1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2011 ProFUSION Embedded Systems 5 6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License version 2 as 10 published by the Free Software Foundation; 11 12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 20 21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 23 SOFTWARE IS DISCLAIMED. 24 */ 25 26 /* Bluetooth HCI core. */ 27 28 #include <linux/export.h> 29 #include <linux/idr.h> 30 #include <linux/rfkill.h> 31 #include <linux/debugfs.h> 32 #include <asm/unaligned.h> 33 34 #include <net/bluetooth/bluetooth.h> 35 #include <net/bluetooth/hci_core.h> 36 37 static void hci_rx_work(struct work_struct *work); 38 static void hci_cmd_work(struct work_struct *work); 39 static void hci_tx_work(struct work_struct *work); 40 41 /* HCI device list */ 42 LIST_HEAD(hci_dev_list); 43 DEFINE_RWLOCK(hci_dev_list_lock); 44 45 /* HCI callback list */ 46 LIST_HEAD(hci_cb_list); 47 DEFINE_RWLOCK(hci_cb_list_lock); 48 49 /* HCI ID Numbering */ 50 static DEFINE_IDA(hci_index_ida); 51 52 /* ---- HCI notifications ---- */ 53 54 static void hci_notify(struct hci_dev *hdev, int event) 55 { 56 hci_sock_dev_event(hdev, event); 57 } 58 59 /* ---- HCI debugfs entries ---- */ 60 61 static ssize_t dut_mode_read(struct file *file, char __user *user_buf, 62 size_t count, loff_t *ppos) 63 { 64 struct hci_dev *hdev = file->private_data; 65 char buf[3]; 66 67 buf[0] = test_bit(HCI_DUT_MODE, &hdev->dev_flags) ? 'Y': 'N'; 68 buf[1] = '\n'; 69 buf[2] = '\0'; 70 return simple_read_from_buffer(user_buf, count, ppos, buf, 2); 71 } 72 73 static ssize_t dut_mode_write(struct file *file, const char __user *user_buf, 74 size_t count, loff_t *ppos) 75 { 76 struct hci_dev *hdev = file->private_data; 77 struct sk_buff *skb; 78 char buf[32]; 79 size_t buf_size = min(count, (sizeof(buf)-1)); 80 bool enable; 81 int err; 82 83 if (!test_bit(HCI_UP, &hdev->flags)) 84 return -ENETDOWN; 85 86 if (copy_from_user(buf, user_buf, buf_size)) 87 return -EFAULT; 88 89 buf[buf_size] = '\0'; 90 if (strtobool(buf, &enable)) 91 return -EINVAL; 92 93 if (enable == test_bit(HCI_DUT_MODE, &hdev->dev_flags)) 94 return -EALREADY; 95 96 hci_req_lock(hdev); 97 if (enable) 98 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL, 99 HCI_CMD_TIMEOUT); 100 else 101 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, 102 HCI_CMD_TIMEOUT); 103 hci_req_unlock(hdev); 104 105 if (IS_ERR(skb)) 106 return PTR_ERR(skb); 107 108 err = -bt_to_errno(skb->data[0]); 109 kfree_skb(skb); 110 111 if (err < 0) 112 return err; 113 114 change_bit(HCI_DUT_MODE, &hdev->dev_flags); 115 116 return count; 117 } 118 119 static const struct file_operations dut_mode_fops = { 120 .open = simple_open, 121 .read = dut_mode_read, 122 .write = dut_mode_write, 123 .llseek = default_llseek, 124 }; 125 126 static int features_show(struct seq_file *f, void *ptr) 127 { 128 struct hci_dev *hdev = f->private; 129 u8 p; 130 131 hci_dev_lock(hdev); 132 for (p = 0; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) { 133 seq_printf(f, "%2u: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x " 134 "0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n", p, 135 hdev->features[p][0], hdev->features[p][1], 136 hdev->features[p][2], hdev->features[p][3], 137 hdev->features[p][4], hdev->features[p][5], 138 hdev->features[p][6], hdev->features[p][7]); 139 } 140 if (lmp_le_capable(hdev)) 141 seq_printf(f, "LE: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x " 142 "0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n", 143 hdev->le_features[0], hdev->le_features[1], 144 hdev->le_features[2], hdev->le_features[3], 145 hdev->le_features[4], hdev->le_features[5], 146 hdev->le_features[6], hdev->le_features[7]); 147 hci_dev_unlock(hdev); 148 149 return 0; 150 } 151 152 static int features_open(struct inode *inode, struct file *file) 153 { 154 return single_open(file, features_show, inode->i_private); 155 } 156 157 static const struct file_operations features_fops = { 158 .open = features_open, 159 .read = seq_read, 160 .llseek = seq_lseek, 161 .release = single_release, 162 }; 163 164 static int blacklist_show(struct seq_file *f, void *p) 165 { 166 struct hci_dev *hdev = f->private; 167 struct bdaddr_list *b; 168 169 hci_dev_lock(hdev); 170 list_for_each_entry(b, &hdev->blacklist, list) 171 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type); 172 hci_dev_unlock(hdev); 173 174 return 0; 175 } 176 177 static int blacklist_open(struct inode *inode, struct file *file) 178 { 179 return single_open(file, blacklist_show, inode->i_private); 180 } 181 182 static const struct file_operations blacklist_fops = { 183 .open = blacklist_open, 184 .read = seq_read, 185 .llseek = seq_lseek, 186 .release = single_release, 187 }; 188 189 static int uuids_show(struct seq_file *f, void *p) 190 { 191 struct hci_dev *hdev = f->private; 192 struct bt_uuid *uuid; 193 194 hci_dev_lock(hdev); 195 list_for_each_entry(uuid, &hdev->uuids, list) { 196 u8 i, val[16]; 197 198 /* The Bluetooth UUID values are stored in big endian, 199 * but with reversed byte order. So convert them into 200 * the right order for the %pUb modifier. 201 */ 202 for (i = 0; i < 16; i++) 203 val[i] = uuid->uuid[15 - i]; 204 205 seq_printf(f, "%pUb\n", val); 206 } 207 hci_dev_unlock(hdev); 208 209 return 0; 210 } 211 212 static int uuids_open(struct inode *inode, struct file *file) 213 { 214 return single_open(file, uuids_show, inode->i_private); 215 } 216 217 static const struct file_operations uuids_fops = { 218 .open = uuids_open, 219 .read = seq_read, 220 .llseek = seq_lseek, 221 .release = single_release, 222 }; 223 224 static int inquiry_cache_show(struct seq_file *f, void *p) 225 { 226 struct hci_dev *hdev = f->private; 227 struct discovery_state *cache = &hdev->discovery; 228 struct inquiry_entry *e; 229 230 hci_dev_lock(hdev); 231 232 list_for_each_entry(e, &cache->all, all) { 233 struct inquiry_data *data = &e->data; 234 seq_printf(f, "%pMR %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n", 235 &data->bdaddr, 236 data->pscan_rep_mode, data->pscan_period_mode, 237 data->pscan_mode, data->dev_class[2], 238 data->dev_class[1], data->dev_class[0], 239 __le16_to_cpu(data->clock_offset), 240 data->rssi, data->ssp_mode, e->timestamp); 241 } 242 243 hci_dev_unlock(hdev); 244 245 return 0; 246 } 247 248 static int inquiry_cache_open(struct inode *inode, struct file *file) 249 { 250 return single_open(file, inquiry_cache_show, inode->i_private); 251 } 252 253 static const struct file_operations inquiry_cache_fops = { 254 .open = inquiry_cache_open, 255 .read = seq_read, 256 .llseek = seq_lseek, 257 .release = single_release, 258 }; 259 260 static int link_keys_show(struct seq_file *f, void *ptr) 261 { 262 struct hci_dev *hdev = f->private; 263 struct list_head *p, *n; 264 265 hci_dev_lock(hdev); 266 list_for_each_safe(p, n, &hdev->link_keys) { 267 struct link_key *key = list_entry(p, struct link_key, list); 268 seq_printf(f, "%pMR %u %*phN %u\n", &key->bdaddr, key->type, 269 HCI_LINK_KEY_SIZE, key->val, key->pin_len); 270 } 271 hci_dev_unlock(hdev); 272 273 return 0; 274 } 275 276 static int link_keys_open(struct inode *inode, struct file *file) 277 { 278 return single_open(file, link_keys_show, inode->i_private); 279 } 280 281 static const struct file_operations link_keys_fops = { 282 .open = link_keys_open, 283 .read = seq_read, 284 .llseek = seq_lseek, 285 .release = single_release, 286 }; 287 288 static ssize_t use_debug_keys_read(struct file *file, char __user *user_buf, 289 size_t count, loff_t *ppos) 290 { 291 struct hci_dev *hdev = file->private_data; 292 char buf[3]; 293 294 buf[0] = test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) ? 'Y': 'N'; 295 buf[1] = '\n'; 296 buf[2] = '\0'; 297 return simple_read_from_buffer(user_buf, count, ppos, buf, 2); 298 } 299 300 static const struct file_operations use_debug_keys_fops = { 301 .open = simple_open, 302 .read = use_debug_keys_read, 303 .llseek = default_llseek, 304 }; 305 306 static int dev_class_show(struct seq_file *f, void *ptr) 307 { 308 struct hci_dev *hdev = f->private; 309 310 hci_dev_lock(hdev); 311 seq_printf(f, "0x%.2x%.2x%.2x\n", hdev->dev_class[2], 312 hdev->dev_class[1], hdev->dev_class[0]); 313 hci_dev_unlock(hdev); 314 315 return 0; 316 } 317 318 static int dev_class_open(struct inode *inode, struct file *file) 319 { 320 return single_open(file, dev_class_show, inode->i_private); 321 } 322 323 static const struct file_operations dev_class_fops = { 324 .open = dev_class_open, 325 .read = seq_read, 326 .llseek = seq_lseek, 327 .release = single_release, 328 }; 329 330 static int voice_setting_get(void *data, u64 *val) 331 { 332 struct hci_dev *hdev = data; 333 334 hci_dev_lock(hdev); 335 *val = hdev->voice_setting; 336 hci_dev_unlock(hdev); 337 338 return 0; 339 } 340 341 DEFINE_SIMPLE_ATTRIBUTE(voice_setting_fops, voice_setting_get, 342 NULL, "0x%4.4llx\n"); 343 344 static int auto_accept_delay_set(void *data, u64 val) 345 { 346 struct hci_dev *hdev = data; 347 348 hci_dev_lock(hdev); 349 hdev->auto_accept_delay = val; 350 hci_dev_unlock(hdev); 351 352 return 0; 353 } 354 355 static int auto_accept_delay_get(void *data, u64 *val) 356 { 357 struct hci_dev *hdev = data; 358 359 hci_dev_lock(hdev); 360 *val = hdev->auto_accept_delay; 361 hci_dev_unlock(hdev); 362 363 return 0; 364 } 365 366 DEFINE_SIMPLE_ATTRIBUTE(auto_accept_delay_fops, auto_accept_delay_get, 367 auto_accept_delay_set, "%llu\n"); 368 369 static int ssp_debug_mode_set(void *data, u64 val) 370 { 371 struct hci_dev *hdev = data; 372 struct sk_buff *skb; 373 __u8 mode; 374 int err; 375 376 if (val != 0 && val != 1) 377 return -EINVAL; 378 379 if (!test_bit(HCI_UP, &hdev->flags)) 380 return -ENETDOWN; 381 382 hci_req_lock(hdev); 383 mode = val; 384 skb = __hci_cmd_sync(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, sizeof(mode), 385 &mode, HCI_CMD_TIMEOUT); 386 hci_req_unlock(hdev); 387 388 if (IS_ERR(skb)) 389 return PTR_ERR(skb); 390 391 err = -bt_to_errno(skb->data[0]); 392 kfree_skb(skb); 393 394 if (err < 0) 395 return err; 396 397 hci_dev_lock(hdev); 398 hdev->ssp_debug_mode = val; 399 hci_dev_unlock(hdev); 400 401 return 0; 402 } 403 404 static int ssp_debug_mode_get(void *data, u64 *val) 405 { 406 struct hci_dev *hdev = data; 407 408 hci_dev_lock(hdev); 409 *val = hdev->ssp_debug_mode; 410 hci_dev_unlock(hdev); 411 412 return 0; 413 } 414 415 DEFINE_SIMPLE_ATTRIBUTE(ssp_debug_mode_fops, ssp_debug_mode_get, 416 ssp_debug_mode_set, "%llu\n"); 417 418 static int idle_timeout_set(void *data, u64 val) 419 { 420 struct hci_dev *hdev = data; 421 422 if (val != 0 && (val < 500 || val > 3600000)) 423 return -EINVAL; 424 425 hci_dev_lock(hdev); 426 hdev->idle_timeout = val; 427 hci_dev_unlock(hdev); 428 429 return 0; 430 } 431 432 static int idle_timeout_get(void *data, u64 *val) 433 { 434 struct hci_dev *hdev = data; 435 436 hci_dev_lock(hdev); 437 *val = hdev->idle_timeout; 438 hci_dev_unlock(hdev); 439 440 return 0; 441 } 442 443 DEFINE_SIMPLE_ATTRIBUTE(idle_timeout_fops, idle_timeout_get, 444 idle_timeout_set, "%llu\n"); 445 446 static int sniff_min_interval_set(void *data, u64 val) 447 { 448 struct hci_dev *hdev = data; 449 450 if (val == 0 || val % 2 || val > hdev->sniff_max_interval) 451 return -EINVAL; 452 453 hci_dev_lock(hdev); 454 hdev->sniff_min_interval = val; 455 hci_dev_unlock(hdev); 456 457 return 0; 458 } 459 460 static int sniff_min_interval_get(void *data, u64 *val) 461 { 462 struct hci_dev *hdev = data; 463 464 hci_dev_lock(hdev); 465 *val = hdev->sniff_min_interval; 466 hci_dev_unlock(hdev); 467 468 return 0; 469 } 470 471 DEFINE_SIMPLE_ATTRIBUTE(sniff_min_interval_fops, sniff_min_interval_get, 472 sniff_min_interval_set, "%llu\n"); 473 474 static int sniff_max_interval_set(void *data, u64 val) 475 { 476 struct hci_dev *hdev = data; 477 478 if (val == 0 || val % 2 || val < hdev->sniff_min_interval) 479 return -EINVAL; 480 481 hci_dev_lock(hdev); 482 hdev->sniff_max_interval = val; 483 hci_dev_unlock(hdev); 484 485 return 0; 486 } 487 488 static int sniff_max_interval_get(void *data, u64 *val) 489 { 490 struct hci_dev *hdev = data; 491 492 hci_dev_lock(hdev); 493 *val = hdev->sniff_max_interval; 494 hci_dev_unlock(hdev); 495 496 return 0; 497 } 498 499 DEFINE_SIMPLE_ATTRIBUTE(sniff_max_interval_fops, sniff_max_interval_get, 500 sniff_max_interval_set, "%llu\n"); 501 502 static int static_address_show(struct seq_file *f, void *p) 503 { 504 struct hci_dev *hdev = f->private; 505 506 hci_dev_lock(hdev); 507 seq_printf(f, "%pMR\n", &hdev->static_addr); 508 hci_dev_unlock(hdev); 509 510 return 0; 511 } 512 513 static int static_address_open(struct inode *inode, struct file *file) 514 { 515 return single_open(file, static_address_show, inode->i_private); 516 } 517 518 static const struct file_operations static_address_fops = { 519 .open = static_address_open, 520 .read = seq_read, 521 .llseek = seq_lseek, 522 .release = single_release, 523 }; 524 525 static int own_address_type_set(void *data, u64 val) 526 { 527 struct hci_dev *hdev = data; 528 529 if (val != 0 && val != 1) 530 return -EINVAL; 531 532 hci_dev_lock(hdev); 533 hdev->own_addr_type = val; 534 hci_dev_unlock(hdev); 535 536 return 0; 537 } 538 539 static int own_address_type_get(void *data, u64 *val) 540 { 541 struct hci_dev *hdev = data; 542 543 hci_dev_lock(hdev); 544 *val = hdev->own_addr_type; 545 hci_dev_unlock(hdev); 546 547 return 0; 548 } 549 550 DEFINE_SIMPLE_ATTRIBUTE(own_address_type_fops, own_address_type_get, 551 own_address_type_set, "%llu\n"); 552 553 static int long_term_keys_show(struct seq_file *f, void *ptr) 554 { 555 struct hci_dev *hdev = f->private; 556 struct list_head *p, *n; 557 558 hci_dev_lock(hdev); 559 list_for_each_safe(p, n, &hdev->link_keys) { 560 struct smp_ltk *ltk = list_entry(p, struct smp_ltk, list); 561 seq_printf(f, "%pMR (type %u) %u %u %u %.4x %*phN %*phN\\n", 562 <k->bdaddr, ltk->bdaddr_type, ltk->authenticated, 563 ltk->type, ltk->enc_size, __le16_to_cpu(ltk->ediv), 564 8, ltk->rand, 16, ltk->val); 565 } 566 hci_dev_unlock(hdev); 567 568 return 0; 569 } 570 571 static int long_term_keys_open(struct inode *inode, struct file *file) 572 { 573 return single_open(file, long_term_keys_show, inode->i_private); 574 } 575 576 static const struct file_operations long_term_keys_fops = { 577 .open = long_term_keys_open, 578 .read = seq_read, 579 .llseek = seq_lseek, 580 .release = single_release, 581 }; 582 583 static int conn_min_interval_set(void *data, u64 val) 584 { 585 struct hci_dev *hdev = data; 586 587 if (val < 0x0006 || val > 0x0c80 || val > hdev->le_conn_max_interval) 588 return -EINVAL; 589 590 hci_dev_lock(hdev); 591 hdev->le_conn_min_interval = val; 592 hci_dev_unlock(hdev); 593 594 return 0; 595 } 596 597 static int conn_min_interval_get(void *data, u64 *val) 598 { 599 struct hci_dev *hdev = data; 600 601 hci_dev_lock(hdev); 602 *val = hdev->le_conn_min_interval; 603 hci_dev_unlock(hdev); 604 605 return 0; 606 } 607 608 DEFINE_SIMPLE_ATTRIBUTE(conn_min_interval_fops, conn_min_interval_get, 609 conn_min_interval_set, "%llu\n"); 610 611 static int conn_max_interval_set(void *data, u64 val) 612 { 613 struct hci_dev *hdev = data; 614 615 if (val < 0x0006 || val > 0x0c80 || val < hdev->le_conn_min_interval) 616 return -EINVAL; 617 618 hci_dev_lock(hdev); 619 hdev->le_conn_max_interval = val; 620 hci_dev_unlock(hdev); 621 622 return 0; 623 } 624 625 static int conn_max_interval_get(void *data, u64 *val) 626 { 627 struct hci_dev *hdev = data; 628 629 hci_dev_lock(hdev); 630 *val = hdev->le_conn_max_interval; 631 hci_dev_unlock(hdev); 632 633 return 0; 634 } 635 636 DEFINE_SIMPLE_ATTRIBUTE(conn_max_interval_fops, conn_max_interval_get, 637 conn_max_interval_set, "%llu\n"); 638 639 /* ---- HCI requests ---- */ 640 641 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result) 642 { 643 BT_DBG("%s result 0x%2.2x", hdev->name, result); 644 645 if (hdev->req_status == HCI_REQ_PEND) { 646 hdev->req_result = result; 647 hdev->req_status = HCI_REQ_DONE; 648 wake_up_interruptible(&hdev->req_wait_q); 649 } 650 } 651 652 static void hci_req_cancel(struct hci_dev *hdev, int err) 653 { 654 BT_DBG("%s err 0x%2.2x", hdev->name, err); 655 656 if (hdev->req_status == HCI_REQ_PEND) { 657 hdev->req_result = err; 658 hdev->req_status = HCI_REQ_CANCELED; 659 wake_up_interruptible(&hdev->req_wait_q); 660 } 661 } 662 663 static struct sk_buff *hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode, 664 u8 event) 665 { 666 struct hci_ev_cmd_complete *ev; 667 struct hci_event_hdr *hdr; 668 struct sk_buff *skb; 669 670 hci_dev_lock(hdev); 671 672 skb = hdev->recv_evt; 673 hdev->recv_evt = NULL; 674 675 hci_dev_unlock(hdev); 676 677 if (!skb) 678 return ERR_PTR(-ENODATA); 679 680 if (skb->len < sizeof(*hdr)) { 681 BT_ERR("Too short HCI event"); 682 goto failed; 683 } 684 685 hdr = (void *) skb->data; 686 skb_pull(skb, HCI_EVENT_HDR_SIZE); 687 688 if (event) { 689 if (hdr->evt != event) 690 goto failed; 691 return skb; 692 } 693 694 if (hdr->evt != HCI_EV_CMD_COMPLETE) { 695 BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr->evt); 696 goto failed; 697 } 698 699 if (skb->len < sizeof(*ev)) { 700 BT_ERR("Too short cmd_complete event"); 701 goto failed; 702 } 703 704 ev = (void *) skb->data; 705 skb_pull(skb, sizeof(*ev)); 706 707 if (opcode == __le16_to_cpu(ev->opcode)) 708 return skb; 709 710 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode, 711 __le16_to_cpu(ev->opcode)); 712 713 failed: 714 kfree_skb(skb); 715 return ERR_PTR(-ENODATA); 716 } 717 718 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen, 719 const void *param, u8 event, u32 timeout) 720 { 721 DECLARE_WAITQUEUE(wait, current); 722 struct hci_request req; 723 int err = 0; 724 725 BT_DBG("%s", hdev->name); 726 727 hci_req_init(&req, hdev); 728 729 hci_req_add_ev(&req, opcode, plen, param, event); 730 731 hdev->req_status = HCI_REQ_PEND; 732 733 err = hci_req_run(&req, hci_req_sync_complete); 734 if (err < 0) 735 return ERR_PTR(err); 736 737 add_wait_queue(&hdev->req_wait_q, &wait); 738 set_current_state(TASK_INTERRUPTIBLE); 739 740 schedule_timeout(timeout); 741 742 remove_wait_queue(&hdev->req_wait_q, &wait); 743 744 if (signal_pending(current)) 745 return ERR_PTR(-EINTR); 746 747 switch (hdev->req_status) { 748 case HCI_REQ_DONE: 749 err = -bt_to_errno(hdev->req_result); 750 break; 751 752 case HCI_REQ_CANCELED: 753 err = -hdev->req_result; 754 break; 755 756 default: 757 err = -ETIMEDOUT; 758 break; 759 } 760 761 hdev->req_status = hdev->req_result = 0; 762 763 BT_DBG("%s end: err %d", hdev->name, err); 764 765 if (err < 0) 766 return ERR_PTR(err); 767 768 return hci_get_cmd_complete(hdev, opcode, event); 769 } 770 EXPORT_SYMBOL(__hci_cmd_sync_ev); 771 772 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen, 773 const void *param, u32 timeout) 774 { 775 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout); 776 } 777 EXPORT_SYMBOL(__hci_cmd_sync); 778 779 /* Execute request and wait for completion. */ 780 static int __hci_req_sync(struct hci_dev *hdev, 781 void (*func)(struct hci_request *req, 782 unsigned long opt), 783 unsigned long opt, __u32 timeout) 784 { 785 struct hci_request req; 786 DECLARE_WAITQUEUE(wait, current); 787 int err = 0; 788 789 BT_DBG("%s start", hdev->name); 790 791 hci_req_init(&req, hdev); 792 793 hdev->req_status = HCI_REQ_PEND; 794 795 func(&req, opt); 796 797 err = hci_req_run(&req, hci_req_sync_complete); 798 if (err < 0) { 799 hdev->req_status = 0; 800 801 /* ENODATA means the HCI request command queue is empty. 802 * This can happen when a request with conditionals doesn't 803 * trigger any commands to be sent. This is normal behavior 804 * and should not trigger an error return. 805 */ 806 if (err == -ENODATA) 807 return 0; 808 809 return err; 810 } 811 812 add_wait_queue(&hdev->req_wait_q, &wait); 813 set_current_state(TASK_INTERRUPTIBLE); 814 815 schedule_timeout(timeout); 816 817 remove_wait_queue(&hdev->req_wait_q, &wait); 818 819 if (signal_pending(current)) 820 return -EINTR; 821 822 switch (hdev->req_status) { 823 case HCI_REQ_DONE: 824 err = -bt_to_errno(hdev->req_result); 825 break; 826 827 case HCI_REQ_CANCELED: 828 err = -hdev->req_result; 829 break; 830 831 default: 832 err = -ETIMEDOUT; 833 break; 834 } 835 836 hdev->req_status = hdev->req_result = 0; 837 838 BT_DBG("%s end: err %d", hdev->name, err); 839 840 return err; 841 } 842 843 static int hci_req_sync(struct hci_dev *hdev, 844 void (*req)(struct hci_request *req, 845 unsigned long opt), 846 unsigned long opt, __u32 timeout) 847 { 848 int ret; 849 850 if (!test_bit(HCI_UP, &hdev->flags)) 851 return -ENETDOWN; 852 853 /* Serialize all requests */ 854 hci_req_lock(hdev); 855 ret = __hci_req_sync(hdev, req, opt, timeout); 856 hci_req_unlock(hdev); 857 858 return ret; 859 } 860 861 static void hci_reset_req(struct hci_request *req, unsigned long opt) 862 { 863 BT_DBG("%s %ld", req->hdev->name, opt); 864 865 /* Reset device */ 866 set_bit(HCI_RESET, &req->hdev->flags); 867 hci_req_add(req, HCI_OP_RESET, 0, NULL); 868 } 869 870 static void bredr_init(struct hci_request *req) 871 { 872 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED; 873 874 /* Read Local Supported Features */ 875 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL); 876 877 /* Read Local Version */ 878 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL); 879 880 /* Read BD Address */ 881 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL); 882 } 883 884 static void amp_init(struct hci_request *req) 885 { 886 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED; 887 888 /* Read Local Version */ 889 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL); 890 891 /* Read Local Supported Commands */ 892 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL); 893 894 /* Read Local Supported Features */ 895 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL); 896 897 /* Read Local AMP Info */ 898 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL); 899 900 /* Read Data Blk size */ 901 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL); 902 903 /* Read Flow Control Mode */ 904 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL); 905 906 /* Read Location Data */ 907 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL); 908 } 909 910 static void hci_init1_req(struct hci_request *req, unsigned long opt) 911 { 912 struct hci_dev *hdev = req->hdev; 913 914 BT_DBG("%s %ld", hdev->name, opt); 915 916 /* Reset */ 917 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) 918 hci_reset_req(req, 0); 919 920 switch (hdev->dev_type) { 921 case HCI_BREDR: 922 bredr_init(req); 923 break; 924 925 case HCI_AMP: 926 amp_init(req); 927 break; 928 929 default: 930 BT_ERR("Unknown device type %d", hdev->dev_type); 931 break; 932 } 933 } 934 935 static void bredr_setup(struct hci_request *req) 936 { 937 struct hci_dev *hdev = req->hdev; 938 939 __le16 param; 940 __u8 flt_type; 941 942 /* Read Buffer Size (ACL mtu, max pkt, etc.) */ 943 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL); 944 945 /* Read Class of Device */ 946 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL); 947 948 /* Read Local Name */ 949 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL); 950 951 /* Read Voice Setting */ 952 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL); 953 954 /* Read Number of Supported IAC */ 955 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL); 956 957 /* Read Current IAC LAP */ 958 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL); 959 960 /* Clear Event Filters */ 961 flt_type = HCI_FLT_CLEAR_ALL; 962 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type); 963 964 /* Connection accept timeout ~20 secs */ 965 param = __constant_cpu_to_le16(0x7d00); 966 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m); 967 968 /* AVM Berlin (31), aka "BlueFRITZ!", reports version 1.2, 969 * but it does not support page scan related HCI commands. 970 */ 971 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1) { 972 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL); 973 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL); 974 } 975 } 976 977 static void le_setup(struct hci_request *req) 978 { 979 struct hci_dev *hdev = req->hdev; 980 981 /* Read LE Buffer Size */ 982 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL); 983 984 /* Read LE Local Supported Features */ 985 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL); 986 987 /* Read LE Advertising Channel TX Power */ 988 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL); 989 990 /* Read LE White List Size */ 991 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL); 992 993 /* Read LE Supported States */ 994 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL); 995 996 /* LE-only controllers have LE implicitly enabled */ 997 if (!lmp_bredr_capable(hdev)) 998 set_bit(HCI_LE_ENABLED, &hdev->dev_flags); 999 } 1000 1001 static u8 hci_get_inquiry_mode(struct hci_dev *hdev) 1002 { 1003 if (lmp_ext_inq_capable(hdev)) 1004 return 0x02; 1005 1006 if (lmp_inq_rssi_capable(hdev)) 1007 return 0x01; 1008 1009 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 && 1010 hdev->lmp_subver == 0x0757) 1011 return 0x01; 1012 1013 if (hdev->manufacturer == 15) { 1014 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963) 1015 return 0x01; 1016 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963) 1017 return 0x01; 1018 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965) 1019 return 0x01; 1020 } 1021 1022 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 && 1023 hdev->lmp_subver == 0x1805) 1024 return 0x01; 1025 1026 return 0x00; 1027 } 1028 1029 static void hci_setup_inquiry_mode(struct hci_request *req) 1030 { 1031 u8 mode; 1032 1033 mode = hci_get_inquiry_mode(req->hdev); 1034 1035 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode); 1036 } 1037 1038 static void hci_setup_event_mask(struct hci_request *req) 1039 { 1040 struct hci_dev *hdev = req->hdev; 1041 1042 /* The second byte is 0xff instead of 0x9f (two reserved bits 1043 * disabled) since a Broadcom 1.2 dongle doesn't respond to the 1044 * command otherwise. 1045 */ 1046 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 }; 1047 1048 /* CSR 1.1 dongles does not accept any bitfield so don't try to set 1049 * any event mask for pre 1.2 devices. 1050 */ 1051 if (hdev->hci_ver < BLUETOOTH_VER_1_2) 1052 return; 1053 1054 if (lmp_bredr_capable(hdev)) { 1055 events[4] |= 0x01; /* Flow Specification Complete */ 1056 events[4] |= 0x02; /* Inquiry Result with RSSI */ 1057 events[4] |= 0x04; /* Read Remote Extended Features Complete */ 1058 events[5] |= 0x08; /* Synchronous Connection Complete */ 1059 events[5] |= 0x10; /* Synchronous Connection Changed */ 1060 } else { 1061 /* Use a different default for LE-only devices */ 1062 memset(events, 0, sizeof(events)); 1063 events[0] |= 0x10; /* Disconnection Complete */ 1064 events[0] |= 0x80; /* Encryption Change */ 1065 events[1] |= 0x08; /* Read Remote Version Information Complete */ 1066 events[1] |= 0x20; /* Command Complete */ 1067 events[1] |= 0x40; /* Command Status */ 1068 events[1] |= 0x80; /* Hardware Error */ 1069 events[2] |= 0x04; /* Number of Completed Packets */ 1070 events[3] |= 0x02; /* Data Buffer Overflow */ 1071 events[5] |= 0x80; /* Encryption Key Refresh Complete */ 1072 } 1073 1074 if (lmp_inq_rssi_capable(hdev)) 1075 events[4] |= 0x02; /* Inquiry Result with RSSI */ 1076 1077 if (lmp_sniffsubr_capable(hdev)) 1078 events[5] |= 0x20; /* Sniff Subrating */ 1079 1080 if (lmp_pause_enc_capable(hdev)) 1081 events[5] |= 0x80; /* Encryption Key Refresh Complete */ 1082 1083 if (lmp_ext_inq_capable(hdev)) 1084 events[5] |= 0x40; /* Extended Inquiry Result */ 1085 1086 if (lmp_no_flush_capable(hdev)) 1087 events[7] |= 0x01; /* Enhanced Flush Complete */ 1088 1089 if (lmp_lsto_capable(hdev)) 1090 events[6] |= 0x80; /* Link Supervision Timeout Changed */ 1091 1092 if (lmp_ssp_capable(hdev)) { 1093 events[6] |= 0x01; /* IO Capability Request */ 1094 events[6] |= 0x02; /* IO Capability Response */ 1095 events[6] |= 0x04; /* User Confirmation Request */ 1096 events[6] |= 0x08; /* User Passkey Request */ 1097 events[6] |= 0x10; /* Remote OOB Data Request */ 1098 events[6] |= 0x20; /* Simple Pairing Complete */ 1099 events[7] |= 0x04; /* User Passkey Notification */ 1100 events[7] |= 0x08; /* Keypress Notification */ 1101 events[7] |= 0x10; /* Remote Host Supported 1102 * Features Notification 1103 */ 1104 } 1105 1106 if (lmp_le_capable(hdev)) 1107 events[7] |= 0x20; /* LE Meta-Event */ 1108 1109 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events); 1110 1111 if (lmp_le_capable(hdev)) { 1112 memset(events, 0, sizeof(events)); 1113 events[0] = 0x1f; 1114 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, 1115 sizeof(events), events); 1116 } 1117 } 1118 1119 static void hci_init2_req(struct hci_request *req, unsigned long opt) 1120 { 1121 struct hci_dev *hdev = req->hdev; 1122 1123 if (lmp_bredr_capable(hdev)) 1124 bredr_setup(req); 1125 else 1126 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags); 1127 1128 if (lmp_le_capable(hdev)) 1129 le_setup(req); 1130 1131 hci_setup_event_mask(req); 1132 1133 /* AVM Berlin (31), aka "BlueFRITZ!", doesn't support the read 1134 * local supported commands HCI command. 1135 */ 1136 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1) 1137 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL); 1138 1139 if (lmp_ssp_capable(hdev)) { 1140 /* When SSP is available, then the host features page 1141 * should also be available as well. However some 1142 * controllers list the max_page as 0 as long as SSP 1143 * has not been enabled. To achieve proper debugging 1144 * output, force the minimum max_page to 1 at least. 1145 */ 1146 hdev->max_page = 0x01; 1147 1148 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) { 1149 u8 mode = 0x01; 1150 hci_req_add(req, HCI_OP_WRITE_SSP_MODE, 1151 sizeof(mode), &mode); 1152 } else { 1153 struct hci_cp_write_eir cp; 1154 1155 memset(hdev->eir, 0, sizeof(hdev->eir)); 1156 memset(&cp, 0, sizeof(cp)); 1157 1158 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 1159 } 1160 } 1161 1162 if (lmp_inq_rssi_capable(hdev)) 1163 hci_setup_inquiry_mode(req); 1164 1165 if (lmp_inq_tx_pwr_capable(hdev)) 1166 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL); 1167 1168 if (lmp_ext_feat_capable(hdev)) { 1169 struct hci_cp_read_local_ext_features cp; 1170 1171 cp.page = 0x01; 1172 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES, 1173 sizeof(cp), &cp); 1174 } 1175 1176 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) { 1177 u8 enable = 1; 1178 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable), 1179 &enable); 1180 } 1181 } 1182 1183 static void hci_setup_link_policy(struct hci_request *req) 1184 { 1185 struct hci_dev *hdev = req->hdev; 1186 struct hci_cp_write_def_link_policy cp; 1187 u16 link_policy = 0; 1188 1189 if (lmp_rswitch_capable(hdev)) 1190 link_policy |= HCI_LP_RSWITCH; 1191 if (lmp_hold_capable(hdev)) 1192 link_policy |= HCI_LP_HOLD; 1193 if (lmp_sniff_capable(hdev)) 1194 link_policy |= HCI_LP_SNIFF; 1195 if (lmp_park_capable(hdev)) 1196 link_policy |= HCI_LP_PARK; 1197 1198 cp.policy = cpu_to_le16(link_policy); 1199 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp); 1200 } 1201 1202 static void hci_set_le_support(struct hci_request *req) 1203 { 1204 struct hci_dev *hdev = req->hdev; 1205 struct hci_cp_write_le_host_supported cp; 1206 1207 /* LE-only devices do not support explicit enablement */ 1208 if (!lmp_bredr_capable(hdev)) 1209 return; 1210 1211 memset(&cp, 0, sizeof(cp)); 1212 1213 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { 1214 cp.le = 0x01; 1215 cp.simul = lmp_le_br_capable(hdev); 1216 } 1217 1218 if (cp.le != lmp_host_le_capable(hdev)) 1219 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), 1220 &cp); 1221 } 1222 1223 static void hci_set_event_mask_page_2(struct hci_request *req) 1224 { 1225 struct hci_dev *hdev = req->hdev; 1226 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 1227 1228 /* If Connectionless Slave Broadcast master role is supported 1229 * enable all necessary events for it. 1230 */ 1231 if (hdev->features[2][0] & 0x01) { 1232 events[1] |= 0x40; /* Triggered Clock Capture */ 1233 events[1] |= 0x80; /* Synchronization Train Complete */ 1234 events[2] |= 0x10; /* Slave Page Response Timeout */ 1235 events[2] |= 0x20; /* CSB Channel Map Change */ 1236 } 1237 1238 /* If Connectionless Slave Broadcast slave role is supported 1239 * enable all necessary events for it. 1240 */ 1241 if (hdev->features[2][0] & 0x02) { 1242 events[2] |= 0x01; /* Synchronization Train Received */ 1243 events[2] |= 0x02; /* CSB Receive */ 1244 events[2] |= 0x04; /* CSB Timeout */ 1245 events[2] |= 0x08; /* Truncated Page Complete */ 1246 } 1247 1248 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2, sizeof(events), events); 1249 } 1250 1251 static void hci_init3_req(struct hci_request *req, unsigned long opt) 1252 { 1253 struct hci_dev *hdev = req->hdev; 1254 u8 p; 1255 1256 /* Some Broadcom based Bluetooth controllers do not support the 1257 * Delete Stored Link Key command. They are clearly indicating its 1258 * absence in the bit mask of supported commands. 1259 * 1260 * Check the supported commands and only if the the command is marked 1261 * as supported send it. If not supported assume that the controller 1262 * does not have actual support for stored link keys which makes this 1263 * command redundant anyway. 1264 */ 1265 if (hdev->commands[6] & 0x80) { 1266 struct hci_cp_delete_stored_link_key cp; 1267 1268 bacpy(&cp.bdaddr, BDADDR_ANY); 1269 cp.delete_all = 0x01; 1270 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY, 1271 sizeof(cp), &cp); 1272 } 1273 1274 if (hdev->commands[5] & 0x10) 1275 hci_setup_link_policy(req); 1276 1277 if (lmp_le_capable(hdev)) { 1278 /* If the controller has a public BD_ADDR, then by 1279 * default use that one. If this is a LE only 1280 * controller without one, default to the random 1281 * address. 1282 */ 1283 if (bacmp(&hdev->bdaddr, BDADDR_ANY)) 1284 hdev->own_addr_type = ADDR_LE_DEV_PUBLIC; 1285 else 1286 hdev->own_addr_type = ADDR_LE_DEV_RANDOM; 1287 1288 hci_set_le_support(req); 1289 } 1290 1291 /* Read features beyond page 1 if available */ 1292 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) { 1293 struct hci_cp_read_local_ext_features cp; 1294 1295 cp.page = p; 1296 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES, 1297 sizeof(cp), &cp); 1298 } 1299 } 1300 1301 static void hci_init4_req(struct hci_request *req, unsigned long opt) 1302 { 1303 struct hci_dev *hdev = req->hdev; 1304 1305 /* Set event mask page 2 if the HCI command for it is supported */ 1306 if (hdev->commands[22] & 0x04) 1307 hci_set_event_mask_page_2(req); 1308 1309 /* Check for Synchronization Train support */ 1310 if (hdev->features[2][0] & 0x04) 1311 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL); 1312 } 1313 1314 static int __hci_init(struct hci_dev *hdev) 1315 { 1316 int err; 1317 1318 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT); 1319 if (err < 0) 1320 return err; 1321 1322 /* The Device Under Test (DUT) mode is special and available for 1323 * all controller types. So just create it early on. 1324 */ 1325 if (test_bit(HCI_SETUP, &hdev->dev_flags)) { 1326 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev, 1327 &dut_mode_fops); 1328 } 1329 1330 /* HCI_BREDR covers both single-mode LE, BR/EDR and dual-mode 1331 * BR/EDR/LE type controllers. AMP controllers only need the 1332 * first stage init. 1333 */ 1334 if (hdev->dev_type != HCI_BREDR) 1335 return 0; 1336 1337 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT); 1338 if (err < 0) 1339 return err; 1340 1341 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT); 1342 if (err < 0) 1343 return err; 1344 1345 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT); 1346 if (err < 0) 1347 return err; 1348 1349 /* Only create debugfs entries during the initial setup 1350 * phase and not every time the controller gets powered on. 1351 */ 1352 if (!test_bit(HCI_SETUP, &hdev->dev_flags)) 1353 return 0; 1354 1355 debugfs_create_file("features", 0444, hdev->debugfs, hdev, 1356 &features_fops); 1357 debugfs_create_u16("manufacturer", 0444, hdev->debugfs, 1358 &hdev->manufacturer); 1359 debugfs_create_u8("hci_version", 0444, hdev->debugfs, &hdev->hci_ver); 1360 debugfs_create_u16("hci_revision", 0444, hdev->debugfs, &hdev->hci_rev); 1361 debugfs_create_file("blacklist", 0444, hdev->debugfs, hdev, 1362 &blacklist_fops); 1363 debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops); 1364 1365 if (lmp_bredr_capable(hdev)) { 1366 debugfs_create_file("inquiry_cache", 0444, hdev->debugfs, 1367 hdev, &inquiry_cache_fops); 1368 debugfs_create_file("link_keys", 0400, hdev->debugfs, 1369 hdev, &link_keys_fops); 1370 debugfs_create_file("use_debug_keys", 0444, hdev->debugfs, 1371 hdev, &use_debug_keys_fops); 1372 debugfs_create_file("dev_class", 0444, hdev->debugfs, 1373 hdev, &dev_class_fops); 1374 debugfs_create_file("voice_setting", 0444, hdev->debugfs, 1375 hdev, &voice_setting_fops); 1376 } 1377 1378 if (lmp_ssp_capable(hdev)) { 1379 debugfs_create_file("auto_accept_delay", 0644, hdev->debugfs, 1380 hdev, &auto_accept_delay_fops); 1381 debugfs_create_file("ssp_debug_mode", 0644, hdev->debugfs, 1382 hdev, &ssp_debug_mode_fops); 1383 } 1384 1385 if (lmp_sniff_capable(hdev)) { 1386 debugfs_create_file("idle_timeout", 0644, hdev->debugfs, 1387 hdev, &idle_timeout_fops); 1388 debugfs_create_file("sniff_min_interval", 0644, hdev->debugfs, 1389 hdev, &sniff_min_interval_fops); 1390 debugfs_create_file("sniff_max_interval", 0644, hdev->debugfs, 1391 hdev, &sniff_max_interval_fops); 1392 } 1393 1394 if (lmp_le_capable(hdev)) { 1395 debugfs_create_u8("white_list_size", 0444, hdev->debugfs, 1396 &hdev->le_white_list_size); 1397 debugfs_create_file("static_address", 0444, hdev->debugfs, 1398 hdev, &static_address_fops); 1399 debugfs_create_file("own_address_type", 0644, hdev->debugfs, 1400 hdev, &own_address_type_fops); 1401 debugfs_create_file("long_term_keys", 0400, hdev->debugfs, 1402 hdev, &long_term_keys_fops); 1403 debugfs_create_file("conn_min_interval", 0644, hdev->debugfs, 1404 hdev, &conn_min_interval_fops); 1405 debugfs_create_file("conn_max_interval", 0644, hdev->debugfs, 1406 hdev, &conn_max_interval_fops); 1407 } 1408 1409 return 0; 1410 } 1411 1412 static void hci_scan_req(struct hci_request *req, unsigned long opt) 1413 { 1414 __u8 scan = opt; 1415 1416 BT_DBG("%s %x", req->hdev->name, scan); 1417 1418 /* Inquiry and Page scans */ 1419 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1420 } 1421 1422 static void hci_auth_req(struct hci_request *req, unsigned long opt) 1423 { 1424 __u8 auth = opt; 1425 1426 BT_DBG("%s %x", req->hdev->name, auth); 1427 1428 /* Authentication */ 1429 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth); 1430 } 1431 1432 static void hci_encrypt_req(struct hci_request *req, unsigned long opt) 1433 { 1434 __u8 encrypt = opt; 1435 1436 BT_DBG("%s %x", req->hdev->name, encrypt); 1437 1438 /* Encryption */ 1439 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt); 1440 } 1441 1442 static void hci_linkpol_req(struct hci_request *req, unsigned long opt) 1443 { 1444 __le16 policy = cpu_to_le16(opt); 1445 1446 BT_DBG("%s %x", req->hdev->name, policy); 1447 1448 /* Default link policy */ 1449 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy); 1450 } 1451 1452 /* Get HCI device by index. 1453 * Device is held on return. */ 1454 struct hci_dev *hci_dev_get(int index) 1455 { 1456 struct hci_dev *hdev = NULL, *d; 1457 1458 BT_DBG("%d", index); 1459 1460 if (index < 0) 1461 return NULL; 1462 1463 read_lock(&hci_dev_list_lock); 1464 list_for_each_entry(d, &hci_dev_list, list) { 1465 if (d->id == index) { 1466 hdev = hci_dev_hold(d); 1467 break; 1468 } 1469 } 1470 read_unlock(&hci_dev_list_lock); 1471 return hdev; 1472 } 1473 1474 /* ---- Inquiry support ---- */ 1475 1476 bool hci_discovery_active(struct hci_dev *hdev) 1477 { 1478 struct discovery_state *discov = &hdev->discovery; 1479 1480 switch (discov->state) { 1481 case DISCOVERY_FINDING: 1482 case DISCOVERY_RESOLVING: 1483 return true; 1484 1485 default: 1486 return false; 1487 } 1488 } 1489 1490 void hci_discovery_set_state(struct hci_dev *hdev, int state) 1491 { 1492 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state); 1493 1494 if (hdev->discovery.state == state) 1495 return; 1496 1497 switch (state) { 1498 case DISCOVERY_STOPPED: 1499 if (hdev->discovery.state != DISCOVERY_STARTING) 1500 mgmt_discovering(hdev, 0); 1501 break; 1502 case DISCOVERY_STARTING: 1503 break; 1504 case DISCOVERY_FINDING: 1505 mgmt_discovering(hdev, 1); 1506 break; 1507 case DISCOVERY_RESOLVING: 1508 break; 1509 case DISCOVERY_STOPPING: 1510 break; 1511 } 1512 1513 hdev->discovery.state = state; 1514 } 1515 1516 void hci_inquiry_cache_flush(struct hci_dev *hdev) 1517 { 1518 struct discovery_state *cache = &hdev->discovery; 1519 struct inquiry_entry *p, *n; 1520 1521 list_for_each_entry_safe(p, n, &cache->all, all) { 1522 list_del(&p->all); 1523 kfree(p); 1524 } 1525 1526 INIT_LIST_HEAD(&cache->unknown); 1527 INIT_LIST_HEAD(&cache->resolve); 1528 } 1529 1530 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, 1531 bdaddr_t *bdaddr) 1532 { 1533 struct discovery_state *cache = &hdev->discovery; 1534 struct inquiry_entry *e; 1535 1536 BT_DBG("cache %p, %pMR", cache, bdaddr); 1537 1538 list_for_each_entry(e, &cache->all, all) { 1539 if (!bacmp(&e->data.bdaddr, bdaddr)) 1540 return e; 1541 } 1542 1543 return NULL; 1544 } 1545 1546 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev, 1547 bdaddr_t *bdaddr) 1548 { 1549 struct discovery_state *cache = &hdev->discovery; 1550 struct inquiry_entry *e; 1551 1552 BT_DBG("cache %p, %pMR", cache, bdaddr); 1553 1554 list_for_each_entry(e, &cache->unknown, list) { 1555 if (!bacmp(&e->data.bdaddr, bdaddr)) 1556 return e; 1557 } 1558 1559 return NULL; 1560 } 1561 1562 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev, 1563 bdaddr_t *bdaddr, 1564 int state) 1565 { 1566 struct discovery_state *cache = &hdev->discovery; 1567 struct inquiry_entry *e; 1568 1569 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state); 1570 1571 list_for_each_entry(e, &cache->resolve, list) { 1572 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state) 1573 return e; 1574 if (!bacmp(&e->data.bdaddr, bdaddr)) 1575 return e; 1576 } 1577 1578 return NULL; 1579 } 1580 1581 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev, 1582 struct inquiry_entry *ie) 1583 { 1584 struct discovery_state *cache = &hdev->discovery; 1585 struct list_head *pos = &cache->resolve; 1586 struct inquiry_entry *p; 1587 1588 list_del(&ie->list); 1589 1590 list_for_each_entry(p, &cache->resolve, list) { 1591 if (p->name_state != NAME_PENDING && 1592 abs(p->data.rssi) >= abs(ie->data.rssi)) 1593 break; 1594 pos = &p->list; 1595 } 1596 1597 list_add(&ie->list, pos); 1598 } 1599 1600 bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data, 1601 bool name_known, bool *ssp) 1602 { 1603 struct discovery_state *cache = &hdev->discovery; 1604 struct inquiry_entry *ie; 1605 1606 BT_DBG("cache %p, %pMR", cache, &data->bdaddr); 1607 1608 hci_remove_remote_oob_data(hdev, &data->bdaddr); 1609 1610 if (ssp) 1611 *ssp = data->ssp_mode; 1612 1613 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr); 1614 if (ie) { 1615 if (ie->data.ssp_mode && ssp) 1616 *ssp = true; 1617 1618 if (ie->name_state == NAME_NEEDED && 1619 data->rssi != ie->data.rssi) { 1620 ie->data.rssi = data->rssi; 1621 hci_inquiry_cache_update_resolve(hdev, ie); 1622 } 1623 1624 goto update; 1625 } 1626 1627 /* Entry not in the cache. Add new one. */ 1628 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC); 1629 if (!ie) 1630 return false; 1631 1632 list_add(&ie->all, &cache->all); 1633 1634 if (name_known) { 1635 ie->name_state = NAME_KNOWN; 1636 } else { 1637 ie->name_state = NAME_NOT_KNOWN; 1638 list_add(&ie->list, &cache->unknown); 1639 } 1640 1641 update: 1642 if (name_known && ie->name_state != NAME_KNOWN && 1643 ie->name_state != NAME_PENDING) { 1644 ie->name_state = NAME_KNOWN; 1645 list_del(&ie->list); 1646 } 1647 1648 memcpy(&ie->data, data, sizeof(*data)); 1649 ie->timestamp = jiffies; 1650 cache->timestamp = jiffies; 1651 1652 if (ie->name_state == NAME_NOT_KNOWN) 1653 return false; 1654 1655 return true; 1656 } 1657 1658 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf) 1659 { 1660 struct discovery_state *cache = &hdev->discovery; 1661 struct inquiry_info *info = (struct inquiry_info *) buf; 1662 struct inquiry_entry *e; 1663 int copied = 0; 1664 1665 list_for_each_entry(e, &cache->all, all) { 1666 struct inquiry_data *data = &e->data; 1667 1668 if (copied >= num) 1669 break; 1670 1671 bacpy(&info->bdaddr, &data->bdaddr); 1672 info->pscan_rep_mode = data->pscan_rep_mode; 1673 info->pscan_period_mode = data->pscan_period_mode; 1674 info->pscan_mode = data->pscan_mode; 1675 memcpy(info->dev_class, data->dev_class, 3); 1676 info->clock_offset = data->clock_offset; 1677 1678 info++; 1679 copied++; 1680 } 1681 1682 BT_DBG("cache %p, copied %d", cache, copied); 1683 return copied; 1684 } 1685 1686 static void hci_inq_req(struct hci_request *req, unsigned long opt) 1687 { 1688 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt; 1689 struct hci_dev *hdev = req->hdev; 1690 struct hci_cp_inquiry cp; 1691 1692 BT_DBG("%s", hdev->name); 1693 1694 if (test_bit(HCI_INQUIRY, &hdev->flags)) 1695 return; 1696 1697 /* Start Inquiry */ 1698 memcpy(&cp.lap, &ir->lap, 3); 1699 cp.length = ir->length; 1700 cp.num_rsp = ir->num_rsp; 1701 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp); 1702 } 1703 1704 static int wait_inquiry(void *word) 1705 { 1706 schedule(); 1707 return signal_pending(current); 1708 } 1709 1710 int hci_inquiry(void __user *arg) 1711 { 1712 __u8 __user *ptr = arg; 1713 struct hci_inquiry_req ir; 1714 struct hci_dev *hdev; 1715 int err = 0, do_inquiry = 0, max_rsp; 1716 long timeo; 1717 __u8 *buf; 1718 1719 if (copy_from_user(&ir, ptr, sizeof(ir))) 1720 return -EFAULT; 1721 1722 hdev = hci_dev_get(ir.dev_id); 1723 if (!hdev) 1724 return -ENODEV; 1725 1726 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 1727 err = -EBUSY; 1728 goto done; 1729 } 1730 1731 if (hdev->dev_type != HCI_BREDR) { 1732 err = -EOPNOTSUPP; 1733 goto done; 1734 } 1735 1736 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) { 1737 err = -EOPNOTSUPP; 1738 goto done; 1739 } 1740 1741 hci_dev_lock(hdev); 1742 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX || 1743 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) { 1744 hci_inquiry_cache_flush(hdev); 1745 do_inquiry = 1; 1746 } 1747 hci_dev_unlock(hdev); 1748 1749 timeo = ir.length * msecs_to_jiffies(2000); 1750 1751 if (do_inquiry) { 1752 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir, 1753 timeo); 1754 if (err < 0) 1755 goto done; 1756 1757 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is 1758 * cleared). If it is interrupted by a signal, return -EINTR. 1759 */ 1760 if (wait_on_bit(&hdev->flags, HCI_INQUIRY, wait_inquiry, 1761 TASK_INTERRUPTIBLE)) 1762 return -EINTR; 1763 } 1764 1765 /* for unlimited number of responses we will use buffer with 1766 * 255 entries 1767 */ 1768 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp; 1769 1770 /* cache_dump can't sleep. Therefore we allocate temp buffer and then 1771 * copy it to the user space. 1772 */ 1773 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL); 1774 if (!buf) { 1775 err = -ENOMEM; 1776 goto done; 1777 } 1778 1779 hci_dev_lock(hdev); 1780 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf); 1781 hci_dev_unlock(hdev); 1782 1783 BT_DBG("num_rsp %d", ir.num_rsp); 1784 1785 if (!copy_to_user(ptr, &ir, sizeof(ir))) { 1786 ptr += sizeof(ir); 1787 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) * 1788 ir.num_rsp)) 1789 err = -EFAULT; 1790 } else 1791 err = -EFAULT; 1792 1793 kfree(buf); 1794 1795 done: 1796 hci_dev_put(hdev); 1797 return err; 1798 } 1799 1800 static int hci_dev_do_open(struct hci_dev *hdev) 1801 { 1802 int ret = 0; 1803 1804 BT_DBG("%s %p", hdev->name, hdev); 1805 1806 hci_req_lock(hdev); 1807 1808 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) { 1809 ret = -ENODEV; 1810 goto done; 1811 } 1812 1813 if (!test_bit(HCI_SETUP, &hdev->dev_flags)) { 1814 /* Check for rfkill but allow the HCI setup stage to 1815 * proceed (which in itself doesn't cause any RF activity). 1816 */ 1817 if (test_bit(HCI_RFKILLED, &hdev->dev_flags)) { 1818 ret = -ERFKILL; 1819 goto done; 1820 } 1821 1822 /* Check for valid public address or a configured static 1823 * random adddress, but let the HCI setup proceed to 1824 * be able to determine if there is a public address 1825 * or not. 1826 * 1827 * This check is only valid for BR/EDR controllers 1828 * since AMP controllers do not have an address. 1829 */ 1830 if (hdev->dev_type == HCI_BREDR && 1831 !bacmp(&hdev->bdaddr, BDADDR_ANY) && 1832 !bacmp(&hdev->static_addr, BDADDR_ANY)) { 1833 ret = -EADDRNOTAVAIL; 1834 goto done; 1835 } 1836 } 1837 1838 if (test_bit(HCI_UP, &hdev->flags)) { 1839 ret = -EALREADY; 1840 goto done; 1841 } 1842 1843 if (hdev->open(hdev)) { 1844 ret = -EIO; 1845 goto done; 1846 } 1847 1848 atomic_set(&hdev->cmd_cnt, 1); 1849 set_bit(HCI_INIT, &hdev->flags); 1850 1851 if (hdev->setup && test_bit(HCI_SETUP, &hdev->dev_flags)) 1852 ret = hdev->setup(hdev); 1853 1854 if (!ret) { 1855 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 1856 set_bit(HCI_RAW, &hdev->flags); 1857 1858 if (!test_bit(HCI_RAW, &hdev->flags) && 1859 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) 1860 ret = __hci_init(hdev); 1861 } 1862 1863 clear_bit(HCI_INIT, &hdev->flags); 1864 1865 if (!ret) { 1866 hci_dev_hold(hdev); 1867 set_bit(HCI_UP, &hdev->flags); 1868 hci_notify(hdev, HCI_DEV_UP); 1869 if (!test_bit(HCI_SETUP, &hdev->dev_flags) && 1870 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) && 1871 hdev->dev_type == HCI_BREDR) { 1872 hci_dev_lock(hdev); 1873 mgmt_powered(hdev, 1); 1874 hci_dev_unlock(hdev); 1875 } 1876 } else { 1877 /* Init failed, cleanup */ 1878 flush_work(&hdev->tx_work); 1879 flush_work(&hdev->cmd_work); 1880 flush_work(&hdev->rx_work); 1881 1882 skb_queue_purge(&hdev->cmd_q); 1883 skb_queue_purge(&hdev->rx_q); 1884 1885 if (hdev->flush) 1886 hdev->flush(hdev); 1887 1888 if (hdev->sent_cmd) { 1889 kfree_skb(hdev->sent_cmd); 1890 hdev->sent_cmd = NULL; 1891 } 1892 1893 hdev->close(hdev); 1894 hdev->flags = 0; 1895 } 1896 1897 done: 1898 hci_req_unlock(hdev); 1899 return ret; 1900 } 1901 1902 /* ---- HCI ioctl helpers ---- */ 1903 1904 int hci_dev_open(__u16 dev) 1905 { 1906 struct hci_dev *hdev; 1907 int err; 1908 1909 hdev = hci_dev_get(dev); 1910 if (!hdev) 1911 return -ENODEV; 1912 1913 /* We need to ensure that no other power on/off work is pending 1914 * before proceeding to call hci_dev_do_open. This is 1915 * particularly important if the setup procedure has not yet 1916 * completed. 1917 */ 1918 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 1919 cancel_delayed_work(&hdev->power_off); 1920 1921 /* After this call it is guaranteed that the setup procedure 1922 * has finished. This means that error conditions like RFKILL 1923 * or no valid public or static random address apply. 1924 */ 1925 flush_workqueue(hdev->req_workqueue); 1926 1927 err = hci_dev_do_open(hdev); 1928 1929 hci_dev_put(hdev); 1930 1931 return err; 1932 } 1933 1934 static int hci_dev_do_close(struct hci_dev *hdev) 1935 { 1936 BT_DBG("%s %p", hdev->name, hdev); 1937 1938 cancel_delayed_work(&hdev->power_off); 1939 1940 hci_req_cancel(hdev, ENODEV); 1941 hci_req_lock(hdev); 1942 1943 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) { 1944 del_timer_sync(&hdev->cmd_timer); 1945 hci_req_unlock(hdev); 1946 return 0; 1947 } 1948 1949 /* Flush RX and TX works */ 1950 flush_work(&hdev->tx_work); 1951 flush_work(&hdev->rx_work); 1952 1953 if (hdev->discov_timeout > 0) { 1954 cancel_delayed_work(&hdev->discov_off); 1955 hdev->discov_timeout = 0; 1956 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 1957 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags); 1958 } 1959 1960 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 1961 cancel_delayed_work(&hdev->service_cache); 1962 1963 cancel_delayed_work_sync(&hdev->le_scan_disable); 1964 1965 hci_dev_lock(hdev); 1966 hci_inquiry_cache_flush(hdev); 1967 hci_conn_hash_flush(hdev); 1968 hci_dev_unlock(hdev); 1969 1970 hci_notify(hdev, HCI_DEV_DOWN); 1971 1972 if (hdev->flush) 1973 hdev->flush(hdev); 1974 1975 /* Reset device */ 1976 skb_queue_purge(&hdev->cmd_q); 1977 atomic_set(&hdev->cmd_cnt, 1); 1978 if (!test_bit(HCI_RAW, &hdev->flags) && 1979 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags) && 1980 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) { 1981 set_bit(HCI_INIT, &hdev->flags); 1982 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT); 1983 clear_bit(HCI_INIT, &hdev->flags); 1984 } 1985 1986 /* flush cmd work */ 1987 flush_work(&hdev->cmd_work); 1988 1989 /* Drop queues */ 1990 skb_queue_purge(&hdev->rx_q); 1991 skb_queue_purge(&hdev->cmd_q); 1992 skb_queue_purge(&hdev->raw_q); 1993 1994 /* Drop last sent command */ 1995 if (hdev->sent_cmd) { 1996 del_timer_sync(&hdev->cmd_timer); 1997 kfree_skb(hdev->sent_cmd); 1998 hdev->sent_cmd = NULL; 1999 } 2000 2001 kfree_skb(hdev->recv_evt); 2002 hdev->recv_evt = NULL; 2003 2004 /* After this point our queues are empty 2005 * and no tasks are scheduled. */ 2006 hdev->close(hdev); 2007 2008 /* Clear flags */ 2009 hdev->flags = 0; 2010 hdev->dev_flags &= ~HCI_PERSISTENT_MASK; 2011 2012 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) { 2013 if (hdev->dev_type == HCI_BREDR) { 2014 hci_dev_lock(hdev); 2015 mgmt_powered(hdev, 0); 2016 hci_dev_unlock(hdev); 2017 } 2018 } 2019 2020 /* Controller radio is available but is currently powered down */ 2021 hdev->amp_status = AMP_STATUS_POWERED_DOWN; 2022 2023 memset(hdev->eir, 0, sizeof(hdev->eir)); 2024 memset(hdev->dev_class, 0, sizeof(hdev->dev_class)); 2025 2026 hci_req_unlock(hdev); 2027 2028 hci_dev_put(hdev); 2029 return 0; 2030 } 2031 2032 int hci_dev_close(__u16 dev) 2033 { 2034 struct hci_dev *hdev; 2035 int err; 2036 2037 hdev = hci_dev_get(dev); 2038 if (!hdev) 2039 return -ENODEV; 2040 2041 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 2042 err = -EBUSY; 2043 goto done; 2044 } 2045 2046 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 2047 cancel_delayed_work(&hdev->power_off); 2048 2049 err = hci_dev_do_close(hdev); 2050 2051 done: 2052 hci_dev_put(hdev); 2053 return err; 2054 } 2055 2056 int hci_dev_reset(__u16 dev) 2057 { 2058 struct hci_dev *hdev; 2059 int ret = 0; 2060 2061 hdev = hci_dev_get(dev); 2062 if (!hdev) 2063 return -ENODEV; 2064 2065 hci_req_lock(hdev); 2066 2067 if (!test_bit(HCI_UP, &hdev->flags)) { 2068 ret = -ENETDOWN; 2069 goto done; 2070 } 2071 2072 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 2073 ret = -EBUSY; 2074 goto done; 2075 } 2076 2077 /* Drop queues */ 2078 skb_queue_purge(&hdev->rx_q); 2079 skb_queue_purge(&hdev->cmd_q); 2080 2081 hci_dev_lock(hdev); 2082 hci_inquiry_cache_flush(hdev); 2083 hci_conn_hash_flush(hdev); 2084 hci_dev_unlock(hdev); 2085 2086 if (hdev->flush) 2087 hdev->flush(hdev); 2088 2089 atomic_set(&hdev->cmd_cnt, 1); 2090 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0; 2091 2092 if (!test_bit(HCI_RAW, &hdev->flags)) 2093 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT); 2094 2095 done: 2096 hci_req_unlock(hdev); 2097 hci_dev_put(hdev); 2098 return ret; 2099 } 2100 2101 int hci_dev_reset_stat(__u16 dev) 2102 { 2103 struct hci_dev *hdev; 2104 int ret = 0; 2105 2106 hdev = hci_dev_get(dev); 2107 if (!hdev) 2108 return -ENODEV; 2109 2110 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 2111 ret = -EBUSY; 2112 goto done; 2113 } 2114 2115 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats)); 2116 2117 done: 2118 hci_dev_put(hdev); 2119 return ret; 2120 } 2121 2122 int hci_dev_cmd(unsigned int cmd, void __user *arg) 2123 { 2124 struct hci_dev *hdev; 2125 struct hci_dev_req dr; 2126 int err = 0; 2127 2128 if (copy_from_user(&dr, arg, sizeof(dr))) 2129 return -EFAULT; 2130 2131 hdev = hci_dev_get(dr.dev_id); 2132 if (!hdev) 2133 return -ENODEV; 2134 2135 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 2136 err = -EBUSY; 2137 goto done; 2138 } 2139 2140 if (hdev->dev_type != HCI_BREDR) { 2141 err = -EOPNOTSUPP; 2142 goto done; 2143 } 2144 2145 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) { 2146 err = -EOPNOTSUPP; 2147 goto done; 2148 } 2149 2150 switch (cmd) { 2151 case HCISETAUTH: 2152 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt, 2153 HCI_INIT_TIMEOUT); 2154 break; 2155 2156 case HCISETENCRYPT: 2157 if (!lmp_encrypt_capable(hdev)) { 2158 err = -EOPNOTSUPP; 2159 break; 2160 } 2161 2162 if (!test_bit(HCI_AUTH, &hdev->flags)) { 2163 /* Auth must be enabled first */ 2164 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt, 2165 HCI_INIT_TIMEOUT); 2166 if (err) 2167 break; 2168 } 2169 2170 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt, 2171 HCI_INIT_TIMEOUT); 2172 break; 2173 2174 case HCISETSCAN: 2175 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt, 2176 HCI_INIT_TIMEOUT); 2177 break; 2178 2179 case HCISETLINKPOL: 2180 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt, 2181 HCI_INIT_TIMEOUT); 2182 break; 2183 2184 case HCISETLINKMODE: 2185 hdev->link_mode = ((__u16) dr.dev_opt) & 2186 (HCI_LM_MASTER | HCI_LM_ACCEPT); 2187 break; 2188 2189 case HCISETPTYPE: 2190 hdev->pkt_type = (__u16) dr.dev_opt; 2191 break; 2192 2193 case HCISETACLMTU: 2194 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1); 2195 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0); 2196 break; 2197 2198 case HCISETSCOMTU: 2199 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1); 2200 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0); 2201 break; 2202 2203 default: 2204 err = -EINVAL; 2205 break; 2206 } 2207 2208 done: 2209 hci_dev_put(hdev); 2210 return err; 2211 } 2212 2213 int hci_get_dev_list(void __user *arg) 2214 { 2215 struct hci_dev *hdev; 2216 struct hci_dev_list_req *dl; 2217 struct hci_dev_req *dr; 2218 int n = 0, size, err; 2219 __u16 dev_num; 2220 2221 if (get_user(dev_num, (__u16 __user *) arg)) 2222 return -EFAULT; 2223 2224 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr)) 2225 return -EINVAL; 2226 2227 size = sizeof(*dl) + dev_num * sizeof(*dr); 2228 2229 dl = kzalloc(size, GFP_KERNEL); 2230 if (!dl) 2231 return -ENOMEM; 2232 2233 dr = dl->dev_req; 2234 2235 read_lock(&hci_dev_list_lock); 2236 list_for_each_entry(hdev, &hci_dev_list, list) { 2237 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 2238 cancel_delayed_work(&hdev->power_off); 2239 2240 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 2241 set_bit(HCI_PAIRABLE, &hdev->dev_flags); 2242 2243 (dr + n)->dev_id = hdev->id; 2244 (dr + n)->dev_opt = hdev->flags; 2245 2246 if (++n >= dev_num) 2247 break; 2248 } 2249 read_unlock(&hci_dev_list_lock); 2250 2251 dl->dev_num = n; 2252 size = sizeof(*dl) + n * sizeof(*dr); 2253 2254 err = copy_to_user(arg, dl, size); 2255 kfree(dl); 2256 2257 return err ? -EFAULT : 0; 2258 } 2259 2260 int hci_get_dev_info(void __user *arg) 2261 { 2262 struct hci_dev *hdev; 2263 struct hci_dev_info di; 2264 int err = 0; 2265 2266 if (copy_from_user(&di, arg, sizeof(di))) 2267 return -EFAULT; 2268 2269 hdev = hci_dev_get(di.dev_id); 2270 if (!hdev) 2271 return -ENODEV; 2272 2273 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 2274 cancel_delayed_work_sync(&hdev->power_off); 2275 2276 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 2277 set_bit(HCI_PAIRABLE, &hdev->dev_flags); 2278 2279 strcpy(di.name, hdev->name); 2280 di.bdaddr = hdev->bdaddr; 2281 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4); 2282 di.flags = hdev->flags; 2283 di.pkt_type = hdev->pkt_type; 2284 if (lmp_bredr_capable(hdev)) { 2285 di.acl_mtu = hdev->acl_mtu; 2286 di.acl_pkts = hdev->acl_pkts; 2287 di.sco_mtu = hdev->sco_mtu; 2288 di.sco_pkts = hdev->sco_pkts; 2289 } else { 2290 di.acl_mtu = hdev->le_mtu; 2291 di.acl_pkts = hdev->le_pkts; 2292 di.sco_mtu = 0; 2293 di.sco_pkts = 0; 2294 } 2295 di.link_policy = hdev->link_policy; 2296 di.link_mode = hdev->link_mode; 2297 2298 memcpy(&di.stat, &hdev->stat, sizeof(di.stat)); 2299 memcpy(&di.features, &hdev->features, sizeof(di.features)); 2300 2301 if (copy_to_user(arg, &di, sizeof(di))) 2302 err = -EFAULT; 2303 2304 hci_dev_put(hdev); 2305 2306 return err; 2307 } 2308 2309 /* ---- Interface to HCI drivers ---- */ 2310 2311 static int hci_rfkill_set_block(void *data, bool blocked) 2312 { 2313 struct hci_dev *hdev = data; 2314 2315 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked); 2316 2317 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) 2318 return -EBUSY; 2319 2320 if (blocked) { 2321 set_bit(HCI_RFKILLED, &hdev->dev_flags); 2322 if (!test_bit(HCI_SETUP, &hdev->dev_flags)) 2323 hci_dev_do_close(hdev); 2324 } else { 2325 clear_bit(HCI_RFKILLED, &hdev->dev_flags); 2326 } 2327 2328 return 0; 2329 } 2330 2331 static const struct rfkill_ops hci_rfkill_ops = { 2332 .set_block = hci_rfkill_set_block, 2333 }; 2334 2335 static void hci_power_on(struct work_struct *work) 2336 { 2337 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on); 2338 int err; 2339 2340 BT_DBG("%s", hdev->name); 2341 2342 err = hci_dev_do_open(hdev); 2343 if (err < 0) { 2344 mgmt_set_powered_failed(hdev, err); 2345 return; 2346 } 2347 2348 /* During the HCI setup phase, a few error conditions are 2349 * ignored and they need to be checked now. If they are still 2350 * valid, it is important to turn the device back off. 2351 */ 2352 if (test_bit(HCI_RFKILLED, &hdev->dev_flags) || 2353 (hdev->dev_type == HCI_BREDR && 2354 !bacmp(&hdev->bdaddr, BDADDR_ANY) && 2355 !bacmp(&hdev->static_addr, BDADDR_ANY))) { 2356 clear_bit(HCI_AUTO_OFF, &hdev->dev_flags); 2357 hci_dev_do_close(hdev); 2358 } else if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) { 2359 queue_delayed_work(hdev->req_workqueue, &hdev->power_off, 2360 HCI_AUTO_OFF_TIMEOUT); 2361 } 2362 2363 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags)) 2364 mgmt_index_added(hdev); 2365 } 2366 2367 static void hci_power_off(struct work_struct *work) 2368 { 2369 struct hci_dev *hdev = container_of(work, struct hci_dev, 2370 power_off.work); 2371 2372 BT_DBG("%s", hdev->name); 2373 2374 hci_dev_do_close(hdev); 2375 } 2376 2377 static void hci_discov_off(struct work_struct *work) 2378 { 2379 struct hci_dev *hdev; 2380 2381 hdev = container_of(work, struct hci_dev, discov_off.work); 2382 2383 BT_DBG("%s", hdev->name); 2384 2385 mgmt_discoverable_timeout(hdev); 2386 } 2387 2388 int hci_uuids_clear(struct hci_dev *hdev) 2389 { 2390 struct bt_uuid *uuid, *tmp; 2391 2392 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) { 2393 list_del(&uuid->list); 2394 kfree(uuid); 2395 } 2396 2397 return 0; 2398 } 2399 2400 int hci_link_keys_clear(struct hci_dev *hdev) 2401 { 2402 struct list_head *p, *n; 2403 2404 list_for_each_safe(p, n, &hdev->link_keys) { 2405 struct link_key *key; 2406 2407 key = list_entry(p, struct link_key, list); 2408 2409 list_del(p); 2410 kfree(key); 2411 } 2412 2413 return 0; 2414 } 2415 2416 int hci_smp_ltks_clear(struct hci_dev *hdev) 2417 { 2418 struct smp_ltk *k, *tmp; 2419 2420 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) { 2421 list_del(&k->list); 2422 kfree(k); 2423 } 2424 2425 return 0; 2426 } 2427 2428 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr) 2429 { 2430 struct link_key *k; 2431 2432 list_for_each_entry(k, &hdev->link_keys, list) 2433 if (bacmp(bdaddr, &k->bdaddr) == 0) 2434 return k; 2435 2436 return NULL; 2437 } 2438 2439 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn, 2440 u8 key_type, u8 old_key_type) 2441 { 2442 /* Legacy key */ 2443 if (key_type < 0x03) 2444 return true; 2445 2446 /* Debug keys are insecure so don't store them persistently */ 2447 if (key_type == HCI_LK_DEBUG_COMBINATION) 2448 return false; 2449 2450 /* Changed combination key and there's no previous one */ 2451 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff) 2452 return false; 2453 2454 /* Security mode 3 case */ 2455 if (!conn) 2456 return true; 2457 2458 /* Neither local nor remote side had no-bonding as requirement */ 2459 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01) 2460 return true; 2461 2462 /* Local side had dedicated bonding as requirement */ 2463 if (conn->auth_type == 0x02 || conn->auth_type == 0x03) 2464 return true; 2465 2466 /* Remote side had dedicated bonding as requirement */ 2467 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) 2468 return true; 2469 2470 /* If none of the above criteria match, then don't store the key 2471 * persistently */ 2472 return false; 2473 } 2474 2475 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8]) 2476 { 2477 struct smp_ltk *k; 2478 2479 list_for_each_entry(k, &hdev->long_term_keys, list) { 2480 if (k->ediv != ediv || 2481 memcmp(rand, k->rand, sizeof(k->rand))) 2482 continue; 2483 2484 return k; 2485 } 2486 2487 return NULL; 2488 } 2489 2490 struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr, 2491 u8 addr_type) 2492 { 2493 struct smp_ltk *k; 2494 2495 list_for_each_entry(k, &hdev->long_term_keys, list) 2496 if (addr_type == k->bdaddr_type && 2497 bacmp(bdaddr, &k->bdaddr) == 0) 2498 return k; 2499 2500 return NULL; 2501 } 2502 2503 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key, 2504 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len) 2505 { 2506 struct link_key *key, *old_key; 2507 u8 old_key_type; 2508 bool persistent; 2509 2510 old_key = hci_find_link_key(hdev, bdaddr); 2511 if (old_key) { 2512 old_key_type = old_key->type; 2513 key = old_key; 2514 } else { 2515 old_key_type = conn ? conn->key_type : 0xff; 2516 key = kzalloc(sizeof(*key), GFP_ATOMIC); 2517 if (!key) 2518 return -ENOMEM; 2519 list_add(&key->list, &hdev->link_keys); 2520 } 2521 2522 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type); 2523 2524 /* Some buggy controller combinations generate a changed 2525 * combination key for legacy pairing even when there's no 2526 * previous key */ 2527 if (type == HCI_LK_CHANGED_COMBINATION && 2528 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) { 2529 type = HCI_LK_COMBINATION; 2530 if (conn) 2531 conn->key_type = type; 2532 } 2533 2534 bacpy(&key->bdaddr, bdaddr); 2535 memcpy(key->val, val, HCI_LINK_KEY_SIZE); 2536 key->pin_len = pin_len; 2537 2538 if (type == HCI_LK_CHANGED_COMBINATION) 2539 key->type = old_key_type; 2540 else 2541 key->type = type; 2542 2543 if (!new_key) 2544 return 0; 2545 2546 persistent = hci_persistent_key(hdev, conn, type, old_key_type); 2547 2548 mgmt_new_link_key(hdev, key, persistent); 2549 2550 if (conn) 2551 conn->flush_key = !persistent; 2552 2553 return 0; 2554 } 2555 2556 int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type, 2557 int new_key, u8 authenticated, u8 tk[16], u8 enc_size, __le16 2558 ediv, u8 rand[8]) 2559 { 2560 struct smp_ltk *key, *old_key; 2561 2562 if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK)) 2563 return 0; 2564 2565 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type); 2566 if (old_key) 2567 key = old_key; 2568 else { 2569 key = kzalloc(sizeof(*key), GFP_ATOMIC); 2570 if (!key) 2571 return -ENOMEM; 2572 list_add(&key->list, &hdev->long_term_keys); 2573 } 2574 2575 bacpy(&key->bdaddr, bdaddr); 2576 key->bdaddr_type = addr_type; 2577 memcpy(key->val, tk, sizeof(key->val)); 2578 key->authenticated = authenticated; 2579 key->ediv = ediv; 2580 key->enc_size = enc_size; 2581 key->type = type; 2582 memcpy(key->rand, rand, sizeof(key->rand)); 2583 2584 if (!new_key) 2585 return 0; 2586 2587 if (type & HCI_SMP_LTK) 2588 mgmt_new_ltk(hdev, key, 1); 2589 2590 return 0; 2591 } 2592 2593 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr) 2594 { 2595 struct link_key *key; 2596 2597 key = hci_find_link_key(hdev, bdaddr); 2598 if (!key) 2599 return -ENOENT; 2600 2601 BT_DBG("%s removing %pMR", hdev->name, bdaddr); 2602 2603 list_del(&key->list); 2604 kfree(key); 2605 2606 return 0; 2607 } 2608 2609 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr) 2610 { 2611 struct smp_ltk *k, *tmp; 2612 2613 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) { 2614 if (bacmp(bdaddr, &k->bdaddr)) 2615 continue; 2616 2617 BT_DBG("%s removing %pMR", hdev->name, bdaddr); 2618 2619 list_del(&k->list); 2620 kfree(k); 2621 } 2622 2623 return 0; 2624 } 2625 2626 /* HCI command timer function */ 2627 static void hci_cmd_timeout(unsigned long arg) 2628 { 2629 struct hci_dev *hdev = (void *) arg; 2630 2631 if (hdev->sent_cmd) { 2632 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data; 2633 u16 opcode = __le16_to_cpu(sent->opcode); 2634 2635 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode); 2636 } else { 2637 BT_ERR("%s command tx timeout", hdev->name); 2638 } 2639 2640 atomic_set(&hdev->cmd_cnt, 1); 2641 queue_work(hdev->workqueue, &hdev->cmd_work); 2642 } 2643 2644 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev, 2645 bdaddr_t *bdaddr) 2646 { 2647 struct oob_data *data; 2648 2649 list_for_each_entry(data, &hdev->remote_oob_data, list) 2650 if (bacmp(bdaddr, &data->bdaddr) == 0) 2651 return data; 2652 2653 return NULL; 2654 } 2655 2656 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr) 2657 { 2658 struct oob_data *data; 2659 2660 data = hci_find_remote_oob_data(hdev, bdaddr); 2661 if (!data) 2662 return -ENOENT; 2663 2664 BT_DBG("%s removing %pMR", hdev->name, bdaddr); 2665 2666 list_del(&data->list); 2667 kfree(data); 2668 2669 return 0; 2670 } 2671 2672 int hci_remote_oob_data_clear(struct hci_dev *hdev) 2673 { 2674 struct oob_data *data, *n; 2675 2676 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) { 2677 list_del(&data->list); 2678 kfree(data); 2679 } 2680 2681 return 0; 2682 } 2683 2684 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash, 2685 u8 *randomizer) 2686 { 2687 struct oob_data *data; 2688 2689 data = hci_find_remote_oob_data(hdev, bdaddr); 2690 2691 if (!data) { 2692 data = kmalloc(sizeof(*data), GFP_ATOMIC); 2693 if (!data) 2694 return -ENOMEM; 2695 2696 bacpy(&data->bdaddr, bdaddr); 2697 list_add(&data->list, &hdev->remote_oob_data); 2698 } 2699 2700 memcpy(data->hash, hash, sizeof(data->hash)); 2701 memcpy(data->randomizer, randomizer, sizeof(data->randomizer)); 2702 2703 BT_DBG("%s for %pMR", hdev->name, bdaddr); 2704 2705 return 0; 2706 } 2707 2708 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, 2709 bdaddr_t *bdaddr, u8 type) 2710 { 2711 struct bdaddr_list *b; 2712 2713 list_for_each_entry(b, &hdev->blacklist, list) { 2714 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type) 2715 return b; 2716 } 2717 2718 return NULL; 2719 } 2720 2721 int hci_blacklist_clear(struct hci_dev *hdev) 2722 { 2723 struct list_head *p, *n; 2724 2725 list_for_each_safe(p, n, &hdev->blacklist) { 2726 struct bdaddr_list *b = list_entry(p, struct bdaddr_list, list); 2727 2728 list_del(p); 2729 kfree(b); 2730 } 2731 2732 return 0; 2733 } 2734 2735 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 2736 { 2737 struct bdaddr_list *entry; 2738 2739 if (!bacmp(bdaddr, BDADDR_ANY)) 2740 return -EBADF; 2741 2742 if (hci_blacklist_lookup(hdev, bdaddr, type)) 2743 return -EEXIST; 2744 2745 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL); 2746 if (!entry) 2747 return -ENOMEM; 2748 2749 bacpy(&entry->bdaddr, bdaddr); 2750 entry->bdaddr_type = type; 2751 2752 list_add(&entry->list, &hdev->blacklist); 2753 2754 return mgmt_device_blocked(hdev, bdaddr, type); 2755 } 2756 2757 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 2758 { 2759 struct bdaddr_list *entry; 2760 2761 if (!bacmp(bdaddr, BDADDR_ANY)) 2762 return hci_blacklist_clear(hdev); 2763 2764 entry = hci_blacklist_lookup(hdev, bdaddr, type); 2765 if (!entry) 2766 return -ENOENT; 2767 2768 list_del(&entry->list); 2769 kfree(entry); 2770 2771 return mgmt_device_unblocked(hdev, bdaddr, type); 2772 } 2773 2774 static void inquiry_complete(struct hci_dev *hdev, u8 status) 2775 { 2776 if (status) { 2777 BT_ERR("Failed to start inquiry: status %d", status); 2778 2779 hci_dev_lock(hdev); 2780 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 2781 hci_dev_unlock(hdev); 2782 return; 2783 } 2784 } 2785 2786 static void le_scan_disable_work_complete(struct hci_dev *hdev, u8 status) 2787 { 2788 /* General inquiry access code (GIAC) */ 2789 u8 lap[3] = { 0x33, 0x8b, 0x9e }; 2790 struct hci_request req; 2791 struct hci_cp_inquiry cp; 2792 int err; 2793 2794 if (status) { 2795 BT_ERR("Failed to disable LE scanning: status %d", status); 2796 return; 2797 } 2798 2799 switch (hdev->discovery.type) { 2800 case DISCOV_TYPE_LE: 2801 hci_dev_lock(hdev); 2802 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 2803 hci_dev_unlock(hdev); 2804 break; 2805 2806 case DISCOV_TYPE_INTERLEAVED: 2807 hci_req_init(&req, hdev); 2808 2809 memset(&cp, 0, sizeof(cp)); 2810 memcpy(&cp.lap, lap, sizeof(cp.lap)); 2811 cp.length = DISCOV_INTERLEAVED_INQUIRY_LEN; 2812 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(cp), &cp); 2813 2814 hci_dev_lock(hdev); 2815 2816 hci_inquiry_cache_flush(hdev); 2817 2818 err = hci_req_run(&req, inquiry_complete); 2819 if (err) { 2820 BT_ERR("Inquiry request failed: err %d", err); 2821 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 2822 } 2823 2824 hci_dev_unlock(hdev); 2825 break; 2826 } 2827 } 2828 2829 static void le_scan_disable_work(struct work_struct *work) 2830 { 2831 struct hci_dev *hdev = container_of(work, struct hci_dev, 2832 le_scan_disable.work); 2833 struct hci_cp_le_set_scan_enable cp; 2834 struct hci_request req; 2835 int err; 2836 2837 BT_DBG("%s", hdev->name); 2838 2839 hci_req_init(&req, hdev); 2840 2841 memset(&cp, 0, sizeof(cp)); 2842 cp.enable = LE_SCAN_DISABLE; 2843 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 2844 2845 err = hci_req_run(&req, le_scan_disable_work_complete); 2846 if (err) 2847 BT_ERR("Disable LE scanning request failed: err %d", err); 2848 } 2849 2850 /* Alloc HCI device */ 2851 struct hci_dev *hci_alloc_dev(void) 2852 { 2853 struct hci_dev *hdev; 2854 2855 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL); 2856 if (!hdev) 2857 return NULL; 2858 2859 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1); 2860 hdev->esco_type = (ESCO_HV1); 2861 hdev->link_mode = (HCI_LM_ACCEPT); 2862 hdev->num_iac = 0x01; /* One IAC support is mandatory */ 2863 hdev->io_capability = 0x03; /* No Input No Output */ 2864 hdev->inq_tx_power = HCI_TX_POWER_INVALID; 2865 hdev->adv_tx_power = HCI_TX_POWER_INVALID; 2866 2867 hdev->sniff_max_interval = 800; 2868 hdev->sniff_min_interval = 80; 2869 2870 hdev->le_scan_interval = 0x0060; 2871 hdev->le_scan_window = 0x0030; 2872 hdev->le_conn_min_interval = 0x0028; 2873 hdev->le_conn_max_interval = 0x0038; 2874 2875 mutex_init(&hdev->lock); 2876 mutex_init(&hdev->req_lock); 2877 2878 INIT_LIST_HEAD(&hdev->mgmt_pending); 2879 INIT_LIST_HEAD(&hdev->blacklist); 2880 INIT_LIST_HEAD(&hdev->uuids); 2881 INIT_LIST_HEAD(&hdev->link_keys); 2882 INIT_LIST_HEAD(&hdev->long_term_keys); 2883 INIT_LIST_HEAD(&hdev->remote_oob_data); 2884 INIT_LIST_HEAD(&hdev->conn_hash.list); 2885 2886 INIT_WORK(&hdev->rx_work, hci_rx_work); 2887 INIT_WORK(&hdev->cmd_work, hci_cmd_work); 2888 INIT_WORK(&hdev->tx_work, hci_tx_work); 2889 INIT_WORK(&hdev->power_on, hci_power_on); 2890 2891 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off); 2892 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off); 2893 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work); 2894 2895 skb_queue_head_init(&hdev->rx_q); 2896 skb_queue_head_init(&hdev->cmd_q); 2897 skb_queue_head_init(&hdev->raw_q); 2898 2899 init_waitqueue_head(&hdev->req_wait_q); 2900 2901 setup_timer(&hdev->cmd_timer, hci_cmd_timeout, (unsigned long) hdev); 2902 2903 hci_init_sysfs(hdev); 2904 discovery_init(hdev); 2905 2906 return hdev; 2907 } 2908 EXPORT_SYMBOL(hci_alloc_dev); 2909 2910 /* Free HCI device */ 2911 void hci_free_dev(struct hci_dev *hdev) 2912 { 2913 /* will free via device release */ 2914 put_device(&hdev->dev); 2915 } 2916 EXPORT_SYMBOL(hci_free_dev); 2917 2918 /* Register HCI device */ 2919 int hci_register_dev(struct hci_dev *hdev) 2920 { 2921 int id, error; 2922 2923 if (!hdev->open || !hdev->close) 2924 return -EINVAL; 2925 2926 /* Do not allow HCI_AMP devices to register at index 0, 2927 * so the index can be used as the AMP controller ID. 2928 */ 2929 switch (hdev->dev_type) { 2930 case HCI_BREDR: 2931 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL); 2932 break; 2933 case HCI_AMP: 2934 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL); 2935 break; 2936 default: 2937 return -EINVAL; 2938 } 2939 2940 if (id < 0) 2941 return id; 2942 2943 sprintf(hdev->name, "hci%d", id); 2944 hdev->id = id; 2945 2946 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus); 2947 2948 hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND | 2949 WQ_MEM_RECLAIM, 1, hdev->name); 2950 if (!hdev->workqueue) { 2951 error = -ENOMEM; 2952 goto err; 2953 } 2954 2955 hdev->req_workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND | 2956 WQ_MEM_RECLAIM, 1, hdev->name); 2957 if (!hdev->req_workqueue) { 2958 destroy_workqueue(hdev->workqueue); 2959 error = -ENOMEM; 2960 goto err; 2961 } 2962 2963 if (!IS_ERR_OR_NULL(bt_debugfs)) 2964 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs); 2965 2966 dev_set_name(&hdev->dev, "%s", hdev->name); 2967 2968 error = device_add(&hdev->dev); 2969 if (error < 0) 2970 goto err_wqueue; 2971 2972 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev, 2973 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, 2974 hdev); 2975 if (hdev->rfkill) { 2976 if (rfkill_register(hdev->rfkill) < 0) { 2977 rfkill_destroy(hdev->rfkill); 2978 hdev->rfkill = NULL; 2979 } 2980 } 2981 2982 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) 2983 set_bit(HCI_RFKILLED, &hdev->dev_flags); 2984 2985 set_bit(HCI_SETUP, &hdev->dev_flags); 2986 set_bit(HCI_AUTO_OFF, &hdev->dev_flags); 2987 2988 if (hdev->dev_type == HCI_BREDR) { 2989 /* Assume BR/EDR support until proven otherwise (such as 2990 * through reading supported features during init. 2991 */ 2992 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags); 2993 } 2994 2995 write_lock(&hci_dev_list_lock); 2996 list_add(&hdev->list, &hci_dev_list); 2997 write_unlock(&hci_dev_list_lock); 2998 2999 hci_notify(hdev, HCI_DEV_REG); 3000 hci_dev_hold(hdev); 3001 3002 queue_work(hdev->req_workqueue, &hdev->power_on); 3003 3004 return id; 3005 3006 err_wqueue: 3007 destroy_workqueue(hdev->workqueue); 3008 destroy_workqueue(hdev->req_workqueue); 3009 err: 3010 ida_simple_remove(&hci_index_ida, hdev->id); 3011 3012 return error; 3013 } 3014 EXPORT_SYMBOL(hci_register_dev); 3015 3016 /* Unregister HCI device */ 3017 void hci_unregister_dev(struct hci_dev *hdev) 3018 { 3019 int i, id; 3020 3021 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus); 3022 3023 set_bit(HCI_UNREGISTER, &hdev->dev_flags); 3024 3025 id = hdev->id; 3026 3027 write_lock(&hci_dev_list_lock); 3028 list_del(&hdev->list); 3029 write_unlock(&hci_dev_list_lock); 3030 3031 hci_dev_do_close(hdev); 3032 3033 for (i = 0; i < NUM_REASSEMBLY; i++) 3034 kfree_skb(hdev->reassembly[i]); 3035 3036 cancel_work_sync(&hdev->power_on); 3037 3038 if (!test_bit(HCI_INIT, &hdev->flags) && 3039 !test_bit(HCI_SETUP, &hdev->dev_flags)) { 3040 hci_dev_lock(hdev); 3041 mgmt_index_removed(hdev); 3042 hci_dev_unlock(hdev); 3043 } 3044 3045 /* mgmt_index_removed should take care of emptying the 3046 * pending list */ 3047 BUG_ON(!list_empty(&hdev->mgmt_pending)); 3048 3049 hci_notify(hdev, HCI_DEV_UNREG); 3050 3051 if (hdev->rfkill) { 3052 rfkill_unregister(hdev->rfkill); 3053 rfkill_destroy(hdev->rfkill); 3054 } 3055 3056 device_del(&hdev->dev); 3057 3058 debugfs_remove_recursive(hdev->debugfs); 3059 3060 destroy_workqueue(hdev->workqueue); 3061 destroy_workqueue(hdev->req_workqueue); 3062 3063 hci_dev_lock(hdev); 3064 hci_blacklist_clear(hdev); 3065 hci_uuids_clear(hdev); 3066 hci_link_keys_clear(hdev); 3067 hci_smp_ltks_clear(hdev); 3068 hci_remote_oob_data_clear(hdev); 3069 hci_dev_unlock(hdev); 3070 3071 hci_dev_put(hdev); 3072 3073 ida_simple_remove(&hci_index_ida, id); 3074 } 3075 EXPORT_SYMBOL(hci_unregister_dev); 3076 3077 /* Suspend HCI device */ 3078 int hci_suspend_dev(struct hci_dev *hdev) 3079 { 3080 hci_notify(hdev, HCI_DEV_SUSPEND); 3081 return 0; 3082 } 3083 EXPORT_SYMBOL(hci_suspend_dev); 3084 3085 /* Resume HCI device */ 3086 int hci_resume_dev(struct hci_dev *hdev) 3087 { 3088 hci_notify(hdev, HCI_DEV_RESUME); 3089 return 0; 3090 } 3091 EXPORT_SYMBOL(hci_resume_dev); 3092 3093 /* Receive frame from HCI drivers */ 3094 int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb) 3095 { 3096 if (!hdev || (!test_bit(HCI_UP, &hdev->flags) 3097 && !test_bit(HCI_INIT, &hdev->flags))) { 3098 kfree_skb(skb); 3099 return -ENXIO; 3100 } 3101 3102 /* Incoming skb */ 3103 bt_cb(skb)->incoming = 1; 3104 3105 /* Time stamp */ 3106 __net_timestamp(skb); 3107 3108 skb_queue_tail(&hdev->rx_q, skb); 3109 queue_work(hdev->workqueue, &hdev->rx_work); 3110 3111 return 0; 3112 } 3113 EXPORT_SYMBOL(hci_recv_frame); 3114 3115 static int hci_reassembly(struct hci_dev *hdev, int type, void *data, 3116 int count, __u8 index) 3117 { 3118 int len = 0; 3119 int hlen = 0; 3120 int remain = count; 3121 struct sk_buff *skb; 3122 struct bt_skb_cb *scb; 3123 3124 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) || 3125 index >= NUM_REASSEMBLY) 3126 return -EILSEQ; 3127 3128 skb = hdev->reassembly[index]; 3129 3130 if (!skb) { 3131 switch (type) { 3132 case HCI_ACLDATA_PKT: 3133 len = HCI_MAX_FRAME_SIZE; 3134 hlen = HCI_ACL_HDR_SIZE; 3135 break; 3136 case HCI_EVENT_PKT: 3137 len = HCI_MAX_EVENT_SIZE; 3138 hlen = HCI_EVENT_HDR_SIZE; 3139 break; 3140 case HCI_SCODATA_PKT: 3141 len = HCI_MAX_SCO_SIZE; 3142 hlen = HCI_SCO_HDR_SIZE; 3143 break; 3144 } 3145 3146 skb = bt_skb_alloc(len, GFP_ATOMIC); 3147 if (!skb) 3148 return -ENOMEM; 3149 3150 scb = (void *) skb->cb; 3151 scb->expect = hlen; 3152 scb->pkt_type = type; 3153 3154 hdev->reassembly[index] = skb; 3155 } 3156 3157 while (count) { 3158 scb = (void *) skb->cb; 3159 len = min_t(uint, scb->expect, count); 3160 3161 memcpy(skb_put(skb, len), data, len); 3162 3163 count -= len; 3164 data += len; 3165 scb->expect -= len; 3166 remain = count; 3167 3168 switch (type) { 3169 case HCI_EVENT_PKT: 3170 if (skb->len == HCI_EVENT_HDR_SIZE) { 3171 struct hci_event_hdr *h = hci_event_hdr(skb); 3172 scb->expect = h->plen; 3173 3174 if (skb_tailroom(skb) < scb->expect) { 3175 kfree_skb(skb); 3176 hdev->reassembly[index] = NULL; 3177 return -ENOMEM; 3178 } 3179 } 3180 break; 3181 3182 case HCI_ACLDATA_PKT: 3183 if (skb->len == HCI_ACL_HDR_SIZE) { 3184 struct hci_acl_hdr *h = hci_acl_hdr(skb); 3185 scb->expect = __le16_to_cpu(h->dlen); 3186 3187 if (skb_tailroom(skb) < scb->expect) { 3188 kfree_skb(skb); 3189 hdev->reassembly[index] = NULL; 3190 return -ENOMEM; 3191 } 3192 } 3193 break; 3194 3195 case HCI_SCODATA_PKT: 3196 if (skb->len == HCI_SCO_HDR_SIZE) { 3197 struct hci_sco_hdr *h = hci_sco_hdr(skb); 3198 scb->expect = h->dlen; 3199 3200 if (skb_tailroom(skb) < scb->expect) { 3201 kfree_skb(skb); 3202 hdev->reassembly[index] = NULL; 3203 return -ENOMEM; 3204 } 3205 } 3206 break; 3207 } 3208 3209 if (scb->expect == 0) { 3210 /* Complete frame */ 3211 3212 bt_cb(skb)->pkt_type = type; 3213 hci_recv_frame(hdev, skb); 3214 3215 hdev->reassembly[index] = NULL; 3216 return remain; 3217 } 3218 } 3219 3220 return remain; 3221 } 3222 3223 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count) 3224 { 3225 int rem = 0; 3226 3227 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) 3228 return -EILSEQ; 3229 3230 while (count) { 3231 rem = hci_reassembly(hdev, type, data, count, type - 1); 3232 if (rem < 0) 3233 return rem; 3234 3235 data += (count - rem); 3236 count = rem; 3237 } 3238 3239 return rem; 3240 } 3241 EXPORT_SYMBOL(hci_recv_fragment); 3242 3243 #define STREAM_REASSEMBLY 0 3244 3245 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count) 3246 { 3247 int type; 3248 int rem = 0; 3249 3250 while (count) { 3251 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY]; 3252 3253 if (!skb) { 3254 struct { char type; } *pkt; 3255 3256 /* Start of the frame */ 3257 pkt = data; 3258 type = pkt->type; 3259 3260 data++; 3261 count--; 3262 } else 3263 type = bt_cb(skb)->pkt_type; 3264 3265 rem = hci_reassembly(hdev, type, data, count, 3266 STREAM_REASSEMBLY); 3267 if (rem < 0) 3268 return rem; 3269 3270 data += (count - rem); 3271 count = rem; 3272 } 3273 3274 return rem; 3275 } 3276 EXPORT_SYMBOL(hci_recv_stream_fragment); 3277 3278 /* ---- Interface to upper protocols ---- */ 3279 3280 int hci_register_cb(struct hci_cb *cb) 3281 { 3282 BT_DBG("%p name %s", cb, cb->name); 3283 3284 write_lock(&hci_cb_list_lock); 3285 list_add(&cb->list, &hci_cb_list); 3286 write_unlock(&hci_cb_list_lock); 3287 3288 return 0; 3289 } 3290 EXPORT_SYMBOL(hci_register_cb); 3291 3292 int hci_unregister_cb(struct hci_cb *cb) 3293 { 3294 BT_DBG("%p name %s", cb, cb->name); 3295 3296 write_lock(&hci_cb_list_lock); 3297 list_del(&cb->list); 3298 write_unlock(&hci_cb_list_lock); 3299 3300 return 0; 3301 } 3302 EXPORT_SYMBOL(hci_unregister_cb); 3303 3304 static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 3305 { 3306 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len); 3307 3308 /* Time stamp */ 3309 __net_timestamp(skb); 3310 3311 /* Send copy to monitor */ 3312 hci_send_to_monitor(hdev, skb); 3313 3314 if (atomic_read(&hdev->promisc)) { 3315 /* Send copy to the sockets */ 3316 hci_send_to_sock(hdev, skb); 3317 } 3318 3319 /* Get rid of skb owner, prior to sending to the driver. */ 3320 skb_orphan(skb); 3321 3322 if (hdev->send(hdev, skb) < 0) 3323 BT_ERR("%s sending frame failed", hdev->name); 3324 } 3325 3326 void hci_req_init(struct hci_request *req, struct hci_dev *hdev) 3327 { 3328 skb_queue_head_init(&req->cmd_q); 3329 req->hdev = hdev; 3330 req->err = 0; 3331 } 3332 3333 int hci_req_run(struct hci_request *req, hci_req_complete_t complete) 3334 { 3335 struct hci_dev *hdev = req->hdev; 3336 struct sk_buff *skb; 3337 unsigned long flags; 3338 3339 BT_DBG("length %u", skb_queue_len(&req->cmd_q)); 3340 3341 /* If an error occured during request building, remove all HCI 3342 * commands queued on the HCI request queue. 3343 */ 3344 if (req->err) { 3345 skb_queue_purge(&req->cmd_q); 3346 return req->err; 3347 } 3348 3349 /* Do not allow empty requests */ 3350 if (skb_queue_empty(&req->cmd_q)) 3351 return -ENODATA; 3352 3353 skb = skb_peek_tail(&req->cmd_q); 3354 bt_cb(skb)->req.complete = complete; 3355 3356 spin_lock_irqsave(&hdev->cmd_q.lock, flags); 3357 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q); 3358 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags); 3359 3360 queue_work(hdev->workqueue, &hdev->cmd_work); 3361 3362 return 0; 3363 } 3364 3365 static struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode, 3366 u32 plen, const void *param) 3367 { 3368 int len = HCI_COMMAND_HDR_SIZE + plen; 3369 struct hci_command_hdr *hdr; 3370 struct sk_buff *skb; 3371 3372 skb = bt_skb_alloc(len, GFP_ATOMIC); 3373 if (!skb) 3374 return NULL; 3375 3376 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE); 3377 hdr->opcode = cpu_to_le16(opcode); 3378 hdr->plen = plen; 3379 3380 if (plen) 3381 memcpy(skb_put(skb, plen), param, plen); 3382 3383 BT_DBG("skb len %d", skb->len); 3384 3385 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT; 3386 3387 return skb; 3388 } 3389 3390 /* Send HCI command */ 3391 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, 3392 const void *param) 3393 { 3394 struct sk_buff *skb; 3395 3396 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen); 3397 3398 skb = hci_prepare_cmd(hdev, opcode, plen, param); 3399 if (!skb) { 3400 BT_ERR("%s no memory for command", hdev->name); 3401 return -ENOMEM; 3402 } 3403 3404 /* Stand-alone HCI commands must be flaged as 3405 * single-command requests. 3406 */ 3407 bt_cb(skb)->req.start = true; 3408 3409 skb_queue_tail(&hdev->cmd_q, skb); 3410 queue_work(hdev->workqueue, &hdev->cmd_work); 3411 3412 return 0; 3413 } 3414 3415 /* Queue a command to an asynchronous HCI request */ 3416 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen, 3417 const void *param, u8 event) 3418 { 3419 struct hci_dev *hdev = req->hdev; 3420 struct sk_buff *skb; 3421 3422 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen); 3423 3424 /* If an error occured during request building, there is no point in 3425 * queueing the HCI command. We can simply return. 3426 */ 3427 if (req->err) 3428 return; 3429 3430 skb = hci_prepare_cmd(hdev, opcode, plen, param); 3431 if (!skb) { 3432 BT_ERR("%s no memory for command (opcode 0x%4.4x)", 3433 hdev->name, opcode); 3434 req->err = -ENOMEM; 3435 return; 3436 } 3437 3438 if (skb_queue_empty(&req->cmd_q)) 3439 bt_cb(skb)->req.start = true; 3440 3441 bt_cb(skb)->req.event = event; 3442 3443 skb_queue_tail(&req->cmd_q, skb); 3444 } 3445 3446 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, 3447 const void *param) 3448 { 3449 hci_req_add_ev(req, opcode, plen, param, 0); 3450 } 3451 3452 /* Get data from the previously sent command */ 3453 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode) 3454 { 3455 struct hci_command_hdr *hdr; 3456 3457 if (!hdev->sent_cmd) 3458 return NULL; 3459 3460 hdr = (void *) hdev->sent_cmd->data; 3461 3462 if (hdr->opcode != cpu_to_le16(opcode)) 3463 return NULL; 3464 3465 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); 3466 3467 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE; 3468 } 3469 3470 /* Send ACL data */ 3471 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags) 3472 { 3473 struct hci_acl_hdr *hdr; 3474 int len = skb->len; 3475 3476 skb_push(skb, HCI_ACL_HDR_SIZE); 3477 skb_reset_transport_header(skb); 3478 hdr = (struct hci_acl_hdr *)skb_transport_header(skb); 3479 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags)); 3480 hdr->dlen = cpu_to_le16(len); 3481 } 3482 3483 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue, 3484 struct sk_buff *skb, __u16 flags) 3485 { 3486 struct hci_conn *conn = chan->conn; 3487 struct hci_dev *hdev = conn->hdev; 3488 struct sk_buff *list; 3489 3490 skb->len = skb_headlen(skb); 3491 skb->data_len = 0; 3492 3493 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 3494 3495 switch (hdev->dev_type) { 3496 case HCI_BREDR: 3497 hci_add_acl_hdr(skb, conn->handle, flags); 3498 break; 3499 case HCI_AMP: 3500 hci_add_acl_hdr(skb, chan->handle, flags); 3501 break; 3502 default: 3503 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type); 3504 return; 3505 } 3506 3507 list = skb_shinfo(skb)->frag_list; 3508 if (!list) { 3509 /* Non fragmented */ 3510 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len); 3511 3512 skb_queue_tail(queue, skb); 3513 } else { 3514 /* Fragmented */ 3515 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len); 3516 3517 skb_shinfo(skb)->frag_list = NULL; 3518 3519 /* Queue all fragments atomically */ 3520 spin_lock(&queue->lock); 3521 3522 __skb_queue_tail(queue, skb); 3523 3524 flags &= ~ACL_START; 3525 flags |= ACL_CONT; 3526 do { 3527 skb = list; list = list->next; 3528 3529 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 3530 hci_add_acl_hdr(skb, conn->handle, flags); 3531 3532 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len); 3533 3534 __skb_queue_tail(queue, skb); 3535 } while (list); 3536 3537 spin_unlock(&queue->lock); 3538 } 3539 } 3540 3541 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags) 3542 { 3543 struct hci_dev *hdev = chan->conn->hdev; 3544 3545 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags); 3546 3547 hci_queue_acl(chan, &chan->data_q, skb, flags); 3548 3549 queue_work(hdev->workqueue, &hdev->tx_work); 3550 } 3551 3552 /* Send SCO data */ 3553 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb) 3554 { 3555 struct hci_dev *hdev = conn->hdev; 3556 struct hci_sco_hdr hdr; 3557 3558 BT_DBG("%s len %d", hdev->name, skb->len); 3559 3560 hdr.handle = cpu_to_le16(conn->handle); 3561 hdr.dlen = skb->len; 3562 3563 skb_push(skb, HCI_SCO_HDR_SIZE); 3564 skb_reset_transport_header(skb); 3565 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE); 3566 3567 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT; 3568 3569 skb_queue_tail(&conn->data_q, skb); 3570 queue_work(hdev->workqueue, &hdev->tx_work); 3571 } 3572 3573 /* ---- HCI TX task (outgoing data) ---- */ 3574 3575 /* HCI Connection scheduler */ 3576 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, 3577 int *quote) 3578 { 3579 struct hci_conn_hash *h = &hdev->conn_hash; 3580 struct hci_conn *conn = NULL, *c; 3581 unsigned int num = 0, min = ~0; 3582 3583 /* We don't have to lock device here. Connections are always 3584 * added and removed with TX task disabled. */ 3585 3586 rcu_read_lock(); 3587 3588 list_for_each_entry_rcu(c, &h->list, list) { 3589 if (c->type != type || skb_queue_empty(&c->data_q)) 3590 continue; 3591 3592 if (c->state != BT_CONNECTED && c->state != BT_CONFIG) 3593 continue; 3594 3595 num++; 3596 3597 if (c->sent < min) { 3598 min = c->sent; 3599 conn = c; 3600 } 3601 3602 if (hci_conn_num(hdev, type) == num) 3603 break; 3604 } 3605 3606 rcu_read_unlock(); 3607 3608 if (conn) { 3609 int cnt, q; 3610 3611 switch (conn->type) { 3612 case ACL_LINK: 3613 cnt = hdev->acl_cnt; 3614 break; 3615 case SCO_LINK: 3616 case ESCO_LINK: 3617 cnt = hdev->sco_cnt; 3618 break; 3619 case LE_LINK: 3620 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt; 3621 break; 3622 default: 3623 cnt = 0; 3624 BT_ERR("Unknown link type"); 3625 } 3626 3627 q = cnt / num; 3628 *quote = q ? q : 1; 3629 } else 3630 *quote = 0; 3631 3632 BT_DBG("conn %p quote %d", conn, *quote); 3633 return conn; 3634 } 3635 3636 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type) 3637 { 3638 struct hci_conn_hash *h = &hdev->conn_hash; 3639 struct hci_conn *c; 3640 3641 BT_ERR("%s link tx timeout", hdev->name); 3642 3643 rcu_read_lock(); 3644 3645 /* Kill stalled connections */ 3646 list_for_each_entry_rcu(c, &h->list, list) { 3647 if (c->type == type && c->sent) { 3648 BT_ERR("%s killing stalled connection %pMR", 3649 hdev->name, &c->dst); 3650 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM); 3651 } 3652 } 3653 3654 rcu_read_unlock(); 3655 } 3656 3657 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type, 3658 int *quote) 3659 { 3660 struct hci_conn_hash *h = &hdev->conn_hash; 3661 struct hci_chan *chan = NULL; 3662 unsigned int num = 0, min = ~0, cur_prio = 0; 3663 struct hci_conn *conn; 3664 int cnt, q, conn_num = 0; 3665 3666 BT_DBG("%s", hdev->name); 3667 3668 rcu_read_lock(); 3669 3670 list_for_each_entry_rcu(conn, &h->list, list) { 3671 struct hci_chan *tmp; 3672 3673 if (conn->type != type) 3674 continue; 3675 3676 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG) 3677 continue; 3678 3679 conn_num++; 3680 3681 list_for_each_entry_rcu(tmp, &conn->chan_list, list) { 3682 struct sk_buff *skb; 3683 3684 if (skb_queue_empty(&tmp->data_q)) 3685 continue; 3686 3687 skb = skb_peek(&tmp->data_q); 3688 if (skb->priority < cur_prio) 3689 continue; 3690 3691 if (skb->priority > cur_prio) { 3692 num = 0; 3693 min = ~0; 3694 cur_prio = skb->priority; 3695 } 3696 3697 num++; 3698 3699 if (conn->sent < min) { 3700 min = conn->sent; 3701 chan = tmp; 3702 } 3703 } 3704 3705 if (hci_conn_num(hdev, type) == conn_num) 3706 break; 3707 } 3708 3709 rcu_read_unlock(); 3710 3711 if (!chan) 3712 return NULL; 3713 3714 switch (chan->conn->type) { 3715 case ACL_LINK: 3716 cnt = hdev->acl_cnt; 3717 break; 3718 case AMP_LINK: 3719 cnt = hdev->block_cnt; 3720 break; 3721 case SCO_LINK: 3722 case ESCO_LINK: 3723 cnt = hdev->sco_cnt; 3724 break; 3725 case LE_LINK: 3726 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt; 3727 break; 3728 default: 3729 cnt = 0; 3730 BT_ERR("Unknown link type"); 3731 } 3732 3733 q = cnt / num; 3734 *quote = q ? q : 1; 3735 BT_DBG("chan %p quote %d", chan, *quote); 3736 return chan; 3737 } 3738 3739 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type) 3740 { 3741 struct hci_conn_hash *h = &hdev->conn_hash; 3742 struct hci_conn *conn; 3743 int num = 0; 3744 3745 BT_DBG("%s", hdev->name); 3746 3747 rcu_read_lock(); 3748 3749 list_for_each_entry_rcu(conn, &h->list, list) { 3750 struct hci_chan *chan; 3751 3752 if (conn->type != type) 3753 continue; 3754 3755 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG) 3756 continue; 3757 3758 num++; 3759 3760 list_for_each_entry_rcu(chan, &conn->chan_list, list) { 3761 struct sk_buff *skb; 3762 3763 if (chan->sent) { 3764 chan->sent = 0; 3765 continue; 3766 } 3767 3768 if (skb_queue_empty(&chan->data_q)) 3769 continue; 3770 3771 skb = skb_peek(&chan->data_q); 3772 if (skb->priority >= HCI_PRIO_MAX - 1) 3773 continue; 3774 3775 skb->priority = HCI_PRIO_MAX - 1; 3776 3777 BT_DBG("chan %p skb %p promoted to %d", chan, skb, 3778 skb->priority); 3779 } 3780 3781 if (hci_conn_num(hdev, type) == num) 3782 break; 3783 } 3784 3785 rcu_read_unlock(); 3786 3787 } 3788 3789 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb) 3790 { 3791 /* Calculate count of blocks used by this packet */ 3792 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len); 3793 } 3794 3795 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt) 3796 { 3797 if (!test_bit(HCI_RAW, &hdev->flags)) { 3798 /* ACL tx timeout must be longer than maximum 3799 * link supervision timeout (40.9 seconds) */ 3800 if (!cnt && time_after(jiffies, hdev->acl_last_tx + 3801 HCI_ACL_TX_TIMEOUT)) 3802 hci_link_tx_to(hdev, ACL_LINK); 3803 } 3804 } 3805 3806 static void hci_sched_acl_pkt(struct hci_dev *hdev) 3807 { 3808 unsigned int cnt = hdev->acl_cnt; 3809 struct hci_chan *chan; 3810 struct sk_buff *skb; 3811 int quote; 3812 3813 __check_timeout(hdev, cnt); 3814 3815 while (hdev->acl_cnt && 3816 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) { 3817 u32 priority = (skb_peek(&chan->data_q))->priority; 3818 while (quote-- && (skb = skb_peek(&chan->data_q))) { 3819 BT_DBG("chan %p skb %p len %d priority %u", chan, skb, 3820 skb->len, skb->priority); 3821 3822 /* Stop if priority has changed */ 3823 if (skb->priority < priority) 3824 break; 3825 3826 skb = skb_dequeue(&chan->data_q); 3827 3828 hci_conn_enter_active_mode(chan->conn, 3829 bt_cb(skb)->force_active); 3830 3831 hci_send_frame(hdev, skb); 3832 hdev->acl_last_tx = jiffies; 3833 3834 hdev->acl_cnt--; 3835 chan->sent++; 3836 chan->conn->sent++; 3837 } 3838 } 3839 3840 if (cnt != hdev->acl_cnt) 3841 hci_prio_recalculate(hdev, ACL_LINK); 3842 } 3843 3844 static void hci_sched_acl_blk(struct hci_dev *hdev) 3845 { 3846 unsigned int cnt = hdev->block_cnt; 3847 struct hci_chan *chan; 3848 struct sk_buff *skb; 3849 int quote; 3850 u8 type; 3851 3852 __check_timeout(hdev, cnt); 3853 3854 BT_DBG("%s", hdev->name); 3855 3856 if (hdev->dev_type == HCI_AMP) 3857 type = AMP_LINK; 3858 else 3859 type = ACL_LINK; 3860 3861 while (hdev->block_cnt > 0 && 3862 (chan = hci_chan_sent(hdev, type, "e))) { 3863 u32 priority = (skb_peek(&chan->data_q))->priority; 3864 while (quote > 0 && (skb = skb_peek(&chan->data_q))) { 3865 int blocks; 3866 3867 BT_DBG("chan %p skb %p len %d priority %u", chan, skb, 3868 skb->len, skb->priority); 3869 3870 /* Stop if priority has changed */ 3871 if (skb->priority < priority) 3872 break; 3873 3874 skb = skb_dequeue(&chan->data_q); 3875 3876 blocks = __get_blocks(hdev, skb); 3877 if (blocks > hdev->block_cnt) 3878 return; 3879 3880 hci_conn_enter_active_mode(chan->conn, 3881 bt_cb(skb)->force_active); 3882 3883 hci_send_frame(hdev, skb); 3884 hdev->acl_last_tx = jiffies; 3885 3886 hdev->block_cnt -= blocks; 3887 quote -= blocks; 3888 3889 chan->sent += blocks; 3890 chan->conn->sent += blocks; 3891 } 3892 } 3893 3894 if (cnt != hdev->block_cnt) 3895 hci_prio_recalculate(hdev, type); 3896 } 3897 3898 static void hci_sched_acl(struct hci_dev *hdev) 3899 { 3900 BT_DBG("%s", hdev->name); 3901 3902 /* No ACL link over BR/EDR controller */ 3903 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR) 3904 return; 3905 3906 /* No AMP link over AMP controller */ 3907 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP) 3908 return; 3909 3910 switch (hdev->flow_ctl_mode) { 3911 case HCI_FLOW_CTL_MODE_PACKET_BASED: 3912 hci_sched_acl_pkt(hdev); 3913 break; 3914 3915 case HCI_FLOW_CTL_MODE_BLOCK_BASED: 3916 hci_sched_acl_blk(hdev); 3917 break; 3918 } 3919 } 3920 3921 /* Schedule SCO */ 3922 static void hci_sched_sco(struct hci_dev *hdev) 3923 { 3924 struct hci_conn *conn; 3925 struct sk_buff *skb; 3926 int quote; 3927 3928 BT_DBG("%s", hdev->name); 3929 3930 if (!hci_conn_num(hdev, SCO_LINK)) 3931 return; 3932 3933 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) { 3934 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 3935 BT_DBG("skb %p len %d", skb, skb->len); 3936 hci_send_frame(hdev, skb); 3937 3938 conn->sent++; 3939 if (conn->sent == ~0) 3940 conn->sent = 0; 3941 } 3942 } 3943 } 3944 3945 static void hci_sched_esco(struct hci_dev *hdev) 3946 { 3947 struct hci_conn *conn; 3948 struct sk_buff *skb; 3949 int quote; 3950 3951 BT_DBG("%s", hdev->name); 3952 3953 if (!hci_conn_num(hdev, ESCO_LINK)) 3954 return; 3955 3956 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, 3957 "e))) { 3958 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 3959 BT_DBG("skb %p len %d", skb, skb->len); 3960 hci_send_frame(hdev, skb); 3961 3962 conn->sent++; 3963 if (conn->sent == ~0) 3964 conn->sent = 0; 3965 } 3966 } 3967 } 3968 3969 static void hci_sched_le(struct hci_dev *hdev) 3970 { 3971 struct hci_chan *chan; 3972 struct sk_buff *skb; 3973 int quote, cnt, tmp; 3974 3975 BT_DBG("%s", hdev->name); 3976 3977 if (!hci_conn_num(hdev, LE_LINK)) 3978 return; 3979 3980 if (!test_bit(HCI_RAW, &hdev->flags)) { 3981 /* LE tx timeout must be longer than maximum 3982 * link supervision timeout (40.9 seconds) */ 3983 if (!hdev->le_cnt && hdev->le_pkts && 3984 time_after(jiffies, hdev->le_last_tx + HZ * 45)) 3985 hci_link_tx_to(hdev, LE_LINK); 3986 } 3987 3988 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt; 3989 tmp = cnt; 3990 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) { 3991 u32 priority = (skb_peek(&chan->data_q))->priority; 3992 while (quote-- && (skb = skb_peek(&chan->data_q))) { 3993 BT_DBG("chan %p skb %p len %d priority %u", chan, skb, 3994 skb->len, skb->priority); 3995 3996 /* Stop if priority has changed */ 3997 if (skb->priority < priority) 3998 break; 3999 4000 skb = skb_dequeue(&chan->data_q); 4001 4002 hci_send_frame(hdev, skb); 4003 hdev->le_last_tx = jiffies; 4004 4005 cnt--; 4006 chan->sent++; 4007 chan->conn->sent++; 4008 } 4009 } 4010 4011 if (hdev->le_pkts) 4012 hdev->le_cnt = cnt; 4013 else 4014 hdev->acl_cnt = cnt; 4015 4016 if (cnt != tmp) 4017 hci_prio_recalculate(hdev, LE_LINK); 4018 } 4019 4020 static void hci_tx_work(struct work_struct *work) 4021 { 4022 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work); 4023 struct sk_buff *skb; 4024 4025 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt, 4026 hdev->sco_cnt, hdev->le_cnt); 4027 4028 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 4029 /* Schedule queues and send stuff to HCI driver */ 4030 hci_sched_acl(hdev); 4031 hci_sched_sco(hdev); 4032 hci_sched_esco(hdev); 4033 hci_sched_le(hdev); 4034 } 4035 4036 /* Send next queued raw (unknown type) packet */ 4037 while ((skb = skb_dequeue(&hdev->raw_q))) 4038 hci_send_frame(hdev, skb); 4039 } 4040 4041 /* ----- HCI RX task (incoming data processing) ----- */ 4042 4043 /* ACL data packet */ 4044 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb) 4045 { 4046 struct hci_acl_hdr *hdr = (void *) skb->data; 4047 struct hci_conn *conn; 4048 __u16 handle, flags; 4049 4050 skb_pull(skb, HCI_ACL_HDR_SIZE); 4051 4052 handle = __le16_to_cpu(hdr->handle); 4053 flags = hci_flags(handle); 4054 handle = hci_handle(handle); 4055 4056 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len, 4057 handle, flags); 4058 4059 hdev->stat.acl_rx++; 4060 4061 hci_dev_lock(hdev); 4062 conn = hci_conn_hash_lookup_handle(hdev, handle); 4063 hci_dev_unlock(hdev); 4064 4065 if (conn) { 4066 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF); 4067 4068 /* Send to upper protocol */ 4069 l2cap_recv_acldata(conn, skb, flags); 4070 return; 4071 } else { 4072 BT_ERR("%s ACL packet for unknown connection handle %d", 4073 hdev->name, handle); 4074 } 4075 4076 kfree_skb(skb); 4077 } 4078 4079 /* SCO data packet */ 4080 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb) 4081 { 4082 struct hci_sco_hdr *hdr = (void *) skb->data; 4083 struct hci_conn *conn; 4084 __u16 handle; 4085 4086 skb_pull(skb, HCI_SCO_HDR_SIZE); 4087 4088 handle = __le16_to_cpu(hdr->handle); 4089 4090 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle); 4091 4092 hdev->stat.sco_rx++; 4093 4094 hci_dev_lock(hdev); 4095 conn = hci_conn_hash_lookup_handle(hdev, handle); 4096 hci_dev_unlock(hdev); 4097 4098 if (conn) { 4099 /* Send to upper protocol */ 4100 sco_recv_scodata(conn, skb); 4101 return; 4102 } else { 4103 BT_ERR("%s SCO packet for unknown connection handle %d", 4104 hdev->name, handle); 4105 } 4106 4107 kfree_skb(skb); 4108 } 4109 4110 static bool hci_req_is_complete(struct hci_dev *hdev) 4111 { 4112 struct sk_buff *skb; 4113 4114 skb = skb_peek(&hdev->cmd_q); 4115 if (!skb) 4116 return true; 4117 4118 return bt_cb(skb)->req.start; 4119 } 4120 4121 static void hci_resend_last(struct hci_dev *hdev) 4122 { 4123 struct hci_command_hdr *sent; 4124 struct sk_buff *skb; 4125 u16 opcode; 4126 4127 if (!hdev->sent_cmd) 4128 return; 4129 4130 sent = (void *) hdev->sent_cmd->data; 4131 opcode = __le16_to_cpu(sent->opcode); 4132 if (opcode == HCI_OP_RESET) 4133 return; 4134 4135 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL); 4136 if (!skb) 4137 return; 4138 4139 skb_queue_head(&hdev->cmd_q, skb); 4140 queue_work(hdev->workqueue, &hdev->cmd_work); 4141 } 4142 4143 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status) 4144 { 4145 hci_req_complete_t req_complete = NULL; 4146 struct sk_buff *skb; 4147 unsigned long flags; 4148 4149 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status); 4150 4151 /* If the completed command doesn't match the last one that was 4152 * sent we need to do special handling of it. 4153 */ 4154 if (!hci_sent_cmd_data(hdev, opcode)) { 4155 /* Some CSR based controllers generate a spontaneous 4156 * reset complete event during init and any pending 4157 * command will never be completed. In such a case we 4158 * need to resend whatever was the last sent 4159 * command. 4160 */ 4161 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET) 4162 hci_resend_last(hdev); 4163 4164 return; 4165 } 4166 4167 /* If the command succeeded and there's still more commands in 4168 * this request the request is not yet complete. 4169 */ 4170 if (!status && !hci_req_is_complete(hdev)) 4171 return; 4172 4173 /* If this was the last command in a request the complete 4174 * callback would be found in hdev->sent_cmd instead of the 4175 * command queue (hdev->cmd_q). 4176 */ 4177 if (hdev->sent_cmd) { 4178 req_complete = bt_cb(hdev->sent_cmd)->req.complete; 4179 4180 if (req_complete) { 4181 /* We must set the complete callback to NULL to 4182 * avoid calling the callback more than once if 4183 * this function gets called again. 4184 */ 4185 bt_cb(hdev->sent_cmd)->req.complete = NULL; 4186 4187 goto call_complete; 4188 } 4189 } 4190 4191 /* Remove all pending commands belonging to this request */ 4192 spin_lock_irqsave(&hdev->cmd_q.lock, flags); 4193 while ((skb = __skb_dequeue(&hdev->cmd_q))) { 4194 if (bt_cb(skb)->req.start) { 4195 __skb_queue_head(&hdev->cmd_q, skb); 4196 break; 4197 } 4198 4199 req_complete = bt_cb(skb)->req.complete; 4200 kfree_skb(skb); 4201 } 4202 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags); 4203 4204 call_complete: 4205 if (req_complete) 4206 req_complete(hdev, status); 4207 } 4208 4209 static void hci_rx_work(struct work_struct *work) 4210 { 4211 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work); 4212 struct sk_buff *skb; 4213 4214 BT_DBG("%s", hdev->name); 4215 4216 while ((skb = skb_dequeue(&hdev->rx_q))) { 4217 /* Send copy to monitor */ 4218 hci_send_to_monitor(hdev, skb); 4219 4220 if (atomic_read(&hdev->promisc)) { 4221 /* Send copy to the sockets */ 4222 hci_send_to_sock(hdev, skb); 4223 } 4224 4225 if (test_bit(HCI_RAW, &hdev->flags) || 4226 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 4227 kfree_skb(skb); 4228 continue; 4229 } 4230 4231 if (test_bit(HCI_INIT, &hdev->flags)) { 4232 /* Don't process data packets in this states. */ 4233 switch (bt_cb(skb)->pkt_type) { 4234 case HCI_ACLDATA_PKT: 4235 case HCI_SCODATA_PKT: 4236 kfree_skb(skb); 4237 continue; 4238 } 4239 } 4240 4241 /* Process frame */ 4242 switch (bt_cb(skb)->pkt_type) { 4243 case HCI_EVENT_PKT: 4244 BT_DBG("%s Event packet", hdev->name); 4245 hci_event_packet(hdev, skb); 4246 break; 4247 4248 case HCI_ACLDATA_PKT: 4249 BT_DBG("%s ACL data packet", hdev->name); 4250 hci_acldata_packet(hdev, skb); 4251 break; 4252 4253 case HCI_SCODATA_PKT: 4254 BT_DBG("%s SCO data packet", hdev->name); 4255 hci_scodata_packet(hdev, skb); 4256 break; 4257 4258 default: 4259 kfree_skb(skb); 4260 break; 4261 } 4262 } 4263 } 4264 4265 static void hci_cmd_work(struct work_struct *work) 4266 { 4267 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work); 4268 struct sk_buff *skb; 4269 4270 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name, 4271 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q)); 4272 4273 /* Send queued commands */ 4274 if (atomic_read(&hdev->cmd_cnt)) { 4275 skb = skb_dequeue(&hdev->cmd_q); 4276 if (!skb) 4277 return; 4278 4279 kfree_skb(hdev->sent_cmd); 4280 4281 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL); 4282 if (hdev->sent_cmd) { 4283 atomic_dec(&hdev->cmd_cnt); 4284 hci_send_frame(hdev, skb); 4285 if (test_bit(HCI_RESET, &hdev->flags)) 4286 del_timer(&hdev->cmd_timer); 4287 else 4288 mod_timer(&hdev->cmd_timer, 4289 jiffies + HCI_CMD_TIMEOUT); 4290 } else { 4291 skb_queue_head(&hdev->cmd_q, skb); 4292 queue_work(hdev->workqueue, &hdev->cmd_work); 4293 } 4294 } 4295 } 4296