search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'v3.3.7' into 3.3/master
[zen-stable.git] / net / bluetooth / hci_core.c
blob9a014511223c7a67b8a9ee51d61c6b8290934714
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
5
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
11
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
24 */
25
26 /* Bluetooth HCI core. */
27
28 #include <linux/jiffies.h>
29 #include <linux/module.h>
30 #include <linux/kmod.h>
31
32 #include <linux/types.h>
33 #include <linux/errno.h>
34 #include <linux/kernel.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/fcntl.h>
39 #include <linux/init.h>
40 #include <linux/skbuff.h>
41 #include <linux/workqueue.h>
42 #include <linux/interrupt.h>
43 #include <linux/notifier.h>
44 #include <linux/rfkill.h>
45 #include <linux/timer.h>
46 #include <linux/crypto.h>
47 #include <net/sock.h>
48
49 #include <asm/system.h>
50 #include <linux/uaccess.h>
51 #include <asm/unaligned.h>
52
53 #include <net/bluetooth/bluetooth.h>
54 #include <net/bluetooth/hci_core.h>
55
56 #define AUTO_OFF_TIMEOUT 2000
57
58 bool enable_hs;
59
60 static void hci_rx_work(struct work_struct *work);
61 static void hci_cmd_work(struct work_struct *work);
62 static void hci_tx_work(struct work_struct *work);
63
64 /* HCI device list */
65 LIST_HEAD(hci_dev_list);
66 DEFINE_RWLOCK(hci_dev_list_lock);
67
68 /* HCI callback list */
69 LIST_HEAD(hci_cb_list);
70 DEFINE_RWLOCK(hci_cb_list_lock);
71
72 /* HCI notifiers list */
73 static ATOMIC_NOTIFIER_HEAD(hci_notifier);
74
75 /* ---- HCI notifications ---- */
76
77 int hci_register_notifier(struct notifier_block *nb)
78 {
79 return atomic_notifier_chain_register(&hci_notifier, nb);
80 }
81
82 int hci_unregister_notifier(struct notifier_block *nb)
83 {
84 return atomic_notifier_chain_unregister(&hci_notifier, nb);
85 }
86
87 static void hci_notify(struct hci_dev *hdev, int event)
88 {
89 atomic_notifier_call_chain(&hci_notifier, event, hdev);
90 }
91
92 /* ---- HCI requests ---- */
93
94 void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
95 {
96 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result);
97
98 /* If this is the init phase check if the completed command matches
99 * the last init command, and if not just return.
100 */
101 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd)
102 return;
103
104 if (hdev->req_status == HCI_REQ_PEND) {
105 hdev->req_result = result;
106 hdev->req_status = HCI_REQ_DONE;
107 wake_up_interruptible(&hdev->req_wait_q);
108 }
109 }
110
111 static void hci_req_cancel(struct hci_dev *hdev, int err)
112 {
113 BT_DBG("%s err 0x%2.2x", hdev->name, err);
114
115 if (hdev->req_status == HCI_REQ_PEND) {
116 hdev->req_result = err;
117 hdev->req_status = HCI_REQ_CANCELED;
118 wake_up_interruptible(&hdev->req_wait_q);
119 }
120 }
121
122 /* Execute request and wait for completion. */
123 static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
124 unsigned long opt, __u32 timeout)
125 {
126 DECLARE_WAITQUEUE(wait, current);
127 int err = 0;
128
129 BT_DBG("%s start", hdev->name);
130
131 hdev->req_status = HCI_REQ_PEND;
132
133 add_wait_queue(&hdev->req_wait_q, &wait);
134 set_current_state(TASK_INTERRUPTIBLE);
135
136 req(hdev, opt);
137 schedule_timeout(timeout);
138
139 remove_wait_queue(&hdev->req_wait_q, &wait);
140
141 if (signal_pending(current))
142 return -EINTR;
143
144 switch (hdev->req_status) {
145 case HCI_REQ_DONE:
146 err = -bt_to_errno(hdev->req_result);
147 break;
148
149 case HCI_REQ_CANCELED:
150 err = -hdev->req_result;
151 break;
152
153 default:
154 err = -ETIMEDOUT;
155 break;
156 }
157
158 hdev->req_status = hdev->req_result = 0;
159
160 BT_DBG("%s end: err %d", hdev->name, err);
161
162 return err;
163 }
164
165 static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
166 unsigned long opt, __u32 timeout)
167 {
168 int ret;
169
170 if (!test_bit(HCI_UP, &hdev->flags))
171 return -ENETDOWN;
172
173 /* Serialize all requests */
174 hci_req_lock(hdev);
175 ret = __hci_request(hdev, req, opt, timeout);
176 hci_req_unlock(hdev);
177
178 return ret;
179 }
180
181 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
182 {
183 BT_DBG("%s %ld", hdev->name, opt);
184
185 /* Reset device */
186 set_bit(HCI_RESET, &hdev->flags);
187 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
188 }
189
190 static void bredr_init(struct hci_dev *hdev)
191 {
192 struct hci_cp_delete_stored_link_key cp;
193 __le16 param;
194 __u8 flt_type;
195
196 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
197
198 /* Mandatory initialization */
199
200 /* Reset */
201 if (!test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
202 set_bit(HCI_RESET, &hdev->flags);
203 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
204 }
205
206 /* Read Local Supported Features */
207 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
208
209 /* Read Local Version */
210 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
211
212 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
213 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
214
215 /* Read BD Address */
216 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
217
218 /* Read Class of Device */
219 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
220
221 /* Read Local Name */
222 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
223
224 /* Read Voice Setting */
225 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
226
227 /* Optional initialization */
228
229 /* Clear Event Filters */
230 flt_type = HCI_FLT_CLEAR_ALL;
231 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
232
233 /* Connection accept timeout ~20 secs */
234 param = cpu_to_le16(0x7d00);
235 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
236
237 bacpy(&cp.bdaddr, BDADDR_ANY);
238 cp.delete_all = 1;
239 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
240 }
241
242 static void amp_init(struct hci_dev *hdev)
243 {
244 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
245
246 /* Reset */
247 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
248
249 /* Read Local Version */
250 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
251 }
252
253 static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
254 {
255 struct sk_buff *skb;
256
257 BT_DBG("%s %ld", hdev->name, opt);
258
259 /* Driver initialization */
260
261 /* Special commands */
262 while ((skb = skb_dequeue(&hdev->driver_init))) {
263 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
264 skb->dev = (void *) hdev;
265
266 skb_queue_tail(&hdev->cmd_q, skb);
267 queue_work(hdev->workqueue, &hdev->cmd_work);
268 }
269 skb_queue_purge(&hdev->driver_init);
270
271 switch (hdev->dev_type) {
272 case HCI_BREDR:
273 bredr_init(hdev);
274 break;
275
276 case HCI_AMP:
277 amp_init(hdev);
278 break;
279
280 default:
281 BT_ERR("Unknown device type %d", hdev->dev_type);
282 break;
283 }
284
285 }
286
287 static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt)
288 {
289 BT_DBG("%s", hdev->name);
290
291 /* Read LE buffer size */
292 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
293 }
294
295 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
296 {
297 __u8 scan = opt;
298
299 BT_DBG("%s %x", hdev->name, scan);
300
301 /* Inquiry and Page scans */
302 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
303 }
304
305 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
306 {
307 __u8 auth = opt;
308
309 BT_DBG("%s %x", hdev->name, auth);
310
311 /* Authentication */
312 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
313 }
314
315 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
316 {
317 __u8 encrypt = opt;
318
319 BT_DBG("%s %x", hdev->name, encrypt);
320
321 /* Encryption */
322 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
323 }
324
325 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
326 {
327 __le16 policy = cpu_to_le16(opt);
328
329 BT_DBG("%s %x", hdev->name, policy);
330
331 /* Default link policy */
332 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
333 }
334
335 /* Get HCI device by index.
336 * Device is held on return. */
337 struct hci_dev *hci_dev_get(int index)
338 {
339 struct hci_dev *hdev = NULL, *d;
340
341 BT_DBG("%d", index);
342
343 if (index < 0)
344 return NULL;
345
346 read_lock(&hci_dev_list_lock);
347 list_for_each_entry(d, &hci_dev_list, list) {
348 if (d->id == index) {
349 hdev = hci_dev_hold(d);
350 break;
351 }
352 }
353 read_unlock(&hci_dev_list_lock);
354 return hdev;
355 }
356
357 /* ---- Inquiry support ---- */
358 static void inquiry_cache_flush(struct hci_dev *hdev)
359 {
360 struct inquiry_cache *cache = &hdev->inq_cache;
361 struct inquiry_entry *next = cache->list, *e;
362
363 BT_DBG("cache %p", cache);
364
365 cache->list = NULL;
366 while ((e = next)) {
367 next = e->next;
368 kfree(e);
369 }
370 }
371
372 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
373 {
374 struct inquiry_cache *cache = &hdev->inq_cache;
375 struct inquiry_entry *e;
376
377 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
378
379 for (e = cache->list; e; e = e->next)
380 if (!bacmp(&e->data.bdaddr, bdaddr))
381 break;
382 return e;
383 }
384
385 void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data)
386 {
387 struct inquiry_cache *cache = &hdev->inq_cache;
388 struct inquiry_entry *ie;
389
390 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
391
392 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
393 if (!ie) {
394 /* Entry not in the cache. Add new one. */
395 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
396 if (!ie)
397 return;
398
399 ie->next = cache->list;
400 cache->list = ie;
401 }
402
403 memcpy(&ie->data, data, sizeof(*data));
404 ie->timestamp = jiffies;
405 cache->timestamp = jiffies;
406 }
407
408 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
409 {
410 struct inquiry_cache *cache = &hdev->inq_cache;
411 struct inquiry_info *info = (struct inquiry_info *) buf;
412 struct inquiry_entry *e;
413 int copied = 0;
414
415 for (e = cache->list; e && copied < num; e = e->next, copied++) {
416 struct inquiry_data *data = &e->data;
417 bacpy(&info->bdaddr, &data->bdaddr);
418 info->pscan_rep_mode = data->pscan_rep_mode;
419 info->pscan_period_mode = data->pscan_period_mode;
420 info->pscan_mode = data->pscan_mode;
421 memcpy(info->dev_class, data->dev_class, 3);
422 info->clock_offset = data->clock_offset;
423 info++;
424 }
425
426 BT_DBG("cache %p, copied %d", cache, copied);
427 return copied;
428 }
429
430 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
431 {
432 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
433 struct hci_cp_inquiry cp;
434
435 BT_DBG("%s", hdev->name);
436
437 if (test_bit(HCI_INQUIRY, &hdev->flags))
438 return;
439
440 /* Start Inquiry */
441 memcpy(&cp.lap, &ir->lap, 3);
442 cp.length = ir->length;
443 cp.num_rsp = ir->num_rsp;
444 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
445 }
446
447 int hci_inquiry(void __user *arg)
448 {
449 __u8 __user *ptr = arg;
450 struct hci_inquiry_req ir;
451 struct hci_dev *hdev;
452 int err = 0, do_inquiry = 0, max_rsp;
453 long timeo;
454 __u8 *buf;
455
456 if (copy_from_user(&ir, ptr, sizeof(ir)))
457 return -EFAULT;
458
459 hdev = hci_dev_get(ir.dev_id);
460 if (!hdev)
461 return -ENODEV;
462
463 hci_dev_lock(hdev);
464 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
465 inquiry_cache_empty(hdev) ||
466 ir.flags & IREQ_CACHE_FLUSH) {
467 inquiry_cache_flush(hdev);
468 do_inquiry = 1;
469 }
470 hci_dev_unlock(hdev);
471
472 timeo = ir.length * msecs_to_jiffies(2000);
473
474 if (do_inquiry) {
475 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
476 if (err < 0)
477 goto done;
478 }
479
480 /* for unlimited number of responses we will use buffer with 255 entries */
481 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
482
483 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
484 * copy it to the user space.
485 */
486 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
487 if (!buf) {
488 err = -ENOMEM;
489 goto done;
490 }
491
492 hci_dev_lock(hdev);
493 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
494 hci_dev_unlock(hdev);
495
496 BT_DBG("num_rsp %d", ir.num_rsp);
497
498 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
499 ptr += sizeof(ir);
500 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
501 ir.num_rsp))
502 err = -EFAULT;
503 } else
504 err = -EFAULT;
505
506 kfree(buf);
507
508 done:
509 hci_dev_put(hdev);
510 return err;
511 }
512
513 /* ---- HCI ioctl helpers ---- */
514
515 int hci_dev_open(__u16 dev)
516 {
517 struct hci_dev *hdev;
518 int ret = 0;
519
520 hdev = hci_dev_get(dev);
521 if (!hdev)
522 return -ENODEV;
523
524 BT_DBG("%s %p", hdev->name, hdev);
525
526 hci_req_lock(hdev);
527
528 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
529 ret = -ENODEV;
530 goto done;
531 }
532
533 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
534 ret = -ERFKILL;
535 goto done;
536 }
537
538 if (test_bit(HCI_UP, &hdev->flags)) {
539 ret = -EALREADY;
540 goto done;
541 }
542
543 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
544 set_bit(HCI_RAW, &hdev->flags);
545
546 /* Treat all non BR/EDR controllers as raw devices if
547 enable_hs is not set */
548 if (hdev->dev_type != HCI_BREDR && !enable_hs)
549 set_bit(HCI_RAW, &hdev->flags);
550
551 if (hdev->open(hdev)) {
552 ret = -EIO;
553 goto done;
554 }
555
556 if (!test_bit(HCI_RAW, &hdev->flags)) {
557 atomic_set(&hdev->cmd_cnt, 1);
558 set_bit(HCI_INIT, &hdev->flags);
559 hdev->init_last_cmd = 0;
560
561 ret = __hci_request(hdev, hci_init_req, 0,
562 msecs_to_jiffies(HCI_INIT_TIMEOUT));
563
564 if (lmp_host_le_capable(hdev))
565 ret = __hci_request(hdev, hci_le_init_req, 0,
566 msecs_to_jiffies(HCI_INIT_TIMEOUT));
567
568 clear_bit(HCI_INIT, &hdev->flags);
569 }
570
571 if (!ret) {
572 hci_dev_hold(hdev);
573 set_bit(HCI_UP, &hdev->flags);
574 hci_notify(hdev, HCI_DEV_UP);
575 if (!test_bit(HCI_SETUP, &hdev->flags)) {
576 hci_dev_lock(hdev);
577 mgmt_powered(hdev, 1);
578 hci_dev_unlock(hdev);
579 }
580 } else {
581 /* Init failed, cleanup */
582 flush_work(&hdev->tx_work);
583 flush_work(&hdev->cmd_work);
584 flush_work(&hdev->rx_work);
585
586 skb_queue_purge(&hdev->cmd_q);
587 skb_queue_purge(&hdev->rx_q);
588
589 if (hdev->flush)
590 hdev->flush(hdev);
591
592 if (hdev->sent_cmd) {
593 kfree_skb(hdev->sent_cmd);
594 hdev->sent_cmd = NULL;
595 }
596
597 hdev->close(hdev);
598 hdev->flags = 0;
599 }
600
601 done:
602 hci_req_unlock(hdev);
603 hci_dev_put(hdev);
604 return ret;
605 }
606
607 static int hci_dev_do_close(struct hci_dev *hdev)
608 {
609 BT_DBG("%s %p", hdev->name, hdev);
610
611 hci_req_cancel(hdev, ENODEV);
612 hci_req_lock(hdev);
613
614 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
615 del_timer_sync(&hdev->cmd_timer);
616 hci_req_unlock(hdev);
617 return 0;
618 }
619
620 /* Flush RX and TX works */
621 flush_work(&hdev->tx_work);
622 flush_work(&hdev->rx_work);
623
624 if (hdev->discov_timeout > 0) {
625 cancel_delayed_work(&hdev->discov_off);
626 hdev->discov_timeout = 0;
627 }
628
629 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
630 cancel_delayed_work(&hdev->power_off);
631
632 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->flags))
633 cancel_delayed_work(&hdev->service_cache);
634
635 hci_dev_lock(hdev);
636 inquiry_cache_flush(hdev);
637 hci_conn_hash_flush(hdev);
638 hci_dev_unlock(hdev);
639
640 hci_notify(hdev, HCI_DEV_DOWN);
641
642 if (hdev->flush)
643 hdev->flush(hdev);
644
645 /* Reset device */
646 skb_queue_purge(&hdev->cmd_q);
647 atomic_set(&hdev->cmd_cnt, 1);
648 if (!test_bit(HCI_RAW, &hdev->flags) &&
649 test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
650 set_bit(HCI_INIT, &hdev->flags);
651 __hci_request(hdev, hci_reset_req, 0,
652 msecs_to_jiffies(250));
653 clear_bit(HCI_INIT, &hdev->flags);
654 }
655
656 /* flush cmd work */
657 flush_work(&hdev->cmd_work);
658
659 /* Drop queues */
660 skb_queue_purge(&hdev->rx_q);
661 skb_queue_purge(&hdev->cmd_q);
662 skb_queue_purge(&hdev->raw_q);
663
664 /* Drop last sent command */
665 if (hdev->sent_cmd) {
666 del_timer_sync(&hdev->cmd_timer);
667 kfree_skb(hdev->sent_cmd);
668 hdev->sent_cmd = NULL;
669 }
670
671 /* After this point our queues are empty
672 * and no tasks are scheduled. */
673 hdev->close(hdev);
674
675 hci_dev_lock(hdev);
676 mgmt_powered(hdev, 0);
677 hci_dev_unlock(hdev);
678
679 /* Clear flags */
680 hdev->flags = 0;
681
682 hci_req_unlock(hdev);
683
684 hci_dev_put(hdev);
685 return 0;
686 }
687
688 int hci_dev_close(__u16 dev)
689 {
690 struct hci_dev *hdev;
691 int err;
692
693 hdev = hci_dev_get(dev);
694 if (!hdev)
695 return -ENODEV;
696 err = hci_dev_do_close(hdev);
697 hci_dev_put(hdev);
698 return err;
699 }
700
701 int hci_dev_reset(__u16 dev)
702 {
703 struct hci_dev *hdev;
704 int ret = 0;
705
706 hdev = hci_dev_get(dev);
707 if (!hdev)
708 return -ENODEV;
709
710 hci_req_lock(hdev);
711
712 if (!test_bit(HCI_UP, &hdev->flags))
713 goto done;
714
715 /* Drop queues */
716 skb_queue_purge(&hdev->rx_q);
717 skb_queue_purge(&hdev->cmd_q);
718
719 hci_dev_lock(hdev);
720 inquiry_cache_flush(hdev);
721 hci_conn_hash_flush(hdev);
722 hci_dev_unlock(hdev);
723
724 if (hdev->flush)
725 hdev->flush(hdev);
726
727 atomic_set(&hdev->cmd_cnt, 1);
728 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
729
730 if (!test_bit(HCI_RAW, &hdev->flags))
731 ret = __hci_request(hdev, hci_reset_req, 0,
732 msecs_to_jiffies(HCI_INIT_TIMEOUT));
733
734 done:
735 hci_req_unlock(hdev);
736 hci_dev_put(hdev);
737 return ret;
738 }
739
740 int hci_dev_reset_stat(__u16 dev)
741 {
742 struct hci_dev *hdev;
743 int ret = 0;
744
745 hdev = hci_dev_get(dev);
746 if (!hdev)
747 return -ENODEV;
748
749 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
750
751 hci_dev_put(hdev);
752
753 return ret;
754 }
755
756 int hci_dev_cmd(unsigned int cmd, void __user *arg)
757 {
758 struct hci_dev *hdev;
759 struct hci_dev_req dr;
760 int err = 0;
761
762 if (copy_from_user(&dr, arg, sizeof(dr)))
763 return -EFAULT;
764
765 hdev = hci_dev_get(dr.dev_id);
766 if (!hdev)
767 return -ENODEV;
768
769 switch (cmd) {
770 case HCISETAUTH:
771 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
772 msecs_to_jiffies(HCI_INIT_TIMEOUT));
773 break;
774
775 case HCISETENCRYPT:
776 if (!lmp_encrypt_capable(hdev)) {
777 err = -EOPNOTSUPP;
778 break;
779 }
780
781 if (!test_bit(HCI_AUTH, &hdev->flags)) {
782 /* Auth must be enabled first */
783 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
784 msecs_to_jiffies(HCI_INIT_TIMEOUT));
785 if (err)
786 break;
787 }
788
789 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
790 msecs_to_jiffies(HCI_INIT_TIMEOUT));
791 break;
792
793 case HCISETSCAN:
794 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
795 msecs_to_jiffies(HCI_INIT_TIMEOUT));
796 break;
797
798 case HCISETLINKPOL:
799 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
800 msecs_to_jiffies(HCI_INIT_TIMEOUT));
801 break;
802
803 case HCISETLINKMODE:
804 hdev->link_mode = ((__u16) dr.dev_opt) &
805 (HCI_LM_MASTER | HCI_LM_ACCEPT);
806 break;
807
808 case HCISETPTYPE:
809 hdev->pkt_type = (__u16) dr.dev_opt;
810 break;
811
812 case HCISETACLMTU:
813 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
814 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
815 break;
816
817 case HCISETSCOMTU:
818 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
819 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
820 break;
821
822 default:
823 err = -EINVAL;
824 break;
825 }
826
827 hci_dev_put(hdev);
828 return err;
829 }
830
831 int hci_get_dev_list(void __user *arg)
832 {
833 struct hci_dev *hdev;
834 struct hci_dev_list_req *dl;
835 struct hci_dev_req *dr;
836 int n = 0, size, err;
837 __u16 dev_num;
838
839 if (get_user(dev_num, (__u16 __user *) arg))
840 return -EFAULT;
841
842 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
843 return -EINVAL;
844
845 size = sizeof(*dl) + dev_num * sizeof(*dr);
846
847 dl = kzalloc(size, GFP_KERNEL);
848 if (!dl)
849 return -ENOMEM;
850
851 dr = dl->dev_req;
852
853 read_lock(&hci_dev_list_lock);
854 list_for_each_entry(hdev, &hci_dev_list, list) {
855 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
856 cancel_delayed_work(&hdev->power_off);
857
858 if (!test_bit(HCI_MGMT, &hdev->flags))
859 set_bit(HCI_PAIRABLE, &hdev->flags);
860
861 (dr + n)->dev_id = hdev->id;
862 (dr + n)->dev_opt = hdev->flags;
863
864 if (++n >= dev_num)
865 break;
866 }
867 read_unlock(&hci_dev_list_lock);
868
869 dl->dev_num = n;
870 size = sizeof(*dl) + n * sizeof(*dr);
871
872 err = copy_to_user(arg, dl, size);
873 kfree(dl);
874
875 return err ? -EFAULT : 0;
876 }
877
878 int hci_get_dev_info(void __user *arg)
879 {
880 struct hci_dev *hdev;
881 struct hci_dev_info di;
882 int err = 0;
883
884 if (copy_from_user(&di, arg, sizeof(di)))
885 return -EFAULT;
886
887 hdev = hci_dev_get(di.dev_id);
888 if (!hdev)
889 return -ENODEV;
890
891 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
892 cancel_delayed_work_sync(&hdev->power_off);
893
894 if (!test_bit(HCI_MGMT, &hdev->flags))
895 set_bit(HCI_PAIRABLE, &hdev->flags);
896
897 strcpy(di.name, hdev->name);
898 di.bdaddr = hdev->bdaddr;
899 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
900 di.flags = hdev->flags;
901 di.pkt_type = hdev->pkt_type;
902 di.acl_mtu = hdev->acl_mtu;
903 di.acl_pkts = hdev->acl_pkts;
904 di.sco_mtu = hdev->sco_mtu;
905 di.sco_pkts = hdev->sco_pkts;
906 di.link_policy = hdev->link_policy;
907 di.link_mode = hdev->link_mode;
908
909 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
910 memcpy(&di.features, &hdev->features, sizeof(di.features));
911
912 if (copy_to_user(arg, &di, sizeof(di)))
913 err = -EFAULT;
914
915 hci_dev_put(hdev);
916
917 return err;
918 }
919
920 /* ---- Interface to HCI drivers ---- */
921
922 static int hci_rfkill_set_block(void *data, bool blocked)
923 {
924 struct hci_dev *hdev = data;
925
926 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
927
928 if (!blocked)
929 return 0;
930
931 hci_dev_do_close(hdev);
932
933 return 0;
934 }
935
936 static const struct rfkill_ops hci_rfkill_ops = {
937 .set_block = hci_rfkill_set_block,
938 };
939
940 /* Alloc HCI device */
941 struct hci_dev *hci_alloc_dev(void)
942 {
943 struct hci_dev *hdev;
944
945 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
946 if (!hdev)
947 return NULL;
948
949 hci_init_sysfs(hdev);
950 skb_queue_head_init(&hdev->driver_init);
951
952 return hdev;
953 }
954 EXPORT_SYMBOL(hci_alloc_dev);
955
956 /* Free HCI device */
957 void hci_free_dev(struct hci_dev *hdev)
958 {
959 skb_queue_purge(&hdev->driver_init);
960
961 /* will free via device release */
962 put_device(&hdev->dev);
963 }
964 EXPORT_SYMBOL(hci_free_dev);
965
966 static void hci_power_on(struct work_struct *work)
967 {
968 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
969
970 BT_DBG("%s", hdev->name);
971
972 if (hci_dev_open(hdev->id) < 0)
973 return;
974
975 if (test_bit(HCI_AUTO_OFF, &hdev->flags))
976 schedule_delayed_work(&hdev->power_off,
977 msecs_to_jiffies(AUTO_OFF_TIMEOUT));
978
979 if (test_and_clear_bit(HCI_SETUP, &hdev->flags))
980 mgmt_index_added(hdev);
981 }
982
983 static void hci_power_off(struct work_struct *work)
984 {
985 struct hci_dev *hdev = container_of(work, struct hci_dev,
986 power_off.work);
987
988 BT_DBG("%s", hdev->name);
989
990 clear_bit(HCI_AUTO_OFF, &hdev->flags);
991
992 hci_dev_close(hdev->id);
993 }
994
995 static void hci_discov_off(struct work_struct *work)
996 {
997 struct hci_dev *hdev;
998 u8 scan = SCAN_PAGE;
999
1000 hdev = container_of(work, struct hci_dev, discov_off.work);
1001
1002 BT_DBG("%s", hdev->name);
1003
1004 hci_dev_lock(hdev);
1005
1006 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1007
1008 hdev->discov_timeout = 0;
1009
1010 hci_dev_unlock(hdev);
1011 }
1012
1013 int hci_uuids_clear(struct hci_dev *hdev)
1014 {
1015 struct list_head *p, *n;
1016
1017 list_for_each_safe(p, n, &hdev->uuids) {
1018 struct bt_uuid *uuid;
1019
1020 uuid = list_entry(p, struct bt_uuid, list);
1021
1022 list_del(p);
1023 kfree(uuid);
1024 }
1025
1026 return 0;
1027 }
1028
1029 int hci_link_keys_clear(struct hci_dev *hdev)
1030 {
1031 struct list_head *p, *n;
1032
1033 list_for_each_safe(p, n, &hdev->link_keys) {
1034 struct link_key *key;
1035
1036 key = list_entry(p, struct link_key, list);
1037
1038 list_del(p);
1039 kfree(key);
1040 }
1041
1042 return 0;
1043 }
1044
1045 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1046 {
1047 struct link_key *k;
1048
1049 list_for_each_entry(k, &hdev->link_keys, list)
1050 if (bacmp(bdaddr, &k->bdaddr) == 0)
1051 return k;
1052
1053 return NULL;
1054 }
1055
1056 static int hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1057 u8 key_type, u8 old_key_type)
1058 {
1059 /* Legacy key */
1060 if (key_type < 0x03)
1061 return 1;
1062
1063 /* Debug keys are insecure so don't store them persistently */
1064 if (key_type == HCI_LK_DEBUG_COMBINATION)
1065 return 0;
1066
1067 /* Changed combination key and there's no previous one */
1068 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1069 return 0;
1070
1071 /* Security mode 3 case */
1072 if (!conn)
1073 return 1;
1074
1075 /* Neither local nor remote side had no-bonding as requirement */
1076 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1077 return 1;
1078
1079 /* Local side had dedicated bonding as requirement */
1080 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1081 return 1;
1082
1083 /* Remote side had dedicated bonding as requirement */
1084 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1085 return 1;
1086
1087 /* If none of the above criteria match, then don't store the key
1088 * persistently */
1089 return 0;
1090 }
1091
1092 struct link_key *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1093 {
1094 struct link_key *k;
1095
1096 list_for_each_entry(k, &hdev->link_keys, list) {
1097 struct key_master_id *id;
1098
1099 if (k->type != HCI_LK_SMP_LTK)
1100 continue;
1101
1102 if (k->dlen != sizeof(*id))
1103 continue;
1104
1105 id = (void *) &k->data;
1106 if (id->ediv == ediv &&
1107 (memcmp(rand, id->rand, sizeof(id->rand)) == 0))
1108 return k;
1109 }
1110
1111 return NULL;
1112 }
1113 EXPORT_SYMBOL(hci_find_ltk);
1114
1115 struct link_key *hci_find_link_key_type(struct hci_dev *hdev,
1116 bdaddr_t *bdaddr, u8 type)
1117 {
1118 struct link_key *k;
1119
1120 list_for_each_entry(k, &hdev->link_keys, list)
1121 if (k->type == type && bacmp(bdaddr, &k->bdaddr) == 0)
1122 return k;
1123
1124 return NULL;
1125 }
1126 EXPORT_SYMBOL(hci_find_link_key_type);
1127
1128 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1129 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1130 {
1131 struct link_key *key, *old_key;
1132 u8 old_key_type, persistent;
1133
1134 old_key = hci_find_link_key(hdev, bdaddr);
1135 if (old_key) {
1136 old_key_type = old_key->type;
1137 key = old_key;
1138 } else {
1139 old_key_type = conn ? conn->key_type : 0xff;
1140 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1141 if (!key)
1142 return -ENOMEM;
1143 list_add(&key->list, &hdev->link_keys);
1144 }
1145
1146 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type);
1147
1148 /* Some buggy controller combinations generate a changed
1149 * combination key for legacy pairing even when there's no
1150 * previous key */
1151 if (type == HCI_LK_CHANGED_COMBINATION &&
1152 (!conn || conn->remote_auth == 0xff) &&
1153 old_key_type == 0xff) {
1154 type = HCI_LK_COMBINATION;
1155 if (conn)
1156 conn->key_type = type;
1157 }
1158
1159 bacpy(&key->bdaddr, bdaddr);
1160 memcpy(key->val, val, 16);
1161 key->pin_len = pin_len;
1162
1163 if (type == HCI_LK_CHANGED_COMBINATION)
1164 key->type = old_key_type;
1165 else
1166 key->type = type;
1167
1168 if (!new_key)
1169 return 0;
1170
1171 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1172
1173 mgmt_new_link_key(hdev, key, persistent);
1174
1175 if (!persistent) {
1176 list_del(&key->list);
1177 kfree(key);
1178 }
1179
1180 return 0;
1181 }
1182
1183 int hci_add_ltk(struct hci_dev *hdev, int new_key, bdaddr_t *bdaddr,
1184 u8 key_size, __le16 ediv, u8 rand[8], u8 ltk[16])
1185 {
1186 struct link_key *key, *old_key;
1187 struct key_master_id *id;
1188 u8 old_key_type;
1189
1190 BT_DBG("%s addr %s", hdev->name, batostr(bdaddr));
1191
1192 old_key = hci_find_link_key_type(hdev, bdaddr, HCI_LK_SMP_LTK);
1193 if (old_key) {
1194 key = old_key;
1195 old_key_type = old_key->type;
1196 } else {
1197 key = kzalloc(sizeof(*key) + sizeof(*id), GFP_ATOMIC);
1198 if (!key)
1199 return -ENOMEM;
1200 list_add(&key->list, &hdev->link_keys);
1201 old_key_type = 0xff;
1202 }
1203
1204 key->dlen = sizeof(*id);
1205
1206 bacpy(&key->bdaddr, bdaddr);
1207 memcpy(key->val, ltk, sizeof(key->val));
1208 key->type = HCI_LK_SMP_LTK;
1209 key->pin_len = key_size;
1210
1211 id = (void *) &key->data;
1212 id->ediv = ediv;
1213 memcpy(id->rand, rand, sizeof(id->rand));
1214
1215 if (new_key)
1216 mgmt_new_link_key(hdev, key, old_key_type);
1217
1218 return 0;
1219 }
1220
1221 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1222 {
1223 struct link_key *key;
1224
1225 key = hci_find_link_key(hdev, bdaddr);
1226 if (!key)
1227 return -ENOENT;
1228
1229 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1230
1231 list_del(&key->list);
1232 kfree(key);
1233
1234 return 0;
1235 }
1236
1237 /* HCI command timer function */
1238 static void hci_cmd_timer(unsigned long arg)
1239 {
1240 struct hci_dev *hdev = (void *) arg;
1241
1242 BT_ERR("%s command tx timeout", hdev->name);
1243 atomic_set(&hdev->cmd_cnt, 1);
1244 queue_work(hdev->workqueue, &hdev->cmd_work);
1245 }
1246
1247 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1248 bdaddr_t *bdaddr)
1249 {
1250 struct oob_data *data;
1251
1252 list_for_each_entry(data, &hdev->remote_oob_data, list)
1253 if (bacmp(bdaddr, &data->bdaddr) == 0)
1254 return data;
1255
1256 return NULL;
1257 }
1258
1259 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1260 {
1261 struct oob_data *data;
1262
1263 data = hci_find_remote_oob_data(hdev, bdaddr);
1264 if (!data)
1265 return -ENOENT;
1266
1267 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1268
1269 list_del(&data->list);
1270 kfree(data);
1271
1272 return 0;
1273 }
1274
1275 int hci_remote_oob_data_clear(struct hci_dev *hdev)
1276 {
1277 struct oob_data *data, *n;
1278
1279 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1280 list_del(&data->list);
1281 kfree(data);
1282 }
1283
1284 return 0;
1285 }
1286
1287 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1288 u8 *randomizer)
1289 {
1290 struct oob_data *data;
1291
1292 data = hci_find_remote_oob_data(hdev, bdaddr);
1293
1294 if (!data) {
1295 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1296 if (!data)
1297 return -ENOMEM;
1298
1299 bacpy(&data->bdaddr, bdaddr);
1300 list_add(&data->list, &hdev->remote_oob_data);
1301 }
1302
1303 memcpy(data->hash, hash, sizeof(data->hash));
1304 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1305
1306 BT_DBG("%s for %s", hdev->name, batostr(bdaddr));
1307
1308 return 0;
1309 }
1310
1311 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev,
1312 bdaddr_t *bdaddr)
1313 {
1314 struct bdaddr_list *b;
1315
1316 list_for_each_entry(b, &hdev->blacklist, list)
1317 if (bacmp(bdaddr, &b->bdaddr) == 0)
1318 return b;
1319
1320 return NULL;
1321 }
1322
1323 int hci_blacklist_clear(struct hci_dev *hdev)
1324 {
1325 struct list_head *p, *n;
1326
1327 list_for_each_safe(p, n, &hdev->blacklist) {
1328 struct bdaddr_list *b;
1329
1330 b = list_entry(p, struct bdaddr_list, list);
1331
1332 list_del(p);
1333 kfree(b);
1334 }
1335
1336 return 0;
1337 }
1338
1339 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr)
1340 {
1341 struct bdaddr_list *entry;
1342
1343 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1344 return -EBADF;
1345
1346 if (hci_blacklist_lookup(hdev, bdaddr))
1347 return -EEXIST;
1348
1349 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
1350 if (!entry)
1351 return -ENOMEM;
1352
1353 bacpy(&entry->bdaddr, bdaddr);
1354
1355 list_add(&entry->list, &hdev->blacklist);
1356
1357 return mgmt_device_blocked(hdev, bdaddr);
1358 }
1359
1360 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr)
1361 {
1362 struct bdaddr_list *entry;
1363
1364 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1365 return hci_blacklist_clear(hdev);
1366
1367 entry = hci_blacklist_lookup(hdev, bdaddr);
1368 if (!entry)
1369 return -ENOENT;
1370
1371 list_del(&entry->list);
1372 kfree(entry);
1373
1374 return mgmt_device_unblocked(hdev, bdaddr);
1375 }
1376
1377 static void hci_clear_adv_cache(struct work_struct *work)
1378 {
1379 struct hci_dev *hdev = container_of(work, struct hci_dev,
1380 adv_work.work);
1381
1382 hci_dev_lock(hdev);
1383
1384 hci_adv_entries_clear(hdev);
1385
1386 hci_dev_unlock(hdev);
1387 }
1388
1389 int hci_adv_entries_clear(struct hci_dev *hdev)
1390 {
1391 struct adv_entry *entry, *tmp;
1392
1393 list_for_each_entry_safe(entry, tmp, &hdev->adv_entries, list) {
1394 list_del(&entry->list);
1395 kfree(entry);
1396 }
1397
1398 BT_DBG("%s adv cache cleared", hdev->name);
1399
1400 return 0;
1401 }
1402
1403 struct adv_entry *hci_find_adv_entry(struct hci_dev *hdev, bdaddr_t *bdaddr)
1404 {
1405 struct adv_entry *entry;
1406
1407 list_for_each_entry(entry, &hdev->adv_entries, list)
1408 if (bacmp(bdaddr, &entry->bdaddr) == 0)
1409 return entry;
1410
1411 return NULL;
1412 }
1413
1414 static inline int is_connectable_adv(u8 evt_type)
1415 {
1416 if (evt_type == ADV_IND || evt_type == ADV_DIRECT_IND)
1417 return 1;
1418
1419 return 0;
1420 }
1421
1422 int hci_add_adv_entry(struct hci_dev *hdev,
1423 struct hci_ev_le_advertising_info *ev)
1424 {
1425 struct adv_entry *entry;
1426
1427 if (!is_connectable_adv(ev->evt_type))
1428 return -EINVAL;
1429
1430 /* Only new entries should be added to adv_entries. So, if
1431 * bdaddr was found, don't add it. */
1432 if (hci_find_adv_entry(hdev, &ev->bdaddr))
1433 return 0;
1434
1435 entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
1436 if (!entry)
1437 return -ENOMEM;
1438
1439 bacpy(&entry->bdaddr, &ev->bdaddr);
1440 entry->bdaddr_type = ev->bdaddr_type;
1441
1442 list_add(&entry->list, &hdev->adv_entries);
1443
1444 BT_DBG("%s adv entry added: address %s type %u", hdev->name,
1445 batostr(&entry->bdaddr), entry->bdaddr_type);
1446
1447 return 0;
1448 }
1449
1450 /* Register HCI device */
1451 int hci_register_dev(struct hci_dev *hdev)
1452 {
1453 struct list_head *head = &hci_dev_list, *p;
1454 int i, id, error;
1455
1456 BT_DBG("%p name %s bus %d owner %p", hdev, hdev->name,
1457 hdev->bus, hdev->owner);
1458
1459 if (!hdev->open || !hdev->close || !hdev->destruct)
1460 return -EINVAL;
1461
1462 /* Do not allow HCI_AMP devices to register at index 0,
1463 * so the index can be used as the AMP controller ID.
1464 */
1465 id = (hdev->dev_type == HCI_BREDR) ? 0 : 1;
1466
1467 write_lock(&hci_dev_list_lock);
1468
1469 /* Find first available device id */
1470 list_for_each(p, &hci_dev_list) {
1471 if (list_entry(p, struct hci_dev, list)->id != id)
1472 break;
1473 head = p; id++;
1474 }
1475
1476 sprintf(hdev->name, "hci%d", id);
1477 hdev->id = id;
1478 list_add_tail(&hdev->list, head);
1479
1480 atomic_set(&hdev->refcnt, 1);
1481 mutex_init(&hdev->lock);
1482
1483 hdev->flags = 0;
1484 hdev->dev_flags = 0;
1485 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
1486 hdev->esco_type = (ESCO_HV1);
1487 hdev->link_mode = (HCI_LM_ACCEPT);
1488 hdev->io_capability = 0x03; /* No Input No Output */
1489
1490 hdev->idle_timeout = 0;
1491 hdev->sniff_max_interval = 800;
1492 hdev->sniff_min_interval = 80;
1493
1494 INIT_WORK(&hdev->rx_work, hci_rx_work);
1495 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
1496 INIT_WORK(&hdev->tx_work, hci_tx_work);
1497
1498
1499 skb_queue_head_init(&hdev->rx_q);
1500 skb_queue_head_init(&hdev->cmd_q);
1501 skb_queue_head_init(&hdev->raw_q);
1502
1503 setup_timer(&hdev->cmd_timer, hci_cmd_timer, (unsigned long) hdev);
1504
1505 for (i = 0; i < NUM_REASSEMBLY; i++)
1506 hdev->reassembly[i] = NULL;
1507
1508 init_waitqueue_head(&hdev->req_wait_q);
1509 mutex_init(&hdev->req_lock);
1510
1511 inquiry_cache_init(hdev);
1512
1513 hci_conn_hash_init(hdev);
1514
1515 INIT_LIST_HEAD(&hdev->mgmt_pending);
1516
1517 INIT_LIST_HEAD(&hdev->blacklist);
1518
1519 INIT_LIST_HEAD(&hdev->uuids);
1520
1521 INIT_LIST_HEAD(&hdev->link_keys);
1522
1523 INIT_LIST_HEAD(&hdev->remote_oob_data);
1524
1525 INIT_LIST_HEAD(&hdev->adv_entries);
1526
1527 INIT_DELAYED_WORK(&hdev->adv_work, hci_clear_adv_cache);
1528 INIT_WORK(&hdev->power_on, hci_power_on);
1529 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
1530
1531 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
1532
1533 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1534
1535 atomic_set(&hdev->promisc, 0);
1536
1537 write_unlock(&hci_dev_list_lock);
1538
1539 hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
1540 WQ_MEM_RECLAIM, 1);
1541 if (!hdev->workqueue) {
1542 error = -ENOMEM;
1543 goto err;
1544 }
1545
1546 error = hci_add_sysfs(hdev);
1547 if (error < 0)
1548 goto err_wqueue;
1549
1550 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
1551 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, hdev);
1552 if (hdev->rfkill) {
1553 if (rfkill_register(hdev->rfkill) < 0) {
1554 rfkill_destroy(hdev->rfkill);
1555 hdev->rfkill = NULL;
1556 }
1557 }
1558
1559 set_bit(HCI_AUTO_OFF, &hdev->flags);
1560 set_bit(HCI_SETUP, &hdev->flags);
1561 schedule_work(&hdev->power_on);
1562
1563 hci_notify(hdev, HCI_DEV_REG);
1564
1565 return id;
1566
1567 err_wqueue:
1568 destroy_workqueue(hdev->workqueue);
1569 err:
1570 write_lock(&hci_dev_list_lock);
1571 list_del(&hdev->list);
1572 write_unlock(&hci_dev_list_lock);
1573
1574 return error;
1575 }
1576 EXPORT_SYMBOL(hci_register_dev);
1577
1578 /* Unregister HCI device */
1579 void hci_unregister_dev(struct hci_dev *hdev)
1580 {
1581 int i;
1582
1583 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1584
1585 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
1586
1587 write_lock(&hci_dev_list_lock);
1588 list_del(&hdev->list);
1589 write_unlock(&hci_dev_list_lock);
1590
1591 hci_dev_do_close(hdev);
1592
1593 for (i = 0; i < NUM_REASSEMBLY; i++)
1594 kfree_skb(hdev->reassembly[i]);
1595
1596 if (!test_bit(HCI_INIT, &hdev->flags) &&
1597 !test_bit(HCI_SETUP, &hdev->flags)) {
1598 hci_dev_lock(hdev);
1599 mgmt_index_removed(hdev);
1600 hci_dev_unlock(hdev);
1601 }
1602
1603 /* mgmt_index_removed should take care of emptying the
1604 * pending list */
1605 BUG_ON(!list_empty(&hdev->mgmt_pending));
1606
1607 hci_notify(hdev, HCI_DEV_UNREG);
1608
1609 if (hdev->rfkill) {
1610 rfkill_unregister(hdev->rfkill);
1611 rfkill_destroy(hdev->rfkill);
1612 }
1613
1614 hci_del_sysfs(hdev);
1615
1616 cancel_delayed_work_sync(&hdev->adv_work);
1617
1618 destroy_workqueue(hdev->workqueue);
1619
1620 hci_dev_lock(hdev);
1621 hci_blacklist_clear(hdev);
1622 hci_uuids_clear(hdev);
1623 hci_link_keys_clear(hdev);
1624 hci_remote_oob_data_clear(hdev);
1625 hci_adv_entries_clear(hdev);
1626 hci_dev_unlock(hdev);
1627
1628 __hci_dev_put(hdev);
1629 }
1630 EXPORT_SYMBOL(hci_unregister_dev);
1631
1632 /* Suspend HCI device */
1633 int hci_suspend_dev(struct hci_dev *hdev)
1634 {
1635 hci_notify(hdev, HCI_DEV_SUSPEND);
1636 return 0;
1637 }
1638 EXPORT_SYMBOL(hci_suspend_dev);
1639
1640 /* Resume HCI device */
1641 int hci_resume_dev(struct hci_dev *hdev)
1642 {
1643 hci_notify(hdev, HCI_DEV_RESUME);
1644 return 0;
1645 }
1646 EXPORT_SYMBOL(hci_resume_dev);
1647
1648 /* Receive frame from HCI drivers */
1649 int hci_recv_frame(struct sk_buff *skb)
1650 {
1651 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1652 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1653 && !test_bit(HCI_INIT, &hdev->flags))) {
1654 kfree_skb(skb);
1655 return -ENXIO;
1656 }
1657
1658 /* Incomming skb */
1659 bt_cb(skb)->incoming = 1;
1660
1661 /* Time stamp */
1662 __net_timestamp(skb);
1663
1664 skb_queue_tail(&hdev->rx_q, skb);
1665 queue_work(hdev->workqueue, &hdev->rx_work);
1666
1667 return 0;
1668 }
1669 EXPORT_SYMBOL(hci_recv_frame);
1670
1671 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1672 int count, __u8 index)
1673 {
1674 int len = 0;
1675 int hlen = 0;
1676 int remain = count;
1677 struct sk_buff *skb;
1678 struct bt_skb_cb *scb;
1679
1680 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1681 index >= NUM_REASSEMBLY)
1682 return -EILSEQ;
1683
1684 skb = hdev->reassembly[index];
1685
1686 if (!skb) {
1687 switch (type) {
1688 case HCI_ACLDATA_PKT:
1689 len = HCI_MAX_FRAME_SIZE;
1690 hlen = HCI_ACL_HDR_SIZE;
1691 break;
1692 case HCI_EVENT_PKT:
1693 len = HCI_MAX_EVENT_SIZE;
1694 hlen = HCI_EVENT_HDR_SIZE;
1695 break;
1696 case HCI_SCODATA_PKT:
1697 len = HCI_MAX_SCO_SIZE;
1698 hlen = HCI_SCO_HDR_SIZE;
1699 break;
1700 }
1701
1702 skb = bt_skb_alloc(len, GFP_ATOMIC);
1703 if (!skb)
1704 return -ENOMEM;
1705
1706 scb = (void *) skb->cb;
1707 scb->expect = hlen;
1708 scb->pkt_type = type;
1709
1710 skb->dev = (void *) hdev;
1711 hdev->reassembly[index] = skb;
1712 }
1713
1714 while (count) {
1715 scb = (void *) skb->cb;
1716 len = min(scb->expect, (__u16)count);
1717
1718 memcpy(skb_put(skb, len), data, len);
1719
1720 count -= len;
1721 data += len;
1722 scb->expect -= len;
1723 remain = count;
1724
1725 switch (type) {
1726 case HCI_EVENT_PKT:
1727 if (skb->len == HCI_EVENT_HDR_SIZE) {
1728 struct hci_event_hdr *h = hci_event_hdr(skb);
1729 scb->expect = h->plen;
1730
1731 if (skb_tailroom(skb) < scb->expect) {
1732 kfree_skb(skb);
1733 hdev->reassembly[index] = NULL;
1734 return -ENOMEM;
1735 }
1736 }
1737 break;
1738
1739 case HCI_ACLDATA_PKT:
1740 if (skb->len == HCI_ACL_HDR_SIZE) {
1741 struct hci_acl_hdr *h = hci_acl_hdr(skb);
1742 scb->expect = __le16_to_cpu(h->dlen);
1743
1744 if (skb_tailroom(skb) < scb->expect) {
1745 kfree_skb(skb);
1746 hdev->reassembly[index] = NULL;
1747 return -ENOMEM;
1748 }
1749 }
1750 break;
1751
1752 case HCI_SCODATA_PKT:
1753 if (skb->len == HCI_SCO_HDR_SIZE) {
1754 struct hci_sco_hdr *h = hci_sco_hdr(skb);
1755 scb->expect = h->dlen;
1756
1757 if (skb_tailroom(skb) < scb->expect) {
1758 kfree_skb(skb);
1759 hdev->reassembly[index] = NULL;
1760 return -ENOMEM;
1761 }
1762 }
1763 break;
1764 }
1765
1766 if (scb->expect == 0) {
1767 /* Complete frame */
1768
1769 bt_cb(skb)->pkt_type = type;
1770 hci_recv_frame(skb);
1771
1772 hdev->reassembly[index] = NULL;
1773 return remain;
1774 }
1775 }
1776
1777 return remain;
1778 }
1779
1780 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1781 {
1782 int rem = 0;
1783
1784 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
1785 return -EILSEQ;
1786
1787 while (count) {
1788 rem = hci_reassembly(hdev, type, data, count, type - 1);
1789 if (rem < 0)
1790 return rem;
1791
1792 data += (count - rem);
1793 count = rem;
1794 }
1795
1796 return rem;
1797 }
1798 EXPORT_SYMBOL(hci_recv_fragment);
1799
1800 #define STREAM_REASSEMBLY 0
1801
1802 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
1803 {
1804 int type;
1805 int rem = 0;
1806
1807 while (count) {
1808 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
1809
1810 if (!skb) {
1811 struct { char type; } *pkt;
1812
1813 /* Start of the frame */
1814 pkt = data;
1815 type = pkt->type;
1816
1817 data++;
1818 count--;
1819 } else
1820 type = bt_cb(skb)->pkt_type;
1821
1822 rem = hci_reassembly(hdev, type, data, count,
1823 STREAM_REASSEMBLY);
1824 if (rem < 0)
1825 return rem;
1826
1827 data += (count - rem);
1828 count = rem;
1829 }
1830
1831 return rem;
1832 }
1833 EXPORT_SYMBOL(hci_recv_stream_fragment);
1834
1835 /* ---- Interface to upper protocols ---- */
1836
1837 int hci_register_cb(struct hci_cb *cb)
1838 {
1839 BT_DBG("%p name %s", cb, cb->name);
1840
1841 write_lock(&hci_cb_list_lock);
1842 list_add(&cb->list, &hci_cb_list);
1843 write_unlock(&hci_cb_list_lock);
1844
1845 return 0;
1846 }
1847 EXPORT_SYMBOL(hci_register_cb);
1848
1849 int hci_unregister_cb(struct hci_cb *cb)
1850 {
1851 BT_DBG("%p name %s", cb, cb->name);
1852
1853 write_lock(&hci_cb_list_lock);
1854 list_del(&cb->list);
1855 write_unlock(&hci_cb_list_lock);
1856
1857 return 0;
1858 }
1859 EXPORT_SYMBOL(hci_unregister_cb);
1860
1861 static int hci_send_frame(struct sk_buff *skb)
1862 {
1863 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1864
1865 if (!hdev) {
1866 kfree_skb(skb);
1867 return -ENODEV;
1868 }
1869
1870 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
1871
1872 if (atomic_read(&hdev->promisc)) {
1873 /* Time stamp */
1874 __net_timestamp(skb);
1875
1876 hci_send_to_sock(hdev, skb, NULL);
1877 }
1878
1879 /* Get rid of skb owner, prior to sending to the driver. */
1880 skb_orphan(skb);
1881
1882 return hdev->send(skb);
1883 }
1884
1885 /* Send HCI command */
1886 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
1887 {
1888 int len = HCI_COMMAND_HDR_SIZE + plen;
1889 struct hci_command_hdr *hdr;
1890 struct sk_buff *skb;
1891
1892 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen);
1893
1894 skb = bt_skb_alloc(len, GFP_ATOMIC);
1895 if (!skb) {
1896 BT_ERR("%s no memory for command", hdev->name);
1897 return -ENOMEM;
1898 }
1899
1900 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
1901 hdr->opcode = cpu_to_le16(opcode);
1902 hdr->plen = plen;
1903
1904 if (plen)
1905 memcpy(skb_put(skb, plen), param, plen);
1906
1907 BT_DBG("skb len %d", skb->len);
1908
1909 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
1910 skb->dev = (void *) hdev;
1911
1912 if (test_bit(HCI_INIT, &hdev->flags))
1913 hdev->init_last_cmd = opcode;
1914
1915 skb_queue_tail(&hdev->cmd_q, skb);
1916 queue_work(hdev->workqueue, &hdev->cmd_work);
1917
1918 return 0;
1919 }
1920
1921 /* Get data from the previously sent command */
1922 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
1923 {
1924 struct hci_command_hdr *hdr;
1925
1926 if (!hdev->sent_cmd)
1927 return NULL;
1928
1929 hdr = (void *) hdev->sent_cmd->data;
1930
1931 if (hdr->opcode != cpu_to_le16(opcode))
1932 return NULL;
1933
1934 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1935
1936 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
1937 }
1938
1939 /* Send ACL data */
1940 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
1941 {
1942 struct hci_acl_hdr *hdr;
1943 int len = skb->len;
1944
1945 skb_push(skb, HCI_ACL_HDR_SIZE);
1946 skb_reset_transport_header(skb);
1947 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
1948 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
1949 hdr->dlen = cpu_to_le16(len);
1950 }
1951
1952 static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
1953 struct sk_buff *skb, __u16 flags)
1954 {
1955 struct hci_dev *hdev = conn->hdev;
1956 struct sk_buff *list;
1957
1958 list = skb_shinfo(skb)->frag_list;
1959 if (!list) {
1960 /* Non fragmented */
1961 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
1962
1963 skb_queue_tail(queue, skb);
1964 } else {
1965 /* Fragmented */
1966 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1967
1968 skb_shinfo(skb)->frag_list = NULL;
1969
1970 /* Queue all fragments atomically */
1971 spin_lock(&queue->lock);
1972
1973 __skb_queue_tail(queue, skb);
1974
1975 flags &= ~ACL_START;
1976 flags |= ACL_CONT;
1977 do {
1978 skb = list; list = list->next;
1979
1980 skb->dev = (void *) hdev;
1981 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1982 hci_add_acl_hdr(skb, conn->handle, flags);
1983
1984 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1985
1986 __skb_queue_tail(queue, skb);
1987 } while (list);
1988
1989 spin_unlock(&queue->lock);
1990 }
1991 }
1992
1993 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
1994 {
1995 struct hci_conn *conn = chan->conn;
1996 struct hci_dev *hdev = conn->hdev;
1997
1998 BT_DBG("%s chan %p flags 0x%x", hdev->name, chan, flags);
1999
2000 skb->dev = (void *) hdev;
2001 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2002 hci_add_acl_hdr(skb, conn->handle, flags);
2003
2004 hci_queue_acl(conn, &chan->data_q, skb, flags);
2005
2006 queue_work(hdev->workqueue, &hdev->tx_work);
2007 }
2008 EXPORT_SYMBOL(hci_send_acl);
2009
2010 /* Send SCO data */
2011 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
2012 {
2013 struct hci_dev *hdev = conn->hdev;
2014 struct hci_sco_hdr hdr;
2015
2016 BT_DBG("%s len %d", hdev->name, skb->len);
2017
2018 hdr.handle = cpu_to_le16(conn->handle);
2019 hdr.dlen = skb->len;
2020
2021 skb_push(skb, HCI_SCO_HDR_SIZE);
2022 skb_reset_transport_header(skb);
2023 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
2024
2025 skb->dev = (void *) hdev;
2026 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
2027
2028 skb_queue_tail(&conn->data_q, skb);
2029 queue_work(hdev->workqueue, &hdev->tx_work);
2030 }
2031 EXPORT_SYMBOL(hci_send_sco);
2032
2033 /* ---- HCI TX task (outgoing data) ---- */
2034
2035 /* HCI Connection scheduler */
2036 static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
2037 {
2038 struct hci_conn_hash *h = &hdev->conn_hash;
2039 struct hci_conn *conn = NULL, *c;
2040 int num = 0, min = ~0;
2041
2042 /* We don't have to lock device here. Connections are always
2043 * added and removed with TX task disabled. */
2044
2045 rcu_read_lock();
2046
2047 list_for_each_entry_rcu(c, &h->list, list) {
2048 if (c->type != type || skb_queue_empty(&c->data_q))
2049 continue;
2050
2051 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2052 continue;
2053
2054 num++;
2055
2056 if (c->sent < min) {
2057 min = c->sent;
2058 conn = c;
2059 }
2060
2061 if (hci_conn_num(hdev, type) == num)
2062 break;
2063 }
2064
2065 rcu_read_unlock();
2066
2067 if (conn) {
2068 int cnt, q;
2069
2070 switch (conn->type) {
2071 case ACL_LINK:
2072 cnt = hdev->acl_cnt;
2073 break;
2074 case SCO_LINK:
2075 case ESCO_LINK:
2076 cnt = hdev->sco_cnt;
2077 break;
2078 case LE_LINK:
2079 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2080 break;
2081 default:
2082 cnt = 0;
2083 BT_ERR("Unknown link type");
2084 }
2085
2086 q = cnt / num;
2087 *quote = q ? q : 1;
2088 } else
2089 *quote = 0;
2090
2091 BT_DBG("conn %p quote %d", conn, *quote);
2092 return conn;
2093 }
2094
2095 static inline void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2096 {
2097 struct hci_conn_hash *h = &hdev->conn_hash;
2098 struct hci_conn *c;
2099
2100 BT_ERR("%s link tx timeout", hdev->name);
2101
2102 rcu_read_lock();
2103
2104 /* Kill stalled connections */
2105 list_for_each_entry_rcu(c, &h->list, list) {
2106 if (c->type == type && c->sent) {
2107 BT_ERR("%s killing stalled connection %s",
2108 hdev->name, batostr(&c->dst));
2109 hci_acl_disconn(c, 0x13);
2110 }
2111 }
2112
2113 rcu_read_unlock();
2114 }
2115
2116 static inline struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2117 int *quote)
2118 {
2119 struct hci_conn_hash *h = &hdev->conn_hash;
2120 struct hci_chan *chan = NULL;
2121 int num = 0, min = ~0, cur_prio = 0;
2122 struct hci_conn *conn;
2123 int cnt, q, conn_num = 0;
2124
2125 BT_DBG("%s", hdev->name);
2126
2127 rcu_read_lock();
2128
2129 list_for_each_entry_rcu(conn, &h->list, list) {
2130 struct hci_chan *tmp;
2131
2132 if (conn->type != type)
2133 continue;
2134
2135 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2136 continue;
2137
2138 conn_num++;
2139
2140 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
2141 struct sk_buff *skb;
2142
2143 if (skb_queue_empty(&tmp->data_q))
2144 continue;
2145
2146 skb = skb_peek(&tmp->data_q);
2147 if (skb->priority < cur_prio)
2148 continue;
2149
2150 if (skb->priority > cur_prio) {
2151 num = 0;
2152 min = ~0;
2153 cur_prio = skb->priority;
2154 }
2155
2156 num++;
2157
2158 if (conn->sent < min) {
2159 min = conn->sent;
2160 chan = tmp;
2161 }
2162 }
2163
2164 if (hci_conn_num(hdev, type) == conn_num)
2165 break;
2166 }
2167
2168 rcu_read_unlock();
2169
2170 if (!chan)
2171 return NULL;
2172
2173 switch (chan->conn->type) {
2174 case ACL_LINK:
2175 cnt = hdev->acl_cnt;
2176 break;
2177 case SCO_LINK:
2178 case ESCO_LINK:
2179 cnt = hdev->sco_cnt;
2180 break;
2181 case LE_LINK:
2182 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2183 break;
2184 default:
2185 cnt = 0;
2186 BT_ERR("Unknown link type");
2187 }
2188
2189 q = cnt / num;
2190 *quote = q ? q : 1;
2191 BT_DBG("chan %p quote %d", chan, *quote);
2192 return chan;
2193 }
2194
2195 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2196 {
2197 struct hci_conn_hash *h = &hdev->conn_hash;
2198 struct hci_conn *conn;
2199 int num = 0;
2200
2201 BT_DBG("%s", hdev->name);
2202
2203 rcu_read_lock();
2204
2205 list_for_each_entry_rcu(conn, &h->list, list) {
2206 struct hci_chan *chan;
2207
2208 if (conn->type != type)
2209 continue;
2210
2211 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2212 continue;
2213
2214 num++;
2215
2216 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
2217 struct sk_buff *skb;
2218
2219 if (chan->sent) {
2220 chan->sent = 0;
2221 continue;
2222 }
2223
2224 if (skb_queue_empty(&chan->data_q))
2225 continue;
2226
2227 skb = skb_peek(&chan->data_q);
2228 if (skb->priority >= HCI_PRIO_MAX - 1)
2229 continue;
2230
2231 skb->priority = HCI_PRIO_MAX - 1;
2232
2233 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
2234 skb->priority);
2235 }
2236
2237 if (hci_conn_num(hdev, type) == num)
2238 break;
2239 }
2240
2241 rcu_read_unlock();
2242
2243 }
2244
2245 static inline void hci_sched_acl(struct hci_dev *hdev)
2246 {
2247 struct hci_chan *chan;
2248 struct sk_buff *skb;
2249 int quote;
2250 unsigned int cnt;
2251
2252 BT_DBG("%s", hdev->name);
2253
2254 if (!hci_conn_num(hdev, ACL_LINK))
2255 return;
2256
2257 if (!test_bit(HCI_RAW, &hdev->flags)) {
2258 /* ACL tx timeout must be longer than maximum
2259 * link supervision timeout (40.9 seconds) */
2260 if (!hdev->acl_cnt && time_after(jiffies, hdev->acl_last_tx + HZ * 45))
2261 hci_link_tx_to(hdev, ACL_LINK);
2262 }
2263
2264 cnt = hdev->acl_cnt;
2265
2266 while (hdev->acl_cnt &&
2267 (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) {
2268 u32 priority = (skb_peek(&chan->data_q))->priority;
2269 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2270 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2271 skb->len, skb->priority);
2272
2273 /* Stop if priority has changed */
2274 if (skb->priority < priority)
2275 break;
2276
2277 skb = skb_dequeue(&chan->data_q);
2278
2279 hci_conn_enter_active_mode(chan->conn,
2280 bt_cb(skb)->force_active);
2281
2282 hci_send_frame(skb);
2283 hdev->acl_last_tx = jiffies;
2284
2285 hdev->acl_cnt--;
2286 chan->sent++;
2287 chan->conn->sent++;
2288 }
2289 }
2290
2291 if (cnt != hdev->acl_cnt)
2292 hci_prio_recalculate(hdev, ACL_LINK);
2293 }
2294
2295 /* Schedule SCO */
2296 static inline void hci_sched_sco(struct hci_dev *hdev)
2297 {
2298 struct hci_conn *conn;
2299 struct sk_buff *skb;
2300 int quote;
2301
2302 BT_DBG("%s", hdev->name);
2303
2304 if (!hci_conn_num(hdev, SCO_LINK))
2305 return;
2306
2307 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, &quote))) {
2308 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2309 BT_DBG("skb %p len %d", skb, skb->len);
2310 hci_send_frame(skb);
2311
2312 conn->sent++;
2313 if (conn->sent == ~0)
2314 conn->sent = 0;
2315 }
2316 }
2317 }
2318
2319 static inline void hci_sched_esco(struct hci_dev *hdev)
2320 {
2321 struct hci_conn *conn;
2322 struct sk_buff *skb;
2323 int quote;
2324
2325 BT_DBG("%s", hdev->name);
2326
2327 if (!hci_conn_num(hdev, ESCO_LINK))
2328 return;
2329
2330 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, &quote))) {
2331 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2332 BT_DBG("skb %p len %d", skb, skb->len);
2333 hci_send_frame(skb);
2334
2335 conn->sent++;
2336 if (conn->sent == ~0)
2337 conn->sent = 0;
2338 }
2339 }
2340 }
2341
2342 static inline void hci_sched_le(struct hci_dev *hdev)
2343 {
2344 struct hci_chan *chan;
2345 struct sk_buff *skb;
2346 int quote, cnt, tmp;
2347
2348 BT_DBG("%s", hdev->name);
2349
2350 if (!hci_conn_num(hdev, LE_LINK))
2351 return;
2352
2353 if (!test_bit(HCI_RAW, &hdev->flags)) {
2354 /* LE tx timeout must be longer than maximum
2355 * link supervision timeout (40.9 seconds) */
2356 if (!hdev->le_cnt && hdev->le_pkts &&
2357 time_after(jiffies, hdev->le_last_tx + HZ * 45))
2358 hci_link_tx_to(hdev, LE_LINK);
2359 }
2360
2361 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
2362 tmp = cnt;
2363 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, &quote))) {
2364 u32 priority = (skb_peek(&chan->data_q))->priority;
2365 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2366 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2367 skb->len, skb->priority);
2368
2369 /* Stop if priority has changed */
2370 if (skb->priority < priority)
2371 break;
2372
2373 skb = skb_dequeue(&chan->data_q);
2374
2375 hci_send_frame(skb);
2376 hdev->le_last_tx = jiffies;
2377
2378 cnt--;
2379 chan->sent++;
2380 chan->conn->sent++;
2381 }
2382 }
2383
2384 if (hdev->le_pkts)
2385 hdev->le_cnt = cnt;
2386 else
2387 hdev->acl_cnt = cnt;
2388
2389 if (cnt != tmp)
2390 hci_prio_recalculate(hdev, LE_LINK);
2391 }
2392
2393 static void hci_tx_work(struct work_struct *work)
2394 {
2395 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
2396 struct sk_buff *skb;
2397
2398 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
2399 hdev->sco_cnt, hdev->le_cnt);
2400
2401 /* Schedule queues and send stuff to HCI driver */
2402
2403 hci_sched_acl(hdev);
2404
2405 hci_sched_sco(hdev);
2406
2407 hci_sched_esco(hdev);
2408
2409 hci_sched_le(hdev);
2410
2411 /* Send next queued raw (unknown type) packet */
2412 while ((skb = skb_dequeue(&hdev->raw_q)))
2413 hci_send_frame(skb);
2414 }
2415
2416 /* ----- HCI RX task (incoming data processing) ----- */
2417
2418 /* ACL data packet */
2419 static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2420 {
2421 struct hci_acl_hdr *hdr = (void *) skb->data;
2422 struct hci_conn *conn;
2423 __u16 handle, flags;
2424
2425 skb_pull(skb, HCI_ACL_HDR_SIZE);
2426
2427 handle = __le16_to_cpu(hdr->handle);
2428 flags = hci_flags(handle);
2429 handle = hci_handle(handle);
2430
2431 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
2432
2433 hdev->stat.acl_rx++;
2434
2435 hci_dev_lock(hdev);
2436 conn = hci_conn_hash_lookup_handle(hdev, handle);
2437 hci_dev_unlock(hdev);
2438
2439 if (conn) {
2440 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
2441
2442 /* Send to upper protocol */
2443 l2cap_recv_acldata(conn, skb, flags);
2444 return;
2445 } else {
2446 BT_ERR("%s ACL packet for unknown connection handle %d",
2447 hdev->name, handle);
2448 }
2449
2450 kfree_skb(skb);
2451 }
2452
2453 /* SCO data packet */
2454 static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2455 {
2456 struct hci_sco_hdr *hdr = (void *) skb->data;
2457 struct hci_conn *conn;
2458 __u16 handle;
2459
2460 skb_pull(skb, HCI_SCO_HDR_SIZE);
2461
2462 handle = __le16_to_cpu(hdr->handle);
2463
2464 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
2465
2466 hdev->stat.sco_rx++;
2467
2468 hci_dev_lock(hdev);
2469 conn = hci_conn_hash_lookup_handle(hdev, handle);
2470 hci_dev_unlock(hdev);
2471
2472 if (conn) {
2473 /* Send to upper protocol */
2474 sco_recv_scodata(conn, skb);
2475 return;
2476 } else {
2477 BT_ERR("%s SCO packet for unknown connection handle %d",
2478 hdev->name, handle);
2479 }
2480
2481 kfree_skb(skb);
2482 }
2483
2484 static void hci_rx_work(struct work_struct *work)
2485 {
2486 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
2487 struct sk_buff *skb;
2488
2489 BT_DBG("%s", hdev->name);
2490
2491 while ((skb = skb_dequeue(&hdev->rx_q))) {
2492 if (atomic_read(&hdev->promisc)) {
2493 /* Send copy to the sockets */
2494 hci_send_to_sock(hdev, skb, NULL);
2495 }
2496
2497 if (test_bit(HCI_RAW, &hdev->flags)) {
2498 kfree_skb(skb);
2499 continue;
2500 }
2501
2502 if (test_bit(HCI_INIT, &hdev->flags)) {
2503 /* Don't process data packets in this states. */
2504 switch (bt_cb(skb)->pkt_type) {
2505 case HCI_ACLDATA_PKT:
2506 case HCI_SCODATA_PKT:
2507 kfree_skb(skb);
2508 continue;
2509 }
2510 }
2511
2512 /* Process frame */
2513 switch (bt_cb(skb)->pkt_type) {
2514 case HCI_EVENT_PKT:
2515 BT_DBG("%s Event packet", hdev->name);
2516 hci_event_packet(hdev, skb);
2517 break;
2518
2519 case HCI_ACLDATA_PKT:
2520 BT_DBG("%s ACL data packet", hdev->name);
2521 hci_acldata_packet(hdev, skb);
2522 break;
2523
2524 case HCI_SCODATA_PKT:
2525 BT_DBG("%s SCO data packet", hdev->name);
2526 hci_scodata_packet(hdev, skb);
2527 break;
2528
2529 default:
2530 kfree_skb(skb);
2531 break;
2532 }
2533 }
2534 }
2535
2536 static void hci_cmd_work(struct work_struct *work)
2537 {
2538 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
2539 struct sk_buff *skb;
2540
2541 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
2542
2543 /* Send queued commands */
2544 if (atomic_read(&hdev->cmd_cnt)) {
2545 skb = skb_dequeue(&hdev->cmd_q);
2546 if (!skb)
2547 return;
2548
2549 kfree_skb(hdev->sent_cmd);
2550
2551 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
2552 if (hdev->sent_cmd) {
2553 atomic_dec(&hdev->cmd_cnt);
2554 hci_send_frame(skb);
2555 if (test_bit(HCI_RESET, &hdev->flags))
2556 del_timer(&hdev->cmd_timer);
2557 else
2558 mod_timer(&hdev->cmd_timer,
2559 jiffies + msecs_to_jiffies(HCI_CMD_TIMEOUT));
2560 } else {
2561 skb_queue_head(&hdev->cmd_q, skb);
2562 queue_work(hdev->workqueue, &hdev->cmd_work);
2563 }
2564 }
2565 }
2566
2567 int hci_do_inquiry(struct hci_dev *hdev, u8 length)
2568 {
2569 /* General inquiry access code (GIAC) */
2570 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2571 struct hci_cp_inquiry cp;
2572
2573 BT_DBG("%s", hdev->name);
2574
2575 if (test_bit(HCI_INQUIRY, &hdev->flags))
2576 return -EINPROGRESS;
2577
2578 memset(&cp, 0, sizeof(cp));
2579 memcpy(&cp.lap, lap, sizeof(cp.lap));
2580 cp.length = length;
2581
2582 return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
2583 }
2584
2585 int hci_cancel_inquiry(struct hci_dev *hdev)
2586 {
2587 BT_DBG("%s", hdev->name);
2588
2589 if (!test_bit(HCI_INQUIRY, &hdev->flags))
2590 return -EPERM;
2591
2592 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2593 }
2594
2595 module_param(enable_hs, bool, 0644);
2596 MODULE_PARM_DESC(enable_hs, "Enable High Speed");