linux/net/bluetooth/hci_core.c
<<
>>
Prefs
   1/*
   2   BlueZ - Bluetooth protocol stack for Linux
   3   Copyright (C) 2000-2001 Qualcomm Incorporated
   4   Copyright (C) 2011 ProFUSION Embedded Systems
   5
   6   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
   7
   8   This program is free software; you can redistribute it and/or modify
   9   it under the terms of the GNU General Public License version 2 as
  10   published by the Free Software Foundation;
  11
  12   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  13   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  14   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  15   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  16   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  17   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  18   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  19   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  20
  21   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  22   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  23   SOFTWARE IS DISCLAIMED.
  24*/
  25
  26/* Bluetooth HCI core. */
  27
  28#include <linux/export.h>
  29#include <linux/idr.h>
  30
  31#include <linux/rfkill.h>
  32
  33#include <net/bluetooth/bluetooth.h>
  34#include <net/bluetooth/hci_core.h>
  35
  36static void hci_rx_work(struct work_struct *work);
  37static void hci_cmd_work(struct work_struct *work);
  38static void hci_tx_work(struct work_struct *work);
  39
  40/* HCI device list */
  41LIST_HEAD(hci_dev_list);
  42DEFINE_RWLOCK(hci_dev_list_lock);
  43
  44/* HCI callback list */
  45LIST_HEAD(hci_cb_list);
  46DEFINE_RWLOCK(hci_cb_list_lock);
  47
  48/* HCI ID Numbering */
  49static DEFINE_IDA(hci_index_ida);
  50
  51/* ---- HCI notifications ---- */
  52
  53static void hci_notify(struct hci_dev *hdev, int event)
  54{
  55        hci_sock_dev_event(hdev, event);
  56}
  57
  58/* ---- HCI requests ---- */
  59
  60void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
  61{
  62        BT_DBG("%s command 0x%4.4x result 0x%2.2x", hdev->name, cmd, result);
  63
  64        /* If this is the init phase check if the completed command matches
  65         * the last init command, and if not just return.
  66         */
  67        if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd) {
  68                struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
  69                u16 opcode = __le16_to_cpu(sent->opcode);
  70                struct sk_buff *skb;
  71
  72                /* Some CSR based controllers generate a spontaneous
  73                 * reset complete event during init and any pending
  74                 * command will never be completed. In such a case we
  75                 * need to resend whatever was the last sent
  76                 * command.
  77                 */
  78
  79                if (cmd != HCI_OP_RESET || opcode == HCI_OP_RESET)
  80                        return;
  81
  82                skb = skb_clone(hdev->sent_cmd, GFP_ATOMIC);
  83                if (skb) {
  84                        skb_queue_head(&hdev->cmd_q, skb);
  85                        queue_work(hdev->workqueue, &hdev->cmd_work);
  86                }
  87
  88                return;
  89        }
  90
  91        if (hdev->req_status == HCI_REQ_PEND) {
  92                hdev->req_result = result;
  93                hdev->req_status = HCI_REQ_DONE;
  94                wake_up_interruptible(&hdev->req_wait_q);
  95        }
  96}
  97
  98static void hci_req_cancel(struct hci_dev *hdev, int err)
  99{
 100        BT_DBG("%s err 0x%2.2x", hdev->name, err);
 101
 102        if (hdev->req_status == HCI_REQ_PEND) {
 103                hdev->req_result = err;
 104                hdev->req_status = HCI_REQ_CANCELED;
 105                wake_up_interruptible(&hdev->req_wait_q);
 106        }
 107}
 108
 109/* Execute request and wait for completion. */
 110static int __hci_request(struct hci_dev *hdev,
 111                         void (*req)(struct hci_dev *hdev, unsigned long opt),
 112                         unsigned long opt, __u32 timeout)
 113{
 114        DECLARE_WAITQUEUE(wait, current);
 115        int err = 0;
 116
 117        BT_DBG("%s start", hdev->name);
 118
 119        hdev->req_status = HCI_REQ_PEND;
 120
 121        add_wait_queue(&hdev->req_wait_q, &wait);
 122        set_current_state(TASK_INTERRUPTIBLE);
 123
 124        req(hdev, opt);
 125        schedule_timeout(timeout);
 126
 127        remove_wait_queue(&hdev->req_wait_q, &wait);
 128
 129        if (signal_pending(current))
 130                return -EINTR;
 131
 132        switch (hdev->req_status) {
 133        case HCI_REQ_DONE:
 134                err = -bt_to_errno(hdev->req_result);
 135                break;
 136
 137        case HCI_REQ_CANCELED:
 138                err = -hdev->req_result;
 139                break;
 140
 141        default:
 142                err = -ETIMEDOUT;
 143                break;
 144        }
 145
 146        hdev->req_status = hdev->req_result = 0;
 147
 148        BT_DBG("%s end: err %d", hdev->name, err);
 149
 150        return err;
 151}
 152
 153static int hci_request(struct hci_dev *hdev,
 154                       void (*req)(struct hci_dev *hdev, unsigned long opt),
 155                       unsigned long opt, __u32 timeout)
 156{
 157        int ret;
 158
 159        if (!test_bit(HCI_UP, &hdev->flags))
 160                return -ENETDOWN;
 161
 162        /* Serialize all requests */
 163        hci_req_lock(hdev);
 164        ret = __hci_request(hdev, req, opt, timeout);
 165        hci_req_unlock(hdev);
 166
 167        return ret;
 168}
 169
 170static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
 171{
 172        BT_DBG("%s %ld", hdev->name, opt);
 173
 174        /* Reset device */
 175        set_bit(HCI_RESET, &hdev->flags);
 176        hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
 177}
 178
 179static void bredr_init(struct hci_dev *hdev)
 180{
 181        struct hci_cp_delete_stored_link_key cp;
 182        __le16 param;
 183        __u8 flt_type;
 184
 185        hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
 186
 187        /* Mandatory initialization */
 188
 189        /* Read Local Supported Features */
 190        hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
 191
 192        /* Read Local Version */
 193        hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
 194
 195        /* Read Buffer Size (ACL mtu, max pkt, etc.) */
 196        hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
 197
 198        /* Read BD Address */
 199        hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
 200
 201        /* Read Class of Device */
 202        hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
 203
 204        /* Read Local Name */
 205        hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
 206
 207        /* Read Voice Setting */
 208        hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
 209
 210        /* Optional initialization */
 211
 212        /* Clear Event Filters */
 213        flt_type = HCI_FLT_CLEAR_ALL;
 214        hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
 215
 216        /* Connection accept timeout ~20 secs */
 217        param = __constant_cpu_to_le16(0x7d00);
 218        hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
 219
 220        bacpy(&cp.bdaddr, BDADDR_ANY);
 221        cp.delete_all = 1;
 222        hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
 223}
 224
 225static void amp_init(struct hci_dev *hdev)
 226{
 227        hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
 228
 229        /* Read Local Version */
 230        hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
 231
 232        /* Read Local AMP Info */
 233        hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
 234}
 235
 236static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
 237{
 238        struct sk_buff *skb;
 239
 240        BT_DBG("%s %ld", hdev->name, opt);
 241
 242        /* Driver initialization */
 243
 244        /* Special commands */
 245        while ((skb = skb_dequeue(&hdev->driver_init))) {
 246                bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
 247                skb->dev = (void *) hdev;
 248
 249                skb_queue_tail(&hdev->cmd_q, skb);
 250                queue_work(hdev->workqueue, &hdev->cmd_work);
 251        }
 252        skb_queue_purge(&hdev->driver_init);
 253
 254        /* Reset */
 255        if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
 256                hci_reset_req(hdev, 0);
 257
 258        switch (hdev->dev_type) {
 259        case HCI_BREDR:
 260                bredr_init(hdev);
 261                break;
 262
 263        case HCI_AMP:
 264                amp_init(hdev);
 265                break;
 266
 267        default:
 268                BT_ERR("Unknown device type %d", hdev->dev_type);
 269                break;
 270        }
 271
 272}
 273
 274static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt)
 275{
 276        BT_DBG("%s", hdev->name);
 277
 278        /* Read LE buffer size */
 279        hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
 280}
 281
 282static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
 283{
 284        __u8 scan = opt;
 285
 286        BT_DBG("%s %x", hdev->name, scan);
 287
 288        /* Inquiry and Page scans */
 289        hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
 290}
 291
 292static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
 293{
 294        __u8 auth = opt;
 295
 296        BT_DBG("%s %x", hdev->name, auth);
 297
 298        /* Authentication */
 299        hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
 300}
 301
 302static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
 303{
 304        __u8 encrypt = opt;
 305
 306        BT_DBG("%s %x", hdev->name, encrypt);
 307
 308        /* Encryption */
 309        hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
 310}
 311
 312static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
 313{
 314        __le16 policy = cpu_to_le16(opt);
 315
 316        BT_DBG("%s %x", hdev->name, policy);
 317
 318        /* Default link policy */
 319        hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
 320}
 321
 322/* Get HCI device by index.
 323 * Device is held on return. */
 324struct hci_dev *hci_dev_get(int index)
 325{
 326        struct hci_dev *hdev = NULL, *d;
 327
 328        BT_DBG("%d", index);
 329
 330        if (index < 0)
 331                return NULL;
 332
 333        read_lock(&hci_dev_list_lock);
 334        list_for_each_entry(d, &hci_dev_list, list) {
 335                if (d->id == index) {
 336                        hdev = hci_dev_hold(d);
 337                        break;
 338                }
 339        }
 340        read_unlock(&hci_dev_list_lock);
 341        return hdev;
 342}
 343
 344/* ---- Inquiry support ---- */
 345
 346bool hci_discovery_active(struct hci_dev *hdev)
 347{
 348        struct discovery_state *discov = &hdev->discovery;
 349
 350        switch (discov->state) {
 351        case DISCOVERY_FINDING:
 352        case DISCOVERY_RESOLVING:
 353                return true;
 354
 355        default:
 356                return false;
 357        }
 358}
 359
 360void hci_discovery_set_state(struct hci_dev *hdev, int state)
 361{
 362        BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
 363
 364        if (hdev->discovery.state == state)
 365                return;
 366
 367        switch (state) {
 368        case DISCOVERY_STOPPED:
 369                if (hdev->discovery.state != DISCOVERY_STARTING)
 370                        mgmt_discovering(hdev, 0);
 371                break;
 372        case DISCOVERY_STARTING:
 373                break;
 374        case DISCOVERY_FINDING:
 375                mgmt_discovering(hdev, 1);
 376                break;
 377        case DISCOVERY_RESOLVING:
 378                break;
 379        case DISCOVERY_STOPPING:
 380                break;
 381        }
 382
 383        hdev->discovery.state = state;
 384}
 385
 386static void inquiry_cache_flush(struct hci_dev *hdev)
 387{
 388        struct discovery_state *cache = &hdev->discovery;
 389        struct inquiry_entry *p, *n;
 390
 391        list_for_each_entry_safe(p, n, &cache->all, all) {
 392                list_del(&p->all);
 393                kfree(p);
 394        }
 395
 396        INIT_LIST_HEAD(&cache->unknown);
 397        INIT_LIST_HEAD(&cache->resolve);
 398}
 399
 400struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
 401                                               bdaddr_t *bdaddr)
 402{
 403        struct discovery_state *cache = &hdev->discovery;
 404        struct inquiry_entry *e;
 405
 406        BT_DBG("cache %p, %s", cache, batostr(bdaddr));
 407
 408        list_for_each_entry(e, &cache->all, all) {
 409                if (!bacmp(&e->data.bdaddr, bdaddr))
 410                        return e;
 411        }
 412
 413        return NULL;
 414}
 415
 416struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
 417                                                       bdaddr_t *bdaddr)
 418{
 419        struct discovery_state *cache = &hdev->discovery;
 420        struct inquiry_entry *e;
 421
 422        BT_DBG("cache %p, %s", cache, batostr(bdaddr));
 423
 424        list_for_each_entry(e, &cache->unknown, list) {
 425                if (!bacmp(&e->data.bdaddr, bdaddr))
 426                        return e;
 427        }
 428
 429        return NULL;
 430}
 431
 432struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
 433                                                       bdaddr_t *bdaddr,
 434                                                       int state)
 435{
 436        struct discovery_state *cache = &hdev->discovery;
 437        struct inquiry_entry *e;
 438
 439        BT_DBG("cache %p bdaddr %s state %d", cache, batostr(bdaddr), state);
 440
 441        list_for_each_entry(e, &cache->resolve, list) {
 442                if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
 443                        return e;
 444                if (!bacmp(&e->data.bdaddr, bdaddr))
 445                        return e;
 446        }
 447
 448        return NULL;
 449}
 450
 451void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
 452                                      struct inquiry_entry *ie)
 453{
 454        struct discovery_state *cache = &hdev->discovery;
 455        struct list_head *pos = &cache->resolve;
 456        struct inquiry_entry *p;
 457
 458        list_del(&ie->list);
 459
 460        list_for_each_entry(p, &cache->resolve, list) {
 461                if (p->name_state != NAME_PENDING &&
 462                    abs(p->data.rssi) >= abs(ie->data.rssi))
 463                        break;
 464                pos = &p->list;
 465        }
 466
 467        list_add(&ie->list, pos);
 468}
 469
 470bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
 471                              bool name_known, bool *ssp)
 472{
 473        struct discovery_state *cache = &hdev->discovery;
 474        struct inquiry_entry *ie;
 475
 476        BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
 477
 478        if (ssp)
 479                *ssp = data->ssp_mode;
 480
 481        ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
 482        if (ie) {
 483                if (ie->data.ssp_mode && ssp)
 484                        *ssp = true;
 485
 486                if (ie->name_state == NAME_NEEDED &&
 487                    data->rssi != ie->data.rssi) {
 488                        ie->data.rssi = data->rssi;
 489                        hci_inquiry_cache_update_resolve(hdev, ie);
 490                }
 491
 492                goto update;
 493        }
 494
 495        /* Entry not in the cache. Add new one. */
 496        ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
 497        if (!ie)
 498                return false;
 499
 500        list_add(&ie->all, &cache->all);
 501
 502        if (name_known) {
 503                ie->name_state = NAME_KNOWN;
 504        } else {
 505                ie->name_state = NAME_NOT_KNOWN;
 506                list_add(&ie->list, &cache->unknown);
 507        }
 508
 509update:
 510        if (name_known && ie->name_state != NAME_KNOWN &&
 511            ie->name_state != NAME_PENDING) {
 512                ie->name_state = NAME_KNOWN;
 513                list_del(&ie->list);
 514        }
 515
 516        memcpy(&ie->data, data, sizeof(*data));
 517        ie->timestamp = jiffies;
 518        cache->timestamp = jiffies;
 519
 520        if (ie->name_state == NAME_NOT_KNOWN)
 521                return false;
 522
 523        return true;
 524}
 525
 526static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
 527{
 528        struct discovery_state *cache = &hdev->discovery;
 529        struct inquiry_info *info = (struct inquiry_info *) buf;
 530        struct inquiry_entry *e;
 531        int copied = 0;
 532
 533        list_for_each_entry(e, &cache->all, all) {
 534                struct inquiry_data *data = &e->data;
 535
 536                if (copied >= num)
 537                        break;
 538
 539                bacpy(&info->bdaddr, &data->bdaddr);
 540                info->pscan_rep_mode    = data->pscan_rep_mode;
 541                info->pscan_period_mode = data->pscan_period_mode;
 542                info->pscan_mode        = data->pscan_mode;
 543                memcpy(info->dev_class, data->dev_class, 3);
 544                info->clock_offset      = data->clock_offset;
 545
 546                info++;
 547                copied++;
 548        }
 549
 550        BT_DBG("cache %p, copied %d", cache, copied);
 551        return copied;
 552}
 553
 554static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
 555{
 556        struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
 557        struct hci_cp_inquiry cp;
 558
 559        BT_DBG("%s", hdev->name);
 560
 561        if (test_bit(HCI_INQUIRY, &hdev->flags))
 562                return;
 563
 564        /* Start Inquiry */
 565        memcpy(&cp.lap, &ir->lap, 3);
 566        cp.length  = ir->length;
 567        cp.num_rsp = ir->num_rsp;
 568        hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
 569}
 570
 571int hci_inquiry(void __user *arg)
 572{
 573        __u8 __user *ptr = arg;
 574        struct hci_inquiry_req ir;
 575        struct hci_dev *hdev;
 576        int err = 0, do_inquiry = 0, max_rsp;
 577        long timeo;
 578        __u8 *buf;
 579
 580        if (copy_from_user(&ir, ptr, sizeof(ir)))
 581                return -EFAULT;
 582
 583        hdev = hci_dev_get(ir.dev_id);
 584        if (!hdev)
 585                return -ENODEV;
 586
 587        hci_dev_lock(hdev);
 588        if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
 589            inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
 590                inquiry_cache_flush(hdev);
 591                do_inquiry = 1;
 592        }
 593        hci_dev_unlock(hdev);
 594
 595        timeo = ir.length * msecs_to_jiffies(2000);
 596
 597        if (do_inquiry) {
 598                err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
 599                if (err < 0)
 600                        goto done;
 601        }
 602
 603        /* for unlimited number of responses we will use buffer with
 604         * 255 entries
 605         */
 606        max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
 607
 608        /* cache_dump can't sleep. Therefore we allocate temp buffer and then
 609         * copy it to the user space.
 610         */
 611        buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
 612        if (!buf) {
 613                err = -ENOMEM;
 614                goto done;
 615        }
 616
 617        hci_dev_lock(hdev);
 618        ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
 619        hci_dev_unlock(hdev);
 620
 621        BT_DBG("num_rsp %d", ir.num_rsp);
 622
 623        if (!copy_to_user(ptr, &ir, sizeof(ir))) {
 624                ptr += sizeof(ir);
 625                if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
 626                                 ir.num_rsp))
 627                        err = -EFAULT;
 628        } else
 629                err = -EFAULT;
 630
 631        kfree(buf);
 632
 633done:
 634        hci_dev_put(hdev);
 635        return err;
 636}
 637
 638/* ---- HCI ioctl helpers ---- */
 639
 640int hci_dev_open(__u16 dev)
 641{
 642        struct hci_dev *hdev;
 643        int ret = 0;
 644
 645        hdev = hci_dev_get(dev);
 646        if (!hdev)
 647                return -ENODEV;
 648
 649        BT_DBG("%s %p", hdev->name, hdev);
 650
 651        hci_req_lock(hdev);
 652
 653        if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
 654                ret = -ENODEV;
 655                goto done;
 656        }
 657
 658        if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
 659                ret = -ERFKILL;
 660                goto done;
 661        }
 662
 663        if (test_bit(HCI_UP, &hdev->flags)) {
 664                ret = -EALREADY;
 665                goto done;
 666        }
 667
 668        if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
 669                set_bit(HCI_RAW, &hdev->flags);
 670
 671        /* Treat all non BR/EDR controllers as raw devices if
 672           enable_hs is not set */
 673        if (hdev->dev_type != HCI_BREDR && !enable_hs)
 674                set_bit(HCI_RAW, &hdev->flags);
 675
 676        if (hdev->open(hdev)) {
 677                ret = -EIO;
 678                goto done;
 679        }
 680
 681        if (!test_bit(HCI_RAW, &hdev->flags)) {
 682                atomic_set(&hdev->cmd_cnt, 1);
 683                set_bit(HCI_INIT, &hdev->flags);
 684                hdev->init_last_cmd = 0;
 685
 686                ret = __hci_request(hdev, hci_init_req, 0, HCI_INIT_TIMEOUT);
 687
 688                if (lmp_host_le_capable(hdev))
 689                        ret = __hci_request(hdev, hci_le_init_req, 0,
 690                                            HCI_INIT_TIMEOUT);
 691
 692                clear_bit(HCI_INIT, &hdev->flags);
 693        }
 694
 695        if (!ret) {
 696                hci_dev_hold(hdev);
 697                set_bit(HCI_UP, &hdev->flags);
 698                hci_notify(hdev, HCI_DEV_UP);
 699                if (!test_bit(HCI_SETUP, &hdev->dev_flags)) {
 700                        hci_dev_lock(hdev);
 701                        mgmt_powered(hdev, 1);
 702                        hci_dev_unlock(hdev);
 703                }
 704        } else {
 705                /* Init failed, cleanup */
 706                flush_work(&hdev->tx_work);
 707                flush_work(&hdev->cmd_work);
 708                flush_work(&hdev->rx_work);
 709
 710                skb_queue_purge(&hdev->cmd_q);
 711                skb_queue_purge(&hdev->rx_q);
 712
 713                if (hdev->flush)
 714                        hdev->flush(hdev);
 715
 716                if (hdev->sent_cmd) {
 717                        kfree_skb(hdev->sent_cmd);
 718                        hdev->sent_cmd = NULL;
 719                }
 720
 721                hdev->close(hdev);
 722                hdev->flags = 0;
 723        }
 724
 725done:
 726        hci_req_unlock(hdev);
 727        hci_dev_put(hdev);
 728        return ret;
 729}
 730
 731static int hci_dev_do_close(struct hci_dev *hdev)
 732{
 733        BT_DBG("%s %p", hdev->name, hdev);
 734
 735        cancel_work_sync(&hdev->le_scan);
 736
 737        cancel_delayed_work(&hdev->power_off);
 738
 739        hci_req_cancel(hdev, ENODEV);
 740        hci_req_lock(hdev);
 741
 742        if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
 743                del_timer_sync(&hdev->cmd_timer);
 744                hci_req_unlock(hdev);
 745                return 0;
 746        }
 747
 748        /* Flush RX and TX works */
 749        flush_work(&hdev->tx_work);
 750        flush_work(&hdev->rx_work);
 751
 752        if (hdev->discov_timeout > 0) {
 753                cancel_delayed_work(&hdev->discov_off);
 754                hdev->discov_timeout = 0;
 755                clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
 756        }
 757
 758        if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
 759                cancel_delayed_work(&hdev->service_cache);
 760
 761        cancel_delayed_work_sync(&hdev->le_scan_disable);
 762
 763        hci_dev_lock(hdev);
 764        inquiry_cache_flush(hdev);
 765        hci_conn_hash_flush(hdev);
 766        hci_dev_unlock(hdev);
 767
 768        hci_notify(hdev, HCI_DEV_DOWN);
 769
 770        if (hdev->flush)
 771                hdev->flush(hdev);
 772
 773        /* Reset device */
 774        skb_queue_purge(&hdev->cmd_q);
 775        atomic_set(&hdev->cmd_cnt, 1);
 776        if (!test_bit(HCI_RAW, &hdev->flags) &&
 777            test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
 778                set_bit(HCI_INIT, &hdev->flags);
 779                __hci_request(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
 780                clear_bit(HCI_INIT, &hdev->flags);
 781        }
 782
 783        /* flush cmd  work */
 784        flush_work(&hdev->cmd_work);
 785
 786        /* Drop queues */
 787        skb_queue_purge(&hdev->rx_q);
 788        skb_queue_purge(&hdev->cmd_q);
 789        skb_queue_purge(&hdev->raw_q);
 790
 791        /* Drop last sent command */
 792        if (hdev->sent_cmd) {
 793                del_timer_sync(&hdev->cmd_timer);
 794                kfree_skb(hdev->sent_cmd);
 795                hdev->sent_cmd = NULL;
 796        }
 797
 798        /* After this point our queues are empty
 799         * and no tasks are scheduled. */
 800        hdev->close(hdev);
 801
 802        if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
 803                hci_dev_lock(hdev);
 804                mgmt_powered(hdev, 0);
 805                hci_dev_unlock(hdev);
 806        }
 807
 808        /* Clear flags */
 809        hdev->flags = 0;
 810
 811        memset(hdev->eir, 0, sizeof(hdev->eir));
 812        memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
 813
 814        hci_req_unlock(hdev);
 815
 816        hci_dev_put(hdev);
 817        return 0;
 818}
 819
 820int hci_dev_close(__u16 dev)
 821{
 822        struct hci_dev *hdev;
 823        int err;
 824
 825        hdev = hci_dev_get(dev);
 826        if (!hdev)
 827                return -ENODEV;
 828
 829        if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
 830                cancel_delayed_work(&hdev->power_off);
 831
 832        err = hci_dev_do_close(hdev);
 833
 834        hci_dev_put(hdev);
 835        return err;
 836}
 837
 838int hci_dev_reset(__u16 dev)
 839{
 840        struct hci_dev *hdev;
 841        int ret = 0;
 842
 843        hdev = hci_dev_get(dev);
 844        if (!hdev)
 845                return -ENODEV;
 846
 847        hci_req_lock(hdev);
 848
 849        if (!test_bit(HCI_UP, &hdev->flags))
 850                goto done;
 851
 852        /* Drop queues */
 853        skb_queue_purge(&hdev->rx_q);
 854        skb_queue_purge(&hdev->cmd_q);
 855
 856        hci_dev_lock(hdev);
 857        inquiry_cache_flush(hdev);
 858        hci_conn_hash_flush(hdev);
 859        hci_dev_unlock(hdev);
 860
 861        if (hdev->flush)
 862                hdev->flush(hdev);
 863
 864        atomic_set(&hdev->cmd_cnt, 1);
 865        hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
 866
 867        if (!test_bit(HCI_RAW, &hdev->flags))
 868                ret = __hci_request(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
 869
 870done:
 871        hci_req_unlock(hdev);
 872        hci_dev_put(hdev);
 873        return ret;
 874}
 875
 876int hci_dev_reset_stat(__u16 dev)
 877{
 878        struct hci_dev *hdev;
 879        int ret = 0;
 880
 881        hdev = hci_dev_get(dev);
 882        if (!hdev)
 883                return -ENODEV;
 884
 885        memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
 886
 887        hci_dev_put(hdev);
 888
 889        return ret;
 890}
 891
 892int hci_dev_cmd(unsigned int cmd, void __user *arg)
 893{
 894        struct hci_dev *hdev;
 895        struct hci_dev_req dr;
 896        int err = 0;
 897
 898        if (copy_from_user(&dr, arg, sizeof(dr)))
 899                return -EFAULT;
 900
 901        hdev = hci_dev_get(dr.dev_id);
 902        if (!hdev)
 903                return -ENODEV;
 904
 905        switch (cmd) {
 906        case HCISETAUTH:
 907                err = hci_request(hdev, hci_auth_req, dr.dev_opt,
 908                                  HCI_INIT_TIMEOUT);
 909                break;
 910
 911        case HCISETENCRYPT:
 912                if (!lmp_encrypt_capable(hdev)) {
 913                        err = -EOPNOTSUPP;
 914                        break;
 915                }
 916
 917                if (!test_bit(HCI_AUTH, &hdev->flags)) {
 918                        /* Auth must be enabled first */
 919                        err = hci_request(hdev, hci_auth_req, dr.dev_opt,
 920                                          HCI_INIT_TIMEOUT);
 921                        if (err)
 922                                break;
 923                }
 924
 925                err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
 926                                  HCI_INIT_TIMEOUT);
 927                break;
 928
 929        case HCISETSCAN:
 930                err = hci_request(hdev, hci_scan_req, dr.dev_opt,
 931                                  HCI_INIT_TIMEOUT);
 932                break;
 933
 934        case HCISETLINKPOL:
 935                err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
 936                                  HCI_INIT_TIMEOUT);
 937                break;
 938
 939        case HCISETLINKMODE:
 940                hdev->link_mode = ((__u16) dr.dev_opt) &
 941                                        (HCI_LM_MASTER | HCI_LM_ACCEPT);
 942                break;
 943
 944        case HCISETPTYPE:
 945                hdev->pkt_type = (__u16) dr.dev_opt;
 946                break;
 947
 948        case HCISETACLMTU:
 949                hdev->acl_mtu  = *((__u16 *) &dr.dev_opt + 1);
 950                hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
 951                break;
 952
 953        case HCISETSCOMTU:
 954                hdev->sco_mtu  = *((__u16 *) &dr.dev_opt + 1);
 955                hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
 956                break;
 957
 958        default:
 959                err = -EINVAL;
 960                break;
 961        }
 962
 963        hci_dev_put(hdev);
 964        return err;
 965}
 966
 967int hci_get_dev_list(void __user *arg)
 968{
 969        struct hci_dev *hdev;
 970        struct hci_dev_list_req *dl;
 971        struct hci_dev_req *dr;
 972        int n = 0, size, err;
 973        __u16 dev_num;
 974
 975        if (get_user(dev_num, (__u16 __user *) arg))
 976                return -EFAULT;
 977
 978        if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
 979                return -EINVAL;
 980
 981        size = sizeof(*dl) + dev_num * sizeof(*dr);
 982
 983        dl = kzalloc(size, GFP_KERNEL);
 984        if (!dl)
 985                return -ENOMEM;
 986
 987        dr = dl->dev_req;
 988
 989        read_lock(&hci_dev_list_lock);
 990        list_for_each_entry(hdev, &hci_dev_list, list) {
 991                if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
 992                        cancel_delayed_work(&hdev->power_off);
 993
 994                if (!test_bit(HCI_MGMT, &hdev->dev_flags))
 995                        set_bit(HCI_PAIRABLE, &hdev->dev_flags);
 996
 997                (dr + n)->dev_id  = hdev->id;
 998                (dr + n)->dev_opt = hdev->flags;
 999
1000                if (++n >= dev_num)
1001                        break;
1002        }
1003        read_unlock(&hci_dev_list_lock);
1004
1005        dl->dev_num = n;
1006        size = sizeof(*dl) + n * sizeof(*dr);
1007
1008        err = copy_to_user(arg, dl, size);
1009        kfree(dl);
1010
1011        return err ? -EFAULT : 0;
1012}
1013
1014int hci_get_dev_info(void __user *arg)
1015{
1016        struct hci_dev *hdev;
1017        struct hci_dev_info di;
1018        int err = 0;
1019
1020        if (copy_from_user(&di, arg, sizeof(di)))
1021                return -EFAULT;
1022
1023        hdev = hci_dev_get(di.dev_id);
1024        if (!hdev)
1025                return -ENODEV;
1026
1027        if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1028                cancel_delayed_work_sync(&hdev->power_off);
1029
1030        if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1031                set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1032
1033        strcpy(di.name, hdev->name);
1034        di.bdaddr   = hdev->bdaddr;
1035        di.type     = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
1036        di.flags    = hdev->flags;
1037        di.pkt_type = hdev->pkt_type;
1038        di.acl_mtu  = hdev->acl_mtu;
1039        di.acl_pkts = hdev->acl_pkts;
1040        di.sco_mtu  = hdev->sco_mtu;
1041        di.sco_pkts = hdev->sco_pkts;
1042        di.link_policy = hdev->link_policy;
1043        di.link_mode   = hdev->link_mode;
1044
1045        memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
1046        memcpy(&di.features, &hdev->features, sizeof(di.features));
1047
1048        if (copy_to_user(arg, &di, sizeof(di)))
1049                err = -EFAULT;
1050
1051        hci_dev_put(hdev);
1052
1053        return err;
1054}
1055
1056/* ---- Interface to HCI drivers ---- */
1057
1058static int hci_rfkill_set_block(void *data, bool blocked)
1059{
1060        struct hci_dev *hdev = data;
1061
1062        BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
1063
1064        if (!blocked)
1065                return 0;
1066
1067        hci_dev_do_close(hdev);
1068
1069        return 0;
1070}
1071
1072static const struct rfkill_ops hci_rfkill_ops = {
1073        .set_block = hci_rfkill_set_block,
1074};
1075
1076static void hci_power_on(struct work_struct *work)
1077{
1078        struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
1079
1080        BT_DBG("%s", hdev->name);
1081
1082        if (hci_dev_open(hdev->id) < 0)
1083                return;
1084
1085        if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1086                schedule_delayed_work(&hdev->power_off, HCI_AUTO_OFF_TIMEOUT);
1087
1088        if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags))
1089                mgmt_index_added(hdev);
1090}
1091
1092static void hci_power_off(struct work_struct *work)
1093{
1094        struct hci_dev *hdev = container_of(work, struct hci_dev,
1095                                            power_off.work);
1096
1097        BT_DBG("%s", hdev->name);
1098
1099        hci_dev_do_close(hdev);
1100}
1101
1102static void hci_discov_off(struct work_struct *work)
1103{
1104        struct hci_dev *hdev;
1105        u8 scan = SCAN_PAGE;
1106
1107        hdev = container_of(work, struct hci_dev, discov_off.work);
1108
1109        BT_DBG("%s", hdev->name);
1110
1111        hci_dev_lock(hdev);
1112
1113        hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1114
1115        hdev->discov_timeout = 0;
1116
1117        hci_dev_unlock(hdev);
1118}
1119
1120int hci_uuids_clear(struct hci_dev *hdev)
1121{
1122        struct list_head *p, *n;
1123
1124        list_for_each_safe(p, n, &hdev->uuids) {
1125                struct bt_uuid *uuid;
1126
1127                uuid = list_entry(p, struct bt_uuid, list);
1128
1129                list_del(p);
1130                kfree(uuid);
1131        }
1132
1133        return 0;
1134}
1135
1136int hci_link_keys_clear(struct hci_dev *hdev)
1137{
1138        struct list_head *p, *n;
1139
1140        list_for_each_safe(p, n, &hdev->link_keys) {
1141                struct link_key *key;
1142
1143                key = list_entry(p, struct link_key, list);
1144
1145                list_del(p);
1146                kfree(key);
1147        }
1148
1149        return 0;
1150}
1151
1152int hci_smp_ltks_clear(struct hci_dev *hdev)
1153{
1154        struct smp_ltk *k, *tmp;
1155
1156        list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1157                list_del(&k->list);
1158                kfree(k);
1159        }
1160
1161        return 0;
1162}
1163
1164struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1165{
1166        struct link_key *k;
1167
1168        list_for_each_entry(k, &hdev->link_keys, list)
1169                if (bacmp(bdaddr, &k->bdaddr) == 0)
1170                        return k;
1171
1172        return NULL;
1173}
1174
1175static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1176                               u8 key_type, u8 old_key_type)
1177{
1178        /* Legacy key */
1179        if (key_type < 0x03)
1180                return true;
1181
1182        /* Debug keys are insecure so don't store them persistently */
1183        if (key_type == HCI_LK_DEBUG_COMBINATION)
1184                return false;
1185
1186        /* Changed combination key and there's no previous one */
1187        if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1188                return false;
1189
1190        /* Security mode 3 case */
1191        if (!conn)
1192                return true;
1193
1194        /* Neither local nor remote side had no-bonding as requirement */
1195        if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1196                return true;
1197
1198        /* Local side had dedicated bonding as requirement */
1199        if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1200                return true;
1201
1202        /* Remote side had dedicated bonding as requirement */
1203        if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1204                return true;
1205
1206        /* If none of the above criteria match, then don't store the key
1207         * persistently */
1208        return false;
1209}
1210
1211struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1212{
1213        struct smp_ltk *k;
1214
1215        list_for_each_entry(k, &hdev->long_term_keys, list) {
1216                if (k->ediv != ediv ||
1217                    memcmp(rand, k->rand, sizeof(k->rand)))
1218                        continue;
1219
1220                return k;
1221        }
1222
1223        return NULL;
1224}
1225
1226struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
1227                                     u8 addr_type)
1228{
1229        struct smp_ltk *k;
1230
1231        list_for_each_entry(k, &hdev->long_term_keys, list)
1232                if (addr_type == k->bdaddr_type &&
1233                    bacmp(bdaddr, &k->bdaddr) == 0)
1234                        return k;
1235
1236        return NULL;
1237}
1238
1239int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1240                     bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1241{
1242        struct link_key *key, *old_key;
1243        u8 old_key_type;
1244        bool persistent;
1245
1246        old_key = hci_find_link_key(hdev, bdaddr);
1247        if (old_key) {
1248                old_key_type = old_key->type;
1249                key = old_key;
1250        } else {
1251                old_key_type = conn ? conn->key_type : 0xff;
1252                key = kzalloc(sizeof(*key), GFP_ATOMIC);
1253                if (!key)
1254                        return -ENOMEM;
1255                list_add(&key->list, &hdev->link_keys);
1256        }
1257
1258        BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type);
1259
1260        /* Some buggy controller combinations generate a changed
1261         * combination key for legacy pairing even when there's no
1262         * previous key */
1263        if (type == HCI_LK_CHANGED_COMBINATION &&
1264            (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
1265                type = HCI_LK_COMBINATION;
1266                if (conn)
1267                        conn->key_type = type;
1268        }
1269
1270        bacpy(&key->bdaddr, bdaddr);
1271        memcpy(key->val, val, HCI_LINK_KEY_SIZE);
1272        key->pin_len = pin_len;
1273
1274        if (type == HCI_LK_CHANGED_COMBINATION)
1275                key->type = old_key_type;
1276        else
1277                key->type = type;
1278
1279        if (!new_key)
1280                return 0;
1281
1282        persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1283
1284        mgmt_new_link_key(hdev, key, persistent);
1285
1286        if (conn)
1287                conn->flush_key = !persistent;
1288
1289        return 0;
1290}
1291
1292int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type,
1293                int new_key, u8 authenticated, u8 tk[16], u8 enc_size, __le16
1294                ediv, u8 rand[8])
1295{
1296        struct smp_ltk *key, *old_key;
1297
1298        if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK))
1299                return 0;
1300
1301        old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type);
1302        if (old_key)
1303                key = old_key;
1304        else {
1305                key = kzalloc(sizeof(*key), GFP_ATOMIC);
1306                if (!key)
1307                        return -ENOMEM;
1308                list_add(&key->list, &hdev->long_term_keys);
1309        }
1310
1311        bacpy(&key->bdaddr, bdaddr);
1312        key->bdaddr_type = addr_type;
1313        memcpy(key->val, tk, sizeof(key->val));
1314        key->authenticated = authenticated;
1315        key->ediv = ediv;
1316        key->enc_size = enc_size;
1317        key->type = type;
1318        memcpy(key->rand, rand, sizeof(key->rand));
1319
1320        if (!new_key)
1321                return 0;
1322
1323        if (type & HCI_SMP_LTK)
1324                mgmt_new_ltk(hdev, key, 1);
1325
1326        return 0;
1327}
1328
1329int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1330{
1331        struct link_key *key;
1332
1333        key = hci_find_link_key(hdev, bdaddr);
1334        if (!key)
1335                return -ENOENT;
1336
1337        BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1338
1339        list_del(&key->list);
1340        kfree(key);
1341
1342        return 0;
1343}
1344
1345int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1346{
1347        struct smp_ltk *k, *tmp;
1348
1349        list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1350                if (bacmp(bdaddr, &k->bdaddr))
1351                        continue;
1352
1353                BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1354
1355                list_del(&k->list);
1356                kfree(k);
1357        }
1358
1359        return 0;
1360}
1361
1362/* HCI command timer function */
1363static void hci_cmd_timeout(unsigned long arg)
1364{
1365        struct hci_dev *hdev = (void *) arg;
1366
1367        if (hdev->sent_cmd) {
1368                struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
1369                u16 opcode = __le16_to_cpu(sent->opcode);
1370
1371                BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
1372        } else {
1373                BT_ERR("%s command tx timeout", hdev->name);
1374        }
1375
1376        atomic_set(&hdev->cmd_cnt, 1);
1377        queue_work(hdev->workqueue, &hdev->cmd_work);
1378}
1379
1380struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1381                                          bdaddr_t *bdaddr)
1382{
1383        struct oob_data *data;
1384
1385        list_for_each_entry(data, &hdev->remote_oob_data, list)
1386                if (bacmp(bdaddr, &data->bdaddr) == 0)
1387                        return data;
1388
1389        return NULL;
1390}
1391
1392int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1393{
1394        struct oob_data *data;
1395
1396        data = hci_find_remote_oob_data(hdev, bdaddr);
1397        if (!data)
1398                return -ENOENT;
1399
1400        BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1401
1402        list_del(&data->list);
1403        kfree(data);
1404
1405        return 0;
1406}
1407
1408int hci_remote_oob_data_clear(struct hci_dev *hdev)
1409{
1410        struct oob_data *data, *n;
1411
1412        list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1413                list_del(&data->list);
1414                kfree(data);
1415        }
1416
1417        return 0;
1418}
1419
1420int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1421                            u8 *randomizer)
1422{
1423        struct oob_data *data;
1424
1425        data = hci_find_remote_oob_data(hdev, bdaddr);
1426
1427        if (!data) {
1428                data = kmalloc(sizeof(*data), GFP_ATOMIC);
1429                if (!data)
1430                        return -ENOMEM;
1431
1432                bacpy(&data->bdaddr, bdaddr);
1433                list_add(&data->list, &hdev->remote_oob_data);
1434        }
1435
1436        memcpy(data->hash, hash, sizeof(data->hash));
1437        memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1438
1439        BT_DBG("%s for %s", hdev->name, batostr(bdaddr));
1440
1441        return 0;
1442}
1443
1444struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
1445{
1446        struct bdaddr_list *b;
1447
1448        list_for_each_entry(b, &hdev->blacklist, list)
1449                if (bacmp(bdaddr, &b->bdaddr) == 0)
1450                        return b;
1451
1452        return NULL;
1453}
1454
1455int hci_blacklist_clear(struct hci_dev *hdev)
1456{
1457        struct list_head *p, *n;
1458
1459        list_for_each_safe(p, n, &hdev->blacklist) {
1460                struct bdaddr_list *b;
1461
1462                b = list_entry(p, struct bdaddr_list, list);
1463
1464                list_del(p);
1465                kfree(b);
1466        }
1467
1468        return 0;
1469}
1470
1471int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1472{
1473        struct bdaddr_list *entry;
1474
1475        if (bacmp(bdaddr, BDADDR_ANY) == 0)
1476                return -EBADF;
1477
1478        if (hci_blacklist_lookup(hdev, bdaddr))
1479                return -EEXIST;
1480
1481        entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
1482        if (!entry)
1483                return -ENOMEM;
1484
1485        bacpy(&entry->bdaddr, bdaddr);
1486
1487        list_add(&entry->list, &hdev->blacklist);
1488
1489        return mgmt_device_blocked(hdev, bdaddr, type);
1490}
1491
1492int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1493{
1494        struct bdaddr_list *entry;
1495
1496        if (bacmp(bdaddr, BDADDR_ANY) == 0)
1497                return hci_blacklist_clear(hdev);
1498
1499        entry = hci_blacklist_lookup(hdev, bdaddr);
1500        if (!entry)
1501                return -ENOENT;
1502
1503        list_del(&entry->list);
1504        kfree(entry);
1505
1506        return mgmt_device_unblocked(hdev, bdaddr, type);
1507}
1508
1509static void le_scan_param_req(struct hci_dev *hdev, unsigned long opt)
1510{
1511        struct le_scan_params *param =  (struct le_scan_params *) opt;
1512        struct hci_cp_le_set_scan_param cp;
1513
1514        memset(&cp, 0, sizeof(cp));
1515        cp.type = param->type;
1516        cp.interval = cpu_to_le16(param->interval);
1517        cp.window = cpu_to_le16(param->window);
1518
1519        hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_PARAM, sizeof(cp), &cp);
1520}
1521
1522static void le_scan_enable_req(struct hci_dev *hdev, unsigned long opt)
1523{
1524        struct hci_cp_le_set_scan_enable cp;
1525
1526        memset(&cp, 0, sizeof(cp));
1527        cp.enable = 1;
1528        cp.filter_dup = 1;
1529
1530        hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1531}
1532
1533static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval,
1534                          u16 window, int timeout)
1535{
1536        long timeo = msecs_to_jiffies(3000);
1537        struct le_scan_params param;
1538        int err;
1539
1540        BT_DBG("%s", hdev->name);
1541
1542        if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1543                return -EINPROGRESS;
1544
1545        param.type = type;
1546        param.interval = interval;
1547        param.window = window;
1548
1549        hci_req_lock(hdev);
1550
1551        err = __hci_request(hdev, le_scan_param_req, (unsigned long) &param,
1552                            timeo);
1553        if (!err)
1554                err = __hci_request(hdev, le_scan_enable_req, 0, timeo);
1555
1556        hci_req_unlock(hdev);
1557
1558        if (err < 0)
1559                return err;
1560
1561        schedule_delayed_work(&hdev->le_scan_disable,
1562                              msecs_to_jiffies(timeout));
1563
1564        return 0;
1565}
1566
1567int hci_cancel_le_scan(struct hci_dev *hdev)
1568{
1569        BT_DBG("%s", hdev->name);
1570
1571        if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1572                return -EALREADY;
1573
1574        if (cancel_delayed_work(&hdev->le_scan_disable)) {
1575                struct hci_cp_le_set_scan_enable cp;
1576
1577                /* Send HCI command to disable LE Scan */
1578                memset(&cp, 0, sizeof(cp));
1579                hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1580        }
1581
1582        return 0;
1583}
1584
1585static void le_scan_disable_work(struct work_struct *work)
1586{
1587        struct hci_dev *hdev = container_of(work, struct hci_dev,
1588                                            le_scan_disable.work);
1589        struct hci_cp_le_set_scan_enable cp;
1590
1591        BT_DBG("%s", hdev->name);
1592
1593        memset(&cp, 0, sizeof(cp));
1594
1595        hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1596}
1597
1598static void le_scan_work(struct work_struct *work)
1599{
1600        struct hci_dev *hdev = container_of(work, struct hci_dev, le_scan);
1601        struct le_scan_params *param = &hdev->le_scan_params;
1602
1603        BT_DBG("%s", hdev->name);
1604
1605        hci_do_le_scan(hdev, param->type, param->interval, param->window,
1606                       param->timeout);
1607}
1608
1609int hci_le_scan(struct hci_dev *hdev, u8 type, u16 interval, u16 window,
1610                int timeout)
1611{
1612        struct le_scan_params *param = &hdev->le_scan_params;
1613
1614        BT_DBG("%s", hdev->name);
1615
1616        if (work_busy(&hdev->le_scan))
1617                return -EINPROGRESS;
1618
1619        param->type = type;
1620        param->interval = interval;
1621        param->window = window;
1622        param->timeout = timeout;
1623
1624        queue_work(system_long_wq, &hdev->le_scan);
1625
1626        return 0;
1627}
1628
1629/* Alloc HCI device */
1630struct hci_dev *hci_alloc_dev(void)
1631{
1632        struct hci_dev *hdev;
1633
1634        hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
1635        if (!hdev)
1636                return NULL;
1637
1638        hdev->pkt_type  = (HCI_DM1 | HCI_DH1 | HCI_HV1);
1639        hdev->esco_type = (ESCO_HV1);
1640        hdev->link_mode = (HCI_LM_ACCEPT);
1641        hdev->io_capability = 0x03; /* No Input No Output */
1642
1643        hdev->sniff_max_interval = 800;
1644        hdev->sniff_min_interval = 80;
1645
1646        mutex_init(&hdev->lock);
1647        mutex_init(&hdev->req_lock);
1648
1649        INIT_LIST_HEAD(&hdev->mgmt_pending);
1650        INIT_LIST_HEAD(&hdev->blacklist);
1651        INIT_LIST_HEAD(&hdev->uuids);
1652        INIT_LIST_HEAD(&hdev->link_keys);
1653        INIT_LIST_HEAD(&hdev->long_term_keys);
1654        INIT_LIST_HEAD(&hdev->remote_oob_data);
1655
1656        INIT_WORK(&hdev->rx_work, hci_rx_work);
1657        INIT_WORK(&hdev->cmd_work, hci_cmd_work);
1658        INIT_WORK(&hdev->tx_work, hci_tx_work);
1659        INIT_WORK(&hdev->power_on, hci_power_on);
1660        INIT_WORK(&hdev->le_scan, le_scan_work);
1661
1662        INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
1663        INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
1664        INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
1665
1666        skb_queue_head_init(&hdev->driver_init);
1667        skb_queue_head_init(&hdev->rx_q);
1668        skb_queue_head_init(&hdev->cmd_q);
1669        skb_queue_head_init(&hdev->raw_q);
1670
1671        init_waitqueue_head(&hdev->req_wait_q);
1672
1673        setup_timer(&hdev->cmd_timer, hci_cmd_timeout, (unsigned long) hdev);
1674
1675        hci_init_sysfs(hdev);
1676        discovery_init(hdev);
1677        hci_conn_hash_init(hdev);
1678
1679        return hdev;
1680}
1681EXPORT_SYMBOL(hci_alloc_dev);
1682
1683/* Free HCI device */
1684void hci_free_dev(struct hci_dev *hdev)
1685{
1686        skb_queue_purge(&hdev->driver_init);
1687
1688        /* will free via device release */
1689        put_device(&hdev->dev);
1690}
1691EXPORT_SYMBOL(hci_free_dev);
1692
1693/* Register HCI device */
1694int hci_register_dev(struct hci_dev *hdev)
1695{
1696        int id, error;
1697
1698        if (!hdev->open || !hdev->close)
1699                return -EINVAL;
1700
1701        /* Do not allow HCI_AMP devices to register at index 0,
1702         * so the index can be used as the AMP controller ID.
1703         */
1704        switch (hdev->dev_type) {
1705        case HCI_BREDR:
1706                id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
1707                break;
1708        case HCI_AMP:
1709                id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
1710                break;
1711        default:
1712                return -EINVAL;
1713        }
1714
1715        if (id < 0)
1716                return id;
1717
1718        sprintf(hdev->name, "hci%d", id);
1719        hdev->id = id;
1720
1721        BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1722
1723        write_lock(&hci_dev_list_lock);
1724        list_add(&hdev->list, &hci_dev_list);
1725        write_unlock(&hci_dev_list_lock);
1726
1727        hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
1728                                          WQ_MEM_RECLAIM, 1);
1729        if (!hdev->workqueue) {
1730                error = -ENOMEM;
1731                goto err;
1732        }
1733
1734        error = hci_add_sysfs(hdev);
1735        if (error < 0)
1736                goto err_wqueue;
1737
1738        hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
1739                                    RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
1740                                    hdev);
1741        if (hdev->rfkill) {
1742                if (rfkill_register(hdev->rfkill) < 0) {
1743                        rfkill_destroy(hdev->rfkill);
1744                        hdev->rfkill = NULL;
1745                }
1746        }
1747
1748        set_bit(HCI_SETUP, &hdev->dev_flags);
1749
1750        if (hdev->dev_type != HCI_AMP)
1751                set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
1752
1753        schedule_work(&hdev->power_on);
1754
1755        hci_notify(hdev, HCI_DEV_REG);
1756        hci_dev_hold(hdev);
1757
1758        return id;
1759
1760err_wqueue:
1761        destroy_workqueue(hdev->workqueue);
1762err:
1763        ida_simple_remove(&hci_index_ida, hdev->id);
1764        write_lock(&hci_dev_list_lock);
1765        list_del(&hdev->list);
1766        write_unlock(&hci_dev_list_lock);
1767
1768        return error;
1769}
1770EXPORT_SYMBOL(hci_register_dev);
1771
1772/* Unregister HCI device */
1773void hci_unregister_dev(struct hci_dev *hdev)
1774{
1775        int i, id;
1776
1777        BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1778
1779        set_bit(HCI_UNREGISTER, &hdev->dev_flags);
1780
1781        id = hdev->id;
1782
1783        write_lock(&hci_dev_list_lock);
1784        list_del(&hdev->list);
1785        write_unlock(&hci_dev_list_lock);
1786
1787        hci_dev_do_close(hdev);
1788
1789        for (i = 0; i < NUM_REASSEMBLY; i++)
1790                kfree_skb(hdev->reassembly[i]);
1791
1792        if (!test_bit(HCI_INIT, &hdev->flags) &&
1793            !test_bit(HCI_SETUP, &hdev->dev_flags)) {
1794                hci_dev_lock(hdev);
1795                mgmt_index_removed(hdev);
1796                hci_dev_unlock(hdev);
1797        }
1798
1799        /* mgmt_index_removed should take care of emptying the
1800         * pending list */
1801        BUG_ON(!list_empty(&hdev->mgmt_pending));
1802
1803        hci_notify(hdev, HCI_DEV_UNREG);
1804
1805        if (hdev->rfkill) {
1806                rfkill_unregister(hdev->rfkill);
1807                rfkill_destroy(hdev->rfkill);
1808        }
1809
1810        hci_del_sysfs(hdev);
1811
1812        destroy_workqueue(hdev->workqueue);
1813
1814        hci_dev_lock(hdev);
1815        hci_blacklist_clear(hdev);
1816        hci_uuids_clear(hdev);
1817        hci_link_keys_clear(hdev);
1818        hci_smp_ltks_clear(hdev);
1819        hci_remote_oob_data_clear(hdev);
1820        hci_dev_unlock(hdev);
1821
1822        hci_dev_put(hdev);
1823
1824        ida_simple_remove(&hci_index_ida, id);
1825}
1826EXPORT_SYMBOL(hci_unregister_dev);
1827
1828/* Suspend HCI device */
1829int hci_suspend_dev(struct hci_dev *hdev)
1830{
1831        hci_notify(hdev, HCI_DEV_SUSPEND);
1832        return 0;
1833}
1834EXPORT_SYMBOL(hci_suspend_dev);
1835
1836/* Resume HCI device */
1837int hci_resume_dev(struct hci_dev *hdev)
1838{
1839        hci_notify(hdev, HCI_DEV_RESUME);
1840        return 0;
1841}
1842EXPORT_SYMBOL(hci_resume_dev);
1843
1844/* Receive frame from HCI drivers */
1845int hci_recv_frame(struct sk_buff *skb)
1846{
1847        struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1848        if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1849                      && !test_bit(HCI_INIT, &hdev->flags))) {
1850                kfree_skb(skb);
1851                return -ENXIO;
1852        }
1853
1854        /* Incomming skb */
1855        bt_cb(skb)->incoming = 1;
1856
1857        /* Time stamp */
1858        __net_timestamp(skb);
1859
1860        skb_queue_tail(&hdev->rx_q, skb);
1861        queue_work(hdev->workqueue, &hdev->rx_work);
1862
1863        return 0;
1864}
1865EXPORT_SYMBOL(hci_recv_frame);
1866
1867static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1868                          int count, __u8 index)
1869{
1870        int len = 0;
1871        int hlen = 0;
1872        int remain = count;
1873        struct sk_buff *skb;
1874        struct bt_skb_cb *scb;
1875
1876        if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1877            index >= NUM_REASSEMBLY)
1878                return -EILSEQ;
1879
1880        skb = hdev->reassembly[index];
1881
1882        if (!skb) {
1883                switch (type) {
1884                case HCI_ACLDATA_PKT:
1885                        len = HCI_MAX_FRAME_SIZE;
1886                        hlen = HCI_ACL_HDR_SIZE;
1887                        break;
1888                case HCI_EVENT_PKT:
1889                        len = HCI_MAX_EVENT_SIZE;
1890                        hlen = HCI_EVENT_HDR_SIZE;
1891                        break;
1892                case HCI_SCODATA_PKT:
1893                        len = HCI_MAX_SCO_SIZE;
1894                        hlen = HCI_SCO_HDR_SIZE;
1895                        break;
1896                }
1897
1898                skb = bt_skb_alloc(len, GFP_ATOMIC);
1899                if (!skb)
1900                        return -ENOMEM;
1901
1902                scb = (void *) skb->cb;
1903                scb->expect = hlen;
1904                scb->pkt_type = type;
1905
1906                skb->dev = (void *) hdev;
1907                hdev->reassembly[index] = skb;
1908        }
1909
1910        while (count) {
1911                scb = (void *) skb->cb;
1912                len = min_t(uint, scb->expect, count);
1913
1914                memcpy(skb_put(skb, len), data, len);
1915
1916                count -= len;
1917                data += len;
1918                scb->expect -= len;
1919                remain = count;
1920
1921                switch (type) {
1922                case HCI_EVENT_PKT:
1923                        if (skb->len == HCI_EVENT_HDR_SIZE) {
1924                                struct hci_event_hdr *h = hci_event_hdr(skb);
1925                                scb->expect = h->plen;
1926
1927                                if (skb_tailroom(skb) < scb->expect) {
1928                                        kfree_skb(skb);
1929                                        hdev->reassembly[index] = NULL;
1930                                        return -ENOMEM;
1931                                }
1932                        }
1933                        break;
1934
1935                case HCI_ACLDATA_PKT:
1936                        if (skb->len  == HCI_ACL_HDR_SIZE) {
1937                                struct hci_acl_hdr *h = hci_acl_hdr(skb);
1938                                scb->expect = __le16_to_cpu(h->dlen);
1939
1940                                if (skb_tailroom(skb) < scb->expect) {
1941                                        kfree_skb(skb);
1942                                        hdev->reassembly[index] = NULL;
1943                                        return -ENOMEM;
1944                                }
1945                        }
1946                        break;
1947
1948                case HCI_SCODATA_PKT:
1949                        if (skb->len == HCI_SCO_HDR_SIZE) {
1950                                struct hci_sco_hdr *h = hci_sco_hdr(skb);
1951                                scb->expect = h->dlen;
1952
1953                                if (skb_tailroom(skb) < scb->expect) {
1954                                        kfree_skb(skb);
1955                                        hdev->reassembly[index] = NULL;
1956                                        return -ENOMEM;
1957                                }
1958                        }
1959                        break;
1960                }
1961
1962                if (scb->expect == 0) {
1963                        /* Complete frame */
1964
1965                        bt_cb(skb)->pkt_type = type;
1966                        hci_recv_frame(skb);
1967
1968                        hdev->reassembly[index] = NULL;
1969                        return remain;
1970                }
1971        }
1972
1973        return remain;
1974}
1975
1976int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1977{
1978        int rem = 0;
1979
1980        if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
1981                return -EILSEQ;
1982
1983        while (count) {
1984                rem = hci_reassembly(hdev, type, data, count, type - 1);
1985                if (rem < 0)
1986                        return rem;
1987
1988                data += (count - rem);
1989                count = rem;
1990        }
1991
1992        return rem;
1993}
1994EXPORT_SYMBOL(hci_recv_fragment);
1995
1996#define STREAM_REASSEMBLY 0
1997
1998int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
1999{
2000        int type;
2001        int rem = 0;
2002
2003        while (count) {
2004                struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
2005
2006                if (!skb) {
2007                        struct { char type; } *pkt;
2008
2009                        /* Start of the frame */
2010                        pkt = data;
2011                        type = pkt->type;
2012
2013                        data++;
2014                        count--;
2015                } else
2016                        type = bt_cb(skb)->pkt_type;
2017
2018                rem = hci_reassembly(hdev, type, data, count,
2019                                     STREAM_REASSEMBLY);
2020                if (rem < 0)
2021                        return rem;
2022
2023                data += (count - rem);
2024                count = rem;
2025        }
2026
2027        return rem;
2028}
2029EXPORT_SYMBOL(hci_recv_stream_fragment);
2030
2031/* ---- Interface to upper protocols ---- */
2032
2033int hci_register_cb(struct hci_cb *cb)
2034{
2035        BT_DBG("%p name %s", cb, cb->name);
2036
2037        write_lock(&hci_cb_list_lock);
2038        list_add(&cb->list, &hci_cb_list);
2039        write_unlock(&hci_cb_list_lock);
2040
2041        return 0;
2042}
2043EXPORT_SYMBOL(hci_register_cb);
2044
2045int hci_unregister_cb(struct hci_cb *cb)
2046{
2047        BT_DBG("%p name %s", cb, cb->name);
2048
2049        write_lock(&hci_cb_list_lock);
2050        list_del(&cb->list);
2051        write_unlock(&hci_cb_list_lock);
2052
2053        return 0;
2054}
2055EXPORT_SYMBOL(hci_unregister_cb);
2056
2057static int hci_send_frame(struct sk_buff *skb)
2058{
2059        struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2060
2061        if (!hdev) {
2062                kfree_skb(skb);
2063                return -ENODEV;
2064        }
2065
2066        BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
2067
2068        /* Time stamp */
2069        __net_timestamp(skb);
2070
2071        /* Send copy to monitor */
2072        hci_send_to_monitor(hdev, skb);
2073
2074        if (atomic_read(&hdev->promisc)) {
2075                /* Send copy to the sockets */
2076                hci_send_to_sock(hdev, skb);
2077        }
2078
2079        /* Get rid of skb owner, prior to sending to the driver. */
2080        skb_orphan(skb);
2081
2082        return hdev->send(skb);
2083}
2084
2085/* Send HCI command */
2086int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
2087{
2088        int len = HCI_COMMAND_HDR_SIZE + plen;
2089        struct hci_command_hdr *hdr;
2090        struct sk_buff *skb;
2091
2092        BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
2093
2094        skb = bt_skb_alloc(len, GFP_ATOMIC);
2095        if (!skb) {
2096                BT_ERR("%s no memory for command", hdev->name);
2097                return -ENOMEM;
2098        }
2099
2100        hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
2101        hdr->opcode = cpu_to_le16(opcode);
2102        hdr->plen   = plen;
2103
2104        if (plen)
2105                memcpy(skb_put(skb, plen), param, plen);
2106
2107        BT_DBG("skb len %d", skb->len);
2108
2109        bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
2110        skb->dev = (void *) hdev;
2111
2112        if (test_bit(HCI_INIT, &hdev->flags))
2113                hdev->init_last_cmd = opcode;
2114
2115        skb_queue_tail(&hdev->cmd_q, skb);
2116        queue_work(hdev->workqueue, &hdev->cmd_work);
2117
2118        return 0;
2119}
2120
2121/* Get data from the previously sent command */
2122void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
2123{
2124        struct hci_command_hdr *hdr;
2125
2126        if (!hdev->sent_cmd)
2127                return NULL;
2128
2129        hdr = (void *) hdev->sent_cmd->data;
2130
2131        if (hdr->opcode != cpu_to_le16(opcode))
2132                return NULL;
2133
2134        BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2135
2136        return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
2137}
2138
2139/* Send ACL data */
2140static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
2141{
2142        struct hci_acl_hdr *hdr;
2143        int len = skb->len;
2144
2145        skb_push(skb, HCI_ACL_HDR_SIZE);
2146        skb_reset_transport_header(skb);
2147        hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
2148        hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
2149        hdr->dlen   = cpu_to_le16(len);
2150}
2151
2152static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
2153                          struct sk_buff *skb, __u16 flags)
2154{
2155        struct hci_dev *hdev = conn->hdev;
2156        struct sk_buff *list;
2157
2158        skb->len = skb_headlen(skb);
2159        skb->data_len = 0;
2160
2161        bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2162        hci_add_acl_hdr(skb, conn->handle, flags);
2163
2164        list = skb_shinfo(skb)->frag_list;
2165        if (!list) {
2166                /* Non fragmented */
2167                BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
2168
2169                skb_queue_tail(queue, skb);
2170        } else {
2171                /* Fragmented */
2172                BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2173
2174                skb_shinfo(skb)->frag_list = NULL;
2175
2176                /* Queue all fragments atomically */
2177                spin_lock(&queue->lock);
2178
2179                __skb_queue_tail(queue, skb);
2180
2181                flags &= ~ACL_START;
2182                flags |= ACL_CONT;
2183                do {
2184                        skb = list; list = list->next;
2185
2186                        skb->dev = (void *) hdev;
2187                        bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2188                        hci_add_acl_hdr(skb, conn->handle, flags);
2189
2190                        BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2191
2192                        __skb_queue_tail(queue, skb);
2193                } while (list);
2194
2195                spin_unlock(&queue->lock);
2196        }
2197}
2198
2199void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2200{
2201        struct hci_conn *conn = chan->conn;
2202        struct hci_dev *hdev = conn->hdev;
2203
2204        BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
2205
2206        skb->dev = (void *) hdev;
2207
2208        hci_queue_acl(conn, &chan->data_q, skb, flags);
2209
2210        queue_work(hdev->workqueue, &hdev->tx_work);
2211}
2212
2213/* Send SCO data */
2214void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
2215{
2216        struct hci_dev *hdev = conn->hdev;
2217        struct hci_sco_hdr hdr;
2218
2219        BT_DBG("%s len %d", hdev->name, skb->len);
2220
2221        hdr.handle = cpu_to_le16(conn->handle);
2222        hdr.dlen   = skb->len;
2223
2224        skb_push(skb, HCI_SCO_HDR_SIZE);
2225        skb_reset_transport_header(skb);
2226        memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
2227
2228        skb->dev = (void *) hdev;
2229        bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
2230
2231        skb_queue_tail(&conn->data_q, skb);
2232        queue_work(hdev->workqueue, &hdev->tx_work);
2233}
2234
2235/* ---- HCI TX task (outgoing data) ---- */
2236
2237/* HCI Connection scheduler */
2238static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
2239                                     int *quote)
2240{
2241        struct hci_conn_hash *h = &hdev->conn_hash;
2242        struct hci_conn *conn = NULL, *c;
2243        unsigned int num = 0, min = ~0;
2244
2245        /* We don't have to lock device here. Connections are always
2246         * added and removed with TX task disabled. */
2247
2248        rcu_read_lock();
2249
2250        list_for_each_entry_rcu(c, &h->list, list) {
2251                if (c->type != type || skb_queue_empty(&c->data_q))
2252                        continue;
2253
2254                if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2255                        continue;
2256
2257                num++;
2258
2259                if (c->sent < min) {
2260                        min  = c->sent;
2261                        conn = c;
2262                }
2263
2264                if (hci_conn_num(hdev, type) == num)
2265                        break;
2266        }
2267
2268        rcu_read_unlock();
2269
2270        if (conn) {
2271                int cnt, q;
2272
2273                switch (conn->type) {
2274                case ACL_LINK:
2275                        cnt = hdev->acl_cnt;
2276                        break;
2277                case SCO_LINK:
2278                case ESCO_LINK:
2279                        cnt = hdev->sco_cnt;
2280                        break;
2281                case LE_LINK:
2282                        cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2283                        break;
2284                default:
2285                        cnt = 0;
2286                        BT_ERR("Unknown link type");
2287                }
2288
2289                q = cnt / num;
2290                *quote = q ? q : 1;
2291        } else
2292                *quote = 0;
2293
2294        BT_DBG("conn %p quote %d", conn, *quote);
2295        return conn;
2296}
2297
2298static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2299{
2300        struct hci_conn_hash *h = &hdev->conn_hash;
2301        struct hci_conn *c;
2302
2303        BT_ERR("%s link tx timeout", hdev->name);
2304
2305        rcu_read_lock();
2306
2307        /* Kill stalled connections */
2308        list_for_each_entry_rcu(c, &h->list, list) {
2309                if (c->type == type && c->sent) {
2310                        BT_ERR("%s killing stalled connection %s",
2311                               hdev->name, batostr(&c->dst));
2312                        hci_acl_disconn(c, HCI_ERROR_REMOTE_USER_TERM);
2313                }
2314        }
2315
2316        rcu_read_unlock();
2317}
2318
2319static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2320                                      int *quote)
2321{
2322        struct hci_conn_hash *h = &hdev->conn_hash;
2323        struct hci_chan *chan = NULL;
2324        unsigned int num = 0, min = ~0, cur_prio = 0;
2325        struct hci_conn *conn;
2326        int cnt, q, conn_num = 0;
2327
2328        BT_DBG("%s", hdev->name);
2329
2330        rcu_read_lock();
2331
2332        list_for_each_entry_rcu(conn, &h->list, list) {
2333                struct hci_chan *tmp;
2334
2335                if (conn->type != type)
2336                        continue;
2337
2338                if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2339                        continue;
2340
2341                conn_num++;
2342
2343                list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
2344                        struct sk_buff *skb;
2345
2346                        if (skb_queue_empty(&tmp->data_q))
2347                                continue;
2348
2349                        skb = skb_peek(&tmp->data_q);
2350                        if (skb->priority < cur_prio)
2351                                continue;
2352
2353                        if (skb->priority > cur_prio) {
2354                                num = 0;
2355                                min = ~0;
2356                                cur_prio = skb->priority;
2357                        }
2358
2359                        num++;
2360
2361                        if (conn->sent < min) {
2362                                min  = conn->sent;
2363                                chan = tmp;
2364                        }
2365                }
2366
2367                if (hci_conn_num(hdev, type) == conn_num)
2368                        break;
2369        }
2370
2371        rcu_read_unlock();
2372
2373        if (!chan)
2374                return NULL;
2375
2376        switch (chan->conn->type) {
2377        case ACL_LINK:
2378                cnt = hdev->acl_cnt;
2379                break;
2380        case SCO_LINK:
2381        case ESCO_LINK:
2382                cnt = hdev->sco_cnt;
2383                break;
2384        case LE_LINK:
2385                cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2386                break;
2387        default:
2388                cnt = 0;
2389                BT_ERR("Unknown link type");
2390        }
2391
2392        q = cnt / num;
2393        *quote = q ? q : 1;
2394        BT_DBG("chan %p quote %d", chan, *quote);
2395        return chan;
2396}
2397
2398static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2399{
2400        struct hci_conn_hash *h = &hdev->conn_hash;
2401        struct hci_conn *conn;
2402        int num = 0;
2403
2404        BT_DBG("%s", hdev->name);
2405
2406        rcu_read_lock();
2407
2408        list_for_each_entry_rcu(conn, &h->list, list) {
2409                struct hci_chan *chan;
2410
2411                if (conn->type != type)
2412                        continue;
2413
2414                if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2415                        continue;
2416
2417                num++;
2418
2419                list_for_each_entry_rcu(chan, &conn->chan_list, list) {
2420                        struct sk_buff *skb;
2421
2422                        if (chan->sent) {
2423                                chan->sent = 0;
2424                                continue;
2425                        }
2426
2427                        if (skb_queue_empty(&chan->data_q))
2428                                continue;
2429
2430                        skb = skb_peek(&chan->data_q);
2431                        if (skb->priority >= HCI_PRIO_MAX - 1)
2432                                continue;
2433
2434                        skb->priority = HCI_PRIO_MAX - 1;
2435
2436                        BT_DBG("chan %p skb %p promoted to %d", chan, skb,
2437                               skb->priority);
2438                }
2439
2440                if (hci_conn_num(hdev, type) == num)
2441                        break;
2442        }
2443
2444        rcu_read_unlock();
2445
2446}
2447
2448static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
2449{
2450        /* Calculate count of blocks used by this packet */
2451        return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
2452}
2453
2454static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
2455{
2456        if (!test_bit(HCI_RAW, &hdev->flags)) {
2457                /* ACL tx timeout must be longer than maximum
2458                 * link supervision timeout (40.9 seconds) */
2459                if (!cnt && time_after(jiffies, hdev->acl_last_tx +
2460                                       HCI_ACL_TX_TIMEOUT))
2461                        hci_link_tx_to(hdev, ACL_LINK);
2462        }
2463}
2464
2465static void hci_sched_acl_pkt(struct hci_dev *hdev)
2466{
2467        unsigned int cnt = hdev->acl_cnt;
2468        struct hci_chan *chan;
2469        struct sk_buff *skb;
2470        int quote;
2471
2472        __check_timeout(hdev, cnt);
2473
2474        while (hdev->acl_cnt &&
2475               (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) {
2476                u32 priority = (skb_peek(&chan->data_q))->priority;
2477                while (quote-- && (skb = skb_peek(&chan->data_q))) {
2478                        BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2479                               skb->len, skb->priority);
2480
2481                        /* Stop if priority has changed */
2482                        if (skb->priority < priority)
2483                                break;
2484
2485                        skb = skb_dequeue(&chan->data_q);
2486
2487                        hci_conn_enter_active_mode(chan->conn,
2488                                                   bt_cb(skb)->force_active);
2489
2490                        hci_send_frame(skb);
2491                        hdev->acl_last_tx = jiffies;
2492
2493                        hdev->acl_cnt--;
2494                        chan->sent++;
2495                        chan->conn->sent++;
2496                }
2497        }
2498
2499        if (cnt != hdev->acl_cnt)
2500                hci_prio_recalculate(hdev, ACL_LINK);
2501}
2502
2503static void hci_sched_acl_blk(struct hci_dev *hdev)
2504{
2505        unsigned int cnt = hdev->block_cnt;
2506        struct hci_chan *chan;
2507        struct sk_buff *skb;
2508        int quote;
2509
2510        __check_timeout(hdev, cnt);
2511
2512        while (hdev->block_cnt > 0 &&
2513               (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) {
2514                u32 priority = (skb_peek(&chan->data_q))->priority;
2515                while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
2516                        int blocks;
2517
2518                        BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2519                               skb->len, skb->priority);
2520
2521                        /* Stop if priority has changed */
2522                        if (skb->priority < priority)
2523                                break;
2524
2525                        skb = skb_dequeue(&chan->data_q);
2526
2527                        blocks = __get_blocks(hdev, skb);
2528                        if (blocks > hdev->block_cnt)
2529                                return;
2530
2531                        hci_conn_enter_active_mode(chan->conn,
2532                                                   bt_cb(skb)->force_active);
2533
2534                        hci_send_frame(skb);
2535                        hdev->acl_last_tx = jiffies;
2536
2537                        hdev->block_cnt -= blocks;
2538                        quote -= blocks;
2539
2540                        chan->sent += blocks;
2541                        chan->conn->sent += blocks;
2542                }
2543        }
2544
2545        if (cnt != hdev->block_cnt)
2546                hci_prio_recalculate(hdev, ACL_LINK);
2547}
2548
2549static void hci_sched_acl(struct hci_dev *hdev)
2550{
2551        BT_DBG("%s", hdev->name);
2552
2553        if (!hci_conn_num(hdev, ACL_LINK))
2554                return;
2555
2556        switch (hdev->flow_ctl_mode) {
2557        case HCI_FLOW_CTL_MODE_PACKET_BASED:
2558                hci_sched_acl_pkt(hdev);
2559                break;
2560
2561        case HCI_FLOW_CTL_MODE_BLOCK_BASED:
2562                hci_sched_acl_blk(hdev);
2563                break;
2564        }
2565}
2566
2567/* Schedule SCO */
2568static void hci_sched_sco(struct hci_dev *hdev)
2569{
2570        struct hci_conn *conn;
2571        struct sk_buff *skb;
2572        int quote;
2573
2574        BT_DBG("%s", hdev->name);
2575
2576        if (!hci_conn_num(hdev, SCO_LINK))
2577                return;
2578
2579        while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, &quote))) {
2580                while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2581                        BT_DBG("skb %p len %d", skb, skb->len);
2582                        hci_send_frame(skb);
2583
2584                        conn->sent++;
2585                        if (conn->sent == ~0)
2586                                conn->sent = 0;
2587                }
2588        }
2589}
2590
2591static void hci_sched_esco(struct hci_dev *hdev)
2592{
2593        struct hci_conn *conn;
2594        struct sk_buff *skb;
2595        int quote;
2596
2597        BT_DBG("%s", hdev->name);
2598
2599        if (!hci_conn_num(hdev, ESCO_LINK))
2600                return;
2601
2602        while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
2603                                                     &quote))) {
2604                while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2605                        BT_DBG("skb %p len %d", skb, skb->len);
2606                        hci_send_frame(skb);
2607
2608                        conn->sent++;
2609                        if (conn->sent == ~0)
2610                                conn->sent = 0;
2611                }
2612        }
2613}
2614
2615static void hci_sched_le(struct hci_dev *hdev)
2616{
2617        struct hci_chan *chan;
2618        struct sk_buff *skb;
2619        int quote, cnt, tmp;
2620
2621        BT_DBG("%s", hdev->name);
2622
2623        if (!hci_conn_num(hdev, LE_LINK))
2624                return;
2625
2626        if (!test_bit(HCI_RAW, &hdev->flags)) {
2627                /* LE tx timeout must be longer than maximum
2628                 * link supervision timeout (40.9 seconds) */
2629                if (!hdev->le_cnt && hdev->le_pkts &&
2630                    time_after(jiffies, hdev->le_last_tx + HZ * 45))
2631                        hci_link_tx_to(hdev, LE_LINK);
2632        }
2633
2634        cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
2635        tmp = cnt;
2636        while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, &quote))) {
2637                u32 priority = (skb_peek(&chan->data_q))->priority;
2638                while (quote-- && (skb = skb_peek(&chan->data_q))) {
2639                        BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2640                               skb->len, skb->priority);
2641
2642                        /* Stop if priority has changed */
2643                        if (skb->priority < priority)
2644                                break;
2645
2646                        skb = skb_dequeue(&chan->data_q);
2647
2648                        hci_send_frame(skb);
2649                        hdev->le_last_tx = jiffies;
2650
2651                        cnt--;
2652                        chan->sent++;
2653                        chan->conn->sent++;
2654                }
2655        }
2656
2657        if (hdev->le_pkts)
2658                hdev->le_cnt = cnt;
2659        else
2660                hdev->acl_cnt = cnt;
2661
2662        if (cnt != tmp)
2663                hci_prio_recalculate(hdev, LE_LINK);
2664}
2665
2666static void hci_tx_work(struct work_struct *work)
2667{
2668        struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
2669        struct sk_buff *skb;
2670
2671        BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
2672               hdev->sco_cnt, hdev->le_cnt);
2673
2674        /* Schedule queues and send stuff to HCI driver */
2675
2676        hci_sched_acl(hdev);
2677
2678        hci_sched_sco(hdev);
2679
2680        hci_sched_esco(hdev);
2681
2682        hci_sched_le(hdev);
2683
2684        /* Send next queued raw (unknown type) packet */
2685        while ((skb = skb_dequeue(&hdev->raw_q)))
2686                hci_send_frame(skb);
2687}
2688
2689/* ----- HCI RX task (incoming data processing) ----- */
2690
2691/* ACL data packet */
2692static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2693{
2694        struct hci_acl_hdr *hdr = (void *) skb->data;
2695        struct hci_conn *conn;
2696        __u16 handle, flags;
2697
2698        skb_pull(skb, HCI_ACL_HDR_SIZE);
2699
2700        handle = __le16_to_cpu(hdr->handle);
2701        flags  = hci_flags(handle);
2702        handle = hci_handle(handle);
2703
2704        BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
2705               handle, flags);
2706
2707        hdev->stat.acl_rx++;
2708
2709        hci_dev_lock(hdev);
2710        conn = hci_conn_hash_lookup_handle(hdev, handle);
2711        hci_dev_unlock(hdev);
2712
2713        if (conn) {
2714                hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
2715
2716                hci_dev_lock(hdev);
2717                if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
2718                    !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2719                        mgmt_device_connected(hdev, &conn->dst, conn->type,
2720                                              conn->dst_type, 0, NULL, 0,
2721                                              conn->dev_class);
2722                hci_dev_unlock(hdev);
2723
2724                /* Send to upper protocol */
2725                l2cap_recv_acldata(conn, skb, flags);
2726                return;
2727        } else {
2728                BT_ERR("%s ACL packet for unknown connection handle %d",
2729                       hdev->name, handle);
2730        }
2731
2732        kfree_skb(skb);
2733}
2734
2735/* SCO data packet */
2736static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2737{
2738        struct hci_sco_hdr *hdr = (void *) skb->data;
2739        struct hci_conn *conn;
2740        __u16 handle;
2741
2742        skb_pull(skb, HCI_SCO_HDR_SIZE);
2743
2744        handle = __le16_to_cpu(hdr->handle);
2745
2746        BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
2747
2748        hdev->stat.sco_rx++;
2749
2750        hci_dev_lock(hdev);
2751        conn = hci_conn_hash_lookup_handle(hdev, handle);
2752        hci_dev_unlock(hdev);
2753
2754        if (conn) {
2755                /* Send to upper protocol */
2756                sco_recv_scodata(conn, skb);
2757                return;
2758        } else {
2759                BT_ERR("%s SCO packet for unknown connection handle %d",
2760                       hdev->name, handle);
2761        }
2762
2763        kfree_skb(skb);
2764}
2765
2766static void hci_rx_work(struct work_struct *work)
2767{
2768        struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
2769        struct sk_buff *skb;
2770
2771        BT_DBG("%s", hdev->name);
2772
2773        while ((skb = skb_dequeue(&hdev->rx_q))) {
2774                /* Send copy to monitor */
2775                hci_send_to_monitor(hdev, skb);
2776
2777                if (atomic_read(&hdev->promisc)) {
2778                        /* Send copy to the sockets */
2779                        hci_send_to_sock(hdev, skb);
2780                }
2781
2782                if (test_bit(HCI_RAW, &hdev->flags)) {
2783                        kfree_skb(skb);
2784                        continue;
2785                }
2786
2787                if (test_bit(HCI_INIT, &hdev->flags)) {
2788                        /* Don't process data packets in this states. */
2789                        switch (bt_cb(skb)->pkt_type) {
2790                        case HCI_ACLDATA_PKT:
2791                        case HCI_SCODATA_PKT:
2792                                kfree_skb(skb);
2793                                continue;
2794                        }
2795                }
2796
2797                /* Process frame */
2798                switch (bt_cb(skb)->pkt_type) {
2799                case HCI_EVENT_PKT:
2800                        BT_DBG("%s Event packet", hdev->name);
2801                        hci_event_packet(hdev, skb);
2802                        break;
2803
2804                case HCI_ACLDATA_PKT:
2805                        BT_DBG("%s ACL data packet", hdev->name);
2806                        hci_acldata_packet(hdev, skb);
2807                        break;
2808
2809                case HCI_SCODATA_PKT:
2810                        BT_DBG("%s SCO data packet", hdev->name);
2811                        hci_scodata_packet(hdev, skb);
2812                        break;
2813
2814                default:
2815                        kfree_skb(skb);
2816                        break;
2817                }
2818        }
2819}
2820
2821static void hci_cmd_work(struct work_struct *work)
2822{
2823        struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
2824        struct sk_buff *skb;
2825
2826        BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
2827               atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
2828
2829        /* Send queued commands */
2830        if (atomic_read(&hdev->cmd_cnt)) {
2831                skb = skb_dequeue(&hdev->cmd_q);
2832                if (!skb)
2833                        return;
2834
2835                kfree_skb(hdev->sent_cmd);
2836
2837                hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
2838                if (hdev->sent_cmd) {
2839                        atomic_dec(&hdev->cmd_cnt);
2840                        hci_send_frame(skb);
2841                        if (test_bit(HCI_RESET, &hdev->flags))
2842                                del_timer(&hdev->cmd_timer);
2843                        else
2844                                mod_timer(&hdev->cmd_timer,
2845                                          jiffies + HCI_CMD_TIMEOUT);
2846                } else {
2847                        skb_queue_head(&hdev->cmd_q, skb);
2848                        queue_work(hdev->workqueue, &hdev->cmd_work);
2849                }
2850        }
2851}
2852
2853int hci_do_inquiry(struct hci_dev *hdev, u8 length)
2854{
2855        /* General inquiry access code (GIAC) */
2856        u8 lap[3] = { 0x33, 0x8b, 0x9e };
2857        struct hci_cp_inquiry cp;
2858
2859        BT_DBG("%s", hdev->name);
2860
2861        if (test_bit(HCI_INQUIRY, &hdev->flags))
2862                return -EINPROGRESS;
2863
2864        inquiry_cache_flush(hdev);
2865
2866        memset(&cp, 0, sizeof(cp));
2867        memcpy(&cp.lap, lap, sizeof(cp.lap));
2868        cp.length  = length;
2869
2870        return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
2871}
2872
2873int hci_cancel_inquiry(struct hci_dev *hdev)
2874{
2875        BT_DBG("%s", hdev->name);
2876
2877        if (!test_bit(HCI_INQUIRY, &hdev->flags))
2878                return -EALREADY;
2879
2880        return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2881}
2882
2883u8 bdaddr_to_le(u8 bdaddr_type)
2884{
2885        switch (bdaddr_type) {
2886        case BDADDR_LE_PUBLIC:
2887                return ADDR_LE_DEV_PUBLIC;
2888
2889        default:
2890                /* Fallback to LE Random address type */
2891                return ADDR_LE_DEV_RANDOM;
2892        }
2893}
2894
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.