1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI core. */ 26 27 #include <linux/jiffies.h> 28 #include <linux/module.h> 29 #include <linux/kmod.h> 30 31 #include <linux/types.h> 32 #include <linux/errno.h> 33 #include <linux/kernel.h> 34 #include <linux/sched.h> 35 #include <linux/slab.h> 36 #include <linux/poll.h> 37 #include <linux/fcntl.h> 38 #include <linux/init.h> 39 #include <linux/skbuff.h> 40 #include <linux/interrupt.h> 41 #include <linux/notifier.h> 42 #include <linux/rfkill.h> 43 #include <net/sock.h> 44 45 #include <asm/system.h> 46 #include <asm/uaccess.h> 47 #include <asm/unaligned.h> 48 49 #include <net/bluetooth/bluetooth.h> 50 #include <net/bluetooth/hci_core.h> 51 52 static void hci_cmd_task(unsigned long arg); 53 static void hci_rx_task(unsigned long arg); 54 static void hci_tx_task(unsigned long arg); 55 static void hci_notify(struct hci_dev *hdev, int event); 56 57 static DEFINE_RWLOCK(hci_task_lock); 58 59 /* HCI device list */ 60 LIST_HEAD(hci_dev_list); 61 DEFINE_RWLOCK(hci_dev_list_lock); 62 63 /* HCI callback list */ 64 LIST_HEAD(hci_cb_list); 65 DEFINE_RWLOCK(hci_cb_list_lock); 66 67 /* HCI protocols */ 68 #define HCI_MAX_PROTO 2 69 struct hci_proto *hci_proto[HCI_MAX_PROTO]; 70 71 /* HCI notifiers list */ 72 static ATOMIC_NOTIFIER_HEAD(hci_notifier); 73 74 /* ---- HCI notifications ---- */ 75 76 int hci_register_notifier(struct notifier_block *nb) 77 { 78 return atomic_notifier_chain_register(&hci_notifier, nb); 79 } 80 81 int hci_unregister_notifier(struct notifier_block *nb) 82 { 83 return atomic_notifier_chain_unregister(&hci_notifier, nb); 84 } 85 86 static void hci_notify(struct hci_dev *hdev, int event) 87 { 88 atomic_notifier_call_chain(&hci_notifier, event, hdev); 89 } 90 91 /* ---- HCI requests ---- */ 92 93 void hci_req_complete(struct hci_dev *hdev, int result) 94 { 95 BT_DBG("%s result 0x%2.2x", hdev->name, result); 96 97 if (hdev->req_status == HCI_REQ_PEND) { 98 hdev->req_result = result; 99 hdev->req_status = HCI_REQ_DONE; 100 wake_up_interruptible(&hdev->req_wait_q); 101 } 102 } 103 104 static void hci_req_cancel(struct hci_dev *hdev, int err) 105 { 106 BT_DBG("%s err 0x%2.2x", hdev->name, err); 107 108 if (hdev->req_status == HCI_REQ_PEND) { 109 hdev->req_result = err; 110 hdev->req_status = HCI_REQ_CANCELED; 111 wake_up_interruptible(&hdev->req_wait_q); 112 } 113 } 114 115 /* Execute request and wait for completion. */ 116 static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt), 117 unsigned long opt, __u32 timeout) 118 { 119 DECLARE_WAITQUEUE(wait, current); 120 int err = 0; 121 122 BT_DBG("%s start", hdev->name); 123 124 hdev->req_status = HCI_REQ_PEND; 125 126 add_wait_queue(&hdev->req_wait_q, &wait); 127 set_current_state(TASK_INTERRUPTIBLE); 128 129 req(hdev, opt); 130 schedule_timeout(timeout); 131 132 remove_wait_queue(&hdev->req_wait_q, &wait); 133 134 if (signal_pending(current)) 135 return -EINTR; 136 137 switch (hdev->req_status) { 138 case HCI_REQ_DONE: 139 err = -bt_err(hdev->req_result); 140 break; 141 142 case HCI_REQ_CANCELED: 143 err = -hdev->req_result; 144 break; 145 146 default: 147 err = -ETIMEDOUT; 148 break; 149 } 150 151 hdev->req_status = hdev->req_result = 0; 152 153 BT_DBG("%s end: err %d", hdev->name, err); 154 155 return err; 156 } 157 158 static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt), 159 unsigned long opt, __u32 timeout) 160 { 161 int ret; 162 163 if (!test_bit(HCI_UP, &hdev->flags)) 164 return -ENETDOWN; 165 166 /* Serialize all requests */ 167 hci_req_lock(hdev); 168 ret = __hci_request(hdev, req, opt, timeout); 169 hci_req_unlock(hdev); 170 171 return ret; 172 } 173 174 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt) 175 { 176 BT_DBG("%s %ld", hdev->name, opt); 177 178 /* Reset device */ 179 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL); 180 } 181 182 static void hci_init_req(struct hci_dev *hdev, unsigned long opt) 183 { 184 struct sk_buff *skb; 185 __le16 param; 186 __u8 flt_type; 187 188 BT_DBG("%s %ld", hdev->name, opt); 189 190 /* Driver initialization */ 191 192 /* Special commands */ 193 while ((skb = skb_dequeue(&hdev->driver_init))) { 194 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT; 195 skb->dev = (void *) hdev; 196 skb_queue_tail(&hdev->cmd_q, skb); 197 hci_sched_cmd(hdev); 198 } 199 skb_queue_purge(&hdev->driver_init); 200 201 /* Mandatory initialization */ 202 203 /* Reset */ 204 if (!test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) 205 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL); 206 207 /* Read Local Supported Features */ 208 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL); 209 210 /* Read Local Version */ 211 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL); 212 213 /* Read Buffer Size (ACL mtu, max pkt, etc.) */ 214 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL); 215 216 #if 0 217 /* Host buffer size */ 218 { 219 struct hci_cp_host_buffer_size cp; 220 cp.acl_mtu = cpu_to_le16(HCI_MAX_ACL_SIZE); 221 cp.sco_mtu = HCI_MAX_SCO_SIZE; 222 cp.acl_max_pkt = cpu_to_le16(0xffff); 223 cp.sco_max_pkt = cpu_to_le16(0xffff); 224 hci_send_cmd(hdev, HCI_OP_HOST_BUFFER_SIZE, sizeof(cp), &cp); 225 } 226 #endif 227 228 /* Read BD Address */ 229 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL); 230 231 /* Read Class of Device */ 232 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL); 233 234 /* Read Local Name */ 235 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL); 236 237 /* Read Voice Setting */ 238 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL); 239 240 /* Optional initialization */ 241 242 /* Clear Event Filters */ 243 flt_type = HCI_FLT_CLEAR_ALL; 244 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type); 245 246 /* Page timeout ~20 secs */ 247 param = cpu_to_le16(0x8000); 248 hci_send_cmd(hdev, HCI_OP_WRITE_PG_TIMEOUT, 2, ¶m); 249 250 /* Connection accept timeout ~20 secs */ 251 param = cpu_to_le16(0x7d00); 252 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m); 253 } 254 255 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt) 256 { 257 __u8 scan = opt; 258 259 BT_DBG("%s %x", hdev->name, scan); 260 261 /* Inquiry and Page scans */ 262 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 263 } 264 265 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt) 266 { 267 __u8 auth = opt; 268 269 BT_DBG("%s %x", hdev->name, auth); 270 271 /* Authentication */ 272 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth); 273 } 274 275 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt) 276 { 277 __u8 encrypt = opt; 278 279 BT_DBG("%s %x", hdev->name, encrypt); 280 281 /* Encryption */ 282 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt); 283 } 284 285 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt) 286 { 287 __le16 policy = cpu_to_le16(opt); 288 289 BT_DBG("%s %x", hdev->name, policy); 290 291 /* Default link policy */ 292 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy); 293 } 294 295 /* Get HCI device by index. 296 * Device is held on return. */ 297 struct hci_dev *hci_dev_get(int index) 298 { 299 struct hci_dev *hdev = NULL; 300 struct list_head *p; 301 302 BT_DBG("%d", index); 303 304 if (index < 0) 305 return NULL; 306 307 read_lock(&hci_dev_list_lock); 308 list_for_each(p, &hci_dev_list) { 309 struct hci_dev *d = list_entry(p, struct hci_dev, list); 310 if (d->id == index) { 311 hdev = hci_dev_hold(d); 312 break; 313 } 314 } 315 read_unlock(&hci_dev_list_lock); 316 return hdev; 317 } 318 319 /* ---- Inquiry support ---- */ 320 static void inquiry_cache_flush(struct hci_dev *hdev) 321 { 322 struct inquiry_cache *cache = &hdev->inq_cache; 323 struct inquiry_entry *next = cache->list, *e; 324 325 BT_DBG("cache %p", cache); 326 327 cache->list = NULL; 328 while ((e = next)) { 329 next = e->next; 330 kfree(e); 331 } 332 } 333 334 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr) 335 { 336 struct inquiry_cache *cache = &hdev->inq_cache; 337 struct inquiry_entry *e; 338 339 BT_DBG("cache %p, %s", cache, batostr(bdaddr)); 340 341 for (e = cache->list; e; e = e->next) 342 if (!bacmp(&e->data.bdaddr, bdaddr)) 343 break; 344 return e; 345 } 346 347 void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data) 348 { 349 struct inquiry_cache *cache = &hdev->inq_cache; 350 struct inquiry_entry *e; 351 352 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr)); 353 354 if (!(e = hci_inquiry_cache_lookup(hdev, &data->bdaddr))) { 355 /* Entry not in the cache. Add new one. */ 356 if (!(e = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC))) 357 return; 358 e->next = cache->list; 359 cache->list = e; 360 } 361 362 memcpy(&e->data, data, sizeof(*data)); 363 e->timestamp = jiffies; 364 cache->timestamp = jiffies; 365 } 366 367 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf) 368 { 369 struct inquiry_cache *cache = &hdev->inq_cache; 370 struct inquiry_info *info = (struct inquiry_info *) buf; 371 struct inquiry_entry *e; 372 int copied = 0; 373 374 for (e = cache->list; e && copied < num; e = e->next, copied++) { 375 struct inquiry_data *data = &e->data; 376 bacpy(&info->bdaddr, &data->bdaddr); 377 info->pscan_rep_mode = data->pscan_rep_mode; 378 info->pscan_period_mode = data->pscan_period_mode; 379 info->pscan_mode = data->pscan_mode; 380 memcpy(info->dev_class, data->dev_class, 3); 381 info->clock_offset = data->clock_offset; 382 info++; 383 } 384 385 BT_DBG("cache %p, copied %d", cache, copied); 386 return copied; 387 } 388 389 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt) 390 { 391 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt; 392 struct hci_cp_inquiry cp; 393 394 BT_DBG("%s", hdev->name); 395 396 if (test_bit(HCI_INQUIRY, &hdev->flags)) 397 return; 398 399 /* Start Inquiry */ 400 memcpy(&cp.lap, &ir->lap, 3); 401 cp.length = ir->length; 402 cp.num_rsp = ir->num_rsp; 403 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp); 404 } 405 406 int hci_inquiry(void __user *arg) 407 { 408 __u8 __user *ptr = arg; 409 struct hci_inquiry_req ir; 410 struct hci_dev *hdev; 411 int err = 0, do_inquiry = 0, max_rsp; 412 long timeo; 413 __u8 *buf; 414 415 if (copy_from_user(&ir, ptr, sizeof(ir))) 416 return -EFAULT; 417 418 if (!(hdev = hci_dev_get(ir.dev_id))) 419 return -ENODEV; 420 421 hci_dev_lock_bh(hdev); 422 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX || 423 inquiry_cache_empty(hdev) || 424 ir.flags & IREQ_CACHE_FLUSH) { 425 inquiry_cache_flush(hdev); 426 do_inquiry = 1; 427 } 428 hci_dev_unlock_bh(hdev); 429 430 timeo = ir.length * msecs_to_jiffies(2000); 431 if (do_inquiry && (err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo)) < 0) 432 goto done; 433 434 /* for unlimited number of responses we will use buffer with 255 entries */ 435 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp; 436 437 /* cache_dump can't sleep. Therefore we allocate temp buffer and then 438 * copy it to the user space. 439 */ 440 if (!(buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL))) { 441 err = -ENOMEM; 442 goto done; 443 } 444 445 hci_dev_lock_bh(hdev); 446 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf); 447 hci_dev_unlock_bh(hdev); 448 449 BT_DBG("num_rsp %d", ir.num_rsp); 450 451 if (!copy_to_user(ptr, &ir, sizeof(ir))) { 452 ptr += sizeof(ir); 453 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) * 454 ir.num_rsp)) 455 err = -EFAULT; 456 } else 457 err = -EFAULT; 458 459 kfree(buf); 460 461 done: 462 hci_dev_put(hdev); 463 return err; 464 } 465 466 /* ---- HCI ioctl helpers ---- */ 467 468 int hci_dev_open(__u16 dev) 469 { 470 struct hci_dev *hdev; 471 int ret = 0; 472 473 if (!(hdev = hci_dev_get(dev))) 474 return -ENODEV; 475 476 BT_DBG("%s %p", hdev->name, hdev); 477 478 hci_req_lock(hdev); 479 480 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) { 481 ret = -ERFKILL; 482 goto done; 483 } 484 485 if (test_bit(HCI_UP, &hdev->flags)) { 486 ret = -EALREADY; 487 goto done; 488 } 489 490 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 491 set_bit(HCI_RAW, &hdev->flags); 492 493 if (hdev->open(hdev)) { 494 ret = -EIO; 495 goto done; 496 } 497 498 if (!test_bit(HCI_RAW, &hdev->flags)) { 499 atomic_set(&hdev->cmd_cnt, 1); 500 set_bit(HCI_INIT, &hdev->flags); 501 502 //__hci_request(hdev, hci_reset_req, 0, HZ); 503 ret = __hci_request(hdev, hci_init_req, 0, 504 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 505 506 clear_bit(HCI_INIT, &hdev->flags); 507 } 508 509 if (!ret) { 510 hci_dev_hold(hdev); 511 set_bit(HCI_UP, &hdev->flags); 512 hci_notify(hdev, HCI_DEV_UP); 513 } else { 514 /* Init failed, cleanup */ 515 tasklet_kill(&hdev->rx_task); 516 tasklet_kill(&hdev->tx_task); 517 tasklet_kill(&hdev->cmd_task); 518 519 skb_queue_purge(&hdev->cmd_q); 520 skb_queue_purge(&hdev->rx_q); 521 522 if (hdev->flush) 523 hdev->flush(hdev); 524 525 if (hdev->sent_cmd) { 526 kfree_skb(hdev->sent_cmd); 527 hdev->sent_cmd = NULL; 528 } 529 530 hdev->close(hdev); 531 hdev->flags = 0; 532 } 533 534 done: 535 hci_req_unlock(hdev); 536 hci_dev_put(hdev); 537 return ret; 538 } 539 540 static int hci_dev_do_close(struct hci_dev *hdev) 541 { 542 BT_DBG("%s %p", hdev->name, hdev); 543 544 hci_req_cancel(hdev, ENODEV); 545 hci_req_lock(hdev); 546 547 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) { 548 hci_req_unlock(hdev); 549 return 0; 550 } 551 552 /* Kill RX and TX tasks */ 553 tasklet_kill(&hdev->rx_task); 554 tasklet_kill(&hdev->tx_task); 555 556 hci_dev_lock_bh(hdev); 557 inquiry_cache_flush(hdev); 558 hci_conn_hash_flush(hdev); 559 hci_dev_unlock_bh(hdev); 560 561 hci_notify(hdev, HCI_DEV_DOWN); 562 563 if (hdev->flush) 564 hdev->flush(hdev); 565 566 /* Reset device */ 567 skb_queue_purge(&hdev->cmd_q); 568 atomic_set(&hdev->cmd_cnt, 1); 569 if (!test_bit(HCI_RAW, &hdev->flags)) { 570 set_bit(HCI_INIT, &hdev->flags); 571 __hci_request(hdev, hci_reset_req, 0, 572 msecs_to_jiffies(250)); 573 clear_bit(HCI_INIT, &hdev->flags); 574 } 575 576 /* Kill cmd task */ 577 tasklet_kill(&hdev->cmd_task); 578 579 /* Drop queues */ 580 skb_queue_purge(&hdev->rx_q); 581 skb_queue_purge(&hdev->cmd_q); 582 skb_queue_purge(&hdev->raw_q); 583 584 /* Drop last sent command */ 585 if (hdev->sent_cmd) { 586 kfree_skb(hdev->sent_cmd); 587 hdev->sent_cmd = NULL; 588 } 589 590 /* After this point our queues are empty 591 * and no tasks are scheduled. */ 592 hdev->close(hdev); 593 594 /* Clear flags */ 595 hdev->flags = 0; 596 597 hci_req_unlock(hdev); 598 599 hci_dev_put(hdev); 600 return 0; 601 } 602 603 int hci_dev_close(__u16 dev) 604 { 605 struct hci_dev *hdev; 606 int err; 607 608 if (!(hdev = hci_dev_get(dev))) 609 return -ENODEV; 610 err = hci_dev_do_close(hdev); 611 hci_dev_put(hdev); 612 return err; 613 } 614 615 int hci_dev_reset(__u16 dev) 616 { 617 struct hci_dev *hdev; 618 int ret = 0; 619 620 if (!(hdev = hci_dev_get(dev))) 621 return -ENODEV; 622 623 hci_req_lock(hdev); 624 tasklet_disable(&hdev->tx_task); 625 626 if (!test_bit(HCI_UP, &hdev->flags)) 627 goto done; 628 629 /* Drop queues */ 630 skb_queue_purge(&hdev->rx_q); 631 skb_queue_purge(&hdev->cmd_q); 632 633 hci_dev_lock_bh(hdev); 634 inquiry_cache_flush(hdev); 635 hci_conn_hash_flush(hdev); 636 hci_dev_unlock_bh(hdev); 637 638 if (hdev->flush) 639 hdev->flush(hdev); 640 641 atomic_set(&hdev->cmd_cnt, 1); 642 hdev->acl_cnt = 0; hdev->sco_cnt = 0; 643 644 if (!test_bit(HCI_RAW, &hdev->flags)) 645 ret = __hci_request(hdev, hci_reset_req, 0, 646 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 647 648 done: 649 tasklet_enable(&hdev->tx_task); 650 hci_req_unlock(hdev); 651 hci_dev_put(hdev); 652 return ret; 653 } 654 655 int hci_dev_reset_stat(__u16 dev) 656 { 657 struct hci_dev *hdev; 658 int ret = 0; 659 660 if (!(hdev = hci_dev_get(dev))) 661 return -ENODEV; 662 663 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats)); 664 665 hci_dev_put(hdev); 666 667 return ret; 668 } 669 670 int hci_dev_cmd(unsigned int cmd, void __user *arg) 671 { 672 struct hci_dev *hdev; 673 struct hci_dev_req dr; 674 int err = 0; 675 676 if (copy_from_user(&dr, arg, sizeof(dr))) 677 return -EFAULT; 678 679 if (!(hdev = hci_dev_get(dr.dev_id))) 680 return -ENODEV; 681 682 switch (cmd) { 683 case HCISETAUTH: 684 err = hci_request(hdev, hci_auth_req, dr.dev_opt, 685 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 686 break; 687 688 case HCISETENCRYPT: 689 if (!lmp_encrypt_capable(hdev)) { 690 err = -EOPNOTSUPP; 691 break; 692 } 693 694 if (!test_bit(HCI_AUTH, &hdev->flags)) { 695 /* Auth must be enabled first */ 696 err = hci_request(hdev, hci_auth_req, dr.dev_opt, 697 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 698 if (err) 699 break; 700 } 701 702 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt, 703 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 704 break; 705 706 case HCISETSCAN: 707 err = hci_request(hdev, hci_scan_req, dr.dev_opt, 708 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 709 break; 710 711 case HCISETLINKPOL: 712 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt, 713 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 714 break; 715 716 case HCISETLINKMODE: 717 hdev->link_mode = ((__u16) dr.dev_opt) & 718 (HCI_LM_MASTER | HCI_LM_ACCEPT); 719 break; 720 721 case HCISETPTYPE: 722 hdev->pkt_type = (__u16) dr.dev_opt; 723 break; 724 725 case HCISETACLMTU: 726 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1); 727 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0); 728 break; 729 730 case HCISETSCOMTU: 731 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1); 732 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0); 733 break; 734 735 default: 736 err = -EINVAL; 737 break; 738 } 739 740 hci_dev_put(hdev); 741 return err; 742 } 743 744 int hci_get_dev_list(void __user *arg) 745 { 746 struct hci_dev_list_req *dl; 747 struct hci_dev_req *dr; 748 struct list_head *p; 749 int n = 0, size, err; 750 __u16 dev_num; 751 752 if (get_user(dev_num, (__u16 __user *) arg)) 753 return -EFAULT; 754 755 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr)) 756 return -EINVAL; 757 758 size = sizeof(*dl) + dev_num * sizeof(*dr); 759 760 if (!(dl = kzalloc(size, GFP_KERNEL))) 761 return -ENOMEM; 762 763 dr = dl->dev_req; 764 765 read_lock_bh(&hci_dev_list_lock); 766 list_for_each(p, &hci_dev_list) { 767 struct hci_dev *hdev; 768 hdev = list_entry(p, struct hci_dev, list); 769 (dr + n)->dev_id = hdev->id; 770 (dr + n)->dev_opt = hdev->flags; 771 if (++n >= dev_num) 772 break; 773 } 774 read_unlock_bh(&hci_dev_list_lock); 775 776 dl->dev_num = n; 777 size = sizeof(*dl) + n * sizeof(*dr); 778 779 err = copy_to_user(arg, dl, size); 780 kfree(dl); 781 782 return err ? -EFAULT : 0; 783 } 784 785 int hci_get_dev_info(void __user *arg) 786 { 787 struct hci_dev *hdev; 788 struct hci_dev_info di; 789 int err = 0; 790 791 if (copy_from_user(&di, arg, sizeof(di))) 792 return -EFAULT; 793 794 if (!(hdev = hci_dev_get(di.dev_id))) 795 return -ENODEV; 796 797 strcpy(di.name, hdev->name); 798 di.bdaddr = hdev->bdaddr; 799 di.type = hdev->type; 800 di.flags = hdev->flags; 801 di.pkt_type = hdev->pkt_type; 802 di.acl_mtu = hdev->acl_mtu; 803 di.acl_pkts = hdev->acl_pkts; 804 di.sco_mtu = hdev->sco_mtu; 805 di.sco_pkts = hdev->sco_pkts; 806 di.link_policy = hdev->link_policy; 807 di.link_mode = hdev->link_mode; 808 809 memcpy(&di.stat, &hdev->stat, sizeof(di.stat)); 810 memcpy(&di.features, &hdev->features, sizeof(di.features)); 811 812 if (copy_to_user(arg, &di, sizeof(di))) 813 err = -EFAULT; 814 815 hci_dev_put(hdev); 816 817 return err; 818 } 819 820 /* ---- Interface to HCI drivers ---- */ 821 822 static int hci_rfkill_set_block(void *data, bool blocked) 823 { 824 struct hci_dev *hdev = data; 825 826 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked); 827 828 if (!blocked) 829 return 0; 830 831 hci_dev_do_close(hdev); 832 833 return 0; 834 } 835 836 static const struct rfkill_ops hci_rfkill_ops = { 837 .set_block = hci_rfkill_set_block, 838 }; 839 840 /* Alloc HCI device */ 841 struct hci_dev *hci_alloc_dev(void) 842 { 843 struct hci_dev *hdev; 844 845 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL); 846 if (!hdev) 847 return NULL; 848 849 skb_queue_head_init(&hdev->driver_init); 850 851 return hdev; 852 } 853 EXPORT_SYMBOL(hci_alloc_dev); 854 855 /* Free HCI device */ 856 void hci_free_dev(struct hci_dev *hdev) 857 { 858 skb_queue_purge(&hdev->driver_init); 859 860 /* will free via device release */ 861 put_device(&hdev->dev); 862 } 863 EXPORT_SYMBOL(hci_free_dev); 864 865 /* Register HCI device */ 866 int hci_register_dev(struct hci_dev *hdev) 867 { 868 struct list_head *head = &hci_dev_list, *p; 869 int i, id = 0; 870 871 BT_DBG("%p name %s type %d owner %p", hdev, hdev->name, 872 hdev->type, hdev->owner); 873 874 if (!hdev->open || !hdev->close || !hdev->destruct) 875 return -EINVAL; 876 877 write_lock_bh(&hci_dev_list_lock); 878 879 /* Find first available device id */ 880 list_for_each(p, &hci_dev_list) { 881 if (list_entry(p, struct hci_dev, list)->id != id) 882 break; 883 head = p; id++; 884 } 885 886 sprintf(hdev->name, "hci%d", id); 887 hdev->id = id; 888 list_add(&hdev->list, head); 889 890 atomic_set(&hdev->refcnt, 1); 891 spin_lock_init(&hdev->lock); 892 893 hdev->flags = 0; 894 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1); 895 hdev->esco_type = (ESCO_HV1); 896 hdev->link_mode = (HCI_LM_ACCEPT); 897 898 hdev->idle_timeout = 0; 899 hdev->sniff_max_interval = 800; 900 hdev->sniff_min_interval = 80; 901 902 tasklet_init(&hdev->cmd_task, hci_cmd_task,(unsigned long) hdev); 903 tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev); 904 tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev); 905 906 skb_queue_head_init(&hdev->rx_q); 907 skb_queue_head_init(&hdev->cmd_q); 908 skb_queue_head_init(&hdev->raw_q); 909 910 for (i = 0; i < 3; i++) 911 hdev->reassembly[i] = NULL; 912 913 init_waitqueue_head(&hdev->req_wait_q); 914 mutex_init(&hdev->req_lock); 915 916 inquiry_cache_init(hdev); 917 918 hci_conn_hash_init(hdev); 919 920 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats)); 921 922 atomic_set(&hdev->promisc, 0); 923 924 write_unlock_bh(&hci_dev_list_lock); 925 926 hci_register_sysfs(hdev); 927 928 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev, 929 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, hdev); 930 if (hdev->rfkill) { 931 if (rfkill_register(hdev->rfkill) < 0) { 932 rfkill_destroy(hdev->rfkill); 933 hdev->rfkill = NULL; 934 } 935 } 936 937 hci_notify(hdev, HCI_DEV_REG); 938 939 return id; 940 } 941 EXPORT_SYMBOL(hci_register_dev); 942 943 /* Unregister HCI device */ 944 int hci_unregister_dev(struct hci_dev *hdev) 945 { 946 int i; 947 948 BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type); 949 950 write_lock_bh(&hci_dev_list_lock); 951 list_del(&hdev->list); 952 write_unlock_bh(&hci_dev_list_lock); 953 954 hci_dev_do_close(hdev); 955 956 for (i = 0; i < 3; i++) 957 kfree_skb(hdev->reassembly[i]); 958 959 hci_notify(hdev, HCI_DEV_UNREG); 960 961 if (hdev->rfkill) { 962 rfkill_unregister(hdev->rfkill); 963 rfkill_destroy(hdev->rfkill); 964 } 965 966 hci_unregister_sysfs(hdev); 967 968 __hci_dev_put(hdev); 969 970 return 0; 971 } 972 EXPORT_SYMBOL(hci_unregister_dev); 973 974 /* Suspend HCI device */ 975 int hci_suspend_dev(struct hci_dev *hdev) 976 { 977 hci_notify(hdev, HCI_DEV_SUSPEND); 978 return 0; 979 } 980 EXPORT_SYMBOL(hci_suspend_dev); 981 982 /* Resume HCI device */ 983 int hci_resume_dev(struct hci_dev *hdev) 984 { 985 hci_notify(hdev, HCI_DEV_RESUME); 986 return 0; 987 } 988 EXPORT_SYMBOL(hci_resume_dev); 989 990 /* Receive packet type fragment */ 991 #define __reassembly(hdev, type) ((hdev)->reassembly[(type) - 2]) 992 993 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count) 994 { 995 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) 996 return -EILSEQ; 997 998 while (count) { 999 struct sk_buff *skb = __reassembly(hdev, type); 1000 struct { int expect; } *scb; 1001 int len = 0; 1002 1003 if (!skb) { 1004 /* Start of the frame */ 1005 1006 switch (type) { 1007 case HCI_EVENT_PKT: 1008 if (count >= HCI_EVENT_HDR_SIZE) { 1009 struct hci_event_hdr *h = data; 1010 len = HCI_EVENT_HDR_SIZE + h->plen; 1011 } else 1012 return -EILSEQ; 1013 break; 1014 1015 case HCI_ACLDATA_PKT: 1016 if (count >= HCI_ACL_HDR_SIZE) { 1017 struct hci_acl_hdr *h = data; 1018 len = HCI_ACL_HDR_SIZE + __le16_to_cpu(h->dlen); 1019 } else 1020 return -EILSEQ; 1021 break; 1022 1023 case HCI_SCODATA_PKT: 1024 if (count >= HCI_SCO_HDR_SIZE) { 1025 struct hci_sco_hdr *h = data; 1026 len = HCI_SCO_HDR_SIZE + h->dlen; 1027 } else 1028 return -EILSEQ; 1029 break; 1030 } 1031 1032 skb = bt_skb_alloc(len, GFP_ATOMIC); 1033 if (!skb) { 1034 BT_ERR("%s no memory for packet", hdev->name); 1035 return -ENOMEM; 1036 } 1037 1038 skb->dev = (void *) hdev; 1039 bt_cb(skb)->pkt_type = type; 1040 1041 __reassembly(hdev, type) = skb; 1042 1043 scb = (void *) skb->cb; 1044 scb->expect = len; 1045 } else { 1046 /* Continuation */ 1047 1048 scb = (void *) skb->cb; 1049 len = scb->expect; 1050 } 1051 1052 len = min(len, count); 1053 1054 memcpy(skb_put(skb, len), data, len); 1055 1056 scb->expect -= len; 1057 1058 if (scb->expect == 0) { 1059 /* Complete frame */ 1060 1061 __reassembly(hdev, type) = NULL; 1062 1063 bt_cb(skb)->pkt_type = type; 1064 hci_recv_frame(skb); 1065 } 1066 1067 count -= len; data += len; 1068 } 1069 1070 return 0; 1071 } 1072 EXPORT_SYMBOL(hci_recv_fragment); 1073 1074 /* ---- Interface to upper protocols ---- */ 1075 1076 /* Register/Unregister protocols. 1077 * hci_task_lock is used to ensure that no tasks are running. */ 1078 int hci_register_proto(struct hci_proto *hp) 1079 { 1080 int err = 0; 1081 1082 BT_DBG("%p name %s id %d", hp, hp->name, hp->id); 1083 1084 if (hp->id >= HCI_MAX_PROTO) 1085 return -EINVAL; 1086 1087 write_lock_bh(&hci_task_lock); 1088 1089 if (!hci_proto[hp->id]) 1090 hci_proto[hp->id] = hp; 1091 else 1092 err = -EEXIST; 1093 1094 write_unlock_bh(&hci_task_lock); 1095 1096 return err; 1097 } 1098 EXPORT_SYMBOL(hci_register_proto); 1099 1100 int hci_unregister_proto(struct hci_proto *hp) 1101 { 1102 int err = 0; 1103 1104 BT_DBG("%p name %s id %d", hp, hp->name, hp->id); 1105 1106 if (hp->id >= HCI_MAX_PROTO) 1107 return -EINVAL; 1108 1109 write_lock_bh(&hci_task_lock); 1110 1111 if (hci_proto[hp->id]) 1112 hci_proto[hp->id] = NULL; 1113 else 1114 err = -ENOENT; 1115 1116 write_unlock_bh(&hci_task_lock); 1117 1118 return err; 1119 } 1120 EXPORT_SYMBOL(hci_unregister_proto); 1121 1122 int hci_register_cb(struct hci_cb *cb) 1123 { 1124 BT_DBG("%p name %s", cb, cb->name); 1125 1126 write_lock_bh(&hci_cb_list_lock); 1127 list_add(&cb->list, &hci_cb_list); 1128 write_unlock_bh(&hci_cb_list_lock); 1129 1130 return 0; 1131 } 1132 EXPORT_SYMBOL(hci_register_cb); 1133 1134 int hci_unregister_cb(struct hci_cb *cb) 1135 { 1136 BT_DBG("%p name %s", cb, cb->name); 1137 1138 write_lock_bh(&hci_cb_list_lock); 1139 list_del(&cb->list); 1140 write_unlock_bh(&hci_cb_list_lock); 1141 1142 return 0; 1143 } 1144 EXPORT_SYMBOL(hci_unregister_cb); 1145 1146 static int hci_send_frame(struct sk_buff *skb) 1147 { 1148 struct hci_dev *hdev = (struct hci_dev *) skb->dev; 1149 1150 if (!hdev) { 1151 kfree_skb(skb); 1152 return -ENODEV; 1153 } 1154 1155 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len); 1156 1157 if (atomic_read(&hdev->promisc)) { 1158 /* Time stamp */ 1159 __net_timestamp(skb); 1160 1161 hci_send_to_sock(hdev, skb); 1162 } 1163 1164 /* Get rid of skb owner, prior to sending to the driver. */ 1165 skb_orphan(skb); 1166 1167 return hdev->send(skb); 1168 } 1169 1170 /* Send HCI command */ 1171 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param) 1172 { 1173 int len = HCI_COMMAND_HDR_SIZE + plen; 1174 struct hci_command_hdr *hdr; 1175 struct sk_buff *skb; 1176 1177 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen); 1178 1179 skb = bt_skb_alloc(len, GFP_ATOMIC); 1180 if (!skb) { 1181 BT_ERR("%s no memory for command", hdev->name); 1182 return -ENOMEM; 1183 } 1184 1185 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE); 1186 hdr->opcode = cpu_to_le16(opcode); 1187 hdr->plen = plen; 1188 1189 if (plen) 1190 memcpy(skb_put(skb, plen), param, plen); 1191 1192 BT_DBG("skb len %d", skb->len); 1193 1194 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT; 1195 skb->dev = (void *) hdev; 1196 skb_queue_tail(&hdev->cmd_q, skb); 1197 hci_sched_cmd(hdev); 1198 1199 return 0; 1200 } 1201 1202 /* Get data from the previously sent command */ 1203 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode) 1204 { 1205 struct hci_command_hdr *hdr; 1206 1207 if (!hdev->sent_cmd) 1208 return NULL; 1209 1210 hdr = (void *) hdev->sent_cmd->data; 1211 1212 if (hdr->opcode != cpu_to_le16(opcode)) 1213 return NULL; 1214 1215 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1216 1217 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE; 1218 } 1219 1220 /* Send ACL data */ 1221 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags) 1222 { 1223 struct hci_acl_hdr *hdr; 1224 int len = skb->len; 1225 1226 skb_push(skb, HCI_ACL_HDR_SIZE); 1227 skb_reset_transport_header(skb); 1228 hdr = (struct hci_acl_hdr *)skb_transport_header(skb); 1229 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags)); 1230 hdr->dlen = cpu_to_le16(len); 1231 } 1232 1233 int hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags) 1234 { 1235 struct hci_dev *hdev = conn->hdev; 1236 struct sk_buff *list; 1237 1238 BT_DBG("%s conn %p flags 0x%x", hdev->name, conn, flags); 1239 1240 skb->dev = (void *) hdev; 1241 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 1242 hci_add_acl_hdr(skb, conn->handle, flags | ACL_START); 1243 1244 if (!(list = skb_shinfo(skb)->frag_list)) { 1245 /* Non fragmented */ 1246 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len); 1247 1248 skb_queue_tail(&conn->data_q, skb); 1249 } else { 1250 /* Fragmented */ 1251 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len); 1252 1253 skb_shinfo(skb)->frag_list = NULL; 1254 1255 /* Queue all fragments atomically */ 1256 spin_lock_bh(&conn->data_q.lock); 1257 1258 __skb_queue_tail(&conn->data_q, skb); 1259 do { 1260 skb = list; list = list->next; 1261 1262 skb->dev = (void *) hdev; 1263 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 1264 hci_add_acl_hdr(skb, conn->handle, flags | ACL_CONT); 1265 1266 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len); 1267 1268 __skb_queue_tail(&conn->data_q, skb); 1269 } while (list); 1270 1271 spin_unlock_bh(&conn->data_q.lock); 1272 } 1273 1274 hci_sched_tx(hdev); 1275 return 0; 1276 } 1277 EXPORT_SYMBOL(hci_send_acl); 1278 1279 /* Send SCO data */ 1280 int hci_send_sco(struct hci_conn *conn, struct sk_buff *skb) 1281 { 1282 struct hci_dev *hdev = conn->hdev; 1283 struct hci_sco_hdr hdr; 1284 1285 BT_DBG("%s len %d", hdev->name, skb->len); 1286 1287 if (skb->len > hdev->sco_mtu) { 1288 kfree_skb(skb); 1289 return -EINVAL; 1290 } 1291 1292 hdr.handle = cpu_to_le16(conn->handle); 1293 hdr.dlen = skb->len; 1294 1295 skb_push(skb, HCI_SCO_HDR_SIZE); 1296 skb_reset_transport_header(skb); 1297 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE); 1298 1299 skb->dev = (void *) hdev; 1300 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT; 1301 skb_queue_tail(&conn->data_q, skb); 1302 hci_sched_tx(hdev); 1303 return 0; 1304 } 1305 EXPORT_SYMBOL(hci_send_sco); 1306 1307 /* ---- HCI TX task (outgoing data) ---- */ 1308 1309 /* HCI Connection scheduler */ 1310 static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote) 1311 { 1312 struct hci_conn_hash *h = &hdev->conn_hash; 1313 struct hci_conn *conn = NULL; 1314 int num = 0, min = ~0; 1315 struct list_head *p; 1316 1317 /* We don't have to lock device here. Connections are always 1318 * added and removed with TX task disabled. */ 1319 list_for_each(p, &h->list) { 1320 struct hci_conn *c; 1321 c = list_entry(p, struct hci_conn, list); 1322 1323 if (c->type != type || skb_queue_empty(&c->data_q)) 1324 continue; 1325 1326 if (c->state != BT_CONNECTED && c->state != BT_CONFIG) 1327 continue; 1328 1329 num++; 1330 1331 if (c->sent < min) { 1332 min = c->sent; 1333 conn = c; 1334 } 1335 } 1336 1337 if (conn) { 1338 int cnt = (type == ACL_LINK ? hdev->acl_cnt : hdev->sco_cnt); 1339 int q = cnt / num; 1340 *quote = q ? q : 1; 1341 } else 1342 *quote = 0; 1343 1344 BT_DBG("conn %p quote %d", conn, *quote); 1345 return conn; 1346 } 1347 1348 static inline void hci_acl_tx_to(struct hci_dev *hdev) 1349 { 1350 struct hci_conn_hash *h = &hdev->conn_hash; 1351 struct list_head *p; 1352 struct hci_conn *c; 1353 1354 BT_ERR("%s ACL tx timeout", hdev->name); 1355 1356 /* Kill stalled connections */ 1357 list_for_each(p, &h->list) { 1358 c = list_entry(p, struct hci_conn, list); 1359 if (c->type == ACL_LINK && c->sent) { 1360 BT_ERR("%s killing stalled ACL connection %s", 1361 hdev->name, batostr(&c->dst)); 1362 hci_acl_disconn(c, 0x13); 1363 } 1364 } 1365 } 1366 1367 static inline void hci_sched_acl(struct hci_dev *hdev) 1368 { 1369 struct hci_conn *conn; 1370 struct sk_buff *skb; 1371 int quote; 1372 1373 BT_DBG("%s", hdev->name); 1374 1375 if (!test_bit(HCI_RAW, &hdev->flags)) { 1376 /* ACL tx timeout must be longer than maximum 1377 * link supervision timeout (40.9 seconds) */ 1378 if (!hdev->acl_cnt && time_after(jiffies, hdev->acl_last_tx + HZ * 45)) 1379 hci_acl_tx_to(hdev); 1380 } 1381 1382 while (hdev->acl_cnt && (conn = hci_low_sent(hdev, ACL_LINK, "e))) { 1383 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 1384 BT_DBG("skb %p len %d", skb, skb->len); 1385 1386 hci_conn_enter_active_mode(conn); 1387 1388 hci_send_frame(skb); 1389 hdev->acl_last_tx = jiffies; 1390 1391 hdev->acl_cnt--; 1392 conn->sent++; 1393 } 1394 } 1395 } 1396 1397 /* Schedule SCO */ 1398 static inline void hci_sched_sco(struct hci_dev *hdev) 1399 { 1400 struct hci_conn *conn; 1401 struct sk_buff *skb; 1402 int quote; 1403 1404 BT_DBG("%s", hdev->name); 1405 1406 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) { 1407 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 1408 BT_DBG("skb %p len %d", skb, skb->len); 1409 hci_send_frame(skb); 1410 1411 conn->sent++; 1412 if (conn->sent == ~0) 1413 conn->sent = 0; 1414 } 1415 } 1416 } 1417 1418 static inline void hci_sched_esco(struct hci_dev *hdev) 1419 { 1420 struct hci_conn *conn; 1421 struct sk_buff *skb; 1422 int quote; 1423 1424 BT_DBG("%s", hdev->name); 1425 1426 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, "e))) { 1427 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 1428 BT_DBG("skb %p len %d", skb, skb->len); 1429 hci_send_frame(skb); 1430 1431 conn->sent++; 1432 if (conn->sent == ~0) 1433 conn->sent = 0; 1434 } 1435 } 1436 } 1437 1438 static void hci_tx_task(unsigned long arg) 1439 { 1440 struct hci_dev *hdev = (struct hci_dev *) arg; 1441 struct sk_buff *skb; 1442 1443 read_lock(&hci_task_lock); 1444 1445 BT_DBG("%s acl %d sco %d", hdev->name, hdev->acl_cnt, hdev->sco_cnt); 1446 1447 /* Schedule queues and send stuff to HCI driver */ 1448 1449 hci_sched_acl(hdev); 1450 1451 hci_sched_sco(hdev); 1452 1453 hci_sched_esco(hdev); 1454 1455 /* Send next queued raw (unknown type) packet */ 1456 while ((skb = skb_dequeue(&hdev->raw_q))) 1457 hci_send_frame(skb); 1458 1459 read_unlock(&hci_task_lock); 1460 } 1461 1462 /* ----- HCI RX task (incoming data proccessing) ----- */ 1463 1464 /* ACL data packet */ 1465 static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb) 1466 { 1467 struct hci_acl_hdr *hdr = (void *) skb->data; 1468 struct hci_conn *conn; 1469 __u16 handle, flags; 1470 1471 skb_pull(skb, HCI_ACL_HDR_SIZE); 1472 1473 handle = __le16_to_cpu(hdr->handle); 1474 flags = hci_flags(handle); 1475 handle = hci_handle(handle); 1476 1477 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags); 1478 1479 hdev->stat.acl_rx++; 1480 1481 hci_dev_lock(hdev); 1482 conn = hci_conn_hash_lookup_handle(hdev, handle); 1483 hci_dev_unlock(hdev); 1484 1485 if (conn) { 1486 register struct hci_proto *hp; 1487 1488 hci_conn_enter_active_mode(conn); 1489 1490 /* Send to upper protocol */ 1491 if ((hp = hci_proto[HCI_PROTO_L2CAP]) && hp->recv_acldata) { 1492 hp->recv_acldata(conn, skb, flags); 1493 return; 1494 } 1495 } else { 1496 BT_ERR("%s ACL packet for unknown connection handle %d", 1497 hdev->name, handle); 1498 } 1499 1500 kfree_skb(skb); 1501 } 1502 1503 /* SCO data packet */ 1504 static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb) 1505 { 1506 struct hci_sco_hdr *hdr = (void *) skb->data; 1507 struct hci_conn *conn; 1508 __u16 handle; 1509 1510 skb_pull(skb, HCI_SCO_HDR_SIZE); 1511 1512 handle = __le16_to_cpu(hdr->handle); 1513 1514 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle); 1515 1516 hdev->stat.sco_rx++; 1517 1518 hci_dev_lock(hdev); 1519 conn = hci_conn_hash_lookup_handle(hdev, handle); 1520 hci_dev_unlock(hdev); 1521 1522 if (conn) { 1523 register struct hci_proto *hp; 1524 1525 /* Send to upper protocol */ 1526 if ((hp = hci_proto[HCI_PROTO_SCO]) && hp->recv_scodata) { 1527 hp->recv_scodata(conn, skb); 1528 return; 1529 } 1530 } else { 1531 BT_ERR("%s SCO packet for unknown connection handle %d", 1532 hdev->name, handle); 1533 } 1534 1535 kfree_skb(skb); 1536 } 1537 1538 static void hci_rx_task(unsigned long arg) 1539 { 1540 struct hci_dev *hdev = (struct hci_dev *) arg; 1541 struct sk_buff *skb; 1542 1543 BT_DBG("%s", hdev->name); 1544 1545 read_lock(&hci_task_lock); 1546 1547 while ((skb = skb_dequeue(&hdev->rx_q))) { 1548 if (atomic_read(&hdev->promisc)) { 1549 /* Send copy to the sockets */ 1550 hci_send_to_sock(hdev, skb); 1551 } 1552 1553 if (test_bit(HCI_RAW, &hdev->flags)) { 1554 kfree_skb(skb); 1555 continue; 1556 } 1557 1558 if (test_bit(HCI_INIT, &hdev->flags)) { 1559 /* Don't process data packets in this states. */ 1560 switch (bt_cb(skb)->pkt_type) { 1561 case HCI_ACLDATA_PKT: 1562 case HCI_SCODATA_PKT: 1563 kfree_skb(skb); 1564 continue; 1565 } 1566 } 1567 1568 /* Process frame */ 1569 switch (bt_cb(skb)->pkt_type) { 1570 case HCI_EVENT_PKT: 1571 hci_event_packet(hdev, skb); 1572 break; 1573 1574 case HCI_ACLDATA_PKT: 1575 BT_DBG("%s ACL data packet", hdev->name); 1576 hci_acldata_packet(hdev, skb); 1577 break; 1578 1579 case HCI_SCODATA_PKT: 1580 BT_DBG("%s SCO data packet", hdev->name); 1581 hci_scodata_packet(hdev, skb); 1582 break; 1583 1584 default: 1585 kfree_skb(skb); 1586 break; 1587 } 1588 } 1589 1590 read_unlock(&hci_task_lock); 1591 } 1592 1593 static void hci_cmd_task(unsigned long arg) 1594 { 1595 struct hci_dev *hdev = (struct hci_dev *) arg; 1596 struct sk_buff *skb; 1597 1598 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt)); 1599 1600 if (!atomic_read(&hdev->cmd_cnt) && time_after(jiffies, hdev->cmd_last_tx + HZ)) { 1601 BT_ERR("%s command tx timeout", hdev->name); 1602 atomic_set(&hdev->cmd_cnt, 1); 1603 } 1604 1605 /* Send queued commands */ 1606 if (atomic_read(&hdev->cmd_cnt) && (skb = skb_dequeue(&hdev->cmd_q))) { 1607 kfree_skb(hdev->sent_cmd); 1608 1609 if ((hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC))) { 1610 atomic_dec(&hdev->cmd_cnt); 1611 hci_send_frame(skb); 1612 hdev->cmd_last_tx = jiffies; 1613 } else { 1614 skb_queue_head(&hdev->cmd_q, skb); 1615 hci_sched_cmd(hdev); 1616 } 1617 } 1618 } 1619