1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2011 ProFUSION Embedded Systems 5 6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License version 2 as 10 published by the Free Software Foundation; 11 12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 20 21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 23 SOFTWARE IS DISCLAIMED. 24 */ 25 26 /* Bluetooth HCI core. */ 27 28 #include <linux/export.h> 29 #include <linux/idr.h> 30 31 #include <linux/rfkill.h> 32 33 #include <net/bluetooth/bluetooth.h> 34 #include <net/bluetooth/hci_core.h> 35 36 static void hci_rx_work(struct work_struct *work); 37 static void hci_cmd_work(struct work_struct *work); 38 static void hci_tx_work(struct work_struct *work); 39 40 /* HCI device list */ 41 LIST_HEAD(hci_dev_list); 42 DEFINE_RWLOCK(hci_dev_list_lock); 43 44 /* HCI callback list */ 45 LIST_HEAD(hci_cb_list); 46 DEFINE_RWLOCK(hci_cb_list_lock); 47 48 /* HCI ID Numbering */ 49 static DEFINE_IDA(hci_index_ida); 50 51 /* ---- HCI notifications ---- */ 52 53 static void hci_notify(struct hci_dev *hdev, int event) 54 { 55 hci_sock_dev_event(hdev, event); 56 } 57 58 /* ---- HCI requests ---- */ 59 60 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result) 61 { 62 BT_DBG("%s result 0x%2.2x", hdev->name, result); 63 64 if (hdev->req_status == HCI_REQ_PEND) { 65 hdev->req_result = result; 66 hdev->req_status = HCI_REQ_DONE; 67 wake_up_interruptible(&hdev->req_wait_q); 68 } 69 } 70 71 static void hci_req_cancel(struct hci_dev *hdev, int err) 72 { 73 BT_DBG("%s err 0x%2.2x", hdev->name, err); 74 75 if (hdev->req_status == HCI_REQ_PEND) { 76 hdev->req_result = err; 77 hdev->req_status = HCI_REQ_CANCELED; 78 wake_up_interruptible(&hdev->req_wait_q); 79 } 80 } 81 82 static struct sk_buff *hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode, 83 u8 event) 84 { 85 struct hci_ev_cmd_complete *ev; 86 struct hci_event_hdr *hdr; 87 struct sk_buff *skb; 88 89 hci_dev_lock(hdev); 90 91 skb = hdev->recv_evt; 92 hdev->recv_evt = NULL; 93 94 hci_dev_unlock(hdev); 95 96 if (!skb) 97 return ERR_PTR(-ENODATA); 98 99 if (skb->len < sizeof(*hdr)) { 100 BT_ERR("Too short HCI event"); 101 goto failed; 102 } 103 104 hdr = (void *) skb->data; 105 skb_pull(skb, HCI_EVENT_HDR_SIZE); 106 107 if (event) { 108 if (hdr->evt != event) 109 goto failed; 110 return skb; 111 } 112 113 if (hdr->evt != HCI_EV_CMD_COMPLETE) { 114 BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr->evt); 115 goto failed; 116 } 117 118 if (skb->len < sizeof(*ev)) { 119 BT_ERR("Too short cmd_complete event"); 120 goto failed; 121 } 122 123 ev = (void *) skb->data; 124 skb_pull(skb, sizeof(*ev)); 125 126 if (opcode == __le16_to_cpu(ev->opcode)) 127 return skb; 128 129 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode, 130 __le16_to_cpu(ev->opcode)); 131 132 failed: 133 kfree_skb(skb); 134 return ERR_PTR(-ENODATA); 135 } 136 137 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen, 138 const void *param, u8 event, u32 timeout) 139 { 140 DECLARE_WAITQUEUE(wait, current); 141 struct hci_request req; 142 int err = 0; 143 144 BT_DBG("%s", hdev->name); 145 146 hci_req_init(&req, hdev); 147 148 hci_req_add_ev(&req, opcode, plen, param, event); 149 150 hdev->req_status = HCI_REQ_PEND; 151 152 err = hci_req_run(&req, hci_req_sync_complete); 153 if (err < 0) 154 return ERR_PTR(err); 155 156 add_wait_queue(&hdev->req_wait_q, &wait); 157 set_current_state(TASK_INTERRUPTIBLE); 158 159 schedule_timeout(timeout); 160 161 remove_wait_queue(&hdev->req_wait_q, &wait); 162 163 if (signal_pending(current)) 164 return ERR_PTR(-EINTR); 165 166 switch (hdev->req_status) { 167 case HCI_REQ_DONE: 168 err = -bt_to_errno(hdev->req_result); 169 break; 170 171 case HCI_REQ_CANCELED: 172 err = -hdev->req_result; 173 break; 174 175 default: 176 err = -ETIMEDOUT; 177 break; 178 } 179 180 hdev->req_status = hdev->req_result = 0; 181 182 BT_DBG("%s end: err %d", hdev->name, err); 183 184 if (err < 0) 185 return ERR_PTR(err); 186 187 return hci_get_cmd_complete(hdev, opcode, event); 188 } 189 EXPORT_SYMBOL(__hci_cmd_sync_ev); 190 191 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen, 192 const void *param, u32 timeout) 193 { 194 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout); 195 } 196 EXPORT_SYMBOL(__hci_cmd_sync); 197 198 /* Execute request and wait for completion. */ 199 static int __hci_req_sync(struct hci_dev *hdev, 200 void (*func)(struct hci_request *req, 201 unsigned long opt), 202 unsigned long opt, __u32 timeout) 203 { 204 struct hci_request req; 205 DECLARE_WAITQUEUE(wait, current); 206 int err = 0; 207 208 BT_DBG("%s start", hdev->name); 209 210 hci_req_init(&req, hdev); 211 212 hdev->req_status = HCI_REQ_PEND; 213 214 func(&req, opt); 215 216 err = hci_req_run(&req, hci_req_sync_complete); 217 if (err < 0) { 218 hdev->req_status = 0; 219 220 /* ENODATA means the HCI request command queue is empty. 221 * This can happen when a request with conditionals doesn't 222 * trigger any commands to be sent. This is normal behavior 223 * and should not trigger an error return. 224 */ 225 if (err == -ENODATA) 226 return 0; 227 228 return err; 229 } 230 231 add_wait_queue(&hdev->req_wait_q, &wait); 232 set_current_state(TASK_INTERRUPTIBLE); 233 234 schedule_timeout(timeout); 235 236 remove_wait_queue(&hdev->req_wait_q, &wait); 237 238 if (signal_pending(current)) 239 return -EINTR; 240 241 switch (hdev->req_status) { 242 case HCI_REQ_DONE: 243 err = -bt_to_errno(hdev->req_result); 244 break; 245 246 case HCI_REQ_CANCELED: 247 err = -hdev->req_result; 248 break; 249 250 default: 251 err = -ETIMEDOUT; 252 break; 253 } 254 255 hdev->req_status = hdev->req_result = 0; 256 257 BT_DBG("%s end: err %d", hdev->name, err); 258 259 return err; 260 } 261 262 static int hci_req_sync(struct hci_dev *hdev, 263 void (*req)(struct hci_request *req, 264 unsigned long opt), 265 unsigned long opt, __u32 timeout) 266 { 267 int ret; 268 269 if (!test_bit(HCI_UP, &hdev->flags)) 270 return -ENETDOWN; 271 272 /* Serialize all requests */ 273 hci_req_lock(hdev); 274 ret = __hci_req_sync(hdev, req, opt, timeout); 275 hci_req_unlock(hdev); 276 277 return ret; 278 } 279 280 static void hci_reset_req(struct hci_request *req, unsigned long opt) 281 { 282 BT_DBG("%s %ld", req->hdev->name, opt); 283 284 /* Reset device */ 285 set_bit(HCI_RESET, &req->hdev->flags); 286 hci_req_add(req, HCI_OP_RESET, 0, NULL); 287 } 288 289 static void bredr_init(struct hci_request *req) 290 { 291 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED; 292 293 /* Read Local Supported Features */ 294 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL); 295 296 /* Read Local Version */ 297 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL); 298 299 /* Read BD Address */ 300 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL); 301 } 302 303 static void amp_init(struct hci_request *req) 304 { 305 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED; 306 307 /* Read Local Version */ 308 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL); 309 310 /* Read Local AMP Info */ 311 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL); 312 313 /* Read Data Blk size */ 314 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL); 315 } 316 317 static void hci_init1_req(struct hci_request *req, unsigned long opt) 318 { 319 struct hci_dev *hdev = req->hdev; 320 321 BT_DBG("%s %ld", hdev->name, opt); 322 323 /* Reset */ 324 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) 325 hci_reset_req(req, 0); 326 327 switch (hdev->dev_type) { 328 case HCI_BREDR: 329 bredr_init(req); 330 break; 331 332 case HCI_AMP: 333 amp_init(req); 334 break; 335 336 default: 337 BT_ERR("Unknown device type %d", hdev->dev_type); 338 break; 339 } 340 } 341 342 static void bredr_setup(struct hci_request *req) 343 { 344 __le16 param; 345 __u8 flt_type; 346 347 /* Read Buffer Size (ACL mtu, max pkt, etc.) */ 348 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL); 349 350 /* Read Class of Device */ 351 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL); 352 353 /* Read Local Name */ 354 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL); 355 356 /* Read Voice Setting */ 357 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL); 358 359 /* Clear Event Filters */ 360 flt_type = HCI_FLT_CLEAR_ALL; 361 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type); 362 363 /* Connection accept timeout ~20 secs */ 364 param = __constant_cpu_to_le16(0x7d00); 365 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m); 366 367 /* Read page scan parameters */ 368 if (req->hdev->hci_ver > BLUETOOTH_VER_1_1) { 369 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL); 370 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL); 371 } 372 } 373 374 static void le_setup(struct hci_request *req) 375 { 376 struct hci_dev *hdev = req->hdev; 377 378 /* Read LE Buffer Size */ 379 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL); 380 381 /* Read LE Local Supported Features */ 382 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL); 383 384 /* Read LE Advertising Channel TX Power */ 385 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL); 386 387 /* Read LE White List Size */ 388 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL); 389 390 /* Read LE Supported States */ 391 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL); 392 393 /* LE-only controllers have LE implicitly enabled */ 394 if (!lmp_bredr_capable(hdev)) 395 set_bit(HCI_LE_ENABLED, &hdev->dev_flags); 396 } 397 398 static u8 hci_get_inquiry_mode(struct hci_dev *hdev) 399 { 400 if (lmp_ext_inq_capable(hdev)) 401 return 0x02; 402 403 if (lmp_inq_rssi_capable(hdev)) 404 return 0x01; 405 406 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 && 407 hdev->lmp_subver == 0x0757) 408 return 0x01; 409 410 if (hdev->manufacturer == 15) { 411 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963) 412 return 0x01; 413 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963) 414 return 0x01; 415 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965) 416 return 0x01; 417 } 418 419 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 && 420 hdev->lmp_subver == 0x1805) 421 return 0x01; 422 423 return 0x00; 424 } 425 426 static void hci_setup_inquiry_mode(struct hci_request *req) 427 { 428 u8 mode; 429 430 mode = hci_get_inquiry_mode(req->hdev); 431 432 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode); 433 } 434 435 static void hci_setup_event_mask(struct hci_request *req) 436 { 437 struct hci_dev *hdev = req->hdev; 438 439 /* The second byte is 0xff instead of 0x9f (two reserved bits 440 * disabled) since a Broadcom 1.2 dongle doesn't respond to the 441 * command otherwise. 442 */ 443 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 }; 444 445 /* CSR 1.1 dongles does not accept any bitfield so don't try to set 446 * any event mask for pre 1.2 devices. 447 */ 448 if (hdev->hci_ver < BLUETOOTH_VER_1_2) 449 return; 450 451 if (lmp_bredr_capable(hdev)) { 452 events[4] |= 0x01; /* Flow Specification Complete */ 453 events[4] |= 0x02; /* Inquiry Result with RSSI */ 454 events[4] |= 0x04; /* Read Remote Extended Features Complete */ 455 events[5] |= 0x08; /* Synchronous Connection Complete */ 456 events[5] |= 0x10; /* Synchronous Connection Changed */ 457 } 458 459 if (lmp_inq_rssi_capable(hdev)) 460 events[4] |= 0x02; /* Inquiry Result with RSSI */ 461 462 if (lmp_sniffsubr_capable(hdev)) 463 events[5] |= 0x20; /* Sniff Subrating */ 464 465 if (lmp_pause_enc_capable(hdev)) 466 events[5] |= 0x80; /* Encryption Key Refresh Complete */ 467 468 if (lmp_ext_inq_capable(hdev)) 469 events[5] |= 0x40; /* Extended Inquiry Result */ 470 471 if (lmp_no_flush_capable(hdev)) 472 events[7] |= 0x01; /* Enhanced Flush Complete */ 473 474 if (lmp_lsto_capable(hdev)) 475 events[6] |= 0x80; /* Link Supervision Timeout Changed */ 476 477 if (lmp_ssp_capable(hdev)) { 478 events[6] |= 0x01; /* IO Capability Request */ 479 events[6] |= 0x02; /* IO Capability Response */ 480 events[6] |= 0x04; /* User Confirmation Request */ 481 events[6] |= 0x08; /* User Passkey Request */ 482 events[6] |= 0x10; /* Remote OOB Data Request */ 483 events[6] |= 0x20; /* Simple Pairing Complete */ 484 events[7] |= 0x04; /* User Passkey Notification */ 485 events[7] |= 0x08; /* Keypress Notification */ 486 events[7] |= 0x10; /* Remote Host Supported 487 * Features Notification 488 */ 489 } 490 491 if (lmp_le_capable(hdev)) 492 events[7] |= 0x20; /* LE Meta-Event */ 493 494 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events); 495 496 if (lmp_le_capable(hdev)) { 497 memset(events, 0, sizeof(events)); 498 events[0] = 0x1f; 499 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, 500 sizeof(events), events); 501 } 502 } 503 504 static void hci_init2_req(struct hci_request *req, unsigned long opt) 505 { 506 struct hci_dev *hdev = req->hdev; 507 508 if (lmp_bredr_capable(hdev)) 509 bredr_setup(req); 510 511 if (lmp_le_capable(hdev)) 512 le_setup(req); 513 514 hci_setup_event_mask(req); 515 516 if (hdev->hci_ver > BLUETOOTH_VER_1_1) 517 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL); 518 519 if (lmp_ssp_capable(hdev)) { 520 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) { 521 u8 mode = 0x01; 522 hci_req_add(req, HCI_OP_WRITE_SSP_MODE, 523 sizeof(mode), &mode); 524 } else { 525 struct hci_cp_write_eir cp; 526 527 memset(hdev->eir, 0, sizeof(hdev->eir)); 528 memset(&cp, 0, sizeof(cp)); 529 530 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 531 } 532 } 533 534 if (lmp_inq_rssi_capable(hdev)) 535 hci_setup_inquiry_mode(req); 536 537 if (lmp_inq_tx_pwr_capable(hdev)) 538 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL); 539 540 if (lmp_ext_feat_capable(hdev)) { 541 struct hci_cp_read_local_ext_features cp; 542 543 cp.page = 0x01; 544 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES, 545 sizeof(cp), &cp); 546 } 547 548 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) { 549 u8 enable = 1; 550 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable), 551 &enable); 552 } 553 } 554 555 static void hci_setup_link_policy(struct hci_request *req) 556 { 557 struct hci_dev *hdev = req->hdev; 558 struct hci_cp_write_def_link_policy cp; 559 u16 link_policy = 0; 560 561 if (lmp_rswitch_capable(hdev)) 562 link_policy |= HCI_LP_RSWITCH; 563 if (lmp_hold_capable(hdev)) 564 link_policy |= HCI_LP_HOLD; 565 if (lmp_sniff_capable(hdev)) 566 link_policy |= HCI_LP_SNIFF; 567 if (lmp_park_capable(hdev)) 568 link_policy |= HCI_LP_PARK; 569 570 cp.policy = cpu_to_le16(link_policy); 571 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp); 572 } 573 574 static void hci_set_le_support(struct hci_request *req) 575 { 576 struct hci_dev *hdev = req->hdev; 577 struct hci_cp_write_le_host_supported cp; 578 579 /* LE-only devices do not support explicit enablement */ 580 if (!lmp_bredr_capable(hdev)) 581 return; 582 583 memset(&cp, 0, sizeof(cp)); 584 585 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { 586 cp.le = 0x01; 587 cp.simul = lmp_le_br_capable(hdev); 588 } 589 590 if (cp.le != lmp_host_le_capable(hdev)) 591 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), 592 &cp); 593 } 594 595 static void hci_init3_req(struct hci_request *req, unsigned long opt) 596 { 597 struct hci_dev *hdev = req->hdev; 598 u8 p; 599 600 /* Only send HCI_Delete_Stored_Link_Key if it is supported */ 601 if (hdev->commands[6] & 0x80) { 602 struct hci_cp_delete_stored_link_key cp; 603 604 bacpy(&cp.bdaddr, BDADDR_ANY); 605 cp.delete_all = 0x01; 606 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY, 607 sizeof(cp), &cp); 608 } 609 610 if (hdev->commands[5] & 0x10) 611 hci_setup_link_policy(req); 612 613 if (lmp_le_capable(hdev)) { 614 hci_set_le_support(req); 615 hci_update_ad(req); 616 } 617 618 /* Read features beyond page 1 if available */ 619 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) { 620 struct hci_cp_read_local_ext_features cp; 621 622 cp.page = p; 623 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES, 624 sizeof(cp), &cp); 625 } 626 } 627 628 static int __hci_init(struct hci_dev *hdev) 629 { 630 int err; 631 632 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT); 633 if (err < 0) 634 return err; 635 636 /* HCI_BREDR covers both single-mode LE, BR/EDR and dual-mode 637 * BR/EDR/LE type controllers. AMP controllers only need the 638 * first stage init. 639 */ 640 if (hdev->dev_type != HCI_BREDR) 641 return 0; 642 643 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT); 644 if (err < 0) 645 return err; 646 647 return __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT); 648 } 649 650 static void hci_scan_req(struct hci_request *req, unsigned long opt) 651 { 652 __u8 scan = opt; 653 654 BT_DBG("%s %x", req->hdev->name, scan); 655 656 /* Inquiry and Page scans */ 657 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 658 } 659 660 static void hci_auth_req(struct hci_request *req, unsigned long opt) 661 { 662 __u8 auth = opt; 663 664 BT_DBG("%s %x", req->hdev->name, auth); 665 666 /* Authentication */ 667 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth); 668 } 669 670 static void hci_encrypt_req(struct hci_request *req, unsigned long opt) 671 { 672 __u8 encrypt = opt; 673 674 BT_DBG("%s %x", req->hdev->name, encrypt); 675 676 /* Encryption */ 677 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt); 678 } 679 680 static void hci_linkpol_req(struct hci_request *req, unsigned long opt) 681 { 682 __le16 policy = cpu_to_le16(opt); 683 684 BT_DBG("%s %x", req->hdev->name, policy); 685 686 /* Default link policy */ 687 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy); 688 } 689 690 /* Get HCI device by index. 691 * Device is held on return. */ 692 struct hci_dev *hci_dev_get(int index) 693 { 694 struct hci_dev *hdev = NULL, *d; 695 696 BT_DBG("%d", index); 697 698 if (index < 0) 699 return NULL; 700 701 read_lock(&hci_dev_list_lock); 702 list_for_each_entry(d, &hci_dev_list, list) { 703 if (d->id == index) { 704 hdev = hci_dev_hold(d); 705 break; 706 } 707 } 708 read_unlock(&hci_dev_list_lock); 709 return hdev; 710 } 711 712 /* ---- Inquiry support ---- */ 713 714 bool hci_discovery_active(struct hci_dev *hdev) 715 { 716 struct discovery_state *discov = &hdev->discovery; 717 718 switch (discov->state) { 719 case DISCOVERY_FINDING: 720 case DISCOVERY_RESOLVING: 721 return true; 722 723 default: 724 return false; 725 } 726 } 727 728 void hci_discovery_set_state(struct hci_dev *hdev, int state) 729 { 730 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state); 731 732 if (hdev->discovery.state == state) 733 return; 734 735 switch (state) { 736 case DISCOVERY_STOPPED: 737 if (hdev->discovery.state != DISCOVERY_STARTING) 738 mgmt_discovering(hdev, 0); 739 break; 740 case DISCOVERY_STARTING: 741 break; 742 case DISCOVERY_FINDING: 743 mgmt_discovering(hdev, 1); 744 break; 745 case DISCOVERY_RESOLVING: 746 break; 747 case DISCOVERY_STOPPING: 748 break; 749 } 750 751 hdev->discovery.state = state; 752 } 753 754 static void inquiry_cache_flush(struct hci_dev *hdev) 755 { 756 struct discovery_state *cache = &hdev->discovery; 757 struct inquiry_entry *p, *n; 758 759 list_for_each_entry_safe(p, n, &cache->all, all) { 760 list_del(&p->all); 761 kfree(p); 762 } 763 764 INIT_LIST_HEAD(&cache->unknown); 765 INIT_LIST_HEAD(&cache->resolve); 766 } 767 768 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, 769 bdaddr_t *bdaddr) 770 { 771 struct discovery_state *cache = &hdev->discovery; 772 struct inquiry_entry *e; 773 774 BT_DBG("cache %p, %pMR", cache, bdaddr); 775 776 list_for_each_entry(e, &cache->all, all) { 777 if (!bacmp(&e->data.bdaddr, bdaddr)) 778 return e; 779 } 780 781 return NULL; 782 } 783 784 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev, 785 bdaddr_t *bdaddr) 786 { 787 struct discovery_state *cache = &hdev->discovery; 788 struct inquiry_entry *e; 789 790 BT_DBG("cache %p, %pMR", cache, bdaddr); 791 792 list_for_each_entry(e, &cache->unknown, list) { 793 if (!bacmp(&e->data.bdaddr, bdaddr)) 794 return e; 795 } 796 797 return NULL; 798 } 799 800 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev, 801 bdaddr_t *bdaddr, 802 int state) 803 { 804 struct discovery_state *cache = &hdev->discovery; 805 struct inquiry_entry *e; 806 807 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state); 808 809 list_for_each_entry(e, &cache->resolve, list) { 810 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state) 811 return e; 812 if (!bacmp(&e->data.bdaddr, bdaddr)) 813 return e; 814 } 815 816 return NULL; 817 } 818 819 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev, 820 struct inquiry_entry *ie) 821 { 822 struct discovery_state *cache = &hdev->discovery; 823 struct list_head *pos = &cache->resolve; 824 struct inquiry_entry *p; 825 826 list_del(&ie->list); 827 828 list_for_each_entry(p, &cache->resolve, list) { 829 if (p->name_state != NAME_PENDING && 830 abs(p->data.rssi) >= abs(ie->data.rssi)) 831 break; 832 pos = &p->list; 833 } 834 835 list_add(&ie->list, pos); 836 } 837 838 bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data, 839 bool name_known, bool *ssp) 840 { 841 struct discovery_state *cache = &hdev->discovery; 842 struct inquiry_entry *ie; 843 844 BT_DBG("cache %p, %pMR", cache, &data->bdaddr); 845 846 hci_remove_remote_oob_data(hdev, &data->bdaddr); 847 848 if (ssp) 849 *ssp = data->ssp_mode; 850 851 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr); 852 if (ie) { 853 if (ie->data.ssp_mode && ssp) 854 *ssp = true; 855 856 if (ie->name_state == NAME_NEEDED && 857 data->rssi != ie->data.rssi) { 858 ie->data.rssi = data->rssi; 859 hci_inquiry_cache_update_resolve(hdev, ie); 860 } 861 862 goto update; 863 } 864 865 /* Entry not in the cache. Add new one. */ 866 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC); 867 if (!ie) 868 return false; 869 870 list_add(&ie->all, &cache->all); 871 872 if (name_known) { 873 ie->name_state = NAME_KNOWN; 874 } else { 875 ie->name_state = NAME_NOT_KNOWN; 876 list_add(&ie->list, &cache->unknown); 877 } 878 879 update: 880 if (name_known && ie->name_state != NAME_KNOWN && 881 ie->name_state != NAME_PENDING) { 882 ie->name_state = NAME_KNOWN; 883 list_del(&ie->list); 884 } 885 886 memcpy(&ie->data, data, sizeof(*data)); 887 ie->timestamp = jiffies; 888 cache->timestamp = jiffies; 889 890 if (ie->name_state == NAME_NOT_KNOWN) 891 return false; 892 893 return true; 894 } 895 896 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf) 897 { 898 struct discovery_state *cache = &hdev->discovery; 899 struct inquiry_info *info = (struct inquiry_info *) buf; 900 struct inquiry_entry *e; 901 int copied = 0; 902 903 list_for_each_entry(e, &cache->all, all) { 904 struct inquiry_data *data = &e->data; 905 906 if (copied >= num) 907 break; 908 909 bacpy(&info->bdaddr, &data->bdaddr); 910 info->pscan_rep_mode = data->pscan_rep_mode; 911 info->pscan_period_mode = data->pscan_period_mode; 912 info->pscan_mode = data->pscan_mode; 913 memcpy(info->dev_class, data->dev_class, 3); 914 info->clock_offset = data->clock_offset; 915 916 info++; 917 copied++; 918 } 919 920 BT_DBG("cache %p, copied %d", cache, copied); 921 return copied; 922 } 923 924 static void hci_inq_req(struct hci_request *req, unsigned long opt) 925 { 926 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt; 927 struct hci_dev *hdev = req->hdev; 928 struct hci_cp_inquiry cp; 929 930 BT_DBG("%s", hdev->name); 931 932 if (test_bit(HCI_INQUIRY, &hdev->flags)) 933 return; 934 935 /* Start Inquiry */ 936 memcpy(&cp.lap, &ir->lap, 3); 937 cp.length = ir->length; 938 cp.num_rsp = ir->num_rsp; 939 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp); 940 } 941 942 static int wait_inquiry(void *word) 943 { 944 schedule(); 945 return signal_pending(current); 946 } 947 948 int hci_inquiry(void __user *arg) 949 { 950 __u8 __user *ptr = arg; 951 struct hci_inquiry_req ir; 952 struct hci_dev *hdev; 953 int err = 0, do_inquiry = 0, max_rsp; 954 long timeo; 955 __u8 *buf; 956 957 if (copy_from_user(&ir, ptr, sizeof(ir))) 958 return -EFAULT; 959 960 hdev = hci_dev_get(ir.dev_id); 961 if (!hdev) 962 return -ENODEV; 963 964 hci_dev_lock(hdev); 965 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX || 966 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) { 967 inquiry_cache_flush(hdev); 968 do_inquiry = 1; 969 } 970 hci_dev_unlock(hdev); 971 972 timeo = ir.length * msecs_to_jiffies(2000); 973 974 if (do_inquiry) { 975 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir, 976 timeo); 977 if (err < 0) 978 goto done; 979 980 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is 981 * cleared). If it is interrupted by a signal, return -EINTR. 982 */ 983 if (wait_on_bit(&hdev->flags, HCI_INQUIRY, wait_inquiry, 984 TASK_INTERRUPTIBLE)) 985 return -EINTR; 986 } 987 988 /* for unlimited number of responses we will use buffer with 989 * 255 entries 990 */ 991 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp; 992 993 /* cache_dump can't sleep. Therefore we allocate temp buffer and then 994 * copy it to the user space. 995 */ 996 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL); 997 if (!buf) { 998 err = -ENOMEM; 999 goto done; 1000 } 1001 1002 hci_dev_lock(hdev); 1003 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf); 1004 hci_dev_unlock(hdev); 1005 1006 BT_DBG("num_rsp %d", ir.num_rsp); 1007 1008 if (!copy_to_user(ptr, &ir, sizeof(ir))) { 1009 ptr += sizeof(ir); 1010 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) * 1011 ir.num_rsp)) 1012 err = -EFAULT; 1013 } else 1014 err = -EFAULT; 1015 1016 kfree(buf); 1017 1018 done: 1019 hci_dev_put(hdev); 1020 return err; 1021 } 1022 1023 static u8 create_ad(struct hci_dev *hdev, u8 *ptr) 1024 { 1025 u8 ad_len = 0, flags = 0; 1026 size_t name_len; 1027 1028 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) 1029 flags |= LE_AD_GENERAL; 1030 1031 if (!lmp_bredr_capable(hdev)) 1032 flags |= LE_AD_NO_BREDR; 1033 1034 if (lmp_le_br_capable(hdev)) 1035 flags |= LE_AD_SIM_LE_BREDR_CTRL; 1036 1037 if (lmp_host_le_br_capable(hdev)) 1038 flags |= LE_AD_SIM_LE_BREDR_HOST; 1039 1040 if (flags) { 1041 BT_DBG("adv flags 0x%02x", flags); 1042 1043 ptr[0] = 2; 1044 ptr[1] = EIR_FLAGS; 1045 ptr[2] = flags; 1046 1047 ad_len += 3; 1048 ptr += 3; 1049 } 1050 1051 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) { 1052 ptr[0] = 2; 1053 ptr[1] = EIR_TX_POWER; 1054 ptr[2] = (u8) hdev->adv_tx_power; 1055 1056 ad_len += 3; 1057 ptr += 3; 1058 } 1059 1060 name_len = strlen(hdev->dev_name); 1061 if (name_len > 0) { 1062 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2; 1063 1064 if (name_len > max_len) { 1065 name_len = max_len; 1066 ptr[1] = EIR_NAME_SHORT; 1067 } else 1068 ptr[1] = EIR_NAME_COMPLETE; 1069 1070 ptr[0] = name_len + 1; 1071 1072 memcpy(ptr + 2, hdev->dev_name, name_len); 1073 1074 ad_len += (name_len + 2); 1075 ptr += (name_len + 2); 1076 } 1077 1078 return ad_len; 1079 } 1080 1081 void hci_update_ad(struct hci_request *req) 1082 { 1083 struct hci_dev *hdev = req->hdev; 1084 struct hci_cp_le_set_adv_data cp; 1085 u8 len; 1086 1087 if (!lmp_le_capable(hdev)) 1088 return; 1089 1090 memset(&cp, 0, sizeof(cp)); 1091 1092 len = create_ad(hdev, cp.data); 1093 1094 if (hdev->adv_data_len == len && 1095 memcmp(cp.data, hdev->adv_data, len) == 0) 1096 return; 1097 1098 memcpy(hdev->adv_data, cp.data, sizeof(cp.data)); 1099 hdev->adv_data_len = len; 1100 1101 cp.length = len; 1102 1103 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp); 1104 } 1105 1106 /* ---- HCI ioctl helpers ---- */ 1107 1108 int hci_dev_open(__u16 dev) 1109 { 1110 struct hci_dev *hdev; 1111 int ret = 0; 1112 1113 hdev = hci_dev_get(dev); 1114 if (!hdev) 1115 return -ENODEV; 1116 1117 BT_DBG("%s %p", hdev->name, hdev); 1118 1119 hci_req_lock(hdev); 1120 1121 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) { 1122 ret = -ENODEV; 1123 goto done; 1124 } 1125 1126 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) { 1127 ret = -ERFKILL; 1128 goto done; 1129 } 1130 1131 if (test_bit(HCI_UP, &hdev->flags)) { 1132 ret = -EALREADY; 1133 goto done; 1134 } 1135 1136 if (hdev->open(hdev)) { 1137 ret = -EIO; 1138 goto done; 1139 } 1140 1141 atomic_set(&hdev->cmd_cnt, 1); 1142 set_bit(HCI_INIT, &hdev->flags); 1143 1144 if (hdev->setup && test_bit(HCI_SETUP, &hdev->dev_flags)) 1145 ret = hdev->setup(hdev); 1146 1147 if (!ret) { 1148 /* Treat all non BR/EDR controllers as raw devices if 1149 * enable_hs is not set. 1150 */ 1151 if (hdev->dev_type != HCI_BREDR && !enable_hs) 1152 set_bit(HCI_RAW, &hdev->flags); 1153 1154 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 1155 set_bit(HCI_RAW, &hdev->flags); 1156 1157 if (!test_bit(HCI_RAW, &hdev->flags)) 1158 ret = __hci_init(hdev); 1159 } 1160 1161 clear_bit(HCI_INIT, &hdev->flags); 1162 1163 if (!ret) { 1164 hci_dev_hold(hdev); 1165 set_bit(HCI_UP, &hdev->flags); 1166 hci_notify(hdev, HCI_DEV_UP); 1167 if (!test_bit(HCI_SETUP, &hdev->dev_flags) && 1168 mgmt_valid_hdev(hdev)) { 1169 hci_dev_lock(hdev); 1170 mgmt_powered(hdev, 1); 1171 hci_dev_unlock(hdev); 1172 } 1173 } else { 1174 /* Init failed, cleanup */ 1175 flush_work(&hdev->tx_work); 1176 flush_work(&hdev->cmd_work); 1177 flush_work(&hdev->rx_work); 1178 1179 skb_queue_purge(&hdev->cmd_q); 1180 skb_queue_purge(&hdev->rx_q); 1181 1182 if (hdev->flush) 1183 hdev->flush(hdev); 1184 1185 if (hdev->sent_cmd) { 1186 kfree_skb(hdev->sent_cmd); 1187 hdev->sent_cmd = NULL; 1188 } 1189 1190 hdev->close(hdev); 1191 hdev->flags = 0; 1192 } 1193 1194 done: 1195 hci_req_unlock(hdev); 1196 hci_dev_put(hdev); 1197 return ret; 1198 } 1199 1200 static int hci_dev_do_close(struct hci_dev *hdev) 1201 { 1202 BT_DBG("%s %p", hdev->name, hdev); 1203 1204 cancel_work_sync(&hdev->le_scan); 1205 1206 cancel_delayed_work(&hdev->power_off); 1207 1208 hci_req_cancel(hdev, ENODEV); 1209 hci_req_lock(hdev); 1210 1211 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) { 1212 del_timer_sync(&hdev->cmd_timer); 1213 hci_req_unlock(hdev); 1214 return 0; 1215 } 1216 1217 /* Flush RX and TX works */ 1218 flush_work(&hdev->tx_work); 1219 flush_work(&hdev->rx_work); 1220 1221 if (hdev->discov_timeout > 0) { 1222 cancel_delayed_work(&hdev->discov_off); 1223 hdev->discov_timeout = 0; 1224 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 1225 } 1226 1227 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 1228 cancel_delayed_work(&hdev->service_cache); 1229 1230 cancel_delayed_work_sync(&hdev->le_scan_disable); 1231 1232 hci_dev_lock(hdev); 1233 inquiry_cache_flush(hdev); 1234 hci_conn_hash_flush(hdev); 1235 hci_dev_unlock(hdev); 1236 1237 hci_notify(hdev, HCI_DEV_DOWN); 1238 1239 if (hdev->flush) 1240 hdev->flush(hdev); 1241 1242 /* Reset device */ 1243 skb_queue_purge(&hdev->cmd_q); 1244 atomic_set(&hdev->cmd_cnt, 1); 1245 if (!test_bit(HCI_RAW, &hdev->flags) && 1246 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) { 1247 set_bit(HCI_INIT, &hdev->flags); 1248 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT); 1249 clear_bit(HCI_INIT, &hdev->flags); 1250 } 1251 1252 /* flush cmd work */ 1253 flush_work(&hdev->cmd_work); 1254 1255 /* Drop queues */ 1256 skb_queue_purge(&hdev->rx_q); 1257 skb_queue_purge(&hdev->cmd_q); 1258 skb_queue_purge(&hdev->raw_q); 1259 1260 /* Drop last sent command */ 1261 if (hdev->sent_cmd) { 1262 del_timer_sync(&hdev->cmd_timer); 1263 kfree_skb(hdev->sent_cmd); 1264 hdev->sent_cmd = NULL; 1265 } 1266 1267 kfree_skb(hdev->recv_evt); 1268 hdev->recv_evt = NULL; 1269 1270 /* After this point our queues are empty 1271 * and no tasks are scheduled. */ 1272 hdev->close(hdev); 1273 1274 /* Clear flags */ 1275 hdev->flags = 0; 1276 hdev->dev_flags &= ~HCI_PERSISTENT_MASK; 1277 1278 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags) && 1279 mgmt_valid_hdev(hdev)) { 1280 hci_dev_lock(hdev); 1281 mgmt_powered(hdev, 0); 1282 hci_dev_unlock(hdev); 1283 } 1284 1285 /* Controller radio is available but is currently powered down */ 1286 hdev->amp_status = 0; 1287 1288 memset(hdev->eir, 0, sizeof(hdev->eir)); 1289 memset(hdev->dev_class, 0, sizeof(hdev->dev_class)); 1290 1291 hci_req_unlock(hdev); 1292 1293 hci_dev_put(hdev); 1294 return 0; 1295 } 1296 1297 int hci_dev_close(__u16 dev) 1298 { 1299 struct hci_dev *hdev; 1300 int err; 1301 1302 hdev = hci_dev_get(dev); 1303 if (!hdev) 1304 return -ENODEV; 1305 1306 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 1307 cancel_delayed_work(&hdev->power_off); 1308 1309 err = hci_dev_do_close(hdev); 1310 1311 hci_dev_put(hdev); 1312 return err; 1313 } 1314 1315 int hci_dev_reset(__u16 dev) 1316 { 1317 struct hci_dev *hdev; 1318 int ret = 0; 1319 1320 hdev = hci_dev_get(dev); 1321 if (!hdev) 1322 return -ENODEV; 1323 1324 hci_req_lock(hdev); 1325 1326 if (!test_bit(HCI_UP, &hdev->flags)) 1327 goto done; 1328 1329 /* Drop queues */ 1330 skb_queue_purge(&hdev->rx_q); 1331 skb_queue_purge(&hdev->cmd_q); 1332 1333 hci_dev_lock(hdev); 1334 inquiry_cache_flush(hdev); 1335 hci_conn_hash_flush(hdev); 1336 hci_dev_unlock(hdev); 1337 1338 if (hdev->flush) 1339 hdev->flush(hdev); 1340 1341 atomic_set(&hdev->cmd_cnt, 1); 1342 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0; 1343 1344 if (!test_bit(HCI_RAW, &hdev->flags)) 1345 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT); 1346 1347 done: 1348 hci_req_unlock(hdev); 1349 hci_dev_put(hdev); 1350 return ret; 1351 } 1352 1353 int hci_dev_reset_stat(__u16 dev) 1354 { 1355 struct hci_dev *hdev; 1356 int ret = 0; 1357 1358 hdev = hci_dev_get(dev); 1359 if (!hdev) 1360 return -ENODEV; 1361 1362 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats)); 1363 1364 hci_dev_put(hdev); 1365 1366 return ret; 1367 } 1368 1369 int hci_dev_cmd(unsigned int cmd, void __user *arg) 1370 { 1371 struct hci_dev *hdev; 1372 struct hci_dev_req dr; 1373 int err = 0; 1374 1375 if (copy_from_user(&dr, arg, sizeof(dr))) 1376 return -EFAULT; 1377 1378 hdev = hci_dev_get(dr.dev_id); 1379 if (!hdev) 1380 return -ENODEV; 1381 1382 switch (cmd) { 1383 case HCISETAUTH: 1384 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt, 1385 HCI_INIT_TIMEOUT); 1386 break; 1387 1388 case HCISETENCRYPT: 1389 if (!lmp_encrypt_capable(hdev)) { 1390 err = -EOPNOTSUPP; 1391 break; 1392 } 1393 1394 if (!test_bit(HCI_AUTH, &hdev->flags)) { 1395 /* Auth must be enabled first */ 1396 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt, 1397 HCI_INIT_TIMEOUT); 1398 if (err) 1399 break; 1400 } 1401 1402 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt, 1403 HCI_INIT_TIMEOUT); 1404 break; 1405 1406 case HCISETSCAN: 1407 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt, 1408 HCI_INIT_TIMEOUT); 1409 break; 1410 1411 case HCISETLINKPOL: 1412 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt, 1413 HCI_INIT_TIMEOUT); 1414 break; 1415 1416 case HCISETLINKMODE: 1417 hdev->link_mode = ((__u16) dr.dev_opt) & 1418 (HCI_LM_MASTER | HCI_LM_ACCEPT); 1419 break; 1420 1421 case HCISETPTYPE: 1422 hdev->pkt_type = (__u16) dr.dev_opt; 1423 break; 1424 1425 case HCISETACLMTU: 1426 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1); 1427 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0); 1428 break; 1429 1430 case HCISETSCOMTU: 1431 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1); 1432 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0); 1433 break; 1434 1435 default: 1436 err = -EINVAL; 1437 break; 1438 } 1439 1440 hci_dev_put(hdev); 1441 return err; 1442 } 1443 1444 int hci_get_dev_list(void __user *arg) 1445 { 1446 struct hci_dev *hdev; 1447 struct hci_dev_list_req *dl; 1448 struct hci_dev_req *dr; 1449 int n = 0, size, err; 1450 __u16 dev_num; 1451 1452 if (get_user(dev_num, (__u16 __user *) arg)) 1453 return -EFAULT; 1454 1455 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr)) 1456 return -EINVAL; 1457 1458 size = sizeof(*dl) + dev_num * sizeof(*dr); 1459 1460 dl = kzalloc(size, GFP_KERNEL); 1461 if (!dl) 1462 return -ENOMEM; 1463 1464 dr = dl->dev_req; 1465 1466 read_lock(&hci_dev_list_lock); 1467 list_for_each_entry(hdev, &hci_dev_list, list) { 1468 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 1469 cancel_delayed_work(&hdev->power_off); 1470 1471 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 1472 set_bit(HCI_PAIRABLE, &hdev->dev_flags); 1473 1474 (dr + n)->dev_id = hdev->id; 1475 (dr + n)->dev_opt = hdev->flags; 1476 1477 if (++n >= dev_num) 1478 break; 1479 } 1480 read_unlock(&hci_dev_list_lock); 1481 1482 dl->dev_num = n; 1483 size = sizeof(*dl) + n * sizeof(*dr); 1484 1485 err = copy_to_user(arg, dl, size); 1486 kfree(dl); 1487 1488 return err ? -EFAULT : 0; 1489 } 1490 1491 int hci_get_dev_info(void __user *arg) 1492 { 1493 struct hci_dev *hdev; 1494 struct hci_dev_info di; 1495 int err = 0; 1496 1497 if (copy_from_user(&di, arg, sizeof(di))) 1498 return -EFAULT; 1499 1500 hdev = hci_dev_get(di.dev_id); 1501 if (!hdev) 1502 return -ENODEV; 1503 1504 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 1505 cancel_delayed_work_sync(&hdev->power_off); 1506 1507 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 1508 set_bit(HCI_PAIRABLE, &hdev->dev_flags); 1509 1510 strcpy(di.name, hdev->name); 1511 di.bdaddr = hdev->bdaddr; 1512 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4); 1513 di.flags = hdev->flags; 1514 di.pkt_type = hdev->pkt_type; 1515 if (lmp_bredr_capable(hdev)) { 1516 di.acl_mtu = hdev->acl_mtu; 1517 di.acl_pkts = hdev->acl_pkts; 1518 di.sco_mtu = hdev->sco_mtu; 1519 di.sco_pkts = hdev->sco_pkts; 1520 } else { 1521 di.acl_mtu = hdev->le_mtu; 1522 di.acl_pkts = hdev->le_pkts; 1523 di.sco_mtu = 0; 1524 di.sco_pkts = 0; 1525 } 1526 di.link_policy = hdev->link_policy; 1527 di.link_mode = hdev->link_mode; 1528 1529 memcpy(&di.stat, &hdev->stat, sizeof(di.stat)); 1530 memcpy(&di.features, &hdev->features, sizeof(di.features)); 1531 1532 if (copy_to_user(arg, &di, sizeof(di))) 1533 err = -EFAULT; 1534 1535 hci_dev_put(hdev); 1536 1537 return err; 1538 } 1539 1540 /* ---- Interface to HCI drivers ---- */ 1541 1542 static int hci_rfkill_set_block(void *data, bool blocked) 1543 { 1544 struct hci_dev *hdev = data; 1545 1546 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked); 1547 1548 if (!blocked) 1549 return 0; 1550 1551 hci_dev_do_close(hdev); 1552 1553 return 0; 1554 } 1555 1556 static const struct rfkill_ops hci_rfkill_ops = { 1557 .set_block = hci_rfkill_set_block, 1558 }; 1559 1560 static void hci_power_on(struct work_struct *work) 1561 { 1562 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on); 1563 int err; 1564 1565 BT_DBG("%s", hdev->name); 1566 1567 err = hci_dev_open(hdev->id); 1568 if (err < 0) { 1569 mgmt_set_powered_failed(hdev, err); 1570 return; 1571 } 1572 1573 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 1574 queue_delayed_work(hdev->req_workqueue, &hdev->power_off, 1575 HCI_AUTO_OFF_TIMEOUT); 1576 1577 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags)) 1578 mgmt_index_added(hdev); 1579 } 1580 1581 static void hci_power_off(struct work_struct *work) 1582 { 1583 struct hci_dev *hdev = container_of(work, struct hci_dev, 1584 power_off.work); 1585 1586 BT_DBG("%s", hdev->name); 1587 1588 hci_dev_do_close(hdev); 1589 } 1590 1591 static void hci_discov_off(struct work_struct *work) 1592 { 1593 struct hci_dev *hdev; 1594 u8 scan = SCAN_PAGE; 1595 1596 hdev = container_of(work, struct hci_dev, discov_off.work); 1597 1598 BT_DBG("%s", hdev->name); 1599 1600 hci_dev_lock(hdev); 1601 1602 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan); 1603 1604 hdev->discov_timeout = 0; 1605 1606 hci_dev_unlock(hdev); 1607 } 1608 1609 int hci_uuids_clear(struct hci_dev *hdev) 1610 { 1611 struct bt_uuid *uuid, *tmp; 1612 1613 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) { 1614 list_del(&uuid->list); 1615 kfree(uuid); 1616 } 1617 1618 return 0; 1619 } 1620 1621 int hci_link_keys_clear(struct hci_dev *hdev) 1622 { 1623 struct list_head *p, *n; 1624 1625 list_for_each_safe(p, n, &hdev->link_keys) { 1626 struct link_key *key; 1627 1628 key = list_entry(p, struct link_key, list); 1629 1630 list_del(p); 1631 kfree(key); 1632 } 1633 1634 return 0; 1635 } 1636 1637 int hci_smp_ltks_clear(struct hci_dev *hdev) 1638 { 1639 struct smp_ltk *k, *tmp; 1640 1641 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) { 1642 list_del(&k->list); 1643 kfree(k); 1644 } 1645 1646 return 0; 1647 } 1648 1649 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr) 1650 { 1651 struct link_key *k; 1652 1653 list_for_each_entry(k, &hdev->link_keys, list) 1654 if (bacmp(bdaddr, &k->bdaddr) == 0) 1655 return k; 1656 1657 return NULL; 1658 } 1659 1660 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn, 1661 u8 key_type, u8 old_key_type) 1662 { 1663 /* Legacy key */ 1664 if (key_type < 0x03) 1665 return true; 1666 1667 /* Debug keys are insecure so don't store them persistently */ 1668 if (key_type == HCI_LK_DEBUG_COMBINATION) 1669 return false; 1670 1671 /* Changed combination key and there's no previous one */ 1672 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff) 1673 return false; 1674 1675 /* Security mode 3 case */ 1676 if (!conn) 1677 return true; 1678 1679 /* Neither local nor remote side had no-bonding as requirement */ 1680 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01) 1681 return true; 1682 1683 /* Local side had dedicated bonding as requirement */ 1684 if (conn->auth_type == 0x02 || conn->auth_type == 0x03) 1685 return true; 1686 1687 /* Remote side had dedicated bonding as requirement */ 1688 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) 1689 return true; 1690 1691 /* If none of the above criteria match, then don't store the key 1692 * persistently */ 1693 return false; 1694 } 1695 1696 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8]) 1697 { 1698 struct smp_ltk *k; 1699 1700 list_for_each_entry(k, &hdev->long_term_keys, list) { 1701 if (k->ediv != ediv || 1702 memcmp(rand, k->rand, sizeof(k->rand))) 1703 continue; 1704 1705 return k; 1706 } 1707 1708 return NULL; 1709 } 1710 1711 struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr, 1712 u8 addr_type) 1713 { 1714 struct smp_ltk *k; 1715 1716 list_for_each_entry(k, &hdev->long_term_keys, list) 1717 if (addr_type == k->bdaddr_type && 1718 bacmp(bdaddr, &k->bdaddr) == 0) 1719 return k; 1720 1721 return NULL; 1722 } 1723 1724 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key, 1725 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len) 1726 { 1727 struct link_key *key, *old_key; 1728 u8 old_key_type; 1729 bool persistent; 1730 1731 old_key = hci_find_link_key(hdev, bdaddr); 1732 if (old_key) { 1733 old_key_type = old_key->type; 1734 key = old_key; 1735 } else { 1736 old_key_type = conn ? conn->key_type : 0xff; 1737 key = kzalloc(sizeof(*key), GFP_ATOMIC); 1738 if (!key) 1739 return -ENOMEM; 1740 list_add(&key->list, &hdev->link_keys); 1741 } 1742 1743 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type); 1744 1745 /* Some buggy controller combinations generate a changed 1746 * combination key for legacy pairing even when there's no 1747 * previous key */ 1748 if (type == HCI_LK_CHANGED_COMBINATION && 1749 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) { 1750 type = HCI_LK_COMBINATION; 1751 if (conn) 1752 conn->key_type = type; 1753 } 1754 1755 bacpy(&key->bdaddr, bdaddr); 1756 memcpy(key->val, val, HCI_LINK_KEY_SIZE); 1757 key->pin_len = pin_len; 1758 1759 if (type == HCI_LK_CHANGED_COMBINATION) 1760 key->type = old_key_type; 1761 else 1762 key->type = type; 1763 1764 if (!new_key) 1765 return 0; 1766 1767 persistent = hci_persistent_key(hdev, conn, type, old_key_type); 1768 1769 mgmt_new_link_key(hdev, key, persistent); 1770 1771 if (conn) 1772 conn->flush_key = !persistent; 1773 1774 return 0; 1775 } 1776 1777 int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type, 1778 int new_key, u8 authenticated, u8 tk[16], u8 enc_size, __le16 1779 ediv, u8 rand[8]) 1780 { 1781 struct smp_ltk *key, *old_key; 1782 1783 if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK)) 1784 return 0; 1785 1786 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type); 1787 if (old_key) 1788 key = old_key; 1789 else { 1790 key = kzalloc(sizeof(*key), GFP_ATOMIC); 1791 if (!key) 1792 return -ENOMEM; 1793 list_add(&key->list, &hdev->long_term_keys); 1794 } 1795 1796 bacpy(&key->bdaddr, bdaddr); 1797 key->bdaddr_type = addr_type; 1798 memcpy(key->val, tk, sizeof(key->val)); 1799 key->authenticated = authenticated; 1800 key->ediv = ediv; 1801 key->enc_size = enc_size; 1802 key->type = type; 1803 memcpy(key->rand, rand, sizeof(key->rand)); 1804 1805 if (!new_key) 1806 return 0; 1807 1808 if (type & HCI_SMP_LTK) 1809 mgmt_new_ltk(hdev, key, 1); 1810 1811 return 0; 1812 } 1813 1814 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr) 1815 { 1816 struct link_key *key; 1817 1818 key = hci_find_link_key(hdev, bdaddr); 1819 if (!key) 1820 return -ENOENT; 1821 1822 BT_DBG("%s removing %pMR", hdev->name, bdaddr); 1823 1824 list_del(&key->list); 1825 kfree(key); 1826 1827 return 0; 1828 } 1829 1830 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr) 1831 { 1832 struct smp_ltk *k, *tmp; 1833 1834 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) { 1835 if (bacmp(bdaddr, &k->bdaddr)) 1836 continue; 1837 1838 BT_DBG("%s removing %pMR", hdev->name, bdaddr); 1839 1840 list_del(&k->list); 1841 kfree(k); 1842 } 1843 1844 return 0; 1845 } 1846 1847 /* HCI command timer function */ 1848 static void hci_cmd_timeout(unsigned long arg) 1849 { 1850 struct hci_dev *hdev = (void *) arg; 1851 1852 if (hdev->sent_cmd) { 1853 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data; 1854 u16 opcode = __le16_to_cpu(sent->opcode); 1855 1856 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode); 1857 } else { 1858 BT_ERR("%s command tx timeout", hdev->name); 1859 } 1860 1861 atomic_set(&hdev->cmd_cnt, 1); 1862 queue_work(hdev->workqueue, &hdev->cmd_work); 1863 } 1864 1865 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev, 1866 bdaddr_t *bdaddr) 1867 { 1868 struct oob_data *data; 1869 1870 list_for_each_entry(data, &hdev->remote_oob_data, list) 1871 if (bacmp(bdaddr, &data->bdaddr) == 0) 1872 return data; 1873 1874 return NULL; 1875 } 1876 1877 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr) 1878 { 1879 struct oob_data *data; 1880 1881 data = hci_find_remote_oob_data(hdev, bdaddr); 1882 if (!data) 1883 return -ENOENT; 1884 1885 BT_DBG("%s removing %pMR", hdev->name, bdaddr); 1886 1887 list_del(&data->list); 1888 kfree(data); 1889 1890 return 0; 1891 } 1892 1893 int hci_remote_oob_data_clear(struct hci_dev *hdev) 1894 { 1895 struct oob_data *data, *n; 1896 1897 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) { 1898 list_del(&data->list); 1899 kfree(data); 1900 } 1901 1902 return 0; 1903 } 1904 1905 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash, 1906 u8 *randomizer) 1907 { 1908 struct oob_data *data; 1909 1910 data = hci_find_remote_oob_data(hdev, bdaddr); 1911 1912 if (!data) { 1913 data = kmalloc(sizeof(*data), GFP_ATOMIC); 1914 if (!data) 1915 return -ENOMEM; 1916 1917 bacpy(&data->bdaddr, bdaddr); 1918 list_add(&data->list, &hdev->remote_oob_data); 1919 } 1920 1921 memcpy(data->hash, hash, sizeof(data->hash)); 1922 memcpy(data->randomizer, randomizer, sizeof(data->randomizer)); 1923 1924 BT_DBG("%s for %pMR", hdev->name, bdaddr); 1925 1926 return 0; 1927 } 1928 1929 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr) 1930 { 1931 struct bdaddr_list *b; 1932 1933 list_for_each_entry(b, &hdev->blacklist, list) 1934 if (bacmp(bdaddr, &b->bdaddr) == 0) 1935 return b; 1936 1937 return NULL; 1938 } 1939 1940 int hci_blacklist_clear(struct hci_dev *hdev) 1941 { 1942 struct list_head *p, *n; 1943 1944 list_for_each_safe(p, n, &hdev->blacklist) { 1945 struct bdaddr_list *b; 1946 1947 b = list_entry(p, struct bdaddr_list, list); 1948 1949 list_del(p); 1950 kfree(b); 1951 } 1952 1953 return 0; 1954 } 1955 1956 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 1957 { 1958 struct bdaddr_list *entry; 1959 1960 if (bacmp(bdaddr, BDADDR_ANY) == 0) 1961 return -EBADF; 1962 1963 if (hci_blacklist_lookup(hdev, bdaddr)) 1964 return -EEXIST; 1965 1966 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL); 1967 if (!entry) 1968 return -ENOMEM; 1969 1970 bacpy(&entry->bdaddr, bdaddr); 1971 1972 list_add(&entry->list, &hdev->blacklist); 1973 1974 return mgmt_device_blocked(hdev, bdaddr, type); 1975 } 1976 1977 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 1978 { 1979 struct bdaddr_list *entry; 1980 1981 if (bacmp(bdaddr, BDADDR_ANY) == 0) 1982 return hci_blacklist_clear(hdev); 1983 1984 entry = hci_blacklist_lookup(hdev, bdaddr); 1985 if (!entry) 1986 return -ENOENT; 1987 1988 list_del(&entry->list); 1989 kfree(entry); 1990 1991 return mgmt_device_unblocked(hdev, bdaddr, type); 1992 } 1993 1994 static void le_scan_param_req(struct hci_request *req, unsigned long opt) 1995 { 1996 struct le_scan_params *param = (struct le_scan_params *) opt; 1997 struct hci_cp_le_set_scan_param cp; 1998 1999 memset(&cp, 0, sizeof(cp)); 2000 cp.type = param->type; 2001 cp.interval = cpu_to_le16(param->interval); 2002 cp.window = cpu_to_le16(param->window); 2003 2004 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(cp), &cp); 2005 } 2006 2007 static void le_scan_enable_req(struct hci_request *req, unsigned long opt) 2008 { 2009 struct hci_cp_le_set_scan_enable cp; 2010 2011 memset(&cp, 0, sizeof(cp)); 2012 cp.enable = LE_SCAN_ENABLE; 2013 cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE; 2014 2015 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 2016 } 2017 2018 static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval, 2019 u16 window, int timeout) 2020 { 2021 long timeo = msecs_to_jiffies(3000); 2022 struct le_scan_params param; 2023 int err; 2024 2025 BT_DBG("%s", hdev->name); 2026 2027 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) 2028 return -EINPROGRESS; 2029 2030 param.type = type; 2031 param.interval = interval; 2032 param.window = window; 2033 2034 hci_req_lock(hdev); 2035 2036 err = __hci_req_sync(hdev, le_scan_param_req, (unsigned long) ¶m, 2037 timeo); 2038 if (!err) 2039 err = __hci_req_sync(hdev, le_scan_enable_req, 0, timeo); 2040 2041 hci_req_unlock(hdev); 2042 2043 if (err < 0) 2044 return err; 2045 2046 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, 2047 timeout); 2048 2049 return 0; 2050 } 2051 2052 int hci_cancel_le_scan(struct hci_dev *hdev) 2053 { 2054 BT_DBG("%s", hdev->name); 2055 2056 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags)) 2057 return -EALREADY; 2058 2059 if (cancel_delayed_work(&hdev->le_scan_disable)) { 2060 struct hci_cp_le_set_scan_enable cp; 2061 2062 /* Send HCI command to disable LE Scan */ 2063 memset(&cp, 0, sizeof(cp)); 2064 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 2065 } 2066 2067 return 0; 2068 } 2069 2070 static void le_scan_disable_work(struct work_struct *work) 2071 { 2072 struct hci_dev *hdev = container_of(work, struct hci_dev, 2073 le_scan_disable.work); 2074 struct hci_cp_le_set_scan_enable cp; 2075 2076 BT_DBG("%s", hdev->name); 2077 2078 memset(&cp, 0, sizeof(cp)); 2079 2080 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 2081 } 2082 2083 static void le_scan_work(struct work_struct *work) 2084 { 2085 struct hci_dev *hdev = container_of(work, struct hci_dev, le_scan); 2086 struct le_scan_params *param = &hdev->le_scan_params; 2087 2088 BT_DBG("%s", hdev->name); 2089 2090 hci_do_le_scan(hdev, param->type, param->interval, param->window, 2091 param->timeout); 2092 } 2093 2094 int hci_le_scan(struct hci_dev *hdev, u8 type, u16 interval, u16 window, 2095 int timeout) 2096 { 2097 struct le_scan_params *param = &hdev->le_scan_params; 2098 2099 BT_DBG("%s", hdev->name); 2100 2101 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) 2102 return -ENOTSUPP; 2103 2104 if (work_busy(&hdev->le_scan)) 2105 return -EINPROGRESS; 2106 2107 param->type = type; 2108 param->interval = interval; 2109 param->window = window; 2110 param->timeout = timeout; 2111 2112 queue_work(system_long_wq, &hdev->le_scan); 2113 2114 return 0; 2115 } 2116 2117 /* Alloc HCI device */ 2118 struct hci_dev *hci_alloc_dev(void) 2119 { 2120 struct hci_dev *hdev; 2121 2122 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL); 2123 if (!hdev) 2124 return NULL; 2125 2126 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1); 2127 hdev->esco_type = (ESCO_HV1); 2128 hdev->link_mode = (HCI_LM_ACCEPT); 2129 hdev->io_capability = 0x03; /* No Input No Output */ 2130 hdev->inq_tx_power = HCI_TX_POWER_INVALID; 2131 hdev->adv_tx_power = HCI_TX_POWER_INVALID; 2132 2133 hdev->sniff_max_interval = 800; 2134 hdev->sniff_min_interval = 80; 2135 2136 mutex_init(&hdev->lock); 2137 mutex_init(&hdev->req_lock); 2138 2139 INIT_LIST_HEAD(&hdev->mgmt_pending); 2140 INIT_LIST_HEAD(&hdev->blacklist); 2141 INIT_LIST_HEAD(&hdev->uuids); 2142 INIT_LIST_HEAD(&hdev->link_keys); 2143 INIT_LIST_HEAD(&hdev->long_term_keys); 2144 INIT_LIST_HEAD(&hdev->remote_oob_data); 2145 INIT_LIST_HEAD(&hdev->conn_hash.list); 2146 2147 INIT_WORK(&hdev->rx_work, hci_rx_work); 2148 INIT_WORK(&hdev->cmd_work, hci_cmd_work); 2149 INIT_WORK(&hdev->tx_work, hci_tx_work); 2150 INIT_WORK(&hdev->power_on, hci_power_on); 2151 INIT_WORK(&hdev->le_scan, le_scan_work); 2152 2153 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off); 2154 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off); 2155 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work); 2156 2157 skb_queue_head_init(&hdev->rx_q); 2158 skb_queue_head_init(&hdev->cmd_q); 2159 skb_queue_head_init(&hdev->raw_q); 2160 2161 init_waitqueue_head(&hdev->req_wait_q); 2162 2163 setup_timer(&hdev->cmd_timer, hci_cmd_timeout, (unsigned long) hdev); 2164 2165 hci_init_sysfs(hdev); 2166 discovery_init(hdev); 2167 2168 return hdev; 2169 } 2170 EXPORT_SYMBOL(hci_alloc_dev); 2171 2172 /* Free HCI device */ 2173 void hci_free_dev(struct hci_dev *hdev) 2174 { 2175 /* will free via device release */ 2176 put_device(&hdev->dev); 2177 } 2178 EXPORT_SYMBOL(hci_free_dev); 2179 2180 /* Register HCI device */ 2181 int hci_register_dev(struct hci_dev *hdev) 2182 { 2183 int id, error; 2184 2185 if (!hdev->open || !hdev->close) 2186 return -EINVAL; 2187 2188 /* Do not allow HCI_AMP devices to register at index 0, 2189 * so the index can be used as the AMP controller ID. 2190 */ 2191 switch (hdev->dev_type) { 2192 case HCI_BREDR: 2193 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL); 2194 break; 2195 case HCI_AMP: 2196 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL); 2197 break; 2198 default: 2199 return -EINVAL; 2200 } 2201 2202 if (id < 0) 2203 return id; 2204 2205 sprintf(hdev->name, "hci%d", id); 2206 hdev->id = id; 2207 2208 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus); 2209 2210 write_lock(&hci_dev_list_lock); 2211 list_add(&hdev->list, &hci_dev_list); 2212 write_unlock(&hci_dev_list_lock); 2213 2214 hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND | 2215 WQ_MEM_RECLAIM, 1, hdev->name); 2216 if (!hdev->workqueue) { 2217 error = -ENOMEM; 2218 goto err; 2219 } 2220 2221 hdev->req_workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND | 2222 WQ_MEM_RECLAIM, 1, hdev->name); 2223 if (!hdev->req_workqueue) { 2224 destroy_workqueue(hdev->workqueue); 2225 error = -ENOMEM; 2226 goto err; 2227 } 2228 2229 error = hci_add_sysfs(hdev); 2230 if (error < 0) 2231 goto err_wqueue; 2232 2233 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev, 2234 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, 2235 hdev); 2236 if (hdev->rfkill) { 2237 if (rfkill_register(hdev->rfkill) < 0) { 2238 rfkill_destroy(hdev->rfkill); 2239 hdev->rfkill = NULL; 2240 } 2241 } 2242 2243 set_bit(HCI_SETUP, &hdev->dev_flags); 2244 2245 if (hdev->dev_type != HCI_AMP) 2246 set_bit(HCI_AUTO_OFF, &hdev->dev_flags); 2247 2248 hci_notify(hdev, HCI_DEV_REG); 2249 hci_dev_hold(hdev); 2250 2251 queue_work(hdev->req_workqueue, &hdev->power_on); 2252 2253 return id; 2254 2255 err_wqueue: 2256 destroy_workqueue(hdev->workqueue); 2257 destroy_workqueue(hdev->req_workqueue); 2258 err: 2259 ida_simple_remove(&hci_index_ida, hdev->id); 2260 write_lock(&hci_dev_list_lock); 2261 list_del(&hdev->list); 2262 write_unlock(&hci_dev_list_lock); 2263 2264 return error; 2265 } 2266 EXPORT_SYMBOL(hci_register_dev); 2267 2268 /* Unregister HCI device */ 2269 void hci_unregister_dev(struct hci_dev *hdev) 2270 { 2271 int i, id; 2272 2273 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus); 2274 2275 set_bit(HCI_UNREGISTER, &hdev->dev_flags); 2276 2277 id = hdev->id; 2278 2279 write_lock(&hci_dev_list_lock); 2280 list_del(&hdev->list); 2281 write_unlock(&hci_dev_list_lock); 2282 2283 hci_dev_do_close(hdev); 2284 2285 for (i = 0; i < NUM_REASSEMBLY; i++) 2286 kfree_skb(hdev->reassembly[i]); 2287 2288 cancel_work_sync(&hdev->power_on); 2289 2290 if (!test_bit(HCI_INIT, &hdev->flags) && 2291 !test_bit(HCI_SETUP, &hdev->dev_flags)) { 2292 hci_dev_lock(hdev); 2293 mgmt_index_removed(hdev); 2294 hci_dev_unlock(hdev); 2295 } 2296 2297 /* mgmt_index_removed should take care of emptying the 2298 * pending list */ 2299 BUG_ON(!list_empty(&hdev->mgmt_pending)); 2300 2301 hci_notify(hdev, HCI_DEV_UNREG); 2302 2303 if (hdev->rfkill) { 2304 rfkill_unregister(hdev->rfkill); 2305 rfkill_destroy(hdev->rfkill); 2306 } 2307 2308 hci_del_sysfs(hdev); 2309 2310 destroy_workqueue(hdev->workqueue); 2311 destroy_workqueue(hdev->req_workqueue); 2312 2313 hci_dev_lock(hdev); 2314 hci_blacklist_clear(hdev); 2315 hci_uuids_clear(hdev); 2316 hci_link_keys_clear(hdev); 2317 hci_smp_ltks_clear(hdev); 2318 hci_remote_oob_data_clear(hdev); 2319 hci_dev_unlock(hdev); 2320 2321 hci_dev_put(hdev); 2322 2323 ida_simple_remove(&hci_index_ida, id); 2324 } 2325 EXPORT_SYMBOL(hci_unregister_dev); 2326 2327 /* Suspend HCI device */ 2328 int hci_suspend_dev(struct hci_dev *hdev) 2329 { 2330 hci_notify(hdev, HCI_DEV_SUSPEND); 2331 return 0; 2332 } 2333 EXPORT_SYMBOL(hci_suspend_dev); 2334 2335 /* Resume HCI device */ 2336 int hci_resume_dev(struct hci_dev *hdev) 2337 { 2338 hci_notify(hdev, HCI_DEV_RESUME); 2339 return 0; 2340 } 2341 EXPORT_SYMBOL(hci_resume_dev); 2342 2343 /* Receive frame from HCI drivers */ 2344 int hci_recv_frame(struct sk_buff *skb) 2345 { 2346 struct hci_dev *hdev = (struct hci_dev *) skb->dev; 2347 if (!hdev || (!test_bit(HCI_UP, &hdev->flags) 2348 && !test_bit(HCI_INIT, &hdev->flags))) { 2349 kfree_skb(skb); 2350 return -ENXIO; 2351 } 2352 2353 /* Incoming skb */ 2354 bt_cb(skb)->incoming = 1; 2355 2356 /* Time stamp */ 2357 __net_timestamp(skb); 2358 2359 skb_queue_tail(&hdev->rx_q, skb); 2360 queue_work(hdev->workqueue, &hdev->rx_work); 2361 2362 return 0; 2363 } 2364 EXPORT_SYMBOL(hci_recv_frame); 2365 2366 static int hci_reassembly(struct hci_dev *hdev, int type, void *data, 2367 int count, __u8 index) 2368 { 2369 int len = 0; 2370 int hlen = 0; 2371 int remain = count; 2372 struct sk_buff *skb; 2373 struct bt_skb_cb *scb; 2374 2375 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) || 2376 index >= NUM_REASSEMBLY) 2377 return -EILSEQ; 2378 2379 skb = hdev->reassembly[index]; 2380 2381 if (!skb) { 2382 switch (type) { 2383 case HCI_ACLDATA_PKT: 2384 len = HCI_MAX_FRAME_SIZE; 2385 hlen = HCI_ACL_HDR_SIZE; 2386 break; 2387 case HCI_EVENT_PKT: 2388 len = HCI_MAX_EVENT_SIZE; 2389 hlen = HCI_EVENT_HDR_SIZE; 2390 break; 2391 case HCI_SCODATA_PKT: 2392 len = HCI_MAX_SCO_SIZE; 2393 hlen = HCI_SCO_HDR_SIZE; 2394 break; 2395 } 2396 2397 skb = bt_skb_alloc(len, GFP_ATOMIC); 2398 if (!skb) 2399 return -ENOMEM; 2400 2401 scb = (void *) skb->cb; 2402 scb->expect = hlen; 2403 scb->pkt_type = type; 2404 2405 skb->dev = (void *) hdev; 2406 hdev->reassembly[index] = skb; 2407 } 2408 2409 while (count) { 2410 scb = (void *) skb->cb; 2411 len = min_t(uint, scb->expect, count); 2412 2413 memcpy(skb_put(skb, len), data, len); 2414 2415 count -= len; 2416 data += len; 2417 scb->expect -= len; 2418 remain = count; 2419 2420 switch (type) { 2421 case HCI_EVENT_PKT: 2422 if (skb->len == HCI_EVENT_HDR_SIZE) { 2423 struct hci_event_hdr *h = hci_event_hdr(skb); 2424 scb->expect = h->plen; 2425 2426 if (skb_tailroom(skb) < scb->expect) { 2427 kfree_skb(skb); 2428 hdev->reassembly[index] = NULL; 2429 return -ENOMEM; 2430 } 2431 } 2432 break; 2433 2434 case HCI_ACLDATA_PKT: 2435 if (skb->len == HCI_ACL_HDR_SIZE) { 2436 struct hci_acl_hdr *h = hci_acl_hdr(skb); 2437 scb->expect = __le16_to_cpu(h->dlen); 2438 2439 if (skb_tailroom(skb) < scb->expect) { 2440 kfree_skb(skb); 2441 hdev->reassembly[index] = NULL; 2442 return -ENOMEM; 2443 } 2444 } 2445 break; 2446 2447 case HCI_SCODATA_PKT: 2448 if (skb->len == HCI_SCO_HDR_SIZE) { 2449 struct hci_sco_hdr *h = hci_sco_hdr(skb); 2450 scb->expect = h->dlen; 2451 2452 if (skb_tailroom(skb) < scb->expect) { 2453 kfree_skb(skb); 2454 hdev->reassembly[index] = NULL; 2455 return -ENOMEM; 2456 } 2457 } 2458 break; 2459 } 2460 2461 if (scb->expect == 0) { 2462 /* Complete frame */ 2463 2464 bt_cb(skb)->pkt_type = type; 2465 hci_recv_frame(skb); 2466 2467 hdev->reassembly[index] = NULL; 2468 return remain; 2469 } 2470 } 2471 2472 return remain; 2473 } 2474 2475 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count) 2476 { 2477 int rem = 0; 2478 2479 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) 2480 return -EILSEQ; 2481 2482 while (count) { 2483 rem = hci_reassembly(hdev, type, data, count, type - 1); 2484 if (rem < 0) 2485 return rem; 2486 2487 data += (count - rem); 2488 count = rem; 2489 } 2490 2491 return rem; 2492 } 2493 EXPORT_SYMBOL(hci_recv_fragment); 2494 2495 #define STREAM_REASSEMBLY 0 2496 2497 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count) 2498 { 2499 int type; 2500 int rem = 0; 2501 2502 while (count) { 2503 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY]; 2504 2505 if (!skb) { 2506 struct { char type; } *pkt; 2507 2508 /* Start of the frame */ 2509 pkt = data; 2510 type = pkt->type; 2511 2512 data++; 2513 count--; 2514 } else 2515 type = bt_cb(skb)->pkt_type; 2516 2517 rem = hci_reassembly(hdev, type, data, count, 2518 STREAM_REASSEMBLY); 2519 if (rem < 0) 2520 return rem; 2521 2522 data += (count - rem); 2523 count = rem; 2524 } 2525 2526 return rem; 2527 } 2528 EXPORT_SYMBOL(hci_recv_stream_fragment); 2529 2530 /* ---- Interface to upper protocols ---- */ 2531 2532 int hci_register_cb(struct hci_cb *cb) 2533 { 2534 BT_DBG("%p name %s", cb, cb->name); 2535 2536 write_lock(&hci_cb_list_lock); 2537 list_add(&cb->list, &hci_cb_list); 2538 write_unlock(&hci_cb_list_lock); 2539 2540 return 0; 2541 } 2542 EXPORT_SYMBOL(hci_register_cb); 2543 2544 int hci_unregister_cb(struct hci_cb *cb) 2545 { 2546 BT_DBG("%p name %s", cb, cb->name); 2547 2548 write_lock(&hci_cb_list_lock); 2549 list_del(&cb->list); 2550 write_unlock(&hci_cb_list_lock); 2551 2552 return 0; 2553 } 2554 EXPORT_SYMBOL(hci_unregister_cb); 2555 2556 static int hci_send_frame(struct sk_buff *skb) 2557 { 2558 struct hci_dev *hdev = (struct hci_dev *) skb->dev; 2559 2560 if (!hdev) { 2561 kfree_skb(skb); 2562 return -ENODEV; 2563 } 2564 2565 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len); 2566 2567 /* Time stamp */ 2568 __net_timestamp(skb); 2569 2570 /* Send copy to monitor */ 2571 hci_send_to_monitor(hdev, skb); 2572 2573 if (atomic_read(&hdev->promisc)) { 2574 /* Send copy to the sockets */ 2575 hci_send_to_sock(hdev, skb); 2576 } 2577 2578 /* Get rid of skb owner, prior to sending to the driver. */ 2579 skb_orphan(skb); 2580 2581 return hdev->send(skb); 2582 } 2583 2584 void hci_req_init(struct hci_request *req, struct hci_dev *hdev) 2585 { 2586 skb_queue_head_init(&req->cmd_q); 2587 req->hdev = hdev; 2588 req->err = 0; 2589 } 2590 2591 int hci_req_run(struct hci_request *req, hci_req_complete_t complete) 2592 { 2593 struct hci_dev *hdev = req->hdev; 2594 struct sk_buff *skb; 2595 unsigned long flags; 2596 2597 BT_DBG("length %u", skb_queue_len(&req->cmd_q)); 2598 2599 /* If an error occured during request building, remove all HCI 2600 * commands queued on the HCI request queue. 2601 */ 2602 if (req->err) { 2603 skb_queue_purge(&req->cmd_q); 2604 return req->err; 2605 } 2606 2607 /* Do not allow empty requests */ 2608 if (skb_queue_empty(&req->cmd_q)) 2609 return -ENODATA; 2610 2611 skb = skb_peek_tail(&req->cmd_q); 2612 bt_cb(skb)->req.complete = complete; 2613 2614 spin_lock_irqsave(&hdev->cmd_q.lock, flags); 2615 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q); 2616 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags); 2617 2618 queue_work(hdev->workqueue, &hdev->cmd_work); 2619 2620 return 0; 2621 } 2622 2623 static struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode, 2624 u32 plen, const void *param) 2625 { 2626 int len = HCI_COMMAND_HDR_SIZE + plen; 2627 struct hci_command_hdr *hdr; 2628 struct sk_buff *skb; 2629 2630 skb = bt_skb_alloc(len, GFP_ATOMIC); 2631 if (!skb) 2632 return NULL; 2633 2634 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE); 2635 hdr->opcode = cpu_to_le16(opcode); 2636 hdr->plen = plen; 2637 2638 if (plen) 2639 memcpy(skb_put(skb, plen), param, plen); 2640 2641 BT_DBG("skb len %d", skb->len); 2642 2643 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT; 2644 skb->dev = (void *) hdev; 2645 2646 return skb; 2647 } 2648 2649 /* Send HCI command */ 2650 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, 2651 const void *param) 2652 { 2653 struct sk_buff *skb; 2654 2655 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen); 2656 2657 skb = hci_prepare_cmd(hdev, opcode, plen, param); 2658 if (!skb) { 2659 BT_ERR("%s no memory for command", hdev->name); 2660 return -ENOMEM; 2661 } 2662 2663 /* Stand-alone HCI commands must be flaged as 2664 * single-command requests. 2665 */ 2666 bt_cb(skb)->req.start = true; 2667 2668 skb_queue_tail(&hdev->cmd_q, skb); 2669 queue_work(hdev->workqueue, &hdev->cmd_work); 2670 2671 return 0; 2672 } 2673 2674 /* Queue a command to an asynchronous HCI request */ 2675 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen, 2676 const void *param, u8 event) 2677 { 2678 struct hci_dev *hdev = req->hdev; 2679 struct sk_buff *skb; 2680 2681 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen); 2682 2683 /* If an error occured during request building, there is no point in 2684 * queueing the HCI command. We can simply return. 2685 */ 2686 if (req->err) 2687 return; 2688 2689 skb = hci_prepare_cmd(hdev, opcode, plen, param); 2690 if (!skb) { 2691 BT_ERR("%s no memory for command (opcode 0x%4.4x)", 2692 hdev->name, opcode); 2693 req->err = -ENOMEM; 2694 return; 2695 } 2696 2697 if (skb_queue_empty(&req->cmd_q)) 2698 bt_cb(skb)->req.start = true; 2699 2700 bt_cb(skb)->req.event = event; 2701 2702 skb_queue_tail(&req->cmd_q, skb); 2703 } 2704 2705 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, 2706 const void *param) 2707 { 2708 hci_req_add_ev(req, opcode, plen, param, 0); 2709 } 2710 2711 /* Get data from the previously sent command */ 2712 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode) 2713 { 2714 struct hci_command_hdr *hdr; 2715 2716 if (!hdev->sent_cmd) 2717 return NULL; 2718 2719 hdr = (void *) hdev->sent_cmd->data; 2720 2721 if (hdr->opcode != cpu_to_le16(opcode)) 2722 return NULL; 2723 2724 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); 2725 2726 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE; 2727 } 2728 2729 /* Send ACL data */ 2730 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags) 2731 { 2732 struct hci_acl_hdr *hdr; 2733 int len = skb->len; 2734 2735 skb_push(skb, HCI_ACL_HDR_SIZE); 2736 skb_reset_transport_header(skb); 2737 hdr = (struct hci_acl_hdr *)skb_transport_header(skb); 2738 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags)); 2739 hdr->dlen = cpu_to_le16(len); 2740 } 2741 2742 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue, 2743 struct sk_buff *skb, __u16 flags) 2744 { 2745 struct hci_conn *conn = chan->conn; 2746 struct hci_dev *hdev = conn->hdev; 2747 struct sk_buff *list; 2748 2749 skb->len = skb_headlen(skb); 2750 skb->data_len = 0; 2751 2752 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 2753 2754 switch (hdev->dev_type) { 2755 case HCI_BREDR: 2756 hci_add_acl_hdr(skb, conn->handle, flags); 2757 break; 2758 case HCI_AMP: 2759 hci_add_acl_hdr(skb, chan->handle, flags); 2760 break; 2761 default: 2762 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type); 2763 return; 2764 } 2765 2766 list = skb_shinfo(skb)->frag_list; 2767 if (!list) { 2768 /* Non fragmented */ 2769 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len); 2770 2771 skb_queue_tail(queue, skb); 2772 } else { 2773 /* Fragmented */ 2774 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len); 2775 2776 skb_shinfo(skb)->frag_list = NULL; 2777 2778 /* Queue all fragments atomically */ 2779 spin_lock(&queue->lock); 2780 2781 __skb_queue_tail(queue, skb); 2782 2783 flags &= ~ACL_START; 2784 flags |= ACL_CONT; 2785 do { 2786 skb = list; list = list->next; 2787 2788 skb->dev = (void *) hdev; 2789 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 2790 hci_add_acl_hdr(skb, conn->handle, flags); 2791 2792 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len); 2793 2794 __skb_queue_tail(queue, skb); 2795 } while (list); 2796 2797 spin_unlock(&queue->lock); 2798 } 2799 } 2800 2801 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags) 2802 { 2803 struct hci_dev *hdev = chan->conn->hdev; 2804 2805 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags); 2806 2807 skb->dev = (void *) hdev; 2808 2809 hci_queue_acl(chan, &chan->data_q, skb, flags); 2810 2811 queue_work(hdev->workqueue, &hdev->tx_work); 2812 } 2813 2814 /* Send SCO data */ 2815 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb) 2816 { 2817 struct hci_dev *hdev = conn->hdev; 2818 struct hci_sco_hdr hdr; 2819 2820 BT_DBG("%s len %d", hdev->name, skb->len); 2821 2822 hdr.handle = cpu_to_le16(conn->handle); 2823 hdr.dlen = skb->len; 2824 2825 skb_push(skb, HCI_SCO_HDR_SIZE); 2826 skb_reset_transport_header(skb); 2827 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE); 2828 2829 skb->dev = (void *) hdev; 2830 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT; 2831 2832 skb_queue_tail(&conn->data_q, skb); 2833 queue_work(hdev->workqueue, &hdev->tx_work); 2834 } 2835 2836 /* ---- HCI TX task (outgoing data) ---- */ 2837 2838 /* HCI Connection scheduler */ 2839 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, 2840 int *quote) 2841 { 2842 struct hci_conn_hash *h = &hdev->conn_hash; 2843 struct hci_conn *conn = NULL, *c; 2844 unsigned int num = 0, min = ~0; 2845 2846 /* We don't have to lock device here. Connections are always 2847 * added and removed with TX task disabled. */ 2848 2849 rcu_read_lock(); 2850 2851 list_for_each_entry_rcu(c, &h->list, list) { 2852 if (c->type != type || skb_queue_empty(&c->data_q)) 2853 continue; 2854 2855 if (c->state != BT_CONNECTED && c->state != BT_CONFIG) 2856 continue; 2857 2858 num++; 2859 2860 if (c->sent < min) { 2861 min = c->sent; 2862 conn = c; 2863 } 2864 2865 if (hci_conn_num(hdev, type) == num) 2866 break; 2867 } 2868 2869 rcu_read_unlock(); 2870 2871 if (conn) { 2872 int cnt, q; 2873 2874 switch (conn->type) { 2875 case ACL_LINK: 2876 cnt = hdev->acl_cnt; 2877 break; 2878 case SCO_LINK: 2879 case ESCO_LINK: 2880 cnt = hdev->sco_cnt; 2881 break; 2882 case LE_LINK: 2883 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt; 2884 break; 2885 default: 2886 cnt = 0; 2887 BT_ERR("Unknown link type"); 2888 } 2889 2890 q = cnt / num; 2891 *quote = q ? q : 1; 2892 } else 2893 *quote = 0; 2894 2895 BT_DBG("conn %p quote %d", conn, *quote); 2896 return conn; 2897 } 2898 2899 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type) 2900 { 2901 struct hci_conn_hash *h = &hdev->conn_hash; 2902 struct hci_conn *c; 2903 2904 BT_ERR("%s link tx timeout", hdev->name); 2905 2906 rcu_read_lock(); 2907 2908 /* Kill stalled connections */ 2909 list_for_each_entry_rcu(c, &h->list, list) { 2910 if (c->type == type && c->sent) { 2911 BT_ERR("%s killing stalled connection %pMR", 2912 hdev->name, &c->dst); 2913 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM); 2914 } 2915 } 2916 2917 rcu_read_unlock(); 2918 } 2919 2920 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type, 2921 int *quote) 2922 { 2923 struct hci_conn_hash *h = &hdev->conn_hash; 2924 struct hci_chan *chan = NULL; 2925 unsigned int num = 0, min = ~0, cur_prio = 0; 2926 struct hci_conn *conn; 2927 int cnt, q, conn_num = 0; 2928 2929 BT_DBG("%s", hdev->name); 2930 2931 rcu_read_lock(); 2932 2933 list_for_each_entry_rcu(conn, &h->list, list) { 2934 struct hci_chan *tmp; 2935 2936 if (conn->type != type) 2937 continue; 2938 2939 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG) 2940 continue; 2941 2942 conn_num++; 2943 2944 list_for_each_entry_rcu(tmp, &conn->chan_list, list) { 2945 struct sk_buff *skb; 2946 2947 if (skb_queue_empty(&tmp->data_q)) 2948 continue; 2949 2950 skb = skb_peek(&tmp->data_q); 2951 if (skb->priority < cur_prio) 2952 continue; 2953 2954 if (skb->priority > cur_prio) { 2955 num = 0; 2956 min = ~0; 2957 cur_prio = skb->priority; 2958 } 2959 2960 num++; 2961 2962 if (conn->sent < min) { 2963 min = conn->sent; 2964 chan = tmp; 2965 } 2966 } 2967 2968 if (hci_conn_num(hdev, type) == conn_num) 2969 break; 2970 } 2971 2972 rcu_read_unlock(); 2973 2974 if (!chan) 2975 return NULL; 2976 2977 switch (chan->conn->type) { 2978 case ACL_LINK: 2979 cnt = hdev->acl_cnt; 2980 break; 2981 case AMP_LINK: 2982 cnt = hdev->block_cnt; 2983 break; 2984 case SCO_LINK: 2985 case ESCO_LINK: 2986 cnt = hdev->sco_cnt; 2987 break; 2988 case LE_LINK: 2989 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt; 2990 break; 2991 default: 2992 cnt = 0; 2993 BT_ERR("Unknown link type"); 2994 } 2995 2996 q = cnt / num; 2997 *quote = q ? q : 1; 2998 BT_DBG("chan %p quote %d", chan, *quote); 2999 return chan; 3000 } 3001 3002 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type) 3003 { 3004 struct hci_conn_hash *h = &hdev->conn_hash; 3005 struct hci_conn *conn; 3006 int num = 0; 3007 3008 BT_DBG("%s", hdev->name); 3009 3010 rcu_read_lock(); 3011 3012 list_for_each_entry_rcu(conn, &h->list, list) { 3013 struct hci_chan *chan; 3014 3015 if (conn->type != type) 3016 continue; 3017 3018 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG) 3019 continue; 3020 3021 num++; 3022 3023 list_for_each_entry_rcu(chan, &conn->chan_list, list) { 3024 struct sk_buff *skb; 3025 3026 if (chan->sent) { 3027 chan->sent = 0; 3028 continue; 3029 } 3030 3031 if (skb_queue_empty(&chan->data_q)) 3032 continue; 3033 3034 skb = skb_peek(&chan->data_q); 3035 if (skb->priority >= HCI_PRIO_MAX - 1) 3036 continue; 3037 3038 skb->priority = HCI_PRIO_MAX - 1; 3039 3040 BT_DBG("chan %p skb %p promoted to %d", chan, skb, 3041 skb->priority); 3042 } 3043 3044 if (hci_conn_num(hdev, type) == num) 3045 break; 3046 } 3047 3048 rcu_read_unlock(); 3049 3050 } 3051 3052 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb) 3053 { 3054 /* Calculate count of blocks used by this packet */ 3055 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len); 3056 } 3057 3058 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt) 3059 { 3060 if (!test_bit(HCI_RAW, &hdev->flags)) { 3061 /* ACL tx timeout must be longer than maximum 3062 * link supervision timeout (40.9 seconds) */ 3063 if (!cnt && time_after(jiffies, hdev->acl_last_tx + 3064 HCI_ACL_TX_TIMEOUT)) 3065 hci_link_tx_to(hdev, ACL_LINK); 3066 } 3067 } 3068 3069 static void hci_sched_acl_pkt(struct hci_dev *hdev) 3070 { 3071 unsigned int cnt = hdev->acl_cnt; 3072 struct hci_chan *chan; 3073 struct sk_buff *skb; 3074 int quote; 3075 3076 __check_timeout(hdev, cnt); 3077 3078 while (hdev->acl_cnt && 3079 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) { 3080 u32 priority = (skb_peek(&chan->data_q))->priority; 3081 while (quote-- && (skb = skb_peek(&chan->data_q))) { 3082 BT_DBG("chan %p skb %p len %d priority %u", chan, skb, 3083 skb->len, skb->priority); 3084 3085 /* Stop if priority has changed */ 3086 if (skb->priority < priority) 3087 break; 3088 3089 skb = skb_dequeue(&chan->data_q); 3090 3091 hci_conn_enter_active_mode(chan->conn, 3092 bt_cb(skb)->force_active); 3093 3094 hci_send_frame(skb); 3095 hdev->acl_last_tx = jiffies; 3096 3097 hdev->acl_cnt--; 3098 chan->sent++; 3099 chan->conn->sent++; 3100 } 3101 } 3102 3103 if (cnt != hdev->acl_cnt) 3104 hci_prio_recalculate(hdev, ACL_LINK); 3105 } 3106 3107 static void hci_sched_acl_blk(struct hci_dev *hdev) 3108 { 3109 unsigned int cnt = hdev->block_cnt; 3110 struct hci_chan *chan; 3111 struct sk_buff *skb; 3112 int quote; 3113 u8 type; 3114 3115 __check_timeout(hdev, cnt); 3116 3117 BT_DBG("%s", hdev->name); 3118 3119 if (hdev->dev_type == HCI_AMP) 3120 type = AMP_LINK; 3121 else 3122 type = ACL_LINK; 3123 3124 while (hdev->block_cnt > 0 && 3125 (chan = hci_chan_sent(hdev, type, "e))) { 3126 u32 priority = (skb_peek(&chan->data_q))->priority; 3127 while (quote > 0 && (skb = skb_peek(&chan->data_q))) { 3128 int blocks; 3129 3130 BT_DBG("chan %p skb %p len %d priority %u", chan, skb, 3131 skb->len, skb->priority); 3132 3133 /* Stop if priority has changed */ 3134 if (skb->priority < priority) 3135 break; 3136 3137 skb = skb_dequeue(&chan->data_q); 3138 3139 blocks = __get_blocks(hdev, skb); 3140 if (blocks > hdev->block_cnt) 3141 return; 3142 3143 hci_conn_enter_active_mode(chan->conn, 3144 bt_cb(skb)->force_active); 3145 3146 hci_send_frame(skb); 3147 hdev->acl_last_tx = jiffies; 3148 3149 hdev->block_cnt -= blocks; 3150 quote -= blocks; 3151 3152 chan->sent += blocks; 3153 chan->conn->sent += blocks; 3154 } 3155 } 3156 3157 if (cnt != hdev->block_cnt) 3158 hci_prio_recalculate(hdev, type); 3159 } 3160 3161 static void hci_sched_acl(struct hci_dev *hdev) 3162 { 3163 BT_DBG("%s", hdev->name); 3164 3165 /* No ACL link over BR/EDR controller */ 3166 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR) 3167 return; 3168 3169 /* No AMP link over AMP controller */ 3170 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP) 3171 return; 3172 3173 switch (hdev->flow_ctl_mode) { 3174 case HCI_FLOW_CTL_MODE_PACKET_BASED: 3175 hci_sched_acl_pkt(hdev); 3176 break; 3177 3178 case HCI_FLOW_CTL_MODE_BLOCK_BASED: 3179 hci_sched_acl_blk(hdev); 3180 break; 3181 } 3182 } 3183 3184 /* Schedule SCO */ 3185 static void hci_sched_sco(struct hci_dev *hdev) 3186 { 3187 struct hci_conn *conn; 3188 struct sk_buff *skb; 3189 int quote; 3190 3191 BT_DBG("%s", hdev->name); 3192 3193 if (!hci_conn_num(hdev, SCO_LINK)) 3194 return; 3195 3196 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) { 3197 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 3198 BT_DBG("skb %p len %d", skb, skb->len); 3199 hci_send_frame(skb); 3200 3201 conn->sent++; 3202 if (conn->sent == ~0) 3203 conn->sent = 0; 3204 } 3205 } 3206 } 3207 3208 static void hci_sched_esco(struct hci_dev *hdev) 3209 { 3210 struct hci_conn *conn; 3211 struct sk_buff *skb; 3212 int quote; 3213 3214 BT_DBG("%s", hdev->name); 3215 3216 if (!hci_conn_num(hdev, ESCO_LINK)) 3217 return; 3218 3219 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, 3220 "e))) { 3221 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 3222 BT_DBG("skb %p len %d", skb, skb->len); 3223 hci_send_frame(skb); 3224 3225 conn->sent++; 3226 if (conn->sent == ~0) 3227 conn->sent = 0; 3228 } 3229 } 3230 } 3231 3232 static void hci_sched_le(struct hci_dev *hdev) 3233 { 3234 struct hci_chan *chan; 3235 struct sk_buff *skb; 3236 int quote, cnt, tmp; 3237 3238 BT_DBG("%s", hdev->name); 3239 3240 if (!hci_conn_num(hdev, LE_LINK)) 3241 return; 3242 3243 if (!test_bit(HCI_RAW, &hdev->flags)) { 3244 /* LE tx timeout must be longer than maximum 3245 * link supervision timeout (40.9 seconds) */ 3246 if (!hdev->le_cnt && hdev->le_pkts && 3247 time_after(jiffies, hdev->le_last_tx + HZ * 45)) 3248 hci_link_tx_to(hdev, LE_LINK); 3249 } 3250 3251 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt; 3252 tmp = cnt; 3253 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) { 3254 u32 priority = (skb_peek(&chan->data_q))->priority; 3255 while (quote-- && (skb = skb_peek(&chan->data_q))) { 3256 BT_DBG("chan %p skb %p len %d priority %u", chan, skb, 3257 skb->len, skb->priority); 3258 3259 /* Stop if priority has changed */ 3260 if (skb->priority < priority) 3261 break; 3262 3263 skb = skb_dequeue(&chan->data_q); 3264 3265 hci_send_frame(skb); 3266 hdev->le_last_tx = jiffies; 3267 3268 cnt--; 3269 chan->sent++; 3270 chan->conn->sent++; 3271 } 3272 } 3273 3274 if (hdev->le_pkts) 3275 hdev->le_cnt = cnt; 3276 else 3277 hdev->acl_cnt = cnt; 3278 3279 if (cnt != tmp) 3280 hci_prio_recalculate(hdev, LE_LINK); 3281 } 3282 3283 static void hci_tx_work(struct work_struct *work) 3284 { 3285 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work); 3286 struct sk_buff *skb; 3287 3288 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt, 3289 hdev->sco_cnt, hdev->le_cnt); 3290 3291 /* Schedule queues and send stuff to HCI driver */ 3292 3293 hci_sched_acl(hdev); 3294 3295 hci_sched_sco(hdev); 3296 3297 hci_sched_esco(hdev); 3298 3299 hci_sched_le(hdev); 3300 3301 /* Send next queued raw (unknown type) packet */ 3302 while ((skb = skb_dequeue(&hdev->raw_q))) 3303 hci_send_frame(skb); 3304 } 3305 3306 /* ----- HCI RX task (incoming data processing) ----- */ 3307 3308 /* ACL data packet */ 3309 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb) 3310 { 3311 struct hci_acl_hdr *hdr = (void *) skb->data; 3312 struct hci_conn *conn; 3313 __u16 handle, flags; 3314 3315 skb_pull(skb, HCI_ACL_HDR_SIZE); 3316 3317 handle = __le16_to_cpu(hdr->handle); 3318 flags = hci_flags(handle); 3319 handle = hci_handle(handle); 3320 3321 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len, 3322 handle, flags); 3323 3324 hdev->stat.acl_rx++; 3325 3326 hci_dev_lock(hdev); 3327 conn = hci_conn_hash_lookup_handle(hdev, handle); 3328 hci_dev_unlock(hdev); 3329 3330 if (conn) { 3331 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF); 3332 3333 /* Send to upper protocol */ 3334 l2cap_recv_acldata(conn, skb, flags); 3335 return; 3336 } else { 3337 BT_ERR("%s ACL packet for unknown connection handle %d", 3338 hdev->name, handle); 3339 } 3340 3341 kfree_skb(skb); 3342 } 3343 3344 /* SCO data packet */ 3345 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb) 3346 { 3347 struct hci_sco_hdr *hdr = (void *) skb->data; 3348 struct hci_conn *conn; 3349 __u16 handle; 3350 3351 skb_pull(skb, HCI_SCO_HDR_SIZE); 3352 3353 handle = __le16_to_cpu(hdr->handle); 3354 3355 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle); 3356 3357 hdev->stat.sco_rx++; 3358 3359 hci_dev_lock(hdev); 3360 conn = hci_conn_hash_lookup_handle(hdev, handle); 3361 hci_dev_unlock(hdev); 3362 3363 if (conn) { 3364 /* Send to upper protocol */ 3365 sco_recv_scodata(conn, skb); 3366 return; 3367 } else { 3368 BT_ERR("%s SCO packet for unknown connection handle %d", 3369 hdev->name, handle); 3370 } 3371 3372 kfree_skb(skb); 3373 } 3374 3375 static bool hci_req_is_complete(struct hci_dev *hdev) 3376 { 3377 struct sk_buff *skb; 3378 3379 skb = skb_peek(&hdev->cmd_q); 3380 if (!skb) 3381 return true; 3382 3383 return bt_cb(skb)->req.start; 3384 } 3385 3386 static void hci_resend_last(struct hci_dev *hdev) 3387 { 3388 struct hci_command_hdr *sent; 3389 struct sk_buff *skb; 3390 u16 opcode; 3391 3392 if (!hdev->sent_cmd) 3393 return; 3394 3395 sent = (void *) hdev->sent_cmd->data; 3396 opcode = __le16_to_cpu(sent->opcode); 3397 if (opcode == HCI_OP_RESET) 3398 return; 3399 3400 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL); 3401 if (!skb) 3402 return; 3403 3404 skb_queue_head(&hdev->cmd_q, skb); 3405 queue_work(hdev->workqueue, &hdev->cmd_work); 3406 } 3407 3408 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status) 3409 { 3410 hci_req_complete_t req_complete = NULL; 3411 struct sk_buff *skb; 3412 unsigned long flags; 3413 3414 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status); 3415 3416 /* If the completed command doesn't match the last one that was 3417 * sent we need to do special handling of it. 3418 */ 3419 if (!hci_sent_cmd_data(hdev, opcode)) { 3420 /* Some CSR based controllers generate a spontaneous 3421 * reset complete event during init and any pending 3422 * command will never be completed. In such a case we 3423 * need to resend whatever was the last sent 3424 * command. 3425 */ 3426 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET) 3427 hci_resend_last(hdev); 3428 3429 return; 3430 } 3431 3432 /* If the command succeeded and there's still more commands in 3433 * this request the request is not yet complete. 3434 */ 3435 if (!status && !hci_req_is_complete(hdev)) 3436 return; 3437 3438 /* If this was the last command in a request the complete 3439 * callback would be found in hdev->sent_cmd instead of the 3440 * command queue (hdev->cmd_q). 3441 */ 3442 if (hdev->sent_cmd) { 3443 req_complete = bt_cb(hdev->sent_cmd)->req.complete; 3444 if (req_complete) 3445 goto call_complete; 3446 } 3447 3448 /* Remove all pending commands belonging to this request */ 3449 spin_lock_irqsave(&hdev->cmd_q.lock, flags); 3450 while ((skb = __skb_dequeue(&hdev->cmd_q))) { 3451 if (bt_cb(skb)->req.start) { 3452 __skb_queue_head(&hdev->cmd_q, skb); 3453 break; 3454 } 3455 3456 req_complete = bt_cb(skb)->req.complete; 3457 kfree_skb(skb); 3458 } 3459 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags); 3460 3461 call_complete: 3462 if (req_complete) 3463 req_complete(hdev, status); 3464 } 3465 3466 static void hci_rx_work(struct work_struct *work) 3467 { 3468 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work); 3469 struct sk_buff *skb; 3470 3471 BT_DBG("%s", hdev->name); 3472 3473 while ((skb = skb_dequeue(&hdev->rx_q))) { 3474 /* Send copy to monitor */ 3475 hci_send_to_monitor(hdev, skb); 3476 3477 if (atomic_read(&hdev->promisc)) { 3478 /* Send copy to the sockets */ 3479 hci_send_to_sock(hdev, skb); 3480 } 3481 3482 if (test_bit(HCI_RAW, &hdev->flags)) { 3483 kfree_skb(skb); 3484 continue; 3485 } 3486 3487 if (test_bit(HCI_INIT, &hdev->flags)) { 3488 /* Don't process data packets in this states. */ 3489 switch (bt_cb(skb)->pkt_type) { 3490 case HCI_ACLDATA_PKT: 3491 case HCI_SCODATA_PKT: 3492 kfree_skb(skb); 3493 continue; 3494 } 3495 } 3496 3497 /* Process frame */ 3498 switch (bt_cb(skb)->pkt_type) { 3499 case HCI_EVENT_PKT: 3500 BT_DBG("%s Event packet", hdev->name); 3501 hci_event_packet(hdev, skb); 3502 break; 3503 3504 case HCI_ACLDATA_PKT: 3505 BT_DBG("%s ACL data packet", hdev->name); 3506 hci_acldata_packet(hdev, skb); 3507 break; 3508 3509 case HCI_SCODATA_PKT: 3510 BT_DBG("%s SCO data packet", hdev->name); 3511 hci_scodata_packet(hdev, skb); 3512 break; 3513 3514 default: 3515 kfree_skb(skb); 3516 break; 3517 } 3518 } 3519 } 3520 3521 static void hci_cmd_work(struct work_struct *work) 3522 { 3523 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work); 3524 struct sk_buff *skb; 3525 3526 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name, 3527 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q)); 3528 3529 /* Send queued commands */ 3530 if (atomic_read(&hdev->cmd_cnt)) { 3531 skb = skb_dequeue(&hdev->cmd_q); 3532 if (!skb) 3533 return; 3534 3535 kfree_skb(hdev->sent_cmd); 3536 3537 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC); 3538 if (hdev->sent_cmd) { 3539 atomic_dec(&hdev->cmd_cnt); 3540 hci_send_frame(skb); 3541 if (test_bit(HCI_RESET, &hdev->flags)) 3542 del_timer(&hdev->cmd_timer); 3543 else 3544 mod_timer(&hdev->cmd_timer, 3545 jiffies + HCI_CMD_TIMEOUT); 3546 } else { 3547 skb_queue_head(&hdev->cmd_q, skb); 3548 queue_work(hdev->workqueue, &hdev->cmd_work); 3549 } 3550 } 3551 } 3552 3553 int hci_do_inquiry(struct hci_dev *hdev, u8 length) 3554 { 3555 /* General inquiry access code (GIAC) */ 3556 u8 lap[3] = { 0x33, 0x8b, 0x9e }; 3557 struct hci_cp_inquiry cp; 3558 3559 BT_DBG("%s", hdev->name); 3560 3561 if (test_bit(HCI_INQUIRY, &hdev->flags)) 3562 return -EINPROGRESS; 3563 3564 inquiry_cache_flush(hdev); 3565 3566 memset(&cp, 0, sizeof(cp)); 3567 memcpy(&cp.lap, lap, sizeof(cp.lap)); 3568 cp.length = length; 3569 3570 return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp); 3571 } 3572 3573 int hci_cancel_inquiry(struct hci_dev *hdev) 3574 { 3575 BT_DBG("%s", hdev->name); 3576 3577 if (!test_bit(HCI_INQUIRY, &hdev->flags)) 3578 return -EALREADY; 3579 3580 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL); 3581 } 3582 3583 u8 bdaddr_to_le(u8 bdaddr_type) 3584 { 3585 switch (bdaddr_type) { 3586 case BDADDR_LE_PUBLIC: 3587 return ADDR_LE_DEV_PUBLIC; 3588 3589 default: 3590 /* Fallback to LE Random address type */ 3591 return ADDR_LE_DEV_RANDOM; 3592 } 3593 } 3594