2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/export.h>
29 #include <linux/idr.h>
30 #include <linux/rfkill.h>
31 #include <linux/debugfs.h>
32 #include <linux/crypto.h>
33 #include <asm/unaligned.h>
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37 #include <net/bluetooth/l2cap.h>
38 #include <net/bluetooth/mgmt.h>
42 static void hci_rx_work(struct work_struct *work);
43 static void hci_cmd_work(struct work_struct *work);
44 static void hci_tx_work(struct work_struct *work);
47 LIST_HEAD(hci_dev_list);
48 DEFINE_RWLOCK(hci_dev_list_lock);
50 /* HCI callback list */
51 LIST_HEAD(hci_cb_list);
52 DEFINE_RWLOCK(hci_cb_list_lock);
54 /* HCI ID Numbering */
55 static DEFINE_IDA(hci_index_ida);
57 /* ----- HCI requests ----- */
59 #define HCI_REQ_DONE 0
60 #define HCI_REQ_PEND 1
61 #define HCI_REQ_CANCELED 2
63 #define hci_req_lock(d) mutex_lock(&d->req_lock)
64 #define hci_req_unlock(d) mutex_unlock(&d->req_lock)
66 /* ---- HCI notifications ---- */
68 static void hci_notify(struct hci_dev *hdev, int event)
70 hci_sock_dev_event(hdev, event);
73 /* ---- HCI debugfs entries ---- */
75 static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
76 size_t count, loff_t *ppos)
78 struct hci_dev *hdev = file->private_data;
81 buf[0] = test_bit(HCI_DUT_MODE, &hdev->dbg_flags) ? 'Y': 'N';
84 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
87 static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
88 size_t count, loff_t *ppos)
90 struct hci_dev *hdev = file->private_data;
93 size_t buf_size = min(count, (sizeof(buf)-1));
97 if (!test_bit(HCI_UP, &hdev->flags))
100 if (copy_from_user(buf, user_buf, buf_size))
103 buf[buf_size] = '\0';
104 if (strtobool(buf, &enable))
107 if (enable == test_bit(HCI_DUT_MODE, &hdev->dbg_flags))
112 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
115 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
117 hci_req_unlock(hdev);
122 err = -bt_to_errno(skb->data[0]);
128 change_bit(HCI_DUT_MODE, &hdev->dbg_flags);
133 static const struct file_operations dut_mode_fops = {
135 .read = dut_mode_read,
136 .write = dut_mode_write,
137 .llseek = default_llseek,
140 static int features_show(struct seq_file *f, void *ptr)
142 struct hci_dev *hdev = f->private;
146 for (p = 0; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
147 seq_printf(f, "%2u: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x "
148 "0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n", p,
149 hdev->features[p][0], hdev->features[p][1],
150 hdev->features[p][2], hdev->features[p][3],
151 hdev->features[p][4], hdev->features[p][5],
152 hdev->features[p][6], hdev->features[p][7]);
154 if (lmp_le_capable(hdev))
155 seq_printf(f, "LE: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x "
156 "0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n",
157 hdev->le_features[0], hdev->le_features[1],
158 hdev->le_features[2], hdev->le_features[3],
159 hdev->le_features[4], hdev->le_features[5],
160 hdev->le_features[6], hdev->le_features[7]);
161 hci_dev_unlock(hdev);
166 static int features_open(struct inode *inode, struct file *file)
168 return single_open(file, features_show, inode->i_private);
171 static const struct file_operations features_fops = {
172 .open = features_open,
175 .release = single_release,
178 static int blacklist_show(struct seq_file *f, void *p)
180 struct hci_dev *hdev = f->private;
181 struct bdaddr_list *b;
184 list_for_each_entry(b, &hdev->blacklist, list)
185 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
186 hci_dev_unlock(hdev);
191 static int blacklist_open(struct inode *inode, struct file *file)
193 return single_open(file, blacklist_show, inode->i_private);
196 static const struct file_operations blacklist_fops = {
197 .open = blacklist_open,
200 .release = single_release,
203 static int whitelist_show(struct seq_file *f, void *p)
205 struct hci_dev *hdev = f->private;
206 struct bdaddr_list *b;
209 list_for_each_entry(b, &hdev->whitelist, list)
210 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
211 hci_dev_unlock(hdev);
216 static int whitelist_open(struct inode *inode, struct file *file)
218 return single_open(file, whitelist_show, inode->i_private);
221 static const struct file_operations whitelist_fops = {
222 .open = whitelist_open,
225 .release = single_release,
228 static int uuids_show(struct seq_file *f, void *p)
230 struct hci_dev *hdev = f->private;
231 struct bt_uuid *uuid;
234 list_for_each_entry(uuid, &hdev->uuids, list) {
237 /* The Bluetooth UUID values are stored in big endian,
238 * but with reversed byte order. So convert them into
239 * the right order for the %pUb modifier.
241 for (i = 0; i < 16; i++)
242 val[i] = uuid->uuid[15 - i];
244 seq_printf(f, "%pUb\n", val);
246 hci_dev_unlock(hdev);
251 static int uuids_open(struct inode *inode, struct file *file)
253 return single_open(file, uuids_show, inode->i_private);
256 static const struct file_operations uuids_fops = {
260 .release = single_release,
263 static int inquiry_cache_show(struct seq_file *f, void *p)
265 struct hci_dev *hdev = f->private;
266 struct discovery_state *cache = &hdev->discovery;
267 struct inquiry_entry *e;
271 list_for_each_entry(e, &cache->all, all) {
272 struct inquiry_data *data = &e->data;
273 seq_printf(f, "%pMR %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n",
275 data->pscan_rep_mode, data->pscan_period_mode,
276 data->pscan_mode, data->dev_class[2],
277 data->dev_class[1], data->dev_class[0],
278 __le16_to_cpu(data->clock_offset),
279 data->rssi, data->ssp_mode, e->timestamp);
282 hci_dev_unlock(hdev);
287 static int inquiry_cache_open(struct inode *inode, struct file *file)
289 return single_open(file, inquiry_cache_show, inode->i_private);
292 static const struct file_operations inquiry_cache_fops = {
293 .open = inquiry_cache_open,
296 .release = single_release,
299 static int link_keys_show(struct seq_file *f, void *ptr)
301 struct hci_dev *hdev = f->private;
302 struct list_head *p, *n;
305 list_for_each_safe(p, n, &hdev->link_keys) {
306 struct link_key *key = list_entry(p, struct link_key, list);
307 seq_printf(f, "%pMR %u %*phN %u\n", &key->bdaddr, key->type,
308 HCI_LINK_KEY_SIZE, key->val, key->pin_len);
310 hci_dev_unlock(hdev);
315 static int link_keys_open(struct inode *inode, struct file *file)
317 return single_open(file, link_keys_show, inode->i_private);
320 static const struct file_operations link_keys_fops = {
321 .open = link_keys_open,
324 .release = single_release,
327 static int dev_class_show(struct seq_file *f, void *ptr)
329 struct hci_dev *hdev = f->private;
332 seq_printf(f, "0x%.2x%.2x%.2x\n", hdev->dev_class[2],
333 hdev->dev_class[1], hdev->dev_class[0]);
334 hci_dev_unlock(hdev);
339 static int dev_class_open(struct inode *inode, struct file *file)
341 return single_open(file, dev_class_show, inode->i_private);
344 static const struct file_operations dev_class_fops = {
345 .open = dev_class_open,
348 .release = single_release,
351 static int voice_setting_get(void *data, u64 *val)
353 struct hci_dev *hdev = data;
356 *val = hdev->voice_setting;
357 hci_dev_unlock(hdev);
362 DEFINE_SIMPLE_ATTRIBUTE(voice_setting_fops, voice_setting_get,
363 NULL, "0x%4.4llx\n");
365 static int auto_accept_delay_set(void *data, u64 val)
367 struct hci_dev *hdev = data;
370 hdev->auto_accept_delay = val;
371 hci_dev_unlock(hdev);
376 static int auto_accept_delay_get(void *data, u64 *val)
378 struct hci_dev *hdev = data;
381 *val = hdev->auto_accept_delay;
382 hci_dev_unlock(hdev);
387 DEFINE_SIMPLE_ATTRIBUTE(auto_accept_delay_fops, auto_accept_delay_get,
388 auto_accept_delay_set, "%llu\n");
390 static ssize_t force_sc_support_read(struct file *file, char __user *user_buf,
391 size_t count, loff_t *ppos)
393 struct hci_dev *hdev = file->private_data;
396 buf[0] = test_bit(HCI_FORCE_SC, &hdev->dbg_flags) ? 'Y': 'N';
399 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
402 static ssize_t force_sc_support_write(struct file *file,
403 const char __user *user_buf,
404 size_t count, loff_t *ppos)
406 struct hci_dev *hdev = file->private_data;
408 size_t buf_size = min(count, (sizeof(buf)-1));
411 if (test_bit(HCI_UP, &hdev->flags))
414 if (copy_from_user(buf, user_buf, buf_size))
417 buf[buf_size] = '\0';
418 if (strtobool(buf, &enable))
421 if (enable == test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
424 change_bit(HCI_FORCE_SC, &hdev->dbg_flags);
429 static const struct file_operations force_sc_support_fops = {
431 .read = force_sc_support_read,
432 .write = force_sc_support_write,
433 .llseek = default_llseek,
436 static ssize_t sc_only_mode_read(struct file *file, char __user *user_buf,
437 size_t count, loff_t *ppos)
439 struct hci_dev *hdev = file->private_data;
442 buf[0] = test_bit(HCI_SC_ONLY, &hdev->dev_flags) ? 'Y': 'N';
445 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
448 static const struct file_operations sc_only_mode_fops = {
450 .read = sc_only_mode_read,
451 .llseek = default_llseek,
454 static int idle_timeout_set(void *data, u64 val)
456 struct hci_dev *hdev = data;
458 if (val != 0 && (val < 500 || val > 3600000))
462 hdev->idle_timeout = val;
463 hci_dev_unlock(hdev);
468 static int idle_timeout_get(void *data, u64 *val)
470 struct hci_dev *hdev = data;
473 *val = hdev->idle_timeout;
474 hci_dev_unlock(hdev);
479 DEFINE_SIMPLE_ATTRIBUTE(idle_timeout_fops, idle_timeout_get,
480 idle_timeout_set, "%llu\n");
482 static int rpa_timeout_set(void *data, u64 val)
484 struct hci_dev *hdev = data;
486 /* Require the RPA timeout to be at least 30 seconds and at most
489 if (val < 30 || val > (60 * 60 * 24))
493 hdev->rpa_timeout = val;
494 hci_dev_unlock(hdev);
499 static int rpa_timeout_get(void *data, u64 *val)
501 struct hci_dev *hdev = data;
504 *val = hdev->rpa_timeout;
505 hci_dev_unlock(hdev);
510 DEFINE_SIMPLE_ATTRIBUTE(rpa_timeout_fops, rpa_timeout_get,
511 rpa_timeout_set, "%llu\n");
513 static int sniff_min_interval_set(void *data, u64 val)
515 struct hci_dev *hdev = data;
517 if (val == 0 || val % 2 || val > hdev->sniff_max_interval)
521 hdev->sniff_min_interval = val;
522 hci_dev_unlock(hdev);
527 static int sniff_min_interval_get(void *data, u64 *val)
529 struct hci_dev *hdev = data;
532 *val = hdev->sniff_min_interval;
533 hci_dev_unlock(hdev);
538 DEFINE_SIMPLE_ATTRIBUTE(sniff_min_interval_fops, sniff_min_interval_get,
539 sniff_min_interval_set, "%llu\n");
541 static int sniff_max_interval_set(void *data, u64 val)
543 struct hci_dev *hdev = data;
545 if (val == 0 || val % 2 || val < hdev->sniff_min_interval)
549 hdev->sniff_max_interval = val;
550 hci_dev_unlock(hdev);
555 static int sniff_max_interval_get(void *data, u64 *val)
557 struct hci_dev *hdev = data;
560 *val = hdev->sniff_max_interval;
561 hci_dev_unlock(hdev);
566 DEFINE_SIMPLE_ATTRIBUTE(sniff_max_interval_fops, sniff_max_interval_get,
567 sniff_max_interval_set, "%llu\n");
569 static int conn_info_min_age_set(void *data, u64 val)
571 struct hci_dev *hdev = data;
573 if (val == 0 || val > hdev->conn_info_max_age)
577 hdev->conn_info_min_age = val;
578 hci_dev_unlock(hdev);
583 static int conn_info_min_age_get(void *data, u64 *val)
585 struct hci_dev *hdev = data;
588 *val = hdev->conn_info_min_age;
589 hci_dev_unlock(hdev);
594 DEFINE_SIMPLE_ATTRIBUTE(conn_info_min_age_fops, conn_info_min_age_get,
595 conn_info_min_age_set, "%llu\n");
597 static int conn_info_max_age_set(void *data, u64 val)
599 struct hci_dev *hdev = data;
601 if (val == 0 || val < hdev->conn_info_min_age)
605 hdev->conn_info_max_age = val;
606 hci_dev_unlock(hdev);
611 static int conn_info_max_age_get(void *data, u64 *val)
613 struct hci_dev *hdev = data;
616 *val = hdev->conn_info_max_age;
617 hci_dev_unlock(hdev);
622 DEFINE_SIMPLE_ATTRIBUTE(conn_info_max_age_fops, conn_info_max_age_get,
623 conn_info_max_age_set, "%llu\n");
625 static int identity_show(struct seq_file *f, void *p)
627 struct hci_dev *hdev = f->private;
633 hci_copy_identity_address(hdev, &addr, &addr_type);
635 seq_printf(f, "%pMR (type %u) %*phN %pMR\n", &addr, addr_type,
636 16, hdev->irk, &hdev->rpa);
638 hci_dev_unlock(hdev);
643 static int identity_open(struct inode *inode, struct file *file)
645 return single_open(file, identity_show, inode->i_private);
648 static const struct file_operations identity_fops = {
649 .open = identity_open,
652 .release = single_release,
655 static int random_address_show(struct seq_file *f, void *p)
657 struct hci_dev *hdev = f->private;
660 seq_printf(f, "%pMR\n", &hdev->random_addr);
661 hci_dev_unlock(hdev);
666 static int random_address_open(struct inode *inode, struct file *file)
668 return single_open(file, random_address_show, inode->i_private);
671 static const struct file_operations random_address_fops = {
672 .open = random_address_open,
675 .release = single_release,
678 static int static_address_show(struct seq_file *f, void *p)
680 struct hci_dev *hdev = f->private;
683 seq_printf(f, "%pMR\n", &hdev->static_addr);
684 hci_dev_unlock(hdev);
689 static int static_address_open(struct inode *inode, struct file *file)
691 return single_open(file, static_address_show, inode->i_private);
694 static const struct file_operations static_address_fops = {
695 .open = static_address_open,
698 .release = single_release,
701 static ssize_t force_static_address_read(struct file *file,
702 char __user *user_buf,
703 size_t count, loff_t *ppos)
705 struct hci_dev *hdev = file->private_data;
708 buf[0] = test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ? 'Y': 'N';
711 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
714 static ssize_t force_static_address_write(struct file *file,
715 const char __user *user_buf,
716 size_t count, loff_t *ppos)
718 struct hci_dev *hdev = file->private_data;
720 size_t buf_size = min(count, (sizeof(buf)-1));
723 if (test_bit(HCI_UP, &hdev->flags))
726 if (copy_from_user(buf, user_buf, buf_size))
729 buf[buf_size] = '\0';
730 if (strtobool(buf, &enable))
733 if (enable == test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags))
736 change_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags);
741 static const struct file_operations force_static_address_fops = {
743 .read = force_static_address_read,
744 .write = force_static_address_write,
745 .llseek = default_llseek,
748 static int white_list_show(struct seq_file *f, void *ptr)
750 struct hci_dev *hdev = f->private;
751 struct bdaddr_list *b;
754 list_for_each_entry(b, &hdev->le_white_list, list)
755 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
756 hci_dev_unlock(hdev);
761 static int white_list_open(struct inode *inode, struct file *file)
763 return single_open(file, white_list_show, inode->i_private);
766 static const struct file_operations white_list_fops = {
767 .open = white_list_open,
770 .release = single_release,
773 static int identity_resolving_keys_show(struct seq_file *f, void *ptr)
775 struct hci_dev *hdev = f->private;
776 struct list_head *p, *n;
779 list_for_each_safe(p, n, &hdev->identity_resolving_keys) {
780 struct smp_irk *irk = list_entry(p, struct smp_irk, list);
781 seq_printf(f, "%pMR (type %u) %*phN %pMR\n",
782 &irk->bdaddr, irk->addr_type,
783 16, irk->val, &irk->rpa);
785 hci_dev_unlock(hdev);
790 static int identity_resolving_keys_open(struct inode *inode, struct file *file)
792 return single_open(file, identity_resolving_keys_show,
796 static const struct file_operations identity_resolving_keys_fops = {
797 .open = identity_resolving_keys_open,
800 .release = single_release,
803 static int long_term_keys_show(struct seq_file *f, void *ptr)
805 struct hci_dev *hdev = f->private;
806 struct list_head *p, *n;
809 list_for_each_safe(p, n, &hdev->long_term_keys) {
810 struct smp_ltk *ltk = list_entry(p, struct smp_ltk, list);
811 seq_printf(f, "%pMR (type %u) %u 0x%02x %u %.4x %.16llx %*phN\n",
812 <k->bdaddr, ltk->bdaddr_type, ltk->authenticated,
813 ltk->type, ltk->enc_size, __le16_to_cpu(ltk->ediv),
814 __le64_to_cpu(ltk->rand), 16, ltk->val);
816 hci_dev_unlock(hdev);
821 static int long_term_keys_open(struct inode *inode, struct file *file)
823 return single_open(file, long_term_keys_show, inode->i_private);
826 static const struct file_operations long_term_keys_fops = {
827 .open = long_term_keys_open,
830 .release = single_release,
833 static int conn_min_interval_set(void *data, u64 val)
835 struct hci_dev *hdev = data;
837 if (val < 0x0006 || val > 0x0c80 || val > hdev->le_conn_max_interval)
841 hdev->le_conn_min_interval = val;
842 hci_dev_unlock(hdev);
847 static int conn_min_interval_get(void *data, u64 *val)
849 struct hci_dev *hdev = data;
852 *val = hdev->le_conn_min_interval;
853 hci_dev_unlock(hdev);
858 DEFINE_SIMPLE_ATTRIBUTE(conn_min_interval_fops, conn_min_interval_get,
859 conn_min_interval_set, "%llu\n");
861 static int conn_max_interval_set(void *data, u64 val)
863 struct hci_dev *hdev = data;
865 if (val < 0x0006 || val > 0x0c80 || val < hdev->le_conn_min_interval)
869 hdev->le_conn_max_interval = val;
870 hci_dev_unlock(hdev);
875 static int conn_max_interval_get(void *data, u64 *val)
877 struct hci_dev *hdev = data;
880 *val = hdev->le_conn_max_interval;
881 hci_dev_unlock(hdev);
886 DEFINE_SIMPLE_ATTRIBUTE(conn_max_interval_fops, conn_max_interval_get,
887 conn_max_interval_set, "%llu\n");
889 static int conn_latency_set(void *data, u64 val)
891 struct hci_dev *hdev = data;
897 hdev->le_conn_latency = val;
898 hci_dev_unlock(hdev);
903 static int conn_latency_get(void *data, u64 *val)
905 struct hci_dev *hdev = data;
908 *val = hdev->le_conn_latency;
909 hci_dev_unlock(hdev);
914 DEFINE_SIMPLE_ATTRIBUTE(conn_latency_fops, conn_latency_get,
915 conn_latency_set, "%llu\n");
917 static int supervision_timeout_set(void *data, u64 val)
919 struct hci_dev *hdev = data;
921 if (val < 0x000a || val > 0x0c80)
925 hdev->le_supv_timeout = val;
926 hci_dev_unlock(hdev);
931 static int supervision_timeout_get(void *data, u64 *val)
933 struct hci_dev *hdev = data;
936 *val = hdev->le_supv_timeout;
937 hci_dev_unlock(hdev);
942 DEFINE_SIMPLE_ATTRIBUTE(supervision_timeout_fops, supervision_timeout_get,
943 supervision_timeout_set, "%llu\n");
945 static int adv_channel_map_set(void *data, u64 val)
947 struct hci_dev *hdev = data;
949 if (val < 0x01 || val > 0x07)
953 hdev->le_adv_channel_map = val;
954 hci_dev_unlock(hdev);
959 static int adv_channel_map_get(void *data, u64 *val)
961 struct hci_dev *hdev = data;
964 *val = hdev->le_adv_channel_map;
965 hci_dev_unlock(hdev);
970 DEFINE_SIMPLE_ATTRIBUTE(adv_channel_map_fops, adv_channel_map_get,
971 adv_channel_map_set, "%llu\n");
973 static int adv_min_interval_set(void *data, u64 val)
975 struct hci_dev *hdev = data;
977 if (val < 0x0020 || val > 0x4000 || val > hdev->le_adv_max_interval)
981 hdev->le_adv_min_interval = val;
982 hci_dev_unlock(hdev);
987 static int adv_min_interval_get(void *data, u64 *val)
989 struct hci_dev *hdev = data;
992 *val = hdev->le_adv_min_interval;
993 hci_dev_unlock(hdev);
998 DEFINE_SIMPLE_ATTRIBUTE(adv_min_interval_fops, adv_min_interval_get,
999 adv_min_interval_set, "%llu\n");
1001 static int adv_max_interval_set(void *data, u64 val)
1003 struct hci_dev *hdev = data;
1005 if (val < 0x0020 || val > 0x4000 || val < hdev->le_adv_min_interval)
1009 hdev->le_adv_max_interval = val;
1010 hci_dev_unlock(hdev);
1015 static int adv_max_interval_get(void *data, u64 *val)
1017 struct hci_dev *hdev = data;
1020 *val = hdev->le_adv_max_interval;
1021 hci_dev_unlock(hdev);
1026 DEFINE_SIMPLE_ATTRIBUTE(adv_max_interval_fops, adv_max_interval_get,
1027 adv_max_interval_set, "%llu\n");
1029 static int device_list_show(struct seq_file *f, void *ptr)
1031 struct hci_dev *hdev = f->private;
1032 struct hci_conn_params *p;
1035 list_for_each_entry(p, &hdev->le_conn_params, list) {
1036 seq_printf(f, "%pMR %u %u\n", &p->addr, p->addr_type,
1039 hci_dev_unlock(hdev);
1044 static int device_list_open(struct inode *inode, struct file *file)
1046 return single_open(file, device_list_show, inode->i_private);
1049 static const struct file_operations device_list_fops = {
1050 .open = device_list_open,
1052 .llseek = seq_lseek,
1053 .release = single_release,
1056 /* ---- HCI requests ---- */
1058 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result)
1060 BT_DBG("%s result 0x%2.2x", hdev->name, result);
1062 if (hdev->req_status == HCI_REQ_PEND) {
1063 hdev->req_result = result;
1064 hdev->req_status = HCI_REQ_DONE;
1065 wake_up_interruptible(&hdev->req_wait_q);
1069 static void hci_req_cancel(struct hci_dev *hdev, int err)
1071 BT_DBG("%s err 0x%2.2x", hdev->name, err);
1073 if (hdev->req_status == HCI_REQ_PEND) {
1074 hdev->req_result = err;
1075 hdev->req_status = HCI_REQ_CANCELED;
1076 wake_up_interruptible(&hdev->req_wait_q);
1080 static struct sk_buff *hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
1083 struct hci_ev_cmd_complete *ev;
1084 struct hci_event_hdr *hdr;
1085 struct sk_buff *skb;
1089 skb = hdev->recv_evt;
1090 hdev->recv_evt = NULL;
1092 hci_dev_unlock(hdev);
1095 return ERR_PTR(-ENODATA);
1097 if (skb->len < sizeof(*hdr)) {
1098 BT_ERR("Too short HCI event");
1102 hdr = (void *) skb->data;
1103 skb_pull(skb, HCI_EVENT_HDR_SIZE);
1106 if (hdr->evt != event)
1111 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
1112 BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr->evt);
1116 if (skb->len < sizeof(*ev)) {
1117 BT_ERR("Too short cmd_complete event");
1121 ev = (void *) skb->data;
1122 skb_pull(skb, sizeof(*ev));
1124 if (opcode == __le16_to_cpu(ev->opcode))
1127 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
1128 __le16_to_cpu(ev->opcode));
1132 return ERR_PTR(-ENODATA);
1135 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
1136 const void *param, u8 event, u32 timeout)
1138 DECLARE_WAITQUEUE(wait, current);
1139 struct hci_request req;
1142 BT_DBG("%s", hdev->name);
1144 hci_req_init(&req, hdev);
1146 hci_req_add_ev(&req, opcode, plen, param, event);
1148 hdev->req_status = HCI_REQ_PEND;
1150 err = hci_req_run(&req, hci_req_sync_complete);
1152 return ERR_PTR(err);
1154 add_wait_queue(&hdev->req_wait_q, &wait);
1155 set_current_state(TASK_INTERRUPTIBLE);
1157 schedule_timeout(timeout);
1159 remove_wait_queue(&hdev->req_wait_q, &wait);
1161 if (signal_pending(current))
1162 return ERR_PTR(-EINTR);
1164 switch (hdev->req_status) {
1166 err = -bt_to_errno(hdev->req_result);
1169 case HCI_REQ_CANCELED:
1170 err = -hdev->req_result;
1178 hdev->req_status = hdev->req_result = 0;
1180 BT_DBG("%s end: err %d", hdev->name, err);
1183 return ERR_PTR(err);
1185 return hci_get_cmd_complete(hdev, opcode, event);
1187 EXPORT_SYMBOL(__hci_cmd_sync_ev);
1189 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
1190 const void *param, u32 timeout)
1192 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
1194 EXPORT_SYMBOL(__hci_cmd_sync);
1196 /* Execute request and wait for completion. */
1197 static int __hci_req_sync(struct hci_dev *hdev,
1198 void (*func)(struct hci_request *req,
1200 unsigned long opt, __u32 timeout)
1202 struct hci_request req;
1203 DECLARE_WAITQUEUE(wait, current);
1206 BT_DBG("%s start", hdev->name);
1208 hci_req_init(&req, hdev);
1210 hdev->req_status = HCI_REQ_PEND;
1214 err = hci_req_run(&req, hci_req_sync_complete);
1216 hdev->req_status = 0;
1218 /* ENODATA means the HCI request command queue is empty.
1219 * This can happen when a request with conditionals doesn't
1220 * trigger any commands to be sent. This is normal behavior
1221 * and should not trigger an error return.
1223 if (err == -ENODATA)
1229 add_wait_queue(&hdev->req_wait_q, &wait);
1230 set_current_state(TASK_INTERRUPTIBLE);
1232 schedule_timeout(timeout);
1234 remove_wait_queue(&hdev->req_wait_q, &wait);
1236 if (signal_pending(current))
1239 switch (hdev->req_status) {
1241 err = -bt_to_errno(hdev->req_result);
1244 case HCI_REQ_CANCELED:
1245 err = -hdev->req_result;
1253 hdev->req_status = hdev->req_result = 0;
1255 BT_DBG("%s end: err %d", hdev->name, err);
1260 static int hci_req_sync(struct hci_dev *hdev,
1261 void (*req)(struct hci_request *req,
1263 unsigned long opt, __u32 timeout)
1267 if (!test_bit(HCI_UP, &hdev->flags))
1270 /* Serialize all requests */
1272 ret = __hci_req_sync(hdev, req, opt, timeout);
1273 hci_req_unlock(hdev);
1278 static void hci_reset_req(struct hci_request *req, unsigned long opt)
1280 BT_DBG("%s %ld", req->hdev->name, opt);
1283 set_bit(HCI_RESET, &req->hdev->flags);
1284 hci_req_add(req, HCI_OP_RESET, 0, NULL);
1287 static void bredr_init(struct hci_request *req)
1289 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
1291 /* Read Local Supported Features */
1292 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
1294 /* Read Local Version */
1295 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1297 /* Read BD Address */
1298 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
1301 static void amp_init(struct hci_request *req)
1303 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
1305 /* Read Local Version */
1306 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1308 /* Read Local Supported Commands */
1309 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
1311 /* Read Local Supported Features */
1312 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
1314 /* Read Local AMP Info */
1315 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
1317 /* Read Data Blk size */
1318 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
1320 /* Read Flow Control Mode */
1321 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
1323 /* Read Location Data */
1324 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
1327 static void hci_init1_req(struct hci_request *req, unsigned long opt)
1329 struct hci_dev *hdev = req->hdev;
1331 BT_DBG("%s %ld", hdev->name, opt);
1334 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
1335 hci_reset_req(req, 0);
1337 switch (hdev->dev_type) {
1347 BT_ERR("Unknown device type %d", hdev->dev_type);
1352 static void bredr_setup(struct hci_request *req)
1354 struct hci_dev *hdev = req->hdev;
1359 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
1360 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
1362 /* Read Class of Device */
1363 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
1365 /* Read Local Name */
1366 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
1368 /* Read Voice Setting */
1369 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
1371 /* Read Number of Supported IAC */
1372 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
1374 /* Read Current IAC LAP */
1375 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
1377 /* Clear Event Filters */
1378 flt_type = HCI_FLT_CLEAR_ALL;
1379 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
1381 /* Connection accept timeout ~20 secs */
1382 param = cpu_to_le16(0x7d00);
1383 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
1385 /* AVM Berlin (31), aka "BlueFRITZ!", reports version 1.2,
1386 * but it does not support page scan related HCI commands.
1388 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1) {
1389 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
1390 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
1394 static void le_setup(struct hci_request *req)
1396 struct hci_dev *hdev = req->hdev;
1398 /* Read LE Buffer Size */
1399 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
1401 /* Read LE Local Supported Features */
1402 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
1404 /* Read LE Supported States */
1405 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
1407 /* Read LE White List Size */
1408 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL);
1410 /* Clear LE White List */
1411 hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
1413 /* LE-only controllers have LE implicitly enabled */
1414 if (!lmp_bredr_capable(hdev))
1415 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1418 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
1420 if (lmp_ext_inq_capable(hdev))
1423 if (lmp_inq_rssi_capable(hdev))
1426 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
1427 hdev->lmp_subver == 0x0757)
1430 if (hdev->manufacturer == 15) {
1431 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
1433 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
1435 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
1439 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
1440 hdev->lmp_subver == 0x1805)
1446 static void hci_setup_inquiry_mode(struct hci_request *req)
1450 mode = hci_get_inquiry_mode(req->hdev);
1452 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
1455 static void hci_setup_event_mask(struct hci_request *req)
1457 struct hci_dev *hdev = req->hdev;
1459 /* The second byte is 0xff instead of 0x9f (two reserved bits
1460 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
1461 * command otherwise.
1463 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
1465 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
1466 * any event mask for pre 1.2 devices.
1468 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1471 if (lmp_bredr_capable(hdev)) {
1472 events[4] |= 0x01; /* Flow Specification Complete */
1473 events[4] |= 0x02; /* Inquiry Result with RSSI */
1474 events[4] |= 0x04; /* Read Remote Extended Features Complete */
1475 events[5] |= 0x08; /* Synchronous Connection Complete */
1476 events[5] |= 0x10; /* Synchronous Connection Changed */
1478 /* Use a different default for LE-only devices */
1479 memset(events, 0, sizeof(events));
1480 events[0] |= 0x10; /* Disconnection Complete */
1481 events[1] |= 0x08; /* Read Remote Version Information Complete */
1482 events[1] |= 0x20; /* Command Complete */
1483 events[1] |= 0x40; /* Command Status */
1484 events[1] |= 0x80; /* Hardware Error */
1485 events[2] |= 0x04; /* Number of Completed Packets */
1486 events[3] |= 0x02; /* Data Buffer Overflow */
1488 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
1489 events[0] |= 0x80; /* Encryption Change */
1490 events[5] |= 0x80; /* Encryption Key Refresh Complete */
1494 if (lmp_inq_rssi_capable(hdev))
1495 events[4] |= 0x02; /* Inquiry Result with RSSI */
1497 if (lmp_sniffsubr_capable(hdev))
1498 events[5] |= 0x20; /* Sniff Subrating */
1500 if (lmp_pause_enc_capable(hdev))
1501 events[5] |= 0x80; /* Encryption Key Refresh Complete */
1503 if (lmp_ext_inq_capable(hdev))
1504 events[5] |= 0x40; /* Extended Inquiry Result */
1506 if (lmp_no_flush_capable(hdev))
1507 events[7] |= 0x01; /* Enhanced Flush Complete */
1509 if (lmp_lsto_capable(hdev))
1510 events[6] |= 0x80; /* Link Supervision Timeout Changed */
1512 if (lmp_ssp_capable(hdev)) {
1513 events[6] |= 0x01; /* IO Capability Request */
1514 events[6] |= 0x02; /* IO Capability Response */
1515 events[6] |= 0x04; /* User Confirmation Request */
1516 events[6] |= 0x08; /* User Passkey Request */
1517 events[6] |= 0x10; /* Remote OOB Data Request */
1518 events[6] |= 0x20; /* Simple Pairing Complete */
1519 events[7] |= 0x04; /* User Passkey Notification */
1520 events[7] |= 0x08; /* Keypress Notification */
1521 events[7] |= 0x10; /* Remote Host Supported
1522 * Features Notification
1526 if (lmp_le_capable(hdev))
1527 events[7] |= 0x20; /* LE Meta-Event */
1529 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
1532 static void hci_init2_req(struct hci_request *req, unsigned long opt)
1534 struct hci_dev *hdev = req->hdev;
1536 if (lmp_bredr_capable(hdev))
1539 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
1541 if (lmp_le_capable(hdev))
1544 /* AVM Berlin (31), aka "BlueFRITZ!", doesn't support the read
1545 * local supported commands HCI command.
1547 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1)
1548 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
1550 if (lmp_ssp_capable(hdev)) {
1551 /* When SSP is available, then the host features page
1552 * should also be available as well. However some
1553 * controllers list the max_page as 0 as long as SSP
1554 * has not been enabled. To achieve proper debugging
1555 * output, force the minimum max_page to 1 at least.
1557 hdev->max_page = 0x01;
1559 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1561 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
1562 sizeof(mode), &mode);
1564 struct hci_cp_write_eir cp;
1566 memset(hdev->eir, 0, sizeof(hdev->eir));
1567 memset(&cp, 0, sizeof(cp));
1569 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1573 if (lmp_inq_rssi_capable(hdev))
1574 hci_setup_inquiry_mode(req);
1576 if (lmp_inq_tx_pwr_capable(hdev))
1577 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
1579 if (lmp_ext_feat_capable(hdev)) {
1580 struct hci_cp_read_local_ext_features cp;
1583 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
1587 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
1589 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
1594 static void hci_setup_link_policy(struct hci_request *req)
1596 struct hci_dev *hdev = req->hdev;
1597 struct hci_cp_write_def_link_policy cp;
1598 u16 link_policy = 0;
1600 if (lmp_rswitch_capable(hdev))
1601 link_policy |= HCI_LP_RSWITCH;
1602 if (lmp_hold_capable(hdev))
1603 link_policy |= HCI_LP_HOLD;
1604 if (lmp_sniff_capable(hdev))
1605 link_policy |= HCI_LP_SNIFF;
1606 if (lmp_park_capable(hdev))
1607 link_policy |= HCI_LP_PARK;
1609 cp.policy = cpu_to_le16(link_policy);
1610 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
1613 static void hci_set_le_support(struct hci_request *req)
1615 struct hci_dev *hdev = req->hdev;
1616 struct hci_cp_write_le_host_supported cp;
1618 /* LE-only devices do not support explicit enablement */
1619 if (!lmp_bredr_capable(hdev))
1622 memset(&cp, 0, sizeof(cp));
1624 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1629 if (cp.le != lmp_host_le_capable(hdev))
1630 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
1634 static void hci_set_event_mask_page_2(struct hci_request *req)
1636 struct hci_dev *hdev = req->hdev;
1637 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
1639 /* If Connectionless Slave Broadcast master role is supported
1640 * enable all necessary events for it.
1642 if (lmp_csb_master_capable(hdev)) {
1643 events[1] |= 0x40; /* Triggered Clock Capture */
1644 events[1] |= 0x80; /* Synchronization Train Complete */
1645 events[2] |= 0x10; /* Slave Page Response Timeout */
1646 events[2] |= 0x20; /* CSB Channel Map Change */
1649 /* If Connectionless Slave Broadcast slave role is supported
1650 * enable all necessary events for it.
1652 if (lmp_csb_slave_capable(hdev)) {
1653 events[2] |= 0x01; /* Synchronization Train Received */
1654 events[2] |= 0x02; /* CSB Receive */
1655 events[2] |= 0x04; /* CSB Timeout */
1656 events[2] |= 0x08; /* Truncated Page Complete */
1659 /* Enable Authenticated Payload Timeout Expired event if supported */
1660 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING)
1663 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2, sizeof(events), events);
1666 static void hci_init3_req(struct hci_request *req, unsigned long opt)
1668 struct hci_dev *hdev = req->hdev;
1671 hci_setup_event_mask(req);
1673 /* Some Broadcom based Bluetooth controllers do not support the
1674 * Delete Stored Link Key command. They are clearly indicating its
1675 * absence in the bit mask of supported commands.
1677 * Check the supported commands and only if the the command is marked
1678 * as supported send it. If not supported assume that the controller
1679 * does not have actual support for stored link keys which makes this
1680 * command redundant anyway.
1682 * Some controllers indicate that they support handling deleting
1683 * stored link keys, but they don't. The quirk lets a driver
1684 * just disable this command.
1686 if (hdev->commands[6] & 0x80 &&
1687 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
1688 struct hci_cp_delete_stored_link_key cp;
1690 bacpy(&cp.bdaddr, BDADDR_ANY);
1691 cp.delete_all = 0x01;
1692 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
1696 if (hdev->commands[5] & 0x10)
1697 hci_setup_link_policy(req);
1699 if (lmp_le_capable(hdev)) {
1702 memset(events, 0, sizeof(events));
1705 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
1706 events[0] |= 0x10; /* LE Long Term Key Request */
1708 /* If controller supports the Connection Parameters Request
1709 * Link Layer Procedure, enable the corresponding event.
1711 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
1712 events[0] |= 0x20; /* LE Remote Connection
1716 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
1719 if (hdev->commands[25] & 0x40) {
1720 /* Read LE Advertising Channel TX Power */
1721 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
1724 hci_set_le_support(req);
1727 /* Read features beyond page 1 if available */
1728 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
1729 struct hci_cp_read_local_ext_features cp;
1732 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
1737 static void hci_init4_req(struct hci_request *req, unsigned long opt)
1739 struct hci_dev *hdev = req->hdev;
1741 /* Set event mask page 2 if the HCI command for it is supported */
1742 if (hdev->commands[22] & 0x04)
1743 hci_set_event_mask_page_2(req);
1745 /* Read local codec list if the HCI command is supported */
1746 if (hdev->commands[29] & 0x20)
1747 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
1749 /* Get MWS transport configuration if the HCI command is supported */
1750 if (hdev->commands[30] & 0x08)
1751 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
1753 /* Check for Synchronization Train support */
1754 if (lmp_sync_train_capable(hdev))
1755 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
1757 /* Enable Secure Connections if supported and configured */
1758 if ((lmp_sc_capable(hdev) ||
1759 test_bit(HCI_FORCE_SC, &hdev->dbg_flags)) &&
1760 test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
1762 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
1763 sizeof(support), &support);
1767 static int __hci_init(struct hci_dev *hdev)
1771 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT);
1775 /* The Device Under Test (DUT) mode is special and available for
1776 * all controller types. So just create it early on.
1778 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
1779 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
1783 /* HCI_BREDR covers both single-mode LE, BR/EDR and dual-mode
1784 * BR/EDR/LE type controllers. AMP controllers only need the
1787 if (hdev->dev_type != HCI_BREDR)
1790 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT);
1794 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT);
1798 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT);
1802 /* Only create debugfs entries during the initial setup
1803 * phase and not every time the controller gets powered on.
1805 if (!test_bit(HCI_SETUP, &hdev->dev_flags))
1808 debugfs_create_file("features", 0444, hdev->debugfs, hdev,
1810 debugfs_create_u16("manufacturer", 0444, hdev->debugfs,
1811 &hdev->manufacturer);
1812 debugfs_create_u8("hci_version", 0444, hdev->debugfs, &hdev->hci_ver);
1813 debugfs_create_u16("hci_revision", 0444, hdev->debugfs, &hdev->hci_rev);
1814 debugfs_create_file("blacklist", 0444, hdev->debugfs, hdev,
1816 debugfs_create_file("whitelist", 0444, hdev->debugfs, hdev,
1818 debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops);
1820 debugfs_create_file("conn_info_min_age", 0644, hdev->debugfs, hdev,
1821 &conn_info_min_age_fops);
1822 debugfs_create_file("conn_info_max_age", 0644, hdev->debugfs, hdev,
1823 &conn_info_max_age_fops);
1825 if (lmp_bredr_capable(hdev)) {
1826 debugfs_create_file("inquiry_cache", 0444, hdev->debugfs,
1827 hdev, &inquiry_cache_fops);
1828 debugfs_create_file("link_keys", 0400, hdev->debugfs,
1829 hdev, &link_keys_fops);
1830 debugfs_create_file("dev_class", 0444, hdev->debugfs,
1831 hdev, &dev_class_fops);
1832 debugfs_create_file("voice_setting", 0444, hdev->debugfs,
1833 hdev, &voice_setting_fops);
1836 if (lmp_ssp_capable(hdev)) {
1837 debugfs_create_file("auto_accept_delay", 0644, hdev->debugfs,
1838 hdev, &auto_accept_delay_fops);
1839 debugfs_create_file("force_sc_support", 0644, hdev->debugfs,
1840 hdev, &force_sc_support_fops);
1841 debugfs_create_file("sc_only_mode", 0444, hdev->debugfs,
1842 hdev, &sc_only_mode_fops);
1845 if (lmp_sniff_capable(hdev)) {
1846 debugfs_create_file("idle_timeout", 0644, hdev->debugfs,
1847 hdev, &idle_timeout_fops);
1848 debugfs_create_file("sniff_min_interval", 0644, hdev->debugfs,
1849 hdev, &sniff_min_interval_fops);
1850 debugfs_create_file("sniff_max_interval", 0644, hdev->debugfs,
1851 hdev, &sniff_max_interval_fops);
1854 if (lmp_le_capable(hdev)) {
1855 debugfs_create_file("identity", 0400, hdev->debugfs,
1856 hdev, &identity_fops);
1857 debugfs_create_file("rpa_timeout", 0644, hdev->debugfs,
1858 hdev, &rpa_timeout_fops);
1859 debugfs_create_file("random_address", 0444, hdev->debugfs,
1860 hdev, &random_address_fops);
1861 debugfs_create_file("static_address", 0444, hdev->debugfs,
1862 hdev, &static_address_fops);
1864 /* For controllers with a public address, provide a debug
1865 * option to force the usage of the configured static
1866 * address. By default the public address is used.
1868 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1869 debugfs_create_file("force_static_address", 0644,
1870 hdev->debugfs, hdev,
1871 &force_static_address_fops);
1873 debugfs_create_u8("white_list_size", 0444, hdev->debugfs,
1874 &hdev->le_white_list_size);
1875 debugfs_create_file("white_list", 0444, hdev->debugfs, hdev,
1877 debugfs_create_file("identity_resolving_keys", 0400,
1878 hdev->debugfs, hdev,
1879 &identity_resolving_keys_fops);
1880 debugfs_create_file("long_term_keys", 0400, hdev->debugfs,
1881 hdev, &long_term_keys_fops);
1882 debugfs_create_file("conn_min_interval", 0644, hdev->debugfs,
1883 hdev, &conn_min_interval_fops);
1884 debugfs_create_file("conn_max_interval", 0644, hdev->debugfs,
1885 hdev, &conn_max_interval_fops);
1886 debugfs_create_file("conn_latency", 0644, hdev->debugfs,
1887 hdev, &conn_latency_fops);
1888 debugfs_create_file("supervision_timeout", 0644, hdev->debugfs,
1889 hdev, &supervision_timeout_fops);
1890 debugfs_create_file("adv_channel_map", 0644, hdev->debugfs,
1891 hdev, &adv_channel_map_fops);
1892 debugfs_create_file("adv_min_interval", 0644, hdev->debugfs,
1893 hdev, &adv_min_interval_fops);
1894 debugfs_create_file("adv_max_interval", 0644, hdev->debugfs,
1895 hdev, &adv_max_interval_fops);
1896 debugfs_create_file("device_list", 0444, hdev->debugfs, hdev,
1898 debugfs_create_u16("discov_interleaved_timeout", 0644,
1900 &hdev->discov_interleaved_timeout);
1908 static void hci_init0_req(struct hci_request *req, unsigned long opt)
1910 struct hci_dev *hdev = req->hdev;
1912 BT_DBG("%s %ld", hdev->name, opt);
1915 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
1916 hci_reset_req(req, 0);
1918 /* Read Local Version */
1919 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1921 /* Read BD Address */
1922 if (hdev->set_bdaddr)
1923 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
1926 static int __hci_unconf_init(struct hci_dev *hdev)
1930 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
1933 err = __hci_req_sync(hdev, hci_init0_req, 0, HCI_INIT_TIMEOUT);
1940 static void hci_scan_req(struct hci_request *req, unsigned long opt)
1944 BT_DBG("%s %x", req->hdev->name, scan);
1946 /* Inquiry and Page scans */
1947 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1950 static void hci_auth_req(struct hci_request *req, unsigned long opt)
1954 BT_DBG("%s %x", req->hdev->name, auth);
1956 /* Authentication */
1957 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
1960 static void hci_encrypt_req(struct hci_request *req, unsigned long opt)
1964 BT_DBG("%s %x", req->hdev->name, encrypt);
1967 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
1970 static void hci_linkpol_req(struct hci_request *req, unsigned long opt)
1972 __le16 policy = cpu_to_le16(opt);
1974 BT_DBG("%s %x", req->hdev->name, policy);
1976 /* Default link policy */
1977 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
1980 /* Get HCI device by index.
1981 * Device is held on return. */
1982 struct hci_dev *hci_dev_get(int index)
1984 struct hci_dev *hdev = NULL, *d;
1986 BT_DBG("%d", index);
1991 read_lock(&hci_dev_list_lock);
1992 list_for_each_entry(d, &hci_dev_list, list) {
1993 if (d->id == index) {
1994 hdev = hci_dev_hold(d);
1998 read_unlock(&hci_dev_list_lock);
2002 /* ---- Inquiry support ---- */
2004 bool hci_discovery_active(struct hci_dev *hdev)
2006 struct discovery_state *discov = &hdev->discovery;
2008 switch (discov->state) {
2009 case DISCOVERY_FINDING:
2010 case DISCOVERY_RESOLVING:
2018 void hci_discovery_set_state(struct hci_dev *hdev, int state)
2020 int old_state = hdev->discovery.state;
2022 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
2024 if (old_state == state)
2027 hdev->discovery.state = state;
2030 case DISCOVERY_STOPPED:
2031 hci_update_background_scan(hdev);
2033 if (old_state != DISCOVERY_STARTING)
2034 mgmt_discovering(hdev, 0);
2036 case DISCOVERY_STARTING:
2038 case DISCOVERY_FINDING:
2039 mgmt_discovering(hdev, 1);
2041 case DISCOVERY_RESOLVING:
2043 case DISCOVERY_STOPPING:
2048 void hci_inquiry_cache_flush(struct hci_dev *hdev)
2050 struct discovery_state *cache = &hdev->discovery;
2051 struct inquiry_entry *p, *n;
2053 list_for_each_entry_safe(p, n, &cache->all, all) {
2058 INIT_LIST_HEAD(&cache->unknown);
2059 INIT_LIST_HEAD(&cache->resolve);
2062 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
2065 struct discovery_state *cache = &hdev->discovery;
2066 struct inquiry_entry *e;
2068 BT_DBG("cache %p, %pMR", cache, bdaddr);
2070 list_for_each_entry(e, &cache->all, all) {
2071 if (!bacmp(&e->data.bdaddr, bdaddr))
2078 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
2081 struct discovery_state *cache = &hdev->discovery;
2082 struct inquiry_entry *e;
2084 BT_DBG("cache %p, %pMR", cache, bdaddr);
2086 list_for_each_entry(e, &cache->unknown, list) {
2087 if (!bacmp(&e->data.bdaddr, bdaddr))
2094 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
2098 struct discovery_state *cache = &hdev->discovery;
2099 struct inquiry_entry *e;
2101 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
2103 list_for_each_entry(e, &cache->resolve, list) {
2104 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
2106 if (!bacmp(&e->data.bdaddr, bdaddr))
2113 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
2114 struct inquiry_entry *ie)
2116 struct discovery_state *cache = &hdev->discovery;
2117 struct list_head *pos = &cache->resolve;
2118 struct inquiry_entry *p;
2120 list_del(&ie->list);
2122 list_for_each_entry(p, &cache->resolve, list) {
2123 if (p->name_state != NAME_PENDING &&
2124 abs(p->data.rssi) >= abs(ie->data.rssi))
2129 list_add(&ie->list, pos);
2132 u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
2135 struct discovery_state *cache = &hdev->discovery;
2136 struct inquiry_entry *ie;
2139 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
2141 hci_remove_remote_oob_data(hdev, &data->bdaddr);
2143 if (!data->ssp_mode)
2144 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
2146 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
2148 if (!ie->data.ssp_mode)
2149 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
2151 if (ie->name_state == NAME_NEEDED &&
2152 data->rssi != ie->data.rssi) {
2153 ie->data.rssi = data->rssi;
2154 hci_inquiry_cache_update_resolve(hdev, ie);
2160 /* Entry not in the cache. Add new one. */
2161 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
2163 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
2167 list_add(&ie->all, &cache->all);
2170 ie->name_state = NAME_KNOWN;
2172 ie->name_state = NAME_NOT_KNOWN;
2173 list_add(&ie->list, &cache->unknown);
2177 if (name_known && ie->name_state != NAME_KNOWN &&
2178 ie->name_state != NAME_PENDING) {
2179 ie->name_state = NAME_KNOWN;
2180 list_del(&ie->list);
2183 memcpy(&ie->data, data, sizeof(*data));
2184 ie->timestamp = jiffies;
2185 cache->timestamp = jiffies;
2187 if (ie->name_state == NAME_NOT_KNOWN)
2188 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
2194 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
2196 struct discovery_state *cache = &hdev->discovery;
2197 struct inquiry_info *info = (struct inquiry_info *) buf;
2198 struct inquiry_entry *e;
2201 list_for_each_entry(e, &cache->all, all) {
2202 struct inquiry_data *data = &e->data;
2207 bacpy(&info->bdaddr, &data->bdaddr);
2208 info->pscan_rep_mode = data->pscan_rep_mode;
2209 info->pscan_period_mode = data->pscan_period_mode;
2210 info->pscan_mode = data->pscan_mode;
2211 memcpy(info->dev_class, data->dev_class, 3);
2212 info->clock_offset = data->clock_offset;
2218 BT_DBG("cache %p, copied %d", cache, copied);
2222 static void hci_inq_req(struct hci_request *req, unsigned long opt)
2224 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
2225 struct hci_dev *hdev = req->hdev;
2226 struct hci_cp_inquiry cp;
2228 BT_DBG("%s", hdev->name);
2230 if (test_bit(HCI_INQUIRY, &hdev->flags))
2234 memcpy(&cp.lap, &ir->lap, 3);
2235 cp.length = ir->length;
2236 cp.num_rsp = ir->num_rsp;
2237 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
2240 int hci_inquiry(void __user *arg)
2242 __u8 __user *ptr = arg;
2243 struct hci_inquiry_req ir;
2244 struct hci_dev *hdev;
2245 int err = 0, do_inquiry = 0, max_rsp;
2249 if (copy_from_user(&ir, ptr, sizeof(ir)))
2252 hdev = hci_dev_get(ir.dev_id);
2256 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2261 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2266 if (hdev->dev_type != HCI_BREDR) {
2271 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2277 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
2278 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
2279 hci_inquiry_cache_flush(hdev);
2282 hci_dev_unlock(hdev);
2284 timeo = ir.length * msecs_to_jiffies(2000);
2287 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
2292 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
2293 * cleared). If it is interrupted by a signal, return -EINTR.
2295 if (wait_on_bit(&hdev->flags, HCI_INQUIRY,
2296 TASK_INTERRUPTIBLE))
2300 /* for unlimited number of responses we will use buffer with
2303 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
2305 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
2306 * copy it to the user space.
2308 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
2315 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
2316 hci_dev_unlock(hdev);
2318 BT_DBG("num_rsp %d", ir.num_rsp);
2320 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
2322 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
2335 static int hci_dev_do_open(struct hci_dev *hdev)
2339 BT_DBG("%s %p", hdev->name, hdev);
2343 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
2348 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
2349 !test_bit(HCI_CONFIG, &hdev->dev_flags)) {
2350 /* Check for rfkill but allow the HCI setup stage to
2351 * proceed (which in itself doesn't cause any RF activity).
2353 if (test_bit(HCI_RFKILLED, &hdev->dev_flags)) {
2358 /* Check for valid public address or a configured static
2359 * random adddress, but let the HCI setup proceed to
2360 * be able to determine if there is a public address
2363 * In case of user channel usage, it is not important
2364 * if a public address or static random address is
2367 * This check is only valid for BR/EDR controllers
2368 * since AMP controllers do not have an address.
2370 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2371 hdev->dev_type == HCI_BREDR &&
2372 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2373 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
2374 ret = -EADDRNOTAVAIL;
2379 if (test_bit(HCI_UP, &hdev->flags)) {
2384 if (hdev->open(hdev)) {
2389 atomic_set(&hdev->cmd_cnt, 1);
2390 set_bit(HCI_INIT, &hdev->flags);
2392 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
2394 ret = hdev->setup(hdev);
2396 /* The transport driver can set these quirks before
2397 * creating the HCI device or in its setup callback.
2399 * In case any of them is set, the controller has to
2400 * start up as unconfigured.
2402 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
2403 test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks))
2404 set_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
2406 /* For an unconfigured controller it is required to
2407 * read at least the version information provided by
2408 * the Read Local Version Information command.
2410 * If the set_bdaddr driver callback is provided, then
2411 * also the original Bluetooth public device address
2412 * will be read using the Read BD Address command.
2414 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
2415 ret = __hci_unconf_init(hdev);
2418 if (test_bit(HCI_CONFIG, &hdev->dev_flags)) {
2419 /* If public address change is configured, ensure that
2420 * the address gets programmed. If the driver does not
2421 * support changing the public address, fail the power
2424 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
2426 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
2428 ret = -EADDRNOTAVAIL;
2432 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2433 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
2434 ret = __hci_init(hdev);
2437 clear_bit(HCI_INIT, &hdev->flags);
2441 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
2442 set_bit(HCI_UP, &hdev->flags);
2443 hci_notify(hdev, HCI_DEV_UP);
2444 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
2445 !test_bit(HCI_CONFIG, &hdev->dev_flags) &&
2446 !test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2447 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2448 hdev->dev_type == HCI_BREDR) {
2450 mgmt_powered(hdev, 1);
2451 hci_dev_unlock(hdev);
2454 /* Init failed, cleanup */
2455 flush_work(&hdev->tx_work);
2456 flush_work(&hdev->cmd_work);
2457 flush_work(&hdev->rx_work);
2459 skb_queue_purge(&hdev->cmd_q);
2460 skb_queue_purge(&hdev->rx_q);
2465 if (hdev->sent_cmd) {
2466 kfree_skb(hdev->sent_cmd);
2467 hdev->sent_cmd = NULL;
2471 hdev->flags &= BIT(HCI_RAW);
2475 hci_req_unlock(hdev);
2479 /* ---- HCI ioctl helpers ---- */
2481 int hci_dev_open(__u16 dev)
2483 struct hci_dev *hdev;
2486 hdev = hci_dev_get(dev);
2490 /* Devices that are marked as unconfigured can only be powered
2491 * up as user channel. Trying to bring them up as normal devices
2492 * will result into a failure. Only user channel operation is
2495 * When this function is called for a user channel, the flag
2496 * HCI_USER_CHANNEL will be set first before attempting to
2499 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2500 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2505 /* We need to ensure that no other power on/off work is pending
2506 * before proceeding to call hci_dev_do_open. This is
2507 * particularly important if the setup procedure has not yet
2510 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2511 cancel_delayed_work(&hdev->power_off);
2513 /* After this call it is guaranteed that the setup procedure
2514 * has finished. This means that error conditions like RFKILL
2515 * or no valid public or static random address apply.
2517 flush_workqueue(hdev->req_workqueue);
2519 /* For controllers not using the management interface and that
2520 * are brought up using legacy ioctl, set the HCI_BONDABLE bit
2521 * so that pairing works for them. Once the management interface
2522 * is in use this bit will be cleared again and userspace has
2523 * to explicitly enable it.
2525 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2526 !test_bit(HCI_MGMT, &hdev->dev_flags))
2527 set_bit(HCI_BONDABLE, &hdev->dev_flags);
2529 err = hci_dev_do_open(hdev);
2536 /* This function requires the caller holds hdev->lock */
2537 static void hci_pend_le_actions_clear(struct hci_dev *hdev)
2539 struct hci_conn_params *p;
2541 list_for_each_entry(p, &hdev->le_conn_params, list) {
2543 hci_conn_drop(p->conn);
2546 list_del_init(&p->action);
2549 BT_DBG("All LE pending actions cleared");
2552 static int hci_dev_do_close(struct hci_dev *hdev)
2554 BT_DBG("%s %p", hdev->name, hdev);
2556 cancel_delayed_work(&hdev->power_off);
2558 hci_req_cancel(hdev, ENODEV);
2561 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
2562 cancel_delayed_work_sync(&hdev->cmd_timer);
2563 hci_req_unlock(hdev);
2567 /* Flush RX and TX works */
2568 flush_work(&hdev->tx_work);
2569 flush_work(&hdev->rx_work);
2571 if (hdev->discov_timeout > 0) {
2572 cancel_delayed_work(&hdev->discov_off);
2573 hdev->discov_timeout = 0;
2574 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
2575 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
2578 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
2579 cancel_delayed_work(&hdev->service_cache);
2581 cancel_delayed_work_sync(&hdev->le_scan_disable);
2583 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2584 cancel_delayed_work_sync(&hdev->rpa_expired);
2587 hci_inquiry_cache_flush(hdev);
2588 hci_pend_le_actions_clear(hdev);
2589 hci_conn_hash_flush(hdev);
2590 hci_dev_unlock(hdev);
2592 hci_notify(hdev, HCI_DEV_DOWN);
2598 skb_queue_purge(&hdev->cmd_q);
2599 atomic_set(&hdev->cmd_cnt, 1);
2600 if (!test_bit(HCI_AUTO_OFF, &hdev->dev_flags) &&
2601 !test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2602 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
2603 set_bit(HCI_INIT, &hdev->flags);
2604 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
2605 clear_bit(HCI_INIT, &hdev->flags);
2608 /* flush cmd work */
2609 flush_work(&hdev->cmd_work);
2612 skb_queue_purge(&hdev->rx_q);
2613 skb_queue_purge(&hdev->cmd_q);
2614 skb_queue_purge(&hdev->raw_q);
2616 /* Drop last sent command */
2617 if (hdev->sent_cmd) {
2618 cancel_delayed_work_sync(&hdev->cmd_timer);
2619 kfree_skb(hdev->sent_cmd);
2620 hdev->sent_cmd = NULL;
2623 kfree_skb(hdev->recv_evt);
2624 hdev->recv_evt = NULL;
2626 /* After this point our queues are empty
2627 * and no tasks are scheduled. */
2631 hdev->flags &= BIT(HCI_RAW);
2632 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
2634 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
2635 if (hdev->dev_type == HCI_BREDR) {
2637 mgmt_powered(hdev, 0);
2638 hci_dev_unlock(hdev);
2642 /* Controller radio is available but is currently powered down */
2643 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
2645 memset(hdev->eir, 0, sizeof(hdev->eir));
2646 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
2647 bacpy(&hdev->random_addr, BDADDR_ANY);
2649 hci_req_unlock(hdev);
2655 int hci_dev_close(__u16 dev)
2657 struct hci_dev *hdev;
2660 hdev = hci_dev_get(dev);
2664 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2669 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2670 cancel_delayed_work(&hdev->power_off);
2672 err = hci_dev_do_close(hdev);
2679 int hci_dev_reset(__u16 dev)
2681 struct hci_dev *hdev;
2684 hdev = hci_dev_get(dev);
2690 if (!test_bit(HCI_UP, &hdev->flags)) {
2695 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2700 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2706 skb_queue_purge(&hdev->rx_q);
2707 skb_queue_purge(&hdev->cmd_q);
2710 hci_inquiry_cache_flush(hdev);
2711 hci_conn_hash_flush(hdev);
2712 hci_dev_unlock(hdev);
2717 atomic_set(&hdev->cmd_cnt, 1);
2718 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
2720 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
2723 hci_req_unlock(hdev);
2728 int hci_dev_reset_stat(__u16 dev)
2730 struct hci_dev *hdev;
2733 hdev = hci_dev_get(dev);
2737 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2742 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2747 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
2754 static void hci_update_scan_state(struct hci_dev *hdev, u8 scan)
2756 bool conn_changed, discov_changed;
2758 BT_DBG("%s scan 0x%02x", hdev->name, scan);
2760 if ((scan & SCAN_PAGE))
2761 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
2764 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
2767 if ((scan & SCAN_INQUIRY)) {
2768 discov_changed = !test_and_set_bit(HCI_DISCOVERABLE,
2771 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
2772 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
2776 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2779 if (conn_changed || discov_changed) {
2780 /* In case this was disabled through mgmt */
2781 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
2783 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
2784 mgmt_update_adv_data(hdev);
2786 mgmt_new_settings(hdev);
2790 int hci_dev_cmd(unsigned int cmd, void __user *arg)
2792 struct hci_dev *hdev;
2793 struct hci_dev_req dr;
2796 if (copy_from_user(&dr, arg, sizeof(dr)))
2799 hdev = hci_dev_get(dr.dev_id);
2803 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2808 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2813 if (hdev->dev_type != HCI_BREDR) {
2818 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2825 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2830 if (!lmp_encrypt_capable(hdev)) {
2835 if (!test_bit(HCI_AUTH, &hdev->flags)) {
2836 /* Auth must be enabled first */
2837 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2843 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
2848 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
2851 /* Ensure that the connectable and discoverable states
2852 * get correctly modified as this was a non-mgmt change.
2855 hci_update_scan_state(hdev, dr.dev_opt);
2859 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
2863 case HCISETLINKMODE:
2864 hdev->link_mode = ((__u16) dr.dev_opt) &
2865 (HCI_LM_MASTER | HCI_LM_ACCEPT);
2869 hdev->pkt_type = (__u16) dr.dev_opt;
2873 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
2874 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
2878 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
2879 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
2892 int hci_get_dev_list(void __user *arg)
2894 struct hci_dev *hdev;
2895 struct hci_dev_list_req *dl;
2896 struct hci_dev_req *dr;
2897 int n = 0, size, err;
2900 if (get_user(dev_num, (__u16 __user *) arg))
2903 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
2906 size = sizeof(*dl) + dev_num * sizeof(*dr);
2908 dl = kzalloc(size, GFP_KERNEL);
2914 read_lock(&hci_dev_list_lock);
2915 list_for_each_entry(hdev, &hci_dev_list, list) {
2916 unsigned long flags = hdev->flags;
2918 /* When the auto-off is configured it means the transport
2919 * is running, but in that case still indicate that the
2920 * device is actually down.
2922 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2923 flags &= ~BIT(HCI_UP);
2925 (dr + n)->dev_id = hdev->id;
2926 (dr + n)->dev_opt = flags;
2931 read_unlock(&hci_dev_list_lock);
2934 size = sizeof(*dl) + n * sizeof(*dr);
2936 err = copy_to_user(arg, dl, size);
2939 return err ? -EFAULT : 0;
2942 int hci_get_dev_info(void __user *arg)
2944 struct hci_dev *hdev;
2945 struct hci_dev_info di;
2946 unsigned long flags;
2949 if (copy_from_user(&di, arg, sizeof(di)))
2952 hdev = hci_dev_get(di.dev_id);
2956 /* When the auto-off is configured it means the transport
2957 * is running, but in that case still indicate that the
2958 * device is actually down.
2960 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2961 flags = hdev->flags & ~BIT(HCI_UP);
2963 flags = hdev->flags;
2965 strcpy(di.name, hdev->name);
2966 di.bdaddr = hdev->bdaddr;
2967 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
2969 di.pkt_type = hdev->pkt_type;
2970 if (lmp_bredr_capable(hdev)) {
2971 di.acl_mtu = hdev->acl_mtu;
2972 di.acl_pkts = hdev->acl_pkts;
2973 di.sco_mtu = hdev->sco_mtu;
2974 di.sco_pkts = hdev->sco_pkts;
2976 di.acl_mtu = hdev->le_mtu;
2977 di.acl_pkts = hdev->le_pkts;
2981 di.link_policy = hdev->link_policy;
2982 di.link_mode = hdev->link_mode;
2984 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
2985 memcpy(&di.features, &hdev->features, sizeof(di.features));
2987 if (copy_to_user(arg, &di, sizeof(di)))
2995 /* ---- Interface to HCI drivers ---- */
2997 static int hci_rfkill_set_block(void *data, bool blocked)
2999 struct hci_dev *hdev = data;
3001 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
3003 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
3007 set_bit(HCI_RFKILLED, &hdev->dev_flags);
3008 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
3009 !test_bit(HCI_CONFIG, &hdev->dev_flags))
3010 hci_dev_do_close(hdev);
3012 clear_bit(HCI_RFKILLED, &hdev->dev_flags);
3018 static const struct rfkill_ops hci_rfkill_ops = {
3019 .set_block = hci_rfkill_set_block,
3022 static void hci_power_on(struct work_struct *work)
3024 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
3027 BT_DBG("%s", hdev->name);
3029 err = hci_dev_do_open(hdev);
3031 mgmt_set_powered_failed(hdev, err);
3035 /* During the HCI setup phase, a few error conditions are
3036 * ignored and they need to be checked now. If they are still
3037 * valid, it is important to turn the device back off.
3039 if (test_bit(HCI_RFKILLED, &hdev->dev_flags) ||
3040 test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) ||
3041 (hdev->dev_type == HCI_BREDR &&
3042 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
3043 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
3044 clear_bit(HCI_AUTO_OFF, &hdev->dev_flags);
3045 hci_dev_do_close(hdev);
3046 } else if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
3047 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
3048 HCI_AUTO_OFF_TIMEOUT);
3051 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags)) {
3052 /* For unconfigured devices, set the HCI_RAW flag
3053 * so that userspace can easily identify them.
3055 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
3056 set_bit(HCI_RAW, &hdev->flags);
3058 /* For fully configured devices, this will send
3059 * the Index Added event. For unconfigured devices,
3060 * it will send Unconfigued Index Added event.
3062 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
3063 * and no event will be send.
3065 mgmt_index_added(hdev);
3066 } else if (test_and_clear_bit(HCI_CONFIG, &hdev->dev_flags)) {
3067 /* When the controller is now configured, then it
3068 * is important to clear the HCI_RAW flag.
3070 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
3071 clear_bit(HCI_RAW, &hdev->flags);
3073 /* Powering on the controller with HCI_CONFIG set only
3074 * happens with the transition from unconfigured to
3075 * configured. This will send the Index Added event.
3077 mgmt_index_added(hdev);
3081 static void hci_power_off(struct work_struct *work)
3083 struct hci_dev *hdev = container_of(work, struct hci_dev,
3086 BT_DBG("%s", hdev->name);
3088 hci_dev_do_close(hdev);
3091 static void hci_discov_off(struct work_struct *work)
3093 struct hci_dev *hdev;
3095 hdev = container_of(work, struct hci_dev, discov_off.work);
3097 BT_DBG("%s", hdev->name);
3099 mgmt_discoverable_timeout(hdev);
3102 void hci_uuids_clear(struct hci_dev *hdev)
3104 struct bt_uuid *uuid, *tmp;
3106 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
3107 list_del(&uuid->list);
3112 void hci_link_keys_clear(struct hci_dev *hdev)
3114 struct list_head *p, *n;
3116 list_for_each_safe(p, n, &hdev->link_keys) {
3117 struct link_key *key;
3119 key = list_entry(p, struct link_key, list);
3126 void hci_smp_ltks_clear(struct hci_dev *hdev)
3128 struct smp_ltk *k, *tmp;
3130 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
3136 void hci_smp_irks_clear(struct hci_dev *hdev)
3138 struct smp_irk *k, *tmp;
3140 list_for_each_entry_safe(k, tmp, &hdev->identity_resolving_keys, list) {
3146 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
3150 list_for_each_entry(k, &hdev->link_keys, list)
3151 if (bacmp(bdaddr, &k->bdaddr) == 0)
3157 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
3158 u8 key_type, u8 old_key_type)
3161 if (key_type < 0x03)
3164 /* Debug keys are insecure so don't store them persistently */
3165 if (key_type == HCI_LK_DEBUG_COMBINATION)
3168 /* Changed combination key and there's no previous one */
3169 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
3172 /* Security mode 3 case */
3176 /* Neither local nor remote side had no-bonding as requirement */
3177 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
3180 /* Local side had dedicated bonding as requirement */
3181 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
3184 /* Remote side had dedicated bonding as requirement */
3185 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
3188 /* If none of the above criteria match, then don't store the key
3193 static u8 ltk_role(u8 type)
3195 if (type == SMP_LTK)
3196 return HCI_ROLE_MASTER;
3198 return HCI_ROLE_SLAVE;
3201 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, __le64 rand,
3206 list_for_each_entry(k, &hdev->long_term_keys, list) {
3207 if (k->ediv != ediv || k->rand != rand)
3210 if (ltk_role(k->type) != role)
3219 struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
3220 u8 addr_type, u8 role)
3224 list_for_each_entry(k, &hdev->long_term_keys, list)
3225 if (addr_type == k->bdaddr_type &&
3226 bacmp(bdaddr, &k->bdaddr) == 0 &&
3227 ltk_role(k->type) == role)
3233 struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa)
3235 struct smp_irk *irk;
3237 list_for_each_entry(irk, &hdev->identity_resolving_keys, list) {
3238 if (!bacmp(&irk->rpa, rpa))
3242 list_for_each_entry(irk, &hdev->identity_resolving_keys, list) {
3243 if (smp_irk_matches(hdev, irk->val, rpa)) {
3244 bacpy(&irk->rpa, rpa);
3252 struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
3255 struct smp_irk *irk;
3257 /* Identity Address must be public or static random */
3258 if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0)
3261 list_for_each_entry(irk, &hdev->identity_resolving_keys, list) {
3262 if (addr_type == irk->addr_type &&
3263 bacmp(bdaddr, &irk->bdaddr) == 0)
3270 struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
3271 bdaddr_t *bdaddr, u8 *val, u8 type,
3272 u8 pin_len, bool *persistent)
3274 struct link_key *key, *old_key;
3277 old_key = hci_find_link_key(hdev, bdaddr);
3279 old_key_type = old_key->type;
3282 old_key_type = conn ? conn->key_type : 0xff;
3283 key = kzalloc(sizeof(*key), GFP_KERNEL);
3286 list_add(&key->list, &hdev->link_keys);
3289 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
3291 /* Some buggy controller combinations generate a changed
3292 * combination key for legacy pairing even when there's no
3294 if (type == HCI_LK_CHANGED_COMBINATION &&
3295 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
3296 type = HCI_LK_COMBINATION;
3298 conn->key_type = type;
3301 bacpy(&key->bdaddr, bdaddr);
3302 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
3303 key->pin_len = pin_len;
3305 if (type == HCI_LK_CHANGED_COMBINATION)
3306 key->type = old_key_type;
3311 *persistent = hci_persistent_key(hdev, conn, type,
3317 struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
3318 u8 addr_type, u8 type, u8 authenticated,
3319 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
3321 struct smp_ltk *key, *old_key;
3322 u8 role = ltk_role(type);
3324 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type, role);
3328 key = kzalloc(sizeof(*key), GFP_KERNEL);
3331 list_add(&key->list, &hdev->long_term_keys);
3334 bacpy(&key->bdaddr, bdaddr);
3335 key->bdaddr_type = addr_type;
3336 memcpy(key->val, tk, sizeof(key->val));
3337 key->authenticated = authenticated;
3340 key->enc_size = enc_size;
3346 struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr,
3347 u8 addr_type, u8 val[16], bdaddr_t *rpa)
3349 struct smp_irk *irk;
3351 irk = hci_find_irk_by_addr(hdev, bdaddr, addr_type);
3353 irk = kzalloc(sizeof(*irk), GFP_KERNEL);
3357 bacpy(&irk->bdaddr, bdaddr);
3358 irk->addr_type = addr_type;
3360 list_add(&irk->list, &hdev->identity_resolving_keys);
3363 memcpy(irk->val, val, 16);
3364 bacpy(&irk->rpa, rpa);
3369 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
3371 struct link_key *key;
3373 key = hci_find_link_key(hdev, bdaddr);
3377 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3379 list_del(&key->list);
3385 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
3387 struct smp_ltk *k, *tmp;
3390 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
3391 if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type)
3394 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3401 return removed ? 0 : -ENOENT;
3404 void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
3406 struct smp_irk *k, *tmp;
3408 list_for_each_entry_safe(k, tmp, &hdev->identity_resolving_keys, list) {
3409 if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type)
3412 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3419 /* HCI command timer function */
3420 static void hci_cmd_timeout(struct work_struct *work)
3422 struct hci_dev *hdev = container_of(work, struct hci_dev,
3425 if (hdev->sent_cmd) {
3426 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
3427 u16 opcode = __le16_to_cpu(sent->opcode);
3429 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
3431 BT_ERR("%s command tx timeout", hdev->name);
3434 atomic_set(&hdev->cmd_cnt, 1);
3435 queue_work(hdev->workqueue, &hdev->cmd_work);
3438 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
3441 struct oob_data *data;
3443 list_for_each_entry(data, &hdev->remote_oob_data, list)
3444 if (bacmp(bdaddr, &data->bdaddr) == 0)
3450 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
3452 struct oob_data *data;
3454 data = hci_find_remote_oob_data(hdev, bdaddr);
3458 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3460 list_del(&data->list);
3466 void hci_remote_oob_data_clear(struct hci_dev *hdev)
3468 struct oob_data *data, *n;
3470 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
3471 list_del(&data->list);
3476 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
3477 u8 *hash, u8 *randomizer)
3479 struct oob_data *data;
3481 data = hci_find_remote_oob_data(hdev, bdaddr);
3483 data = kmalloc(sizeof(*data), GFP_KERNEL);
3487 bacpy(&data->bdaddr, bdaddr);
3488 list_add(&data->list, &hdev->remote_oob_data);
3491 memcpy(data->hash192, hash, sizeof(data->hash192));
3492 memcpy(data->randomizer192, randomizer, sizeof(data->randomizer192));
3494 memset(data->hash256, 0, sizeof(data->hash256));
3495 memset(data->randomizer256, 0, sizeof(data->randomizer256));
3497 BT_DBG("%s for %pMR", hdev->name, bdaddr);
3502 int hci_add_remote_oob_ext_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
3503 u8 *hash192, u8 *randomizer192,
3504 u8 *hash256, u8 *randomizer256)
3506 struct oob_data *data;
3508 data = hci_find_remote_oob_data(hdev, bdaddr);
3510 data = kmalloc(sizeof(*data), GFP_KERNEL);
3514 bacpy(&data->bdaddr, bdaddr);
3515 list_add(&data->list, &hdev->remote_oob_data);
3518 memcpy(data->hash192, hash192, sizeof(data->hash192));
3519 memcpy(data->randomizer192, randomizer192, sizeof(data->randomizer192));
3521 memcpy(data->hash256, hash256, sizeof(data->hash256));
3522 memcpy(data->randomizer256, randomizer256, sizeof(data->randomizer256));
3524 BT_DBG("%s for %pMR", hdev->name, bdaddr);
3529 struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list,
3530 bdaddr_t *bdaddr, u8 type)
3532 struct bdaddr_list *b;
3534 list_for_each_entry(b, bdaddr_list, list) {
3535 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3542 void hci_bdaddr_list_clear(struct list_head *bdaddr_list)
3544 struct list_head *p, *n;
3546 list_for_each_safe(p, n, bdaddr_list) {
3547 struct bdaddr_list *b = list_entry(p, struct bdaddr_list, list);
3554 int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3556 struct bdaddr_list *entry;
3558 if (!bacmp(bdaddr, BDADDR_ANY))
3561 if (hci_bdaddr_list_lookup(list, bdaddr, type))
3564 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
3568 bacpy(&entry->bdaddr, bdaddr);
3569 entry->bdaddr_type = type;
3571 list_add(&entry->list, list);
3576 int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3578 struct bdaddr_list *entry;
3580 if (!bacmp(bdaddr, BDADDR_ANY)) {
3581 hci_bdaddr_list_clear(list);
3585 entry = hci_bdaddr_list_lookup(list, bdaddr, type);
3589 list_del(&entry->list);
3595 /* This function requires the caller holds hdev->lock */
3596 struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
3597 bdaddr_t *addr, u8 addr_type)
3599 struct hci_conn_params *params;
3601 /* The conn params list only contains identity addresses */
3602 if (!hci_is_identity_address(addr, addr_type))
3605 list_for_each_entry(params, &hdev->le_conn_params, list) {
3606 if (bacmp(¶ms->addr, addr) == 0 &&
3607 params->addr_type == addr_type) {
3615 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
3617 struct hci_conn *conn;
3619 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
3623 if (conn->dst_type != type)
3626 if (conn->state != BT_CONNECTED)
3632 /* This function requires the caller holds hdev->lock */
3633 struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
3634 bdaddr_t *addr, u8 addr_type)
3636 struct hci_conn_params *param;
3638 /* The list only contains identity addresses */
3639 if (!hci_is_identity_address(addr, addr_type))
3642 list_for_each_entry(param, list, action) {
3643 if (bacmp(¶m->addr, addr) == 0 &&
3644 param->addr_type == addr_type)
3651 /* This function requires the caller holds hdev->lock */
3652 struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
3653 bdaddr_t *addr, u8 addr_type)
3655 struct hci_conn_params *params;
3657 if (!hci_is_identity_address(addr, addr_type))
3660 params = hci_conn_params_lookup(hdev, addr, addr_type);
3664 params = kzalloc(sizeof(*params), GFP_KERNEL);
3666 BT_ERR("Out of memory");
3670 bacpy(¶ms->addr, addr);
3671 params->addr_type = addr_type;
3673 list_add(¶ms->list, &hdev->le_conn_params);
3674 INIT_LIST_HEAD(¶ms->action);
3676 params->conn_min_interval = hdev->le_conn_min_interval;
3677 params->conn_max_interval = hdev->le_conn_max_interval;
3678 params->conn_latency = hdev->le_conn_latency;
3679 params->supervision_timeout = hdev->le_supv_timeout;
3680 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3682 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3687 /* This function requires the caller holds hdev->lock */
3688 int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type,
3691 struct hci_conn_params *params;
3693 params = hci_conn_params_add(hdev, addr, addr_type);
3697 if (params->auto_connect == auto_connect)
3700 list_del_init(¶ms->action);
3702 switch (auto_connect) {
3703 case HCI_AUTO_CONN_DISABLED:
3704 case HCI_AUTO_CONN_LINK_LOSS:
3705 hci_update_background_scan(hdev);
3707 case HCI_AUTO_CONN_REPORT:
3708 list_add(¶ms->action, &hdev->pend_le_reports);
3709 hci_update_background_scan(hdev);
3711 case HCI_AUTO_CONN_DIRECT:
3712 case HCI_AUTO_CONN_ALWAYS:
3713 if (!is_connected(hdev, addr, addr_type)) {
3714 list_add(¶ms->action, &hdev->pend_le_conns);
3715 hci_update_background_scan(hdev);
3720 params->auto_connect = auto_connect;
3722 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
3728 /* This function requires the caller holds hdev->lock */
3729 void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
3731 struct hci_conn_params *params;
3733 params = hci_conn_params_lookup(hdev, addr, addr_type);
3738 hci_conn_drop(params->conn);
3740 list_del(¶ms->action);
3741 list_del(¶ms->list);
3744 hci_update_background_scan(hdev);
3746 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3749 /* This function requires the caller holds hdev->lock */
3750 void hci_conn_params_clear_disabled(struct hci_dev *hdev)
3752 struct hci_conn_params *params, *tmp;
3754 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
3755 if (params->auto_connect != HCI_AUTO_CONN_DISABLED)
3757 list_del(¶ms->list);
3761 BT_DBG("All LE disabled connection parameters were removed");
3764 /* This function requires the caller holds hdev->lock */
3765 void hci_conn_params_clear_all(struct hci_dev *hdev)
3767 struct hci_conn_params *params, *tmp;
3769 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
3771 hci_conn_drop(params->conn);
3772 list_del(¶ms->action);
3773 list_del(¶ms->list);
3777 hci_update_background_scan(hdev);
3779 BT_DBG("All LE connection parameters were removed");
3782 static void inquiry_complete(struct hci_dev *hdev, u8 status)
3785 BT_ERR("Failed to start inquiry: status %d", status);
3788 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3789 hci_dev_unlock(hdev);
3794 static void le_scan_disable_work_complete(struct hci_dev *hdev, u8 status)
3796 /* General inquiry access code (GIAC) */
3797 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3798 struct hci_request req;
3799 struct hci_cp_inquiry cp;
3803 BT_ERR("Failed to disable LE scanning: status %d", status);
3807 switch (hdev->discovery.type) {
3808 case DISCOV_TYPE_LE:
3810 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3811 hci_dev_unlock(hdev);
3814 case DISCOV_TYPE_INTERLEAVED:
3815 hci_req_init(&req, hdev);
3817 memset(&cp, 0, sizeof(cp));
3818 memcpy(&cp.lap, lap, sizeof(cp.lap));
3819 cp.length = DISCOV_INTERLEAVED_INQUIRY_LEN;
3820 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(cp), &cp);
3824 hci_inquiry_cache_flush(hdev);
3826 err = hci_req_run(&req, inquiry_complete);
3828 BT_ERR("Inquiry request failed: err %d", err);
3829 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3832 hci_dev_unlock(hdev);
3837 static void le_scan_disable_work(struct work_struct *work)
3839 struct hci_dev *hdev = container_of(work, struct hci_dev,
3840 le_scan_disable.work);
3841 struct hci_request req;
3844 BT_DBG("%s", hdev->name);
3846 hci_req_init(&req, hdev);
3848 hci_req_add_le_scan_disable(&req);
3850 err = hci_req_run(&req, le_scan_disable_work_complete);
3852 BT_ERR("Disable LE scanning request failed: err %d", err);
3855 static void set_random_addr(struct hci_request *req, bdaddr_t *rpa)
3857 struct hci_dev *hdev = req->hdev;
3859 /* If we're advertising or initiating an LE connection we can't
3860 * go ahead and change the random address at this time. This is
3861 * because the eventual initiator address used for the
3862 * subsequently created connection will be undefined (some
3863 * controllers use the new address and others the one we had
3864 * when the operation started).
3866 * In this kind of scenario skip the update and let the random
3867 * address be updated at the next cycle.
3869 if (test_bit(HCI_LE_ADV, &hdev->dev_flags) ||
3870 hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
3871 BT_DBG("Deferring random address update");
3875 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa);
3878 int hci_update_random_address(struct hci_request *req, bool require_privacy,
3881 struct hci_dev *hdev = req->hdev;
3884 /* If privacy is enabled use a resolvable private address. If
3885 * current RPA has expired or there is something else than
3886 * the current RPA in use, then generate a new one.
3888 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
3891 *own_addr_type = ADDR_LE_DEV_RANDOM;
3893 if (!test_and_clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags) &&
3894 !bacmp(&hdev->random_addr, &hdev->rpa))
3897 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
3899 BT_ERR("%s failed to generate new RPA", hdev->name);
3903 set_random_addr(req, &hdev->rpa);
3905 to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
3906 queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to);
3911 /* In case of required privacy without resolvable private address,
3912 * use an unresolvable private address. This is useful for active
3913 * scanning and non-connectable advertising.
3915 if (require_privacy) {
3918 get_random_bytes(&urpa, 6);
3919 urpa.b[5] &= 0x3f; /* Clear two most significant bits */
3921 *own_addr_type = ADDR_LE_DEV_RANDOM;
3922 set_random_addr(req, &urpa);
3926 /* If forcing static address is in use or there is no public
3927 * address use the static address as random address (but skip
3928 * the HCI command if the current random address is already the
3931 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
3932 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
3933 *own_addr_type = ADDR_LE_DEV_RANDOM;
3934 if (bacmp(&hdev->static_addr, &hdev->random_addr))
3935 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3936 &hdev->static_addr);
3940 /* Neither privacy nor static address is being used so use a
3943 *own_addr_type = ADDR_LE_DEV_PUBLIC;
3948 /* Copy the Identity Address of the controller.
3950 * If the controller has a public BD_ADDR, then by default use that one.
3951 * If this is a LE only controller without a public address, default to
3952 * the static random address.
3954 * For debugging purposes it is possible to force controllers with a
3955 * public address to use the static random address instead.
3957 void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
3960 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
3961 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
3962 bacpy(bdaddr, &hdev->static_addr);
3963 *bdaddr_type = ADDR_LE_DEV_RANDOM;
3965 bacpy(bdaddr, &hdev->bdaddr);
3966 *bdaddr_type = ADDR_LE_DEV_PUBLIC;
3970 /* Alloc HCI device */
3971 struct hci_dev *hci_alloc_dev(void)
3973 struct hci_dev *hdev;
3975 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
3979 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
3980 hdev->esco_type = (ESCO_HV1);
3981 hdev->link_mode = (HCI_LM_ACCEPT);
3982 hdev->num_iac = 0x01; /* One IAC support is mandatory */
3983 hdev->io_capability = 0x03; /* No Input No Output */
3984 hdev->manufacturer = 0xffff; /* Default to internal use */
3985 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
3986 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3988 hdev->sniff_max_interval = 800;
3989 hdev->sniff_min_interval = 80;
3991 hdev->le_adv_channel_map = 0x07;
3992 hdev->le_adv_min_interval = 0x0800;
3993 hdev->le_adv_max_interval = 0x0800;
3994 hdev->le_scan_interval = 0x0060;
3995 hdev->le_scan_window = 0x0030;
3996 hdev->le_conn_min_interval = 0x0028;
3997 hdev->le_conn_max_interval = 0x0038;
3998 hdev->le_conn_latency = 0x0000;
3999 hdev->le_supv_timeout = 0x002a;
4001 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
4002 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
4003 hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
4004 hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
4006 mutex_init(&hdev->lock);
4007 mutex_init(&hdev->req_lock);
4009 INIT_LIST_HEAD(&hdev->mgmt_pending);
4010 INIT_LIST_HEAD(&hdev->blacklist);
4011 INIT_LIST_HEAD(&hdev->whitelist);
4012 INIT_LIST_HEAD(&hdev->uuids);
4013 INIT_LIST_HEAD(&hdev->link_keys);
4014 INIT_LIST_HEAD(&hdev->long_term_keys);
4015 INIT_LIST_HEAD(&hdev->identity_resolving_keys);
4016 INIT_LIST_HEAD(&hdev->remote_oob_data);
4017 INIT_LIST_HEAD(&hdev->le_white_list);
4018 INIT_LIST_HEAD(&hdev->le_conn_params);
4019 INIT_LIST_HEAD(&hdev->pend_le_conns);
4020 INIT_LIST_HEAD(&hdev->pend_le_reports);
4021 INIT_LIST_HEAD(&hdev->conn_hash.list);
4023 INIT_WORK(&hdev->rx_work, hci_rx_work);
4024 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
4025 INIT_WORK(&hdev->tx_work, hci_tx_work);
4026 INIT_WORK(&hdev->power_on, hci_power_on);
4028 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
4029 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
4030 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
4032 skb_queue_head_init(&hdev->rx_q);
4033 skb_queue_head_init(&hdev->cmd_q);
4034 skb_queue_head_init(&hdev->raw_q);
4036 init_waitqueue_head(&hdev->req_wait_q);
4038 INIT_DELAYED_WORK(&hdev->cmd_timer, hci_cmd_timeout);
4040 hci_init_sysfs(hdev);
4041 discovery_init(hdev);
4045 EXPORT_SYMBOL(hci_alloc_dev);
4047 /* Free HCI device */
4048 void hci_free_dev(struct hci_dev *hdev)
4050 /* will free via device release */
4051 put_device(&hdev->dev);
4053 EXPORT_SYMBOL(hci_free_dev);
4055 /* Register HCI device */
4056 int hci_register_dev(struct hci_dev *hdev)
4060 if (!hdev->open || !hdev->close || !hdev->send)
4063 /* Do not allow HCI_AMP devices to register at index 0,
4064 * so the index can be used as the AMP controller ID.
4066 switch (hdev->dev_type) {
4068 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
4071 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
4080 sprintf(hdev->name, "hci%d", id);
4083 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
4085 hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
4086 WQ_MEM_RECLAIM, 1, hdev->name);
4087 if (!hdev->workqueue) {
4092 hdev->req_workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
4093 WQ_MEM_RECLAIM, 1, hdev->name);
4094 if (!hdev->req_workqueue) {
4095 destroy_workqueue(hdev->workqueue);
4100 if (!IS_ERR_OR_NULL(bt_debugfs))
4101 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
4103 dev_set_name(&hdev->dev, "%s", hdev->name);
4105 error = device_add(&hdev->dev);
4109 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
4110 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
4113 if (rfkill_register(hdev->rfkill) < 0) {
4114 rfkill_destroy(hdev->rfkill);
4115 hdev->rfkill = NULL;
4119 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
4120 set_bit(HCI_RFKILLED, &hdev->dev_flags);
4122 set_bit(HCI_SETUP, &hdev->dev_flags);
4123 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
4125 if (hdev->dev_type == HCI_BREDR) {
4126 /* Assume BR/EDR support until proven otherwise (such as
4127 * through reading supported features during init.
4129 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4132 write_lock(&hci_dev_list_lock);
4133 list_add(&hdev->list, &hci_dev_list);
4134 write_unlock(&hci_dev_list_lock);
4136 /* Devices that are marked for raw-only usage are unconfigured
4137 * and should not be included in normal operation.
4139 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
4140 set_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
4142 hci_notify(hdev, HCI_DEV_REG);
4145 queue_work(hdev->req_workqueue, &hdev->power_on);
4150 destroy_workqueue(hdev->workqueue);
4151 destroy_workqueue(hdev->req_workqueue);
4153 ida_simple_remove(&hci_index_ida, hdev->id);
4157 EXPORT_SYMBOL(hci_register_dev);
4159 /* Unregister HCI device */
4160 void hci_unregister_dev(struct hci_dev *hdev)
4164 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
4166 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
4170 write_lock(&hci_dev_list_lock);
4171 list_del(&hdev->list);
4172 write_unlock(&hci_dev_list_lock);
4174 hci_dev_do_close(hdev);
4176 for (i = 0; i < NUM_REASSEMBLY; i++)
4177 kfree_skb(hdev->reassembly[i]);
4179 cancel_work_sync(&hdev->power_on);
4181 if (!test_bit(HCI_INIT, &hdev->flags) &&
4182 !test_bit(HCI_SETUP, &hdev->dev_flags) &&
4183 !test_bit(HCI_CONFIG, &hdev->dev_flags)) {
4185 mgmt_index_removed(hdev);
4186 hci_dev_unlock(hdev);
4189 /* mgmt_index_removed should take care of emptying the
4191 BUG_ON(!list_empty(&hdev->mgmt_pending));
4193 hci_notify(hdev, HCI_DEV_UNREG);
4196 rfkill_unregister(hdev->rfkill);
4197 rfkill_destroy(hdev->rfkill);
4200 smp_unregister(hdev);
4202 device_del(&hdev->dev);
4204 debugfs_remove_recursive(hdev->debugfs);
4206 destroy_workqueue(hdev->workqueue);
4207 destroy_workqueue(hdev->req_workqueue);
4210 hci_bdaddr_list_clear(&hdev->blacklist);
4211 hci_bdaddr_list_clear(&hdev->whitelist);
4212 hci_uuids_clear(hdev);
4213 hci_link_keys_clear(hdev);
4214 hci_smp_ltks_clear(hdev);
4215 hci_smp_irks_clear(hdev);
4216 hci_remote_oob_data_clear(hdev);
4217 hci_bdaddr_list_clear(&hdev->le_white_list);
4218 hci_conn_params_clear_all(hdev);
4219 hci_dev_unlock(hdev);
4223 ida_simple_remove(&hci_index_ida, id);
4225 EXPORT_SYMBOL(hci_unregister_dev);
4227 /* Suspend HCI device */
4228 int hci_suspend_dev(struct hci_dev *hdev)
4230 hci_notify(hdev, HCI_DEV_SUSPEND);
4233 EXPORT_SYMBOL(hci_suspend_dev);
4235 /* Resume HCI device */
4236 int hci_resume_dev(struct hci_dev *hdev)
4238 hci_notify(hdev, HCI_DEV_RESUME);
4241 EXPORT_SYMBOL(hci_resume_dev);
4243 /* Receive frame from HCI drivers */
4244 int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
4246 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
4247 && !test_bit(HCI_INIT, &hdev->flags))) {
4253 bt_cb(skb)->incoming = 1;
4256 __net_timestamp(skb);
4258 skb_queue_tail(&hdev->rx_q, skb);
4259 queue_work(hdev->workqueue, &hdev->rx_work);
4263 EXPORT_SYMBOL(hci_recv_frame);
4265 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
4266 int count, __u8 index)
4271 struct sk_buff *skb;
4272 struct bt_skb_cb *scb;
4274 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
4275 index >= NUM_REASSEMBLY)
4278 skb = hdev->reassembly[index];
4282 case HCI_ACLDATA_PKT:
4283 len = HCI_MAX_FRAME_SIZE;
4284 hlen = HCI_ACL_HDR_SIZE;
4287 len = HCI_MAX_EVENT_SIZE;
4288 hlen = HCI_EVENT_HDR_SIZE;
4290 case HCI_SCODATA_PKT:
4291 len = HCI_MAX_SCO_SIZE;
4292 hlen = HCI_SCO_HDR_SIZE;
4296 skb = bt_skb_alloc(len, GFP_ATOMIC);
4300 scb = (void *) skb->cb;
4302 scb->pkt_type = type;
4304 hdev->reassembly[index] = skb;
4308 scb = (void *) skb->cb;
4309 len = min_t(uint, scb->expect, count);
4311 memcpy(skb_put(skb, len), data, len);
4320 if (skb->len == HCI_EVENT_HDR_SIZE) {
4321 struct hci_event_hdr *h = hci_event_hdr(skb);
4322 scb->expect = h->plen;
4324 if (skb_tailroom(skb) < scb->expect) {
4326 hdev->reassembly[index] = NULL;
4332 case HCI_ACLDATA_PKT:
4333 if (skb->len == HCI_ACL_HDR_SIZE) {
4334 struct hci_acl_hdr *h = hci_acl_hdr(skb);
4335 scb->expect = __le16_to_cpu(h->dlen);
4337 if (skb_tailroom(skb) < scb->expect) {
4339 hdev->reassembly[index] = NULL;
4345 case HCI_SCODATA_PKT:
4346 if (skb->len == HCI_SCO_HDR_SIZE) {
4347 struct hci_sco_hdr *h = hci_sco_hdr(skb);
4348 scb->expect = h->dlen;
4350 if (skb_tailroom(skb) < scb->expect) {
4352 hdev->reassembly[index] = NULL;
4359 if (scb->expect == 0) {
4360 /* Complete frame */
4362 bt_cb(skb)->pkt_type = type;
4363 hci_recv_frame(hdev, skb);
4365 hdev->reassembly[index] = NULL;
4373 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
4377 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
4381 rem = hci_reassembly(hdev, type, data, count, type - 1);
4385 data += (count - rem);
4391 EXPORT_SYMBOL(hci_recv_fragment);
4393 #define STREAM_REASSEMBLY 0
4395 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
4401 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
4404 struct { char type; } *pkt;
4406 /* Start of the frame */
4413 type = bt_cb(skb)->pkt_type;
4415 rem = hci_reassembly(hdev, type, data, count,
4420 data += (count - rem);
4426 EXPORT_SYMBOL(hci_recv_stream_fragment);
4428 /* ---- Interface to upper protocols ---- */
4430 int hci_register_cb(struct hci_cb *cb)
4432 BT_DBG("%p name %s", cb, cb->name);
4434 write_lock(&hci_cb_list_lock);
4435 list_add(&cb->list, &hci_cb_list);
4436 write_unlock(&hci_cb_list_lock);
4440 EXPORT_SYMBOL(hci_register_cb);
4442 int hci_unregister_cb(struct hci_cb *cb)
4444 BT_DBG("%p name %s", cb, cb->name);
4446 write_lock(&hci_cb_list_lock);
4447 list_del(&cb->list);
4448 write_unlock(&hci_cb_list_lock);
4452 EXPORT_SYMBOL(hci_unregister_cb);
4454 static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
4458 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
4461 __net_timestamp(skb);
4463 /* Send copy to monitor */
4464 hci_send_to_monitor(hdev, skb);
4466 if (atomic_read(&hdev->promisc)) {
4467 /* Send copy to the sockets */
4468 hci_send_to_sock(hdev, skb);
4471 /* Get rid of skb owner, prior to sending to the driver. */
4474 err = hdev->send(hdev, skb);
4476 BT_ERR("%s sending frame failed (%d)", hdev->name, err);
4481 void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
4483 skb_queue_head_init(&req->cmd_q);
4488 int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
4490 struct hci_dev *hdev = req->hdev;
4491 struct sk_buff *skb;
4492 unsigned long flags;
4494 BT_DBG("length %u", skb_queue_len(&req->cmd_q));
4496 /* If an error occured during request building, remove all HCI
4497 * commands queued on the HCI request queue.
4500 skb_queue_purge(&req->cmd_q);
4504 /* Do not allow empty requests */
4505 if (skb_queue_empty(&req->cmd_q))
4508 skb = skb_peek_tail(&req->cmd_q);
4509 bt_cb(skb)->req.complete = complete;
4511 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4512 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
4513 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
4515 queue_work(hdev->workqueue, &hdev->cmd_work);
4520 bool hci_req_pending(struct hci_dev *hdev)
4522 return (hdev->req_status == HCI_REQ_PEND);
4525 static struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode,
4526 u32 plen, const void *param)
4528 int len = HCI_COMMAND_HDR_SIZE + plen;
4529 struct hci_command_hdr *hdr;
4530 struct sk_buff *skb;
4532 skb = bt_skb_alloc(len, GFP_ATOMIC);
4536 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
4537 hdr->opcode = cpu_to_le16(opcode);
4541 memcpy(skb_put(skb, plen), param, plen);
4543 BT_DBG("skb len %d", skb->len);
4545 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
4550 /* Send HCI command */
4551 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
4554 struct sk_buff *skb;
4556 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
4558 skb = hci_prepare_cmd(hdev, opcode, plen, param);
4560 BT_ERR("%s no memory for command", hdev->name);
4564 /* Stand-alone HCI commands must be flaged as
4565 * single-command requests.
4567 bt_cb(skb)->req.start = true;
4569 skb_queue_tail(&hdev->cmd_q, skb);
4570 queue_work(hdev->workqueue, &hdev->cmd_work);
4575 /* Queue a command to an asynchronous HCI request */
4576 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
4577 const void *param, u8 event)
4579 struct hci_dev *hdev = req->hdev;
4580 struct sk_buff *skb;
4582 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
4584 /* If an error occured during request building, there is no point in
4585 * queueing the HCI command. We can simply return.
4590 skb = hci_prepare_cmd(hdev, opcode, plen, param);
4592 BT_ERR("%s no memory for command (opcode 0x%4.4x)",
4593 hdev->name, opcode);
4598 if (skb_queue_empty(&req->cmd_q))
4599 bt_cb(skb)->req.start = true;
4601 bt_cb(skb)->req.event = event;
4603 skb_queue_tail(&req->cmd_q, skb);
4606 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
4609 hci_req_add_ev(req, opcode, plen, param, 0);
4612 /* Get data from the previously sent command */
4613 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
4615 struct hci_command_hdr *hdr;
4617 if (!hdev->sent_cmd)
4620 hdr = (void *) hdev->sent_cmd->data;
4622 if (hdr->opcode != cpu_to_le16(opcode))
4625 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
4627 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
4631 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
4633 struct hci_acl_hdr *hdr;
4636 skb_push(skb, HCI_ACL_HDR_SIZE);
4637 skb_reset_transport_header(skb);
4638 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
4639 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
4640 hdr->dlen = cpu_to_le16(len);
4643 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
4644 struct sk_buff *skb, __u16 flags)
4646 struct hci_conn *conn = chan->conn;
4647 struct hci_dev *hdev = conn->hdev;
4648 struct sk_buff *list;
4650 skb->len = skb_headlen(skb);
4653 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
4655 switch (hdev->dev_type) {
4657 hci_add_acl_hdr(skb, conn->handle, flags);
4660 hci_add_acl_hdr(skb, chan->handle, flags);
4663 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
4667 list = skb_shinfo(skb)->frag_list;
4669 /* Non fragmented */
4670 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
4672 skb_queue_tail(queue, skb);
4675 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
4677 skb_shinfo(skb)->frag_list = NULL;
4679 /* Queue all fragments atomically */
4680 spin_lock(&queue->lock);
4682 __skb_queue_tail(queue, skb);
4684 flags &= ~ACL_START;
4687 skb = list; list = list->next;
4689 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
4690 hci_add_acl_hdr(skb, conn->handle, flags);
4692 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
4694 __skb_queue_tail(queue, skb);
4697 spin_unlock(&queue->lock);
4701 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
4703 struct hci_dev *hdev = chan->conn->hdev;
4705 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
4707 hci_queue_acl(chan, &chan->data_q, skb, flags);
4709 queue_work(hdev->workqueue, &hdev->tx_work);
4713 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
4715 struct hci_dev *hdev = conn->hdev;
4716 struct hci_sco_hdr hdr;
4718 BT_DBG("%s len %d", hdev->name, skb->len);
4720 hdr.handle = cpu_to_le16(conn->handle);
4721 hdr.dlen = skb->len;
4723 skb_push(skb, HCI_SCO_HDR_SIZE);
4724 skb_reset_transport_header(skb);
4725 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
4727 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
4729 skb_queue_tail(&conn->data_q, skb);
4730 queue_work(hdev->workqueue, &hdev->tx_work);
4733 /* ---- HCI TX task (outgoing data) ---- */
4735 /* HCI Connection scheduler */
4736 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
4739 struct hci_conn_hash *h = &hdev->conn_hash;
4740 struct hci_conn *conn = NULL, *c;
4741 unsigned int num = 0, min = ~0;
4743 /* We don't have to lock device here. Connections are always
4744 * added and removed with TX task disabled. */
4748 list_for_each_entry_rcu(c, &h->list, list) {
4749 if (c->type != type || skb_queue_empty(&c->data_q))
4752 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
4757 if (c->sent < min) {
4762 if (hci_conn_num(hdev, type) == num)
4771 switch (conn->type) {
4773 cnt = hdev->acl_cnt;
4777 cnt = hdev->sco_cnt;
4780 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
4784 BT_ERR("Unknown link type");
4792 BT_DBG("conn %p quote %d", conn, *quote);
4796 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
4798 struct hci_conn_hash *h = &hdev->conn_hash;
4801 BT_ERR("%s link tx timeout", hdev->name);
4805 /* Kill stalled connections */
4806 list_for_each_entry_rcu(c, &h->list, list) {
4807 if (c->type == type && c->sent) {
4808 BT_ERR("%s killing stalled connection %pMR",
4809 hdev->name, &c->dst);
4810 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
4817 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
4820 struct hci_conn_hash *h = &hdev->conn_hash;
4821 struct hci_chan *chan = NULL;
4822 unsigned int num = 0, min = ~0, cur_prio = 0;
4823 struct hci_conn *conn;
4824 int cnt, q, conn_num = 0;
4826 BT_DBG("%s", hdev->name);
4830 list_for_each_entry_rcu(conn, &h->list, list) {
4831 struct hci_chan *tmp;
4833 if (conn->type != type)
4836 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
4841 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
4842 struct sk_buff *skb;
4844 if (skb_queue_empty(&tmp->data_q))
4847 skb = skb_peek(&tmp->data_q);
4848 if (skb->priority < cur_prio)
4851 if (skb->priority > cur_prio) {
4854 cur_prio = skb->priority;
4859 if (conn->sent < min) {
4865 if (hci_conn_num(hdev, type) == conn_num)
4874 switch (chan->conn->type) {
4876 cnt = hdev->acl_cnt;
4879 cnt = hdev->block_cnt;
4883 cnt = hdev->sco_cnt;
4886 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
4890 BT_ERR("Unknown link type");
4895 BT_DBG("chan %p quote %d", chan, *quote);
4899 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
4901 struct hci_conn_hash *h = &hdev->conn_hash;
4902 struct hci_conn *conn;
4905 BT_DBG("%s", hdev->name);
4909 list_for_each_entry_rcu(conn, &h->list, list) {
4910 struct hci_chan *chan;
4912 if (conn->type != type)
4915 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
4920 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
4921 struct sk_buff *skb;
4928 if (skb_queue_empty(&chan->data_q))
4931 skb = skb_peek(&chan->data_q);
4932 if (skb->priority >= HCI_PRIO_MAX - 1)
4935 skb->priority = HCI_PRIO_MAX - 1;
4937 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
4941 if (hci_conn_num(hdev, type) == num)
4949 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
4951 /* Calculate count of blocks used by this packet */
4952 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
4955 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
4957 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
4958 /* ACL tx timeout must be longer than maximum
4959 * link supervision timeout (40.9 seconds) */
4960 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
4961 HCI_ACL_TX_TIMEOUT))
4962 hci_link_tx_to(hdev, ACL_LINK);
4966 static void hci_sched_acl_pkt(struct hci_dev *hdev)
4968 unsigned int cnt = hdev->acl_cnt;
4969 struct hci_chan *chan;
4970 struct sk_buff *skb;
4973 __check_timeout(hdev, cnt);
4975 while (hdev->acl_cnt &&
4976 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
4977 u32 priority = (skb_peek(&chan->data_q))->priority;
4978 while (quote-- && (skb = skb_peek(&chan->data_q))) {
4979 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4980 skb->len, skb->priority);
4982 /* Stop if priority has changed */
4983 if (skb->priority < priority)
4986 skb = skb_dequeue(&chan->data_q);
4988 hci_conn_enter_active_mode(chan->conn,
4989 bt_cb(skb)->force_active);
4991 hci_send_frame(hdev, skb);
4992 hdev->acl_last_tx = jiffies;
5000 if (cnt != hdev->acl_cnt)
5001 hci_prio_recalculate(hdev, ACL_LINK);
5004 static void hci_sched_acl_blk(struct hci_dev *hdev)
5006 unsigned int cnt = hdev->block_cnt;
5007 struct hci_chan *chan;
5008 struct sk_buff *skb;
5012 __check_timeout(hdev, cnt);
5014 BT_DBG("%s", hdev->name);
5016 if (hdev->dev_type == HCI_AMP)
5021 while (hdev->block_cnt > 0 &&
5022 (chan = hci_chan_sent(hdev, type, "e))) {
5023 u32 priority = (skb_peek(&chan->data_q))->priority;
5024 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
5027 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
5028 skb->len, skb->priority);
5030 /* Stop if priority has changed */
5031 if (skb->priority < priority)
5034 skb = skb_dequeue(&chan->data_q);
5036 blocks = __get_blocks(hdev, skb);
5037 if (blocks > hdev->block_cnt)
5040 hci_conn_enter_active_mode(chan->conn,
5041 bt_cb(skb)->force_active);
5043 hci_send_frame(hdev, skb);
5044 hdev->acl_last_tx = jiffies;
5046 hdev->block_cnt -= blocks;
5049 chan->sent += blocks;
5050 chan->conn->sent += blocks;
5054 if (cnt != hdev->block_cnt)
5055 hci_prio_recalculate(hdev, type);
5058 static void hci_sched_acl(struct hci_dev *hdev)
5060 BT_DBG("%s", hdev->name);
5062 /* No ACL link over BR/EDR controller */
5063 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR)
5066 /* No AMP link over AMP controller */
5067 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
5070 switch (hdev->flow_ctl_mode) {
5071 case HCI_FLOW_CTL_MODE_PACKET_BASED:
5072 hci_sched_acl_pkt(hdev);
5075 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
5076 hci_sched_acl_blk(hdev);
5082 static void hci_sched_sco(struct hci_dev *hdev)
5084 struct hci_conn *conn;
5085 struct sk_buff *skb;
5088 BT_DBG("%s", hdev->name);
5090 if (!hci_conn_num(hdev, SCO_LINK))
5093 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
5094 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
5095 BT_DBG("skb %p len %d", skb, skb->len);
5096 hci_send_frame(hdev, skb);
5099 if (conn->sent == ~0)
5105 static void hci_sched_esco(struct hci_dev *hdev)
5107 struct hci_conn *conn;
5108 struct sk_buff *skb;
5111 BT_DBG("%s", hdev->name);
5113 if (!hci_conn_num(hdev, ESCO_LINK))
5116 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
5118 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
5119 BT_DBG("skb %p len %d", skb, skb->len);
5120 hci_send_frame(hdev, skb);
5123 if (conn->sent == ~0)
5129 static void hci_sched_le(struct hci_dev *hdev)
5131 struct hci_chan *chan;
5132 struct sk_buff *skb;
5133 int quote, cnt, tmp;
5135 BT_DBG("%s", hdev->name);
5137 if (!hci_conn_num(hdev, LE_LINK))
5140 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5141 /* LE tx timeout must be longer than maximum
5142 * link supervision timeout (40.9 seconds) */
5143 if (!hdev->le_cnt && hdev->le_pkts &&
5144 time_after(jiffies, hdev->le_last_tx + HZ * 45))
5145 hci_link_tx_to(hdev, LE_LINK);
5148 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
5150 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
5151 u32 priority = (skb_peek(&chan->data_q))->priority;
5152 while (quote-- && (skb = skb_peek(&chan->data_q))) {
5153 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
5154 skb->len, skb->priority);
5156 /* Stop if priority has changed */
5157 if (skb->priority < priority)
5160 skb = skb_dequeue(&chan->data_q);
5162 hci_send_frame(hdev, skb);
5163 hdev->le_last_tx = jiffies;
5174 hdev->acl_cnt = cnt;
5177 hci_prio_recalculate(hdev, LE_LINK);
5180 static void hci_tx_work(struct work_struct *work)
5182 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
5183 struct sk_buff *skb;
5185 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
5186 hdev->sco_cnt, hdev->le_cnt);
5188 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
5189 /* Schedule queues and send stuff to HCI driver */
5190 hci_sched_acl(hdev);
5191 hci_sched_sco(hdev);
5192 hci_sched_esco(hdev);
5196 /* Send next queued raw (unknown type) packet */
5197 while ((skb = skb_dequeue(&hdev->raw_q)))
5198 hci_send_frame(hdev, skb);
5201 /* ----- HCI RX task (incoming data processing) ----- */
5203 /* ACL data packet */
5204 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
5206 struct hci_acl_hdr *hdr = (void *) skb->data;
5207 struct hci_conn *conn;
5208 __u16 handle, flags;
5210 skb_pull(skb, HCI_ACL_HDR_SIZE);
5212 handle = __le16_to_cpu(hdr->handle);
5213 flags = hci_flags(handle);
5214 handle = hci_handle(handle);
5216 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
5219 hdev->stat.acl_rx++;
5222 conn = hci_conn_hash_lookup_handle(hdev, handle);
5223 hci_dev_unlock(hdev);
5226 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
5228 /* Send to upper protocol */
5229 l2cap_recv_acldata(conn, skb, flags);
5232 BT_ERR("%s ACL packet for unknown connection handle %d",
5233 hdev->name, handle);
5239 /* SCO data packet */
5240 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
5242 struct hci_sco_hdr *hdr = (void *) skb->data;
5243 struct hci_conn *conn;
5246 skb_pull(skb, HCI_SCO_HDR_SIZE);
5248 handle = __le16_to_cpu(hdr->handle);
5250 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
5252 hdev->stat.sco_rx++;
5255 conn = hci_conn_hash_lookup_handle(hdev, handle);
5256 hci_dev_unlock(hdev);
5259 /* Send to upper protocol */
5260 sco_recv_scodata(conn, skb);
5263 BT_ERR("%s SCO packet for unknown connection handle %d",
5264 hdev->name, handle);
5270 static bool hci_req_is_complete(struct hci_dev *hdev)
5272 struct sk_buff *skb;
5274 skb = skb_peek(&hdev->cmd_q);
5278 return bt_cb(skb)->req.start;
5281 static void hci_resend_last(struct hci_dev *hdev)
5283 struct hci_command_hdr *sent;
5284 struct sk_buff *skb;
5287 if (!hdev->sent_cmd)
5290 sent = (void *) hdev->sent_cmd->data;
5291 opcode = __le16_to_cpu(sent->opcode);
5292 if (opcode == HCI_OP_RESET)
5295 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
5299 skb_queue_head(&hdev->cmd_q, skb);
5300 queue_work(hdev->workqueue, &hdev->cmd_work);
5303 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status)
5305 hci_req_complete_t req_complete = NULL;
5306 struct sk_buff *skb;
5307 unsigned long flags;
5309 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
5311 /* If the completed command doesn't match the last one that was
5312 * sent we need to do special handling of it.
5314 if (!hci_sent_cmd_data(hdev, opcode)) {
5315 /* Some CSR based controllers generate a spontaneous
5316 * reset complete event during init and any pending
5317 * command will never be completed. In such a case we
5318 * need to resend whatever was the last sent
5321 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
5322 hci_resend_last(hdev);
5327 /* If the command succeeded and there's still more commands in
5328 * this request the request is not yet complete.
5330 if (!status && !hci_req_is_complete(hdev))
5333 /* If this was the last command in a request the complete
5334 * callback would be found in hdev->sent_cmd instead of the
5335 * command queue (hdev->cmd_q).
5337 if (hdev->sent_cmd) {
5338 req_complete = bt_cb(hdev->sent_cmd)->req.complete;
5341 /* We must set the complete callback to NULL to
5342 * avoid calling the callback more than once if
5343 * this function gets called again.
5345 bt_cb(hdev->sent_cmd)->req.complete = NULL;
5351 /* Remove all pending commands belonging to this request */
5352 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
5353 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
5354 if (bt_cb(skb)->req.start) {
5355 __skb_queue_head(&hdev->cmd_q, skb);
5359 req_complete = bt_cb(skb)->req.complete;
5362 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
5366 req_complete(hdev, status);
5369 static void hci_rx_work(struct work_struct *work)
5371 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
5372 struct sk_buff *skb;
5374 BT_DBG("%s", hdev->name);
5376 while ((skb = skb_dequeue(&hdev->rx_q))) {
5377 /* Send copy to monitor */
5378 hci_send_to_monitor(hdev, skb);
5380 if (atomic_read(&hdev->promisc)) {
5381 /* Send copy to the sockets */
5382 hci_send_to_sock(hdev, skb);
5385 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
5390 if (test_bit(HCI_INIT, &hdev->flags)) {
5391 /* Don't process data packets in this states. */
5392 switch (bt_cb(skb)->pkt_type) {
5393 case HCI_ACLDATA_PKT:
5394 case HCI_SCODATA_PKT:
5401 switch (bt_cb(skb)->pkt_type) {
5403 BT_DBG("%s Event packet", hdev->name);
5404 hci_event_packet(hdev, skb);
5407 case HCI_ACLDATA_PKT:
5408 BT_DBG("%s ACL data packet", hdev->name);
5409 hci_acldata_packet(hdev, skb);
5412 case HCI_SCODATA_PKT:
5413 BT_DBG("%s SCO data packet", hdev->name);
5414 hci_scodata_packet(hdev, skb);
5424 static void hci_cmd_work(struct work_struct *work)
5426 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
5427 struct sk_buff *skb;
5429 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
5430 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
5432 /* Send queued commands */
5433 if (atomic_read(&hdev->cmd_cnt)) {
5434 skb = skb_dequeue(&hdev->cmd_q);
5438 kfree_skb(hdev->sent_cmd);
5440 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
5441 if (hdev->sent_cmd) {
5442 atomic_dec(&hdev->cmd_cnt);
5443 hci_send_frame(hdev, skb);
5444 if (test_bit(HCI_RESET, &hdev->flags))
5445 cancel_delayed_work(&hdev->cmd_timer);
5447 schedule_delayed_work(&hdev->cmd_timer,
5450 skb_queue_head(&hdev->cmd_q, skb);
5451 queue_work(hdev->workqueue, &hdev->cmd_work);
5456 void hci_req_add_le_scan_disable(struct hci_request *req)
5458 struct hci_cp_le_set_scan_enable cp;
5460 memset(&cp, 0, sizeof(cp));
5461 cp.enable = LE_SCAN_DISABLE;
5462 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
5465 static void add_to_white_list(struct hci_request *req,
5466 struct hci_conn_params *params)
5468 struct hci_cp_le_add_to_white_list cp;
5470 cp.bdaddr_type = params->addr_type;
5471 bacpy(&cp.bdaddr, ¶ms->addr);
5473 hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp);
5476 static u8 update_white_list(struct hci_request *req)
5478 struct hci_dev *hdev = req->hdev;
5479 struct hci_conn_params *params;
5480 struct bdaddr_list *b;
5481 uint8_t white_list_entries = 0;
5483 /* Go through the current white list programmed into the
5484 * controller one by one and check if that address is still
5485 * in the list of pending connections or list of devices to
5486 * report. If not present in either list, then queue the
5487 * command to remove it from the controller.
5489 list_for_each_entry(b, &hdev->le_white_list, list) {
5490 struct hci_cp_le_del_from_white_list cp;
5492 if (hci_pend_le_action_lookup(&hdev->pend_le_conns,
5493 &b->bdaddr, b->bdaddr_type) ||
5494 hci_pend_le_action_lookup(&hdev->pend_le_reports,
5495 &b->bdaddr, b->bdaddr_type)) {
5496 white_list_entries++;
5500 cp.bdaddr_type = b->bdaddr_type;
5501 bacpy(&cp.bdaddr, &b->bdaddr);
5503 hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST,
5507 /* Since all no longer valid white list entries have been
5508 * removed, walk through the list of pending connections
5509 * and ensure that any new device gets programmed into
5512 * If the list of the devices is larger than the list of
5513 * available white list entries in the controller, then
5514 * just abort and return filer policy value to not use the
5517 list_for_each_entry(params, &hdev->pend_le_conns, action) {
5518 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
5519 ¶ms->addr, params->addr_type))
5522 if (white_list_entries >= hdev->le_white_list_size) {
5523 /* Select filter policy to accept all advertising */
5527 if (hci_find_irk_by_addr(hdev, ¶ms->addr,
5528 params->addr_type)) {
5529 /* White list can not be used with RPAs */
5533 white_list_entries++;
5534 add_to_white_list(req, params);
5537 /* After adding all new pending connections, walk through
5538 * the list of pending reports and also add these to the
5539 * white list if there is still space.
5541 list_for_each_entry(params, &hdev->pend_le_reports, action) {
5542 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
5543 ¶ms->addr, params->addr_type))
5546 if (white_list_entries >= hdev->le_white_list_size) {
5547 /* Select filter policy to accept all advertising */
5551 if (hci_find_irk_by_addr(hdev, ¶ms->addr,
5552 params->addr_type)) {
5553 /* White list can not be used with RPAs */
5557 white_list_entries++;
5558 add_to_white_list(req, params);
5561 /* Select filter policy to use white list */
5565 void hci_req_add_le_passive_scan(struct hci_request *req)
5567 struct hci_cp_le_set_scan_param param_cp;
5568 struct hci_cp_le_set_scan_enable enable_cp;
5569 struct hci_dev *hdev = req->hdev;
5573 /* Set require_privacy to false since no SCAN_REQ are send
5574 * during passive scanning. Not using an unresolvable address
5575 * here is important so that peer devices using direct
5576 * advertising with our address will be correctly reported
5577 * by the controller.
5579 if (hci_update_random_address(req, false, &own_addr_type))
5582 /* Adding or removing entries from the white list must
5583 * happen before enabling scanning. The controller does
5584 * not allow white list modification while scanning.
5586 filter_policy = update_white_list(req);
5588 memset(¶m_cp, 0, sizeof(param_cp));
5589 param_cp.type = LE_SCAN_PASSIVE;
5590 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
5591 param_cp.window = cpu_to_le16(hdev->le_scan_window);
5592 param_cp.own_address_type = own_addr_type;
5593 param_cp.filter_policy = filter_policy;
5594 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
5597 memset(&enable_cp, 0, sizeof(enable_cp));
5598 enable_cp.enable = LE_SCAN_ENABLE;
5599 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
5600 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
5604 static void update_background_scan_complete(struct hci_dev *hdev, u8 status)
5607 BT_DBG("HCI request failed to update background scanning: "
5608 "status 0x%2.2x", status);
5611 /* This function controls the background scanning based on hdev->pend_le_conns
5612 * list. If there are pending LE connection we start the background scanning,
5613 * otherwise we stop it.
5615 * This function requires the caller holds hdev->lock.
5617 void hci_update_background_scan(struct hci_dev *hdev)
5619 struct hci_request req;
5620 struct hci_conn *conn;
5623 if (!test_bit(HCI_UP, &hdev->flags) ||
5624 test_bit(HCI_INIT, &hdev->flags) ||
5625 test_bit(HCI_SETUP, &hdev->dev_flags) ||
5626 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
5627 test_bit(HCI_AUTO_OFF, &hdev->dev_flags) ||
5628 test_bit(HCI_UNREGISTER, &hdev->dev_flags))
5631 /* No point in doing scanning if LE support hasn't been enabled */
5632 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
5635 /* If discovery is active don't interfere with it */
5636 if (hdev->discovery.state != DISCOVERY_STOPPED)
5639 hci_req_init(&req, hdev);
5641 if (list_empty(&hdev->pend_le_conns) &&
5642 list_empty(&hdev->pend_le_reports)) {
5643 /* If there is no pending LE connections or devices
5644 * to be scanned for, we should stop the background
5648 /* If controller is not scanning we are done. */
5649 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
5652 hci_req_add_le_scan_disable(&req);
5654 BT_DBG("%s stopping background scanning", hdev->name);
5656 /* If there is at least one pending LE connection, we should
5657 * keep the background scan running.
5660 /* If controller is connecting, we should not start scanning
5661 * since some controllers are not able to scan and connect at
5664 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
5668 /* If controller is currently scanning, we stop it to ensure we
5669 * don't miss any advertising (due to duplicates filter).
5671 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
5672 hci_req_add_le_scan_disable(&req);
5674 hci_req_add_le_passive_scan(&req);
5676 BT_DBG("%s starting background scanning", hdev->name);
5679 err = hci_req_run(&req, update_background_scan_complete);
5681 BT_ERR("Failed to run HCI request: err %d", err);
5684 static bool disconnected_whitelist_entries(struct hci_dev *hdev)
5686 struct bdaddr_list *b;
5688 list_for_each_entry(b, &hdev->whitelist, list) {
5689 struct hci_conn *conn;
5691 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr);
5695 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
5702 void hci_update_page_scan(struct hci_dev *hdev, struct hci_request *req)
5706 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5709 if (!hdev_is_powered(hdev))
5712 if (mgmt_powering_down(hdev))
5715 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags) ||
5716 disconnected_whitelist_entries(hdev))
5719 scan = SCAN_DISABLED;
5721 if (test_bit(HCI_PSCAN, &hdev->flags) == !!(scan & SCAN_PAGE))
5724 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
5725 scan |= SCAN_INQUIRY;
5728 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
5730 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
projects / karo-tx-linux.git / blob