1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI core. */ 26 27 #include <linux/jiffies.h> 28 #include <linux/module.h> 29 #include <linux/kmod.h> 30 31 #include <linux/types.h> 32 #include <linux/errno.h> 33 #include <linux/kernel.h> 34 #include <linux/sched.h> 35 #include <linux/slab.h> 36 #include <linux/poll.h> 37 #include <linux/fcntl.h> 38 #include <linux/init.h> 39 #include <linux/skbuff.h> 40 #include <linux/workqueue.h> 41 #include <linux/interrupt.h> 42 #include <linux/notifier.h> 43 #include <linux/rfkill.h> 44 #include <linux/timer.h> 45 #include <linux/crypto.h> 46 #include <net/sock.h> 47 48 #include <asm/system.h> 49 #include <linux/uaccess.h> 50 #include <asm/unaligned.h> 51 52 #include <net/bluetooth/bluetooth.h> 53 #include <net/bluetooth/hci_core.h> 54 55 #define AUTO_OFF_TIMEOUT 2000 56 57 static void hci_cmd_task(unsigned long arg); 58 static void hci_rx_task(unsigned long arg); 59 static void hci_tx_task(unsigned long arg); 60 61 static DEFINE_RWLOCK(hci_task_lock); 62 63 /* HCI device list */ 64 LIST_HEAD(hci_dev_list); 65 DEFINE_RWLOCK(hci_dev_list_lock); 66 67 /* HCI callback list */ 68 LIST_HEAD(hci_cb_list); 69 DEFINE_RWLOCK(hci_cb_list_lock); 70 71 /* HCI protocols */ 72 #define HCI_MAX_PROTO 2 73 struct hci_proto *hci_proto[HCI_MAX_PROTO]; 74 75 /* HCI notifiers list */ 76 static ATOMIC_NOTIFIER_HEAD(hci_notifier); 77 78 /* ---- HCI notifications ---- */ 79 80 int hci_register_notifier(struct notifier_block *nb) 81 { 82 return atomic_notifier_chain_register(&hci_notifier, nb); 83 } 84 85 int hci_unregister_notifier(struct notifier_block *nb) 86 { 87 return atomic_notifier_chain_unregister(&hci_notifier, nb); 88 } 89 90 static void hci_notify(struct hci_dev *hdev, int event) 91 { 92 atomic_notifier_call_chain(&hci_notifier, event, hdev); 93 } 94 95 /* ---- HCI requests ---- */ 96 97 void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result) 98 { 99 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result); 100 101 /* If this is the init phase check if the completed command matches 102 * the last init command, and if not just return. 103 */ 104 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd) 105 return; 106 107 if (hdev->req_status == HCI_REQ_PEND) { 108 hdev->req_result = result; 109 hdev->req_status = HCI_REQ_DONE; 110 wake_up_interruptible(&hdev->req_wait_q); 111 } 112 } 113 114 static void hci_req_cancel(struct hci_dev *hdev, int err) 115 { 116 BT_DBG("%s err 0x%2.2x", hdev->name, err); 117 118 if (hdev->req_status == HCI_REQ_PEND) { 119 hdev->req_result = err; 120 hdev->req_status = HCI_REQ_CANCELED; 121 wake_up_interruptible(&hdev->req_wait_q); 122 } 123 } 124 125 /* Execute request and wait for completion. */ 126 static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt), 127 unsigned long opt, __u32 timeout) 128 { 129 DECLARE_WAITQUEUE(wait, current); 130 int err = 0; 131 132 BT_DBG("%s start", hdev->name); 133 134 hdev->req_status = HCI_REQ_PEND; 135 136 add_wait_queue(&hdev->req_wait_q, &wait); 137 set_current_state(TASK_INTERRUPTIBLE); 138 139 req(hdev, opt); 140 schedule_timeout(timeout); 141 142 remove_wait_queue(&hdev->req_wait_q, &wait); 143 144 if (signal_pending(current)) 145 return -EINTR; 146 147 switch (hdev->req_status) { 148 case HCI_REQ_DONE: 149 err = -bt_to_errno(hdev->req_result); 150 break; 151 152 case HCI_REQ_CANCELED: 153 err = -hdev->req_result; 154 break; 155 156 default: 157 err = -ETIMEDOUT; 158 break; 159 } 160 161 hdev->req_status = hdev->req_result = 0; 162 163 BT_DBG("%s end: err %d", hdev->name, err); 164 165 return err; 166 } 167 168 static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt), 169 unsigned long opt, __u32 timeout) 170 { 171 int ret; 172 173 if (!test_bit(HCI_UP, &hdev->flags)) 174 return -ENETDOWN; 175 176 /* Serialize all requests */ 177 hci_req_lock(hdev); 178 ret = __hci_request(hdev, req, opt, timeout); 179 hci_req_unlock(hdev); 180 181 return ret; 182 } 183 184 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt) 185 { 186 BT_DBG("%s %ld", hdev->name, opt); 187 188 /* Reset device */ 189 set_bit(HCI_RESET, &hdev->flags); 190 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL); 191 } 192 193 static void hci_init_req(struct hci_dev *hdev, unsigned long opt) 194 { 195 struct hci_cp_delete_stored_link_key cp; 196 struct sk_buff *skb; 197 __le16 param; 198 __u8 flt_type; 199 200 BT_DBG("%s %ld", hdev->name, opt); 201 202 /* Driver initialization */ 203 204 /* Special commands */ 205 while ((skb = skb_dequeue(&hdev->driver_init))) { 206 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT; 207 skb->dev = (void *) hdev; 208 209 skb_queue_tail(&hdev->cmd_q, skb); 210 tasklet_schedule(&hdev->cmd_task); 211 } 212 skb_queue_purge(&hdev->driver_init); 213 214 /* Mandatory initialization */ 215 216 /* Reset */ 217 if (!test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) { 218 set_bit(HCI_RESET, &hdev->flags); 219 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL); 220 } 221 222 /* Read Local Supported Features */ 223 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL); 224 225 /* Read Local Version */ 226 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL); 227 228 /* Read Buffer Size (ACL mtu, max pkt, etc.) */ 229 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL); 230 231 #if 0 232 /* Host buffer size */ 233 { 234 struct hci_cp_host_buffer_size cp; 235 cp.acl_mtu = cpu_to_le16(HCI_MAX_ACL_SIZE); 236 cp.sco_mtu = HCI_MAX_SCO_SIZE; 237 cp.acl_max_pkt = cpu_to_le16(0xffff); 238 cp.sco_max_pkt = cpu_to_le16(0xffff); 239 hci_send_cmd(hdev, HCI_OP_HOST_BUFFER_SIZE, sizeof(cp), &cp); 240 } 241 #endif 242 243 /* Read BD Address */ 244 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL); 245 246 /* Read Class of Device */ 247 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL); 248 249 /* Read Local Name */ 250 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL); 251 252 /* Read Voice Setting */ 253 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL); 254 255 /* Optional initialization */ 256 257 /* Clear Event Filters */ 258 flt_type = HCI_FLT_CLEAR_ALL; 259 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type); 260 261 /* Connection accept timeout ~20 secs */ 262 param = cpu_to_le16(0x7d00); 263 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m); 264 265 bacpy(&cp.bdaddr, BDADDR_ANY); 266 cp.delete_all = 1; 267 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp); 268 } 269 270 static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt) 271 { 272 BT_DBG("%s", hdev->name); 273 274 /* Read LE buffer size */ 275 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL); 276 } 277 278 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt) 279 { 280 __u8 scan = opt; 281 282 BT_DBG("%s %x", hdev->name, scan); 283 284 /* Inquiry and Page scans */ 285 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 286 } 287 288 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt) 289 { 290 __u8 auth = opt; 291 292 BT_DBG("%s %x", hdev->name, auth); 293 294 /* Authentication */ 295 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth); 296 } 297 298 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt) 299 { 300 __u8 encrypt = opt; 301 302 BT_DBG("%s %x", hdev->name, encrypt); 303 304 /* Encryption */ 305 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt); 306 } 307 308 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt) 309 { 310 __le16 policy = cpu_to_le16(opt); 311 312 BT_DBG("%s %x", hdev->name, policy); 313 314 /* Default link policy */ 315 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy); 316 } 317 318 /* Get HCI device by index. 319 * Device is held on return. */ 320 struct hci_dev *hci_dev_get(int index) 321 { 322 struct hci_dev *hdev = NULL; 323 struct list_head *p; 324 325 BT_DBG("%d", index); 326 327 if (index < 0) 328 return NULL; 329 330 read_lock(&hci_dev_list_lock); 331 list_for_each(p, &hci_dev_list) { 332 struct hci_dev *d = list_entry(p, struct hci_dev, list); 333 if (d->id == index) { 334 hdev = hci_dev_hold(d); 335 break; 336 } 337 } 338 read_unlock(&hci_dev_list_lock); 339 return hdev; 340 } 341 342 /* ---- Inquiry support ---- */ 343 static void inquiry_cache_flush(struct hci_dev *hdev) 344 { 345 struct inquiry_cache *cache = &hdev->inq_cache; 346 struct inquiry_entry *next = cache->list, *e; 347 348 BT_DBG("cache %p", cache); 349 350 cache->list = NULL; 351 while ((e = next)) { 352 next = e->next; 353 kfree(e); 354 } 355 } 356 357 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr) 358 { 359 struct inquiry_cache *cache = &hdev->inq_cache; 360 struct inquiry_entry *e; 361 362 BT_DBG("cache %p, %s", cache, batostr(bdaddr)); 363 364 for (e = cache->list; e; e = e->next) 365 if (!bacmp(&e->data.bdaddr, bdaddr)) 366 break; 367 return e; 368 } 369 370 void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data) 371 { 372 struct inquiry_cache *cache = &hdev->inq_cache; 373 struct inquiry_entry *ie; 374 375 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr)); 376 377 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr); 378 if (!ie) { 379 /* Entry not in the cache. Add new one. */ 380 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC); 381 if (!ie) 382 return; 383 384 ie->next = cache->list; 385 cache->list = ie; 386 } 387 388 memcpy(&ie->data, data, sizeof(*data)); 389 ie->timestamp = jiffies; 390 cache->timestamp = jiffies; 391 } 392 393 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf) 394 { 395 struct inquiry_cache *cache = &hdev->inq_cache; 396 struct inquiry_info *info = (struct inquiry_info *) buf; 397 struct inquiry_entry *e; 398 int copied = 0; 399 400 for (e = cache->list; e && copied < num; e = e->next, copied++) { 401 struct inquiry_data *data = &e->data; 402 bacpy(&info->bdaddr, &data->bdaddr); 403 info->pscan_rep_mode = data->pscan_rep_mode; 404 info->pscan_period_mode = data->pscan_period_mode; 405 info->pscan_mode = data->pscan_mode; 406 memcpy(info->dev_class, data->dev_class, 3); 407 info->clock_offset = data->clock_offset; 408 info++; 409 } 410 411 BT_DBG("cache %p, copied %d", cache, copied); 412 return copied; 413 } 414 415 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt) 416 { 417 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt; 418 struct hci_cp_inquiry cp; 419 420 BT_DBG("%s", hdev->name); 421 422 if (test_bit(HCI_INQUIRY, &hdev->flags)) 423 return; 424 425 /* Start Inquiry */ 426 memcpy(&cp.lap, &ir->lap, 3); 427 cp.length = ir->length; 428 cp.num_rsp = ir->num_rsp; 429 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp); 430 } 431 432 int hci_inquiry(void __user *arg) 433 { 434 __u8 __user *ptr = arg; 435 struct hci_inquiry_req ir; 436 struct hci_dev *hdev; 437 int err = 0, do_inquiry = 0, max_rsp; 438 long timeo; 439 __u8 *buf; 440 441 if (copy_from_user(&ir, ptr, sizeof(ir))) 442 return -EFAULT; 443 444 hdev = hci_dev_get(ir.dev_id); 445 if (!hdev) 446 return -ENODEV; 447 448 hci_dev_lock_bh(hdev); 449 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX || 450 inquiry_cache_empty(hdev) || 451 ir.flags & IREQ_CACHE_FLUSH) { 452 inquiry_cache_flush(hdev); 453 do_inquiry = 1; 454 } 455 hci_dev_unlock_bh(hdev); 456 457 timeo = ir.length * msecs_to_jiffies(2000); 458 459 if (do_inquiry) { 460 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo); 461 if (err < 0) 462 goto done; 463 } 464 465 /* for unlimited number of responses we will use buffer with 255 entries */ 466 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp; 467 468 /* cache_dump can't sleep. Therefore we allocate temp buffer and then 469 * copy it to the user space. 470 */ 471 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL); 472 if (!buf) { 473 err = -ENOMEM; 474 goto done; 475 } 476 477 hci_dev_lock_bh(hdev); 478 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf); 479 hci_dev_unlock_bh(hdev); 480 481 BT_DBG("num_rsp %d", ir.num_rsp); 482 483 if (!copy_to_user(ptr, &ir, sizeof(ir))) { 484 ptr += sizeof(ir); 485 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) * 486 ir.num_rsp)) 487 err = -EFAULT; 488 } else 489 err = -EFAULT; 490 491 kfree(buf); 492 493 done: 494 hci_dev_put(hdev); 495 return err; 496 } 497 498 /* ---- HCI ioctl helpers ---- */ 499 500 int hci_dev_open(__u16 dev) 501 { 502 struct hci_dev *hdev; 503 int ret = 0; 504 505 hdev = hci_dev_get(dev); 506 if (!hdev) 507 return -ENODEV; 508 509 BT_DBG("%s %p", hdev->name, hdev); 510 511 hci_req_lock(hdev); 512 513 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) { 514 ret = -ERFKILL; 515 goto done; 516 } 517 518 if (test_bit(HCI_UP, &hdev->flags)) { 519 ret = -EALREADY; 520 goto done; 521 } 522 523 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 524 set_bit(HCI_RAW, &hdev->flags); 525 526 /* Treat all non BR/EDR controllers as raw devices for now */ 527 if (hdev->dev_type != HCI_BREDR) 528 set_bit(HCI_RAW, &hdev->flags); 529 530 if (hdev->open(hdev)) { 531 ret = -EIO; 532 goto done; 533 } 534 535 if (!test_bit(HCI_RAW, &hdev->flags)) { 536 atomic_set(&hdev->cmd_cnt, 1); 537 set_bit(HCI_INIT, &hdev->flags); 538 hdev->init_last_cmd = 0; 539 540 ret = __hci_request(hdev, hci_init_req, 0, 541 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 542 543 if (lmp_host_le_capable(hdev)) 544 ret = __hci_request(hdev, hci_le_init_req, 0, 545 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 546 547 clear_bit(HCI_INIT, &hdev->flags); 548 } 549 550 if (!ret) { 551 hci_dev_hold(hdev); 552 set_bit(HCI_UP, &hdev->flags); 553 hci_notify(hdev, HCI_DEV_UP); 554 if (!test_bit(HCI_SETUP, &hdev->flags)) 555 mgmt_powered(hdev->id, 1); 556 } else { 557 /* Init failed, cleanup */ 558 tasklet_kill(&hdev->rx_task); 559 tasklet_kill(&hdev->tx_task); 560 tasklet_kill(&hdev->cmd_task); 561 562 skb_queue_purge(&hdev->cmd_q); 563 skb_queue_purge(&hdev->rx_q); 564 565 if (hdev->flush) 566 hdev->flush(hdev); 567 568 if (hdev->sent_cmd) { 569 kfree_skb(hdev->sent_cmd); 570 hdev->sent_cmd = NULL; 571 } 572 573 hdev->close(hdev); 574 hdev->flags = 0; 575 } 576 577 done: 578 hci_req_unlock(hdev); 579 hci_dev_put(hdev); 580 return ret; 581 } 582 583 static int hci_dev_do_close(struct hci_dev *hdev) 584 { 585 BT_DBG("%s %p", hdev->name, hdev); 586 587 hci_req_cancel(hdev, ENODEV); 588 hci_req_lock(hdev); 589 590 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) { 591 del_timer_sync(&hdev->cmd_timer); 592 hci_req_unlock(hdev); 593 return 0; 594 } 595 596 /* Kill RX and TX tasks */ 597 tasklet_kill(&hdev->rx_task); 598 tasklet_kill(&hdev->tx_task); 599 600 hci_dev_lock_bh(hdev); 601 inquiry_cache_flush(hdev); 602 hci_conn_hash_flush(hdev); 603 hci_dev_unlock_bh(hdev); 604 605 hci_notify(hdev, HCI_DEV_DOWN); 606 607 if (hdev->flush) 608 hdev->flush(hdev); 609 610 /* Reset device */ 611 skb_queue_purge(&hdev->cmd_q); 612 atomic_set(&hdev->cmd_cnt, 1); 613 if (!test_bit(HCI_RAW, &hdev->flags)) { 614 set_bit(HCI_INIT, &hdev->flags); 615 __hci_request(hdev, hci_reset_req, 0, 616 msecs_to_jiffies(250)); 617 clear_bit(HCI_INIT, &hdev->flags); 618 } 619 620 /* Kill cmd task */ 621 tasklet_kill(&hdev->cmd_task); 622 623 /* Drop queues */ 624 skb_queue_purge(&hdev->rx_q); 625 skb_queue_purge(&hdev->cmd_q); 626 skb_queue_purge(&hdev->raw_q); 627 628 /* Drop last sent command */ 629 if (hdev->sent_cmd) { 630 del_timer_sync(&hdev->cmd_timer); 631 kfree_skb(hdev->sent_cmd); 632 hdev->sent_cmd = NULL; 633 } 634 635 /* After this point our queues are empty 636 * and no tasks are scheduled. */ 637 hdev->close(hdev); 638 639 mgmt_powered(hdev->id, 0); 640 641 /* Clear flags */ 642 hdev->flags = 0; 643 644 hci_req_unlock(hdev); 645 646 hci_dev_put(hdev); 647 return 0; 648 } 649 650 int hci_dev_close(__u16 dev) 651 { 652 struct hci_dev *hdev; 653 int err; 654 655 hdev = hci_dev_get(dev); 656 if (!hdev) 657 return -ENODEV; 658 err = hci_dev_do_close(hdev); 659 hci_dev_put(hdev); 660 return err; 661 } 662 663 int hci_dev_reset(__u16 dev) 664 { 665 struct hci_dev *hdev; 666 int ret = 0; 667 668 hdev = hci_dev_get(dev); 669 if (!hdev) 670 return -ENODEV; 671 672 hci_req_lock(hdev); 673 tasklet_disable(&hdev->tx_task); 674 675 if (!test_bit(HCI_UP, &hdev->flags)) 676 goto done; 677 678 /* Drop queues */ 679 skb_queue_purge(&hdev->rx_q); 680 skb_queue_purge(&hdev->cmd_q); 681 682 hci_dev_lock_bh(hdev); 683 inquiry_cache_flush(hdev); 684 hci_conn_hash_flush(hdev); 685 hci_dev_unlock_bh(hdev); 686 687 if (hdev->flush) 688 hdev->flush(hdev); 689 690 atomic_set(&hdev->cmd_cnt, 1); 691 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0; 692 693 if (!test_bit(HCI_RAW, &hdev->flags)) 694 ret = __hci_request(hdev, hci_reset_req, 0, 695 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 696 697 done: 698 tasklet_enable(&hdev->tx_task); 699 hci_req_unlock(hdev); 700 hci_dev_put(hdev); 701 return ret; 702 } 703 704 int hci_dev_reset_stat(__u16 dev) 705 { 706 struct hci_dev *hdev; 707 int ret = 0; 708 709 hdev = hci_dev_get(dev); 710 if (!hdev) 711 return -ENODEV; 712 713 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats)); 714 715 hci_dev_put(hdev); 716 717 return ret; 718 } 719 720 int hci_dev_cmd(unsigned int cmd, void __user *arg) 721 { 722 struct hci_dev *hdev; 723 struct hci_dev_req dr; 724 int err = 0; 725 726 if (copy_from_user(&dr, arg, sizeof(dr))) 727 return -EFAULT; 728 729 hdev = hci_dev_get(dr.dev_id); 730 if (!hdev) 731 return -ENODEV; 732 733 switch (cmd) { 734 case HCISETAUTH: 735 err = hci_request(hdev, hci_auth_req, dr.dev_opt, 736 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 737 break; 738 739 case HCISETENCRYPT: 740 if (!lmp_encrypt_capable(hdev)) { 741 err = -EOPNOTSUPP; 742 break; 743 } 744 745 if (!test_bit(HCI_AUTH, &hdev->flags)) { 746 /* Auth must be enabled first */ 747 err = hci_request(hdev, hci_auth_req, dr.dev_opt, 748 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 749 if (err) 750 break; 751 } 752 753 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt, 754 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 755 break; 756 757 case HCISETSCAN: 758 err = hci_request(hdev, hci_scan_req, dr.dev_opt, 759 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 760 break; 761 762 case HCISETLINKPOL: 763 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt, 764 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 765 break; 766 767 case HCISETLINKMODE: 768 hdev->link_mode = ((__u16) dr.dev_opt) & 769 (HCI_LM_MASTER | HCI_LM_ACCEPT); 770 break; 771 772 case HCISETPTYPE: 773 hdev->pkt_type = (__u16) dr.dev_opt; 774 break; 775 776 case HCISETACLMTU: 777 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1); 778 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0); 779 break; 780 781 case HCISETSCOMTU: 782 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1); 783 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0); 784 break; 785 786 default: 787 err = -EINVAL; 788 break; 789 } 790 791 hci_dev_put(hdev); 792 return err; 793 } 794 795 int hci_get_dev_list(void __user *arg) 796 { 797 struct hci_dev_list_req *dl; 798 struct hci_dev_req *dr; 799 struct list_head *p; 800 int n = 0, size, err; 801 __u16 dev_num; 802 803 if (get_user(dev_num, (__u16 __user *) arg)) 804 return -EFAULT; 805 806 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr)) 807 return -EINVAL; 808 809 size = sizeof(*dl) + dev_num * sizeof(*dr); 810 811 dl = kzalloc(size, GFP_KERNEL); 812 if (!dl) 813 return -ENOMEM; 814 815 dr = dl->dev_req; 816 817 read_lock_bh(&hci_dev_list_lock); 818 list_for_each(p, &hci_dev_list) { 819 struct hci_dev *hdev; 820 821 hdev = list_entry(p, struct hci_dev, list); 822 823 hci_del_off_timer(hdev); 824 825 if (!test_bit(HCI_MGMT, &hdev->flags)) 826 set_bit(HCI_PAIRABLE, &hdev->flags); 827 828 (dr + n)->dev_id = hdev->id; 829 (dr + n)->dev_opt = hdev->flags; 830 831 if (++n >= dev_num) 832 break; 833 } 834 read_unlock_bh(&hci_dev_list_lock); 835 836 dl->dev_num = n; 837 size = sizeof(*dl) + n * sizeof(*dr); 838 839 err = copy_to_user(arg, dl, size); 840 kfree(dl); 841 842 return err ? -EFAULT : 0; 843 } 844 845 int hci_get_dev_info(void __user *arg) 846 { 847 struct hci_dev *hdev; 848 struct hci_dev_info di; 849 int err = 0; 850 851 if (copy_from_user(&di, arg, sizeof(di))) 852 return -EFAULT; 853 854 hdev = hci_dev_get(di.dev_id); 855 if (!hdev) 856 return -ENODEV; 857 858 hci_del_off_timer(hdev); 859 860 if (!test_bit(HCI_MGMT, &hdev->flags)) 861 set_bit(HCI_PAIRABLE, &hdev->flags); 862 863 strcpy(di.name, hdev->name); 864 di.bdaddr = hdev->bdaddr; 865 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4); 866 di.flags = hdev->flags; 867 di.pkt_type = hdev->pkt_type; 868 di.acl_mtu = hdev->acl_mtu; 869 di.acl_pkts = hdev->acl_pkts; 870 di.sco_mtu = hdev->sco_mtu; 871 di.sco_pkts = hdev->sco_pkts; 872 di.link_policy = hdev->link_policy; 873 di.link_mode = hdev->link_mode; 874 875 memcpy(&di.stat, &hdev->stat, sizeof(di.stat)); 876 memcpy(&di.features, &hdev->features, sizeof(di.features)); 877 878 if (copy_to_user(arg, &di, sizeof(di))) 879 err = -EFAULT; 880 881 hci_dev_put(hdev); 882 883 return err; 884 } 885 886 /* ---- Interface to HCI drivers ---- */ 887 888 static int hci_rfkill_set_block(void *data, bool blocked) 889 { 890 struct hci_dev *hdev = data; 891 892 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked); 893 894 if (!blocked) 895 return 0; 896 897 hci_dev_do_close(hdev); 898 899 return 0; 900 } 901 902 static const struct rfkill_ops hci_rfkill_ops = { 903 .set_block = hci_rfkill_set_block, 904 }; 905 906 /* Alloc HCI device */ 907 struct hci_dev *hci_alloc_dev(void) 908 { 909 struct hci_dev *hdev; 910 911 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL); 912 if (!hdev) 913 return NULL; 914 915 skb_queue_head_init(&hdev->driver_init); 916 917 return hdev; 918 } 919 EXPORT_SYMBOL(hci_alloc_dev); 920 921 /* Free HCI device */ 922 void hci_free_dev(struct hci_dev *hdev) 923 { 924 skb_queue_purge(&hdev->driver_init); 925 926 /* will free via device release */ 927 put_device(&hdev->dev); 928 } 929 EXPORT_SYMBOL(hci_free_dev); 930 931 static void hci_power_on(struct work_struct *work) 932 { 933 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on); 934 935 BT_DBG("%s", hdev->name); 936 937 if (hci_dev_open(hdev->id) < 0) 938 return; 939 940 if (test_bit(HCI_AUTO_OFF, &hdev->flags)) 941 mod_timer(&hdev->off_timer, 942 jiffies + msecs_to_jiffies(AUTO_OFF_TIMEOUT)); 943 944 if (test_and_clear_bit(HCI_SETUP, &hdev->flags)) 945 mgmt_index_added(hdev->id); 946 } 947 948 static void hci_power_off(struct work_struct *work) 949 { 950 struct hci_dev *hdev = container_of(work, struct hci_dev, power_off); 951 952 BT_DBG("%s", hdev->name); 953 954 hci_dev_close(hdev->id); 955 } 956 957 static void hci_auto_off(unsigned long data) 958 { 959 struct hci_dev *hdev = (struct hci_dev *) data; 960 961 BT_DBG("%s", hdev->name); 962 963 clear_bit(HCI_AUTO_OFF, &hdev->flags); 964 965 queue_work(hdev->workqueue, &hdev->power_off); 966 } 967 968 void hci_del_off_timer(struct hci_dev *hdev) 969 { 970 BT_DBG("%s", hdev->name); 971 972 clear_bit(HCI_AUTO_OFF, &hdev->flags); 973 del_timer(&hdev->off_timer); 974 } 975 976 int hci_uuids_clear(struct hci_dev *hdev) 977 { 978 struct list_head *p, *n; 979 980 list_for_each_safe(p, n, &hdev->uuids) { 981 struct bt_uuid *uuid; 982 983 uuid = list_entry(p, struct bt_uuid, list); 984 985 list_del(p); 986 kfree(uuid); 987 } 988 989 return 0; 990 } 991 992 int hci_link_keys_clear(struct hci_dev *hdev) 993 { 994 struct list_head *p, *n; 995 996 list_for_each_safe(p, n, &hdev->link_keys) { 997 struct link_key *key; 998 999 key = list_entry(p, struct link_key, list); 1000 1001 list_del(p); 1002 kfree(key); 1003 } 1004 1005 return 0; 1006 } 1007 1008 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr) 1009 { 1010 struct list_head *p; 1011 1012 list_for_each(p, &hdev->link_keys) { 1013 struct link_key *k; 1014 1015 k = list_entry(p, struct link_key, list); 1016 1017 if (bacmp(bdaddr, &k->bdaddr) == 0) 1018 return k; 1019 } 1020 1021 return NULL; 1022 } 1023 1024 static int hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn, 1025 u8 key_type, u8 old_key_type) 1026 { 1027 /* Legacy key */ 1028 if (key_type < 0x03) 1029 return 1; 1030 1031 /* Debug keys are insecure so don't store them persistently */ 1032 if (key_type == HCI_LK_DEBUG_COMBINATION) 1033 return 0; 1034 1035 /* Changed combination key and there's no previous one */ 1036 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff) 1037 return 0; 1038 1039 /* Security mode 3 case */ 1040 if (!conn) 1041 return 1; 1042 1043 /* Neither local nor remote side had no-bonding as requirement */ 1044 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01) 1045 return 1; 1046 1047 /* Local side had dedicated bonding as requirement */ 1048 if (conn->auth_type == 0x02 || conn->auth_type == 0x03) 1049 return 1; 1050 1051 /* Remote side had dedicated bonding as requirement */ 1052 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) 1053 return 1; 1054 1055 /* If none of the above criteria match, then don't store the key 1056 * persistently */ 1057 return 0; 1058 } 1059 1060 struct link_key *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8]) 1061 { 1062 struct link_key *k; 1063 1064 list_for_each_entry(k, &hdev->link_keys, list) { 1065 struct key_master_id *id; 1066 1067 if (k->type != HCI_LK_SMP_LTK) 1068 continue; 1069 1070 if (k->dlen != sizeof(*id)) 1071 continue; 1072 1073 id = (void *) &k->data; 1074 if (id->ediv == ediv && 1075 (memcmp(rand, id->rand, sizeof(id->rand)) == 0)) 1076 return k; 1077 } 1078 1079 return NULL; 1080 } 1081 EXPORT_SYMBOL(hci_find_ltk); 1082 1083 struct link_key *hci_find_link_key_type(struct hci_dev *hdev, 1084 bdaddr_t *bdaddr, u8 type) 1085 { 1086 struct link_key *k; 1087 1088 list_for_each_entry(k, &hdev->link_keys, list) 1089 if (k->type == type && bacmp(bdaddr, &k->bdaddr) == 0) 1090 return k; 1091 1092 return NULL; 1093 } 1094 EXPORT_SYMBOL(hci_find_link_key_type); 1095 1096 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key, 1097 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len) 1098 { 1099 struct link_key *key, *old_key; 1100 u8 old_key_type, persistent; 1101 1102 old_key = hci_find_link_key(hdev, bdaddr); 1103 if (old_key) { 1104 old_key_type = old_key->type; 1105 key = old_key; 1106 } else { 1107 old_key_type = conn ? conn->key_type : 0xff; 1108 key = kzalloc(sizeof(*key), GFP_ATOMIC); 1109 if (!key) 1110 return -ENOMEM; 1111 list_add(&key->list, &hdev->link_keys); 1112 } 1113 1114 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type); 1115 1116 /* Some buggy controller combinations generate a changed 1117 * combination key for legacy pairing even when there's no 1118 * previous key */ 1119 if (type == HCI_LK_CHANGED_COMBINATION && 1120 (!conn || conn->remote_auth == 0xff) && 1121 old_key_type == 0xff) { 1122 type = HCI_LK_COMBINATION; 1123 if (conn) 1124 conn->key_type = type; 1125 } 1126 1127 bacpy(&key->bdaddr, bdaddr); 1128 memcpy(key->val, val, 16); 1129 key->pin_len = pin_len; 1130 1131 if (type == HCI_LK_CHANGED_COMBINATION) 1132 key->type = old_key_type; 1133 else 1134 key->type = type; 1135 1136 if (!new_key) 1137 return 0; 1138 1139 persistent = hci_persistent_key(hdev, conn, type, old_key_type); 1140 1141 mgmt_new_key(hdev->id, key, persistent); 1142 1143 if (!persistent) { 1144 list_del(&key->list); 1145 kfree(key); 1146 } 1147 1148 return 0; 1149 } 1150 1151 int hci_add_ltk(struct hci_dev *hdev, int new_key, bdaddr_t *bdaddr, 1152 u8 key_size, __le16 ediv, u8 rand[8], u8 ltk[16]) 1153 { 1154 struct link_key *key, *old_key; 1155 struct key_master_id *id; 1156 u8 old_key_type; 1157 1158 BT_DBG("%s addr %s", hdev->name, batostr(bdaddr)); 1159 1160 old_key = hci_find_link_key_type(hdev, bdaddr, HCI_LK_SMP_LTK); 1161 if (old_key) { 1162 key = old_key; 1163 old_key_type = old_key->type; 1164 } else { 1165 key = kzalloc(sizeof(*key) + sizeof(*id), GFP_ATOMIC); 1166 if (!key) 1167 return -ENOMEM; 1168 list_add(&key->list, &hdev->link_keys); 1169 old_key_type = 0xff; 1170 } 1171 1172 key->dlen = sizeof(*id); 1173 1174 bacpy(&key->bdaddr, bdaddr); 1175 memcpy(key->val, ltk, sizeof(key->val)); 1176 key->type = HCI_LK_SMP_LTK; 1177 key->pin_len = key_size; 1178 1179 id = (void *) &key->data; 1180 id->ediv = ediv; 1181 memcpy(id->rand, rand, sizeof(id->rand)); 1182 1183 if (new_key) 1184 mgmt_new_key(hdev->id, key, old_key_type); 1185 1186 return 0; 1187 } 1188 1189 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr) 1190 { 1191 struct link_key *key; 1192 1193 key = hci_find_link_key(hdev, bdaddr); 1194 if (!key) 1195 return -ENOENT; 1196 1197 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr)); 1198 1199 list_del(&key->list); 1200 kfree(key); 1201 1202 return 0; 1203 } 1204 1205 /* HCI command timer function */ 1206 static void hci_cmd_timer(unsigned long arg) 1207 { 1208 struct hci_dev *hdev = (void *) arg; 1209 1210 BT_ERR("%s command tx timeout", hdev->name); 1211 atomic_set(&hdev->cmd_cnt, 1); 1212 tasklet_schedule(&hdev->cmd_task); 1213 } 1214 1215 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev, 1216 bdaddr_t *bdaddr) 1217 { 1218 struct oob_data *data; 1219 1220 list_for_each_entry(data, &hdev->remote_oob_data, list) 1221 if (bacmp(bdaddr, &data->bdaddr) == 0) 1222 return data; 1223 1224 return NULL; 1225 } 1226 1227 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr) 1228 { 1229 struct oob_data *data; 1230 1231 data = hci_find_remote_oob_data(hdev, bdaddr); 1232 if (!data) 1233 return -ENOENT; 1234 1235 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr)); 1236 1237 list_del(&data->list); 1238 kfree(data); 1239 1240 return 0; 1241 } 1242 1243 int hci_remote_oob_data_clear(struct hci_dev *hdev) 1244 { 1245 struct oob_data *data, *n; 1246 1247 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) { 1248 list_del(&data->list); 1249 kfree(data); 1250 } 1251 1252 return 0; 1253 } 1254 1255 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash, 1256 u8 *randomizer) 1257 { 1258 struct oob_data *data; 1259 1260 data = hci_find_remote_oob_data(hdev, bdaddr); 1261 1262 if (!data) { 1263 data = kmalloc(sizeof(*data), GFP_ATOMIC); 1264 if (!data) 1265 return -ENOMEM; 1266 1267 bacpy(&data->bdaddr, bdaddr); 1268 list_add(&data->list, &hdev->remote_oob_data); 1269 } 1270 1271 memcpy(data->hash, hash, sizeof(data->hash)); 1272 memcpy(data->randomizer, randomizer, sizeof(data->randomizer)); 1273 1274 BT_DBG("%s for %s", hdev->name, batostr(bdaddr)); 1275 1276 return 0; 1277 } 1278 1279 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, 1280 bdaddr_t *bdaddr) 1281 { 1282 struct list_head *p; 1283 1284 list_for_each(p, &hdev->blacklist) { 1285 struct bdaddr_list *b; 1286 1287 b = list_entry(p, struct bdaddr_list, list); 1288 1289 if (bacmp(bdaddr, &b->bdaddr) == 0) 1290 return b; 1291 } 1292 1293 return NULL; 1294 } 1295 1296 int hci_blacklist_clear(struct hci_dev *hdev) 1297 { 1298 struct list_head *p, *n; 1299 1300 list_for_each_safe(p, n, &hdev->blacklist) { 1301 struct bdaddr_list *b; 1302 1303 b = list_entry(p, struct bdaddr_list, list); 1304 1305 list_del(p); 1306 kfree(b); 1307 } 1308 1309 return 0; 1310 } 1311 1312 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr) 1313 { 1314 struct bdaddr_list *entry; 1315 1316 if (bacmp(bdaddr, BDADDR_ANY) == 0) 1317 return -EBADF; 1318 1319 if (hci_blacklist_lookup(hdev, bdaddr)) 1320 return -EEXIST; 1321 1322 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL); 1323 if (!entry) 1324 return -ENOMEM; 1325 1326 bacpy(&entry->bdaddr, bdaddr); 1327 1328 list_add(&entry->list, &hdev->blacklist); 1329 1330 return mgmt_device_blocked(hdev->id, bdaddr); 1331 } 1332 1333 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr) 1334 { 1335 struct bdaddr_list *entry; 1336 1337 if (bacmp(bdaddr, BDADDR_ANY) == 0) { 1338 return hci_blacklist_clear(hdev); 1339 } 1340 1341 entry = hci_blacklist_lookup(hdev, bdaddr); 1342 if (!entry) { 1343 return -ENOENT; 1344 } 1345 1346 list_del(&entry->list); 1347 kfree(entry); 1348 1349 return mgmt_device_unblocked(hdev->id, bdaddr); 1350 } 1351 1352 static void hci_clear_adv_cache(unsigned long arg) 1353 { 1354 struct hci_dev *hdev = (void *) arg; 1355 1356 hci_dev_lock(hdev); 1357 1358 hci_adv_entries_clear(hdev); 1359 1360 hci_dev_unlock(hdev); 1361 } 1362 1363 int hci_adv_entries_clear(struct hci_dev *hdev) 1364 { 1365 struct adv_entry *entry, *tmp; 1366 1367 list_for_each_entry_safe(entry, tmp, &hdev->adv_entries, list) { 1368 list_del(&entry->list); 1369 kfree(entry); 1370 } 1371 1372 BT_DBG("%s adv cache cleared", hdev->name); 1373 1374 return 0; 1375 } 1376 1377 struct adv_entry *hci_find_adv_entry(struct hci_dev *hdev, bdaddr_t *bdaddr) 1378 { 1379 struct adv_entry *entry; 1380 1381 list_for_each_entry(entry, &hdev->adv_entries, list) 1382 if (bacmp(bdaddr, &entry->bdaddr) == 0) 1383 return entry; 1384 1385 return NULL; 1386 } 1387 1388 static inline int is_connectable_adv(u8 evt_type) 1389 { 1390 if (evt_type == ADV_IND || evt_type == ADV_DIRECT_IND) 1391 return 1; 1392 1393 return 0; 1394 } 1395 1396 int hci_add_adv_entry(struct hci_dev *hdev, 1397 struct hci_ev_le_advertising_info *ev) 1398 { 1399 struct adv_entry *entry; 1400 1401 if (!is_connectable_adv(ev->evt_type)) 1402 return -EINVAL; 1403 1404 /* Only new entries should be added to adv_entries. So, if 1405 * bdaddr was found, don't add it. */ 1406 if (hci_find_adv_entry(hdev, &ev->bdaddr)) 1407 return 0; 1408 1409 entry = kzalloc(sizeof(*entry), GFP_ATOMIC); 1410 if (!entry) 1411 return -ENOMEM; 1412 1413 bacpy(&entry->bdaddr, &ev->bdaddr); 1414 entry->bdaddr_type = ev->bdaddr_type; 1415 1416 list_add(&entry->list, &hdev->adv_entries); 1417 1418 BT_DBG("%s adv entry added: address %s type %u", hdev->name, 1419 batostr(&entry->bdaddr), entry->bdaddr_type); 1420 1421 return 0; 1422 } 1423 1424 /* Register HCI device */ 1425 int hci_register_dev(struct hci_dev *hdev) 1426 { 1427 struct list_head *head = &hci_dev_list, *p; 1428 int i, id = 0; 1429 1430 BT_DBG("%p name %s bus %d owner %p", hdev, hdev->name, 1431 hdev->bus, hdev->owner); 1432 1433 if (!hdev->open || !hdev->close || !hdev->destruct) 1434 return -EINVAL; 1435 1436 write_lock_bh(&hci_dev_list_lock); 1437 1438 /* Find first available device id */ 1439 list_for_each(p, &hci_dev_list) { 1440 if (list_entry(p, struct hci_dev, list)->id != id) 1441 break; 1442 head = p; id++; 1443 } 1444 1445 sprintf(hdev->name, "hci%d", id); 1446 hdev->id = id; 1447 list_add(&hdev->list, head); 1448 1449 atomic_set(&hdev->refcnt, 1); 1450 spin_lock_init(&hdev->lock); 1451 1452 hdev->flags = 0; 1453 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1); 1454 hdev->esco_type = (ESCO_HV1); 1455 hdev->link_mode = (HCI_LM_ACCEPT); 1456 hdev->io_capability = 0x03; /* No Input No Output */ 1457 1458 hdev->idle_timeout = 0; 1459 hdev->sniff_max_interval = 800; 1460 hdev->sniff_min_interval = 80; 1461 1462 tasklet_init(&hdev->cmd_task, hci_cmd_task, (unsigned long) hdev); 1463 tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev); 1464 tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev); 1465 1466 skb_queue_head_init(&hdev->rx_q); 1467 skb_queue_head_init(&hdev->cmd_q); 1468 skb_queue_head_init(&hdev->raw_q); 1469 1470 setup_timer(&hdev->cmd_timer, hci_cmd_timer, (unsigned long) hdev); 1471 1472 for (i = 0; i < NUM_REASSEMBLY; i++) 1473 hdev->reassembly[i] = NULL; 1474 1475 init_waitqueue_head(&hdev->req_wait_q); 1476 mutex_init(&hdev->req_lock); 1477 1478 inquiry_cache_init(hdev); 1479 1480 hci_conn_hash_init(hdev); 1481 1482 INIT_LIST_HEAD(&hdev->blacklist); 1483 1484 INIT_LIST_HEAD(&hdev->uuids); 1485 1486 INIT_LIST_HEAD(&hdev->link_keys); 1487 1488 INIT_LIST_HEAD(&hdev->remote_oob_data); 1489 1490 INIT_LIST_HEAD(&hdev->adv_entries); 1491 setup_timer(&hdev->adv_timer, hci_clear_adv_cache, 1492 (unsigned long) hdev); 1493 1494 INIT_WORK(&hdev->power_on, hci_power_on); 1495 INIT_WORK(&hdev->power_off, hci_power_off); 1496 setup_timer(&hdev->off_timer, hci_auto_off, (unsigned long) hdev); 1497 1498 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats)); 1499 1500 atomic_set(&hdev->promisc, 0); 1501 1502 write_unlock_bh(&hci_dev_list_lock); 1503 1504 hdev->workqueue = create_singlethread_workqueue(hdev->name); 1505 if (!hdev->workqueue) 1506 goto nomem; 1507 1508 hci_register_sysfs(hdev); 1509 1510 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev, 1511 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, hdev); 1512 if (hdev->rfkill) { 1513 if (rfkill_register(hdev->rfkill) < 0) { 1514 rfkill_destroy(hdev->rfkill); 1515 hdev->rfkill = NULL; 1516 } 1517 } 1518 1519 set_bit(HCI_AUTO_OFF, &hdev->flags); 1520 set_bit(HCI_SETUP, &hdev->flags); 1521 queue_work(hdev->workqueue, &hdev->power_on); 1522 1523 hci_notify(hdev, HCI_DEV_REG); 1524 1525 return id; 1526 1527 nomem: 1528 write_lock_bh(&hci_dev_list_lock); 1529 list_del(&hdev->list); 1530 write_unlock_bh(&hci_dev_list_lock); 1531 1532 return -ENOMEM; 1533 } 1534 EXPORT_SYMBOL(hci_register_dev); 1535 1536 /* Unregister HCI device */ 1537 int hci_unregister_dev(struct hci_dev *hdev) 1538 { 1539 int i; 1540 1541 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus); 1542 1543 write_lock_bh(&hci_dev_list_lock); 1544 list_del(&hdev->list); 1545 write_unlock_bh(&hci_dev_list_lock); 1546 1547 hci_dev_do_close(hdev); 1548 1549 for (i = 0; i < NUM_REASSEMBLY; i++) 1550 kfree_skb(hdev->reassembly[i]); 1551 1552 if (!test_bit(HCI_INIT, &hdev->flags) && 1553 !test_bit(HCI_SETUP, &hdev->flags)) 1554 mgmt_index_removed(hdev->id); 1555 1556 hci_notify(hdev, HCI_DEV_UNREG); 1557 1558 if (hdev->rfkill) { 1559 rfkill_unregister(hdev->rfkill); 1560 rfkill_destroy(hdev->rfkill); 1561 } 1562 1563 hci_unregister_sysfs(hdev); 1564 1565 hci_del_off_timer(hdev); 1566 del_timer(&hdev->adv_timer); 1567 1568 destroy_workqueue(hdev->workqueue); 1569 1570 hci_dev_lock_bh(hdev); 1571 hci_blacklist_clear(hdev); 1572 hci_uuids_clear(hdev); 1573 hci_link_keys_clear(hdev); 1574 hci_remote_oob_data_clear(hdev); 1575 hci_adv_entries_clear(hdev); 1576 hci_dev_unlock_bh(hdev); 1577 1578 __hci_dev_put(hdev); 1579 1580 return 0; 1581 } 1582 EXPORT_SYMBOL(hci_unregister_dev); 1583 1584 /* Suspend HCI device */ 1585 int hci_suspend_dev(struct hci_dev *hdev) 1586 { 1587 hci_notify(hdev, HCI_DEV_SUSPEND); 1588 return 0; 1589 } 1590 EXPORT_SYMBOL(hci_suspend_dev); 1591 1592 /* Resume HCI device */ 1593 int hci_resume_dev(struct hci_dev *hdev) 1594 { 1595 hci_notify(hdev, HCI_DEV_RESUME); 1596 return 0; 1597 } 1598 EXPORT_SYMBOL(hci_resume_dev); 1599 1600 /* Receive frame from HCI drivers */ 1601 int hci_recv_frame(struct sk_buff *skb) 1602 { 1603 struct hci_dev *hdev = (struct hci_dev *) skb->dev; 1604 if (!hdev || (!test_bit(HCI_UP, &hdev->flags) 1605 && !test_bit(HCI_INIT, &hdev->flags))) { 1606 kfree_skb(skb); 1607 return -ENXIO; 1608 } 1609 1610 /* Incomming skb */ 1611 bt_cb(skb)->incoming = 1; 1612 1613 /* Time stamp */ 1614 __net_timestamp(skb); 1615 1616 /* Queue frame for rx task */ 1617 skb_queue_tail(&hdev->rx_q, skb); 1618 tasklet_schedule(&hdev->rx_task); 1619 1620 return 0; 1621 } 1622 EXPORT_SYMBOL(hci_recv_frame); 1623 1624 static int hci_reassembly(struct hci_dev *hdev, int type, void *data, 1625 int count, __u8 index) 1626 { 1627 int len = 0; 1628 int hlen = 0; 1629 int remain = count; 1630 struct sk_buff *skb; 1631 struct bt_skb_cb *scb; 1632 1633 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) || 1634 index >= NUM_REASSEMBLY) 1635 return -EILSEQ; 1636 1637 skb = hdev->reassembly[index]; 1638 1639 if (!skb) { 1640 switch (type) { 1641 case HCI_ACLDATA_PKT: 1642 len = HCI_MAX_FRAME_SIZE; 1643 hlen = HCI_ACL_HDR_SIZE; 1644 break; 1645 case HCI_EVENT_PKT: 1646 len = HCI_MAX_EVENT_SIZE; 1647 hlen = HCI_EVENT_HDR_SIZE; 1648 break; 1649 case HCI_SCODATA_PKT: 1650 len = HCI_MAX_SCO_SIZE; 1651 hlen = HCI_SCO_HDR_SIZE; 1652 break; 1653 } 1654 1655 skb = bt_skb_alloc(len, GFP_ATOMIC); 1656 if (!skb) 1657 return -ENOMEM; 1658 1659 scb = (void *) skb->cb; 1660 scb->expect = hlen; 1661 scb->pkt_type = type; 1662 1663 skb->dev = (void *) hdev; 1664 hdev->reassembly[index] = skb; 1665 } 1666 1667 while (count) { 1668 scb = (void *) skb->cb; 1669 len = min(scb->expect, (__u16)count); 1670 1671 memcpy(skb_put(skb, len), data, len); 1672 1673 count -= len; 1674 data += len; 1675 scb->expect -= len; 1676 remain = count; 1677 1678 switch (type) { 1679 case HCI_EVENT_PKT: 1680 if (skb->len == HCI_EVENT_HDR_SIZE) { 1681 struct hci_event_hdr *h = hci_event_hdr(skb); 1682 scb->expect = h->plen; 1683 1684 if (skb_tailroom(skb) < scb->expect) { 1685 kfree_skb(skb); 1686 hdev->reassembly[index] = NULL; 1687 return -ENOMEM; 1688 } 1689 } 1690 break; 1691 1692 case HCI_ACLDATA_PKT: 1693 if (skb->len == HCI_ACL_HDR_SIZE) { 1694 struct hci_acl_hdr *h = hci_acl_hdr(skb); 1695 scb->expect = __le16_to_cpu(h->dlen); 1696 1697 if (skb_tailroom(skb) < scb->expect) { 1698 kfree_skb(skb); 1699 hdev->reassembly[index] = NULL; 1700 return -ENOMEM; 1701 } 1702 } 1703 break; 1704 1705 case HCI_SCODATA_PKT: 1706 if (skb->len == HCI_SCO_HDR_SIZE) { 1707 struct hci_sco_hdr *h = hci_sco_hdr(skb); 1708 scb->expect = h->dlen; 1709 1710 if (skb_tailroom(skb) < scb->expect) { 1711 kfree_skb(skb); 1712 hdev->reassembly[index] = NULL; 1713 return -ENOMEM; 1714 } 1715 } 1716 break; 1717 } 1718 1719 if (scb->expect == 0) { 1720 /* Complete frame */ 1721 1722 bt_cb(skb)->pkt_type = type; 1723 hci_recv_frame(skb); 1724 1725 hdev->reassembly[index] = NULL; 1726 return remain; 1727 } 1728 } 1729 1730 return remain; 1731 } 1732 1733 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count) 1734 { 1735 int rem = 0; 1736 1737 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) 1738 return -EILSEQ; 1739 1740 while (count) { 1741 rem = hci_reassembly(hdev, type, data, count, type - 1); 1742 if (rem < 0) 1743 return rem; 1744 1745 data += (count - rem); 1746 count = rem; 1747 } 1748 1749 return rem; 1750 } 1751 EXPORT_SYMBOL(hci_recv_fragment); 1752 1753 #define STREAM_REASSEMBLY 0 1754 1755 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count) 1756 { 1757 int type; 1758 int rem = 0; 1759 1760 while (count) { 1761 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY]; 1762 1763 if (!skb) { 1764 struct { char type; } *pkt; 1765 1766 /* Start of the frame */ 1767 pkt = data; 1768 type = pkt->type; 1769 1770 data++; 1771 count--; 1772 } else 1773 type = bt_cb(skb)->pkt_type; 1774 1775 rem = hci_reassembly(hdev, type, data, count, 1776 STREAM_REASSEMBLY); 1777 if (rem < 0) 1778 return rem; 1779 1780 data += (count - rem); 1781 count = rem; 1782 } 1783 1784 return rem; 1785 } 1786 EXPORT_SYMBOL(hci_recv_stream_fragment); 1787 1788 /* ---- Interface to upper protocols ---- */ 1789 1790 /* Register/Unregister protocols. 1791 * hci_task_lock is used to ensure that no tasks are running. */ 1792 int hci_register_proto(struct hci_proto *hp) 1793 { 1794 int err = 0; 1795 1796 BT_DBG("%p name %s id %d", hp, hp->name, hp->id); 1797 1798 if (hp->id >= HCI_MAX_PROTO) 1799 return -EINVAL; 1800 1801 write_lock_bh(&hci_task_lock); 1802 1803 if (!hci_proto[hp->id]) 1804 hci_proto[hp->id] = hp; 1805 else 1806 err = -EEXIST; 1807 1808 write_unlock_bh(&hci_task_lock); 1809 1810 return err; 1811 } 1812 EXPORT_SYMBOL(hci_register_proto); 1813 1814 int hci_unregister_proto(struct hci_proto *hp) 1815 { 1816 int err = 0; 1817 1818 BT_DBG("%p name %s id %d", hp, hp->name, hp->id); 1819 1820 if (hp->id >= HCI_MAX_PROTO) 1821 return -EINVAL; 1822 1823 write_lock_bh(&hci_task_lock); 1824 1825 if (hci_proto[hp->id]) 1826 hci_proto[hp->id] = NULL; 1827 else 1828 err = -ENOENT; 1829 1830 write_unlock_bh(&hci_task_lock); 1831 1832 return err; 1833 } 1834 EXPORT_SYMBOL(hci_unregister_proto); 1835 1836 int hci_register_cb(struct hci_cb *cb) 1837 { 1838 BT_DBG("%p name %s", cb, cb->name); 1839 1840 write_lock_bh(&hci_cb_list_lock); 1841 list_add(&cb->list, &hci_cb_list); 1842 write_unlock_bh(&hci_cb_list_lock); 1843 1844 return 0; 1845 } 1846 EXPORT_SYMBOL(hci_register_cb); 1847 1848 int hci_unregister_cb(struct hci_cb *cb) 1849 { 1850 BT_DBG("%p name %s", cb, cb->name); 1851 1852 write_lock_bh(&hci_cb_list_lock); 1853 list_del(&cb->list); 1854 write_unlock_bh(&hci_cb_list_lock); 1855 1856 return 0; 1857 } 1858 EXPORT_SYMBOL(hci_unregister_cb); 1859 1860 static int hci_send_frame(struct sk_buff *skb) 1861 { 1862 struct hci_dev *hdev = (struct hci_dev *) skb->dev; 1863 1864 if (!hdev) { 1865 kfree_skb(skb); 1866 return -ENODEV; 1867 } 1868 1869 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len); 1870 1871 if (atomic_read(&hdev->promisc)) { 1872 /* Time stamp */ 1873 __net_timestamp(skb); 1874 1875 hci_send_to_sock(hdev, skb, NULL); 1876 } 1877 1878 /* Get rid of skb owner, prior to sending to the driver. */ 1879 skb_orphan(skb); 1880 1881 return hdev->send(skb); 1882 } 1883 1884 /* Send HCI command */ 1885 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param) 1886 { 1887 int len = HCI_COMMAND_HDR_SIZE + plen; 1888 struct hci_command_hdr *hdr; 1889 struct sk_buff *skb; 1890 1891 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen); 1892 1893 skb = bt_skb_alloc(len, GFP_ATOMIC); 1894 if (!skb) { 1895 BT_ERR("%s no memory for command", hdev->name); 1896 return -ENOMEM; 1897 } 1898 1899 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE); 1900 hdr->opcode = cpu_to_le16(opcode); 1901 hdr->plen = plen; 1902 1903 if (plen) 1904 memcpy(skb_put(skb, plen), param, plen); 1905 1906 BT_DBG("skb len %d", skb->len); 1907 1908 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT; 1909 skb->dev = (void *) hdev; 1910 1911 if (test_bit(HCI_INIT, &hdev->flags)) 1912 hdev->init_last_cmd = opcode; 1913 1914 skb_queue_tail(&hdev->cmd_q, skb); 1915 tasklet_schedule(&hdev->cmd_task); 1916 1917 return 0; 1918 } 1919 1920 /* Get data from the previously sent command */ 1921 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode) 1922 { 1923 struct hci_command_hdr *hdr; 1924 1925 if (!hdev->sent_cmd) 1926 return NULL; 1927 1928 hdr = (void *) hdev->sent_cmd->data; 1929 1930 if (hdr->opcode != cpu_to_le16(opcode)) 1931 return NULL; 1932 1933 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1934 1935 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE; 1936 } 1937 1938 /* Send ACL data */ 1939 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags) 1940 { 1941 struct hci_acl_hdr *hdr; 1942 int len = skb->len; 1943 1944 skb_push(skb, HCI_ACL_HDR_SIZE); 1945 skb_reset_transport_header(skb); 1946 hdr = (struct hci_acl_hdr *)skb_transport_header(skb); 1947 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags)); 1948 hdr->dlen = cpu_to_le16(len); 1949 } 1950 1951 void hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags) 1952 { 1953 struct hci_dev *hdev = conn->hdev; 1954 struct sk_buff *list; 1955 1956 BT_DBG("%s conn %p flags 0x%x", hdev->name, conn, flags); 1957 1958 skb->dev = (void *) hdev; 1959 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 1960 hci_add_acl_hdr(skb, conn->handle, flags); 1961 1962 list = skb_shinfo(skb)->frag_list; 1963 if (!list) { 1964 /* Non fragmented */ 1965 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len); 1966 1967 skb_queue_tail(&conn->data_q, skb); 1968 } else { 1969 /* Fragmented */ 1970 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len); 1971 1972 skb_shinfo(skb)->frag_list = NULL; 1973 1974 /* Queue all fragments atomically */ 1975 spin_lock_bh(&conn->data_q.lock); 1976 1977 __skb_queue_tail(&conn->data_q, skb); 1978 1979 flags &= ~ACL_START; 1980 flags |= ACL_CONT; 1981 do { 1982 skb = list; list = list->next; 1983 1984 skb->dev = (void *) hdev; 1985 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 1986 hci_add_acl_hdr(skb, conn->handle, flags); 1987 1988 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len); 1989 1990 __skb_queue_tail(&conn->data_q, skb); 1991 } while (list); 1992 1993 spin_unlock_bh(&conn->data_q.lock); 1994 } 1995 1996 tasklet_schedule(&hdev->tx_task); 1997 } 1998 EXPORT_SYMBOL(hci_send_acl); 1999 2000 /* Send SCO data */ 2001 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb) 2002 { 2003 struct hci_dev *hdev = conn->hdev; 2004 struct hci_sco_hdr hdr; 2005 2006 BT_DBG("%s len %d", hdev->name, skb->len); 2007 2008 hdr.handle = cpu_to_le16(conn->handle); 2009 hdr.dlen = skb->len; 2010 2011 skb_push(skb, HCI_SCO_HDR_SIZE); 2012 skb_reset_transport_header(skb); 2013 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE); 2014 2015 skb->dev = (void *) hdev; 2016 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT; 2017 2018 skb_queue_tail(&conn->data_q, skb); 2019 tasklet_schedule(&hdev->tx_task); 2020 } 2021 EXPORT_SYMBOL(hci_send_sco); 2022 2023 /* ---- HCI TX task (outgoing data) ---- */ 2024 2025 /* HCI Connection scheduler */ 2026 static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote) 2027 { 2028 struct hci_conn_hash *h = &hdev->conn_hash; 2029 struct hci_conn *conn = NULL; 2030 int num = 0, min = ~0; 2031 struct list_head *p; 2032 2033 /* We don't have to lock device here. Connections are always 2034 * added and removed with TX task disabled. */ 2035 list_for_each(p, &h->list) { 2036 struct hci_conn *c; 2037 c = list_entry(p, struct hci_conn, list); 2038 2039 if (c->type != type || skb_queue_empty(&c->data_q)) 2040 continue; 2041 2042 if (c->state != BT_CONNECTED && c->state != BT_CONFIG) 2043 continue; 2044 2045 num++; 2046 2047 if (c->sent < min) { 2048 min = c->sent; 2049 conn = c; 2050 } 2051 2052 if (hci_conn_num(hdev, type) == num) 2053 break; 2054 } 2055 2056 if (conn) { 2057 int cnt, q; 2058 2059 switch (conn->type) { 2060 case ACL_LINK: 2061 cnt = hdev->acl_cnt; 2062 break; 2063 case SCO_LINK: 2064 case ESCO_LINK: 2065 cnt = hdev->sco_cnt; 2066 break; 2067 case LE_LINK: 2068 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt; 2069 break; 2070 default: 2071 cnt = 0; 2072 BT_ERR("Unknown link type"); 2073 } 2074 2075 q = cnt / num; 2076 *quote = q ? q : 1; 2077 } else 2078 *quote = 0; 2079 2080 BT_DBG("conn %p quote %d", conn, *quote); 2081 return conn; 2082 } 2083 2084 static inline void hci_link_tx_to(struct hci_dev *hdev, __u8 type) 2085 { 2086 struct hci_conn_hash *h = &hdev->conn_hash; 2087 struct list_head *p; 2088 struct hci_conn *c; 2089 2090 BT_ERR("%s link tx timeout", hdev->name); 2091 2092 /* Kill stalled connections */ 2093 list_for_each(p, &h->list) { 2094 c = list_entry(p, struct hci_conn, list); 2095 if (c->type == type && c->sent) { 2096 BT_ERR("%s killing stalled connection %s", 2097 hdev->name, batostr(&c->dst)); 2098 hci_acl_disconn(c, 0x13); 2099 } 2100 } 2101 } 2102 2103 static inline void hci_sched_acl(struct hci_dev *hdev) 2104 { 2105 struct hci_conn *conn; 2106 struct sk_buff *skb; 2107 int quote; 2108 2109 BT_DBG("%s", hdev->name); 2110 2111 if (!hci_conn_num(hdev, ACL_LINK)) 2112 return; 2113 2114 if (!test_bit(HCI_RAW, &hdev->flags)) { 2115 /* ACL tx timeout must be longer than maximum 2116 * link supervision timeout (40.9 seconds) */ 2117 if (!hdev->acl_cnt && time_after(jiffies, hdev->acl_last_tx + HZ * 45)) 2118 hci_link_tx_to(hdev, ACL_LINK); 2119 } 2120 2121 while (hdev->acl_cnt && (conn = hci_low_sent(hdev, ACL_LINK, "e))) { 2122 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 2123 BT_DBG("skb %p len %d", skb, skb->len); 2124 2125 hci_conn_enter_active_mode(conn, bt_cb(skb)->force_active); 2126 2127 hci_send_frame(skb); 2128 hdev->acl_last_tx = jiffies; 2129 2130 hdev->acl_cnt--; 2131 conn->sent++; 2132 } 2133 } 2134 } 2135 2136 /* Schedule SCO */ 2137 static inline void hci_sched_sco(struct hci_dev *hdev) 2138 { 2139 struct hci_conn *conn; 2140 struct sk_buff *skb; 2141 int quote; 2142 2143 BT_DBG("%s", hdev->name); 2144 2145 if (!hci_conn_num(hdev, SCO_LINK)) 2146 return; 2147 2148 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) { 2149 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 2150 BT_DBG("skb %p len %d", skb, skb->len); 2151 hci_send_frame(skb); 2152 2153 conn->sent++; 2154 if (conn->sent == ~0) 2155 conn->sent = 0; 2156 } 2157 } 2158 } 2159 2160 static inline void hci_sched_esco(struct hci_dev *hdev) 2161 { 2162 struct hci_conn *conn; 2163 struct sk_buff *skb; 2164 int quote; 2165 2166 BT_DBG("%s", hdev->name); 2167 2168 if (!hci_conn_num(hdev, ESCO_LINK)) 2169 return; 2170 2171 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, "e))) { 2172 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 2173 BT_DBG("skb %p len %d", skb, skb->len); 2174 hci_send_frame(skb); 2175 2176 conn->sent++; 2177 if (conn->sent == ~0) 2178 conn->sent = 0; 2179 } 2180 } 2181 } 2182 2183 static inline void hci_sched_le(struct hci_dev *hdev) 2184 { 2185 struct hci_conn *conn; 2186 struct sk_buff *skb; 2187 int quote, cnt; 2188 2189 BT_DBG("%s", hdev->name); 2190 2191 if (!hci_conn_num(hdev, LE_LINK)) 2192 return; 2193 2194 if (!test_bit(HCI_RAW, &hdev->flags)) { 2195 /* LE tx timeout must be longer than maximum 2196 * link supervision timeout (40.9 seconds) */ 2197 if (!hdev->le_cnt && hdev->le_pkts && 2198 time_after(jiffies, hdev->le_last_tx + HZ * 45)) 2199 hci_link_tx_to(hdev, LE_LINK); 2200 } 2201 2202 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt; 2203 while (cnt && (conn = hci_low_sent(hdev, LE_LINK, "e))) { 2204 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 2205 BT_DBG("skb %p len %d", skb, skb->len); 2206 2207 hci_send_frame(skb); 2208 hdev->le_last_tx = jiffies; 2209 2210 cnt--; 2211 conn->sent++; 2212 } 2213 } 2214 if (hdev->le_pkts) 2215 hdev->le_cnt = cnt; 2216 else 2217 hdev->acl_cnt = cnt; 2218 } 2219 2220 static void hci_tx_task(unsigned long arg) 2221 { 2222 struct hci_dev *hdev = (struct hci_dev *) arg; 2223 struct sk_buff *skb; 2224 2225 read_lock(&hci_task_lock); 2226 2227 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt, 2228 hdev->sco_cnt, hdev->le_cnt); 2229 2230 /* Schedule queues and send stuff to HCI driver */ 2231 2232 hci_sched_acl(hdev); 2233 2234 hci_sched_sco(hdev); 2235 2236 hci_sched_esco(hdev); 2237 2238 hci_sched_le(hdev); 2239 2240 /* Send next queued raw (unknown type) packet */ 2241 while ((skb = skb_dequeue(&hdev->raw_q))) 2242 hci_send_frame(skb); 2243 2244 read_unlock(&hci_task_lock); 2245 } 2246 2247 /* ----- HCI RX task (incoming data processing) ----- */ 2248 2249 /* ACL data packet */ 2250 static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb) 2251 { 2252 struct hci_acl_hdr *hdr = (void *) skb->data; 2253 struct hci_conn *conn; 2254 __u16 handle, flags; 2255 2256 skb_pull(skb, HCI_ACL_HDR_SIZE); 2257 2258 handle = __le16_to_cpu(hdr->handle); 2259 flags = hci_flags(handle); 2260 handle = hci_handle(handle); 2261 2262 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags); 2263 2264 hdev->stat.acl_rx++; 2265 2266 hci_dev_lock(hdev); 2267 conn = hci_conn_hash_lookup_handle(hdev, handle); 2268 hci_dev_unlock(hdev); 2269 2270 if (conn) { 2271 register struct hci_proto *hp; 2272 2273 hci_conn_enter_active_mode(conn, bt_cb(skb)->force_active); 2274 2275 /* Send to upper protocol */ 2276 hp = hci_proto[HCI_PROTO_L2CAP]; 2277 if (hp && hp->recv_acldata) { 2278 hp->recv_acldata(conn, skb, flags); 2279 return; 2280 } 2281 } else { 2282 BT_ERR("%s ACL packet for unknown connection handle %d", 2283 hdev->name, handle); 2284 } 2285 2286 kfree_skb(skb); 2287 } 2288 2289 /* SCO data packet */ 2290 static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb) 2291 { 2292 struct hci_sco_hdr *hdr = (void *) skb->data; 2293 struct hci_conn *conn; 2294 __u16 handle; 2295 2296 skb_pull(skb, HCI_SCO_HDR_SIZE); 2297 2298 handle = __le16_to_cpu(hdr->handle); 2299 2300 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle); 2301 2302 hdev->stat.sco_rx++; 2303 2304 hci_dev_lock(hdev); 2305 conn = hci_conn_hash_lookup_handle(hdev, handle); 2306 hci_dev_unlock(hdev); 2307 2308 if (conn) { 2309 register struct hci_proto *hp; 2310 2311 /* Send to upper protocol */ 2312 hp = hci_proto[HCI_PROTO_SCO]; 2313 if (hp && hp->recv_scodata) { 2314 hp->recv_scodata(conn, skb); 2315 return; 2316 } 2317 } else { 2318 BT_ERR("%s SCO packet for unknown connection handle %d", 2319 hdev->name, handle); 2320 } 2321 2322 kfree_skb(skb); 2323 } 2324 2325 static void hci_rx_task(unsigned long arg) 2326 { 2327 struct hci_dev *hdev = (struct hci_dev *) arg; 2328 struct sk_buff *skb; 2329 2330 BT_DBG("%s", hdev->name); 2331 2332 read_lock(&hci_task_lock); 2333 2334 while ((skb = skb_dequeue(&hdev->rx_q))) { 2335 if (atomic_read(&hdev->promisc)) { 2336 /* Send copy to the sockets */ 2337 hci_send_to_sock(hdev, skb, NULL); 2338 } 2339 2340 if (test_bit(HCI_RAW, &hdev->flags)) { 2341 kfree_skb(skb); 2342 continue; 2343 } 2344 2345 if (test_bit(HCI_INIT, &hdev->flags)) { 2346 /* Don't process data packets in this states. */ 2347 switch (bt_cb(skb)->pkt_type) { 2348 case HCI_ACLDATA_PKT: 2349 case HCI_SCODATA_PKT: 2350 kfree_skb(skb); 2351 continue; 2352 } 2353 } 2354 2355 /* Process frame */ 2356 switch (bt_cb(skb)->pkt_type) { 2357 case HCI_EVENT_PKT: 2358 hci_event_packet(hdev, skb); 2359 break; 2360 2361 case HCI_ACLDATA_PKT: 2362 BT_DBG("%s ACL data packet", hdev->name); 2363 hci_acldata_packet(hdev, skb); 2364 break; 2365 2366 case HCI_SCODATA_PKT: 2367 BT_DBG("%s SCO data packet", hdev->name); 2368 hci_scodata_packet(hdev, skb); 2369 break; 2370 2371 default: 2372 kfree_skb(skb); 2373 break; 2374 } 2375 } 2376 2377 read_unlock(&hci_task_lock); 2378 } 2379 2380 static void hci_cmd_task(unsigned long arg) 2381 { 2382 struct hci_dev *hdev = (struct hci_dev *) arg; 2383 struct sk_buff *skb; 2384 2385 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt)); 2386 2387 /* Send queued commands */ 2388 if (atomic_read(&hdev->cmd_cnt)) { 2389 skb = skb_dequeue(&hdev->cmd_q); 2390 if (!skb) 2391 return; 2392 2393 kfree_skb(hdev->sent_cmd); 2394 2395 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC); 2396 if (hdev->sent_cmd) { 2397 atomic_dec(&hdev->cmd_cnt); 2398 hci_send_frame(skb); 2399 if (test_bit(HCI_RESET, &hdev->flags)) 2400 del_timer(&hdev->cmd_timer); 2401 else 2402 mod_timer(&hdev->cmd_timer, 2403 jiffies + msecs_to_jiffies(HCI_CMD_TIMEOUT)); 2404 } else { 2405 skb_queue_head(&hdev->cmd_q, skb); 2406 tasklet_schedule(&hdev->cmd_task); 2407 } 2408 } 2409 } 2410