2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/export.h>
29 #include <linux/idr.h>
30 #include <linux/rfkill.h>
31 #include <linux/debugfs.h>
32 #include <linux/crypto.h>
33 #include <asm/unaligned.h>
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37 #include <net/bluetooth/l2cap.h>
38 #include <net/bluetooth/mgmt.h>
40 #include "hci_request.h"
41 #include "hci_debugfs.h"
45 static void hci_rx_work(struct work_struct *work);
46 static void hci_cmd_work(struct work_struct *work);
47 static void hci_tx_work(struct work_struct *work);
50 LIST_HEAD(hci_dev_list);
51 DEFINE_RWLOCK(hci_dev_list_lock);
53 /* HCI callback list */
54 LIST_HEAD(hci_cb_list);
55 DEFINE_MUTEX(hci_cb_list_lock);
57 /* HCI ID Numbering */
58 static DEFINE_IDA(hci_index_ida);
60 /* ---- HCI debugfs entries ---- */
62 static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
63 size_t count, loff_t *ppos)
65 struct hci_dev *hdev = file->private_data;
68 buf[0] = hci_dev_test_flag(hdev, HCI_DUT_MODE) ? 'Y' : 'N';
71 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
74 static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
75 size_t count, loff_t *ppos)
77 struct hci_dev *hdev = file->private_data;
82 if (!test_bit(HCI_UP, &hdev->flags))
85 err = kstrtobool_from_user(user_buf, count, &enable);
89 if (enable == hci_dev_test_flag(hdev, HCI_DUT_MODE))
92 hci_req_sync_lock(hdev);
94 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
97 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
99 hci_req_sync_unlock(hdev);
106 hci_dev_change_flag(hdev, HCI_DUT_MODE);
111 static const struct file_operations dut_mode_fops = {
113 .read = dut_mode_read,
114 .write = dut_mode_write,
115 .llseek = default_llseek,
118 static ssize_t vendor_diag_read(struct file *file, char __user *user_buf,
119 size_t count, loff_t *ppos)
121 struct hci_dev *hdev = file->private_data;
124 buf[0] = hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) ? 'Y' : 'N';
127 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
130 static ssize_t vendor_diag_write(struct file *file, const char __user *user_buf,
131 size_t count, loff_t *ppos)
133 struct hci_dev *hdev = file->private_data;
137 err = kstrtobool_from_user(user_buf, count, &enable);
141 /* When the diagnostic flags are not persistent and the transport
142 * is not active or in user channel operation, then there is no need
143 * for the vendor callback. Instead just store the desired value and
144 * the setting will be programmed when the controller gets powered on.
146 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
147 (!test_bit(HCI_RUNNING, &hdev->flags) ||
148 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)))
151 hci_req_sync_lock(hdev);
152 err = hdev->set_diag(hdev, enable);
153 hci_req_sync_unlock(hdev);
160 hci_dev_set_flag(hdev, HCI_VENDOR_DIAG);
162 hci_dev_clear_flag(hdev, HCI_VENDOR_DIAG);
167 static const struct file_operations vendor_diag_fops = {
169 .read = vendor_diag_read,
170 .write = vendor_diag_write,
171 .llseek = default_llseek,
174 static void hci_debugfs_create_basic(struct hci_dev *hdev)
176 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
180 debugfs_create_file("vendor_diag", 0644, hdev->debugfs, hdev,
184 static int hci_reset_req(struct hci_request *req, unsigned long opt)
186 BT_DBG("%s %ld", req->hdev->name, opt);
189 set_bit(HCI_RESET, &req->hdev->flags);
190 hci_req_add(req, HCI_OP_RESET, 0, NULL);
194 static void bredr_init(struct hci_request *req)
196 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
198 /* Read Local Supported Features */
199 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
201 /* Read Local Version */
202 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
204 /* Read BD Address */
205 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
208 static void amp_init1(struct hci_request *req)
210 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
212 /* Read Local Version */
213 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
215 /* Read Local Supported Commands */
216 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
218 /* Read Local AMP Info */
219 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
221 /* Read Data Blk size */
222 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
224 /* Read Flow Control Mode */
225 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
227 /* Read Location Data */
228 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
231 static int amp_init2(struct hci_request *req)
233 /* Read Local Supported Features. Not all AMP controllers
234 * support this so it's placed conditionally in the second
237 if (req->hdev->commands[14] & 0x20)
238 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
243 static int hci_init1_req(struct hci_request *req, unsigned long opt)
245 struct hci_dev *hdev = req->hdev;
247 BT_DBG("%s %ld", hdev->name, opt);
250 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
251 hci_reset_req(req, 0);
253 switch (hdev->dev_type) {
261 bt_dev_err(hdev, "Unknown device type %d", hdev->dev_type);
268 static void bredr_setup(struct hci_request *req)
273 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
274 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
276 /* Read Class of Device */
277 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
279 /* Read Local Name */
280 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
282 /* Read Voice Setting */
283 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
285 /* Read Number of Supported IAC */
286 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
288 /* Read Current IAC LAP */
289 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
291 /* Clear Event Filters */
292 flt_type = HCI_FLT_CLEAR_ALL;
293 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
295 /* Connection accept timeout ~20 secs */
296 param = cpu_to_le16(0x7d00);
297 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
300 static void le_setup(struct hci_request *req)
302 struct hci_dev *hdev = req->hdev;
304 /* Read LE Buffer Size */
305 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
307 /* Read LE Local Supported Features */
308 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
310 /* Read LE Supported States */
311 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
313 /* LE-only controllers have LE implicitly enabled */
314 if (!lmp_bredr_capable(hdev))
315 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
318 static void hci_setup_event_mask(struct hci_request *req)
320 struct hci_dev *hdev = req->hdev;
322 /* The second byte is 0xff instead of 0x9f (two reserved bits
323 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
326 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
328 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
329 * any event mask for pre 1.2 devices.
331 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
334 if (lmp_bredr_capable(hdev)) {
335 events[4] |= 0x01; /* Flow Specification Complete */
337 /* Use a different default for LE-only devices */
338 memset(events, 0, sizeof(events));
339 events[1] |= 0x20; /* Command Complete */
340 events[1] |= 0x40; /* Command Status */
341 events[1] |= 0x80; /* Hardware Error */
343 /* If the controller supports the Disconnect command, enable
344 * the corresponding event. In addition enable packet flow
345 * control related events.
347 if (hdev->commands[0] & 0x20) {
348 events[0] |= 0x10; /* Disconnection Complete */
349 events[2] |= 0x04; /* Number of Completed Packets */
350 events[3] |= 0x02; /* Data Buffer Overflow */
353 /* If the controller supports the Read Remote Version
354 * Information command, enable the corresponding event.
356 if (hdev->commands[2] & 0x80)
357 events[1] |= 0x08; /* Read Remote Version Information
361 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
362 events[0] |= 0x80; /* Encryption Change */
363 events[5] |= 0x80; /* Encryption Key Refresh Complete */
367 if (lmp_inq_rssi_capable(hdev) ||
368 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks))
369 events[4] |= 0x02; /* Inquiry Result with RSSI */
371 if (lmp_ext_feat_capable(hdev))
372 events[4] |= 0x04; /* Read Remote Extended Features Complete */
374 if (lmp_esco_capable(hdev)) {
375 events[5] |= 0x08; /* Synchronous Connection Complete */
376 events[5] |= 0x10; /* Synchronous Connection Changed */
379 if (lmp_sniffsubr_capable(hdev))
380 events[5] |= 0x20; /* Sniff Subrating */
382 if (lmp_pause_enc_capable(hdev))
383 events[5] |= 0x80; /* Encryption Key Refresh Complete */
385 if (lmp_ext_inq_capable(hdev))
386 events[5] |= 0x40; /* Extended Inquiry Result */
388 if (lmp_no_flush_capable(hdev))
389 events[7] |= 0x01; /* Enhanced Flush Complete */
391 if (lmp_lsto_capable(hdev))
392 events[6] |= 0x80; /* Link Supervision Timeout Changed */
394 if (lmp_ssp_capable(hdev)) {
395 events[6] |= 0x01; /* IO Capability Request */
396 events[6] |= 0x02; /* IO Capability Response */
397 events[6] |= 0x04; /* User Confirmation Request */
398 events[6] |= 0x08; /* User Passkey Request */
399 events[6] |= 0x10; /* Remote OOB Data Request */
400 events[6] |= 0x20; /* Simple Pairing Complete */
401 events[7] |= 0x04; /* User Passkey Notification */
402 events[7] |= 0x08; /* Keypress Notification */
403 events[7] |= 0x10; /* Remote Host Supported
404 * Features Notification
408 if (lmp_le_capable(hdev))
409 events[7] |= 0x20; /* LE Meta-Event */
411 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
414 static int hci_init2_req(struct hci_request *req, unsigned long opt)
416 struct hci_dev *hdev = req->hdev;
418 if (hdev->dev_type == HCI_AMP)
419 return amp_init2(req);
421 if (lmp_bredr_capable(hdev))
424 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
426 if (lmp_le_capable(hdev))
429 /* All Bluetooth 1.2 and later controllers should support the
430 * HCI command for reading the local supported commands.
432 * Unfortunately some controllers indicate Bluetooth 1.2 support,
433 * but do not have support for this command. If that is the case,
434 * the driver can quirk the behavior and skip reading the local
435 * supported commands.
437 if (hdev->hci_ver > BLUETOOTH_VER_1_1 &&
438 !test_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks))
439 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
441 if (lmp_ssp_capable(hdev)) {
442 /* When SSP is available, then the host features page
443 * should also be available as well. However some
444 * controllers list the max_page as 0 as long as SSP
445 * has not been enabled. To achieve proper debugging
446 * output, force the minimum max_page to 1 at least.
448 hdev->max_page = 0x01;
450 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
453 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
454 sizeof(mode), &mode);
456 struct hci_cp_write_eir cp;
458 memset(hdev->eir, 0, sizeof(hdev->eir));
459 memset(&cp, 0, sizeof(cp));
461 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
465 if (lmp_inq_rssi_capable(hdev) ||
466 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks)) {
469 /* If Extended Inquiry Result events are supported, then
470 * they are clearly preferred over Inquiry Result with RSSI
473 mode = lmp_ext_inq_capable(hdev) ? 0x02 : 0x01;
475 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
478 if (lmp_inq_tx_pwr_capable(hdev))
479 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
481 if (lmp_ext_feat_capable(hdev)) {
482 struct hci_cp_read_local_ext_features cp;
485 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
489 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
491 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
498 static void hci_setup_link_policy(struct hci_request *req)
500 struct hci_dev *hdev = req->hdev;
501 struct hci_cp_write_def_link_policy cp;
504 if (lmp_rswitch_capable(hdev))
505 link_policy |= HCI_LP_RSWITCH;
506 if (lmp_hold_capable(hdev))
507 link_policy |= HCI_LP_HOLD;
508 if (lmp_sniff_capable(hdev))
509 link_policy |= HCI_LP_SNIFF;
510 if (lmp_park_capable(hdev))
511 link_policy |= HCI_LP_PARK;
513 cp.policy = cpu_to_le16(link_policy);
514 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
517 static void hci_set_le_support(struct hci_request *req)
519 struct hci_dev *hdev = req->hdev;
520 struct hci_cp_write_le_host_supported cp;
522 /* LE-only devices do not support explicit enablement */
523 if (!lmp_bredr_capable(hdev))
526 memset(&cp, 0, sizeof(cp));
528 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
533 if (cp.le != lmp_host_le_capable(hdev))
534 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
538 static void hci_set_event_mask_page_2(struct hci_request *req)
540 struct hci_dev *hdev = req->hdev;
541 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
542 bool changed = false;
544 /* If Connectionless Slave Broadcast master role is supported
545 * enable all necessary events for it.
547 if (lmp_csb_master_capable(hdev)) {
548 events[1] |= 0x40; /* Triggered Clock Capture */
549 events[1] |= 0x80; /* Synchronization Train Complete */
550 events[2] |= 0x10; /* Slave Page Response Timeout */
551 events[2] |= 0x20; /* CSB Channel Map Change */
555 /* If Connectionless Slave Broadcast slave role is supported
556 * enable all necessary events for it.
558 if (lmp_csb_slave_capable(hdev)) {
559 events[2] |= 0x01; /* Synchronization Train Received */
560 events[2] |= 0x02; /* CSB Receive */
561 events[2] |= 0x04; /* CSB Timeout */
562 events[2] |= 0x08; /* Truncated Page Complete */
566 /* Enable Authenticated Payload Timeout Expired event if supported */
567 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING) {
572 /* Some Broadcom based controllers indicate support for Set Event
573 * Mask Page 2 command, but then actually do not support it. Since
574 * the default value is all bits set to zero, the command is only
575 * required if the event mask has to be changed. In case no change
576 * to the event mask is needed, skip this command.
579 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2,
580 sizeof(events), events);
583 static int hci_init3_req(struct hci_request *req, unsigned long opt)
585 struct hci_dev *hdev = req->hdev;
588 hci_setup_event_mask(req);
590 if (hdev->commands[6] & 0x20 &&
591 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
592 struct hci_cp_read_stored_link_key cp;
594 bacpy(&cp.bdaddr, BDADDR_ANY);
596 hci_req_add(req, HCI_OP_READ_STORED_LINK_KEY, sizeof(cp), &cp);
599 if (hdev->commands[5] & 0x10)
600 hci_setup_link_policy(req);
602 if (hdev->commands[8] & 0x01)
603 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
605 /* Some older Broadcom based Bluetooth 1.2 controllers do not
606 * support the Read Page Scan Type command. Check support for
607 * this command in the bit mask of supported commands.
609 if (hdev->commands[13] & 0x01)
610 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
612 if (lmp_le_capable(hdev)) {
615 memset(events, 0, sizeof(events));
617 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
618 events[0] |= 0x10; /* LE Long Term Key Request */
620 /* If controller supports the Connection Parameters Request
621 * Link Layer Procedure, enable the corresponding event.
623 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
624 events[0] |= 0x20; /* LE Remote Connection
628 /* If the controller supports the Data Length Extension
629 * feature, enable the corresponding event.
631 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT)
632 events[0] |= 0x40; /* LE Data Length Change */
634 /* If the controller supports Extended Scanner Filter
635 * Policies, enable the correspondig event.
637 if (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)
638 events[1] |= 0x04; /* LE Direct Advertising
642 /* If the controller supports Channel Selection Algorithm #2
643 * feature, enable the corresponding event.
645 if (hdev->le_features[1] & HCI_LE_CHAN_SEL_ALG2)
646 events[2] |= 0x08; /* LE Channel Selection
650 /* If the controller supports the LE Set Scan Enable command,
651 * enable the corresponding advertising report event.
653 if (hdev->commands[26] & 0x08)
654 events[0] |= 0x02; /* LE Advertising Report */
656 /* If the controller supports the LE Create Connection
657 * command, enable the corresponding event.
659 if (hdev->commands[26] & 0x10)
660 events[0] |= 0x01; /* LE Connection Complete */
662 /* If the controller supports the LE Connection Update
663 * command, enable the corresponding event.
665 if (hdev->commands[27] & 0x04)
666 events[0] |= 0x04; /* LE Connection Update
670 /* If the controller supports the LE Read Remote Used Features
671 * command, enable the corresponding event.
673 if (hdev->commands[27] & 0x20)
674 events[0] |= 0x08; /* LE Read Remote Used
678 /* If the controller supports the LE Read Local P-256
679 * Public Key command, enable the corresponding event.
681 if (hdev->commands[34] & 0x02)
682 events[0] |= 0x80; /* LE Read Local P-256
683 * Public Key Complete
686 /* If the controller supports the LE Generate DHKey
687 * command, enable the corresponding event.
689 if (hdev->commands[34] & 0x04)
690 events[1] |= 0x01; /* LE Generate DHKey Complete */
692 /* If the controller supports the LE Set Default PHY or
693 * LE Set PHY commands, enable the corresponding event.
695 if (hdev->commands[35] & (0x20 | 0x40))
696 events[1] |= 0x08; /* LE PHY Update Complete */
698 /* If the controller supports LE Set Extended Scan Parameters
699 * and LE Set Extended Scan Enable commands, enable the
700 * corresponding event.
702 if (use_ext_scan(hdev))
703 events[1] |= 0x10; /* LE Extended Advertising
707 /* If the controller supports the LE Extended Create Connection
708 * command, enable the corresponding event.
710 if (use_ext_conn(hdev))
711 events[1] |= 0x02; /* LE Enhanced Connection
715 /* If the controller supports the LE Extended Advertising
716 * command, enable the corresponding event.
718 if (ext_adv_capable(hdev))
719 events[2] |= 0x02; /* LE Advertising Set
723 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
726 /* Read LE Advertising Channel TX Power */
727 if ((hdev->commands[25] & 0x40) && !ext_adv_capable(hdev)) {
728 /* HCI TS spec forbids mixing of legacy and extended
729 * advertising commands wherein READ_ADV_TX_POWER is
730 * also included. So do not call it if extended adv
731 * is supported otherwise controller will return
732 * COMMAND_DISALLOWED for extended commands.
734 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
737 if (hdev->commands[26] & 0x40) {
738 /* Read LE White List Size */
739 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE,
743 if (hdev->commands[26] & 0x80) {
744 /* Clear LE White List */
745 hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
748 if (hdev->commands[34] & 0x40) {
749 /* Read LE Resolving List Size */
750 hci_req_add(req, HCI_OP_LE_READ_RESOLV_LIST_SIZE,
754 if (hdev->commands[34] & 0x20) {
755 /* Clear LE Resolving List */
756 hci_req_add(req, HCI_OP_LE_CLEAR_RESOLV_LIST, 0, NULL);
759 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
760 /* Read LE Maximum Data Length */
761 hci_req_add(req, HCI_OP_LE_READ_MAX_DATA_LEN, 0, NULL);
763 /* Read LE Suggested Default Data Length */
764 hci_req_add(req, HCI_OP_LE_READ_DEF_DATA_LEN, 0, NULL);
767 if (ext_adv_capable(hdev)) {
768 /* Read LE Number of Supported Advertising Sets */
769 hci_req_add(req, HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS,
773 hci_set_le_support(req);
776 /* Read features beyond page 1 if available */
777 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
778 struct hci_cp_read_local_ext_features cp;
781 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
788 static int hci_init4_req(struct hci_request *req, unsigned long opt)
790 struct hci_dev *hdev = req->hdev;
792 /* Some Broadcom based Bluetooth controllers do not support the
793 * Delete Stored Link Key command. They are clearly indicating its
794 * absence in the bit mask of supported commands.
796 * Check the supported commands and only if the the command is marked
797 * as supported send it. If not supported assume that the controller
798 * does not have actual support for stored link keys which makes this
799 * command redundant anyway.
801 * Some controllers indicate that they support handling deleting
802 * stored link keys, but they don't. The quirk lets a driver
803 * just disable this command.
805 if (hdev->commands[6] & 0x80 &&
806 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
807 struct hci_cp_delete_stored_link_key cp;
809 bacpy(&cp.bdaddr, BDADDR_ANY);
810 cp.delete_all = 0x01;
811 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
815 /* Set event mask page 2 if the HCI command for it is supported */
816 if (hdev->commands[22] & 0x04)
817 hci_set_event_mask_page_2(req);
819 /* Read local codec list if the HCI command is supported */
820 if (hdev->commands[29] & 0x20)
821 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
823 /* Get MWS transport configuration if the HCI command is supported */
824 if (hdev->commands[30] & 0x08)
825 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
827 /* Check for Synchronization Train support */
828 if (lmp_sync_train_capable(hdev))
829 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
831 /* Enable Secure Connections if supported and configured */
832 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
833 bredr_sc_enabled(hdev)) {
836 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
837 sizeof(support), &support);
840 /* Set Suggested Default Data Length to maximum if supported */
841 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
842 struct hci_cp_le_write_def_data_len cp;
844 cp.tx_len = cpu_to_le16(hdev->le_max_tx_len);
845 cp.tx_time = cpu_to_le16(hdev->le_max_tx_time);
846 hci_req_add(req, HCI_OP_LE_WRITE_DEF_DATA_LEN, sizeof(cp), &cp);
849 /* Set Default PHY parameters if command is supported */
850 if (hdev->commands[35] & 0x20) {
851 struct hci_cp_le_set_default_phy cp;
854 cp.tx_phys = hdev->le_tx_def_phys;
855 cp.rx_phys = hdev->le_rx_def_phys;
857 hci_req_add(req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp), &cp);
863 static int __hci_init(struct hci_dev *hdev)
867 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT, NULL);
871 if (hci_dev_test_flag(hdev, HCI_SETUP))
872 hci_debugfs_create_basic(hdev);
874 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT, NULL);
878 /* HCI_PRIMARY covers both single-mode LE, BR/EDR and dual-mode
879 * BR/EDR/LE type controllers. AMP controllers only need the
880 * first two stages of init.
882 if (hdev->dev_type != HCI_PRIMARY)
885 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT, NULL);
889 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT, NULL);
893 /* This function is only called when the controller is actually in
894 * configured state. When the controller is marked as unconfigured,
895 * this initialization procedure is not run.
897 * It means that it is possible that a controller runs through its
898 * setup phase and then discovers missing settings. If that is the
899 * case, then this function will not be called. It then will only
900 * be called during the config phase.
902 * So only when in setup phase or config phase, create the debugfs
903 * entries and register the SMP channels.
905 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
906 !hci_dev_test_flag(hdev, HCI_CONFIG))
909 hci_debugfs_create_common(hdev);
911 if (lmp_bredr_capable(hdev))
912 hci_debugfs_create_bredr(hdev);
914 if (lmp_le_capable(hdev))
915 hci_debugfs_create_le(hdev);
920 static int hci_init0_req(struct hci_request *req, unsigned long opt)
922 struct hci_dev *hdev = req->hdev;
924 BT_DBG("%s %ld", hdev->name, opt);
927 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
928 hci_reset_req(req, 0);
930 /* Read Local Version */
931 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
933 /* Read BD Address */
934 if (hdev->set_bdaddr)
935 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
940 static int __hci_unconf_init(struct hci_dev *hdev)
944 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
947 err = __hci_req_sync(hdev, hci_init0_req, 0, HCI_INIT_TIMEOUT, NULL);
951 if (hci_dev_test_flag(hdev, HCI_SETUP))
952 hci_debugfs_create_basic(hdev);
957 static int hci_scan_req(struct hci_request *req, unsigned long opt)
961 BT_DBG("%s %x", req->hdev->name, scan);
963 /* Inquiry and Page scans */
964 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
968 static int hci_auth_req(struct hci_request *req, unsigned long opt)
972 BT_DBG("%s %x", req->hdev->name, auth);
975 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
979 static int hci_encrypt_req(struct hci_request *req, unsigned long opt)
983 BT_DBG("%s %x", req->hdev->name, encrypt);
986 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
990 static int hci_linkpol_req(struct hci_request *req, unsigned long opt)
992 __le16 policy = cpu_to_le16(opt);
994 BT_DBG("%s %x", req->hdev->name, policy);
996 /* Default link policy */
997 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
1001 /* Get HCI device by index.
1002 * Device is held on return. */
1003 struct hci_dev *hci_dev_get(int index)
1005 struct hci_dev *hdev = NULL, *d;
1007 BT_DBG("%d", index);
1012 read_lock(&hci_dev_list_lock);
1013 list_for_each_entry(d, &hci_dev_list, list) {
1014 if (d->id == index) {
1015 hdev = hci_dev_hold(d);
1019 read_unlock(&hci_dev_list_lock);
1023 /* ---- Inquiry support ---- */
1025 bool hci_discovery_active(struct hci_dev *hdev)
1027 struct discovery_state *discov = &hdev->discovery;
1029 switch (discov->state) {
1030 case DISCOVERY_FINDING:
1031 case DISCOVERY_RESOLVING:
1039 void hci_discovery_set_state(struct hci_dev *hdev, int state)
1041 int old_state = hdev->discovery.state;
1043 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
1045 if (old_state == state)
1048 hdev->discovery.state = state;
1051 case DISCOVERY_STOPPED:
1052 hci_update_background_scan(hdev);
1054 if (old_state != DISCOVERY_STARTING)
1055 mgmt_discovering(hdev, 0);
1057 case DISCOVERY_STARTING:
1059 case DISCOVERY_FINDING:
1060 mgmt_discovering(hdev, 1);
1062 case DISCOVERY_RESOLVING:
1064 case DISCOVERY_STOPPING:
1070 bool hci_le_discovery_active(struct hci_dev *hdev)
1072 struct discovery_state *discov = &hdev->le_discovery;
1074 switch (discov->state) {
1075 case DISCOVERY_FINDING:
1076 case DISCOVERY_RESOLVING:
1084 void hci_le_discovery_set_state(struct hci_dev *hdev, int state)
1086 BT_DBG("%s state %u -> %u", hdev->name,
1087 hdev->le_discovery.state, state);
1089 if (hdev->le_discovery.state == state)
1093 case DISCOVERY_STOPPED:
1094 hci_update_background_scan(hdev);
1096 if (hdev->le_discovery.state != DISCOVERY_STARTING)
1097 mgmt_le_discovering(hdev, 0);
1099 case DISCOVERY_STARTING:
1101 case DISCOVERY_FINDING:
1102 mgmt_le_discovering(hdev, 1);
1104 case DISCOVERY_RESOLVING:
1106 case DISCOVERY_STOPPING:
1110 hdev->le_discovery.state = state;
1113 static void hci_tx_timeout_error_evt(struct hci_dev *hdev)
1115 BT_ERR("%s H/W TX Timeout error", hdev->name);
1117 mgmt_tx_timeout_error(hdev);
1121 void hci_inquiry_cache_flush(struct hci_dev *hdev)
1123 struct discovery_state *cache = &hdev->discovery;
1124 struct inquiry_entry *p, *n;
1126 list_for_each_entry_safe(p, n, &cache->all, all) {
1131 INIT_LIST_HEAD(&cache->unknown);
1132 INIT_LIST_HEAD(&cache->resolve);
1135 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
1138 struct discovery_state *cache = &hdev->discovery;
1139 struct inquiry_entry *e;
1141 BT_DBG("cache %p, %pMR", cache, bdaddr);
1143 list_for_each_entry(e, &cache->all, all) {
1144 if (!bacmp(&e->data.bdaddr, bdaddr))
1151 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
1154 struct discovery_state *cache = &hdev->discovery;
1155 struct inquiry_entry *e;
1157 BT_DBG("cache %p, %pMR", cache, bdaddr);
1159 list_for_each_entry(e, &cache->unknown, list) {
1160 if (!bacmp(&e->data.bdaddr, bdaddr))
1167 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
1171 struct discovery_state *cache = &hdev->discovery;
1172 struct inquiry_entry *e;
1174 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
1176 list_for_each_entry(e, &cache->resolve, list) {
1177 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
1179 if (!bacmp(&e->data.bdaddr, bdaddr))
1186 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
1187 struct inquiry_entry *ie)
1189 struct discovery_state *cache = &hdev->discovery;
1190 struct list_head *pos = &cache->resolve;
1191 struct inquiry_entry *p;
1193 list_del(&ie->list);
1195 list_for_each_entry(p, &cache->resolve, list) {
1196 if (p->name_state != NAME_PENDING &&
1197 abs(p->data.rssi) >= abs(ie->data.rssi))
1202 list_add(&ie->list, pos);
1205 u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
1208 struct discovery_state *cache = &hdev->discovery;
1209 struct inquiry_entry *ie;
1212 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
1214 hci_remove_remote_oob_data(hdev, &data->bdaddr, BDADDR_BREDR);
1216 if (!data->ssp_mode)
1217 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1219 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
1221 if (!ie->data.ssp_mode)
1222 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1224 if (ie->name_state == NAME_NEEDED &&
1225 data->rssi != ie->data.rssi) {
1226 ie->data.rssi = data->rssi;
1227 hci_inquiry_cache_update_resolve(hdev, ie);
1233 /* Entry not in the cache. Add new one. */
1234 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
1236 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1240 list_add(&ie->all, &cache->all);
1243 ie->name_state = NAME_KNOWN;
1245 ie->name_state = NAME_NOT_KNOWN;
1246 list_add(&ie->list, &cache->unknown);
1250 if (name_known && ie->name_state != NAME_KNOWN &&
1251 ie->name_state != NAME_PENDING) {
1252 ie->name_state = NAME_KNOWN;
1253 list_del(&ie->list);
1256 memcpy(&ie->data, data, sizeof(*data));
1257 ie->timestamp = jiffies;
1258 cache->timestamp = jiffies;
1260 if (ie->name_state == NAME_NOT_KNOWN)
1261 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1267 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
1269 struct discovery_state *cache = &hdev->discovery;
1270 struct inquiry_info *info = (struct inquiry_info *) buf;
1271 struct inquiry_entry *e;
1274 list_for_each_entry(e, &cache->all, all) {
1275 struct inquiry_data *data = &e->data;
1280 bacpy(&info->bdaddr, &data->bdaddr);
1281 info->pscan_rep_mode = data->pscan_rep_mode;
1282 info->pscan_period_mode = data->pscan_period_mode;
1283 info->pscan_mode = data->pscan_mode;
1284 memcpy(info->dev_class, data->dev_class, 3);
1285 info->clock_offset = data->clock_offset;
1291 BT_DBG("cache %p, copied %d", cache, copied);
1295 static int hci_inq_req(struct hci_request *req, unsigned long opt)
1297 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
1298 struct hci_dev *hdev = req->hdev;
1299 struct hci_cp_inquiry cp;
1301 BT_DBG("%s", hdev->name);
1303 if (test_bit(HCI_INQUIRY, &hdev->flags))
1307 memcpy(&cp.lap, &ir->lap, 3);
1308 cp.length = ir->length;
1309 cp.num_rsp = ir->num_rsp;
1310 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
1315 int hci_inquiry(void __user *arg)
1317 __u8 __user *ptr = arg;
1318 struct hci_inquiry_req ir;
1319 struct hci_dev *hdev;
1320 int err = 0, do_inquiry = 0, max_rsp;
1324 if (copy_from_user(&ir, ptr, sizeof(ir)))
1327 hdev = hci_dev_get(ir.dev_id);
1331 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1336 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1341 if (hdev->dev_type != HCI_PRIMARY) {
1346 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1352 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
1353 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
1354 hci_inquiry_cache_flush(hdev);
1357 hci_dev_unlock(hdev);
1359 timeo = ir.length * msecs_to_jiffies(2000);
1362 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
1367 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
1368 * cleared). If it is interrupted by a signal, return -EINTR.
1370 if (wait_on_bit(&hdev->flags, HCI_INQUIRY,
1371 TASK_INTERRUPTIBLE))
1375 /* for unlimited number of responses we will use buffer with
1378 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
1380 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
1381 * copy it to the user space.
1383 buf = kmalloc_array(max_rsp, sizeof(struct inquiry_info), GFP_KERNEL);
1390 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
1391 hci_dev_unlock(hdev);
1393 BT_DBG("num_rsp %d", ir.num_rsp);
1395 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
1397 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
1410 static int hci_dev_do_open(struct hci_dev *hdev)
1414 BT_DBG("%s %p", hdev->name, hdev);
1416 hci_req_sync_lock(hdev);
1418 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) {
1423 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1424 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
1425 /* Check for rfkill but allow the HCI setup stage to
1426 * proceed (which in itself doesn't cause any RF activity).
1428 if (hci_dev_test_flag(hdev, HCI_RFKILLED)) {
1433 /* Check for valid public address or a configured static
1434 * random adddress, but let the HCI setup proceed to
1435 * be able to determine if there is a public address
1438 * In case of user channel usage, it is not important
1439 * if a public address or static random address is
1442 * This check is only valid for BR/EDR controllers
1443 * since AMP controllers do not have an address.
1445 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1446 hdev->dev_type == HCI_PRIMARY &&
1447 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
1448 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
1449 ret = -EADDRNOTAVAIL;
1454 if (test_bit(HCI_UP, &hdev->flags)) {
1459 if (hdev->open(hdev)) {
1464 set_bit(HCI_RUNNING, &hdev->flags);
1465 hci_sock_dev_event(hdev, HCI_DEV_OPEN);
1467 atomic_set(&hdev->cmd_cnt, 1);
1468 set_bit(HCI_INIT, &hdev->flags);
1470 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
1471 test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks)) {
1472 hci_sock_dev_event(hdev, HCI_DEV_SETUP);
1475 ret = hdev->setup(hdev);
1477 /* The transport driver can set these quirks before
1478 * creating the HCI device or in its setup callback.
1480 * In case any of them is set, the controller has to
1481 * start up as unconfigured.
1483 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
1484 test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks))
1485 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
1487 /* For an unconfigured controller it is required to
1488 * read at least the version information provided by
1489 * the Read Local Version Information command.
1491 * If the set_bdaddr driver callback is provided, then
1492 * also the original Bluetooth public device address
1493 * will be read using the Read BD Address command.
1495 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
1496 ret = __hci_unconf_init(hdev);
1499 if (hci_dev_test_flag(hdev, HCI_CONFIG)) {
1500 /* If public address change is configured, ensure that
1501 * the address gets programmed. If the driver does not
1502 * support changing the public address, fail the power
1505 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
1507 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
1509 ret = -EADDRNOTAVAIL;
1513 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1514 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1515 ret = __hci_init(hdev);
1516 if (!ret && hdev->post_init)
1517 ret = hdev->post_init(hdev);
1521 /* If the HCI Reset command is clearing all diagnostic settings,
1522 * then they need to be reprogrammed after the init procedure
1525 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
1526 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1527 hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) && hdev->set_diag)
1528 ret = hdev->set_diag(hdev, true);
1530 clear_bit(HCI_INIT, &hdev->flags);
1534 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1535 hci_adv_instances_set_rpa_expired(hdev, true);
1536 set_bit(HCI_UP, &hdev->flags);
1537 hci_sock_dev_event(hdev, HCI_DEV_UP);
1538 hci_leds_update_powered(hdev, true);
1539 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1540 !hci_dev_test_flag(hdev, HCI_CONFIG) &&
1541 !hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1542 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1543 hci_dev_test_flag(hdev, HCI_MGMT) &&
1544 hdev->dev_type == HCI_PRIMARY) {
1545 ret = __hci_req_hci_power_on(hdev);
1546 mgmt_power_on(hdev, ret);
1549 /* Init failed, cleanup */
1550 flush_work(&hdev->tx_work);
1551 flush_work(&hdev->cmd_work);
1552 flush_work(&hdev->rx_work);
1554 skb_queue_purge(&hdev->cmd_q);
1555 skb_queue_purge(&hdev->rx_q);
1560 if (hdev->sent_cmd) {
1561 kfree_skb(hdev->sent_cmd);
1562 hdev->sent_cmd = NULL;
1565 clear_bit(HCI_RUNNING, &hdev->flags);
1566 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
1569 hdev->flags &= BIT(HCI_RAW);
1573 hci_req_sync_unlock(hdev);
1577 /* ---- HCI ioctl helpers ---- */
1579 int hci_dev_open(__u16 dev)
1581 struct hci_dev *hdev;
1584 hdev = hci_dev_get(dev);
1588 /* Devices that are marked as unconfigured can only be powered
1589 * up as user channel. Trying to bring them up as normal devices
1590 * will result into a failure. Only user channel operation is
1593 * When this function is called for a user channel, the flag
1594 * HCI_USER_CHANNEL will be set first before attempting to
1597 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1598 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1603 /* We need to ensure that no other power on/off work is pending
1604 * before proceeding to call hci_dev_do_open. This is
1605 * particularly important if the setup procedure has not yet
1608 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1609 cancel_delayed_work(&hdev->power_off);
1611 /* After this call it is guaranteed that the setup procedure
1612 * has finished. This means that error conditions like RFKILL
1613 * or no valid public or static random address apply.
1615 flush_workqueue(hdev->req_workqueue);
1617 /* For controllers not using the management interface and that
1618 * are brought up using legacy ioctl, set the HCI_BONDABLE bit
1619 * so that pairing works for them. Once the management interface
1620 * is in use this bit will be cleared again and userspace has
1621 * to explicitly enable it.
1623 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1624 !hci_dev_test_flag(hdev, HCI_MGMT))
1625 hci_dev_set_flag(hdev, HCI_BONDABLE);
1627 err = hci_dev_do_open(hdev);
1634 /* This function requires the caller holds hdev->lock */
1635 static void hci_pend_le_actions_clear(struct hci_dev *hdev)
1637 struct hci_conn_params *p;
1639 list_for_each_entry(p, &hdev->le_conn_params, list) {
1641 hci_conn_drop(p->conn);
1642 hci_conn_put(p->conn);
1645 list_del_init(&p->action);
1648 BT_DBG("All LE pending actions cleared");
1651 int hci_dev_do_close(struct hci_dev *hdev)
1655 BT_DBG("%s %p", hdev->name, hdev);
1657 if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) &&
1658 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1659 test_bit(HCI_UP, &hdev->flags)) {
1660 /* Execute vendor specific shutdown routine */
1662 hdev->shutdown(hdev);
1665 cancel_delayed_work(&hdev->power_off);
1667 hci_request_cancel_all(hdev);
1668 hci_req_sync_lock(hdev);
1670 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
1671 cancel_delayed_work_sync(&hdev->cmd_timer);
1672 hci_req_sync_unlock(hdev);
1676 hci_leds_update_powered(hdev, false);
1678 /* Flush RX and TX works */
1679 flush_work(&hdev->tx_work);
1680 flush_work(&hdev->rx_work);
1682 if (hdev->discov_timeout > 0) {
1683 hdev->discov_timeout = 0;
1684 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1685 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1688 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1689 cancel_delayed_work(&hdev->service_cache);
1691 if (hci_dev_test_flag(hdev, HCI_MGMT)) {
1692 struct adv_info *adv_instance;
1694 cancel_delayed_work_sync(&hdev->rpa_expired);
1696 list_for_each_entry(adv_instance, &hdev->adv_instances, list)
1697 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
1700 /* Avoid potential lockdep warnings from the *_flush() calls by
1701 * ensuring the workqueue is empty up front.
1703 drain_workqueue(hdev->workqueue);
1707 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1709 auto_off = hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF);
1711 if (!auto_off && hdev->dev_type == HCI_PRIMARY &&
1712 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1713 hci_dev_test_flag(hdev, HCI_MGMT))
1714 __mgmt_power_off(hdev);
1716 hci_inquiry_cache_flush(hdev);
1717 hci_pend_le_actions_clear(hdev);
1718 hci_conn_hash_flush(hdev);
1719 hci_dev_unlock(hdev);
1721 smp_unregister(hdev);
1723 hci_sock_dev_event(hdev, HCI_DEV_DOWN);
1729 skb_queue_purge(&hdev->cmd_q);
1730 atomic_set(&hdev->cmd_cnt, 1);
1731 if (test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks) &&
1732 !auto_off && !hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1733 set_bit(HCI_INIT, &hdev->flags);
1734 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT, NULL);
1735 clear_bit(HCI_INIT, &hdev->flags);
1738 /* flush cmd work */
1739 flush_work(&hdev->cmd_work);
1742 skb_queue_purge(&hdev->rx_q);
1743 skb_queue_purge(&hdev->cmd_q);
1744 skb_queue_purge(&hdev->raw_q);
1746 /* Drop last sent command */
1747 if (hdev->sent_cmd) {
1748 cancel_delayed_work_sync(&hdev->cmd_timer);
1749 kfree_skb(hdev->sent_cmd);
1750 hdev->sent_cmd = NULL;
1753 clear_bit(HCI_RUNNING, &hdev->flags);
1754 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
1756 /* After this point our queues are empty
1757 * and no tasks are scheduled. */
1761 hdev->flags &= BIT(HCI_RAW);
1762 hci_dev_clear_volatile_flags(hdev);
1764 /* Controller radio is available but is currently powered down */
1765 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
1767 memset(hdev->eir, 0, sizeof(hdev->eir));
1768 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
1769 bacpy(&hdev->random_addr, BDADDR_ANY);
1771 hci_req_sync_unlock(hdev);
1777 int hci_dev_close(__u16 dev)
1779 struct hci_dev *hdev;
1782 hdev = hci_dev_get(dev);
1786 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1791 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1792 cancel_delayed_work(&hdev->power_off);
1794 err = hci_dev_do_close(hdev);
1801 static int hci_dev_do_reset(struct hci_dev *hdev)
1805 BT_DBG("%s %p", hdev->name, hdev);
1807 hci_req_sync_lock(hdev);
1810 skb_queue_purge(&hdev->rx_q);
1811 skb_queue_purge(&hdev->cmd_q);
1813 /* Avoid potential lockdep warnings from the *_flush() calls by
1814 * ensuring the workqueue is empty up front.
1816 drain_workqueue(hdev->workqueue);
1819 hci_inquiry_cache_flush(hdev);
1820 hci_conn_hash_flush(hdev);
1821 hci_dev_unlock(hdev);
1826 atomic_set(&hdev->cmd_cnt, 1);
1827 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
1829 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT, NULL);
1831 hci_req_sync_unlock(hdev);
1835 int hci_dev_reset(__u16 dev)
1837 struct hci_dev *hdev;
1840 hdev = hci_dev_get(dev);
1844 if (!test_bit(HCI_UP, &hdev->flags)) {
1849 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1854 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1859 err = hci_dev_do_reset(hdev);
1866 int hci_dev_reset_stat(__u16 dev)
1868 struct hci_dev *hdev;
1871 hdev = hci_dev_get(dev);
1875 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1880 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1885 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1892 static void hci_update_scan_state(struct hci_dev *hdev, u8 scan)
1894 bool conn_changed, discov_changed;
1896 BT_DBG("%s scan 0x%02x", hdev->name, scan);
1898 if ((scan & SCAN_PAGE))
1899 conn_changed = !hci_dev_test_and_set_flag(hdev,
1902 conn_changed = hci_dev_test_and_clear_flag(hdev,
1905 if ((scan & SCAN_INQUIRY)) {
1906 discov_changed = !hci_dev_test_and_set_flag(hdev,
1909 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1910 discov_changed = hci_dev_test_and_clear_flag(hdev,
1914 if (!hci_dev_test_flag(hdev, HCI_MGMT))
1917 if (conn_changed || discov_changed) {
1918 /* In case this was disabled through mgmt */
1919 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
1921 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1922 hci_req_update_adv_data(hdev, hdev->cur_adv_instance);
1924 mgmt_new_settings(hdev);
1928 int hci_dev_cmd(unsigned int cmd, void __user *arg)
1930 struct hci_dev *hdev;
1931 struct hci_dev_req dr;
1934 if (copy_from_user(&dr, arg, sizeof(dr)))
1937 hdev = hci_dev_get(dr.dev_id);
1941 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1946 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1951 if (hdev->dev_type != HCI_PRIMARY) {
1956 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1963 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1964 HCI_INIT_TIMEOUT, NULL);
1968 if (!lmp_encrypt_capable(hdev)) {
1973 if (!test_bit(HCI_AUTH, &hdev->flags)) {
1974 /* Auth must be enabled first */
1975 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1976 HCI_INIT_TIMEOUT, NULL);
1981 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
1982 HCI_INIT_TIMEOUT, NULL);
1986 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
1987 HCI_INIT_TIMEOUT, NULL);
1989 /* Ensure that the connectable and discoverable states
1990 * get correctly modified as this was a non-mgmt change.
1993 hci_update_scan_state(hdev, dr.dev_opt);
1997 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
1998 HCI_INIT_TIMEOUT, NULL);
2001 case HCISETLINKMODE:
2002 hdev->link_mode = ((__u16) dr.dev_opt) &
2003 (HCI_LM_MASTER | HCI_LM_ACCEPT);
2007 if (hdev->pkt_type == (__u16) dr.dev_opt)
2010 hdev->pkt_type = (__u16) dr.dev_opt;
2011 mgmt_phy_configuration_changed(hdev, NULL);
2015 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
2016 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
2020 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
2021 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
2034 int hci_get_dev_list(void __user *arg)
2036 struct hci_dev *hdev;
2037 struct hci_dev_list_req *dl;
2038 struct hci_dev_req *dr;
2039 int n = 0, size, err;
2042 if (get_user(dev_num, (__u16 __user *) arg))
2045 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
2048 size = sizeof(*dl) + dev_num * sizeof(*dr);
2050 dl = kzalloc(size, GFP_KERNEL);
2056 read_lock(&hci_dev_list_lock);
2057 list_for_each_entry(hdev, &hci_dev_list, list) {
2058 unsigned long flags = hdev->flags;
2060 /* When the auto-off is configured it means the transport
2061 * is running, but in that case still indicate that the
2062 * device is actually down.
2064 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
2065 flags &= ~BIT(HCI_UP);
2067 (dr + n)->dev_id = hdev->id;
2068 (dr + n)->dev_opt = flags;
2073 read_unlock(&hci_dev_list_lock);
2076 size = sizeof(*dl) + n * sizeof(*dr);
2078 err = copy_to_user(arg, dl, size);
2081 return err ? -EFAULT : 0;
2084 int hci_get_dev_info(void __user *arg)
2086 struct hci_dev *hdev;
2087 struct hci_dev_info di;
2088 unsigned long flags;
2091 if (copy_from_user(&di, arg, sizeof(di)))
2094 hdev = hci_dev_get(di.dev_id);
2098 /* When the auto-off is configured it means the transport
2099 * is running, but in that case still indicate that the
2100 * device is actually down.
2102 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
2103 flags = hdev->flags & ~BIT(HCI_UP);
2105 flags = hdev->flags;
2107 strcpy(di.name, hdev->name);
2108 di.bdaddr = hdev->bdaddr;
2109 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
2111 di.pkt_type = hdev->pkt_type;
2112 if (lmp_bredr_capable(hdev)) {
2113 di.acl_mtu = hdev->acl_mtu;
2114 di.acl_pkts = hdev->acl_pkts;
2115 di.sco_mtu = hdev->sco_mtu;
2116 di.sco_pkts = hdev->sco_pkts;
2118 di.acl_mtu = hdev->le_mtu;
2119 di.acl_pkts = hdev->le_pkts;
2123 di.link_policy = hdev->link_policy;
2124 di.link_mode = hdev->link_mode;
2126 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
2127 memcpy(&di.features, &hdev->features, sizeof(di.features));
2129 if (copy_to_user(arg, &di, sizeof(di)))
2137 /* ---- Interface to HCI drivers ---- */
2139 static int hci_rfkill_set_block(void *data, bool blocked)
2141 struct hci_dev *hdev = data;
2143 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
2145 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
2149 hci_dev_set_flag(hdev, HCI_RFKILLED);
2150 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
2151 !hci_dev_test_flag(hdev, HCI_CONFIG))
2152 hci_dev_do_close(hdev);
2154 hci_dev_clear_flag(hdev, HCI_RFKILLED);
2160 static const struct rfkill_ops hci_rfkill_ops = {
2161 .set_block = hci_rfkill_set_block,
2164 static void hci_power_on(struct work_struct *work)
2166 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
2169 BT_DBG("%s", hdev->name);
2171 if (test_bit(HCI_UP, &hdev->flags) &&
2172 hci_dev_test_flag(hdev, HCI_MGMT) &&
2173 hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
2174 cancel_delayed_work(&hdev->power_off);
2175 hci_req_sync_lock(hdev);
2176 err = __hci_req_hci_power_on(hdev);
2177 hci_req_sync_unlock(hdev);
2178 mgmt_power_on(hdev, err);
2182 err = hci_dev_do_open(hdev);
2185 mgmt_set_powered_failed(hdev, err);
2186 hci_dev_unlock(hdev);
2190 /* During the HCI setup phase, a few error conditions are
2191 * ignored and they need to be checked now. If they are still
2192 * valid, it is important to turn the device back off.
2194 if (hci_dev_test_flag(hdev, HCI_RFKILLED) ||
2195 hci_dev_test_flag(hdev, HCI_UNCONFIGURED) ||
2196 (hdev->dev_type == HCI_PRIMARY &&
2197 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2198 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
2199 hci_dev_clear_flag(hdev, HCI_AUTO_OFF);
2200 hci_dev_do_close(hdev);
2201 } else if (hci_dev_test_flag(hdev, HCI_AUTO_OFF)) {
2202 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
2203 HCI_AUTO_OFF_TIMEOUT);
2206 if (hci_dev_test_and_clear_flag(hdev, HCI_SETUP)) {
2207 /* For unconfigured devices, set the HCI_RAW flag
2208 * so that userspace can easily identify them.
2210 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2211 set_bit(HCI_RAW, &hdev->flags);
2213 /* For fully configured devices, this will send
2214 * the Index Added event. For unconfigured devices,
2215 * it will send Unconfigued Index Added event.
2217 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
2218 * and no event will be send.
2220 mgmt_index_added(hdev);
2221 } else if (hci_dev_test_and_clear_flag(hdev, HCI_CONFIG)) {
2222 /* When the controller is now configured, then it
2223 * is important to clear the HCI_RAW flag.
2225 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2226 clear_bit(HCI_RAW, &hdev->flags);
2228 /* Powering on the controller with HCI_CONFIG set only
2229 * happens with the transition from unconfigured to
2230 * configured. This will send the Index Added event.
2232 mgmt_index_added(hdev);
2236 static void hci_power_off(struct work_struct *work)
2238 struct hci_dev *hdev = container_of(work, struct hci_dev,
2241 BT_DBG("%s", hdev->name);
2243 hci_dev_do_close(hdev);
2246 static void hci_error_reset(struct work_struct *work)
2248 struct hci_dev *hdev = container_of(work, struct hci_dev, error_reset);
2250 BT_DBG("%s", hdev->name);
2253 hdev->hw_error(hdev, hdev->hw_error_code);
2255 bt_dev_err(hdev, "hardware error 0x%2.2x", hdev->hw_error_code);
2257 if (hci_dev_do_close(hdev))
2260 hci_dev_do_open(hdev);
2263 void hci_uuids_clear(struct hci_dev *hdev)
2265 struct bt_uuid *uuid, *tmp;
2267 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
2268 list_del(&uuid->list);
2273 void hci_link_keys_clear(struct hci_dev *hdev)
2275 struct link_key *key;
2277 list_for_each_entry_rcu(key, &hdev->link_keys, list) {
2278 list_del_rcu(&key->list);
2279 kfree_rcu(key, rcu);
2283 void hci_smp_ltks_clear(struct hci_dev *hdev)
2287 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2288 list_del_rcu(&k->list);
2293 void hci_smp_irks_clear(struct hci_dev *hdev)
2297 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
2298 list_del_rcu(&k->list);
2303 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2308 list_for_each_entry_rcu(k, &hdev->link_keys, list) {
2309 if (bacmp(bdaddr, &k->bdaddr) == 0) {
2319 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
2320 u8 key_type, u8 old_key_type)
2323 if (key_type < 0x03)
2326 /* Debug keys are insecure so don't store them persistently */
2327 if (key_type == HCI_LK_DEBUG_COMBINATION)
2330 /* Changed combination key and there's no previous one */
2331 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
2334 /* Security mode 3 case */
2338 /* BR/EDR key derived using SC from an LE link */
2339 if (conn->type == LE_LINK)
2342 /* Neither local nor remote side had no-bonding as requirement */
2343 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
2346 /* Local side had dedicated bonding as requirement */
2347 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
2350 /* Remote side had dedicated bonding as requirement */
2351 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
2354 /* If none of the above criteria match, then don't store the key
2359 static u8 ltk_role(u8 type)
2361 if (type == SMP_LTK)
2362 return HCI_ROLE_MASTER;
2364 return HCI_ROLE_SLAVE;
2367 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2368 u8 addr_type, u8 role)
2373 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2374 if (addr_type != k->bdaddr_type || bacmp(bdaddr, &k->bdaddr))
2377 if (smp_ltk_is_sc(k) || ltk_role(k->type) == role) {
2387 struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa)
2389 struct smp_irk *irk;
2392 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2393 if (!bacmp(&irk->rpa, rpa)) {
2399 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2400 if (smp_irk_matches(hdev, irk->val, rpa)) {
2401 bacpy(&irk->rpa, rpa);
2411 struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
2414 struct smp_irk *irk;
2416 /* Identity Address must be public or static random */
2417 if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0)
2421 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2422 if (addr_type == irk->addr_type &&
2423 bacmp(bdaddr, &irk->bdaddr) == 0) {
2433 struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
2434 bdaddr_t *bdaddr, u8 *val, u8 type,
2435 u8 pin_len, bool *persistent)
2437 struct link_key *key, *old_key;
2440 old_key = hci_find_link_key(hdev, bdaddr);
2442 old_key_type = old_key->type;
2445 old_key_type = conn ? conn->key_type : 0xff;
2446 key = kzalloc(sizeof(*key), GFP_KERNEL);
2449 list_add_rcu(&key->list, &hdev->link_keys);
2452 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
2454 /* Some buggy controller combinations generate a changed
2455 * combination key for legacy pairing even when there's no
2457 if (type == HCI_LK_CHANGED_COMBINATION &&
2458 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
2459 type = HCI_LK_COMBINATION;
2461 conn->key_type = type;
2464 bacpy(&key->bdaddr, bdaddr);
2465 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
2466 key->pin_len = pin_len;
2468 if (type == HCI_LK_CHANGED_COMBINATION)
2469 key->type = old_key_type;
2474 *persistent = hci_persistent_key(hdev, conn, type,
2480 struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2481 u8 addr_type, u8 type, u8 authenticated,
2482 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
2484 struct smp_ltk *key, *old_key;
2485 u8 role = ltk_role(type);
2487 old_key = hci_find_ltk(hdev, bdaddr, addr_type, role);
2491 key = kzalloc(sizeof(*key), GFP_KERNEL);
2494 list_add_rcu(&key->list, &hdev->long_term_keys);
2497 bacpy(&key->bdaddr, bdaddr);
2498 key->bdaddr_type = addr_type;
2499 memcpy(key->val, tk, sizeof(key->val));
2500 key->authenticated = authenticated;
2503 key->enc_size = enc_size;
2509 struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2510 u8 addr_type, u8 val[16], bdaddr_t *rpa)
2512 struct smp_irk *irk;
2514 irk = hci_find_irk_by_addr(hdev, bdaddr, addr_type);
2516 irk = kzalloc(sizeof(*irk), GFP_KERNEL);
2520 bacpy(&irk->bdaddr, bdaddr);
2521 irk->addr_type = addr_type;
2523 list_add_rcu(&irk->list, &hdev->identity_resolving_keys);
2526 memcpy(irk->val, val, 16);
2527 bacpy(&irk->rpa, rpa);
2532 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2534 struct link_key *key;
2536 key = hci_find_link_key(hdev, bdaddr);
2540 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2542 list_del_rcu(&key->list);
2543 kfree_rcu(key, rcu);
2548 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
2553 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2554 if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type)
2557 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2559 list_del_rcu(&k->list);
2564 return removed ? 0 : -ENOENT;
2567 void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
2571 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
2572 if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type)
2575 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2577 list_del_rcu(&k->list);
2582 bool hci_bdaddr_is_paired(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2585 struct smp_irk *irk;
2588 if (type == BDADDR_BREDR) {
2589 if (hci_find_link_key(hdev, bdaddr))
2594 /* Convert to HCI addr type which struct smp_ltk uses */
2595 if (type == BDADDR_LE_PUBLIC)
2596 addr_type = ADDR_LE_DEV_PUBLIC;
2598 addr_type = ADDR_LE_DEV_RANDOM;
2600 irk = hci_get_irk(hdev, bdaddr, addr_type);
2602 bdaddr = &irk->bdaddr;
2603 addr_type = irk->addr_type;
2607 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2608 if (k->bdaddr_type == addr_type && !bacmp(bdaddr, &k->bdaddr)) {
2618 /* HCI command timer function */
2619 static void hci_cmd_timeout(struct work_struct *work)
2621 struct hci_dev *hdev = container_of(work, struct hci_dev,
2624 if (hdev->sent_cmd) {
2625 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
2626 u16 opcode = __le16_to_cpu(sent->opcode);
2628 bt_dev_err(hdev, "command 0x%4.4x tx timeout", opcode);
2630 bt_dev_err(hdev, "command tx timeout");
2634 hci_tx_timeout_error_evt(hdev);
2637 atomic_set(&hdev->cmd_cnt, 1);
2638 queue_work(hdev->workqueue, &hdev->cmd_work);
2641 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
2642 bdaddr_t *bdaddr, u8 bdaddr_type)
2644 struct oob_data *data;
2646 list_for_each_entry(data, &hdev->remote_oob_data, list) {
2647 if (bacmp(bdaddr, &data->bdaddr) != 0)
2649 if (data->bdaddr_type != bdaddr_type)
2657 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2660 struct oob_data *data;
2662 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2666 BT_DBG("%s removing %pMR (%u)", hdev->name, bdaddr, bdaddr_type);
2668 list_del(&data->list);
2674 void hci_remote_oob_data_clear(struct hci_dev *hdev)
2676 struct oob_data *data, *n;
2678 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
2679 list_del(&data->list);
2684 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2685 u8 bdaddr_type, u8 *hash192, u8 *rand192,
2686 u8 *hash256, u8 *rand256)
2688 struct oob_data *data;
2690 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2692 data = kmalloc(sizeof(*data), GFP_KERNEL);
2696 bacpy(&data->bdaddr, bdaddr);
2697 data->bdaddr_type = bdaddr_type;
2698 list_add(&data->list, &hdev->remote_oob_data);
2701 if (hash192 && rand192) {
2702 memcpy(data->hash192, hash192, sizeof(data->hash192));
2703 memcpy(data->rand192, rand192, sizeof(data->rand192));
2704 if (hash256 && rand256)
2705 data->present = 0x03;
2707 memset(data->hash192, 0, sizeof(data->hash192));
2708 memset(data->rand192, 0, sizeof(data->rand192));
2709 if (hash256 && rand256)
2710 data->present = 0x02;
2712 data->present = 0x00;
2715 if (hash256 && rand256) {
2716 memcpy(data->hash256, hash256, sizeof(data->hash256));
2717 memcpy(data->rand256, rand256, sizeof(data->rand256));
2719 memset(data->hash256, 0, sizeof(data->hash256));
2720 memset(data->rand256, 0, sizeof(data->rand256));
2721 if (hash192 && rand192)
2722 data->present = 0x01;
2725 BT_DBG("%s for %pMR", hdev->name, bdaddr);
2730 /* This function requires the caller holds hdev->lock */
2731 struct adv_info *hci_find_adv_instance(struct hci_dev *hdev, u8 instance)
2733 struct adv_info *adv_instance;
2735 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
2736 if (adv_instance->instance == instance)
2737 return adv_instance;
2743 /* This function requires the caller holds hdev->lock */
2744 struct adv_info *hci_get_next_instance(struct hci_dev *hdev, u8 instance)
2746 struct adv_info *cur_instance;
2748 cur_instance = hci_find_adv_instance(hdev, instance);
2752 if (cur_instance == list_last_entry(&hdev->adv_instances,
2753 struct adv_info, list))
2754 return list_first_entry(&hdev->adv_instances,
2755 struct adv_info, list);
2757 return list_next_entry(cur_instance, list);
2760 /* This function requires the caller holds hdev->lock */
2761 int hci_remove_adv_instance(struct hci_dev *hdev, u8 instance)
2763 struct adv_info *adv_instance;
2765 adv_instance = hci_find_adv_instance(hdev, instance);
2769 BT_DBG("%s removing %dMR", hdev->name, instance);
2771 if (hdev->cur_adv_instance == instance) {
2772 if (hdev->adv_instance_timeout) {
2773 cancel_delayed_work(&hdev->adv_instance_expire);
2774 hdev->adv_instance_timeout = 0;
2776 hdev->cur_adv_instance = 0x00;
2779 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
2781 list_del(&adv_instance->list);
2782 kfree(adv_instance);
2784 hdev->adv_instance_cnt--;
2789 void hci_adv_instances_set_rpa_expired(struct hci_dev *hdev, bool rpa_expired)
2791 struct adv_info *adv_instance, *n;
2793 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list)
2794 adv_instance->rpa_expired = rpa_expired;
2797 /* This function requires the caller holds hdev->lock */
2798 void hci_adv_instances_clear(struct hci_dev *hdev)
2800 struct adv_info *adv_instance, *n;
2802 if (hdev->adv_instance_timeout) {
2803 cancel_delayed_work(&hdev->adv_instance_expire);
2804 hdev->adv_instance_timeout = 0;
2807 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
2808 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
2809 list_del(&adv_instance->list);
2810 kfree(adv_instance);
2813 hdev->adv_instance_cnt = 0;
2814 hdev->cur_adv_instance = 0x00;
2817 static void adv_instance_rpa_expired(struct work_struct *work)
2819 struct adv_info *adv_instance = container_of(work, struct adv_info,
2820 rpa_expired_cb.work);
2824 adv_instance->rpa_expired = true;
2827 /* This function requires the caller holds hdev->lock */
2828 int hci_add_adv_instance(struct hci_dev *hdev, u8 instance, u32 flags,
2829 u16 adv_data_len, u8 *adv_data,
2830 u16 scan_rsp_len, u8 *scan_rsp_data,
2831 u16 timeout, u16 duration)
2833 struct adv_info *adv_instance;
2835 adv_instance = hci_find_adv_instance(hdev, instance);
2837 memset(adv_instance->adv_data, 0,
2838 sizeof(adv_instance->adv_data));
2839 memset(adv_instance->scan_rsp_data, 0,
2840 sizeof(adv_instance->scan_rsp_data));
2842 if (hdev->adv_instance_cnt >= HCI_MAX_ADV_INSTANCES ||
2843 instance < 1 || instance > HCI_MAX_ADV_INSTANCES)
2846 adv_instance = kzalloc(sizeof(*adv_instance), GFP_KERNEL);
2850 adv_instance->pending = true;
2851 adv_instance->instance = instance;
2852 list_add(&adv_instance->list, &hdev->adv_instances);
2853 hdev->adv_instance_cnt++;
2856 adv_instance->flags = flags;
2857 adv_instance->adv_data_len = adv_data_len;
2858 adv_instance->scan_rsp_len = scan_rsp_len;
2861 memcpy(adv_instance->adv_data, adv_data, adv_data_len);
2864 memcpy(adv_instance->scan_rsp_data,
2865 scan_rsp_data, scan_rsp_len);
2867 adv_instance->timeout = timeout;
2868 adv_instance->remaining_time = timeout;
2871 adv_instance->duration = HCI_DEFAULT_ADV_DURATION;
2873 adv_instance->duration = duration;
2875 adv_instance->tx_power = HCI_TX_POWER_INVALID;
2877 INIT_DELAYED_WORK(&adv_instance->rpa_expired_cb,
2878 adv_instance_rpa_expired);
2880 BT_DBG("%s for %dMR", hdev->name, instance);
2885 struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list,
2886 bdaddr_t *bdaddr, u8 type)
2888 struct bdaddr_list *b;
2890 list_for_each_entry(b, bdaddr_list, list) {
2891 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
2898 void hci_bdaddr_list_clear(struct list_head *bdaddr_list)
2900 struct bdaddr_list *b, *n;
2902 list_for_each_entry_safe(b, n, bdaddr_list, list) {
2908 int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type)
2910 struct bdaddr_list *entry;
2912 if (!bacmp(bdaddr, BDADDR_ANY))
2915 if (hci_bdaddr_list_lookup(list, bdaddr, type))
2918 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
2922 bacpy(&entry->bdaddr, bdaddr);
2923 entry->bdaddr_type = type;
2925 list_add(&entry->list, list);
2930 int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type)
2932 struct bdaddr_list *entry;
2934 if (!bacmp(bdaddr, BDADDR_ANY)) {
2935 hci_bdaddr_list_clear(list);
2939 entry = hci_bdaddr_list_lookup(list, bdaddr, type);
2943 list_del(&entry->list);
2949 /* This function requires the caller holds hdev->lock */
2950 struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
2951 bdaddr_t *addr, u8 addr_type)
2953 struct hci_conn_params *params;
2955 list_for_each_entry(params, &hdev->le_conn_params, list) {
2956 if (bacmp(¶ms->addr, addr) == 0 &&
2957 params->addr_type == addr_type) {
2965 /* This function requires the caller holds hdev->lock */
2966 struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
2967 bdaddr_t *addr, u8 addr_type)
2969 struct hci_conn_params *param;
2971 list_for_each_entry(param, list, action) {
2972 if (bacmp(¶m->addr, addr) == 0 &&
2973 param->addr_type == addr_type)
2980 /* This function requires the caller holds hdev->lock */
2981 struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
2982 bdaddr_t *addr, u8 addr_type)
2984 struct hci_conn_params *params;
2986 params = hci_conn_params_lookup(hdev, addr, addr_type);
2990 params = kzalloc(sizeof(*params), GFP_KERNEL);
2992 bt_dev_err(hdev, "out of memory");
2996 bacpy(¶ms->addr, addr);
2997 params->addr_type = addr_type;
2999 list_add(¶ms->list, &hdev->le_conn_params);
3000 INIT_LIST_HEAD(¶ms->action);
3002 params->conn_min_interval = hdev->le_conn_min_interval;
3003 params->conn_max_interval = hdev->le_conn_max_interval;
3004 params->conn_latency = hdev->le_conn_latency;
3005 params->supervision_timeout = hdev->le_supv_timeout;
3006 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3008 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3013 static void hci_conn_params_free(struct hci_conn_params *params)
3016 hci_conn_drop(params->conn);
3017 hci_conn_put(params->conn);
3020 list_del(¶ms->action);
3021 list_del(¶ms->list);
3025 /* This function requires the caller holds hdev->lock */
3026 void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
3028 struct hci_conn_params *params;
3030 params = hci_conn_params_lookup(hdev, addr, addr_type);
3034 hci_conn_params_free(params);
3036 hci_update_background_scan(hdev);
3038 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3041 /* This function requires the caller holds hdev->lock */
3042 void hci_conn_params_clear_disabled(struct hci_dev *hdev)
3044 struct hci_conn_params *params, *tmp;
3046 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
3047 if (params->auto_connect != HCI_AUTO_CONN_DISABLED)
3050 /* If trying to estabilish one time connection to disabled
3051 * device, leave the params, but mark them as just once.
3053 if (params->explicit_connect) {
3054 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3058 list_del(¶ms->list);
3062 BT_DBG("All LE disabled connection parameters were removed");
3065 /* This function requires the caller holds hdev->lock */
3066 static void hci_conn_params_clear_all(struct hci_dev *hdev)
3068 struct hci_conn_params *params, *tmp;
3070 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list)
3071 hci_conn_params_free(params);
3073 BT_DBG("All LE connection parameters were removed");
3076 /* Copy the Identity Address of the controller.
3078 * If the controller has a public BD_ADDR, then by default use that one.
3079 * If this is a LE only controller without a public address, default to
3080 * the static random address.
3082 * For debugging purposes it is possible to force controllers with a
3083 * public address to use the static random address instead.
3085 * In case BR/EDR has been disabled on a dual-mode controller and
3086 * userspace has configured a static address, then that address
3087 * becomes the identity address instead of the public BR/EDR address.
3089 void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
3092 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
3093 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
3094 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3095 bacmp(&hdev->static_addr, BDADDR_ANY))) {
3096 bacpy(bdaddr, &hdev->static_addr);
3097 *bdaddr_type = ADDR_LE_DEV_RANDOM;
3099 bacpy(bdaddr, &hdev->bdaddr);
3100 *bdaddr_type = ADDR_LE_DEV_PUBLIC;
3104 /* Alloc HCI device */
3105 struct hci_dev *hci_alloc_dev(void)
3107 struct hci_dev *hdev;
3109 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
3113 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
3114 hdev->esco_type = (ESCO_HV1);
3115 hdev->link_mode = (HCI_LM_ACCEPT);
3116 hdev->num_iac = 0x01; /* One IAC support is mandatory */
3117 hdev->io_capability = 0x03; /* No Input No Output */
3118 hdev->manufacturer = 0xffff; /* Default to internal use */
3119 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
3120 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3121 hdev->adv_instance_cnt = 0;
3122 hdev->cur_adv_instance = 0x00;
3123 hdev->adv_instance_timeout = 0;
3125 hdev->sniff_max_interval = 800;
3126 hdev->sniff_min_interval = 80;
3128 hdev->le_adv_channel_map = 0x07;
3129 hdev->le_adv_min_interval = 0x0800;
3130 hdev->le_adv_max_interval = 0x0800;
3132 hdev->adv_filter_policy = 0x00;
3133 hdev->adv_type = 0x00;
3135 hdev->le_scan_interval = 0x0060;
3136 hdev->le_scan_window = 0x0030;
3137 hdev->le_conn_min_interval = 0x0018;
3138 hdev->le_conn_max_interval = 0x0028;
3139 hdev->le_conn_latency = 0x0000;
3140 hdev->le_supv_timeout = 0x002a;
3141 hdev->le_def_tx_len = 0x001b;
3142 hdev->le_def_tx_time = 0x0148;
3143 hdev->le_max_tx_len = 0x001b;
3144 hdev->le_max_tx_time = 0x0148;
3145 hdev->le_max_rx_len = 0x001b;
3146 hdev->le_max_rx_time = 0x0148;
3147 hdev->le_max_key_size = SMP_MAX_ENC_KEY_SIZE;
3148 hdev->le_min_key_size = SMP_MIN_ENC_KEY_SIZE;
3149 hdev->le_tx_def_phys = HCI_LE_SET_PHY_1M;
3150 hdev->le_rx_def_phys = HCI_LE_SET_PHY_1M;
3152 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
3153 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
3154 hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
3155 hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
3157 mutex_init(&hdev->lock);
3158 mutex_init(&hdev->req_lock);
3160 INIT_LIST_HEAD(&hdev->mgmt_pending);
3161 INIT_LIST_HEAD(&hdev->blacklist);
3162 INIT_LIST_HEAD(&hdev->whitelist);
3163 INIT_LIST_HEAD(&hdev->uuids);
3164 INIT_LIST_HEAD(&hdev->link_keys);
3165 INIT_LIST_HEAD(&hdev->long_term_keys);
3166 INIT_LIST_HEAD(&hdev->identity_resolving_keys);
3167 INIT_LIST_HEAD(&hdev->remote_oob_data);
3168 INIT_LIST_HEAD(&hdev->le_white_list);
3169 INIT_LIST_HEAD(&hdev->le_resolv_list);
3170 INIT_LIST_HEAD(&hdev->le_conn_params);
3171 INIT_LIST_HEAD(&hdev->pend_le_conns);
3172 INIT_LIST_HEAD(&hdev->pend_le_reports);
3173 INIT_LIST_HEAD(&hdev->conn_hash.list);
3174 INIT_LIST_HEAD(&hdev->adv_instances);
3176 INIT_WORK(&hdev->rx_work, hci_rx_work);
3177 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
3178 INIT_WORK(&hdev->tx_work, hci_tx_work);
3179 INIT_WORK(&hdev->power_on, hci_power_on);
3180 INIT_WORK(&hdev->error_reset, hci_error_reset);
3182 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
3184 skb_queue_head_init(&hdev->rx_q);
3185 skb_queue_head_init(&hdev->cmd_q);
3186 skb_queue_head_init(&hdev->raw_q);
3188 init_waitqueue_head(&hdev->req_wait_q);
3190 INIT_DELAYED_WORK(&hdev->cmd_timer, hci_cmd_timeout);
3192 hci_request_setup(hdev);
3194 hci_init_sysfs(hdev);
3195 discovery_init(hdev);
3199 EXPORT_SYMBOL(hci_alloc_dev);
3201 /* Free HCI device */
3202 void hci_free_dev(struct hci_dev *hdev)
3204 /* will free via device release */
3205 put_device(&hdev->dev);
3207 EXPORT_SYMBOL(hci_free_dev);
3209 /* Register HCI device */
3210 int hci_register_dev(struct hci_dev *hdev)
3214 if (!hdev->open || !hdev->close || !hdev->send)
3217 /* Do not allow HCI_AMP devices to register at index 0,
3218 * so the index can be used as the AMP controller ID.
3220 switch (hdev->dev_type) {
3222 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
3225 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
3234 sprintf(hdev->name, "hci%d", id);
3237 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3239 hdev->workqueue = alloc_ordered_workqueue("%s", WQ_HIGHPRI, hdev->name);
3240 if (!hdev->workqueue) {
3245 hdev->req_workqueue = alloc_ordered_workqueue("%s", WQ_HIGHPRI,
3247 if (!hdev->req_workqueue) {
3248 destroy_workqueue(hdev->workqueue);
3253 if (!IS_ERR_OR_NULL(bt_debugfs))
3254 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
3256 dev_set_name(&hdev->dev, "%s", hdev->name);
3258 error = device_add(&hdev->dev);
3262 hci_leds_init(hdev);
3264 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
3265 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
3268 if (rfkill_register(hdev->rfkill) < 0) {
3269 rfkill_destroy(hdev->rfkill);
3270 hdev->rfkill = NULL;
3274 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
3275 hci_dev_set_flag(hdev, HCI_RFKILLED);
3277 hci_dev_set_flag(hdev, HCI_SETUP);
3278 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
3280 if (hdev->dev_type == HCI_PRIMARY) {
3281 /* Assume BR/EDR support until proven otherwise (such as
3282 * through reading supported features during init.
3284 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
3287 write_lock(&hci_dev_list_lock);
3288 list_add(&hdev->list, &hci_dev_list);
3289 write_unlock(&hci_dev_list_lock);
3291 /* Devices that are marked for raw-only usage are unconfigured
3292 * and should not be included in normal operation.
3294 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
3295 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
3297 hci_sock_dev_event(hdev, HCI_DEV_REG);
3300 queue_work(hdev->req_workqueue, &hdev->power_on);
3305 destroy_workqueue(hdev->workqueue);
3306 destroy_workqueue(hdev->req_workqueue);
3308 ida_simple_remove(&hci_index_ida, hdev->id);
3312 EXPORT_SYMBOL(hci_register_dev);
3314 /* Unregister HCI device */
3315 void hci_unregister_dev(struct hci_dev *hdev)
3319 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3321 hci_dev_set_flag(hdev, HCI_UNREGISTER);
3325 write_lock(&hci_dev_list_lock);
3326 list_del(&hdev->list);
3327 write_unlock(&hci_dev_list_lock);
3329 cancel_work_sync(&hdev->power_on);
3331 hci_dev_do_close(hdev);
3333 if (!test_bit(HCI_INIT, &hdev->flags) &&
3334 !hci_dev_test_flag(hdev, HCI_SETUP) &&
3335 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
3337 mgmt_index_removed(hdev);
3338 hci_dev_unlock(hdev);
3341 /* mgmt_index_removed should take care of emptying the
3343 BUG_ON(!list_empty(&hdev->mgmt_pending));
3345 hci_sock_dev_event(hdev, HCI_DEV_UNREG);
3348 rfkill_unregister(hdev->rfkill);
3349 rfkill_destroy(hdev->rfkill);
3352 device_del(&hdev->dev);
3354 debugfs_remove_recursive(hdev->debugfs);
3355 kfree_const(hdev->hw_info);
3356 kfree_const(hdev->fw_info);
3358 destroy_workqueue(hdev->workqueue);
3359 destroy_workqueue(hdev->req_workqueue);
3362 hci_bdaddr_list_clear(&hdev->blacklist);
3363 hci_bdaddr_list_clear(&hdev->whitelist);
3364 hci_uuids_clear(hdev);
3365 hci_link_keys_clear(hdev);
3366 hci_smp_ltks_clear(hdev);
3367 hci_smp_irks_clear(hdev);
3368 hci_remote_oob_data_clear(hdev);
3369 hci_adv_instances_clear(hdev);
3370 hci_bdaddr_list_clear(&hdev->le_white_list);
3371 hci_bdaddr_list_clear(&hdev->le_resolv_list);
3372 hci_conn_params_clear_all(hdev);
3373 hci_discovery_filter_clear(hdev);
3374 hci_dev_unlock(hdev);
3378 ida_simple_remove(&hci_index_ida, id);
3380 EXPORT_SYMBOL(hci_unregister_dev);
3382 /* Suspend HCI device */
3383 int hci_suspend_dev(struct hci_dev *hdev)
3385 hci_sock_dev_event(hdev, HCI_DEV_SUSPEND);
3388 EXPORT_SYMBOL(hci_suspend_dev);
3390 /* Resume HCI device */
3391 int hci_resume_dev(struct hci_dev *hdev)
3393 hci_sock_dev_event(hdev, HCI_DEV_RESUME);
3396 EXPORT_SYMBOL(hci_resume_dev);
3398 /* Reset HCI device */
3399 int hci_reset_dev(struct hci_dev *hdev)
3401 const u8 hw_err[] = { HCI_EV_HARDWARE_ERROR, 0x01, 0x00 };
3402 struct sk_buff *skb;
3404 skb = bt_skb_alloc(3, GFP_ATOMIC);
3408 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
3409 skb_put_data(skb, hw_err, 3);
3411 /* Send Hardware Error to upper stack */
3412 return hci_recv_frame(hdev, skb);
3414 EXPORT_SYMBOL(hci_reset_dev);
3416 /* Receive frame from HCI drivers */
3417 int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
3419 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
3420 && !test_bit(HCI_INIT, &hdev->flags))) {
3425 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
3426 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
3427 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) {
3433 bt_cb(skb)->incoming = 1;
3436 __net_timestamp(skb);
3438 skb_queue_tail(&hdev->rx_q, skb);
3439 queue_work(hdev->workqueue, &hdev->rx_work);
3443 EXPORT_SYMBOL(hci_recv_frame);
3445 /* Receive diagnostic message from HCI drivers */
3446 int hci_recv_diag(struct hci_dev *hdev, struct sk_buff *skb)
3448 /* Mark as diagnostic packet */
3449 hci_skb_pkt_type(skb) = HCI_DIAG_PKT;
3452 __net_timestamp(skb);
3454 skb_queue_tail(&hdev->rx_q, skb);
3455 queue_work(hdev->workqueue, &hdev->rx_work);
3459 EXPORT_SYMBOL(hci_recv_diag);
3461 void hci_set_hw_info(struct hci_dev *hdev, const char *fmt, ...)
3465 va_start(vargs, fmt);
3466 kfree_const(hdev->hw_info);
3467 hdev->hw_info = kvasprintf_const(GFP_KERNEL, fmt, vargs);
3470 EXPORT_SYMBOL(hci_set_hw_info);
3472 void hci_set_fw_info(struct hci_dev *hdev, const char *fmt, ...)
3476 va_start(vargs, fmt);
3477 kfree_const(hdev->fw_info);
3478 hdev->fw_info = kvasprintf_const(GFP_KERNEL, fmt, vargs);
3481 EXPORT_SYMBOL(hci_set_fw_info);
3483 /* ---- Interface to upper protocols ---- */
3485 int hci_register_cb(struct hci_cb *cb)
3487 BT_DBG("%p name %s", cb, cb->name);
3489 mutex_lock(&hci_cb_list_lock);
3490 list_add_tail(&cb->list, &hci_cb_list);
3491 mutex_unlock(&hci_cb_list_lock);
3495 EXPORT_SYMBOL(hci_register_cb);
3497 int hci_unregister_cb(struct hci_cb *cb)
3499 BT_DBG("%p name %s", cb, cb->name);
3501 mutex_lock(&hci_cb_list_lock);
3502 list_del(&cb->list);
3503 mutex_unlock(&hci_cb_list_lock);
3507 EXPORT_SYMBOL(hci_unregister_cb);
3509 static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
3513 BT_DBG("%s type %d len %d", hdev->name, hci_skb_pkt_type(skb),
3517 __net_timestamp(skb);
3519 /* Send copy to monitor */
3520 hci_send_to_monitor(hdev, skb);
3522 if (atomic_read(&hdev->promisc)) {
3523 /* Send copy to the sockets */
3524 hci_send_to_sock(hdev, skb);
3527 /* Get rid of skb owner, prior to sending to the driver. */
3530 if (!test_bit(HCI_RUNNING, &hdev->flags)) {
3535 err = hdev->send(hdev, skb);
3537 bt_dev_err(hdev, "sending frame failed (%d)", err);
3542 /* Send HCI command */
3543 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
3546 struct sk_buff *skb;
3548 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
3550 skb = hci_prepare_cmd(hdev, opcode, plen, param);
3552 bt_dev_err(hdev, "no memory for command");
3556 /* Stand-alone HCI commands must be flagged as
3557 * single-command requests.
3559 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
3561 skb_queue_tail(&hdev->cmd_q, skb);
3562 queue_work(hdev->workqueue, &hdev->cmd_work);
3567 int __hci_cmd_send(struct hci_dev *hdev, u16 opcode, u32 plen,
3570 struct sk_buff *skb;
3572 if (hci_opcode_ogf(opcode) != 0x3f) {
3573 /* A controller receiving a command shall respond with either
3574 * a Command Status Event or a Command Complete Event.
3575 * Therefore, all standard HCI commands must be sent via the
3576 * standard API, using hci_send_cmd or hci_cmd_sync helpers.
3577 * Some vendors do not comply with this rule for vendor-specific
3578 * commands and do not return any event. We want to support
3579 * unresponded commands for such cases only.
3581 bt_dev_err(hdev, "unresponded command not supported");
3585 skb = hci_prepare_cmd(hdev, opcode, plen, param);
3587 bt_dev_err(hdev, "no memory for command (opcode 0x%4.4x)",
3592 hci_send_frame(hdev, skb);
3596 EXPORT_SYMBOL(__hci_cmd_send);
3598 /* Get data from the previously sent command */
3599 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
3601 struct hci_command_hdr *hdr;
3603 if (!hdev->sent_cmd)
3606 hdr = (void *) hdev->sent_cmd->data;
3608 if (hdr->opcode != cpu_to_le16(opcode))
3611 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3613 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
3616 /* Send HCI command and wait for command commplete event */
3617 struct sk_buff *hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
3618 const void *param, u32 timeout)
3620 struct sk_buff *skb;
3622 if (!test_bit(HCI_UP, &hdev->flags))
3623 return ERR_PTR(-ENETDOWN);
3625 bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen);
3627 hci_req_sync_lock(hdev);
3628 skb = __hci_cmd_sync(hdev, opcode, plen, param, timeout);
3629 hci_req_sync_unlock(hdev);
3633 EXPORT_SYMBOL(hci_cmd_sync);
3636 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
3638 struct hci_acl_hdr *hdr;
3641 skb_push(skb, HCI_ACL_HDR_SIZE);
3642 skb_reset_transport_header(skb);
3643 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
3644 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
3645 hdr->dlen = cpu_to_le16(len);
3648 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
3649 struct sk_buff *skb, __u16 flags)
3651 struct hci_conn *conn = chan->conn;
3652 struct hci_dev *hdev = conn->hdev;
3653 struct sk_buff *list;
3655 skb->len = skb_headlen(skb);
3658 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
3660 switch (hdev->dev_type) {
3662 hci_add_acl_hdr(skb, conn->handle, flags);
3665 hci_add_acl_hdr(skb, chan->handle, flags);
3668 bt_dev_err(hdev, "unknown dev_type %d", hdev->dev_type);
3672 list = skb_shinfo(skb)->frag_list;
3674 /* Non fragmented */
3675 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
3677 skb_queue_tail(queue, skb);
3680 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3682 skb_shinfo(skb)->frag_list = NULL;
3684 /* Queue all fragments atomically. We need to use spin_lock_bh
3685 * here because of 6LoWPAN links, as there this function is
3686 * called from softirq and using normal spin lock could cause
3689 spin_lock_bh(&queue->lock);
3691 __skb_queue_tail(queue, skb);
3693 flags &= ~ACL_START;
3696 skb = list; list = list->next;
3698 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
3699 hci_add_acl_hdr(skb, conn->handle, flags);
3701 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3703 __skb_queue_tail(queue, skb);
3706 spin_unlock_bh(&queue->lock);
3710 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
3712 struct hci_dev *hdev = chan->conn->hdev;
3714 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
3716 hci_queue_acl(chan, &chan->data_q, skb, flags);
3718 queue_work(hdev->workqueue, &hdev->tx_work);
3722 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
3724 struct hci_dev *hdev = conn->hdev;
3725 struct hci_sco_hdr hdr;
3727 BT_DBG("%s len %d", hdev->name, skb->len);
3729 hdr.handle = cpu_to_le16(conn->handle);
3730 hdr.dlen = skb->len;
3732 skb_push(skb, HCI_SCO_HDR_SIZE);
3733 skb_reset_transport_header(skb);
3734 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
3736 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
3738 skb_queue_tail(&conn->data_q, skb);
3739 queue_work(hdev->workqueue, &hdev->tx_work);
3742 /* ---- HCI TX task (outgoing data) ---- */
3744 /* HCI Connection scheduler */
3745 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
3748 struct hci_conn_hash *h = &hdev->conn_hash;
3749 struct hci_conn *conn = NULL, *c;
3750 unsigned int num = 0, min = ~0;
3752 /* We don't have to lock device here. Connections are always
3753 * added and removed with TX task disabled. */
3757 list_for_each_entry_rcu(c, &h->list, list) {
3758 if (c->type != type || skb_queue_empty(&c->data_q))
3761 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
3766 if (c->sent < min) {
3771 if (hci_conn_num(hdev, type) == num)
3780 switch (conn->type) {
3782 cnt = hdev->acl_cnt;
3786 cnt = hdev->sco_cnt;
3789 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3793 bt_dev_err(hdev, "unknown link type %d", conn->type);
3801 BT_DBG("conn %p quote %d", conn, *quote);
3805 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
3807 struct hci_conn_hash *h = &hdev->conn_hash;
3810 bt_dev_err(hdev, "link tx timeout");
3814 /* Kill stalled connections */
3815 list_for_each_entry_rcu(c, &h->list, list) {
3816 if (c->type == type && c->sent) {
3817 bt_dev_err(hdev, "killing stalled connection %pMR",
3819 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
3826 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
3829 struct hci_conn_hash *h = &hdev->conn_hash;
3830 struct hci_chan *chan = NULL;
3831 unsigned int num = 0, min = ~0, cur_prio = 0;
3832 struct hci_conn *conn;
3833 int cnt, q, conn_num = 0;
3835 BT_DBG("%s", hdev->name);
3839 list_for_each_entry_rcu(conn, &h->list, list) {
3840 struct hci_chan *tmp;
3842 if (conn->type != type)
3845 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3850 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
3851 struct sk_buff *skb;
3853 if (skb_queue_empty(&tmp->data_q))
3856 skb = skb_peek(&tmp->data_q);
3857 if (skb->priority < cur_prio)
3860 if (skb->priority > cur_prio) {
3863 cur_prio = skb->priority;
3868 if (conn->sent < min) {
3874 if (hci_conn_num(hdev, type) == conn_num)
3883 switch (chan->conn->type) {
3885 cnt = hdev->acl_cnt;
3888 cnt = hdev->block_cnt;
3892 cnt = hdev->sco_cnt;
3895 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3899 bt_dev_err(hdev, "unknown link type %d", chan->conn->type);
3904 BT_DBG("chan %p quote %d", chan, *quote);
3908 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
3910 struct hci_conn_hash *h = &hdev->conn_hash;
3911 struct hci_conn *conn;
3914 BT_DBG("%s", hdev->name);
3918 list_for_each_entry_rcu(conn, &h->list, list) {
3919 struct hci_chan *chan;
3921 if (conn->type != type)
3924 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3929 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
3930 struct sk_buff *skb;
3937 if (skb_queue_empty(&chan->data_q))
3940 skb = skb_peek(&chan->data_q);
3941 if (skb->priority >= HCI_PRIO_MAX - 1)
3944 skb->priority = HCI_PRIO_MAX - 1;
3946 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
3950 if (hci_conn_num(hdev, type) == num)
3958 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
3960 /* Calculate count of blocks used by this packet */
3961 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
3964 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
3966 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
3967 /* ACL tx timeout must be longer than maximum
3968 * link supervision timeout (40.9 seconds) */
3969 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
3970 HCI_ACL_TX_TIMEOUT))
3971 hci_link_tx_to(hdev, ACL_LINK);
3975 static void hci_sched_acl_pkt(struct hci_dev *hdev)
3977 unsigned int cnt = hdev->acl_cnt;
3978 struct hci_chan *chan;
3979 struct sk_buff *skb;
3982 __check_timeout(hdev, cnt);
3984 while (hdev->acl_cnt &&
3985 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
3986 u32 priority = (skb_peek(&chan->data_q))->priority;
3987 while (quote-- && (skb = skb_peek(&chan->data_q))) {
3988 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3989 skb->len, skb->priority);
3991 /* Stop if priority has changed */
3992 if (skb->priority < priority)
3995 skb = skb_dequeue(&chan->data_q);
3997 hci_conn_enter_active_mode(chan->conn,
3998 bt_cb(skb)->force_active);
4000 hci_send_frame(hdev, skb);
4001 hdev->acl_last_tx = jiffies;
4009 if (cnt != hdev->acl_cnt)
4010 hci_prio_recalculate(hdev, ACL_LINK);
4013 static void hci_sched_acl_blk(struct hci_dev *hdev)
4015 unsigned int cnt = hdev->block_cnt;
4016 struct hci_chan *chan;
4017 struct sk_buff *skb;
4021 __check_timeout(hdev, cnt);
4023 BT_DBG("%s", hdev->name);
4025 if (hdev->dev_type == HCI_AMP)
4030 while (hdev->block_cnt > 0 &&
4031 (chan = hci_chan_sent(hdev, type, "e))) {
4032 u32 priority = (skb_peek(&chan->data_q))->priority;
4033 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
4036 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4037 skb->len, skb->priority);
4039 /* Stop if priority has changed */
4040 if (skb->priority < priority)
4043 skb = skb_dequeue(&chan->data_q);
4045 blocks = __get_blocks(hdev, skb);
4046 if (blocks > hdev->block_cnt)
4049 hci_conn_enter_active_mode(chan->conn,
4050 bt_cb(skb)->force_active);
4052 hci_send_frame(hdev, skb);
4053 hdev->acl_last_tx = jiffies;
4055 hdev->block_cnt -= blocks;
4058 chan->sent += blocks;
4059 chan->conn->sent += blocks;
4063 if (cnt != hdev->block_cnt)
4064 hci_prio_recalculate(hdev, type);
4067 static void hci_sched_acl(struct hci_dev *hdev)
4069 BT_DBG("%s", hdev->name);
4071 /* No ACL link over BR/EDR controller */
4072 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_PRIMARY)
4075 /* No AMP link over AMP controller */
4076 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
4079 switch (hdev->flow_ctl_mode) {
4080 case HCI_FLOW_CTL_MODE_PACKET_BASED:
4081 hci_sched_acl_pkt(hdev);
4084 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
4085 hci_sched_acl_blk(hdev);
4091 static void hci_sched_sco(struct hci_dev *hdev)
4093 struct hci_conn *conn;
4094 struct sk_buff *skb;
4097 BT_DBG("%s", hdev->name);
4099 if (!hci_conn_num(hdev, SCO_LINK))
4102 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
4103 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
4104 BT_DBG("skb %p len %d", skb, skb->len);
4105 hci_send_frame(hdev, skb);
4108 if (conn->sent == ~0)
4114 static void hci_sched_esco(struct hci_dev *hdev)
4116 struct hci_conn *conn;
4117 struct sk_buff *skb;
4120 BT_DBG("%s", hdev->name);
4122 if (!hci_conn_num(hdev, ESCO_LINK))
4125 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
4127 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
4128 BT_DBG("skb %p len %d", skb, skb->len);
4129 hci_send_frame(hdev, skb);
4132 if (conn->sent == ~0)
4138 static void hci_sched_le(struct hci_dev *hdev)
4140 struct hci_chan *chan;
4141 struct sk_buff *skb;
4142 int quote, cnt, tmp;
4144 BT_DBG("%s", hdev->name);
4146 if (!hci_conn_num(hdev, LE_LINK))
4149 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
4150 /* LE tx timeout must be longer than maximum
4151 * link supervision timeout (40.9 seconds) */
4152 if (!hdev->le_cnt && hdev->le_pkts &&
4153 time_after(jiffies, hdev->le_last_tx + HZ * 45))
4154 hci_link_tx_to(hdev, LE_LINK);
4157 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
4159 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
4160 u32 priority = (skb_peek(&chan->data_q))->priority;
4161 while (quote-- && (skb = skb_peek(&chan->data_q))) {
4162 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4163 skb->len, skb->priority);
4165 /* Stop if priority has changed */
4166 if (skb->priority < priority)
4169 skb = skb_dequeue(&chan->data_q);
4171 hci_send_frame(hdev, skb);
4172 hdev->le_last_tx = jiffies;
4183 hdev->acl_cnt = cnt;
4186 hci_prio_recalculate(hdev, LE_LINK);
4189 static void hci_tx_work(struct work_struct *work)
4191 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
4192 struct sk_buff *skb;
4194 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
4195 hdev->sco_cnt, hdev->le_cnt);
4197 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
4198 /* Schedule queues and send stuff to HCI driver */
4199 hci_sched_acl(hdev);
4200 hci_sched_sco(hdev);
4201 hci_sched_esco(hdev);
4205 /* Send next queued raw (unknown type) packet */
4206 while ((skb = skb_dequeue(&hdev->raw_q)))
4207 hci_send_frame(hdev, skb);
4210 /* ----- HCI RX task (incoming data processing) ----- */
4212 /* ACL data packet */
4213 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4215 struct hci_acl_hdr *hdr = (void *) skb->data;
4216 struct hci_conn *conn;
4217 __u16 handle, flags;
4219 skb_pull(skb, HCI_ACL_HDR_SIZE);
4221 handle = __le16_to_cpu(hdr->handle);
4222 flags = hci_flags(handle);
4223 handle = hci_handle(handle);
4225 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
4228 hdev->stat.acl_rx++;
4231 conn = hci_conn_hash_lookup_handle(hdev, handle);
4232 hci_dev_unlock(hdev);
4235 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
4237 /* Send to upper protocol */
4238 l2cap_recv_acldata(conn, skb, flags);
4241 bt_dev_err(hdev, "ACL packet for unknown connection handle %d",
4248 /* SCO data packet */
4249 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4251 struct hci_sco_hdr *hdr = (void *) skb->data;
4252 struct hci_conn *conn;
4255 skb_pull(skb, HCI_SCO_HDR_SIZE);
4257 handle = __le16_to_cpu(hdr->handle);
4259 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
4261 hdev->stat.sco_rx++;
4264 conn = hci_conn_hash_lookup_handle(hdev, handle);
4265 hci_dev_unlock(hdev);
4268 /* Send to upper protocol */
4269 sco_recv_scodata(conn, skb);
4272 bt_dev_err(hdev, "SCO packet for unknown connection handle %d",
4279 static bool hci_req_is_complete(struct hci_dev *hdev)
4281 struct sk_buff *skb;
4283 skb = skb_peek(&hdev->cmd_q);
4287 return (bt_cb(skb)->hci.req_flags & HCI_REQ_START);
4290 static void hci_resend_last(struct hci_dev *hdev)
4292 struct hci_command_hdr *sent;
4293 struct sk_buff *skb;
4296 if (!hdev->sent_cmd)
4299 sent = (void *) hdev->sent_cmd->data;
4300 opcode = __le16_to_cpu(sent->opcode);
4301 if (opcode == HCI_OP_RESET)
4304 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
4308 skb_queue_head(&hdev->cmd_q, skb);
4309 queue_work(hdev->workqueue, &hdev->cmd_work);
4312 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
4313 hci_req_complete_t *req_complete,
4314 hci_req_complete_skb_t *req_complete_skb)
4316 struct sk_buff *skb;
4317 unsigned long flags;
4319 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
4321 /* If the completed command doesn't match the last one that was
4322 * sent we need to do special handling of it.
4324 if (!hci_sent_cmd_data(hdev, opcode)) {
4325 /* Some CSR based controllers generate a spontaneous
4326 * reset complete event during init and any pending
4327 * command will never be completed. In such a case we
4328 * need to resend whatever was the last sent
4331 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
4332 hci_resend_last(hdev);
4337 /* If we reach this point this event matches the last command sent */
4338 hci_dev_clear_flag(hdev, HCI_CMD_PENDING);
4340 /* If the command succeeded and there's still more commands in
4341 * this request the request is not yet complete.
4343 if (!status && !hci_req_is_complete(hdev))
4346 /* If this was the last command in a request the complete
4347 * callback would be found in hdev->sent_cmd instead of the
4348 * command queue (hdev->cmd_q).
4350 if (bt_cb(hdev->sent_cmd)->hci.req_flags & HCI_REQ_SKB) {
4351 *req_complete_skb = bt_cb(hdev->sent_cmd)->hci.req_complete_skb;
4355 if (bt_cb(hdev->sent_cmd)->hci.req_complete) {
4356 *req_complete = bt_cb(hdev->sent_cmd)->hci.req_complete;
4360 /* Remove all pending commands belonging to this request */
4361 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4362 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
4363 if (bt_cb(skb)->hci.req_flags & HCI_REQ_START) {
4364 __skb_queue_head(&hdev->cmd_q, skb);
4368 if (bt_cb(skb)->hci.req_flags & HCI_REQ_SKB)
4369 *req_complete_skb = bt_cb(skb)->hci.req_complete_skb;
4371 *req_complete = bt_cb(skb)->hci.req_complete;
4374 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
4377 static void hci_rx_work(struct work_struct *work)
4379 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
4380 struct sk_buff *skb;
4382 BT_DBG("%s", hdev->name);
4384 while ((skb = skb_dequeue(&hdev->rx_q))) {
4385 /* Send copy to monitor */
4386 hci_send_to_monitor(hdev, skb);
4388 if (atomic_read(&hdev->promisc)) {
4389 /* Send copy to the sockets */
4390 hci_send_to_sock(hdev, skb);
4393 /* If the device has been opened in HCI_USER_CHANNEL,
4394 * the userspace has exclusive access to device.
4395 * When device is HCI_INIT, we still need to process
4396 * the data packets to the driver in order
4397 * to complete its setup().
4399 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
4400 !test_bit(HCI_INIT, &hdev->flags)) {
4405 if (test_bit(HCI_INIT, &hdev->flags)) {
4406 /* Don't process data packets in this states. */
4407 switch (hci_skb_pkt_type(skb)) {
4408 case HCI_ACLDATA_PKT:
4409 case HCI_SCODATA_PKT:
4416 switch (hci_skb_pkt_type(skb)) {
4418 BT_DBG("%s Event packet", hdev->name);
4419 hci_event_packet(hdev, skb);
4422 case HCI_ACLDATA_PKT:
4423 BT_DBG("%s ACL data packet", hdev->name);
4424 hci_acldata_packet(hdev, skb);
4427 case HCI_SCODATA_PKT:
4428 BT_DBG("%s SCO data packet", hdev->name);
4429 hci_scodata_packet(hdev, skb);
4439 static void hci_cmd_work(struct work_struct *work)
4441 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
4442 struct sk_buff *skb;
4444 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
4445 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
4447 /* Send queued commands */
4448 if (atomic_read(&hdev->cmd_cnt)) {
4449 skb = skb_dequeue(&hdev->cmd_q);
4453 kfree_skb(hdev->sent_cmd);
4455 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
4456 if (hdev->sent_cmd) {
4457 if (hci_req_status_pend(hdev))
4458 hci_dev_set_flag(hdev, HCI_CMD_PENDING);
4459 atomic_dec(&hdev->cmd_cnt);
4460 hci_send_frame(hdev, skb);
4461 if (test_bit(HCI_RESET, &hdev->flags))
4462 cancel_delayed_work(&hdev->cmd_timer);
4464 schedule_delayed_work(&hdev->cmd_timer,
4467 skb_queue_head(&hdev->cmd_q, skb);
4468 queue_work(hdev->workqueue, &hdev->cmd_work);
projects / platform / kernel / linux-rpi.git / blob