1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28#include <linux/jiffies.h>
29#include <linux/module.h>
30#include <linux/kmod.h>
31
32#include <linux/types.h>
33#include <linux/errno.h>
34#include <linux/kernel.h>
35#include <linux/sched.h>
36#include <linux/slab.h>
37#include <linux/poll.h>
38#include <linux/fcntl.h>
39#include <linux/init.h>
40#include <linux/skbuff.h>
41#include <linux/workqueue.h>
42#include <linux/interrupt.h>
43#include <linux/notifier.h>
44#include <linux/rfkill.h>
45#include <linux/timer.h>
46#include <linux/crypto.h>
47#include <net/sock.h>
48
49#include <asm/system.h>
50#include <linux/uaccess.h>
51#include <asm/unaligned.h>
52
53#include <net/bluetooth/bluetooth.h>
54#include <net/bluetooth/hci_core.h>
55
56#define AUTO_OFF_TIMEOUT 2000
57
58bool enable_hs;
59
60static void hci_rx_work(struct work_struct *work);
61static void hci_cmd_work(struct work_struct *work);
62static void hci_tx_work(struct work_struct *work);
63
64
65LIST_HEAD(hci_dev_list);
66DEFINE_RWLOCK(hci_dev_list_lock);
67
68
69LIST_HEAD(hci_cb_list);
70DEFINE_RWLOCK(hci_cb_list_lock);
71
72
73static ATOMIC_NOTIFIER_HEAD(hci_notifier);
74
75
76
77int hci_register_notifier(struct notifier_block *nb)
78{
79 return atomic_notifier_chain_register(&hci_notifier, nb);
80}
81
82int hci_unregister_notifier(struct notifier_block *nb)
83{
84 return atomic_notifier_chain_unregister(&hci_notifier, nb);
85}
86
87static void hci_notify(struct hci_dev *hdev, int event)
88{
89 atomic_notifier_call_chain(&hci_notifier, event, hdev);
90}
91
92
93
94void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
95{
96 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result);
97
98
99
100
101 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd)
102 return;
103
104 if (hdev->req_status == HCI_REQ_PEND) {
105 hdev->req_result = result;
106 hdev->req_status = HCI_REQ_DONE;
107 wake_up_interruptible(&hdev->req_wait_q);
108 }
109}
110
111static void hci_req_cancel(struct hci_dev *hdev, int err)
112{
113 BT_DBG("%s err 0x%2.2x", hdev->name, err);
114
115 if (hdev->req_status == HCI_REQ_PEND) {
116 hdev->req_result = err;
117 hdev->req_status = HCI_REQ_CANCELED;
118 wake_up_interruptible(&hdev->req_wait_q);
119 }
120}
121
122
123static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
124 unsigned long opt, __u32 timeout)
125{
126 DECLARE_WAITQUEUE(wait, current);
127 int err = 0;
128
129 BT_DBG("%s start", hdev->name);
130
131 hdev->req_status = HCI_REQ_PEND;
132
133 add_wait_queue(&hdev->req_wait_q, &wait);
134 set_current_state(TASK_INTERRUPTIBLE);
135
136 req(hdev, opt);
137 schedule_timeout(timeout);
138
139 remove_wait_queue(&hdev->req_wait_q, &wait);
140
141 if (signal_pending(current))
142 return -EINTR;
143
144 switch (hdev->req_status) {
145 case HCI_REQ_DONE:
146 err = -bt_to_errno(hdev->req_result);
147 break;
148
149 case HCI_REQ_CANCELED:
150 err = -hdev->req_result;
151 break;
152
153 default:
154 err = -ETIMEDOUT;
155 break;
156 }
157
158 hdev->req_status = hdev->req_result = 0;
159
160 BT_DBG("%s end: err %d", hdev->name, err);
161
162 return err;
163}
164
165static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
166 unsigned long opt, __u32 timeout)
167{
168 int ret;
169
170 if (!test_bit(HCI_UP, &hdev->flags))
171 return -ENETDOWN;
172
173
174 hci_req_lock(hdev);
175 ret = __hci_request(hdev, req, opt, timeout);
176 hci_req_unlock(hdev);
177
178 return ret;
179}
180
181static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
182{
183 BT_DBG("%s %ld", hdev->name, opt);
184
185
186 set_bit(HCI_RESET, &hdev->flags);
187 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
188}
189
190static void bredr_init(struct hci_dev *hdev)
191{
192 struct hci_cp_delete_stored_link_key cp;
193 __le16 param;
194 __u8 flt_type;
195
196 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
197
198
199
200
201 if (!test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
202 set_bit(HCI_RESET, &hdev->flags);
203 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
204 }
205
206
207 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
208
209
210 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
211
212
213 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
214
215
216 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
217
218
219 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
220
221
222 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
223
224
225 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
226
227
228
229
230 flt_type = HCI_FLT_CLEAR_ALL;
231 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
232
233
234 param = cpu_to_le16(0x7d00);
235 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
236
237 bacpy(&cp.bdaddr, BDADDR_ANY);
238 cp.delete_all = 1;
239 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
240}
241
242static void amp_init(struct hci_dev *hdev)
243{
244 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
245
246
247 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
248
249
250 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
251}
252
253static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
254{
255 struct sk_buff *skb;
256
257 BT_DBG("%s %ld", hdev->name, opt);
258
259
260
261
262 while ((skb = skb_dequeue(&hdev->driver_init))) {
263 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
264 skb->dev = (void *) hdev;
265
266 skb_queue_tail(&hdev->cmd_q, skb);
267 queue_work(hdev->workqueue, &hdev->cmd_work);
268 }
269 skb_queue_purge(&hdev->driver_init);
270
271 switch (hdev->dev_type) {
272 case HCI_BREDR:
273 bredr_init(hdev);
274 break;
275
276 case HCI_AMP:
277 amp_init(hdev);
278 break;
279
280 default:
281 BT_ERR("Unknown device type %d", hdev->dev_type);
282 break;
283 }
284
285}
286
287static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt)
288{
289 BT_DBG("%s", hdev->name);
290
291
292 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
293}
294
295static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
296{
297 __u8 scan = opt;
298
299 BT_DBG("%s %x", hdev->name, scan);
300
301
302 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
303}
304
305static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
306{
307 __u8 auth = opt;
308
309 BT_DBG("%s %x", hdev->name, auth);
310
311
312 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
313}
314
315static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
316{
317 __u8 encrypt = opt;
318
319 BT_DBG("%s %x", hdev->name, encrypt);
320
321
322 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
323}
324
325static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
326{
327 __le16 policy = cpu_to_le16(opt);
328
329 BT_DBG("%s %x", hdev->name, policy);
330
331
332 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
333}
334
335
336
337struct hci_dev *hci_dev_get(int index)
338{
339 struct hci_dev *hdev = NULL, *d;
340
341 BT_DBG("%d", index);
342
343 if (index < 0)
344 return NULL;
345
346 read_lock(&hci_dev_list_lock);
347 list_for_each_entry(d, &hci_dev_list, list) {
348 if (d->id == index) {
349 hdev = hci_dev_hold(d);
350 break;
351 }
352 }
353 read_unlock(&hci_dev_list_lock);
354 return hdev;
355}
356
357
358static void inquiry_cache_flush(struct hci_dev *hdev)
359{
360 struct inquiry_cache *cache = &hdev->inq_cache;
361 struct inquiry_entry *next = cache->list, *e;
362
363 BT_DBG("cache %p", cache);
364
365 cache->list = NULL;
366 while ((e = next)) {
367 next = e->next;
368 kfree(e);
369 }
370}
371
372struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
373{
374 struct inquiry_cache *cache = &hdev->inq_cache;
375 struct inquiry_entry *e;
376
377 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
378
379 for (e = cache->list; e; e = e->next)
380 if (!bacmp(&e->data.bdaddr, bdaddr))
381 break;
382 return e;
383}
384
385void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data)
386{
387 struct inquiry_cache *cache = &hdev->inq_cache;
388 struct inquiry_entry *ie;
389
390 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
391
392 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
393 if (!ie) {
394
395 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
396 if (!ie)
397 return;
398
399 ie->next = cache->list;
400 cache->list = ie;
401 }
402
403 memcpy(&ie->data, data, sizeof(*data));
404 ie->timestamp = jiffies;
405 cache->timestamp = jiffies;
406}
407
408static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
409{
410 struct inquiry_cache *cache = &hdev->inq_cache;
411 struct inquiry_info *info = (struct inquiry_info *) buf;
412 struct inquiry_entry *e;
413 int copied = 0;
414
415 for (e = cache->list; e && copied < num; e = e->next, copied++) {
416 struct inquiry_data *data = &e->data;
417 bacpy(&info->bdaddr, &data->bdaddr);
418 info->pscan_rep_mode = data->pscan_rep_mode;
419 info->pscan_period_mode = data->pscan_period_mode;
420 info->pscan_mode = data->pscan_mode;
421 memcpy(info->dev_class, data->dev_class, 3);
422 info->clock_offset = data->clock_offset;
423 info++;
424 }
425
426 BT_DBG("cache %p, copied %d", cache, copied);
427 return copied;
428}
429
430static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
431{
432 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
433 struct hci_cp_inquiry cp;
434
435 BT_DBG("%s", hdev->name);
436
437 if (test_bit(HCI_INQUIRY, &hdev->flags))
438 return;
439
440
441 memcpy(&cp.lap, &ir->lap, 3);
442 cp.length = ir->length;
443 cp.num_rsp = ir->num_rsp;
444 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
445}
446
447int hci_inquiry(void __user *arg)
448{
449 __u8 __user *ptr = arg;
450 struct hci_inquiry_req ir;
451 struct hci_dev *hdev;
452 int err = 0, do_inquiry = 0, max_rsp;
453 long timeo;
454 __u8 *buf;
455
456 if (copy_from_user(&ir, ptr, sizeof(ir)))
457 return -EFAULT;
458
459 hdev = hci_dev_get(ir.dev_id);
460 if (!hdev)
461 return -ENODEV;
462
463 hci_dev_lock(hdev);
464 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
465 inquiry_cache_empty(hdev) ||
466 ir.flags & IREQ_CACHE_FLUSH) {
467 inquiry_cache_flush(hdev);
468 do_inquiry = 1;
469 }
470 hci_dev_unlock(hdev);
471
472 timeo = ir.length * msecs_to_jiffies(2000);
473
474 if (do_inquiry) {
475 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
476 if (err < 0)
477 goto done;
478 }
479
480
481 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
482
483
484
485
486 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
487 if (!buf) {
488 err = -ENOMEM;
489 goto done;
490 }
491
492 hci_dev_lock(hdev);
493 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
494 hci_dev_unlock(hdev);
495
496 BT_DBG("num_rsp %d", ir.num_rsp);
497
498 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
499 ptr += sizeof(ir);
500 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
501 ir.num_rsp))
502 err = -EFAULT;
503 } else
504 err = -EFAULT;
505
506 kfree(buf);
507
508done:
509 hci_dev_put(hdev);
510 return err;
511}
512
513
514
515int hci_dev_open(__u16 dev)
516{
517 struct hci_dev *hdev;
518 int ret = 0;
519
520 hdev = hci_dev_get(dev);
521 if (!hdev)
522 return -ENODEV;
523
524 BT_DBG("%s %p", hdev->name, hdev);
525
526 hci_req_lock(hdev);
527
528 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
529 ret = -ENODEV;
530 goto done;
531 }
532
533 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
534 ret = -ERFKILL;
535 goto done;
536 }
537
538 if (test_bit(HCI_UP, &hdev->flags)) {
539 ret = -EALREADY;
540 goto done;
541 }
542
543 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
544 set_bit(HCI_RAW, &hdev->flags);
545
546
547
548 if (hdev->dev_type != HCI_BREDR && !enable_hs)
549 set_bit(HCI_RAW, &hdev->flags);
550
551 if (hdev->open(hdev)) {
552 ret = -EIO;
553 goto done;
554 }
555
556 if (!test_bit(HCI_RAW, &hdev->flags)) {
557 atomic_set(&hdev->cmd_cnt, 1);
558 set_bit(HCI_INIT, &hdev->flags);
559 hdev->init_last_cmd = 0;
560
561 ret = __hci_request(hdev, hci_init_req, 0,
562 msecs_to_jiffies(HCI_INIT_TIMEOUT));
563
564 if (lmp_host_le_capable(hdev))
565 ret = __hci_request(hdev, hci_le_init_req, 0,
566 msecs_to_jiffies(HCI_INIT_TIMEOUT));
567
568 clear_bit(HCI_INIT, &hdev->flags);
569 }
570
571 if (!ret) {
572 hci_dev_hold(hdev);
573 set_bit(HCI_UP, &hdev->flags);
574 hci_notify(hdev, HCI_DEV_UP);
575 if (!test_bit(HCI_SETUP, &hdev->flags)) {
576 hci_dev_lock(hdev);
577 mgmt_powered(hdev, 1);
578 hci_dev_unlock(hdev);
579 }
580 } else {
581
582 flush_work(&hdev->tx_work);
583 flush_work(&hdev->cmd_work);
584 flush_work(&hdev->rx_work);
585
586 skb_queue_purge(&hdev->cmd_q);
587 skb_queue_purge(&hdev->rx_q);
588
589 if (hdev->flush)
590 hdev->flush(hdev);
591
592 if (hdev->sent_cmd) {
593 kfree_skb(hdev->sent_cmd);
594 hdev->sent_cmd = NULL;
595 }
596
597 hdev->close(hdev);
598 hdev->flags = 0;
599 }
600
601done:
602 hci_req_unlock(hdev);
603 hci_dev_put(hdev);
604 return ret;
605}
606
607static int hci_dev_do_close(struct hci_dev *hdev)
608{
609 BT_DBG("%s %p", hdev->name, hdev);
610
611 hci_req_cancel(hdev, ENODEV);
612 hci_req_lock(hdev);
613
614 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
615 del_timer_sync(&hdev->cmd_timer);
616 hci_req_unlock(hdev);
617 return 0;
618 }
619
620
621 flush_work(&hdev->tx_work);
622 flush_work(&hdev->rx_work);
623
624 if (hdev->discov_timeout > 0) {
625 cancel_delayed_work(&hdev->discov_off);
626 hdev->discov_timeout = 0;
627 }
628
629 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
630 cancel_delayed_work(&hdev->power_off);
631
632 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->flags))
633 cancel_delayed_work(&hdev->service_cache);
634
635 hci_dev_lock(hdev);
636 inquiry_cache_flush(hdev);
637 hci_conn_hash_flush(hdev);
638 hci_dev_unlock(hdev);
639
640 hci_notify(hdev, HCI_DEV_DOWN);
641
642 if (hdev->flush)
643 hdev->flush(hdev);
644
645
646 skb_queue_purge(&hdev->cmd_q);
647 atomic_set(&hdev->cmd_cnt, 1);
648 if (!test_bit(HCI_RAW, &hdev->flags) &&
649 test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
650 set_bit(HCI_INIT, &hdev->flags);
651 __hci_request(hdev, hci_reset_req, 0,
652 msecs_to_jiffies(250));
653 clear_bit(HCI_INIT, &hdev->flags);
654 }
655
656
657 flush_work(&hdev->cmd_work);
658
659
660 skb_queue_purge(&hdev->rx_q);
661 skb_queue_purge(&hdev->cmd_q);
662 skb_queue_purge(&hdev->raw_q);
663
664
665 if (hdev->sent_cmd) {
666 del_timer_sync(&hdev->cmd_timer);
667 kfree_skb(hdev->sent_cmd);
668 hdev->sent_cmd = NULL;
669 }
670
671
672
673 hdev->close(hdev);
674
675 hci_dev_lock(hdev);
676 mgmt_powered(hdev, 0);
677 hci_dev_unlock(hdev);
678
679
680 hdev->flags = 0;
681
682 hci_req_unlock(hdev);
683
684 hci_dev_put(hdev);
685 return 0;
686}
687
688int hci_dev_close(__u16 dev)
689{
690 struct hci_dev *hdev;
691 int err;
692
693 hdev = hci_dev_get(dev);
694 if (!hdev)
695 return -ENODEV;
696 err = hci_dev_do_close(hdev);
697 hci_dev_put(hdev);
698 return err;
699}
700
701int hci_dev_reset(__u16 dev)
702{
703 struct hci_dev *hdev;
704 int ret = 0;
705
706 hdev = hci_dev_get(dev);
707 if (!hdev)
708 return -ENODEV;
709
710 hci_req_lock(hdev);
711
712 if (!test_bit(HCI_UP, &hdev->flags))
713 goto done;
714
715
716 skb_queue_purge(&hdev->rx_q);
717 skb_queue_purge(&hdev->cmd_q);
718
719 hci_dev_lock(hdev);
720 inquiry_cache_flush(hdev);
721 hci_conn_hash_flush(hdev);
722 hci_dev_unlock(hdev);
723
724 if (hdev->flush)
725 hdev->flush(hdev);
726
727 atomic_set(&hdev->cmd_cnt, 1);
728 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
729
730 if (!test_bit(HCI_RAW, &hdev->flags))
731 ret = __hci_request(hdev, hci_reset_req, 0,
732 msecs_to_jiffies(HCI_INIT_TIMEOUT));
733
734done:
735 hci_req_unlock(hdev);
736 hci_dev_put(hdev);
737 return ret;
738}
739
740int hci_dev_reset_stat(__u16 dev)
741{
742 struct hci_dev *hdev;
743 int ret = 0;
744
745 hdev = hci_dev_get(dev);
746 if (!hdev)
747 return -ENODEV;
748
749 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
750
751 hci_dev_put(hdev);
752
753 return ret;
754}
755
756int hci_dev_cmd(unsigned int cmd, void __user *arg)
757{
758 struct hci_dev *hdev;
759 struct hci_dev_req dr;
760 int err = 0;
761
762 if (copy_from_user(&dr, arg, sizeof(dr)))
763 return -EFAULT;
764
765 hdev = hci_dev_get(dr.dev_id);
766 if (!hdev)
767 return -ENODEV;
768
769 switch (cmd) {
770 case HCISETAUTH:
771 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
772 msecs_to_jiffies(HCI_INIT_TIMEOUT));
773 break;
774
775 case HCISETENCRYPT:
776 if (!lmp_encrypt_capable(hdev)) {
777 err = -EOPNOTSUPP;
778 break;
779 }
780
781 if (!test_bit(HCI_AUTH, &hdev->flags)) {
782
783 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
784 msecs_to_jiffies(HCI_INIT_TIMEOUT));
785 if (err)
786 break;
787 }
788
789 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
790 msecs_to_jiffies(HCI_INIT_TIMEOUT));
791 break;
792
793 case HCISETSCAN:
794 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
795 msecs_to_jiffies(HCI_INIT_TIMEOUT));
796 break;
797
798 case HCISETLINKPOL:
799 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
800 msecs_to_jiffies(HCI_INIT_TIMEOUT));
801 break;
802
803 case HCISETLINKMODE:
804 hdev->link_mode = ((__u16) dr.dev_opt) &
805 (HCI_LM_MASTER | HCI_LM_ACCEPT);
806 break;
807
808 case HCISETPTYPE:
809 hdev->pkt_type = (__u16) dr.dev_opt;
810 break;
811
812 case HCISETACLMTU:
813 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
814 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
815 break;
816
817 case HCISETSCOMTU:
818 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
819 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
820 break;
821
822 default:
823 err = -EINVAL;
824 break;
825 }
826
827 hci_dev_put(hdev);
828 return err;
829}
830
831int hci_get_dev_list(void __user *arg)
832{
833 struct hci_dev *hdev;
834 struct hci_dev_list_req *dl;
835 struct hci_dev_req *dr;
836 int n = 0, size, err;
837 __u16 dev_num;
838
839 if (get_user(dev_num, (__u16 __user *) arg))
840 return -EFAULT;
841
842 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
843 return -EINVAL;
844
845 size = sizeof(*dl) + dev_num * sizeof(*dr);
846
847 dl = kzalloc(size, GFP_KERNEL);
848 if (!dl)
849 return -ENOMEM;
850
851 dr = dl->dev_req;
852
853 read_lock(&hci_dev_list_lock);
854 list_for_each_entry(hdev, &hci_dev_list, list) {
855 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
856 cancel_delayed_work(&hdev->power_off);
857
858 if (!test_bit(HCI_MGMT, &hdev->flags))
859 set_bit(HCI_PAIRABLE, &hdev->flags);
860
861 (dr + n)->dev_id = hdev->id;
862 (dr + n)->dev_opt = hdev->flags;
863
864 if (++n >= dev_num)
865 break;
866 }
867 read_unlock(&hci_dev_list_lock);
868
869 dl->dev_num = n;
870 size = sizeof(*dl) + n * sizeof(*dr);
871
872 err = copy_to_user(arg, dl, size);
873 kfree(dl);
874
875 return err ? -EFAULT : 0;
876}
877
878int hci_get_dev_info(void __user *arg)
879{
880 struct hci_dev *hdev;
881 struct hci_dev_info di;
882 int err = 0;
883
884 if (copy_from_user(&di, arg, sizeof(di)))
885 return -EFAULT;
886
887 hdev = hci_dev_get(di.dev_id);
888 if (!hdev)
889 return -ENODEV;
890
891 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
892 cancel_delayed_work_sync(&hdev->power_off);
893
894 if (!test_bit(HCI_MGMT, &hdev->flags))
895 set_bit(HCI_PAIRABLE, &hdev->flags);
896
897 strcpy(di.name, hdev->name);
898 di.bdaddr = hdev->bdaddr;
899 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
900 di.flags = hdev->flags;
901 di.pkt_type = hdev->pkt_type;
902 di.acl_mtu = hdev->acl_mtu;
903 di.acl_pkts = hdev->acl_pkts;
904 di.sco_mtu = hdev->sco_mtu;
905 di.sco_pkts = hdev->sco_pkts;
906 di.link_policy = hdev->link_policy;
907 di.link_mode = hdev->link_mode;
908
909 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
910 memcpy(&di.features, &hdev->features, sizeof(di.features));
911
912 if (copy_to_user(arg, &di, sizeof(di)))
913 err = -EFAULT;
914
915 hci_dev_put(hdev);
916
917 return err;
918}
919
920
921
922static int hci_rfkill_set_block(void *data, bool blocked)
923{
924 struct hci_dev *hdev = data;
925
926 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
927
928 if (!blocked)
929 return 0;
930
931 hci_dev_do_close(hdev);
932
933 return 0;
934}
935
936static const struct rfkill_ops hci_rfkill_ops = {
937 .set_block = hci_rfkill_set_block,
938};
939
940
941struct hci_dev *hci_alloc_dev(void)
942{
943 struct hci_dev *hdev;
944
945 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
946 if (!hdev)
947 return NULL;
948
949 hci_init_sysfs(hdev);
950 skb_queue_head_init(&hdev->driver_init);
951
952 return hdev;
953}
954EXPORT_SYMBOL(hci_alloc_dev);
955
956
957void hci_free_dev(struct hci_dev *hdev)
958{
959 skb_queue_purge(&hdev->driver_init);
960
961
962 put_device(&hdev->dev);
963}
964EXPORT_SYMBOL(hci_free_dev);
965
966static void hci_power_on(struct work_struct *work)
967{
968 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
969
970 BT_DBG("%s", hdev->name);
971
972 if (hci_dev_open(hdev->id) < 0)
973 return;
974
975 if (test_bit(HCI_AUTO_OFF, &hdev->flags))
976 schedule_delayed_work(&hdev->power_off,
977 msecs_to_jiffies(AUTO_OFF_TIMEOUT));
978
979 if (test_and_clear_bit(HCI_SETUP, &hdev->flags))
980 mgmt_index_added(hdev);
981}
982
983static void hci_power_off(struct work_struct *work)
984{
985 struct hci_dev *hdev = container_of(work, struct hci_dev,
986 power_off.work);
987
988 BT_DBG("%s", hdev->name);
989
990 clear_bit(HCI_AUTO_OFF, &hdev->flags);
991
992 hci_dev_close(hdev->id);
993}
994
995static void hci_discov_off(struct work_struct *work)
996{
997 struct hci_dev *hdev;
998 u8 scan = SCAN_PAGE;
999
1000 hdev = container_of(work, struct hci_dev, discov_off.work);
1001
1002 BT_DBG("%s", hdev->name);
1003
1004 hci_dev_lock(hdev);
1005
1006 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1007
1008 hdev->discov_timeout = 0;
1009
1010 hci_dev_unlock(hdev);
1011}
1012
1013int hci_uuids_clear(struct hci_dev *hdev)
1014{
1015 struct list_head *p, *n;
1016
1017 list_for_each_safe(p, n, &hdev->uuids) {
1018 struct bt_uuid *uuid;
1019
1020 uuid = list_entry(p, struct bt_uuid, list);
1021
1022 list_del(p);
1023 kfree(uuid);
1024 }
1025
1026 return 0;
1027}
1028
1029int hci_link_keys_clear(struct hci_dev *hdev)
1030{
1031 struct list_head *p, *n;
1032
1033 list_for_each_safe(p, n, &hdev->link_keys) {
1034 struct link_key *key;
1035
1036 key = list_entry(p, struct link_key, list);
1037
1038 list_del(p);
1039 kfree(key);
1040 }
1041
1042 return 0;
1043}
1044
1045struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1046{
1047 struct link_key *k;
1048
1049 list_for_each_entry(k, &hdev->link_keys, list)
1050 if (bacmp(bdaddr, &k->bdaddr) == 0)
1051 return k;
1052
1053 return NULL;
1054}
1055
1056static int hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1057 u8 key_type, u8 old_key_type)
1058{
1059
1060 if (key_type < 0x03)
1061 return 1;
1062
1063
1064 if (key_type == HCI_LK_DEBUG_COMBINATION)
1065 return 0;
1066
1067
1068 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1069 return 0;
1070
1071
1072 if (!conn)
1073 return 1;
1074
1075
1076 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1077 return 1;
1078
1079
1080 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1081 return 1;
1082
1083
1084 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1085 return 1;
1086
1087
1088
1089 return 0;
1090}
1091
1092struct link_key *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1093{
1094 struct link_key *k;
1095
1096 list_for_each_entry(k, &hdev->link_keys, list) {
1097 struct key_master_id *id;
1098
1099 if (k->type != HCI_LK_SMP_LTK)
1100 continue;
1101
1102 if (k->dlen != sizeof(*id))
1103 continue;
1104
1105 id = (void *) &k->data;
1106 if (id->ediv == ediv &&
1107 (memcmp(rand, id->rand, sizeof(id->rand)) == 0))
1108 return k;
1109 }
1110
1111 return NULL;
1112}
1113EXPORT_SYMBOL(hci_find_ltk);
1114
1115struct link_key *hci_find_link_key_type(struct hci_dev *hdev,
1116 bdaddr_t *bdaddr, u8 type)
1117{
1118 struct link_key *k;
1119
1120 list_for_each_entry(k, &hdev->link_keys, list)
1121 if (k->type == type && bacmp(bdaddr, &k->bdaddr) == 0)
1122 return k;
1123
1124 return NULL;
1125}
1126EXPORT_SYMBOL(hci_find_link_key_type);
1127
1128int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1129 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1130{
1131 struct link_key *key, *old_key;
1132 u8 old_key_type, persistent;
1133
1134 old_key = hci_find_link_key(hdev, bdaddr);
1135 if (old_key) {
1136 old_key_type = old_key->type;
1137 key = old_key;
1138 } else {
1139 old_key_type = conn ? conn->key_type : 0xff;
1140 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1141 if (!key)
1142 return -ENOMEM;
1143 list_add(&key->list, &hdev->link_keys);
1144 }
1145
1146 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type);
1147
1148
1149
1150
1151 if (type == HCI_LK_CHANGED_COMBINATION &&
1152 (!conn || conn->remote_auth == 0xff) &&
1153 old_key_type == 0xff) {
1154 type = HCI_LK_COMBINATION;
1155 if (conn)
1156 conn->key_type = type;
1157 }
1158
1159 bacpy(&key->bdaddr, bdaddr);
1160 memcpy(key->val, val, 16);
1161 key->pin_len = pin_len;
1162
1163 if (type == HCI_LK_CHANGED_COMBINATION)
1164 key->type = old_key_type;
1165 else
1166 key->type = type;
1167
1168 if (!new_key)
1169 return 0;
1170
1171 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1172
1173 mgmt_new_link_key(hdev, key, persistent);
1174
1175 if (!persistent) {
1176 list_del(&key->list);
1177 kfree(key);
1178 }
1179
1180 return 0;
1181}
1182
1183int hci_add_ltk(struct hci_dev *hdev, int new_key, bdaddr_t *bdaddr,
1184 u8 key_size, __le16 ediv, u8 rand[8], u8 ltk[16])
1185{
1186 struct link_key *key, *old_key;
1187 struct key_master_id *id;
1188 u8 old_key_type;
1189
1190 BT_DBG("%s addr %s", hdev->name, batostr(bdaddr));
1191
1192 old_key = hci_find_link_key_type(hdev, bdaddr, HCI_LK_SMP_LTK);
1193 if (old_key) {
1194 key = old_key;
1195 old_key_type = old_key->type;
1196 } else {
1197 key = kzalloc(sizeof(*key) + sizeof(*id), GFP_ATOMIC);
1198 if (!key)
1199 return -ENOMEM;
1200 list_add(&key->list, &hdev->link_keys);
1201 old_key_type = 0xff;
1202 }
1203
1204 key->dlen = sizeof(*id);
1205
1206 bacpy(&key->bdaddr, bdaddr);
1207 memcpy(key->val, ltk, sizeof(key->val));
1208 key->type = HCI_LK_SMP_LTK;
1209 key->pin_len = key_size;
1210
1211 id = (void *) &key->data;
1212 id->ediv = ediv;
1213 memcpy(id->rand, rand, sizeof(id->rand));
1214
1215 if (new_key)
1216 mgmt_new_link_key(hdev, key, old_key_type);
1217
1218 return 0;
1219}
1220
1221int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1222{
1223 struct link_key *key;
1224
1225 key = hci_find_link_key(hdev, bdaddr);
1226 if (!key)
1227 return -ENOENT;
1228
1229 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1230
1231 list_del(&key->list);
1232 kfree(key);
1233
1234 return 0;
1235}
1236
1237
1238static void hci_cmd_timer(unsigned long arg)
1239{
1240 struct hci_dev *hdev = (void *) arg;
1241
1242 BT_ERR("%s command tx timeout", hdev->name);
1243 atomic_set(&hdev->cmd_cnt, 1);
1244 queue_work(hdev->workqueue, &hdev->cmd_work);
1245}
1246
1247struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1248 bdaddr_t *bdaddr)
1249{
1250 struct oob_data *data;
1251
1252 list_for_each_entry(data, &hdev->remote_oob_data, list)
1253 if (bacmp(bdaddr, &data->bdaddr) == 0)
1254 return data;
1255
1256 return NULL;
1257}
1258
1259int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1260{
1261 struct oob_data *data;
1262
1263 data = hci_find_remote_oob_data(hdev, bdaddr);
1264 if (!data)
1265 return -ENOENT;
1266
1267 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1268
1269 list_del(&data->list);
1270 kfree(data);
1271
1272 return 0;
1273}
1274
1275int hci_remote_oob_data_clear(struct hci_dev *hdev)
1276{
1277 struct oob_data *data, *n;
1278
1279 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1280 list_del(&data->list);
1281 kfree(data);
1282 }
1283
1284 return 0;
1285}
1286
1287int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1288 u8 *randomizer)
1289{
1290 struct oob_data *data;
1291
1292 data = hci_find_remote_oob_data(hdev, bdaddr);
1293
1294 if (!data) {
1295 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1296 if (!data)
1297 return -ENOMEM;
1298
1299 bacpy(&data->bdaddr, bdaddr);
1300 list_add(&data->list, &hdev->remote_oob_data);
1301 }
1302
1303 memcpy(data->hash, hash, sizeof(data->hash));
1304 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1305
1306 BT_DBG("%s for %s", hdev->name, batostr(bdaddr));
1307
1308 return 0;
1309}
1310
1311struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev,
1312 bdaddr_t *bdaddr)
1313{
1314 struct bdaddr_list *b;
1315
1316 list_for_each_entry(b, &hdev->blacklist, list)
1317 if (bacmp(bdaddr, &b->bdaddr) == 0)
1318 return b;
1319
1320 return NULL;
1321}
1322
1323int hci_blacklist_clear(struct hci_dev *hdev)
1324{
1325 struct list_head *p, *n;
1326
1327 list_for_each_safe(p, n, &hdev->blacklist) {
1328 struct bdaddr_list *b;
1329
1330 b = list_entry(p, struct bdaddr_list, list);
1331
1332 list_del(p);
1333 kfree(b);
1334 }
1335
1336 return 0;
1337}
1338
1339int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr)
1340{
1341 struct bdaddr_list *entry;
1342
1343 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1344 return -EBADF;
1345
1346 if (hci_blacklist_lookup(hdev, bdaddr))
1347 return -EEXIST;
1348
1349 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
1350 if (!entry)
1351 return -ENOMEM;
1352
1353 bacpy(&entry->bdaddr, bdaddr);
1354
1355 list_add(&entry->list, &hdev->blacklist);
1356
1357 return mgmt_device_blocked(hdev, bdaddr);
1358}
1359
1360int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr)
1361{
1362 struct bdaddr_list *entry;
1363
1364 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1365 return hci_blacklist_clear(hdev);
1366
1367 entry = hci_blacklist_lookup(hdev, bdaddr);
1368 if (!entry)
1369 return -ENOENT;
1370
1371 list_del(&entry->list);
1372 kfree(entry);
1373
1374 return mgmt_device_unblocked(hdev, bdaddr);
1375}
1376
1377static void hci_clear_adv_cache(struct work_struct *work)
1378{
1379 struct hci_dev *hdev = container_of(work, struct hci_dev,
1380 adv_work.work);
1381
1382 hci_dev_lock(hdev);
1383
1384 hci_adv_entries_clear(hdev);
1385
1386 hci_dev_unlock(hdev);
1387}
1388
1389int hci_adv_entries_clear(struct hci_dev *hdev)
1390{
1391 struct adv_entry *entry, *tmp;
1392
1393 list_for_each_entry_safe(entry, tmp, &hdev->adv_entries, list) {
1394 list_del(&entry->list);
1395 kfree(entry);
1396 }
1397
1398 BT_DBG("%s adv cache cleared", hdev->name);
1399
1400 return 0;
1401}
1402
1403struct adv_entry *hci_find_adv_entry(struct hci_dev *hdev, bdaddr_t *bdaddr)
1404{
1405 struct adv_entry *entry;
1406
1407 list_for_each_entry(entry, &hdev->adv_entries, list)
1408 if (bacmp(bdaddr, &entry->bdaddr) == 0)
1409 return entry;
1410
1411 return NULL;
1412}
1413
1414static inline int is_connectable_adv(u8 evt_type)
1415{
1416 if (evt_type == ADV_IND || evt_type == ADV_DIRECT_IND)
1417 return 1;
1418
1419 return 0;
1420}
1421
1422int hci_add_adv_entry(struct hci_dev *hdev,
1423 struct hci_ev_le_advertising_info *ev)
1424{
1425 struct adv_entry *entry;
1426
1427 if (!is_connectable_adv(ev->evt_type))
1428 return -EINVAL;
1429
1430
1431
1432 if (hci_find_adv_entry(hdev, &ev->bdaddr))
1433 return 0;
1434
1435 entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
1436 if (!entry)
1437 return -ENOMEM;
1438
1439 bacpy(&entry->bdaddr, &ev->bdaddr);
1440 entry->bdaddr_type = ev->bdaddr_type;
1441
1442 list_add(&entry->list, &hdev->adv_entries);
1443
1444 BT_DBG("%s adv entry added: address %s type %u", hdev->name,
1445 batostr(&entry->bdaddr), entry->bdaddr_type);
1446
1447 return 0;
1448}
1449
1450
1451int hci_register_dev(struct hci_dev *hdev)
1452{
1453 struct list_head *head = &hci_dev_list, *p;
1454 int i, id, error;
1455
1456 BT_DBG("%p name %s bus %d owner %p", hdev, hdev->name,
1457 hdev->bus, hdev->owner);
1458
1459 if (!hdev->open || !hdev->close || !hdev->destruct)
1460 return -EINVAL;
1461
1462
1463
1464
1465 id = (hdev->dev_type == HCI_BREDR) ? 0 : 1;
1466
1467 write_lock(&hci_dev_list_lock);
1468
1469
1470 list_for_each(p, &hci_dev_list) {
1471 if (list_entry(p, struct hci_dev, list)->id != id)
1472 break;
1473 head = p; id++;
1474 }
1475
1476 sprintf(hdev->name, "hci%d", id);
1477 hdev->id = id;
1478 list_add_tail(&hdev->list, head);
1479
1480 atomic_set(&hdev->refcnt, 1);
1481 mutex_init(&hdev->lock);
1482
1483 hdev->flags = 0;
1484 hdev->dev_flags = 0;
1485 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
1486 hdev->esco_type = (ESCO_HV1);
1487 hdev->link_mode = (HCI_LM_ACCEPT);
1488 hdev->io_capability = 0x03;
1489
1490 hdev->idle_timeout = 0;
1491 hdev->sniff_max_interval = 800;
1492 hdev->sniff_min_interval = 80;
1493
1494 INIT_WORK(&hdev->rx_work, hci_rx_work);
1495 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
1496 INIT_WORK(&hdev->tx_work, hci_tx_work);
1497
1498
1499 skb_queue_head_init(&hdev->rx_q);
1500 skb_queue_head_init(&hdev->cmd_q);
1501 skb_queue_head_init(&hdev->raw_q);
1502
1503 setup_timer(&hdev->cmd_timer, hci_cmd_timer, (unsigned long) hdev);
1504
1505 for (i = 0; i < NUM_REASSEMBLY; i++)
1506 hdev->reassembly[i] = NULL;
1507
1508 init_waitqueue_head(&hdev->req_wait_q);
1509 mutex_init(&hdev->req_lock);
1510
1511 inquiry_cache_init(hdev);
1512
1513 hci_conn_hash_init(hdev);
1514
1515 INIT_LIST_HEAD(&hdev->mgmt_pending);
1516
1517 INIT_LIST_HEAD(&hdev->blacklist);
1518
1519 INIT_LIST_HEAD(&hdev->uuids);
1520
1521 INIT_LIST_HEAD(&hdev->link_keys);
1522
1523 INIT_LIST_HEAD(&hdev->remote_oob_data);
1524
1525 INIT_LIST_HEAD(&hdev->adv_entries);
1526
1527 INIT_DELAYED_WORK(&hdev->adv_work, hci_clear_adv_cache);
1528 INIT_WORK(&hdev->power_on, hci_power_on);
1529 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
1530
1531 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
1532
1533 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1534
1535 atomic_set(&hdev->promisc, 0);
1536
1537 write_unlock(&hci_dev_list_lock);
1538
1539 hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
1540 WQ_MEM_RECLAIM, 1);
1541 if (!hdev->workqueue) {
1542 error = -ENOMEM;
1543 goto err;
1544 }
1545
1546 error = hci_add_sysfs(hdev);
1547 if (error < 0)
1548 goto err_wqueue;
1549
1550 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
1551 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, hdev);
1552 if (hdev->rfkill) {
1553 if (rfkill_register(hdev->rfkill) < 0) {
1554 rfkill_destroy(hdev->rfkill);
1555 hdev->rfkill = NULL;
1556 }
1557 }
1558
1559 set_bit(HCI_AUTO_OFF, &hdev->flags);
1560 set_bit(HCI_SETUP, &hdev->flags);
1561 schedule_work(&hdev->power_on);
1562
1563 hci_notify(hdev, HCI_DEV_REG);
1564
1565 return id;
1566
1567err_wqueue:
1568 destroy_workqueue(hdev->workqueue);
1569err:
1570 write_lock(&hci_dev_list_lock);
1571 list_del(&hdev->list);
1572 write_unlock(&hci_dev_list_lock);
1573
1574 return error;
1575}
1576EXPORT_SYMBOL(hci_register_dev);
1577
1578
1579void hci_unregister_dev(struct hci_dev *hdev)
1580{
1581 int i;
1582
1583 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1584
1585 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
1586
1587 write_lock(&hci_dev_list_lock);
1588 list_del(&hdev->list);
1589 write_unlock(&hci_dev_list_lock);
1590
1591 hci_dev_do_close(hdev);
1592
1593 for (i = 0; i < NUM_REASSEMBLY; i++)
1594 kfree_skb(hdev->reassembly[i]);
1595
1596 if (!test_bit(HCI_INIT, &hdev->flags) &&
1597 !test_bit(HCI_SETUP, &hdev->flags)) {
1598 hci_dev_lock(hdev);
1599 mgmt_index_removed(hdev);
1600 hci_dev_unlock(hdev);
1601 }
1602
1603
1604
1605 BUG_ON(!list_empty(&hdev->mgmt_pending));
1606
1607 hci_notify(hdev, HCI_DEV_UNREG);
1608
1609 if (hdev->rfkill) {
1610 rfkill_unregister(hdev->rfkill);
1611 rfkill_destroy(hdev->rfkill);
1612 }
1613
1614 hci_del_sysfs(hdev);
1615
1616 cancel_delayed_work_sync(&hdev->adv_work);
1617
1618 destroy_workqueue(hdev->workqueue);
1619
1620 hci_dev_lock(hdev);
1621 hci_blacklist_clear(hdev);
1622 hci_uuids_clear(hdev);
1623 hci_link_keys_clear(hdev);
1624 hci_remote_oob_data_clear(hdev);
1625 hci_adv_entries_clear(hdev);
1626 hci_dev_unlock(hdev);
1627
1628 __hci_dev_put(hdev);
1629}
1630EXPORT_SYMBOL(hci_unregister_dev);
1631
1632
1633int hci_suspend_dev(struct hci_dev *hdev)
1634{
1635 hci_notify(hdev, HCI_DEV_SUSPEND);
1636 return 0;
1637}
1638EXPORT_SYMBOL(hci_suspend_dev);
1639
1640
1641int hci_resume_dev(struct hci_dev *hdev)
1642{
1643 hci_notify(hdev, HCI_DEV_RESUME);
1644 return 0;
1645}
1646EXPORT_SYMBOL(hci_resume_dev);
1647
1648
1649int hci_recv_frame(struct sk_buff *skb)
1650{
1651 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1652 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1653 && !test_bit(HCI_INIT, &hdev->flags))) {
1654 kfree_skb(skb);
1655 return -ENXIO;
1656 }
1657
1658
1659 bt_cb(skb)->incoming = 1;
1660
1661
1662 __net_timestamp(skb);
1663
1664 skb_queue_tail(&hdev->rx_q, skb);
1665 queue_work(hdev->workqueue, &hdev->rx_work);
1666
1667 return 0;
1668}
1669EXPORT_SYMBOL(hci_recv_frame);
1670
1671static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1672 int count, __u8 index)
1673{
1674 int len = 0;
1675 int hlen = 0;
1676 int remain = count;
1677 struct sk_buff *skb;
1678 struct bt_skb_cb *scb;
1679
1680 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1681 index >= NUM_REASSEMBLY)
1682 return -EILSEQ;
1683
1684 skb = hdev->reassembly[index];
1685
1686 if (!skb) {
1687 switch (type) {
1688 case HCI_ACLDATA_PKT:
1689 len = HCI_MAX_FRAME_SIZE;
1690 hlen = HCI_ACL_HDR_SIZE;
1691 break;
1692 case HCI_EVENT_PKT:
1693 len = HCI_MAX_EVENT_SIZE;
1694 hlen = HCI_EVENT_HDR_SIZE;
1695 break;
1696 case HCI_SCODATA_PKT:
1697 len = HCI_MAX_SCO_SIZE;
1698 hlen = HCI_SCO_HDR_SIZE;
1699 break;
1700 }
1701
1702 skb = bt_skb_alloc(len, GFP_ATOMIC);
1703 if (!skb)
1704 return -ENOMEM;
1705
1706 scb = (void *) skb->cb;
1707 scb->expect = hlen;
1708 scb->pkt_type = type;
1709
1710 skb->dev = (void *) hdev;
1711 hdev->reassembly[index] = skb;
1712 }
1713
1714 while (count) {
1715 scb = (void *) skb->cb;
1716 len = min(scb->expect, (__u16)count);
1717
1718 memcpy(skb_put(skb, len), data, len);
1719
1720 count -= len;
1721 data += len;
1722 scb->expect -= len;
1723 remain = count;
1724
1725 switch (type) {
1726 case HCI_EVENT_PKT:
1727 if (skb->len == HCI_EVENT_HDR_SIZE) {
1728 struct hci_event_hdr *h = hci_event_hdr(skb);
1729 scb->expect = h->plen;
1730
1731 if (skb_tailroom(skb) < scb->expect) {
1732 kfree_skb(skb);
1733 hdev->reassembly[index] = NULL;
1734 return -ENOMEM;
1735 }
1736 }
1737 break;
1738
1739 case HCI_ACLDATA_PKT:
1740 if (skb->len == HCI_ACL_HDR_SIZE) {
1741 struct hci_acl_hdr *h = hci_acl_hdr(skb);
1742 scb->expect = __le16_to_cpu(h->dlen);
1743
1744 if (skb_tailroom(skb) < scb->expect) {
1745 kfree_skb(skb);
1746 hdev->reassembly[index] = NULL;
1747 return -ENOMEM;
1748 }
1749 }
1750 break;
1751
1752 case HCI_SCODATA_PKT:
1753 if (skb->len == HCI_SCO_HDR_SIZE) {
1754 struct hci_sco_hdr *h = hci_sco_hdr(skb);
1755 scb->expect = h->dlen;
1756
1757 if (skb_tailroom(skb) < scb->expect) {
1758 kfree_skb(skb);
1759 hdev->reassembly[index] = NULL;
1760 return -ENOMEM;
1761 }
1762 }
1763 break;
1764 }
1765
1766 if (scb->expect == 0) {
1767
1768
1769 bt_cb(skb)->pkt_type = type;
1770 hci_recv_frame(skb);
1771
1772 hdev->reassembly[index] = NULL;
1773 return remain;
1774 }
1775 }
1776
1777 return remain;
1778}
1779
1780int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1781{
1782 int rem = 0;
1783
1784 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
1785 return -EILSEQ;
1786
1787 while (count) {
1788 rem = hci_reassembly(hdev, type, data, count, type - 1);
1789 if (rem < 0)
1790 return rem;
1791
1792 data += (count - rem);
1793 count = rem;
1794 }
1795
1796 return rem;
1797}
1798EXPORT_SYMBOL(hci_recv_fragment);
1799
1800#define STREAM_REASSEMBLY 0
1801
1802int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
1803{
1804 int type;
1805 int rem = 0;
1806
1807 while (count) {
1808 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
1809
1810 if (!skb) {
1811 struct { char type; } *pkt;
1812
1813
1814 pkt = data;
1815 type = pkt->type;
1816
1817 data++;
1818 count--;
1819 } else
1820 type = bt_cb(skb)->pkt_type;
1821
1822 rem = hci_reassembly(hdev, type, data, count,
1823 STREAM_REASSEMBLY);
1824 if (rem < 0)
1825 return rem;
1826
1827 data += (count - rem);
1828 count = rem;
1829 }
1830
1831 return rem;
1832}
1833EXPORT_SYMBOL(hci_recv_stream_fragment);
1834
1835
1836
1837int hci_register_cb(struct hci_cb *cb)
1838{
1839 BT_DBG("%p name %s", cb, cb->name);
1840
1841 write_lock(&hci_cb_list_lock);
1842 list_add(&cb->list, &hci_cb_list);
1843 write_unlock(&hci_cb_list_lock);
1844
1845 return 0;
1846}
1847EXPORT_SYMBOL(hci_register_cb);
1848
1849int hci_unregister_cb(struct hci_cb *cb)
1850{
1851 BT_DBG("%p name %s", cb, cb->name);
1852
1853 write_lock(&hci_cb_list_lock);
1854 list_del(&cb->list);
1855 write_unlock(&hci_cb_list_lock);
1856
1857 return 0;
1858}
1859EXPORT_SYMBOL(hci_unregister_cb);
1860
1861static int hci_send_frame(struct sk_buff *skb)
1862{
1863 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1864
1865 if (!hdev) {
1866 kfree_skb(skb);
1867 return -ENODEV;
1868 }
1869
1870 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
1871
1872 if (atomic_read(&hdev->promisc)) {
1873
1874 __net_timestamp(skb);
1875
1876 hci_send_to_sock(hdev, skb, NULL);
1877 }
1878
1879
1880 skb_orphan(skb);
1881
1882 return hdev->send(skb);
1883}
1884
1885
1886int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
1887{
1888 int len = HCI_COMMAND_HDR_SIZE + plen;
1889 struct hci_command_hdr *hdr;
1890 struct sk_buff *skb;
1891
1892 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen);
1893
1894 skb = bt_skb_alloc(len, GFP_ATOMIC);
1895 if (!skb) {
1896 BT_ERR("%s no memory for command", hdev->name);
1897 return -ENOMEM;
1898 }
1899
1900 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
1901 hdr->opcode = cpu_to_le16(opcode);
1902 hdr->plen = plen;
1903
1904 if (plen)
1905 memcpy(skb_put(skb, plen), param, plen);
1906
1907 BT_DBG("skb len %d", skb->len);
1908
1909 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
1910 skb->dev = (void *) hdev;
1911
1912 if (test_bit(HCI_INIT, &hdev->flags))
1913 hdev->init_last_cmd = opcode;
1914
1915 skb_queue_tail(&hdev->cmd_q, skb);
1916 queue_work(hdev->workqueue, &hdev->cmd_work);
1917
1918 return 0;
1919}
1920
1921
1922void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
1923{
1924 struct hci_command_hdr *hdr;
1925
1926 if (!hdev->sent_cmd)
1927 return NULL;
1928
1929 hdr = (void *) hdev->sent_cmd->data;
1930
1931 if (hdr->opcode != cpu_to_le16(opcode))
1932 return NULL;
1933
1934 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1935
1936 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
1937}
1938
1939
1940static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
1941{
1942 struct hci_acl_hdr *hdr;
1943 int len = skb->len;
1944
1945 skb_push(skb, HCI_ACL_HDR_SIZE);
1946 skb_reset_transport_header(skb);
1947 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
1948 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
1949 hdr->dlen = cpu_to_le16(len);
1950}
1951
1952static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
1953 struct sk_buff *skb, __u16 flags)
1954{
1955 struct hci_dev *hdev = conn->hdev;
1956 struct sk_buff *list;
1957
1958 list = skb_shinfo(skb)->frag_list;
1959 if (!list) {
1960
1961 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
1962
1963 skb_queue_tail(queue, skb);
1964 } else {
1965
1966 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1967
1968 skb_shinfo(skb)->frag_list = NULL;
1969
1970
1971 spin_lock(&queue->lock);
1972
1973 __skb_queue_tail(queue, skb);
1974
1975 flags &= ~ACL_START;
1976 flags |= ACL_CONT;
1977 do {
1978 skb = list; list = list->next;
1979
1980 skb->dev = (void *) hdev;
1981 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1982 hci_add_acl_hdr(skb, conn->handle, flags);
1983
1984 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1985
1986 __skb_queue_tail(queue, skb);
1987 } while (list);
1988
1989 spin_unlock(&queue->lock);
1990 }
1991}
1992
1993void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
1994{
1995 struct hci_conn *conn = chan->conn;
1996 struct hci_dev *hdev = conn->hdev;
1997
1998 BT_DBG("%s chan %p flags 0x%x", hdev->name, chan, flags);
1999
2000 skb->dev = (void *) hdev;
2001 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2002 hci_add_acl_hdr(skb, conn->handle, flags);
2003
2004 hci_queue_acl(conn, &chan->data_q, skb, flags);
2005
2006 queue_work(hdev->workqueue, &hdev->tx_work);
2007}
2008EXPORT_SYMBOL(hci_send_acl);
2009
2010
2011void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
2012{
2013 struct hci_dev *hdev = conn->hdev;
2014 struct hci_sco_hdr hdr;
2015
2016 BT_DBG("%s len %d", hdev->name, skb->len);
2017
2018 hdr.handle = cpu_to_le16(conn->handle);
2019 hdr.dlen = skb->len;
2020
2021 skb_push(skb, HCI_SCO_HDR_SIZE);
2022 skb_reset_transport_header(skb);
2023 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
2024
2025 skb->dev = (void *) hdev;
2026 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
2027
2028 skb_queue_tail(&conn->data_q, skb);
2029 queue_work(hdev->workqueue, &hdev->tx_work);
2030}
2031EXPORT_SYMBOL(hci_send_sco);
2032
2033
2034
2035
2036static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
2037{
2038 struct hci_conn_hash *h = &hdev->conn_hash;
2039 struct hci_conn *conn = NULL, *c;
2040 int num = 0, min = ~0;
2041
2042
2043
2044
2045 rcu_read_lock();
2046
2047 list_for_each_entry_rcu(c, &h->list, list) {
2048 if (c->type != type || skb_queue_empty(&c->data_q))
2049 continue;
2050
2051 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2052 continue;
2053
2054 num++;
2055
2056 if (c->sent < min) {
2057 min = c->sent;
2058 conn = c;
2059 }
2060
2061 if (hci_conn_num(hdev, type) == num)
2062 break;
2063 }
2064
2065 rcu_read_unlock();
2066
2067 if (conn) {
2068 int cnt, q;
2069
2070 switch (conn->type) {
2071 case ACL_LINK:
2072 cnt = hdev->acl_cnt;
2073 break;
2074 case SCO_LINK:
2075 case ESCO_LINK:
2076 cnt = hdev->sco_cnt;
2077 break;
2078 case LE_LINK:
2079 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2080 break;
2081 default:
2082 cnt = 0;
2083 BT_ERR("Unknown link type");
2084 }
2085
2086 q = cnt / num;
2087 *quote = q ? q : 1;
2088 } else
2089 *quote = 0;
2090
2091 BT_DBG("conn %p quote %d", conn, *quote);
2092 return conn;
2093}
2094
2095static inline void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2096{
2097 struct hci_conn_hash *h = &hdev->conn_hash;
2098 struct hci_conn *c;
2099
2100 BT_ERR("%s link tx timeout", hdev->name);
2101
2102 rcu_read_lock();
2103
2104
2105 list_for_each_entry_rcu(c, &h->list, list) {
2106 if (c->type == type && c->sent) {
2107 BT_ERR("%s killing stalled connection %s",
2108 hdev->name, batostr(&c->dst));
2109 hci_acl_disconn(c, 0x13);
2110 }
2111 }
2112
2113 rcu_read_unlock();
2114}
2115
2116static inline struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2117 int *quote)
2118{
2119 struct hci_conn_hash *h = &hdev->conn_hash;
2120 struct hci_chan *chan = NULL;
2121 int num = 0, min = ~0, cur_prio = 0;
2122 struct hci_conn *conn;
2123 int cnt, q, conn_num = 0;
2124
2125 BT_DBG("%s", hdev->name);
2126
2127 rcu_read_lock();
2128
2129 list_for_each_entry_rcu(conn, &h->list, list) {
2130 struct hci_chan *tmp;
2131
2132 if (conn->type != type)
2133 continue;
2134
2135 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2136 continue;
2137
2138 conn_num++;
2139
2140 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
2141 struct sk_buff *skb;
2142
2143 if (skb_queue_empty(&tmp->data_q))
2144 continue;
2145
2146 skb = skb_peek(&tmp->data_q);
2147 if (skb->priority < cur_prio)
2148 continue;
2149
2150 if (skb->priority > cur_prio) {
2151 num = 0;
2152 min = ~0;
2153 cur_prio = skb->priority;
2154 }
2155
2156 num++;
2157
2158 if (conn->sent < min) {
2159 min = conn->sent;
2160 chan = tmp;
2161 }
2162 }
2163
2164 if (hci_conn_num(hdev, type) == conn_num)
2165 break;
2166 }
2167
2168 rcu_read_unlock();
2169
2170 if (!chan)
2171 return NULL;
2172
2173 switch (chan->conn->type) {
2174 case ACL_LINK:
2175 cnt = hdev->acl_cnt;
2176 break;
2177 case SCO_LINK:
2178 case ESCO_LINK:
2179 cnt = hdev->sco_cnt;
2180 break;
2181 case LE_LINK:
2182 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2183 break;
2184 default:
2185 cnt = 0;
2186 BT_ERR("Unknown link type");
2187 }
2188
2189 q = cnt / num;
2190 *quote = q ? q : 1;
2191 BT_DBG("chan %p quote %d", chan, *quote);
2192 return chan;
2193}
2194
2195static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2196{
2197 struct hci_conn_hash *h = &hdev->conn_hash;
2198 struct hci_conn *conn;
2199 int num = 0;
2200
2201 BT_DBG("%s", hdev->name);
2202
2203 rcu_read_lock();
2204
2205 list_for_each_entry_rcu(conn, &h->list, list) {
2206 struct hci_chan *chan;
2207
2208 if (conn->type != type)
2209 continue;
2210
2211 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2212 continue;
2213
2214 num++;
2215
2216 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
2217 struct sk_buff *skb;
2218
2219 if (chan->sent) {
2220 chan->sent = 0;
2221 continue;
2222 }
2223
2224 if (skb_queue_empty(&chan->data_q))
2225 continue;
2226
2227 skb = skb_peek(&chan->data_q);
2228 if (skb->priority >= HCI_PRIO_MAX - 1)
2229 continue;
2230
2231 skb->priority = HCI_PRIO_MAX - 1;
2232
2233 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
2234 skb->priority);
2235 }
2236
2237 if (hci_conn_num(hdev, type) == num)
2238 break;
2239 }
2240
2241 rcu_read_unlock();
2242
2243}
2244
2245static inline void hci_sched_acl(struct hci_dev *hdev)
2246{
2247 struct hci_chan *chan;
2248 struct sk_buff *skb;
2249 int quote;
2250 unsigned int cnt;
2251
2252 BT_DBG("%s", hdev->name);
2253
2254 if (!hci_conn_num(hdev, ACL_LINK))
2255 return;
2256
2257 if (!test_bit(HCI_RAW, &hdev->flags)) {
2258
2259
2260 if (!hdev->acl_cnt && time_after(jiffies, hdev->acl_last_tx + HZ * 45))
2261 hci_link_tx_to(hdev, ACL_LINK);
2262 }
2263
2264 cnt = hdev->acl_cnt;
2265
2266 while (hdev->acl_cnt &&
2267 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
2268 u32 priority = (skb_peek(&chan->data_q))->priority;
2269 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2270 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2271 skb->len, skb->priority);
2272
2273
2274 if (skb->priority < priority)
2275 break;
2276
2277 skb = skb_dequeue(&chan->data_q);
2278
2279 hci_conn_enter_active_mode(chan->conn,
2280 bt_cb(skb)->force_active);
2281
2282 hci_send_frame(skb);
2283 hdev->acl_last_tx = jiffies;
2284
2285 hdev->acl_cnt--;
2286 chan->sent++;
2287 chan->conn->sent++;
2288 }
2289 }
2290
2291 if (cnt != hdev->acl_cnt)
2292 hci_prio_recalculate(hdev, ACL_LINK);
2293}
2294
2295
2296static inline void hci_sched_sco(struct hci_dev *hdev)
2297{
2298 struct hci_conn *conn;
2299 struct sk_buff *skb;
2300 int quote;
2301
2302 BT_DBG("%s", hdev->name);
2303
2304 if (!hci_conn_num(hdev, SCO_LINK))
2305 return;
2306
2307 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
2308 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2309 BT_DBG("skb %p len %d", skb, skb->len);
2310 hci_send_frame(skb);
2311
2312 conn->sent++;
2313 if (conn->sent == ~0)
2314 conn->sent = 0;
2315 }
2316 }
2317}
2318
2319static inline void hci_sched_esco(struct hci_dev *hdev)
2320{
2321 struct hci_conn *conn;
2322 struct sk_buff *skb;
2323 int quote;
2324
2325 BT_DBG("%s", hdev->name);
2326
2327 if (!hci_conn_num(hdev, ESCO_LINK))
2328 return;
2329
2330 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, "e))) {
2331 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2332 BT_DBG("skb %p len %d", skb, skb->len);
2333 hci_send_frame(skb);
2334
2335 conn->sent++;
2336 if (conn->sent == ~0)
2337 conn->sent = 0;
2338 }
2339 }
2340}
2341
2342static inline void hci_sched_le(struct hci_dev *hdev)
2343{
2344 struct hci_chan *chan;
2345 struct sk_buff *skb;
2346 int quote, cnt, tmp;
2347
2348 BT_DBG("%s", hdev->name);
2349
2350 if (!hci_conn_num(hdev, LE_LINK))
2351 return;
2352
2353 if (!test_bit(HCI_RAW, &hdev->flags)) {
2354
2355
2356 if (!hdev->le_cnt && hdev->le_pkts &&
2357 time_after(jiffies, hdev->le_last_tx + HZ * 45))
2358 hci_link_tx_to(hdev, LE_LINK);
2359 }
2360
2361 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
2362 tmp = cnt;
2363 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
2364 u32 priority = (skb_peek(&chan->data_q))->priority;
2365 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2366 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2367 skb->len, skb->priority);
2368
2369
2370 if (skb->priority < priority)
2371 break;
2372
2373 skb = skb_dequeue(&chan->data_q);
2374
2375 hci_send_frame(skb);
2376 hdev->le_last_tx = jiffies;
2377
2378 cnt--;
2379 chan->sent++;
2380 chan->conn->sent++;
2381 }
2382 }
2383
2384 if (hdev->le_pkts)
2385 hdev->le_cnt = cnt;
2386 else
2387 hdev->acl_cnt = cnt;
2388
2389 if (cnt != tmp)
2390 hci_prio_recalculate(hdev, LE_LINK);
2391}
2392
2393static void hci_tx_work(struct work_struct *work)
2394{
2395 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
2396 struct sk_buff *skb;
2397
2398 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
2399 hdev->sco_cnt, hdev->le_cnt);
2400
2401
2402
2403 hci_sched_acl(hdev);
2404
2405 hci_sched_sco(hdev);
2406
2407 hci_sched_esco(hdev);
2408
2409 hci_sched_le(hdev);
2410
2411
2412 while ((skb = skb_dequeue(&hdev->raw_q)))
2413 hci_send_frame(skb);
2414}
2415
2416
2417
2418
2419static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2420{
2421 struct hci_acl_hdr *hdr = (void *) skb->data;
2422 struct hci_conn *conn;
2423 __u16 handle, flags;
2424
2425 skb_pull(skb, HCI_ACL_HDR_SIZE);
2426
2427 handle = __le16_to_cpu(hdr->handle);
2428 flags = hci_flags(handle);
2429 handle = hci_handle(handle);
2430
2431 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
2432
2433 hdev->stat.acl_rx++;
2434
2435 hci_dev_lock(hdev);
2436 conn = hci_conn_hash_lookup_handle(hdev, handle);
2437 hci_dev_unlock(hdev);
2438
2439 if (conn) {
2440 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
2441
2442
2443 l2cap_recv_acldata(conn, skb, flags);
2444 return;
2445 } else {
2446 BT_ERR("%s ACL packet for unknown connection handle %d",
2447 hdev->name, handle);
2448 }
2449
2450 kfree_skb(skb);
2451}
2452
2453
2454static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2455{
2456 struct hci_sco_hdr *hdr = (void *) skb->data;
2457 struct hci_conn *conn;
2458 __u16 handle;
2459
2460 skb_pull(skb, HCI_SCO_HDR_SIZE);
2461
2462 handle = __le16_to_cpu(hdr->handle);
2463
2464 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
2465
2466 hdev->stat.sco_rx++;
2467
2468 hci_dev_lock(hdev);
2469 conn = hci_conn_hash_lookup_handle(hdev, handle);
2470 hci_dev_unlock(hdev);
2471
2472 if (conn) {
2473
2474 sco_recv_scodata(conn, skb);
2475 return;
2476 } else {
2477 BT_ERR("%s SCO packet for unknown connection handle %d",
2478 hdev->name, handle);
2479 }
2480
2481 kfree_skb(skb);
2482}
2483
2484static void hci_rx_work(struct work_struct *work)
2485{
2486 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
2487 struct sk_buff *skb;
2488
2489 BT_DBG("%s", hdev->name);
2490
2491 while ((skb = skb_dequeue(&hdev->rx_q))) {
2492 if (atomic_read(&hdev->promisc)) {
2493
2494 hci_send_to_sock(hdev, skb, NULL);
2495 }
2496
2497 if (test_bit(HCI_RAW, &hdev->flags)) {
2498 kfree_skb(skb);
2499 continue;
2500 }
2501
2502 if (test_bit(HCI_INIT, &hdev->flags)) {
2503
2504 switch (bt_cb(skb)->pkt_type) {
2505 case HCI_ACLDATA_PKT:
2506 case HCI_SCODATA_PKT:
2507 kfree_skb(skb);
2508 continue;
2509 }
2510 }
2511
2512
2513 switch (bt_cb(skb)->pkt_type) {
2514 case HCI_EVENT_PKT:
2515 BT_DBG("%s Event packet", hdev->name);
2516 hci_event_packet(hdev, skb);
2517 break;
2518
2519 case HCI_ACLDATA_PKT:
2520 BT_DBG("%s ACL data packet", hdev->name);
2521 hci_acldata_packet(hdev, skb);
2522 break;
2523
2524 case HCI_SCODATA_PKT:
2525 BT_DBG("%s SCO data packet", hdev->name);
2526 hci_scodata_packet(hdev, skb);
2527 break;
2528
2529 default:
2530 kfree_skb(skb);
2531 break;
2532 }
2533 }
2534}
2535
2536static void hci_cmd_work(struct work_struct *work)
2537{
2538 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
2539 struct sk_buff *skb;
2540
2541 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
2542
2543
2544 if (atomic_read(&hdev->cmd_cnt)) {
2545 skb = skb_dequeue(&hdev->cmd_q);
2546 if (!skb)
2547 return;
2548
2549 kfree_skb(hdev->sent_cmd);
2550
2551 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
2552 if (hdev->sent_cmd) {
2553 atomic_dec(&hdev->cmd_cnt);
2554 hci_send_frame(skb);
2555 if (test_bit(HCI_RESET, &hdev->flags))
2556 del_timer(&hdev->cmd_timer);
2557 else
2558 mod_timer(&hdev->cmd_timer,
2559 jiffies + msecs_to_jiffies(HCI_CMD_TIMEOUT));
2560 } else {
2561 skb_queue_head(&hdev->cmd_q, skb);
2562 queue_work(hdev->workqueue, &hdev->cmd_work);
2563 }
2564 }
2565}
2566
2567int hci_do_inquiry(struct hci_dev *hdev, u8 length)
2568{
2569
2570 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2571 struct hci_cp_inquiry cp;
2572
2573 BT_DBG("%s", hdev->name);
2574
2575 if (test_bit(HCI_INQUIRY, &hdev->flags))
2576 return -EINPROGRESS;
2577
2578 memset(&cp, 0, sizeof(cp));
2579 memcpy(&cp.lap, lap, sizeof(cp.lap));
2580 cp.length = length;
2581
2582 return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
2583}
2584
2585int hci_cancel_inquiry(struct hci_dev *hdev)
2586{
2587 BT_DBG("%s", hdev->name);
2588
2589 if (!test_bit(HCI_INQUIRY, &hdev->flags))
2590 return -EPERM;
2591
2592 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2593}
2594
2595module_param(enable_hs, bool, 0644);
2596MODULE_PARM_DESC(enable_hs, "Enable High Speed");
2597
