]> git.kernelconcepts.de Git - karo-tx-linux.git/blob - net/bluetooth/hci_core.c
projects / karo-tx-linux.git / blob
? search:


8a0ce706aebd624ae7fd1c50b9670780dc4f6761
[karo-tx-linux.git] / net / bluetooth / hci_core.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4    Copyright (C) 2011 ProFUSION Embedded Systems
5
6    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License version 2 as
10    published by the Free Software Foundation;
11
12    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
21    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23    SOFTWARE IS DISCLAIMED.
24 */
25
26 /* Bluetooth HCI core. */
27
28 #include <linux/export.h>
29 #include <linux/idr.h>
30
31 #include <linux/rfkill.h>
32
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35
36 static void hci_rx_work(struct work_struct *work);
37 static void hci_cmd_work(struct work_struct *work);
38 static void hci_tx_work(struct work_struct *work);
39
40 /* HCI device list */
41 LIST_HEAD(hci_dev_list);
42 DEFINE_RWLOCK(hci_dev_list_lock);
43
44 /* HCI callback list */
45 LIST_HEAD(hci_cb_list);
46 DEFINE_RWLOCK(hci_cb_list_lock);
47
48 /* HCI ID Numbering */
49 static DEFINE_IDA(hci_index_ida);
50
51 /* ---- HCI notifications ---- */
52
53 static void hci_notify(struct hci_dev *hdev, int event)
54 {
55         hci_sock_dev_event(hdev, event);
56 }
57
58 /* ---- HCI requests ---- */
59
60 void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
61 {
62         BT_DBG("%s command 0x%4.4x result 0x%2.2x", hdev->name, cmd, result);
63
64         /* If this is the init phase check if the completed command matches
65          * the last init command, and if not just return.
66          */
67         if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd) {
68                 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
69                 u16 opcode = __le16_to_cpu(sent->opcode);
70                 struct sk_buff *skb;
71
72                 /* Some CSR based controllers generate a spontaneous
73                  * reset complete event during init and any pending
74                  * command will never be completed. In such a case we
75                  * need to resend whatever was the last sent
76                  * command.
77                  */
78
79                 if (cmd != HCI_OP_RESET || opcode == HCI_OP_RESET)
80                         return;
81
82                 skb = skb_clone(hdev->sent_cmd, GFP_ATOMIC);
83                 if (skb) {
84                         skb_queue_head(&hdev->cmd_q, skb);
85                         queue_work(hdev->workqueue, &hdev->cmd_work);
86                 }
87
88                 return;
89         }
90
91         if (hdev->req_status == HCI_REQ_PEND) {
92                 hdev->req_result = result;
93                 hdev->req_status = HCI_REQ_DONE;
94                 wake_up_interruptible(&hdev->req_wait_q);
95         }
96 }
97
98 static void hci_req_cancel(struct hci_dev *hdev, int err)
99 {
100         BT_DBG("%s err 0x%2.2x", hdev->name, err);
101
102         if (hdev->req_status == HCI_REQ_PEND) {
103                 hdev->req_result = err;
104                 hdev->req_status = HCI_REQ_CANCELED;
105                 wake_up_interruptible(&hdev->req_wait_q);
106         }
107 }
108
109 /* Execute request and wait for completion. */
110 static int __hci_request(struct hci_dev *hdev,
111                          void (*req)(struct hci_dev *hdev, unsigned long opt),
112                          unsigned long opt, __u32 timeout)
113 {
114         DECLARE_WAITQUEUE(wait, current);
115         int err = 0;
116
117         BT_DBG("%s start", hdev->name);
118
119         hdev->req_status = HCI_REQ_PEND;
120
121         add_wait_queue(&hdev->req_wait_q, &wait);
122         set_current_state(TASK_INTERRUPTIBLE);
123
124         req(hdev, opt);
125         schedule_timeout(timeout);
126
127         remove_wait_queue(&hdev->req_wait_q, &wait);
128
129         if (signal_pending(current))
130                 return -EINTR;
131
132         switch (hdev->req_status) {
133         case HCI_REQ_DONE:
134                 err = -bt_to_errno(hdev->req_result);
135                 break;
136
137         case HCI_REQ_CANCELED:
138                 err = -hdev->req_result;
139                 break;
140
141         default:
142                 err = -ETIMEDOUT;
143                 break;
144         }
145
146         hdev->req_status = hdev->req_result = 0;
147
148         BT_DBG("%s end: err %d", hdev->name, err);
149
150         return err;
151 }
152
153 static int hci_request(struct hci_dev *hdev,
154                        void (*req)(struct hci_dev *hdev, unsigned long opt),
155                        unsigned long opt, __u32 timeout)
156 {
157         int ret;
158
159         if (!test_bit(HCI_UP, &hdev->flags))
160                 return -ENETDOWN;
161
162         /* Serialize all requests */
163         hci_req_lock(hdev);
164         ret = __hci_request(hdev, req, opt, timeout);
165         hci_req_unlock(hdev);
166
167         return ret;
168 }
169
170 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
171 {
172         BT_DBG("%s %ld", hdev->name, opt);
173
174         /* Reset device */
175         set_bit(HCI_RESET, &hdev->flags);
176         hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
177 }
178
179 static void bredr_init(struct hci_dev *hdev)
180 {
181         struct hci_cp_delete_stored_link_key cp;
182         __le16 param;
183         __u8 flt_type;
184
185         hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
186
187         /* Mandatory initialization */
188
189         /* Read Local Supported Features */
190         hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
191
192         /* Read Local Version */
193         hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
194
195         /* Read Buffer Size (ACL mtu, max pkt, etc.) */
196         hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
197
198         /* Read BD Address */
199         hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
200
201         /* Read Class of Device */
202         hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
203
204         /* Read Local Name */
205         hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
206
207         /* Read Voice Setting */
208         hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
209
210         /* Optional initialization */
211
212         /* Clear Event Filters */
213         flt_type = HCI_FLT_CLEAR_ALL;
214         hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
215
216         /* Connection accept timeout ~20 secs */
217         param = __constant_cpu_to_le16(0x7d00);
218         hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
219
220         bacpy(&cp.bdaddr, BDADDR_ANY);
221         cp.delete_all = 1;
222         hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
223 }
224
225 static void amp_init(struct hci_dev *hdev)
226 {
227         hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
228
229         /* Read Local Version */
230         hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
231
232         /* Read Local AMP Info */
233         hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
234
235         /* Read Data Blk size */
236         hci_send_cmd(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
237 }
238
239 static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
240 {
241         struct sk_buff *skb;
242
243         BT_DBG("%s %ld", hdev->name, opt);
244
245         /* Driver initialization */
246
247         /* Special commands */
248         while ((skb = skb_dequeue(&hdev->driver_init))) {
249                 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
250                 skb->dev = (void *) hdev;
251
252                 skb_queue_tail(&hdev->cmd_q, skb);
253                 queue_work(hdev->workqueue, &hdev->cmd_work);
254         }
255         skb_queue_purge(&hdev->driver_init);
256
257         /* Reset */
258         if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
259                 hci_reset_req(hdev, 0);
260
261         switch (hdev->dev_type) {
262         case HCI_BREDR:
263                 bredr_init(hdev);
264                 break;
265
266         case HCI_AMP:
267                 amp_init(hdev);
268                 break;
269
270         default:
271                 BT_ERR("Unknown device type %d", hdev->dev_type);
272                 break;
273         }
274 }
275
276 static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt)
277 {
278         BT_DBG("%s", hdev->name);
279
280         /* Read LE buffer size */
281         hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
282 }
283
284 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
285 {
286         __u8 scan = opt;
287
288         BT_DBG("%s %x", hdev->name, scan);
289
290         /* Inquiry and Page scans */
291         hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
292 }
293
294 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
295 {
296         __u8 auth = opt;
297
298         BT_DBG("%s %x", hdev->name, auth);
299
300         /* Authentication */
301         hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
302 }
303
304 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
305 {
306         __u8 encrypt = opt;
307
308         BT_DBG("%s %x", hdev->name, encrypt);
309
310         /* Encryption */
311         hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
312 }
313
314 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
315 {
316         __le16 policy = cpu_to_le16(opt);
317
318         BT_DBG("%s %x", hdev->name, policy);
319
320         /* Default link policy */
321         hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
322 }
323
324 /* Get HCI device by index.
325  * Device is held on return. */
326 struct hci_dev *hci_dev_get(int index)
327 {
328         struct hci_dev *hdev = NULL, *d;
329
330         BT_DBG("%d", index);
331
332         if (index < 0)
333                 return NULL;
334
335         read_lock(&hci_dev_list_lock);
336         list_for_each_entry(d, &hci_dev_list, list) {
337                 if (d->id == index) {
338                         hdev = hci_dev_hold(d);
339                         break;
340                 }
341         }
342         read_unlock(&hci_dev_list_lock);
343         return hdev;
344 }
345
346 /* ---- Inquiry support ---- */
347
348 bool hci_discovery_active(struct hci_dev *hdev)
349 {
350         struct discovery_state *discov = &hdev->discovery;
351
352         switch (discov->state) {
353         case DISCOVERY_FINDING:
354         case DISCOVERY_RESOLVING:
355                 return true;
356
357         default:
358                 return false;
359         }
360 }
361
362 void hci_discovery_set_state(struct hci_dev *hdev, int state)
363 {
364         BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
365
366         if (hdev->discovery.state == state)
367                 return;
368
369         switch (state) {
370         case DISCOVERY_STOPPED:
371                 if (hdev->discovery.state != DISCOVERY_STARTING)
372                         mgmt_discovering(hdev, 0);
373                 break;
374         case DISCOVERY_STARTING:
375                 break;
376         case DISCOVERY_FINDING:
377                 mgmt_discovering(hdev, 1);
378                 break;
379         case DISCOVERY_RESOLVING:
380                 break;
381         case DISCOVERY_STOPPING:
382                 break;
383         }
384
385         hdev->discovery.state = state;
386 }
387
388 static void inquiry_cache_flush(struct hci_dev *hdev)
389 {
390         struct discovery_state *cache = &hdev->discovery;
391         struct inquiry_entry *p, *n;
392
393         list_for_each_entry_safe(p, n, &cache->all, all) {
394                 list_del(&p->all);
395                 kfree(p);
396         }
397
398         INIT_LIST_HEAD(&cache->unknown);
399         INIT_LIST_HEAD(&cache->resolve);
400 }
401
402 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
403                                                bdaddr_t *bdaddr)
404 {
405         struct discovery_state *cache = &hdev->discovery;
406         struct inquiry_entry *e;
407
408         BT_DBG("cache %p, %s", cache, batostr(bdaddr));
409
410         list_for_each_entry(e, &cache->all, all) {
411                 if (!bacmp(&e->data.bdaddr, bdaddr))
412                         return e;
413         }
414
415         return NULL;
416 }
417
418 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
419                                                        bdaddr_t *bdaddr)
420 {
421         struct discovery_state *cache = &hdev->discovery;
422         struct inquiry_entry *e;
423
424         BT_DBG("cache %p, %s", cache, batostr(bdaddr));
425
426         list_for_each_entry(e, &cache->unknown, list) {
427                 if (!bacmp(&e->data.bdaddr, bdaddr))
428                         return e;
429         }
430
431         return NULL;
432 }
433
434 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
435                                                        bdaddr_t *bdaddr,
436                                                        int state)
437 {
438         struct discovery_state *cache = &hdev->discovery;
439         struct inquiry_entry *e;
440
441         BT_DBG("cache %p bdaddr %s state %d", cache, batostr(bdaddr), state);
442
443         list_for_each_entry(e, &cache->resolve, list) {
444                 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
445                         return e;
446                 if (!bacmp(&e->data.bdaddr, bdaddr))
447                         return e;
448         }
449
450         return NULL;
451 }
452
453 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
454                                       struct inquiry_entry *ie)
455 {
456         struct discovery_state *cache = &hdev->discovery;
457         struct list_head *pos = &cache->resolve;
458         struct inquiry_entry *p;
459
460         list_del(&ie->list);
461
462         list_for_each_entry(p, &cache->resolve, list) {
463                 if (p->name_state != NAME_PENDING &&
464                     abs(p->data.rssi) >= abs(ie->data.rssi))
465                         break;
466                 pos = &p->list;
467         }
468
469         list_add(&ie->list, pos);
470 }
471
472 bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
473                               bool name_known, bool *ssp)
474 {
475         struct discovery_state *cache = &hdev->discovery;
476         struct inquiry_entry *ie;
477
478         BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
479
480         if (ssp)
481                 *ssp = data->ssp_mode;
482
483         ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
484         if (ie) {
485                 if (ie->data.ssp_mode && ssp)
486                         *ssp = true;
487
488                 if (ie->name_state == NAME_NEEDED &&
489                     data->rssi != ie->data.rssi) {
490                         ie->data.rssi = data->rssi;
491                         hci_inquiry_cache_update_resolve(hdev, ie);
492                 }
493
494                 goto update;
495         }
496
497         /* Entry not in the cache. Add new one. */
498         ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
499         if (!ie)
500                 return false;
501
502         list_add(&ie->all, &cache->all);
503
504         if (name_known) {
505                 ie->name_state = NAME_KNOWN;
506         } else {
507                 ie->name_state = NAME_NOT_KNOWN;
508                 list_add(&ie->list, &cache->unknown);
509         }
510
511 update:
512         if (name_known && ie->name_state != NAME_KNOWN &&
513             ie->name_state != NAME_PENDING) {
514                 ie->name_state = NAME_KNOWN;
515                 list_del(&ie->list);
516         }
517
518         memcpy(&ie->data, data, sizeof(*data));
519         ie->timestamp = jiffies;
520         cache->timestamp = jiffies;
521
522         if (ie->name_state == NAME_NOT_KNOWN)
523                 return false;
524
525         return true;
526 }
527
528 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
529 {
530         struct discovery_state *cache = &hdev->discovery;
531         struct inquiry_info *info = (struct inquiry_info *) buf;
532         struct inquiry_entry *e;
533         int copied = 0;
534
535         list_for_each_entry(e, &cache->all, all) {
536                 struct inquiry_data *data = &e->data;
537
538                 if (copied >= num)
539                         break;
540
541                 bacpy(&info->bdaddr, &data->bdaddr);
542                 info->pscan_rep_mode    = data->pscan_rep_mode;
543                 info->pscan_period_mode = data->pscan_period_mode;
544                 info->pscan_mode        = data->pscan_mode;
545                 memcpy(info->dev_class, data->dev_class, 3);
546                 info->clock_offset      = data->clock_offset;
547
548                 info++;
549                 copied++;
550         }
551
552         BT_DBG("cache %p, copied %d", cache, copied);
553         return copied;
554 }
555
556 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
557 {
558         struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
559         struct hci_cp_inquiry cp;
560
561         BT_DBG("%s", hdev->name);
562
563         if (test_bit(HCI_INQUIRY, &hdev->flags))
564                 return;
565
566         /* Start Inquiry */
567         memcpy(&cp.lap, &ir->lap, 3);
568         cp.length  = ir->length;
569         cp.num_rsp = ir->num_rsp;
570         hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
571 }
572
573 int hci_inquiry(void __user *arg)
574 {
575         __u8 __user *ptr = arg;
576         struct hci_inquiry_req ir;
577         struct hci_dev *hdev;
578         int err = 0, do_inquiry = 0, max_rsp;
579         long timeo;
580         __u8 *buf;
581
582         if (copy_from_user(&ir, ptr, sizeof(ir)))
583                 return -EFAULT;
584
585         hdev = hci_dev_get(ir.dev_id);
586         if (!hdev)
587                 return -ENODEV;
588
589         hci_dev_lock(hdev);
590         if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
591             inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
592                 inquiry_cache_flush(hdev);
593                 do_inquiry = 1;
594         }
595         hci_dev_unlock(hdev);
596
597         timeo = ir.length * msecs_to_jiffies(2000);
598
599         if (do_inquiry) {
600                 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
601                 if (err < 0)
602                         goto done;
603         }
604
605         /* for unlimited number of responses we will use buffer with
606          * 255 entries
607          */
608         max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
609
610         /* cache_dump can't sleep. Therefore we allocate temp buffer and then
611          * copy it to the user space.
612          */
613         buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
614         if (!buf) {
615                 err = -ENOMEM;
616                 goto done;
617         }
618
619         hci_dev_lock(hdev);
620         ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
621         hci_dev_unlock(hdev);
622
623         BT_DBG("num_rsp %d", ir.num_rsp);
624
625         if (!copy_to_user(ptr, &ir, sizeof(ir))) {
626                 ptr += sizeof(ir);
627                 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
628                                  ir.num_rsp))
629                         err = -EFAULT;
630         } else
631                 err = -EFAULT;
632
633         kfree(buf);
634
635 done:
636         hci_dev_put(hdev);
637         return err;
638 }
639
640 /* ---- HCI ioctl helpers ---- */
641
642 int hci_dev_open(__u16 dev)
643 {
644         struct hci_dev *hdev;
645         int ret = 0;
646
647         hdev = hci_dev_get(dev);
648         if (!hdev)
649                 return -ENODEV;
650
651         BT_DBG("%s %p", hdev->name, hdev);
652
653         hci_req_lock(hdev);
654
655         if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
656                 ret = -ENODEV;
657                 goto done;
658         }
659
660         if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
661                 ret = -ERFKILL;
662                 goto done;
663         }
664
665         if (test_bit(HCI_UP, &hdev->flags)) {
666                 ret = -EALREADY;
667                 goto done;
668         }
669
670         if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
671                 set_bit(HCI_RAW, &hdev->flags);
672
673         /* Treat all non BR/EDR controllers as raw devices if
674            enable_hs is not set */
675         if (hdev->dev_type != HCI_BREDR && !enable_hs)
676                 set_bit(HCI_RAW, &hdev->flags);
677
678         if (hdev->open(hdev)) {
679                 ret = -EIO;
680                 goto done;
681         }
682
683         if (!test_bit(HCI_RAW, &hdev->flags)) {
684                 atomic_set(&hdev->cmd_cnt, 1);
685                 set_bit(HCI_INIT, &hdev->flags);
686                 hdev->init_last_cmd = 0;
687
688                 ret = __hci_request(hdev, hci_init_req, 0, HCI_INIT_TIMEOUT);
689
690                 if (lmp_host_le_capable(hdev))
691                         ret = __hci_request(hdev, hci_le_init_req, 0,
692                                             HCI_INIT_TIMEOUT);
693
694                 clear_bit(HCI_INIT, &hdev->flags);
695         }
696
697         if (!ret) {
698                 hci_dev_hold(hdev);
699                 set_bit(HCI_UP, &hdev->flags);
700                 hci_notify(hdev, HCI_DEV_UP);
701                 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
702                     mgmt_valid_hdev(hdev)) {
703                         hci_dev_lock(hdev);
704                         mgmt_powered(hdev, 1);
705                         hci_dev_unlock(hdev);
706                 }
707         } else {
708                 /* Init failed, cleanup */
709                 flush_work(&hdev->tx_work);
710                 flush_work(&hdev->cmd_work);
711                 flush_work(&hdev->rx_work);
712
713                 skb_queue_purge(&hdev->cmd_q);
714                 skb_queue_purge(&hdev->rx_q);
715
716                 if (hdev->flush)
717                         hdev->flush(hdev);
718
719                 if (hdev->sent_cmd) {
720                         kfree_skb(hdev->sent_cmd);
721                         hdev->sent_cmd = NULL;
722                 }
723
724                 hdev->close(hdev);
725                 hdev->flags = 0;
726         }
727
728 done:
729         hci_req_unlock(hdev);
730         hci_dev_put(hdev);
731         return ret;
732 }
733
734 static int hci_dev_do_close(struct hci_dev *hdev)
735 {
736         BT_DBG("%s %p", hdev->name, hdev);
737
738         cancel_work_sync(&hdev->le_scan);
739
740         cancel_delayed_work(&hdev->power_off);
741
742         hci_req_cancel(hdev, ENODEV);
743         hci_req_lock(hdev);
744
745         if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
746                 del_timer_sync(&hdev->cmd_timer);
747                 hci_req_unlock(hdev);
748                 return 0;
749         }
750
751         /* Flush RX and TX works */
752         flush_work(&hdev->tx_work);
753         flush_work(&hdev->rx_work);
754
755         if (hdev->discov_timeout > 0) {
756                 cancel_delayed_work(&hdev->discov_off);
757                 hdev->discov_timeout = 0;
758                 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
759         }
760
761         if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
762                 cancel_delayed_work(&hdev->service_cache);
763
764         cancel_delayed_work_sync(&hdev->le_scan_disable);
765
766         hci_dev_lock(hdev);
767         inquiry_cache_flush(hdev);
768         hci_conn_hash_flush(hdev);
769         hci_dev_unlock(hdev);
770
771         hci_notify(hdev, HCI_DEV_DOWN);
772
773         if (hdev->flush)
774                 hdev->flush(hdev);
775
776         /* Reset device */
777         skb_queue_purge(&hdev->cmd_q);
778         atomic_set(&hdev->cmd_cnt, 1);
779         if (!test_bit(HCI_RAW, &hdev->flags) &&
780             test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
781                 set_bit(HCI_INIT, &hdev->flags);
782                 __hci_request(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
783                 clear_bit(HCI_INIT, &hdev->flags);
784         }
785
786         /* flush cmd  work */
787         flush_work(&hdev->cmd_work);
788
789         /* Drop queues */
790         skb_queue_purge(&hdev->rx_q);
791         skb_queue_purge(&hdev->cmd_q);
792         skb_queue_purge(&hdev->raw_q);
793
794         /* Drop last sent command */
795         if (hdev->sent_cmd) {
796                 del_timer_sync(&hdev->cmd_timer);
797                 kfree_skb(hdev->sent_cmd);
798                 hdev->sent_cmd = NULL;
799         }
800
801         /* After this point our queues are empty
802          * and no tasks are scheduled. */
803         hdev->close(hdev);
804
805         if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags) &&
806             mgmt_valid_hdev(hdev)) {
807                 hci_dev_lock(hdev);
808                 mgmt_powered(hdev, 0);
809                 hci_dev_unlock(hdev);
810         }
811
812         /* Clear flags */
813         hdev->flags = 0;
814
815         memset(hdev->eir, 0, sizeof(hdev->eir));
816         memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
817
818         hci_req_unlock(hdev);
819
820         hci_dev_put(hdev);
821         return 0;
822 }
823
824 int hci_dev_close(__u16 dev)
825 {
826         struct hci_dev *hdev;
827         int err;
828
829         hdev = hci_dev_get(dev);
830         if (!hdev)
831                 return -ENODEV;
832
833         if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
834                 cancel_delayed_work(&hdev->power_off);
835
836         err = hci_dev_do_close(hdev);
837
838         hci_dev_put(hdev);
839         return err;
840 }
841
842 int hci_dev_reset(__u16 dev)
843 {
844         struct hci_dev *hdev;
845         int ret = 0;
846
847         hdev = hci_dev_get(dev);
848         if (!hdev)
849                 return -ENODEV;
850
851         hci_req_lock(hdev);
852
853         if (!test_bit(HCI_UP, &hdev->flags))
854                 goto done;
855
856         /* Drop queues */
857         skb_queue_purge(&hdev->rx_q);
858         skb_queue_purge(&hdev->cmd_q);
859
860         hci_dev_lock(hdev);
861         inquiry_cache_flush(hdev);
862         hci_conn_hash_flush(hdev);
863         hci_dev_unlock(hdev);
864
865         if (hdev->flush)
866                 hdev->flush(hdev);
867
868         atomic_set(&hdev->cmd_cnt, 1);
869         hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
870
871         if (!test_bit(HCI_RAW, &hdev->flags))
872                 ret = __hci_request(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
873
874 done:
875         hci_req_unlock(hdev);
876         hci_dev_put(hdev);
877         return ret;
878 }
879
880 int hci_dev_reset_stat(__u16 dev)
881 {
882         struct hci_dev *hdev;
883         int ret = 0;
884
885         hdev = hci_dev_get(dev);
886         if (!hdev)
887                 return -ENODEV;
888
889         memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
890
891         hci_dev_put(hdev);
892
893         return ret;
894 }
895
896 int hci_dev_cmd(unsigned int cmd, void __user *arg)
897 {
898         struct hci_dev *hdev;
899         struct hci_dev_req dr;
900         int err = 0;
901
902         if (copy_from_user(&dr, arg, sizeof(dr)))
903                 return -EFAULT;
904
905         hdev = hci_dev_get(dr.dev_id);
906         if (!hdev)
907                 return -ENODEV;
908
909         switch (cmd) {
910         case HCISETAUTH:
911                 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
912                                   HCI_INIT_TIMEOUT);
913                 break;
914
915         case HCISETENCRYPT:
916                 if (!lmp_encrypt_capable(hdev)) {
917                         err = -EOPNOTSUPP;
918                         break;
919                 }
920
921                 if (!test_bit(HCI_AUTH, &hdev->flags)) {
922                         /* Auth must be enabled first */
923                         err = hci_request(hdev, hci_auth_req, dr.dev_opt,
924                                           HCI_INIT_TIMEOUT);
925                         if (err)
926                                 break;
927                 }
928
929                 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
930                                   HCI_INIT_TIMEOUT);
931                 break;
932
933         case HCISETSCAN:
934                 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
935                                   HCI_INIT_TIMEOUT);
936                 break;
937
938         case HCISETLINKPOL:
939                 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
940                                   HCI_INIT_TIMEOUT);
941                 break;
942
943         case HCISETLINKMODE:
944                 hdev->link_mode = ((__u16) dr.dev_opt) &
945                                         (HCI_LM_MASTER | HCI_LM_ACCEPT);
946                 break;
947
948         case HCISETPTYPE:
949                 hdev->pkt_type = (__u16) dr.dev_opt;
950                 break;
951
952         case HCISETACLMTU:
953                 hdev->acl_mtu  = *((__u16 *) &dr.dev_opt + 1);
954                 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
955                 break;
956
957         case HCISETSCOMTU:
958                 hdev->sco_mtu  = *((__u16 *) &dr.dev_opt + 1);
959                 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
960                 break;
961
962         default:
963                 err = -EINVAL;
964                 break;
965         }
966
967         hci_dev_put(hdev);
968         return err;
969 }
970
971 int hci_get_dev_list(void __user *arg)
972 {
973         struct hci_dev *hdev;
974         struct hci_dev_list_req *dl;
975         struct hci_dev_req *dr;
976         int n = 0, size, err;
977         __u16 dev_num;
978
979         if (get_user(dev_num, (__u16 __user *) arg))
980                 return -EFAULT;
981
982         if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
983                 return -EINVAL;
984
985         size = sizeof(*dl) + dev_num * sizeof(*dr);
986
987         dl = kzalloc(size, GFP_KERNEL);
988         if (!dl)
989                 return -ENOMEM;
990
991         dr = dl->dev_req;
992
993         read_lock(&hci_dev_list_lock);
994         list_for_each_entry(hdev, &hci_dev_list, list) {
995                 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
996                         cancel_delayed_work(&hdev->power_off);
997
998                 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
999                         set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1000
1001                 (dr + n)->dev_id  = hdev->id;
1002                 (dr + n)->dev_opt = hdev->flags;
1003
1004                 if (++n >= dev_num)
1005                         break;
1006         }
1007         read_unlock(&hci_dev_list_lock);
1008
1009         dl->dev_num = n;
1010         size = sizeof(*dl) + n * sizeof(*dr);
1011
1012         err = copy_to_user(arg, dl, size);
1013         kfree(dl);
1014
1015         return err ? -EFAULT : 0;
1016 }
1017
1018 int hci_get_dev_info(void __user *arg)
1019 {
1020         struct hci_dev *hdev;
1021         struct hci_dev_info di;
1022         int err = 0;
1023
1024         if (copy_from_user(&di, arg, sizeof(di)))
1025                 return -EFAULT;
1026
1027         hdev = hci_dev_get(di.dev_id);
1028         if (!hdev)
1029                 return -ENODEV;
1030
1031         if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1032                 cancel_delayed_work_sync(&hdev->power_off);
1033
1034         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1035                 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1036
1037         strcpy(di.name, hdev->name);
1038         di.bdaddr   = hdev->bdaddr;
1039         di.type     = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
1040         di.flags    = hdev->flags;
1041         di.pkt_type = hdev->pkt_type;
1042         di.acl_mtu  = hdev->acl_mtu;
1043         di.acl_pkts = hdev->acl_pkts;
1044         di.sco_mtu  = hdev->sco_mtu;
1045         di.sco_pkts = hdev->sco_pkts;
1046         di.link_policy = hdev->link_policy;
1047         di.link_mode   = hdev->link_mode;
1048
1049         memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
1050         memcpy(&di.features, &hdev->features, sizeof(di.features));
1051
1052         if (copy_to_user(arg, &di, sizeof(di)))
1053                 err = -EFAULT;
1054
1055         hci_dev_put(hdev);
1056
1057         return err;
1058 }
1059
1060 /* ---- Interface to HCI drivers ---- */
1061
1062 static int hci_rfkill_set_block(void *data, bool blocked)
1063 {
1064         struct hci_dev *hdev = data;
1065
1066         BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
1067
1068         if (!blocked)
1069                 return 0;
1070
1071         hci_dev_do_close(hdev);
1072
1073         return 0;
1074 }
1075
1076 static const struct rfkill_ops hci_rfkill_ops = {
1077         .set_block = hci_rfkill_set_block,
1078 };
1079
1080 static void hci_power_on(struct work_struct *work)
1081 {
1082         struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
1083
1084         BT_DBG("%s", hdev->name);
1085
1086         if (hci_dev_open(hdev->id) < 0)
1087                 return;
1088
1089         if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1090                 schedule_delayed_work(&hdev->power_off, HCI_AUTO_OFF_TIMEOUT);
1091
1092         if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags))
1093                 mgmt_index_added(hdev);
1094 }
1095
1096 static void hci_power_off(struct work_struct *work)
1097 {
1098         struct hci_dev *hdev = container_of(work, struct hci_dev,
1099                                             power_off.work);
1100
1101         BT_DBG("%s", hdev->name);
1102
1103         hci_dev_do_close(hdev);
1104 }
1105
1106 static void hci_discov_off(struct work_struct *work)
1107 {
1108         struct hci_dev *hdev;
1109         u8 scan = SCAN_PAGE;
1110
1111         hdev = container_of(work, struct hci_dev, discov_off.work);
1112
1113         BT_DBG("%s", hdev->name);
1114
1115         hci_dev_lock(hdev);
1116
1117         hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1118
1119         hdev->discov_timeout = 0;
1120
1121         hci_dev_unlock(hdev);
1122 }
1123
1124 int hci_uuids_clear(struct hci_dev *hdev)
1125 {
1126         struct list_head *p, *n;
1127
1128         list_for_each_safe(p, n, &hdev->uuids) {
1129                 struct bt_uuid *uuid;
1130
1131                 uuid = list_entry(p, struct bt_uuid, list);
1132
1133                 list_del(p);
1134                 kfree(uuid);
1135         }
1136
1137         return 0;
1138 }
1139
1140 int hci_link_keys_clear(struct hci_dev *hdev)
1141 {
1142         struct list_head *p, *n;
1143
1144         list_for_each_safe(p, n, &hdev->link_keys) {
1145                 struct link_key *key;
1146
1147                 key = list_entry(p, struct link_key, list);
1148
1149                 list_del(p);
1150                 kfree(key);
1151         }
1152
1153         return 0;
1154 }
1155
1156 int hci_smp_ltks_clear(struct hci_dev *hdev)
1157 {
1158         struct smp_ltk *k, *tmp;
1159
1160         list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1161                 list_del(&k->list);
1162                 kfree(k);
1163         }
1164
1165         return 0;
1166 }
1167
1168 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1169 {
1170         struct link_key *k;
1171
1172         list_for_each_entry(k, &hdev->link_keys, list)
1173                 if (bacmp(bdaddr, &k->bdaddr) == 0)
1174                         return k;
1175
1176         return NULL;
1177 }
1178
1179 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1180                                u8 key_type, u8 old_key_type)
1181 {
1182         /* Legacy key */
1183         if (key_type < 0x03)
1184                 return true;
1185
1186         /* Debug keys are insecure so don't store them persistently */
1187         if (key_type == HCI_LK_DEBUG_COMBINATION)
1188                 return false;
1189
1190         /* Changed combination key and there's no previous one */
1191         if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1192                 return false;
1193
1194         /* Security mode 3 case */
1195         if (!conn)
1196                 return true;
1197
1198         /* Neither local nor remote side had no-bonding as requirement */
1199         if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1200                 return true;
1201
1202         /* Local side had dedicated bonding as requirement */
1203         if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1204                 return true;
1205
1206         /* Remote side had dedicated bonding as requirement */
1207         if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1208                 return true;
1209
1210         /* If none of the above criteria match, then don't store the key
1211          * persistently */
1212         return false;
1213 }
1214
1215 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1216 {
1217         struct smp_ltk *k;
1218
1219         list_for_each_entry(k, &hdev->long_term_keys, list) {
1220                 if (k->ediv != ediv ||
1221                     memcmp(rand, k->rand, sizeof(k->rand)))
1222                         continue;
1223
1224                 return k;
1225         }
1226
1227         return NULL;
1228 }
1229
1230 struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
1231                                      u8 addr_type)
1232 {
1233         struct smp_ltk *k;
1234
1235         list_for_each_entry(k, &hdev->long_term_keys, list)
1236                 if (addr_type == k->bdaddr_type &&
1237                     bacmp(bdaddr, &k->bdaddr) == 0)
1238                         return k;
1239
1240         return NULL;
1241 }
1242
1243 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1244                      bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1245 {
1246         struct link_key *key, *old_key;
1247         u8 old_key_type;
1248         bool persistent;
1249
1250         old_key = hci_find_link_key(hdev, bdaddr);
1251         if (old_key) {
1252                 old_key_type = old_key->type;
1253                 key = old_key;
1254         } else {
1255                 old_key_type = conn ? conn->key_type : 0xff;
1256                 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1257                 if (!key)
1258                         return -ENOMEM;
1259                 list_add(&key->list, &hdev->link_keys);
1260         }
1261
1262         BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type);
1263
1264         /* Some buggy controller combinations generate a changed
1265          * combination key for legacy pairing even when there's no
1266          * previous key */
1267         if (type == HCI_LK_CHANGED_COMBINATION &&
1268             (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
1269                 type = HCI_LK_COMBINATION;
1270                 if (conn)
1271                         conn->key_type = type;
1272         }
1273
1274         bacpy(&key->bdaddr, bdaddr);
1275         memcpy(key->val, val, HCI_LINK_KEY_SIZE);
1276         key->pin_len = pin_len;
1277
1278         if (type == HCI_LK_CHANGED_COMBINATION)
1279                 key->type = old_key_type;
1280         else
1281                 key->type = type;
1282
1283         if (!new_key)
1284                 return 0;
1285
1286         persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1287
1288         mgmt_new_link_key(hdev, key, persistent);
1289
1290         if (conn)
1291                 conn->flush_key = !persistent;
1292
1293         return 0;
1294 }
1295
1296 int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type,
1297                 int new_key, u8 authenticated, u8 tk[16], u8 enc_size, __le16
1298                 ediv, u8 rand[8])
1299 {
1300         struct smp_ltk *key, *old_key;
1301
1302         if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK))
1303                 return 0;
1304
1305         old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type);
1306         if (old_key)
1307                 key = old_key;
1308         else {
1309                 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1310                 if (!key)
1311                         return -ENOMEM;
1312                 list_add(&key->list, &hdev->long_term_keys);
1313         }
1314
1315         bacpy(&key->bdaddr, bdaddr);
1316         key->bdaddr_type = addr_type;
1317         memcpy(key->val, tk, sizeof(key->val));
1318         key->authenticated = authenticated;
1319         key->ediv = ediv;
1320         key->enc_size = enc_size;
1321         key->type = type;
1322         memcpy(key->rand, rand, sizeof(key->rand));
1323
1324         if (!new_key)
1325                 return 0;
1326
1327         if (type & HCI_SMP_LTK)
1328                 mgmt_new_ltk(hdev, key, 1);
1329
1330         return 0;
1331 }
1332
1333 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1334 {
1335         struct link_key *key;
1336
1337         key = hci_find_link_key(hdev, bdaddr);
1338         if (!key)
1339                 return -ENOENT;
1340
1341         BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1342
1343         list_del(&key->list);
1344         kfree(key);
1345
1346         return 0;
1347 }
1348
1349 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1350 {
1351         struct smp_ltk *k, *tmp;
1352
1353         list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1354                 if (bacmp(bdaddr, &k->bdaddr))
1355                         continue;
1356
1357                 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1358
1359                 list_del(&k->list);
1360                 kfree(k);
1361         }
1362
1363         return 0;
1364 }
1365
1366 /* HCI command timer function */
1367 static void hci_cmd_timeout(unsigned long arg)
1368 {
1369         struct hci_dev *hdev = (void *) arg;
1370
1371         if (hdev->sent_cmd) {
1372                 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
1373                 u16 opcode = __le16_to_cpu(sent->opcode);
1374
1375                 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
1376         } else {
1377                 BT_ERR("%s command tx timeout", hdev->name);
1378         }
1379
1380         atomic_set(&hdev->cmd_cnt, 1);
1381         queue_work(hdev->workqueue, &hdev->cmd_work);
1382 }
1383
1384 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1385                                           bdaddr_t *bdaddr)
1386 {
1387         struct oob_data *data;
1388
1389         list_for_each_entry(data, &hdev->remote_oob_data, list)
1390                 if (bacmp(bdaddr, &data->bdaddr) == 0)
1391                         return data;
1392
1393         return NULL;
1394 }
1395
1396 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1397 {
1398         struct oob_data *data;
1399
1400         data = hci_find_remote_oob_data(hdev, bdaddr);
1401         if (!data)
1402                 return -ENOENT;
1403
1404         BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1405
1406         list_del(&data->list);
1407         kfree(data);
1408
1409         return 0;
1410 }
1411
1412 int hci_remote_oob_data_clear(struct hci_dev *hdev)
1413 {
1414         struct oob_data *data, *n;
1415
1416         list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1417                 list_del(&data->list);
1418                 kfree(data);
1419         }
1420
1421         return 0;
1422 }
1423
1424 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1425                             u8 *randomizer)
1426 {
1427         struct oob_data *data;
1428
1429         data = hci_find_remote_oob_data(hdev, bdaddr);
1430
1431         if (!data) {
1432                 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1433                 if (!data)
1434                         return -ENOMEM;
1435
1436                 bacpy(&data->bdaddr, bdaddr);
1437                 list_add(&data->list, &hdev->remote_oob_data);
1438         }
1439
1440         memcpy(data->hash, hash, sizeof(data->hash));
1441         memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1442
1443         BT_DBG("%s for %s", hdev->name, batostr(bdaddr));
1444
1445         return 0;
1446 }
1447
1448 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
1449 {
1450         struct bdaddr_list *b;
1451
1452         list_for_each_entry(b, &hdev->blacklist, list)
1453                 if (bacmp(bdaddr, &b->bdaddr) == 0)
1454                         return b;
1455
1456         return NULL;
1457 }
1458
1459 int hci_blacklist_clear(struct hci_dev *hdev)
1460 {
1461         struct list_head *p, *n;
1462
1463         list_for_each_safe(p, n, &hdev->blacklist) {
1464                 struct bdaddr_list *b;
1465
1466                 b = list_entry(p, struct bdaddr_list, list);
1467
1468                 list_del(p);
1469                 kfree(b);
1470         }
1471
1472         return 0;
1473 }
1474
1475 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1476 {
1477         struct bdaddr_list *entry;
1478
1479         if (bacmp(bdaddr, BDADDR_ANY) == 0)
1480                 return -EBADF;
1481
1482         if (hci_blacklist_lookup(hdev, bdaddr))
1483                 return -EEXIST;
1484
1485         entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
1486         if (!entry)
1487                 return -ENOMEM;
1488
1489         bacpy(&entry->bdaddr, bdaddr);
1490
1491         list_add(&entry->list, &hdev->blacklist);
1492
1493         return mgmt_device_blocked(hdev, bdaddr, type);
1494 }
1495
1496 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1497 {
1498         struct bdaddr_list *entry;
1499
1500         if (bacmp(bdaddr, BDADDR_ANY) == 0)
1501                 return hci_blacklist_clear(hdev);
1502
1503         entry = hci_blacklist_lookup(hdev, bdaddr);
1504         if (!entry)
1505                 return -ENOENT;
1506
1507         list_del(&entry->list);
1508         kfree(entry);
1509
1510         return mgmt_device_unblocked(hdev, bdaddr, type);
1511 }
1512
1513 static void le_scan_param_req(struct hci_dev *hdev, unsigned long opt)
1514 {
1515         struct le_scan_params *param =  (struct le_scan_params *) opt;
1516         struct hci_cp_le_set_scan_param cp;
1517
1518         memset(&cp, 0, sizeof(cp));
1519         cp.type = param->type;
1520         cp.interval = cpu_to_le16(param->interval);
1521         cp.window = cpu_to_le16(param->window);
1522
1523         hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_PARAM, sizeof(cp), &cp);
1524 }
1525
1526 static void le_scan_enable_req(struct hci_dev *hdev, unsigned long opt)
1527 {
1528         struct hci_cp_le_set_scan_enable cp;
1529
1530         memset(&cp, 0, sizeof(cp));
1531         cp.enable = 1;
1532         cp.filter_dup = 1;
1533
1534         hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1535 }
1536
1537 static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval,
1538                           u16 window, int timeout)
1539 {
1540         long timeo = msecs_to_jiffies(3000);
1541         struct le_scan_params param;
1542         int err;
1543
1544         BT_DBG("%s", hdev->name);
1545
1546         if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1547                 return -EINPROGRESS;
1548
1549         param.type = type;
1550         param.interval = interval;
1551         param.window = window;
1552
1553         hci_req_lock(hdev);
1554
1555         err = __hci_request(hdev, le_scan_param_req, (unsigned long) &param,
1556                             timeo);
1557         if (!err)
1558                 err = __hci_request(hdev, le_scan_enable_req, 0, timeo);
1559
1560         hci_req_unlock(hdev);
1561
1562         if (err < 0)
1563                 return err;
1564
1565         schedule_delayed_work(&hdev->le_scan_disable,
1566                               msecs_to_jiffies(timeout));
1567
1568         return 0;
1569 }
1570
1571 int hci_cancel_le_scan(struct hci_dev *hdev)
1572 {
1573         BT_DBG("%s", hdev->name);
1574
1575         if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1576                 return -EALREADY;
1577
1578         if (cancel_delayed_work(&hdev->le_scan_disable)) {
1579                 struct hci_cp_le_set_scan_enable cp;
1580
1581                 /* Send HCI command to disable LE Scan */
1582                 memset(&cp, 0, sizeof(cp));
1583                 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1584         }
1585
1586         return 0;
1587 }
1588
1589 static void le_scan_disable_work(struct work_struct *work)
1590 {
1591         struct hci_dev *hdev = container_of(work, struct hci_dev,
1592                                             le_scan_disable.work);
1593         struct hci_cp_le_set_scan_enable cp;
1594
1595         BT_DBG("%s", hdev->name);
1596
1597         memset(&cp, 0, sizeof(cp));
1598
1599         hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1600 }
1601
1602 static void le_scan_work(struct work_struct *work)
1603 {
1604         struct hci_dev *hdev = container_of(work, struct hci_dev, le_scan);
1605         struct le_scan_params *param = &hdev->le_scan_params;
1606
1607         BT_DBG("%s", hdev->name);
1608
1609         hci_do_le_scan(hdev, param->type, param->interval, param->window,
1610                        param->timeout);
1611 }
1612
1613 int hci_le_scan(struct hci_dev *hdev, u8 type, u16 interval, u16 window,
1614                 int timeout)
1615 {
1616         struct le_scan_params *param = &hdev->le_scan_params;
1617
1618         BT_DBG("%s", hdev->name);
1619
1620         if (work_busy(&hdev->le_scan))
1621                 return -EINPROGRESS;
1622
1623         param->type = type;
1624         param->interval = interval;
1625         param->window = window;
1626         param->timeout = timeout;
1627
1628         queue_work(system_long_wq, &hdev->le_scan);
1629
1630         return 0;
1631 }
1632
1633 /* Alloc HCI device */
1634 struct hci_dev *hci_alloc_dev(void)
1635 {
1636         struct hci_dev *hdev;
1637
1638         hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
1639         if (!hdev)
1640                 return NULL;
1641
1642         hdev->pkt_type  = (HCI_DM1 | HCI_DH1 | HCI_HV1);
1643         hdev->esco_type = (ESCO_HV1);
1644         hdev->link_mode = (HCI_LM_ACCEPT);
1645         hdev->io_capability = 0x03; /* No Input No Output */
1646
1647         hdev->sniff_max_interval = 800;
1648         hdev->sniff_min_interval = 80;
1649
1650         mutex_init(&hdev->lock);
1651         mutex_init(&hdev->req_lock);
1652
1653         INIT_LIST_HEAD(&hdev->mgmt_pending);
1654         INIT_LIST_HEAD(&hdev->blacklist);
1655         INIT_LIST_HEAD(&hdev->uuids);
1656         INIT_LIST_HEAD(&hdev->link_keys);
1657         INIT_LIST_HEAD(&hdev->long_term_keys);
1658         INIT_LIST_HEAD(&hdev->remote_oob_data);
1659         INIT_LIST_HEAD(&hdev->conn_hash.list);
1660
1661         INIT_WORK(&hdev->rx_work, hci_rx_work);
1662         INIT_WORK(&hdev->cmd_work, hci_cmd_work);
1663         INIT_WORK(&hdev->tx_work, hci_tx_work);
1664         INIT_WORK(&hdev->power_on, hci_power_on);
1665         INIT_WORK(&hdev->le_scan, le_scan_work);
1666
1667         INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
1668         INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
1669         INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
1670
1671         skb_queue_head_init(&hdev->driver_init);
1672         skb_queue_head_init(&hdev->rx_q);
1673         skb_queue_head_init(&hdev->cmd_q);
1674         skb_queue_head_init(&hdev->raw_q);
1675
1676         init_waitqueue_head(&hdev->req_wait_q);
1677
1678         setup_timer(&hdev->cmd_timer, hci_cmd_timeout, (unsigned long) hdev);
1679
1680         hci_init_sysfs(hdev);
1681         discovery_init(hdev);
1682
1683         return hdev;
1684 }
1685 EXPORT_SYMBOL(hci_alloc_dev);
1686
1687 /* Free HCI device */
1688 void hci_free_dev(struct hci_dev *hdev)
1689 {
1690         skb_queue_purge(&hdev->driver_init);
1691
1692         /* will free via device release */
1693         put_device(&hdev->dev);
1694 }
1695 EXPORT_SYMBOL(hci_free_dev);
1696
1697 /* Register HCI device */
1698 int hci_register_dev(struct hci_dev *hdev)
1699 {
1700         int id, error;
1701
1702         if (!hdev->open || !hdev->close)
1703                 return -EINVAL;
1704
1705         /* Do not allow HCI_AMP devices to register at index 0,
1706          * so the index can be used as the AMP controller ID.
1707          */
1708         switch (hdev->dev_type) {
1709         case HCI_BREDR:
1710                 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
1711                 break;
1712         case HCI_AMP:
1713                 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
1714                 break;
1715         default:
1716                 return -EINVAL;
1717         }
1718
1719         if (id < 0)
1720                 return id;
1721
1722         sprintf(hdev->name, "hci%d", id);
1723         hdev->id = id;
1724
1725         BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1726
1727         write_lock(&hci_dev_list_lock);
1728         list_add(&hdev->list, &hci_dev_list);
1729         write_unlock(&hci_dev_list_lock);
1730
1731         hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
1732                                           WQ_MEM_RECLAIM, 1);
1733         if (!hdev->workqueue) {
1734                 error = -ENOMEM;
1735                 goto err;
1736         }
1737
1738         error = hci_add_sysfs(hdev);
1739         if (error < 0)
1740                 goto err_wqueue;
1741
1742         hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
1743                                     RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
1744                                     hdev);
1745         if (hdev->rfkill) {
1746                 if (rfkill_register(hdev->rfkill) < 0) {
1747                         rfkill_destroy(hdev->rfkill);
1748                         hdev->rfkill = NULL;
1749                 }
1750         }
1751
1752         set_bit(HCI_SETUP, &hdev->dev_flags);
1753
1754         if (hdev->dev_type != HCI_AMP)
1755                 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
1756
1757         schedule_work(&hdev->power_on);
1758
1759         hci_notify(hdev, HCI_DEV_REG);
1760         hci_dev_hold(hdev);
1761
1762         return id;
1763
1764 err_wqueue:
1765         destroy_workqueue(hdev->workqueue);
1766 err:
1767         ida_simple_remove(&hci_index_ida, hdev->id);
1768         write_lock(&hci_dev_list_lock);
1769         list_del(&hdev->list);
1770         write_unlock(&hci_dev_list_lock);
1771
1772         return error;
1773 }
1774 EXPORT_SYMBOL(hci_register_dev);
1775
1776 /* Unregister HCI device */
1777 void hci_unregister_dev(struct hci_dev *hdev)
1778 {
1779         int i, id;
1780
1781         BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1782
1783         set_bit(HCI_UNREGISTER, &hdev->dev_flags);
1784
1785         id = hdev->id;
1786
1787         write_lock(&hci_dev_list_lock);
1788         list_del(&hdev->list);
1789         write_unlock(&hci_dev_list_lock);
1790
1791         hci_dev_do_close(hdev);
1792
1793         for (i = 0; i < NUM_REASSEMBLY; i++)
1794                 kfree_skb(hdev->reassembly[i]);
1795
1796         if (!test_bit(HCI_INIT, &hdev->flags) &&
1797             !test_bit(HCI_SETUP, &hdev->dev_flags)) {
1798                 hci_dev_lock(hdev);
1799                 mgmt_index_removed(hdev);
1800                 hci_dev_unlock(hdev);
1801         }
1802
1803         /* mgmt_index_removed should take care of emptying the
1804          * pending list */
1805         BUG_ON(!list_empty(&hdev->mgmt_pending));
1806
1807         hci_notify(hdev, HCI_DEV_UNREG);
1808
1809         if (hdev->rfkill) {
1810                 rfkill_unregister(hdev->rfkill);
1811                 rfkill_destroy(hdev->rfkill);
1812         }
1813
1814         hci_del_sysfs(hdev);
1815
1816         destroy_workqueue(hdev->workqueue);
1817
1818         hci_dev_lock(hdev);
1819         hci_blacklist_clear(hdev);
1820         hci_uuids_clear(hdev);
1821         hci_link_keys_clear(hdev);
1822         hci_smp_ltks_clear(hdev);
1823         hci_remote_oob_data_clear(hdev);
1824         hci_dev_unlock(hdev);
1825
1826         hci_dev_put(hdev);
1827
1828         ida_simple_remove(&hci_index_ida, id);
1829 }
1830 EXPORT_SYMBOL(hci_unregister_dev);
1831
1832 /* Suspend HCI device */
1833 int hci_suspend_dev(struct hci_dev *hdev)
1834 {
1835         hci_notify(hdev, HCI_DEV_SUSPEND);
1836         return 0;
1837 }
1838 EXPORT_SYMBOL(hci_suspend_dev);
1839
1840 /* Resume HCI device */
1841 int hci_resume_dev(struct hci_dev *hdev)
1842 {
1843         hci_notify(hdev, HCI_DEV_RESUME);
1844         return 0;
1845 }
1846 EXPORT_SYMBOL(hci_resume_dev);
1847
1848 /* Receive frame from HCI drivers */
1849 int hci_recv_frame(struct sk_buff *skb)
1850 {
1851         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1852         if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1853                       && !test_bit(HCI_INIT, &hdev->flags))) {
1854                 kfree_skb(skb);
1855                 return -ENXIO;
1856         }
1857
1858         /* Incomming skb */
1859         bt_cb(skb)->incoming = 1;
1860
1861         /* Time stamp */
1862         __net_timestamp(skb);
1863
1864         skb_queue_tail(&hdev->rx_q, skb);
1865         queue_work(hdev->workqueue, &hdev->rx_work);
1866
1867         return 0;
1868 }
1869 EXPORT_SYMBOL(hci_recv_frame);
1870
1871 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1872                           int count, __u8 index)
1873 {
1874         int len = 0;
1875         int hlen = 0;
1876         int remain = count;
1877         struct sk_buff *skb;
1878         struct bt_skb_cb *scb;
1879
1880         if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1881             index >= NUM_REASSEMBLY)
1882                 return -EILSEQ;
1883
1884         skb = hdev->reassembly[index];
1885
1886         if (!skb) {
1887                 switch (type) {
1888                 case HCI_ACLDATA_PKT:
1889                         len = HCI_MAX_FRAME_SIZE;
1890                         hlen = HCI_ACL_HDR_SIZE;
1891                         break;
1892                 case HCI_EVENT_PKT:
1893                         len = HCI_MAX_EVENT_SIZE;
1894                         hlen = HCI_EVENT_HDR_SIZE;
1895                         break;
1896                 case HCI_SCODATA_PKT:
1897                         len = HCI_MAX_SCO_SIZE;
1898                         hlen = HCI_SCO_HDR_SIZE;
1899                         break;
1900                 }
1901
1902                 skb = bt_skb_alloc(len, GFP_ATOMIC);
1903                 if (!skb)
1904                         return -ENOMEM;
1905
1906                 scb = (void *) skb->cb;
1907                 scb->expect = hlen;
1908                 scb->pkt_type = type;
1909
1910                 skb->dev = (void *) hdev;
1911                 hdev->reassembly[index] = skb;
1912         }
1913
1914         while (count) {
1915                 scb = (void *) skb->cb;
1916                 len = min_t(uint, scb->expect, count);
1917
1918                 memcpy(skb_put(skb, len), data, len);
1919
1920                 count -= len;
1921                 data += len;
1922                 scb->expect -= len;
1923                 remain = count;
1924
1925                 switch (type) {
1926                 case HCI_EVENT_PKT:
1927                         if (skb->len == HCI_EVENT_HDR_SIZE) {
1928                                 struct hci_event_hdr *h = hci_event_hdr(skb);
1929                                 scb->expect = h->plen;
1930
1931                                 if (skb_tailroom(skb) < scb->expect) {
1932                                         kfree_skb(skb);
1933                                         hdev->reassembly[index] = NULL;
1934                                         return -ENOMEM;
1935                                 }
1936                         }
1937                         break;
1938
1939                 case HCI_ACLDATA_PKT:
1940                         if (skb->len  == HCI_ACL_HDR_SIZE) {
1941                                 struct hci_acl_hdr *h = hci_acl_hdr(skb);
1942                                 scb->expect = __le16_to_cpu(h->dlen);
1943
1944                                 if (skb_tailroom(skb) < scb->expect) {
1945                                         kfree_skb(skb);
1946                                         hdev->reassembly[index] = NULL;
1947                                         return -ENOMEM;
1948                                 }
1949                         }
1950                         break;
1951
1952                 case HCI_SCODATA_PKT:
1953                         if (skb->len == HCI_SCO_HDR_SIZE) {
1954                                 struct hci_sco_hdr *h = hci_sco_hdr(skb);
1955                                 scb->expect = h->dlen;
1956
1957                                 if (skb_tailroom(skb) < scb->expect) {
1958                                         kfree_skb(skb);
1959                                         hdev->reassembly[index] = NULL;
1960                                         return -ENOMEM;
1961                                 }
1962                         }
1963                         break;
1964                 }
1965
1966                 if (scb->expect == 0) {
1967                         /* Complete frame */
1968
1969                         bt_cb(skb)->pkt_type = type;
1970                         hci_recv_frame(skb);
1971
1972                         hdev->reassembly[index] = NULL;
1973                         return remain;
1974                 }
1975         }
1976
1977         return remain;
1978 }
1979
1980 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1981 {
1982         int rem = 0;
1983
1984         if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
1985                 return -EILSEQ;
1986
1987         while (count) {
1988                 rem = hci_reassembly(hdev, type, data, count, type - 1);
1989                 if (rem < 0)
1990                         return rem;
1991
1992                 data += (count - rem);
1993                 count = rem;
1994         }
1995
1996         return rem;
1997 }
1998 EXPORT_SYMBOL(hci_recv_fragment);
1999
2000 #define STREAM_REASSEMBLY 0
2001
2002 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
2003 {
2004         int type;
2005         int rem = 0;
2006
2007         while (count) {
2008                 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
2009
2010                 if (!skb) {
2011                         struct { char type; } *pkt;
2012
2013                         /* Start of the frame */
2014                         pkt = data;
2015                         type = pkt->type;
2016
2017                         data++;
2018                         count--;
2019                 } else
2020                         type = bt_cb(skb)->pkt_type;
2021
2022                 rem = hci_reassembly(hdev, type, data, count,
2023                                      STREAM_REASSEMBLY);
2024                 if (rem < 0)
2025                         return rem;
2026
2027                 data += (count - rem);
2028                 count = rem;
2029         }
2030
2031         return rem;
2032 }
2033 EXPORT_SYMBOL(hci_recv_stream_fragment);
2034
2035 /* ---- Interface to upper protocols ---- */
2036
2037 int hci_register_cb(struct hci_cb *cb)
2038 {
2039         BT_DBG("%p name %s", cb, cb->name);
2040
2041         write_lock(&hci_cb_list_lock);
2042         list_add(&cb->list, &hci_cb_list);
2043         write_unlock(&hci_cb_list_lock);
2044
2045         return 0;
2046 }
2047 EXPORT_SYMBOL(hci_register_cb);
2048
2049 int hci_unregister_cb(struct hci_cb *cb)
2050 {
2051         BT_DBG("%p name %s", cb, cb->name);
2052
2053         write_lock(&hci_cb_list_lock);
2054         list_del(&cb->list);
2055         write_unlock(&hci_cb_list_lock);
2056
2057         return 0;
2058 }
2059 EXPORT_SYMBOL(hci_unregister_cb);
2060
2061 static int hci_send_frame(struct sk_buff *skb)
2062 {
2063         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2064
2065         if (!hdev) {
2066                 kfree_skb(skb);
2067                 return -ENODEV;
2068         }
2069
2070         BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
2071
2072         /* Time stamp */
2073         __net_timestamp(skb);
2074
2075         /* Send copy to monitor */
2076         hci_send_to_monitor(hdev, skb);
2077
2078         if (atomic_read(&hdev->promisc)) {
2079                 /* Send copy to the sockets */
2080                 hci_send_to_sock(hdev, skb);
2081         }
2082
2083         /* Get rid of skb owner, prior to sending to the driver. */
2084         skb_orphan(skb);
2085
2086         return hdev->send(skb);
2087 }
2088
2089 /* Send HCI command */
2090 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
2091 {
2092         int len = HCI_COMMAND_HDR_SIZE + plen;
2093         struct hci_command_hdr *hdr;
2094         struct sk_buff *skb;
2095
2096         BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
2097
2098         skb = bt_skb_alloc(len, GFP_ATOMIC);
2099         if (!skb) {
2100                 BT_ERR("%s no memory for command", hdev->name);
2101                 return -ENOMEM;
2102         }
2103
2104         hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
2105         hdr->opcode = cpu_to_le16(opcode);
2106         hdr->plen   = plen;
2107
2108         if (plen)
2109                 memcpy(skb_put(skb, plen), param, plen);
2110
2111         BT_DBG("skb len %d", skb->len);
2112
2113         bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
2114         skb->dev = (void *) hdev;
2115
2116         if (test_bit(HCI_INIT, &hdev->flags))
2117                 hdev->init_last_cmd = opcode;
2118
2119         skb_queue_tail(&hdev->cmd_q, skb);
2120         queue_work(hdev->workqueue, &hdev->cmd_work);
2121
2122         return 0;
2123 }
2124
2125 /* Get data from the previously sent command */
2126 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
2127 {
2128         struct hci_command_hdr *hdr;
2129
2130         if (!hdev->sent_cmd)
2131                 return NULL;
2132
2133         hdr = (void *) hdev->sent_cmd->data;
2134
2135         if (hdr->opcode != cpu_to_le16(opcode))
2136                 return NULL;
2137
2138         BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2139
2140         return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
2141 }
2142
2143 /* Send ACL data */
2144 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
2145 {
2146         struct hci_acl_hdr *hdr;
2147         int len = skb->len;
2148
2149         skb_push(skb, HCI_ACL_HDR_SIZE);
2150         skb_reset_transport_header(skb);
2151         hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
2152         hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
2153         hdr->dlen   = cpu_to_le16(len);
2154 }
2155
2156 static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
2157                           struct sk_buff *skb, __u16 flags)
2158 {
2159         struct hci_dev *hdev = conn->hdev;
2160         struct sk_buff *list;
2161
2162         skb->len = skb_headlen(skb);
2163         skb->data_len = 0;
2164
2165         bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2166         hci_add_acl_hdr(skb, conn->handle, flags);
2167
2168         list = skb_shinfo(skb)->frag_list;
2169         if (!list) {
2170                 /* Non fragmented */
2171                 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
2172
2173                 skb_queue_tail(queue, skb);
2174         } else {
2175                 /* Fragmented */
2176                 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2177
2178                 skb_shinfo(skb)->frag_list = NULL;
2179
2180                 /* Queue all fragments atomically */
2181                 spin_lock(&queue->lock);
2182
2183                 __skb_queue_tail(queue, skb);
2184
2185                 flags &= ~ACL_START;
2186                 flags |= ACL_CONT;
2187                 do {
2188                         skb = list; list = list->next;
2189
2190                         skb->dev = (void *) hdev;
2191                         bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2192                         hci_add_acl_hdr(skb, conn->handle, flags);
2193
2194                         BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2195
2196                         __skb_queue_tail(queue, skb);
2197                 } while (list);
2198
2199                 spin_unlock(&queue->lock);
2200         }
2201 }
2202
2203 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2204 {
2205         struct hci_conn *conn = chan->conn;
2206         struct hci_dev *hdev = conn->hdev;
2207
2208         BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
2209
2210         skb->dev = (void *) hdev;
2211
2212         hci_queue_acl(conn, &chan->data_q, skb, flags);
2213
2214         queue_work(hdev->workqueue, &hdev->tx_work);
2215 }
2216
2217 /* Send SCO data */
2218 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
2219 {
2220         struct hci_dev *hdev = conn->hdev;
2221         struct hci_sco_hdr hdr;
2222
2223         BT_DBG("%s len %d", hdev->name, skb->len);
2224
2225         hdr.handle = cpu_to_le16(conn->handle);
2226         hdr.dlen   = skb->len;
2227
2228         skb_push(skb, HCI_SCO_HDR_SIZE);
2229         skb_reset_transport_header(skb);
2230         memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
2231
2232         skb->dev = (void *) hdev;
2233         bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
2234
2235         skb_queue_tail(&conn->data_q, skb);
2236         queue_work(hdev->workqueue, &hdev->tx_work);
2237 }
2238
2239 /* ---- HCI TX task (outgoing data) ---- */
2240
2241 /* HCI Connection scheduler */
2242 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
2243                                      int *quote)
2244 {
2245         struct hci_conn_hash *h = &hdev->conn_hash;
2246         struct hci_conn *conn = NULL, *c;
2247         unsigned int num = 0, min = ~0;
2248
2249         /* We don't have to lock device here. Connections are always
2250          * added and removed with TX task disabled. */
2251
2252         rcu_read_lock();
2253
2254         list_for_each_entry_rcu(c, &h->list, list) {
2255                 if (c->type != type || skb_queue_empty(&c->data_q))
2256                         continue;
2257
2258                 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2259                         continue;
2260
2261                 num++;
2262
2263                 if (c->sent < min) {
2264                         min  = c->sent;
2265                         conn = c;
2266                 }
2267
2268                 if (hci_conn_num(hdev, type) == num)
2269                         break;
2270         }
2271
2272         rcu_read_unlock();
2273
2274         if (conn) {
2275                 int cnt, q;
2276
2277                 switch (conn->type) {
2278                 case ACL_LINK:
2279                         cnt = hdev->acl_cnt;
2280                         break;
2281                 case SCO_LINK:
2282                 case ESCO_LINK:
2283                         cnt = hdev->sco_cnt;
2284                         break;
2285                 case LE_LINK:
2286                         cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2287                         break;
2288                 default:
2289                         cnt = 0;
2290                         BT_ERR("Unknown link type");
2291                 }
2292
2293                 q = cnt / num;
2294                 *quote = q ? q : 1;
2295         } else
2296                 *quote = 0;
2297
2298         BT_DBG("conn %p quote %d", conn, *quote);
2299         return conn;
2300 }
2301
2302 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2303 {
2304         struct hci_conn_hash *h = &hdev->conn_hash;
2305         struct hci_conn *c;
2306
2307         BT_ERR("%s link tx timeout", hdev->name);
2308
2309         rcu_read_lock();
2310
2311         /* Kill stalled connections */
2312         list_for_each_entry_rcu(c, &h->list, list) {
2313                 if (c->type == type && c->sent) {
2314                         BT_ERR("%s killing stalled connection %s",
2315                                hdev->name, batostr(&c->dst));
2316                         hci_acl_disconn(c, HCI_ERROR_REMOTE_USER_TERM);
2317                 }
2318         }
2319
2320         rcu_read_unlock();
2321 }
2322
2323 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2324                                       int *quote)
2325 {
2326         struct hci_conn_hash *h = &hdev->conn_hash;
2327         struct hci_chan *chan = NULL;
2328         unsigned int num = 0, min = ~0, cur_prio = 0;
2329         struct hci_conn *conn;
2330         int cnt, q, conn_num = 0;
2331
2332         BT_DBG("%s", hdev->name);
2333
2334         rcu_read_lock();
2335
2336         list_for_each_entry_rcu(conn, &h->list, list) {
2337                 struct hci_chan *tmp;
2338
2339                 if (conn->type != type)
2340                         continue;
2341
2342                 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2343                         continue;
2344
2345                 conn_num++;
2346
2347                 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
2348                         struct sk_buff *skb;
2349
2350                         if (skb_queue_empty(&tmp->data_q))
2351                                 continue;
2352
2353                         skb = skb_peek(&tmp->data_q);
2354                         if (skb->priority < cur_prio)
2355                                 continue;
2356
2357                         if (skb->priority > cur_prio) {
2358                                 num = 0;
2359                                 min = ~0;
2360                                 cur_prio = skb->priority;
2361                         }
2362
2363                         num++;
2364
2365                         if (conn->sent < min) {
2366                                 min  = conn->sent;
2367                                 chan = tmp;
2368                         }
2369                 }
2370
2371                 if (hci_conn_num(hdev, type) == conn_num)
2372                         break;
2373         }
2374
2375         rcu_read_unlock();
2376
2377         if (!chan)
2378                 return NULL;
2379
2380         switch (chan->conn->type) {
2381         case ACL_LINK:
2382                 cnt = hdev->acl_cnt;
2383                 break;
2384         case SCO_LINK:
2385         case ESCO_LINK:
2386                 cnt = hdev->sco_cnt;
2387                 break;
2388         case LE_LINK:
2389                 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2390                 break;
2391         default:
2392                 cnt = 0;
2393                 BT_ERR("Unknown link type");
2394         }
2395
2396         q = cnt / num;
2397         *quote = q ? q : 1;
2398         BT_DBG("chan %p quote %d", chan, *quote);
2399         return chan;
2400 }
2401
2402 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2403 {
2404         struct hci_conn_hash *h = &hdev->conn_hash;
2405         struct hci_conn *conn;
2406         int num = 0;
2407
2408         BT_DBG("%s", hdev->name);
2409
2410         rcu_read_lock();
2411
2412         list_for_each_entry_rcu(conn, &h->list, list) {
2413                 struct hci_chan *chan;
2414
2415                 if (conn->type != type)
2416                         continue;
2417
2418                 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2419                         continue;
2420
2421                 num++;
2422
2423                 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
2424                         struct sk_buff *skb;
2425
2426                         if (chan->sent) {
2427                                 chan->sent = 0;
2428                                 continue;
2429                         }
2430
2431                         if (skb_queue_empty(&chan->data_q))
2432                                 continue;
2433
2434                         skb = skb_peek(&chan->data_q);
2435                         if (skb->priority >= HCI_PRIO_MAX - 1)
2436                                 continue;
2437
2438                         skb->priority = HCI_PRIO_MAX - 1;
2439
2440                         BT_DBG("chan %p skb %p promoted to %d", chan, skb,
2441                                skb->priority);
2442                 }
2443
2444                 if (hci_conn_num(hdev, type) == num)
2445                         break;
2446         }
2447
2448         rcu_read_unlock();
2449
2450 }
2451
2452 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
2453 {
2454         /* Calculate count of blocks used by this packet */
2455         return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
2456 }
2457
2458 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
2459 {
2460         if (!test_bit(HCI_RAW, &hdev->flags)) {
2461                 /* ACL tx timeout must be longer than maximum
2462                  * link supervision timeout (40.9 seconds) */
2463                 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
2464                                        HCI_ACL_TX_TIMEOUT))
2465                         hci_link_tx_to(hdev, ACL_LINK);
2466         }
2467 }
2468
2469 static void hci_sched_acl_pkt(struct hci_dev *hdev)
2470 {
2471         unsigned int cnt = hdev->acl_cnt;
2472         struct hci_chan *chan;
2473         struct sk_buff *skb;
2474         int quote;
2475
2476         __check_timeout(hdev, cnt);
2477
2478         while (hdev->acl_cnt &&
2479                (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) {
2480                 u32 priority = (skb_peek(&chan->data_q))->priority;
2481                 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2482                         BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2483                                skb->len, skb->priority);
2484
2485                         /* Stop if priority has changed */
2486                         if (skb->priority < priority)
2487                                 break;
2488
2489                         skb = skb_dequeue(&chan->data_q);
2490
2491                         hci_conn_enter_active_mode(chan->conn,
2492                                                    bt_cb(skb)->force_active);
2493
2494                         hci_send_frame(skb);
2495                         hdev->acl_last_tx = jiffies;
2496
2497                         hdev->acl_cnt--;
2498                         chan->sent++;
2499                         chan->conn->sent++;
2500                 }
2501         }
2502
2503         if (cnt != hdev->acl_cnt)
2504                 hci_prio_recalculate(hdev, ACL_LINK);
2505 }
2506
2507 static void hci_sched_acl_blk(struct hci_dev *hdev)
2508 {
2509         unsigned int cnt = hdev->block_cnt;
2510         struct hci_chan *chan;
2511         struct sk_buff *skb;
2512         int quote;
2513
2514         __check_timeout(hdev, cnt);
2515
2516         while (hdev->block_cnt > 0 &&
2517                (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) {
2518                 u32 priority = (skb_peek(&chan->data_q))->priority;
2519                 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
2520                         int blocks;
2521
2522                         BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2523                                skb->len, skb->priority);
2524
2525                         /* Stop if priority has changed */
2526                         if (skb->priority < priority)
2527                                 break;
2528
2529                         skb = skb_dequeue(&chan->data_q);
2530
2531                         blocks = __get_blocks(hdev, skb);
2532                         if (blocks > hdev->block_cnt)
2533                                 return;
2534
2535                         hci_conn_enter_active_mode(chan->conn,
2536                                                    bt_cb(skb)->force_active);
2537
2538                         hci_send_frame(skb);
2539                         hdev->acl_last_tx = jiffies;
2540
2541                         hdev->block_cnt -= blocks;
2542                         quote -= blocks;
2543
2544                         chan->sent += blocks;
2545                         chan->conn->sent += blocks;
2546                 }
2547         }
2548
2549         if (cnt != hdev->block_cnt)
2550                 hci_prio_recalculate(hdev, ACL_LINK);
2551 }
2552
2553 static void hci_sched_acl(struct hci_dev *hdev)
2554 {
2555         BT_DBG("%s", hdev->name);
2556
2557         if (!hci_conn_num(hdev, ACL_LINK))
2558                 return;
2559
2560         switch (hdev->flow_ctl_mode) {
2561         case HCI_FLOW_CTL_MODE_PACKET_BASED:
2562                 hci_sched_acl_pkt(hdev);
2563                 break;
2564
2565         case HCI_FLOW_CTL_MODE_BLOCK_BASED:
2566                 hci_sched_acl_blk(hdev);
2567                 break;
2568         }
2569 }
2570
2571 /* Schedule SCO */
2572 static void hci_sched_sco(struct hci_dev *hdev)
2573 {
2574         struct hci_conn *conn;
2575         struct sk_buff *skb;
2576         int quote;
2577
2578         BT_DBG("%s", hdev->name);
2579
2580         if (!hci_conn_num(hdev, SCO_LINK))
2581                 return;
2582
2583         while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, &quote))) {
2584                 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2585                         BT_DBG("skb %p len %d", skb, skb->len);
2586                         hci_send_frame(skb);
2587
2588                         conn->sent++;
2589                         if (conn->sent == ~0)
2590                                 conn->sent = 0;
2591                 }
2592         }
2593 }
2594
2595 static void hci_sched_esco(struct hci_dev *hdev)
2596 {
2597         struct hci_conn *conn;
2598         struct sk_buff *skb;
2599         int quote;
2600
2601         BT_DBG("%s", hdev->name);
2602
2603         if (!hci_conn_num(hdev, ESCO_LINK))
2604                 return;
2605
2606         while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
2607                                                      &quote))) {
2608                 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2609                         BT_DBG("skb %p len %d", skb, skb->len);
2610                         hci_send_frame(skb);
2611
2612                         conn->sent++;
2613                         if (conn->sent == ~0)
2614                                 conn->sent = 0;
2615                 }
2616         }
2617 }
2618
2619 static void hci_sched_le(struct hci_dev *hdev)
2620 {
2621         struct hci_chan *chan;
2622         struct sk_buff *skb;
2623         int quote, cnt, tmp;
2624
2625         BT_DBG("%s", hdev->name);
2626
2627         if (!hci_conn_num(hdev, LE_LINK))
2628                 return;
2629
2630         if (!test_bit(HCI_RAW, &hdev->flags)) {
2631                 /* LE tx timeout must be longer than maximum
2632                  * link supervision timeout (40.9 seconds) */
2633                 if (!hdev->le_cnt && hdev->le_pkts &&
2634                     time_after(jiffies, hdev->le_last_tx + HZ * 45))
2635                         hci_link_tx_to(hdev, LE_LINK);
2636         }
2637
2638         cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
2639         tmp = cnt;
2640         while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, &quote))) {
2641                 u32 priority = (skb_peek(&chan->data_q))->priority;
2642                 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2643                         BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2644                                skb->len, skb->priority);
2645
2646                         /* Stop if priority has changed */
2647                         if (skb->priority < priority)
2648                                 break;
2649
2650                         skb = skb_dequeue(&chan->data_q);
2651
2652                         hci_send_frame(skb);
2653                         hdev->le_last_tx = jiffies;
2654
2655                         cnt--;
2656                         chan->sent++;
2657                         chan->conn->sent++;
2658                 }
2659         }
2660
2661         if (hdev->le_pkts)
2662                 hdev->le_cnt = cnt;
2663         else
2664                 hdev->acl_cnt = cnt;
2665
2666         if (cnt != tmp)
2667                 hci_prio_recalculate(hdev, LE_LINK);
2668 }
2669
2670 static void hci_tx_work(struct work_struct *work)
2671 {
2672         struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
2673         struct sk_buff *skb;
2674
2675         BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
2676                hdev->sco_cnt, hdev->le_cnt);
2677
2678         /* Schedule queues and send stuff to HCI driver */
2679
2680         hci_sched_acl(hdev);
2681
2682         hci_sched_sco(hdev);
2683
2684         hci_sched_esco(hdev);
2685
2686         hci_sched_le(hdev);
2687
2688         /* Send next queued raw (unknown type) packet */
2689         while ((skb = skb_dequeue(&hdev->raw_q)))
2690                 hci_send_frame(skb);
2691 }
2692
2693 /* ----- HCI RX task (incoming data processing) ----- */
2694
2695 /* ACL data packet */
2696 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2697 {
2698         struct hci_acl_hdr *hdr = (void *) skb->data;
2699         struct hci_conn *conn;
2700         __u16 handle, flags;
2701
2702         skb_pull(skb, HCI_ACL_HDR_SIZE);
2703
2704         handle = __le16_to_cpu(hdr->handle);
2705         flags  = hci_flags(handle);
2706         handle = hci_handle(handle);
2707
2708         BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
2709                handle, flags);
2710
2711         hdev->stat.acl_rx++;
2712
2713         hci_dev_lock(hdev);
2714         conn = hci_conn_hash_lookup_handle(hdev, handle);
2715         hci_dev_unlock(hdev);
2716
2717         if (conn) {
2718                 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
2719
2720                 hci_dev_lock(hdev);
2721                 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
2722                     !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2723                         mgmt_device_connected(hdev, &conn->dst, conn->type,
2724                                               conn->dst_type, 0, NULL, 0,
2725                                               conn->dev_class);
2726                 hci_dev_unlock(hdev);
2727
2728                 /* Send to upper protocol */
2729                 l2cap_recv_acldata(conn, skb, flags);
2730                 return;
2731         } else {
2732                 BT_ERR("%s ACL packet for unknown connection handle %d",
2733                        hdev->name, handle);
2734         }
2735
2736         kfree_skb(skb);
2737 }
2738
2739 /* SCO data packet */
2740 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2741 {
2742         struct hci_sco_hdr *hdr = (void *) skb->data;
2743         struct hci_conn *conn;
2744         __u16 handle;
2745
2746         skb_pull(skb, HCI_SCO_HDR_SIZE);
2747
2748         handle = __le16_to_cpu(hdr->handle);
2749
2750         BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
2751
2752         hdev->stat.sco_rx++;
2753
2754         hci_dev_lock(hdev);
2755         conn = hci_conn_hash_lookup_handle(hdev, handle);
2756         hci_dev_unlock(hdev);
2757
2758         if (conn) {
2759                 /* Send to upper protocol */
2760                 sco_recv_scodata(conn, skb);
2761                 return;
2762         } else {
2763                 BT_ERR("%s SCO packet for unknown connection handle %d",
2764                        hdev->name, handle);
2765         }
2766
2767         kfree_skb(skb);
2768 }
2769
2770 static void hci_rx_work(struct work_struct *work)
2771 {
2772         struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
2773         struct sk_buff *skb;
2774
2775         BT_DBG("%s", hdev->name);
2776
2777         while ((skb = skb_dequeue(&hdev->rx_q))) {
2778                 /* Send copy to monitor */
2779                 hci_send_to_monitor(hdev, skb);
2780
2781                 if (atomic_read(&hdev->promisc)) {
2782                         /* Send copy to the sockets */
2783                         hci_send_to_sock(hdev, skb);
2784                 }
2785
2786                 if (test_bit(HCI_RAW, &hdev->flags)) {
2787                         kfree_skb(skb);
2788                         continue;
2789                 }
2790
2791                 if (test_bit(HCI_INIT, &hdev->flags)) {
2792                         /* Don't process data packets in this states. */
2793                         switch (bt_cb(skb)->pkt_type) {
2794                         case HCI_ACLDATA_PKT:
2795                         case HCI_SCODATA_PKT:
2796                                 kfree_skb(skb);
2797                                 continue;
2798                         }
2799                 }
2800
2801                 /* Process frame */
2802                 switch (bt_cb(skb)->pkt_type) {
2803                 case HCI_EVENT_PKT:
2804                         BT_DBG("%s Event packet", hdev->name);
2805                         hci_event_packet(hdev, skb);
2806                         break;
2807
2808                 case HCI_ACLDATA_PKT:
2809                         BT_DBG("%s ACL data packet", hdev->name);
2810                         hci_acldata_packet(hdev, skb);
2811                         break;
2812
2813                 case HCI_SCODATA_PKT:
2814                         BT_DBG("%s SCO data packet", hdev->name);
2815                         hci_scodata_packet(hdev, skb);
2816                         break;
2817
2818                 default:
2819                         kfree_skb(skb);
2820                         break;
2821                 }
2822         }
2823 }
2824
2825 static void hci_cmd_work(struct work_struct *work)
2826 {
2827         struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
2828         struct sk_buff *skb;
2829
2830         BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
2831                atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
2832
2833         /* Send queued commands */
2834         if (atomic_read(&hdev->cmd_cnt)) {
2835                 skb = skb_dequeue(&hdev->cmd_q);
2836                 if (!skb)
2837                         return;
2838
2839                 kfree_skb(hdev->sent_cmd);
2840
2841                 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
2842                 if (hdev->sent_cmd) {
2843                         atomic_dec(&hdev->cmd_cnt);
2844                         hci_send_frame(skb);
2845                         if (test_bit(HCI_RESET, &hdev->flags))
2846                                 del_timer(&hdev->cmd_timer);
2847                         else
2848                                 mod_timer(&hdev->cmd_timer,
2849                                           jiffies + HCI_CMD_TIMEOUT);
2850                 } else {
2851                         skb_queue_head(&hdev->cmd_q, skb);
2852                         queue_work(hdev->workqueue, &hdev->cmd_work);
2853                 }
2854         }
2855 }
2856
2857 int hci_do_inquiry(struct hci_dev *hdev, u8 length)
2858 {
2859         /* General inquiry access code (GIAC) */
2860         u8 lap[3] = { 0x33, 0x8b, 0x9e };
2861         struct hci_cp_inquiry cp;
2862
2863         BT_DBG("%s", hdev->name);
2864
2865         if (test_bit(HCI_INQUIRY, &hdev->flags))
2866                 return -EINPROGRESS;
2867
2868         inquiry_cache_flush(hdev);
2869
2870         memset(&cp, 0, sizeof(cp));
2871         memcpy(&cp.lap, lap, sizeof(cp.lap));
2872         cp.length  = length;
2873
2874         return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
2875 }
2876
2877 int hci_cancel_inquiry(struct hci_dev *hdev)
2878 {
2879         BT_DBG("%s", hdev->name);
2880
2881         if (!test_bit(HCI_INQUIRY, &hdev->flags))
2882                 return -EALREADY;
2883
2884         return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2885 }
2886
2887 u8 bdaddr_to_le(u8 bdaddr_type)
2888 {
2889         switch (bdaddr_type) {
2890         case BDADDR_LE_PUBLIC:
2891                 return ADDR_LE_DEV_PUBLIC;
2892
2893         default:
2894                 /* Fallback to LE Random address type */
2895                 return ADDR_LE_DEV_RANDOM;
2896         }
2897 }
Linux kernel for KaRo TX COM modules