1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI core. */ 26 27 #include <linux/config.h> 28 #include <linux/module.h> 29 #include <linux/kmod.h> 30 31 #include <linux/types.h> 32 #include <linux/errno.h> 33 #include <linux/kernel.h> 34 #include <linux/major.h> 35 #include <linux/sched.h> 36 #include <linux/slab.h> 37 #include <linux/poll.h> 38 #include <linux/fcntl.h> 39 #include <linux/init.h> 40 #include <linux/skbuff.h> 41 #include <linux/interrupt.h> 42 #include <linux/notifier.h> 43 #include <net/sock.h> 44 45 #include <asm/system.h> 46 #include <asm/uaccess.h> 47 #include <asm/unaligned.h> 48 49 #include <net/bluetooth/bluetooth.h> 50 #include <net/bluetooth/hci_core.h> 51 52 #ifndef CONFIG_BT_HCI_CORE_DEBUG 53 #undef BT_DBG 54 #define BT_DBG(D...) 55 #endif 56 57 static void hci_cmd_task(unsigned long arg); 58 static void hci_rx_task(unsigned long arg); 59 static void hci_tx_task(unsigned long arg); 60 static void hci_notify(struct hci_dev *hdev, int event); 61 62 static DEFINE_RWLOCK(hci_task_lock); 63 64 /* HCI device list */ 65 LIST_HEAD(hci_dev_list); 66 DEFINE_RWLOCK(hci_dev_list_lock); 67 68 /* HCI callback list */ 69 LIST_HEAD(hci_cb_list); 70 DEFINE_RWLOCK(hci_cb_list_lock); 71 72 /* HCI protocols */ 73 #define HCI_MAX_PROTO 2 74 struct hci_proto *hci_proto[HCI_MAX_PROTO]; 75 76 /* HCI notifiers list */ 77 static struct notifier_block *hci_notifier; 78 79 /* ---- HCI notifications ---- */ 80 81 int hci_register_notifier(struct notifier_block *nb) 82 { 83 return notifier_chain_register(&hci_notifier, nb); 84 } 85 86 int hci_unregister_notifier(struct notifier_block *nb) 87 { 88 return notifier_chain_unregister(&hci_notifier, nb); 89 } 90 91 void hci_notify(struct hci_dev *hdev, int event) 92 { 93 notifier_call_chain(&hci_notifier, event, hdev); 94 } 95 96 /* ---- HCI requests ---- */ 97 98 void hci_req_complete(struct hci_dev *hdev, int result) 99 { 100 BT_DBG("%s result 0x%2.2x", hdev->name, result); 101 102 if (hdev->req_status == HCI_REQ_PEND) { 103 hdev->req_result = result; 104 hdev->req_status = HCI_REQ_DONE; 105 wake_up_interruptible(&hdev->req_wait_q); 106 } 107 } 108 109 static void hci_req_cancel(struct hci_dev *hdev, int err) 110 { 111 BT_DBG("%s err 0x%2.2x", hdev->name, err); 112 113 if (hdev->req_status == HCI_REQ_PEND) { 114 hdev->req_result = err; 115 hdev->req_status = HCI_REQ_CANCELED; 116 wake_up_interruptible(&hdev->req_wait_q); 117 } 118 } 119 120 /* Execute request and wait for completion. */ 121 static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt), 122 unsigned long opt, __u32 timeout) 123 { 124 DECLARE_WAITQUEUE(wait, current); 125 int err = 0; 126 127 BT_DBG("%s start", hdev->name); 128 129 hdev->req_status = HCI_REQ_PEND; 130 131 add_wait_queue(&hdev->req_wait_q, &wait); 132 set_current_state(TASK_INTERRUPTIBLE); 133 134 req(hdev, opt); 135 schedule_timeout(timeout); 136 137 remove_wait_queue(&hdev->req_wait_q, &wait); 138 139 if (signal_pending(current)) 140 return -EINTR; 141 142 switch (hdev->req_status) { 143 case HCI_REQ_DONE: 144 err = -bt_err(hdev->req_result); 145 break; 146 147 case HCI_REQ_CANCELED: 148 err = -hdev->req_result; 149 break; 150 151 default: 152 err = -ETIMEDOUT; 153 break; 154 }; 155 156 hdev->req_status = hdev->req_result = 0; 157 158 BT_DBG("%s end: err %d", hdev->name, err); 159 160 return err; 161 } 162 163 static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt), 164 unsigned long opt, __u32 timeout) 165 { 166 int ret; 167 168 /* Serialize all requests */ 169 hci_req_lock(hdev); 170 ret = __hci_request(hdev, req, opt, timeout); 171 hci_req_unlock(hdev); 172 173 return ret; 174 } 175 176 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt) 177 { 178 BT_DBG("%s %ld", hdev->name, opt); 179 180 /* Reset device */ 181 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_RESET, 0, NULL); 182 } 183 184 static void hci_init_req(struct hci_dev *hdev, unsigned long opt) 185 { 186 struct sk_buff *skb; 187 __u16 param; 188 189 BT_DBG("%s %ld", hdev->name, opt); 190 191 /* Driver initialization */ 192 193 /* Special commands */ 194 while ((skb = skb_dequeue(&hdev->driver_init))) { 195 skb->pkt_type = HCI_COMMAND_PKT; 196 skb->dev = (void *) hdev; 197 skb_queue_tail(&hdev->cmd_q, skb); 198 hci_sched_cmd(hdev); 199 } 200 skb_queue_purge(&hdev->driver_init); 201 202 /* Mandatory initialization */ 203 204 /* Reset */ 205 if (test_bit(HCI_QUIRK_RESET_ON_INIT, &hdev->quirks)) 206 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_RESET, 0, NULL); 207 208 /* Read Local Supported Features */ 209 hci_send_cmd(hdev, OGF_INFO_PARAM, OCF_READ_LOCAL_FEATURES, 0, NULL); 210 211 /* Read Buffer Size (ACL mtu, max pkt, etc.) */ 212 hci_send_cmd(hdev, OGF_INFO_PARAM, OCF_READ_BUFFER_SIZE, 0, NULL); 213 214 #if 0 215 /* Host buffer size */ 216 { 217 struct hci_cp_host_buffer_size cp; 218 cp.acl_mtu = __cpu_to_le16(HCI_MAX_ACL_SIZE); 219 cp.sco_mtu = HCI_MAX_SCO_SIZE; 220 cp.acl_max_pkt = __cpu_to_le16(0xffff); 221 cp.sco_max_pkt = __cpu_to_le16(0xffff); 222 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_HOST_BUFFER_SIZE, sizeof(cp), &cp); 223 } 224 #endif 225 226 /* Read BD Address */ 227 hci_send_cmd(hdev, OGF_INFO_PARAM, OCF_READ_BD_ADDR, 0, NULL); 228 229 /* Read Voice Setting */ 230 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_READ_VOICE_SETTING, 0, NULL); 231 232 /* Optional initialization */ 233 234 /* Clear Event Filters */ 235 { 236 struct hci_cp_set_event_flt cp; 237 cp.flt_type = HCI_FLT_CLEAR_ALL; 238 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_SET_EVENT_FLT, sizeof(cp), &cp); 239 } 240 241 /* Page timeout ~20 secs */ 242 param = __cpu_to_le16(0x8000); 243 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_WRITE_PG_TIMEOUT, 2, ¶m); 244 245 /* Connection accept timeout ~20 secs */ 246 param = __cpu_to_le16(0x7d00); 247 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_WRITE_CA_TIMEOUT, 2, ¶m); 248 } 249 250 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt) 251 { 252 __u8 scan = opt; 253 254 BT_DBG("%s %x", hdev->name, scan); 255 256 /* Inquiry and Page scans */ 257 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE, 1, &scan); 258 } 259 260 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt) 261 { 262 __u8 auth = opt; 263 264 BT_DBG("%s %x", hdev->name, auth); 265 266 /* Authentication */ 267 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_WRITE_AUTH_ENABLE, 1, &auth); 268 } 269 270 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt) 271 { 272 __u8 encrypt = opt; 273 274 BT_DBG("%s %x", hdev->name, encrypt); 275 276 /* Authentication */ 277 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_WRITE_ENCRYPT_MODE, 1, &encrypt); 278 } 279 280 /* Get HCI device by index. 281 * Device is held on return. */ 282 struct hci_dev *hci_dev_get(int index) 283 { 284 struct hci_dev *hdev = NULL; 285 struct list_head *p; 286 287 BT_DBG("%d", index); 288 289 if (index < 0) 290 return NULL; 291 292 read_lock(&hci_dev_list_lock); 293 list_for_each(p, &hci_dev_list) { 294 struct hci_dev *d = list_entry(p, struct hci_dev, list); 295 if (d->id == index) { 296 hdev = hci_dev_hold(d); 297 break; 298 } 299 } 300 read_unlock(&hci_dev_list_lock); 301 return hdev; 302 } 303 EXPORT_SYMBOL(hci_dev_get); 304 305 /* ---- Inquiry support ---- */ 306 static void inquiry_cache_flush(struct hci_dev *hdev) 307 { 308 struct inquiry_cache *cache = &hdev->inq_cache; 309 struct inquiry_entry *next = cache->list, *e; 310 311 BT_DBG("cache %p", cache); 312 313 cache->list = NULL; 314 while ((e = next)) { 315 next = e->next; 316 kfree(e); 317 } 318 } 319 320 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr) 321 { 322 struct inquiry_cache *cache = &hdev->inq_cache; 323 struct inquiry_entry *e; 324 325 BT_DBG("cache %p, %s", cache, batostr(bdaddr)); 326 327 for (e = cache->list; e; e = e->next) 328 if (!bacmp(&e->data.bdaddr, bdaddr)) 329 break; 330 return e; 331 } 332 333 void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data) 334 { 335 struct inquiry_cache *cache = &hdev->inq_cache; 336 struct inquiry_entry *e; 337 338 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr)); 339 340 if (!(e = hci_inquiry_cache_lookup(hdev, &data->bdaddr))) { 341 /* Entry not in the cache. Add new one. */ 342 if (!(e = kmalloc(sizeof(struct inquiry_entry), GFP_ATOMIC))) 343 return; 344 memset(e, 0, sizeof(struct inquiry_entry)); 345 e->next = cache->list; 346 cache->list = e; 347 } 348 349 memcpy(&e->data, data, sizeof(*data)); 350 e->timestamp = jiffies; 351 cache->timestamp = jiffies; 352 } 353 354 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf) 355 { 356 struct inquiry_cache *cache = &hdev->inq_cache; 357 struct inquiry_info *info = (struct inquiry_info *) buf; 358 struct inquiry_entry *e; 359 int copied = 0; 360 361 for (e = cache->list; e && copied < num; e = e->next, copied++) { 362 struct inquiry_data *data = &e->data; 363 bacpy(&info->bdaddr, &data->bdaddr); 364 info->pscan_rep_mode = data->pscan_rep_mode; 365 info->pscan_period_mode = data->pscan_period_mode; 366 info->pscan_mode = data->pscan_mode; 367 memcpy(info->dev_class, data->dev_class, 3); 368 info->clock_offset = data->clock_offset; 369 info++; 370 } 371 372 BT_DBG("cache %p, copied %d", cache, copied); 373 return copied; 374 } 375 376 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt) 377 { 378 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt; 379 struct hci_cp_inquiry cp; 380 381 BT_DBG("%s", hdev->name); 382 383 if (test_bit(HCI_INQUIRY, &hdev->flags)) 384 return; 385 386 /* Start Inquiry */ 387 memcpy(&cp.lap, &ir->lap, 3); 388 cp.length = ir->length; 389 cp.num_rsp = ir->num_rsp; 390 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_INQUIRY, sizeof(cp), &cp); 391 } 392 393 int hci_inquiry(void __user *arg) 394 { 395 __u8 __user *ptr = arg; 396 struct hci_inquiry_req ir; 397 struct hci_dev *hdev; 398 int err = 0, do_inquiry = 0, max_rsp; 399 long timeo; 400 __u8 *buf; 401 402 if (copy_from_user(&ir, ptr, sizeof(ir))) 403 return -EFAULT; 404 405 if (!(hdev = hci_dev_get(ir.dev_id))) 406 return -ENODEV; 407 408 hci_dev_lock_bh(hdev); 409 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX || 410 inquiry_cache_empty(hdev) || 411 ir.flags & IREQ_CACHE_FLUSH) { 412 inquiry_cache_flush(hdev); 413 do_inquiry = 1; 414 } 415 hci_dev_unlock_bh(hdev); 416 417 timeo = ir.length * 2 * HZ; 418 if (do_inquiry && (err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo)) < 0) 419 goto done; 420 421 /* for unlimited number of responses we will use buffer with 255 entries */ 422 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp; 423 424 /* cache_dump can't sleep. Therefore we allocate temp buffer and then 425 * copy it to the user space. 426 */ 427 if (!(buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL))) { 428 err = -ENOMEM; 429 goto done; 430 } 431 432 hci_dev_lock_bh(hdev); 433 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf); 434 hci_dev_unlock_bh(hdev); 435 436 BT_DBG("num_rsp %d", ir.num_rsp); 437 438 if (!copy_to_user(ptr, &ir, sizeof(ir))) { 439 ptr += sizeof(ir); 440 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) * 441 ir.num_rsp)) 442 err = -EFAULT; 443 } else 444 err = -EFAULT; 445 446 kfree(buf); 447 448 done: 449 hci_dev_put(hdev); 450 return err; 451 } 452 453 /* ---- HCI ioctl helpers ---- */ 454 455 int hci_dev_open(__u16 dev) 456 { 457 struct hci_dev *hdev; 458 int ret = 0; 459 460 if (!(hdev = hci_dev_get(dev))) 461 return -ENODEV; 462 463 BT_DBG("%s %p", hdev->name, hdev); 464 465 hci_req_lock(hdev); 466 467 if (test_bit(HCI_UP, &hdev->flags)) { 468 ret = -EALREADY; 469 goto done; 470 } 471 472 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 473 set_bit(HCI_RAW, &hdev->flags); 474 475 if (hdev->open(hdev)) { 476 ret = -EIO; 477 goto done; 478 } 479 480 if (!test_bit(HCI_RAW, &hdev->flags)) { 481 atomic_set(&hdev->cmd_cnt, 1); 482 set_bit(HCI_INIT, &hdev->flags); 483 484 //__hci_request(hdev, hci_reset_req, 0, HZ); 485 ret = __hci_request(hdev, hci_init_req, 0, HCI_INIT_TIMEOUT); 486 487 clear_bit(HCI_INIT, &hdev->flags); 488 } 489 490 if (!ret) { 491 hci_dev_hold(hdev); 492 set_bit(HCI_UP, &hdev->flags); 493 hci_notify(hdev, HCI_DEV_UP); 494 } else { 495 /* Init failed, cleanup */ 496 tasklet_kill(&hdev->rx_task); 497 tasklet_kill(&hdev->tx_task); 498 tasklet_kill(&hdev->cmd_task); 499 500 skb_queue_purge(&hdev->cmd_q); 501 skb_queue_purge(&hdev->rx_q); 502 503 if (hdev->flush) 504 hdev->flush(hdev); 505 506 if (hdev->sent_cmd) { 507 kfree_skb(hdev->sent_cmd); 508 hdev->sent_cmd = NULL; 509 } 510 511 hdev->close(hdev); 512 hdev->flags = 0; 513 } 514 515 done: 516 hci_req_unlock(hdev); 517 hci_dev_put(hdev); 518 return ret; 519 } 520 521 static int hci_dev_do_close(struct hci_dev *hdev) 522 { 523 BT_DBG("%s %p", hdev->name, hdev); 524 525 hci_req_cancel(hdev, ENODEV); 526 hci_req_lock(hdev); 527 528 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) { 529 hci_req_unlock(hdev); 530 return 0; 531 } 532 533 /* Kill RX and TX tasks */ 534 tasklet_kill(&hdev->rx_task); 535 tasklet_kill(&hdev->tx_task); 536 537 hci_dev_lock_bh(hdev); 538 inquiry_cache_flush(hdev); 539 hci_conn_hash_flush(hdev); 540 hci_dev_unlock_bh(hdev); 541 542 hci_notify(hdev, HCI_DEV_DOWN); 543 544 if (hdev->flush) 545 hdev->flush(hdev); 546 547 /* Reset device */ 548 skb_queue_purge(&hdev->cmd_q); 549 atomic_set(&hdev->cmd_cnt, 1); 550 if (!test_bit(HCI_RAW, &hdev->flags)) { 551 set_bit(HCI_INIT, &hdev->flags); 552 __hci_request(hdev, hci_reset_req, 0, HZ/4); 553 clear_bit(HCI_INIT, &hdev->flags); 554 } 555 556 /* Kill cmd task */ 557 tasklet_kill(&hdev->cmd_task); 558 559 /* Drop queues */ 560 skb_queue_purge(&hdev->rx_q); 561 skb_queue_purge(&hdev->cmd_q); 562 skb_queue_purge(&hdev->raw_q); 563 564 /* Drop last sent command */ 565 if (hdev->sent_cmd) { 566 kfree_skb(hdev->sent_cmd); 567 hdev->sent_cmd = NULL; 568 } 569 570 /* After this point our queues are empty 571 * and no tasks are scheduled. */ 572 hdev->close(hdev); 573 574 /* Clear flags */ 575 hdev->flags = 0; 576 577 hci_req_unlock(hdev); 578 579 hci_dev_put(hdev); 580 return 0; 581 } 582 583 int hci_dev_close(__u16 dev) 584 { 585 struct hci_dev *hdev; 586 int err; 587 588 if (!(hdev = hci_dev_get(dev))) 589 return -ENODEV; 590 err = hci_dev_do_close(hdev); 591 hci_dev_put(hdev); 592 return err; 593 } 594 595 int hci_dev_reset(__u16 dev) 596 { 597 struct hci_dev *hdev; 598 int ret = 0; 599 600 if (!(hdev = hci_dev_get(dev))) 601 return -ENODEV; 602 603 hci_req_lock(hdev); 604 tasklet_disable(&hdev->tx_task); 605 606 if (!test_bit(HCI_UP, &hdev->flags)) 607 goto done; 608 609 /* Drop queues */ 610 skb_queue_purge(&hdev->rx_q); 611 skb_queue_purge(&hdev->cmd_q); 612 613 hci_dev_lock_bh(hdev); 614 inquiry_cache_flush(hdev); 615 hci_conn_hash_flush(hdev); 616 hci_dev_unlock_bh(hdev); 617 618 if (hdev->flush) 619 hdev->flush(hdev); 620 621 atomic_set(&hdev->cmd_cnt, 1); 622 hdev->acl_cnt = 0; hdev->sco_cnt = 0; 623 624 if (!test_bit(HCI_RAW, &hdev->flags)) 625 ret = __hci_request(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT); 626 627 done: 628 tasklet_enable(&hdev->tx_task); 629 hci_req_unlock(hdev); 630 hci_dev_put(hdev); 631 return ret; 632 } 633 634 int hci_dev_reset_stat(__u16 dev) 635 { 636 struct hci_dev *hdev; 637 int ret = 0; 638 639 if (!(hdev = hci_dev_get(dev))) 640 return -ENODEV; 641 642 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats)); 643 644 hci_dev_put(hdev); 645 646 return ret; 647 } 648 649 int hci_dev_cmd(unsigned int cmd, void __user *arg) 650 { 651 struct hci_dev *hdev; 652 struct hci_dev_req dr; 653 int err = 0; 654 655 if (copy_from_user(&dr, arg, sizeof(dr))) 656 return -EFAULT; 657 658 if (!(hdev = hci_dev_get(dr.dev_id))) 659 return -ENODEV; 660 661 switch (cmd) { 662 case HCISETAUTH: 663 err = hci_request(hdev, hci_auth_req, dr.dev_opt, HCI_INIT_TIMEOUT); 664 break; 665 666 case HCISETENCRYPT: 667 if (!lmp_encrypt_capable(hdev)) { 668 err = -EOPNOTSUPP; 669 break; 670 } 671 672 if (!test_bit(HCI_AUTH, &hdev->flags)) { 673 /* Auth must be enabled first */ 674 err = hci_request(hdev, hci_auth_req, 675 dr.dev_opt, HCI_INIT_TIMEOUT); 676 if (err) 677 break; 678 } 679 680 err = hci_request(hdev, hci_encrypt_req, 681 dr.dev_opt, HCI_INIT_TIMEOUT); 682 break; 683 684 case HCISETSCAN: 685 err = hci_request(hdev, hci_scan_req, dr.dev_opt, HCI_INIT_TIMEOUT); 686 break; 687 688 case HCISETPTYPE: 689 hdev->pkt_type = (__u16) dr.dev_opt; 690 break; 691 692 case HCISETLINKPOL: 693 hdev->link_policy = (__u16) dr.dev_opt; 694 break; 695 696 case HCISETLINKMODE: 697 hdev->link_mode = ((__u16) dr.dev_opt) & (HCI_LM_MASTER | HCI_LM_ACCEPT); 698 break; 699 700 case HCISETACLMTU: 701 hdev->acl_mtu = *((__u16 *)&dr.dev_opt + 1); 702 hdev->acl_pkts = *((__u16 *)&dr.dev_opt + 0); 703 break; 704 705 case HCISETSCOMTU: 706 hdev->sco_mtu = *((__u16 *)&dr.dev_opt + 1); 707 hdev->sco_pkts = *((__u16 *)&dr.dev_opt + 0); 708 break; 709 710 default: 711 err = -EINVAL; 712 break; 713 } 714 hci_dev_put(hdev); 715 return err; 716 } 717 718 int hci_get_dev_list(void __user *arg) 719 { 720 struct hci_dev_list_req *dl; 721 struct hci_dev_req *dr; 722 struct list_head *p; 723 int n = 0, size, err; 724 __u16 dev_num; 725 726 if (get_user(dev_num, (__u16 __user *) arg)) 727 return -EFAULT; 728 729 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr)) 730 return -EINVAL; 731 732 size = sizeof(*dl) + dev_num * sizeof(*dr); 733 734 if (!(dl = kmalloc(size, GFP_KERNEL))) 735 return -ENOMEM; 736 737 dr = dl->dev_req; 738 739 read_lock_bh(&hci_dev_list_lock); 740 list_for_each(p, &hci_dev_list) { 741 struct hci_dev *hdev; 742 hdev = list_entry(p, struct hci_dev, list); 743 (dr + n)->dev_id = hdev->id; 744 (dr + n)->dev_opt = hdev->flags; 745 if (++n >= dev_num) 746 break; 747 } 748 read_unlock_bh(&hci_dev_list_lock); 749 750 dl->dev_num = n; 751 size = sizeof(*dl) + n * sizeof(*dr); 752 753 err = copy_to_user(arg, dl, size); 754 kfree(dl); 755 756 return err ? -EFAULT : 0; 757 } 758 759 int hci_get_dev_info(void __user *arg) 760 { 761 struct hci_dev *hdev; 762 struct hci_dev_info di; 763 int err = 0; 764 765 if (copy_from_user(&di, arg, sizeof(di))) 766 return -EFAULT; 767 768 if (!(hdev = hci_dev_get(di.dev_id))) 769 return -ENODEV; 770 771 strcpy(di.name, hdev->name); 772 di.bdaddr = hdev->bdaddr; 773 di.type = hdev->type; 774 di.flags = hdev->flags; 775 di.pkt_type = hdev->pkt_type; 776 di.acl_mtu = hdev->acl_mtu; 777 di.acl_pkts = hdev->acl_pkts; 778 di.sco_mtu = hdev->sco_mtu; 779 di.sco_pkts = hdev->sco_pkts; 780 di.link_policy = hdev->link_policy; 781 di.link_mode = hdev->link_mode; 782 783 memcpy(&di.stat, &hdev->stat, sizeof(di.stat)); 784 memcpy(&di.features, &hdev->features, sizeof(di.features)); 785 786 if (copy_to_user(arg, &di, sizeof(di))) 787 err = -EFAULT; 788 789 hci_dev_put(hdev); 790 791 return err; 792 } 793 794 /* ---- Interface to HCI drivers ---- */ 795 796 /* Alloc HCI device */ 797 struct hci_dev *hci_alloc_dev(void) 798 { 799 struct hci_dev *hdev; 800 801 hdev = kmalloc(sizeof(struct hci_dev), GFP_KERNEL); 802 if (!hdev) 803 return NULL; 804 805 memset(hdev, 0, sizeof(struct hci_dev)); 806 807 skb_queue_head_init(&hdev->driver_init); 808 809 return hdev; 810 } 811 EXPORT_SYMBOL(hci_alloc_dev); 812 813 /* Free HCI device */ 814 void hci_free_dev(struct hci_dev *hdev) 815 { 816 skb_queue_purge(&hdev->driver_init); 817 818 /* will free via class release */ 819 class_device_put(&hdev->class_dev); 820 } 821 EXPORT_SYMBOL(hci_free_dev); 822 823 /* Register HCI device */ 824 int hci_register_dev(struct hci_dev *hdev) 825 { 826 struct list_head *head = &hci_dev_list, *p; 827 int id = 0; 828 829 BT_DBG("%p name %s type %d owner %p", hdev, hdev->name, hdev->type, hdev->owner); 830 831 if (!hdev->open || !hdev->close || !hdev->destruct) 832 return -EINVAL; 833 834 write_lock_bh(&hci_dev_list_lock); 835 836 /* Find first available device id */ 837 list_for_each(p, &hci_dev_list) { 838 if (list_entry(p, struct hci_dev, list)->id != id) 839 break; 840 head = p; id++; 841 } 842 843 sprintf(hdev->name, "hci%d", id); 844 hdev->id = id; 845 list_add(&hdev->list, head); 846 847 atomic_set(&hdev->refcnt, 1); 848 spin_lock_init(&hdev->lock); 849 850 hdev->flags = 0; 851 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1); 852 hdev->link_mode = (HCI_LM_ACCEPT); 853 854 tasklet_init(&hdev->cmd_task, hci_cmd_task,(unsigned long) hdev); 855 tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev); 856 tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev); 857 858 skb_queue_head_init(&hdev->rx_q); 859 skb_queue_head_init(&hdev->cmd_q); 860 skb_queue_head_init(&hdev->raw_q); 861 862 init_waitqueue_head(&hdev->req_wait_q); 863 init_MUTEX(&hdev->req_lock); 864 865 inquiry_cache_init(hdev); 866 867 hci_conn_hash_init(hdev); 868 869 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats)); 870 871 atomic_set(&hdev->promisc, 0); 872 873 write_unlock_bh(&hci_dev_list_lock); 874 875 hci_register_sysfs(hdev); 876 877 hci_notify(hdev, HCI_DEV_REG); 878 879 return id; 880 } 881 EXPORT_SYMBOL(hci_register_dev); 882 883 /* Unregister HCI device */ 884 int hci_unregister_dev(struct hci_dev *hdev) 885 { 886 BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type); 887 888 hci_unregister_sysfs(hdev); 889 890 write_lock_bh(&hci_dev_list_lock); 891 list_del(&hdev->list); 892 write_unlock_bh(&hci_dev_list_lock); 893 894 hci_dev_do_close(hdev); 895 896 hci_notify(hdev, HCI_DEV_UNREG); 897 898 __hci_dev_put(hdev); 899 return 0; 900 } 901 EXPORT_SYMBOL(hci_unregister_dev); 902 903 /* Suspend HCI device */ 904 int hci_suspend_dev(struct hci_dev *hdev) 905 { 906 hci_notify(hdev, HCI_DEV_SUSPEND); 907 return 0; 908 } 909 EXPORT_SYMBOL(hci_suspend_dev); 910 911 /* Resume HCI device */ 912 int hci_resume_dev(struct hci_dev *hdev) 913 { 914 hci_notify(hdev, HCI_DEV_RESUME); 915 return 0; 916 } 917 EXPORT_SYMBOL(hci_resume_dev); 918 919 /* ---- Interface to upper protocols ---- */ 920 921 /* Register/Unregister protocols. 922 * hci_task_lock is used to ensure that no tasks are running. */ 923 int hci_register_proto(struct hci_proto *hp) 924 { 925 int err = 0; 926 927 BT_DBG("%p name %s id %d", hp, hp->name, hp->id); 928 929 if (hp->id >= HCI_MAX_PROTO) 930 return -EINVAL; 931 932 write_lock_bh(&hci_task_lock); 933 934 if (!hci_proto[hp->id]) 935 hci_proto[hp->id] = hp; 936 else 937 err = -EEXIST; 938 939 write_unlock_bh(&hci_task_lock); 940 941 return err; 942 } 943 EXPORT_SYMBOL(hci_register_proto); 944 945 int hci_unregister_proto(struct hci_proto *hp) 946 { 947 int err = 0; 948 949 BT_DBG("%p name %s id %d", hp, hp->name, hp->id); 950 951 if (hp->id >= HCI_MAX_PROTO) 952 return -EINVAL; 953 954 write_lock_bh(&hci_task_lock); 955 956 if (hci_proto[hp->id]) 957 hci_proto[hp->id] = NULL; 958 else 959 err = -ENOENT; 960 961 write_unlock_bh(&hci_task_lock); 962 963 return err; 964 } 965 EXPORT_SYMBOL(hci_unregister_proto); 966 967 int hci_register_cb(struct hci_cb *cb) 968 { 969 BT_DBG("%p name %s", cb, cb->name); 970 971 write_lock_bh(&hci_cb_list_lock); 972 list_add(&cb->list, &hci_cb_list); 973 write_unlock_bh(&hci_cb_list_lock); 974 975 return 0; 976 } 977 EXPORT_SYMBOL(hci_register_cb); 978 979 int hci_unregister_cb(struct hci_cb *cb) 980 { 981 BT_DBG("%p name %s", cb, cb->name); 982 983 write_lock_bh(&hci_cb_list_lock); 984 list_del(&cb->list); 985 write_unlock_bh(&hci_cb_list_lock); 986 987 return 0; 988 } 989 EXPORT_SYMBOL(hci_unregister_cb); 990 991 static int hci_send_frame(struct sk_buff *skb) 992 { 993 struct hci_dev *hdev = (struct hci_dev *) skb->dev; 994 995 if (!hdev) { 996 kfree_skb(skb); 997 return -ENODEV; 998 } 999 1000 BT_DBG("%s type %d len %d", hdev->name, skb->pkt_type, skb->len); 1001 1002 if (atomic_read(&hdev->promisc)) { 1003 /* Time stamp */ 1004 do_gettimeofday(&skb->stamp); 1005 1006 hci_send_to_sock(hdev, skb); 1007 } 1008 1009 /* Get rid of skb owner, prior to sending to the driver. */ 1010 skb_orphan(skb); 1011 1012 return hdev->send(skb); 1013 } 1014 1015 /* Send HCI command */ 1016 int hci_send_cmd(struct hci_dev *hdev, __u16 ogf, __u16 ocf, __u32 plen, void *param) 1017 { 1018 int len = HCI_COMMAND_HDR_SIZE + plen; 1019 struct hci_command_hdr *hdr; 1020 struct sk_buff *skb; 1021 1022 BT_DBG("%s ogf 0x%x ocf 0x%x plen %d", hdev->name, ogf, ocf, plen); 1023 1024 skb = bt_skb_alloc(len, GFP_ATOMIC); 1025 if (!skb) { 1026 BT_ERR("%s Can't allocate memory for HCI command", hdev->name); 1027 return -ENOMEM; 1028 } 1029 1030 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE); 1031 hdr->opcode = __cpu_to_le16(hci_opcode_pack(ogf, ocf)); 1032 hdr->plen = plen; 1033 1034 if (plen) 1035 memcpy(skb_put(skb, plen), param, plen); 1036 1037 BT_DBG("skb len %d", skb->len); 1038 1039 skb->pkt_type = HCI_COMMAND_PKT; 1040 skb->dev = (void *) hdev; 1041 skb_queue_tail(&hdev->cmd_q, skb); 1042 hci_sched_cmd(hdev); 1043 1044 return 0; 1045 } 1046 EXPORT_SYMBOL(hci_send_cmd); 1047 1048 /* Get data from the previously sent command */ 1049 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 ogf, __u16 ocf) 1050 { 1051 struct hci_command_hdr *hdr; 1052 1053 if (!hdev->sent_cmd) 1054 return NULL; 1055 1056 hdr = (void *) hdev->sent_cmd->data; 1057 1058 if (hdr->opcode != __cpu_to_le16(hci_opcode_pack(ogf, ocf))) 1059 return NULL; 1060 1061 BT_DBG("%s ogf 0x%x ocf 0x%x", hdev->name, ogf, ocf); 1062 1063 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE; 1064 } 1065 1066 /* Send ACL data */ 1067 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags) 1068 { 1069 struct hci_acl_hdr *hdr; 1070 int len = skb->len; 1071 1072 hdr = (struct hci_acl_hdr *) skb_push(skb, HCI_ACL_HDR_SIZE); 1073 hdr->handle = __cpu_to_le16(hci_handle_pack(handle, flags)); 1074 hdr->dlen = __cpu_to_le16(len); 1075 1076 skb->h.raw = (void *) hdr; 1077 } 1078 1079 int hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags) 1080 { 1081 struct hci_dev *hdev = conn->hdev; 1082 struct sk_buff *list; 1083 1084 BT_DBG("%s conn %p flags 0x%x", hdev->name, conn, flags); 1085 1086 skb->dev = (void *) hdev; 1087 skb->pkt_type = HCI_ACLDATA_PKT; 1088 hci_add_acl_hdr(skb, conn->handle, flags | ACL_START); 1089 1090 if (!(list = skb_shinfo(skb)->frag_list)) { 1091 /* Non fragmented */ 1092 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len); 1093 1094 skb_queue_tail(&conn->data_q, skb); 1095 } else { 1096 /* Fragmented */ 1097 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len); 1098 1099 skb_shinfo(skb)->frag_list = NULL; 1100 1101 /* Queue all fragments atomically */ 1102 spin_lock_bh(&conn->data_q.lock); 1103 1104 __skb_queue_tail(&conn->data_q, skb); 1105 do { 1106 skb = list; list = list->next; 1107 1108 skb->dev = (void *) hdev; 1109 skb->pkt_type = HCI_ACLDATA_PKT; 1110 hci_add_acl_hdr(skb, conn->handle, flags | ACL_CONT); 1111 1112 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len); 1113 1114 __skb_queue_tail(&conn->data_q, skb); 1115 } while (list); 1116 1117 spin_unlock_bh(&conn->data_q.lock); 1118 } 1119 1120 hci_sched_tx(hdev); 1121 return 0; 1122 } 1123 EXPORT_SYMBOL(hci_send_acl); 1124 1125 /* Send SCO data */ 1126 int hci_send_sco(struct hci_conn *conn, struct sk_buff *skb) 1127 { 1128 struct hci_dev *hdev = conn->hdev; 1129 struct hci_sco_hdr hdr; 1130 1131 BT_DBG("%s len %d", hdev->name, skb->len); 1132 1133 if (skb->len > hdev->sco_mtu) { 1134 kfree_skb(skb); 1135 return -EINVAL; 1136 } 1137 1138 hdr.handle = __cpu_to_le16(conn->handle); 1139 hdr.dlen = skb->len; 1140 1141 skb->h.raw = skb_push(skb, HCI_SCO_HDR_SIZE); 1142 memcpy(skb->h.raw, &hdr, HCI_SCO_HDR_SIZE); 1143 1144 skb->dev = (void *) hdev; 1145 skb->pkt_type = HCI_SCODATA_PKT; 1146 skb_queue_tail(&conn->data_q, skb); 1147 hci_sched_tx(hdev); 1148 return 0; 1149 } 1150 EXPORT_SYMBOL(hci_send_sco); 1151 1152 /* ---- HCI TX task (outgoing data) ---- */ 1153 1154 /* HCI Connection scheduler */ 1155 static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote) 1156 { 1157 struct hci_conn_hash *h = &hdev->conn_hash; 1158 struct hci_conn *conn = NULL; 1159 int num = 0, min = ~0; 1160 struct list_head *p; 1161 1162 /* We don't have to lock device here. Connections are always 1163 * added and removed with TX task disabled. */ 1164 list_for_each(p, &h->list) { 1165 struct hci_conn *c; 1166 c = list_entry(p, struct hci_conn, list); 1167 1168 if (c->type != type || c->state != BT_CONNECTED 1169 || skb_queue_empty(&c->data_q)) 1170 continue; 1171 num++; 1172 1173 if (c->sent < min) { 1174 min = c->sent; 1175 conn = c; 1176 } 1177 } 1178 1179 if (conn) { 1180 int cnt = (type == ACL_LINK ? hdev->acl_cnt : hdev->sco_cnt); 1181 int q = cnt / num; 1182 *quote = q ? q : 1; 1183 } else 1184 *quote = 0; 1185 1186 BT_DBG("conn %p quote %d", conn, *quote); 1187 return conn; 1188 } 1189 1190 static inline void hci_acl_tx_to(struct hci_dev *hdev) 1191 { 1192 struct hci_conn_hash *h = &hdev->conn_hash; 1193 struct list_head *p; 1194 struct hci_conn *c; 1195 1196 BT_ERR("%s ACL tx timeout", hdev->name); 1197 1198 /* Kill stalled connections */ 1199 list_for_each(p, &h->list) { 1200 c = list_entry(p, struct hci_conn, list); 1201 if (c->type == ACL_LINK && c->sent) { 1202 BT_ERR("%s killing stalled ACL connection %s", 1203 hdev->name, batostr(&c->dst)); 1204 hci_acl_disconn(c, 0x13); 1205 } 1206 } 1207 } 1208 1209 static inline void hci_sched_acl(struct hci_dev *hdev) 1210 { 1211 struct hci_conn *conn; 1212 struct sk_buff *skb; 1213 int quote; 1214 1215 BT_DBG("%s", hdev->name); 1216 1217 if (!test_bit(HCI_RAW, &hdev->flags)) { 1218 /* ACL tx timeout must be longer than maximum 1219 * link supervision timeout (40.9 seconds) */ 1220 if (!hdev->acl_cnt && (jiffies - hdev->acl_last_tx) > (HZ * 45)) 1221 hci_acl_tx_to(hdev); 1222 } 1223 1224 while (hdev->acl_cnt && (conn = hci_low_sent(hdev, ACL_LINK, "e))) { 1225 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 1226 BT_DBG("skb %p len %d", skb, skb->len); 1227 hci_send_frame(skb); 1228 hdev->acl_last_tx = jiffies; 1229 1230 hdev->acl_cnt--; 1231 conn->sent++; 1232 } 1233 } 1234 } 1235 1236 /* Schedule SCO */ 1237 static inline void hci_sched_sco(struct hci_dev *hdev) 1238 { 1239 struct hci_conn *conn; 1240 struct sk_buff *skb; 1241 int quote; 1242 1243 BT_DBG("%s", hdev->name); 1244 1245 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) { 1246 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 1247 BT_DBG("skb %p len %d", skb, skb->len); 1248 hci_send_frame(skb); 1249 1250 conn->sent++; 1251 if (conn->sent == ~0) 1252 conn->sent = 0; 1253 } 1254 } 1255 } 1256 1257 static void hci_tx_task(unsigned long arg) 1258 { 1259 struct hci_dev *hdev = (struct hci_dev *) arg; 1260 struct sk_buff *skb; 1261 1262 read_lock(&hci_task_lock); 1263 1264 BT_DBG("%s acl %d sco %d", hdev->name, hdev->acl_cnt, hdev->sco_cnt); 1265 1266 /* Schedule queues and send stuff to HCI driver */ 1267 1268 hci_sched_acl(hdev); 1269 1270 hci_sched_sco(hdev); 1271 1272 /* Send next queued raw (unknown type) packet */ 1273 while ((skb = skb_dequeue(&hdev->raw_q))) 1274 hci_send_frame(skb); 1275 1276 read_unlock(&hci_task_lock); 1277 } 1278 1279 /* ----- HCI RX task (incoming data proccessing) ----- */ 1280 1281 /* ACL data packet */ 1282 static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb) 1283 { 1284 struct hci_acl_hdr *hdr = (void *) skb->data; 1285 struct hci_conn *conn; 1286 __u16 handle, flags; 1287 1288 skb_pull(skb, HCI_ACL_HDR_SIZE); 1289 1290 handle = __le16_to_cpu(hdr->handle); 1291 flags = hci_flags(handle); 1292 handle = hci_handle(handle); 1293 1294 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags); 1295 1296 hdev->stat.acl_rx++; 1297 1298 hci_dev_lock(hdev); 1299 conn = hci_conn_hash_lookup_handle(hdev, handle); 1300 hci_dev_unlock(hdev); 1301 1302 if (conn) { 1303 register struct hci_proto *hp; 1304 1305 /* Send to upper protocol */ 1306 if ((hp = hci_proto[HCI_PROTO_L2CAP]) && hp->recv_acldata) { 1307 hp->recv_acldata(conn, skb, flags); 1308 return; 1309 } 1310 } else { 1311 BT_ERR("%s ACL packet for unknown connection handle %d", 1312 hdev->name, handle); 1313 } 1314 1315 kfree_skb(skb); 1316 } 1317 1318 /* SCO data packet */ 1319 static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb) 1320 { 1321 struct hci_sco_hdr *hdr = (void *) skb->data; 1322 struct hci_conn *conn; 1323 __u16 handle; 1324 1325 skb_pull(skb, HCI_SCO_HDR_SIZE); 1326 1327 handle = __le16_to_cpu(hdr->handle); 1328 1329 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle); 1330 1331 hdev->stat.sco_rx++; 1332 1333 hci_dev_lock(hdev); 1334 conn = hci_conn_hash_lookup_handle(hdev, handle); 1335 hci_dev_unlock(hdev); 1336 1337 if (conn) { 1338 register struct hci_proto *hp; 1339 1340 /* Send to upper protocol */ 1341 if ((hp = hci_proto[HCI_PROTO_SCO]) && hp->recv_scodata) { 1342 hp->recv_scodata(conn, skb); 1343 return; 1344 } 1345 } else { 1346 BT_ERR("%s SCO packet for unknown connection handle %d", 1347 hdev->name, handle); 1348 } 1349 1350 kfree_skb(skb); 1351 } 1352 1353 void hci_rx_task(unsigned long arg) 1354 { 1355 struct hci_dev *hdev = (struct hci_dev *) arg; 1356 struct sk_buff *skb; 1357 1358 BT_DBG("%s", hdev->name); 1359 1360 read_lock(&hci_task_lock); 1361 1362 while ((skb = skb_dequeue(&hdev->rx_q))) { 1363 if (atomic_read(&hdev->promisc)) { 1364 /* Send copy to the sockets */ 1365 hci_send_to_sock(hdev, skb); 1366 } 1367 1368 if (test_bit(HCI_RAW, &hdev->flags)) { 1369 kfree_skb(skb); 1370 continue; 1371 } 1372 1373 if (test_bit(HCI_INIT, &hdev->flags)) { 1374 /* Don't process data packets in this states. */ 1375 switch (skb->pkt_type) { 1376 case HCI_ACLDATA_PKT: 1377 case HCI_SCODATA_PKT: 1378 kfree_skb(skb); 1379 continue; 1380 }; 1381 } 1382 1383 /* Process frame */ 1384 switch (skb->pkt_type) { 1385 case HCI_EVENT_PKT: 1386 hci_event_packet(hdev, skb); 1387 break; 1388 1389 case HCI_ACLDATA_PKT: 1390 BT_DBG("%s ACL data packet", hdev->name); 1391 hci_acldata_packet(hdev, skb); 1392 break; 1393 1394 case HCI_SCODATA_PKT: 1395 BT_DBG("%s SCO data packet", hdev->name); 1396 hci_scodata_packet(hdev, skb); 1397 break; 1398 1399 default: 1400 kfree_skb(skb); 1401 break; 1402 } 1403 } 1404 1405 read_unlock(&hci_task_lock); 1406 } 1407 1408 static void hci_cmd_task(unsigned long arg) 1409 { 1410 struct hci_dev *hdev = (struct hci_dev *) arg; 1411 struct sk_buff *skb; 1412 1413 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt)); 1414 1415 if (!atomic_read(&hdev->cmd_cnt) && (jiffies - hdev->cmd_last_tx) > HZ) { 1416 BT_ERR("%s command tx timeout", hdev->name); 1417 atomic_set(&hdev->cmd_cnt, 1); 1418 } 1419 1420 /* Send queued commands */ 1421 if (atomic_read(&hdev->cmd_cnt) && (skb = skb_dequeue(&hdev->cmd_q))) { 1422 if (hdev->sent_cmd) 1423 kfree_skb(hdev->sent_cmd); 1424 1425 if ((hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC))) { 1426 atomic_dec(&hdev->cmd_cnt); 1427 hci_send_frame(skb); 1428 hdev->cmd_last_tx = jiffies; 1429 } else { 1430 skb_queue_head(&hdev->cmd_q, skb); 1431 hci_sched_cmd(hdev); 1432 } 1433 } 1434 } 1435