIT_TIMEOUT));
753 if (err)
754 break;
755 }
756
757 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
758 msecs_to_jiffies(HCI_INIT_TIMEOUT));
759 break;
760
761 case HCISETSCAN:
762 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
763 msecs_to_jiffies(HCI_INIT_TIMEOUT));
764 break;
765
766 case HCISETLINKPOL:
767 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
768 msecs_to_jiffies(HCI_INIT_TIMEOUT));
769 break;
770
771 case HCISETLINKMODE:
772 hdev->link_mode = ((__u16) dr.dev_opt) &
773 (HCI_LM_MASTER | HCI_LM_ACCEPT);
774 break;
775
776 case HCISETPTYPE:
777 hdev->pkt_type = (__u16) dr.dev_opt;
778 break;
779
780 case HCISETACLMTU:
781 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
782 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
783 break;
784
785 case HCISETSCOMTU:
786 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
787 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
788 break;
789
790 default:
791 err = -EINVAL;
792 break;
793 }
794
795 hci_dev_put(hdev);
796 return err;
797 }
798
799 int hci_get_dev_list(void __user *arg)
800 {
801 struct hci_dev_list_req *dl;
802 struct hci_dev_req *dr;
803 struct list_head *p;
804 int n = 0, size, err;
805 __u16 dev_num;
806
807 if (get_user(dev_num, (__u16 __user *) arg))
808 return -EFAULT;
809
810 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
811 return -EINVAL;
812
813 size = sizeof(*dl) + dev_num * sizeof(*dr);
814
815 dl = kzalloc(size, GFP_KERNEL);
816 if (!dl)
817 return -ENOMEM;
818
819 dr = dl->dev_req;
820
821 read_lock_bh(&hci_dev_list_lock);
822 list_for_each(p, &hci_dev_list) {
823 struct hci_dev *hdev;
824
825 hdev = list_entry(p, struct hci_dev, list);
826
827 hci_del_off_timer(hdev);
828
829 if (!test_bit(HCI_MGMT, &hdev->flags))
830 set_bit(HCI_PAIRABLE, &hdev->flags);
831
832 (dr + n)->dev_id = hdev->id;
833 (dr + n)->dev_opt = hdev->flags;
834
835 if (++n >= dev_num)
836 break;
837 }
838 read_unlock_bh(&hci_dev_list_lock);
839
840 dl->dev_num = n;
841 size = sizeof(*dl) + n * sizeof(*dr);
842
843 err = copy_to_user(arg, dl, size);
844 kfree(dl);
845
846 return err ? -EFAULT : 0;
847 }
848
849 int hci_get_dev_info(void __user *arg)
850 {
851 struct hci_dev *hdev;
852 struct hci_dev_info di;
853 int err = 0;
854
855 if (copy_from_user(&di, arg, sizeof(di)))
856 return -EFAULT;
857
858 hdev = hci_dev_get(di.dev_id);
859 if (!hdev)
860 return -ENODEV;
861
862 hci_del_off_timer(hdev);
863
864 if (!test_bit(HCI_MGMT, &hdev->flags))
865 set_bit(HCI_PAIRABLE, &hdev->flags);
866
867 strcpy(di.name, hdev->name);
868 di.bdaddr = hdev->bdaddr;
869 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
870 di.flags = hdev->flags;
871 di.pkt_type = hdev->pkt_type;
872 di.acl_mtu = hdev->acl_mtu;
873 di.acl_pkts = hdev->acl_pkts;
874 di.sco_mtu = hdev->sco_mtu;
875 di.sco_pkts = hdev->sco_pkts;
876 di.link_policy = hdev->link_policy;
877 di.link_mode = hdev->link_mode;
878
879 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
880 memcpy(&di.features, &hdev->features, sizeof(di.features));
881
882 if (copy_to_user(arg, &di, sizeof(di)))
883 err = -EFAULT;
884
885 hci_dev_put(hdev);
886
887 return err;
888 }
889
890 /* ---- Interface to HCI drivers ---- */
891
892 static int hci_rfkill_set_block(void *data, bool blocked)
893 {
894 struct hci_dev *hdev = data;
895
896 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
897
898 if (!blocked)
899 return 0;
900
901 hci_dev_do_close(hdev);
902
903 return 0;
904 }
905
906 static const struct rfkill_ops hci_rfkill_ops = {
907 .set_block = hci_rfkill_set_block,
908 };
909
910 /* Alloc HCI device */
911 struct hci_dev *hci_alloc_dev(void)
912 {
913 struct hci_dev *hdev;
914
915 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
916 if (!hdev)
917 return NULL;
918
919 skb_queue_head_init(&hdev->driver_init);
920
921 return hdev;
922 }
923 EXPORT_SYMBOL(hci_alloc_dev);
924
925 /* Free HCI device */
926 void hci_free_dev(struct hci_dev *hdev)
927 {
928 skb_queue_purge(&hdev->driver_init);
929
930 /* will free via device release */
931 put_device(&hdev->dev);
932 }
933 EXPORT_SYMBOL(hci_free_dev);
934
935 static void hci_power_on(struct work_struct *work)
936 {
937 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
938
939 BT_DBG("%s", hdev->name);
940
941 if (hci_dev_open(hdev->id) < 0)
942 return;
943
944 if (test_bit(HCI_AUTO_OFF, &hdev->flags))
945 mod_timer(&hdev->off_timer,
946 jiffies + msecs_to_jiffies(AUTO_OFF_TIMEOUT));
947
948 if (test_and_clear_bit(HCI_SETUP, &hdev->flags))
949 mgmt_index_added(hdev->id);
950 }
951
952 static void hci_power_off(struct work_struct *work)
953 {
954 struct hci_dev *hdev = container_of(work, struct hci_dev, power_off);
955
956 BT_DBG("%s", hdev->name);
957
958 hci_dev_close(hdev->id);
959 }
960
961 static void hci_auto_off(unsigned long data)
962 {
963 struct hci_dev *hdev = (struct hci_dev *) data;
964
965 BT_DBG("%s", hdev->name);
966
967 clear_bit(HCI_AUTO_OFF, &hdev->flags);
968
969 queue_work(hdev->workqueue, &hdev->power_off);
970 }
971
972 void hci_del_off_timer(struct hci_dev *hdev)
973 {
974 BT_DBG("%s", hdev->name);
975
976 clear_bit(HCI_AUTO_OFF, &hdev->flags);
977 del_timer(&hdev->off_timer);
978 }
979
980 int hci_uuids_clear(struct hci_dev *hdev)
981 {
982 struct list_head *p, *n;
983
984 list_for_each_safe(p, n, &hdev->uuids) {
985 struct bt_uuid *uuid;
986
987 uuid = list_entry(p, struct bt_uuid, list);
988
989 list_del(p);
990 kfree(uuid);
991 }
992
993 return 0;
994 }
995
996 int hci_link_keys_clear(struct hci_dev *hdev)
997 {
998 struct list_head *p, *n;
999
1000 list_for_each_safe(p, n, &hdev->link_keys) {
1001 struct link_key *key;
1002
1003 key = list_entry(p, struct link_key, list);
1004
1005 list_del(p);
1006 kfree(key);
1007 }
1008
1009 return 0;
1010 }
1011
1012 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1013 {
1014 struct list_head *p;
1015
1016 list_for_each(p, &hdev->link_keys) {
1017 struct link_key *k;
1018
1019 k = list_entry(p, struct link_key, list);
1020
1021 if (bacmp(bdaddr, &k->bdaddr) == 0)
1022 return k;
1023 }
1024
1025 return NULL;
1026 }
1027
1028 static int hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1029 u8 key_type, u8 old_key_type)
1030 {
1031 /* Legacy key */
1032 if (key_type < 0x03)
1033 return 1;
1034
1035 /* Debug keys are insecure so don't store them persistently */
1036 if (key_type == HCI_LK_DEBUG_COMBINATION)
1037 return 0;
1038
1039 /* Changed combination key and there's no previous one */
1040 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1041 return 0;
1042
1043 /* Security mode 3 case */
1044 if (!conn)
1045 return 1;
1046
1047 /* Neither local nor remote side had no-bonding as requirement */
1048 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1049 return 1;
1050
1051 /* Local side had dedicated bonding as requirement */
1052 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1053 return 1;
1054
1055 /* Remote side had dedicated bonding as requirement */
1056 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1057 return 1;
1058
1059 /* If none of the above criteria match, then don't store the key
1060 * persistently */
1061 return 0;
1062 }
1063
1064 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1065 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1066 {
1067 struct link_key *key, *old_key;
1068 u8 old_key_type, persistent;
1069
1070 old_key = hci_find_link_key(hdev, bdaddr);
1071 if (old_key) {
1072 old_key_type = old_key->type;
1073 key = old_key;
1074 } else {
1075 old_key_type = conn ? conn->key_type : 0xff;
1076 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1077 if (!key)
1078 return -ENOMEM;
1079 list_add(&key->list, &hdev->link_keys);
1080 }
1081
1082 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type);
1083
1084 /* Some buggy controller combinations generate a changed
1085 * combination key for legacy pairing even when there's no
1086 * previous key */
1087 if (type == HCI_LK_CHANGED_COMBINATION &&
1088 (!conn || conn->remote_auth == 0xff) &&
1089 old_key_type == 0xff) {
1090 type = HCI_LK_COMBINATION;
1091 if (conn)
1092 conn->key_type = type;
1093 }
1094
1095 bacpy(&key->bdaddr, bdaddr);
1096 memcpy(key->val, val, 16);
1097 key->pin_len = pin_len;
1098
1099 if (type == HCI_LK_CHANGED_COMBINATION)
1100 key->type = old_key_type;
1101 else
1102 key->type = type;
1103
1104 if (!new_key)
1105 return 0;
1106
1107 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1108
1109 mgmt_new_key(hdev->id, key, persistent);
1110
1111 if (!persistent) {
1112 list_del(&key->list);
1113 kfree(key);
1114 }
1115
1116 return 0;
1117 }
1118
1119 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1120 {
1121 struct link_key *key;
1122
1123 key = hci_find_link_key(hdev, bdaddr);
1124 if (!key)
1125 return -ENOENT;
1126
1127 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1128
1129 list_del(&key->list);
1130 kfree(key);
1131
1132 return 0;
1133 }
1134
1135 /* HCI command timer function */
1136 static void hci_cmd_timer(unsigned long arg)
1137 {
1138 struct hci_dev *hdev = (void *) arg;
1139
1140 BT_ERR("%s command tx timeout", hdev->name);
1141 atomic_set(&hdev->cmd_cnt, 1);
1142 clear_bit(HCI_RESET, &hdev->flags);
1143 tasklet_schedule(&hdev->cmd_task);
1144 }
1145
1146 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1147 bdaddr_t *bdaddr)
1148 {
1149 struct oob_data *data;
1150
1151 list_for_each_entry(data, &hdev->remote_oob_data, list)
1152 if (bacmp(bdaddr, &data->bdaddr) == 0)
1153 return data;
1154
1155 return NULL;
1156 }
1157
1158 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1159 {
1160 struct oob_data *data;
1161
1162 data = hci_find_remote_oob_data(hdev, bdaddr);
1163 if (!data)
1164 return -ENOENT;
1165
1166 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1167
1168 list_del(&data->list);
1169 kfree(data);
1170
1171 return 0;
1172 }
1173
1174 int hci_remote_oob_data_clear(struct hci_dev *hdev)
1175 {
1176 struct oob_data *data, *n;
1177
1178 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1179 list_del(&data->list);
1180 kfree(data);
1181 }
1182
1183 return 0;
1184 }
1185
1186 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1187 u8 *randomizer)
1188 {
1189 struct oob_data *data;
1190
1191 data = hci_find_remote_oob_data(hdev, bdaddr);
1192
1193 if (!data) {
1194 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1195 if (!data)
1196 return -ENOMEM;
1197
1198 bacpy(&data->bdaddr, bdaddr);
1199 list_add(&data->list, &hdev->remote_oob_data);
1200 }
1201
1202 memcpy(data->hash, hash, sizeof(data->hash));
1203 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1204
1205 BT_DBG("%s for %s", hdev->name, batostr(bdaddr));
1206
1207 return 0;
1208 }
1209
1210 /* Register HCI device */
1211 int hci_register_dev(struct hci_dev *hdev)
1212 {
1213 struct list_head *head = &hci_dev_list, *p;
1214 int i, id = 0;
1215
1216 BT_DBG("%p name %s bus %d owner %p", hdev, hdev->name,
1217 hdev->bus, hdev->owner);
1218
1219 if (!hdev->open || !hdev->close || !hdev->destruct)
1220 return -EINVAL;
1221
1222 write_lock_bh(&hci_dev_list_lock);
1223
1224 /* Find first available device id */
1225 list_for_each(p, &hci_dev_list) {
1226 if (list_entry(p, struct hci_dev, list)->id != id)
1227 break;
1228 head = p; id++;
1229 }
1230
1231 sprintf(hdev->name, "hci%d", id);
1232 hdev->id = id;
1233 list_add(&hdev->list, head);
1234
1235 atomic_set(&hdev->refcnt, 1);
1236 spin_lock_init(&hdev->lock);
1237
1238 hdev->flags = 0;
1239 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
1240 hdev->esco_type = (ESCO_HV1);
1241 hdev->link_mode = (HCI_LM_ACCEPT);
1242 hdev->io_capability = 0x03; /* No Input No Output */
1243
1244 hdev->idle_timeout = 0;
1245 hdev->sniff_max_interval = 800;
1246 hdev->sniff_min_interval = 80;
1247
1248 tasklet_init(&hdev->cmd_task, hci_cmd_task, (unsigned long) hdev);
1249 tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev);
1250 tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev);
1251
1252 skb_queue_head_init(&hdev->rx_q);
1253 skb_queue_head_init(&hdev->cmd_q);
1254 skb_queue_head_init(&hdev->raw_q);
1255
1256 setup_timer(&hdev->cmd_timer, hci_cmd_timer, (unsigned long) hdev);
1257
1258 for (i = 0; i < NUM_REASSEMBLY; i++)
1259 hdev->reassembly[i] = NULL;
1260
1261 init_waitqueue_head(&hdev->req_wait_q);
1262 mutex_init(&hdev->req_lock);
1263
1264 inquiry_cache_init(hdev);
1265
1266 hci_conn_hash_init(hdev);
1267
1268 INIT_LIST_HEAD(&hdev->blacklist);
1269
1270 INIT_LIST_HEAD(&hdev->uuids);
1271
1272 INIT_LIST_HEAD(&hdev->link_keys);
1273
1274 INIT_LIST_HEAD(&hdev->remote_oob_data);
1275
1276 INIT_WORK(&hdev->power_on, hci_power_on);
1277 INIT_WORK(&hdev->power_off, hci_power_off);
1278 setup_timer(&hdev->off_timer, hci_auto_off, (unsigned long) hdev);
1279
1280 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1281
1282 atomic_set(&hdev->promisc, 0);
1283
1284 write_unlock_bh(&hci_dev_list_lock);
1285
1286 hdev->workqueue = create_singlethread_workqueue(hdev->name);
1287 if (!hdev->workqueue)
1288 goto nomem;
1289
1290 hci_register_sysfs(hdev);
1291
1292 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
1293 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, hdev);
1294 if (hdev->rfkill) {
1295 if (rfkill_register(hdev->rfkill) < 0) {
1296 rfkill_destroy(hdev->rfkill);
1297 hdev->rfkill = NULL;
1298 }
1299 }
1300
1301 set_bit(HCI_AUTO_OFF, &hdev->flags);
1302 set_bit(HCI_SETUP, &hdev->flags);
1303 queue_work(hdev->workqueue, &hdev->power_on);
1304
1305 hci_notify(hdev, HCI_DEV_REG);
1306
1307 return id;
1308
1309 nomem:
1310 write_lock_bh(&hci_dev_list_lock);
1311 list_del(&hdev->list);
1312 write_unlock_bh(&hci_dev_list_lock);
1313
1314 return -ENOMEM;
1315 }
1316 EXPORT_SYMBOL(hci_register_dev);
1317
1318 /* Unregister HCI device */
1319 int hci_unregister_dev(struct hci_dev *hdev)
1320 {
1321 int i;
1322
1323 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1324
1325 set_bit(HCI_UNREGISTER, &hdev->flags);
1326
1327 write_lock_bh(&hci_dev_list_lock);
1328 list_del(&hdev->list);
1329 write_unlock_bh(&hci_dev_list_lock);
1330
1331 hci_dev_do_close(hdev);
1332
1333 for (i = 0; i < NUM_REASSEMBLY; i++)
1334 kfree_skb(hdev->reassembly[i]);
1335
1336 if (!test_bit(HCI_INIT, &hdev->flags) &&
1337 !test_bit(HCI_SETUP, &hdev->flags))
1338 mgmt_index_removed(hdev->id);
1339
1340 hci_notify(hdev, HCI_DEV_UNREG);
1341
1342 if (hdev->rfkill) {
1343 rfkill_unregister(hdev->rfkill);
1344 rfkill_destroy(hdev->rfkill);
1345 }
1346
1347 hci_unregister_sysfs(hdev);
1348
1349 hci_del_off_timer(hdev);
1350
1351 destroy_workqueue(hdev->workqueue);
1352
1353 hci_dev_lock_bh(hdev);
1354 hci_blacklist_clear(hdev);
1355 hci_uuids_clear(hdev);
1356 hci_link_keys_clear(hdev);
1357 hci_remote_oob_data_clear(hdev);
1358 hci_dev_unlock_bh(hdev);
1359
1360 __hci_dev_put(hdev);
1361
1362 return 0;
1363 }
1364 EXPORT_SYMBOL(hci_unregister_dev);
1365
1366 /* Suspend HCI device */
1367 int hci_suspend_dev(struct hci_dev *hdev)
1368 {
1369 hci_notify(hdev, HCI_DEV_SUSPEND);
1370 return 0;
1371 }
1372 EXPORT_SYMBOL(hci_suspend_dev);
1373
1374 /* Resume HCI device */
1375 int hci_resume_dev(struct hci_dev *hdev)
1376 {
1377 hci_notify(hdev, HCI_DEV_RESUME);
1378 return 0;
1379 }
1380 EXPORT_SYMBOL(hci_resume_dev);
1381
1382 /* Receive frame from HCI drivers */
1383 int hci_recv_frame(struct sk_buff *skb)
1384 {
1385 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1386 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1387 && !test_bit(HCI_INIT, &hdev->flags))) {
1388 kfree_skb(skb);
1389 return -ENXIO;
1390 }
1391
1392 /* Incomming skb */
1393 bt_cb(skb)->incoming = 1;
1394
1395 /* Time stamp */
1396 __net_timestamp(skb);
1397
1398 /* Queue frame for rx task */
1399 skb_queue_tail(&hdev->rx_q, skb);
1400 tasklet_schedule(&hdev->rx_task);
1401
1402 return 0;
1403 }
1404 EXPORT_SYMBOL(hci_recv_frame);
1405
1406 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1407 int count, __u8 index)
1408 {
1409 int len = 0;
1410 int hlen = 0;
1411 int remain = count;
1412 struct sk_buff *skb;
1413 struct bt_skb_cb *scb;
1414
1415 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1416 index >= NUM_REASSEMBLY)
1417 return -EILSEQ;
1418
1419 skb = hdev->reassembly[index];
1420
1421 if (!skb) {
1422 switch (type) {
1423 case HCI_ACLDATA_PKT:
1424 len = HCI_MAX_FRAME_SIZE;
1425 hlen = HCI_ACL_HDR_SIZE;
1426 break;
1427 case HCI_EVENT_PKT:
1428 len = HCI_MAX_EVENT_SIZE;
1429 hlen = HCI_EVENT_HDR_SIZE;
1430 break;
1431 case HCI_SCODATA_PKT:
1432 len = HCI_MAX_SCO_SIZE;
1433 hlen = HCI_SCO_HDR_SIZE;
1434 break;
1435 }
1436
1437 skb = bt_skb_alloc(len, GFP_ATOMIC);
1438 if (!skb)
1439 return -ENOMEM;
1440
1441 scb = (void *) skb->cb;
1442 scb->expect = hlen;
1443 scb->pkt_type = type;
1444
1445 skb->dev = (void *) hdev;
1446 hdev->reassembly[index] = skb;
1447 }
1448
1449 while (count) {
1450 scb = (void *) skb->cb;
1451 len = min(scb->expect, (__u16)count);
1452
1453 memcpy(skb_put(skb, len), data, len);
1454
1455 count -= len;
1456 data += len;
1457 scb->expect -= len;
1458 remain = count;
1459
1460 switch (type) {
1461 case HCI_EVENT_PKT:
1462 if (skb->len == HCI_EVENT_HDR_SIZE) {
1463 struct hci_event_hdr *h = hci_event_hdr(skb);
1464 scb->expect = h->plen;
1465
1466 if (skb_tailroom(skb) < scb->expect) {
1467 kfree_skb(skb);
1468 hdev->reassembly[index] = NULL;
1469 return -ENOMEM;
1470 }
1471 }
1472 break;
1473
1474 case HCI_ACLDATA_PKT:
1475 if (skb->len == HCI_ACL_HDR_SIZE) {
1476 struct hci_acl_hdr *h = hci_acl_hdr(skb);
1477 scb->expect = __le16_to_cpu(h->dlen);
1478
1479 if (skb_tailroom(skb) < scb->expect) {
1480 kfree_skb(skb);
1481 hdev->reassembly[index] = NULL;
1482 return -ENOMEM;
1483 }
1484 }
1485 break;
1486
1487 case HCI_SCODATA_PKT:
1488 if (skb->len == HCI_SCO_HDR_SIZE) {
1489 struct hci_sco_hdr *h = hci_sco_hdr(skb);
1490 scb->expect = h->dlen;
1491
1492 if (skb_tailroom(skb) < scb->expect) {
1493 kfree_skb(skb);
1494 hdev->reassembly[index] = NULL;
1495 return -ENOMEM;
1496 }
1497 }
1498 break;
1499 }
1500
1501 if (scb->expect == 0) {
1502 /* Complete frame */
1503
1504 bt_cb(skb)->pkt_type = type;
1505 hci_recv_frame(skb);
1506
1507 hdev->reassembly[index] = NULL;
1508 return remain;
1509 }
1510 }
1511
1512 return remain;
1513 }
1514
1515 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1516 {
1517 int rem = 0;
1518
1519 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
1520 return -EILSEQ;
1521
1522 while (count) {
1523 rem = hci_reassembly(hdev, type, data, count, type - 1);
1524 if (rem < 0)
1525 return rem;
1526
1527 data += (count - rem);
1528 count = rem;
1529 };
1530
1531 return rem;
1532 }
1533 EXPORT_SYMBOL(hci_recv_fragment);
1534
1535 #define STREAM_REASSEMBLY 0
1536
1537 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
1538 {
1539 int type;
1540 int rem = 0;
1541
1542 while (count) {
1543 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
1544
1545 if (!skb) {
1546 struct { char type; } *pkt;
1547
1548 /* Start of the frame */
1549 pkt = data;
1550 type = pkt->type;
1551
1552 data++;
1553 count--;
1554 } else
1555 type = bt_cb(skb)->pkt_type;
1556
1557 rem = hci_reassembly(hdev, type, data, count,
1558 STREAM_REASSEMBLY);
1559 if (rem < 0)
1560 return rem;
1561
1562 data += (count - rem);
1563 count = rem;
1564 };
1565
1566 return rem;
1567 }
1568 EXPORT_SYMBOL(hci_recv_stream_fragment);
1569
1570 /* ---- Interface to upper protocols ---- */
1571
1572 /* Register/Unregister protocols.
1573 * hci_task_lock is used to ensure that no tasks are running. */
1574 int hci_register_proto(struct hci_proto *hp)
1575 {
1576 int err = 0;
1577
1578 BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
1579
1580 if (hp->id >= HCI_MAX_PROTO)
1581 return -EINVAL;
1582
1583 write_lock_bh(&hci_task_lock);
1584
1585 if (!hci_proto[hp->id])
1586 hci_proto[hp->id] = hp;
1587 else
1588 err = -EEXIST;
1589
1590 write_unlock_bh(&hci_task_lock);
1591
1592 return err;
1593 }
1594 EXPORT_SYMBOL(hci_register_proto);
1595
1596 int hci_unregister_proto(struct hci_proto *hp)
1597 {
1598 int err = 0;
1599
1600 BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
1601
1602 if (hp->id >= HCI_MAX_PROTO)
1603 return -EINVAL;
1604
1605 write_lock_bh(&hci_task_lock);
1606
1607 if (hci_proto[hp->id])
1608 hci_proto[hp->id] = NULL;
1609 else
1610 err = -ENOENT;
1611
1612 write_unlock_bh(&hci_task_lock);
1613
1614 return err;
1615 }
1616 EXPORT_SYMBOL(hci_unregister_proto);
1617
1618 int hci_register_cb(struct hci_cb *cb)
1619 {
1620 BT_DBG("%p name %s", cb, cb->name);
1621
1622 write_lock_bh(&hci_cb_list_lock);
1623 list_add(&cb->list, &hci_cb_list);
1624 write_unlock_bh(&hci_cb_list_lock);
1625
1626 return 0;
1627 }
1628 EXPORT_SYMBOL(hci_register_cb);
1629
1630 int hci_unregister_cb(struct hci_cb *cb)
1631 {
1632 BT_DBG("%p name %s", cb, cb->name);
1633
1634 write_lock_bh(&hci_cb_list_lock);
1635 list_del(&cb->list);
1636 write_unlock_bh(&hci_cb_list_lock);
1637
1638 return 0;
1639 }
1640 EXPORT_SYMBOL(hci_unregister_cb);
1641
1642 static int hci_send_frame(struct sk_buff *skb)
1643 {
1644 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1645
1646 if (!hdev) {
1647 kfree_skb(skb);
1648 return -ENODEV;
1649 }
1650
1651 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
1652
1653 if (atomic_read(&hdev->promisc)) {
1654 /* Time stamp */
1655 __net_timestamp(skb);
1656
1657 hci_send_to_sock(hdev, skb, NULL);
1658 }
1659
1660 /* Get rid of skb owner, prior to sending to the driver. */
1661 skb_orphan(skb);
1662
1663 return hdev->send(skb);
1664 }
1665
1666 /* Send HCI command */
1667 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
1668 {
1669 int len = HCI_COMMAND_HDR_SIZE + plen;
1670 struct hci_command_hdr *hdr;
1671 struct sk_buff *skb;
1672
1673 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen);
1674
1675 skb = bt_skb_alloc(len, GFP_ATOMIC);
1676 if (!skb) {
1677 BT_ERR("%s no memory for command", hdev->name);
1678 return -ENOMEM;
1679 }
1680
1681 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
1682 hdr->opcode = cpu_to_le16(opcode);
1683 hdr->plen = plen;
1684
1685 if (plen)
1686 memcpy(skb_put(skb, plen), param, plen);
1687
1688 BT_DBG("skb len %d", skb->len);
1689
1690 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
1691 skb->dev = (void *) hdev;
1692
1693 if (test_bit(HCI_INIT, &hdev->flags))
1694 hdev->init_last_cmd = opcode;
1695
1696 skb_queue_tail(&hdev->cmd_q, skb);
1697 tasklet_schedule(&hdev->cmd_task);
1698
1699 return 0;
1700 }
1701
1702 /* Get data from the previously sent command */
1703 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
1704 {
1705 struct hci_command_hdr *hdr;
1706
1707 if (!hdev->sent_cmd)
1708 return NULL;
1709
1710 hdr = (void *) hdev->sent_cmd->data;
1711
1712 if (hdr->opcode != cpu_to_le16(opcode))
1713 return NULL;
1714
1715 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1716
1717 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
1718 }
1719
1720 /* Send ACL data */
1721 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
1722 {
1723 struct hci_acl_hdr *hdr;
1724 int len = skb->len;
1725
1726 skb_push(skb, HCI_ACL_HDR_SIZE);
1727 skb_reset_transport_header(skb);
1728 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
1729 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
1730 hdr->dlen = cpu_to_le16(len);
1731 }
1732
1733 void hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags)
1734 {
1735 struct hci_dev *hdev = conn->hdev;
1736 struct sk_buff *list;
1737
1738 BT_DBG("%s conn %p flags 0x%x", hdev->name, conn, flags);
1739
1740 skb->dev = (void *) hdev;
1741 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1742 hci_add_acl_hdr(skb, conn->handle, flags);
1743
1744 list = skb_shinfo(skb)->frag_list;
1745 if (!list) {
1746 /* Non fragmented */
1747 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
1748
1749 skb_queue_tail(&conn->data_q, skb);
1750 } else {
1751 /* Fragmented */
1752 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1753
1754 skb_shinfo(skb)->frag_list = NULL;
1755
1756 /* Queue all fragments atomically */
1757 spin_lock_bh(&conn->data_q.lock);
1758
1759 __skb_queue_tail(&conn->data_q, skb);
1760
1761 flags &= ~ACL_START;
1762 flags |= ACL_CONT;
1763 do {
1764 skb = list; list = list->next;
1765
1766 skb->dev = (void *) hdev;
1767 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1768 hci_add_acl_hdr(skb, conn->handle, flags);
1769
1770 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1771
1772 __skb_queue_tail(&conn->data_q, skb);
1773 } while (list);
1774
1775 spin_unlock_bh(&conn->data_q.lock);
1776 }
1777
1778 tasklet_schedule(&hdev->tx_task);
1779 }
1780 EXPORT_SYMBOL(hci_send_acl);
1781
1782 /* Send SCO data */
1783 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
1784 {
1785 struct hci_dev *hdev = conn->hdev;
1786 struct hci_sco_hdr hdr;
1787
1788 BT_DBG("%s len %d", hdev->name, skb->len);
1789
1790 hdr.handle = cpu_to_le16(conn->handle);
1791 hdr.dlen = skb->len;
1792
1793 skb_push(skb, HCI_SCO_HDR_SIZE);
1794 skb_reset_transport_header(skb);
1795 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
1796
1797 skb->dev = (void *) hdev;
1798 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
1799
1800 skb_queue_tail(&conn->data_q, skb);
1801 tasklet_schedule(&hdev->tx_task);
1802 }
1803 EXPORT_SYMBOL(hci_send_sco);
1804
1805 /* ---- HCI TX task (outgoing data) ---- */
1806
1807 /* HCI Connection scheduler */
1808 static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
1809 {
1810 struct hci_conn_hash *h = &hdev->conn_hash;
1811 struct hci_conn *conn = NULL;
1812 int num = 0, min = ~0;
1813 struct list_head *p;
1814
1815 /* We don't have to lock device here. Connections are always
1816 * added and removed with TX task disabled. */
1817 list_for_each(p, &h->list) {
1818 struct hci_conn *c;
1819 c = list_entry(p, struct hci_conn, list);
1820
1821 if (c->type != type || skb_queue_empty(&c->data_q))
1822 continue;
1823
1824 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
1825 continue;
1826
1827 num++;
1828
1829 if (c->sent < min) {
1830 min = c->sent;
1831 conn = c;
1832 }
1833 }
1834
1835 if (conn) {
1836 int cnt, q;
1837
1838 switch (conn->type) {
1839 case ACL_LINK:
1840 cnt = hdev->acl_cnt;
1841 break;
1842 case SCO_LINK:
1843 case ESCO_LINK:
1844 cnt = hdev->sco_cnt;
1845 break;
1846 case LE_LINK:
1847 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
1848 break;
1849 default:
1850 cnt = 0;
1851 BT_ERR("Unknown link type");
1852 }
1853
1854 q = cnt / num;
1855 *quote = q ? q : 1;
1856 } else
1857 *quote = 0;
1858
1859 BT_DBG("conn %p quote %d", conn, *quote);
1860 return conn;
1861 }
1862
1863 static inline void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
1864 {
1865 struct hci_conn_hash *h = &hdev->conn_hash;
1866 struct list_head *p;
1867 struct hci_conn *c;
1868
1869 BT_ERR("%s link tx timeout", hdev->name);
1870
1871 /* Kill stalled connections */
1872 list_for_each(p, &h->list) {
1873 c = list_entry(p, struct hci_conn, list);
1874 if (c->type == type && c->sent) {
1875 BT_ERR("%s killing stalled connection %s",
1876 hdev->name, batostr(&c->dst));
1877 hci_acl_disconn(c, 0x13);
1878 }
1879 }
1880 }
1881
1882 static inline void hci_sched_acl(struct hci_dev *hdev)
1883 {
1884 struct hci_conn *conn;
1885 struct sk_buff *skb;
1886 int quote;
1887
1888 BT_DBG("%s", hdev->name);
1889
1890 if (!test_bit(HCI_RAW, &hdev->flags)) {
1891 /* ACL tx timeout must be longer than maximum
1892 * link supervision timeout (40.9 seconds) */
1893 if (!hdev->acl_cnt && time_after(jiffies, hdev->acl_last_tx + HZ * 45))
1894 hci_link_tx_to(hdev, ACL_LINK);
1895 }
1896
1897 while (hdev->acl_cnt && (conn = hci_low_sent(hdev, ACL_LINK, &quote))) {
1898 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
1899 BT_DBG("skb %p len %d", skb, skb->len);
1900
1901 hci_conn_enter_active_mode(conn);
1902
1903 hci_send_frame(skb);
1904 hdev->acl_last_tx = jiffies;
1905
1906 hdev->acl_cnt--;
1907 conn->sent++;
1908 }
1909 }
1910 }
1911
1912 /* Schedule SCO */
1913 static inline void hci_sched_sco(struct hci_dev *hdev)
1914 {
1915 struct hci_conn *conn;
1916 struct sk_buff *skb;
1917 int quote;
1918
1919 BT_DBG("%s", hdev->name);
1920
1921 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, &quote))) {
1922 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
1923 BT_DBG("skb %p len %d", skb, skb->len);
1924 hci_send_frame(skb);
1925
1926 conn->sent++;
1927 if (conn->sent == ~0)
1928 conn->sent = 0;
1929 }
1930 }
1931 }
1932
1933 static inline void hci_sched_esco(struct hci_dev *hdev)
1934 {
1935 struct hci_conn *conn;
1936 struct sk_buff *skb;
1937 int quote;
1938
1939 BT_DBG("%s", hdev->name);
1940
1941 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, &quote))) {
1942 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
1943 BT_DBG("skb %p len %d", skb, skb->len);
1944 hci_send_frame(skb);
1945
1946 conn->sent++;
1947 if (conn->sent == ~0)
1948 conn->sent = 0;
1949 }
1950 }
1951 }
1952
1953 static inline void hci_sched_le(struct hci_dev *hdev)
1954 {
1955 struct hci_conn *conn;
1956 struct sk_buff *skb;
1957 int quote, cnt;
1958
1959 BT_DBG("%s", hdev->name);
1960
1961 if (!test_bit(HCI_RAW, &hdev->flags)) {
1962 /* LE tx timeout must be longer than maximum
1963 * link supervision timeout (40.9 seconds) */
1964 if (!hdev->le_cnt && hdev->le_pkts &&
1965 time_after(jiffies, hdev->le_last_tx + HZ * 45))
1966 hci_link_tx_to(hdev, LE_LINK);
1967 }
1968
1969 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
1970 while (cnt && (conn = hci_low_sent(hdev, LE_LINK, &quote))) {
1971 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
1972 BT_DBG("skb %p len %d", skb, skb->len);
1973
1974 hci_send_frame(skb);
1975 hdev->le_last_tx = jiffies;
1976
1977 cnt--;
1978 conn->sent++;
1979 }
1980 }
1981 if (hdev->le_pkts)
1982 hdev->le_cnt = cnt;
1983 else
1984 hdev->acl_cnt = cnt;
1985 }
1986
1987 static void hci_tx_task(unsigned long arg)
1988 {
1989 struct hci_dev *hdev = (struct hci_dev *) arg;
1990 struct sk_buff *skb;
1991
1992 read_lock(&hci_task_lock);
1993
1994 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
1995 hdev->sco_cnt, hdev->le_cnt);
1996
1997 /* Schedule queues and send stuff to HCI driver */
1998
1999 hci_sched_acl(hdev);
2000
2001 hci_sched_sco(hdev);
2002
2003 hci_sched_esco(hdev);
2004
2005 hci_sched_le(hdev);
2006
2007 /* Send next queued raw (unknown type) packet */
2008 while ((skb = skb_dequeue(&hdev->raw_q)))
2009 hci_send_frame(skb);
2010
2011 read_unlock(&hci_task_lock);
2012 }
2013
2014 /* ----- HCI RX task (incoming data processing) ----- */
2015
2016 /* ACL data packet */
2017 static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2018 {
2019 struct hci_acl_hdr *hdr = (void *) skb->data;
2020 struct hci_conn *conn;
2021 __u16 handle, flags;
2022
2023 skb_pull(skb, HCI_ACL_HDR_SIZE);
2024
2025 handle = __le16_to_cpu(hdr->handle);
2026 flags = hci_flags(handle);
2027 handle = hci_handle(handle);
2028
2029 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
2030
2031 hdev->stat.acl_rx++;
2032
2033 hci_dev_lock(hdev);
2034 conn = hci_conn_hash_lookup_handle(hdev, handle);
2035 hci_dev_unlock(hdev);
2036
2037 if (conn) {
2038 register struct hci_proto *hp;
2039
2040 hci_conn_enter_active_mode(conn);
2041
2042 /* Send to upper protocol */
2043 hp = hci_proto[HCI_PROTO_L2CAP];
2044 if (hp && hp->recv_acldata) {
2045 hp->recv_acldata(conn, skb, flags);
2046 return;
2047 }
2048 } else {
2049 BT_ERR("%s ACL packet for unknown connection handle %d",
2050 hdev->name, handle);
2051 }
2052
2053 kfree_skb(skb);
2054 }
2055
2056 /* SCO data packet */
2057 static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2058 {
2059 struct hci_sco_hdr *hdr = (void *) skb->data;
2060 struct hci_conn *conn;
2061 __u16 handle;
2062
2063 skb_pull(skb, HCI_SCO_HDR_SIZE);
2064
2065 handle = __le16_to_cpu(hdr->handle);
2066
2067 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
2068
2069 hdev->stat.sco_rx++;
2070
2071 hci_dev_lock(hdev);
2072 conn = hci_conn_hash_lookup_handle(hdev, handle);
2073 hci_dev_unlock(hdev);
2074
2075 if (conn) {
2076 register struct hci_proto *hp;
2077
2078 /* Send to upper protocol */
2079 hp = hci_proto[HCI_PROTO_SCO];
2080 if (hp && hp->recv_scodata) {
2081 hp->recv_scodata(conn, skb);
2082 return;
2083 }
2084 } else {
2085 BT_ERR("%s SCO packet for unknown connection handle %d",
2086 hdev->name, handle);
2087 }
2088
2089 kfree_skb(skb);
2090 }
2091
2092 static void hci_rx_task(unsigned long arg)
2093 {
2094 struct hci_dev *hdev = (struct hci_dev *) arg;
2095 struct sk_buff *skb;
2096
2097 BT_DBG("%s", hdev->name);
2098
2099 read_lock(&hci_task_lock);
2100
2101 while ((skb = skb_dequeue(&hdev->rx_q))) {
2102 if (atomic_read(&hdev->promisc)) {
2103 /* Send copy to the sockets */
2104 hci_send_to_sock(hdev, skb, NULL);
2105 }
2106
2107 if (test_bit(HCI_RAW, &hdev->flags)) {
2108 kfree_skb(skb);
2109 continue;
2110 }
2111
2112 if (test_bit(HCI_INIT, &hdev->flags)) {
2113 /* Don't process data packets in this states. */
2114 switch (bt_cb(skb)->pkt_type) {
2115 case HCI_ACLDATA_PKT:
2116 case HCI_SCODATA_PKT:
2117 kfree_skb(skb);
2118 continue;
2119 }
2120 }
2121
2122 /* Process frame */
2123 switch (bt_cb(skb)->pkt_type) {
2124 case HCI_EVENT_PKT:
2125 hci_event_packet(hdev, skb);
2126 break;
2127
2128 case HCI_ACLDATA_PKT:
2129 BT_DBG("%s ACL data packet", hdev->name);
2130 hci_acldata_packet(hdev, skb);
2131 break;
2132
2133 case HCI_SCODATA_PKT:
2134 BT_DBG("%s SCO data packet", hdev->name);
2135 hci_scodata_packet(hdev, skb);
2136 break;
2137
2138 default:
2139 kfree_skb(skb);
2140 break;
2141 }
2142 }
2143
2144 read_unlock(&hci_task_lock);
2145 }
2146
2147 static void hci_cmd_task(unsigned long arg)
2148 {
2149 struct hci_dev *hdev = (struct hci_dev *) arg;
2150 struct sk_buff *skb;
2151
2152 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
2153
2154 /* Send queued commands */
2155 if (atomic_read(&hdev->cmd_cnt)) {
2156 skb = skb_dequeue(&hdev->cmd_q);
2157 if (!skb)
2158 return;
2159
2160 kfree_skb(hdev->sent_cmd);
2161
2162 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
2163 if (hdev->sent_cmd) {
2164 atomic_dec(&hdev->cmd_cnt);
2165 hci_send_frame(skb);
2166 mod_timer(&hdev->cmd_timer,
2167 jiffies + msecs_to_jiffies(HCI_CMD_TIMEOUT));
2168 } else {
2169 skb_queue_head(&hdev->cmd_q, skb);
2170 tasklet_schedule(&hdev->cmd_task);
2171 }
2172 }
2173 }
Linux with added FPC-III support