2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/export.h>
29 #include <linux/rfkill.h>
30 #include <linux/debugfs.h>
31 #include <linux/crypto.h>
32 #include <linux/property.h>
33 #include <linux/suspend.h>
34 #include <linux/wait.h>
35 #include <asm/unaligned.h>
37 #include <net/bluetooth/bluetooth.h>
38 #include <net/bluetooth/hci_core.h>
39 #include <net/bluetooth/l2cap.h>
40 #include <net/bluetooth/mgmt.h>
42 #include "hci_request.h"
43 #include "hci_debugfs.h"
48 static void hci_rx_work(struct work_struct *work);
49 static void hci_cmd_work(struct work_struct *work);
50 static void hci_tx_work(struct work_struct *work);
53 LIST_HEAD(hci_dev_list);
54 DEFINE_RWLOCK(hci_dev_list_lock);
56 /* HCI callback list */
57 LIST_HEAD(hci_cb_list);
58 DEFINE_MUTEX(hci_cb_list_lock);
60 /* HCI ID Numbering */
61 static DEFINE_IDA(hci_index_ida);
63 /* ---- HCI debugfs entries ---- */
65 static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
66 size_t count, loff_t *ppos)
68 struct hci_dev *hdev = file->private_data;
71 buf[0] = hci_dev_test_flag(hdev, HCI_DUT_MODE) ? 'Y' : 'N';
74 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
77 static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
78 size_t count, loff_t *ppos)
80 struct hci_dev *hdev = file->private_data;
85 if (!test_bit(HCI_UP, &hdev->flags))
88 err = kstrtobool_from_user(user_buf, count, &enable);
92 if (enable == hci_dev_test_flag(hdev, HCI_DUT_MODE))
95 hci_req_sync_lock(hdev);
97 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
100 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
102 hci_req_sync_unlock(hdev);
109 hci_dev_change_flag(hdev, HCI_DUT_MODE);
114 static const struct file_operations dut_mode_fops = {
116 .read = dut_mode_read,
117 .write = dut_mode_write,
118 .llseek = default_llseek,
121 static ssize_t vendor_diag_read(struct file *file, char __user *user_buf,
122 size_t count, loff_t *ppos)
124 struct hci_dev *hdev = file->private_data;
127 buf[0] = hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) ? 'Y' : 'N';
130 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
133 static ssize_t vendor_diag_write(struct file *file, const char __user *user_buf,
134 size_t count, loff_t *ppos)
136 struct hci_dev *hdev = file->private_data;
140 err = kstrtobool_from_user(user_buf, count, &enable);
144 /* When the diagnostic flags are not persistent and the transport
145 * is not active or in user channel operation, then there is no need
146 * for the vendor callback. Instead just store the desired value and
147 * the setting will be programmed when the controller gets powered on.
149 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
150 (!test_bit(HCI_RUNNING, &hdev->flags) ||
151 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)))
154 hci_req_sync_lock(hdev);
155 err = hdev->set_diag(hdev, enable);
156 hci_req_sync_unlock(hdev);
163 hci_dev_set_flag(hdev, HCI_VENDOR_DIAG);
165 hci_dev_clear_flag(hdev, HCI_VENDOR_DIAG);
170 static const struct file_operations vendor_diag_fops = {
172 .read = vendor_diag_read,
173 .write = vendor_diag_write,
174 .llseek = default_llseek,
177 static void hci_debugfs_create_basic(struct hci_dev *hdev)
179 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
183 debugfs_create_file("vendor_diag", 0644, hdev->debugfs, hdev,
187 static int hci_reset_req(struct hci_request *req, unsigned long opt)
189 BT_DBG("%s %ld", req->hdev->name, opt);
192 set_bit(HCI_RESET, &req->hdev->flags);
193 hci_req_add(req, HCI_OP_RESET, 0, NULL);
197 static void bredr_init(struct hci_request *req)
199 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
201 /* Read Local Supported Features */
202 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
204 /* Read Local Version */
205 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
207 /* Read BD Address */
208 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
211 static void amp_init1(struct hci_request *req)
213 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
215 /* Read Local Version */
216 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
218 /* Read Local Supported Commands */
219 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
221 /* Read Local AMP Info */
222 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
224 /* Read Data Blk size */
225 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
227 /* Read Flow Control Mode */
228 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
230 /* Read Location Data */
231 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
234 static int amp_init2(struct hci_request *req)
236 /* Read Local Supported Features. Not all AMP controllers
237 * support this so it's placed conditionally in the second
240 if (req->hdev->commands[14] & 0x20)
241 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
246 static int hci_init1_req(struct hci_request *req, unsigned long opt)
248 struct hci_dev *hdev = req->hdev;
250 BT_DBG("%s %ld", hdev->name, opt);
253 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
254 hci_reset_req(req, 0);
256 switch (hdev->dev_type) {
264 bt_dev_err(hdev, "Unknown device type %d", hdev->dev_type);
271 static void bredr_setup(struct hci_request *req)
276 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
277 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
279 /* Read Class of Device */
280 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
282 /* Read Local Name */
283 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
285 /* Read Voice Setting */
286 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
288 /* Read Number of Supported IAC */
289 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
291 /* Read Current IAC LAP */
292 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
294 /* Clear Event Filters */
295 flt_type = HCI_FLT_CLEAR_ALL;
296 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
298 /* Connection accept timeout ~20 secs */
299 param = cpu_to_le16(0x7d00);
300 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
303 static void le_setup(struct hci_request *req)
305 struct hci_dev *hdev = req->hdev;
307 /* Read LE Buffer Size */
308 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
310 /* Read LE Local Supported Features */
311 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
313 /* Read LE Supported States */
314 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
316 /* LE-only controllers have LE implicitly enabled */
317 if (!lmp_bredr_capable(hdev))
318 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
321 static void hci_setup_event_mask(struct hci_request *req)
323 struct hci_dev *hdev = req->hdev;
325 /* The second byte is 0xff instead of 0x9f (two reserved bits
326 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
329 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
331 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
332 * any event mask for pre 1.2 devices.
334 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
337 if (lmp_bredr_capable(hdev)) {
338 events[4] |= 0x01; /* Flow Specification Complete */
340 /* Use a different default for LE-only devices */
341 memset(events, 0, sizeof(events));
342 events[1] |= 0x20; /* Command Complete */
343 events[1] |= 0x40; /* Command Status */
344 events[1] |= 0x80; /* Hardware Error */
346 /* If the controller supports the Disconnect command, enable
347 * the corresponding event. In addition enable packet flow
348 * control related events.
350 if (hdev->commands[0] & 0x20) {
351 events[0] |= 0x10; /* Disconnection Complete */
352 events[2] |= 0x04; /* Number of Completed Packets */
353 events[3] |= 0x02; /* Data Buffer Overflow */
356 /* If the controller supports the Read Remote Version
357 * Information command, enable the corresponding event.
359 if (hdev->commands[2] & 0x80)
360 events[1] |= 0x08; /* Read Remote Version Information
364 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
365 events[0] |= 0x80; /* Encryption Change */
366 events[5] |= 0x80; /* Encryption Key Refresh Complete */
370 if (lmp_inq_rssi_capable(hdev) ||
371 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks))
372 events[4] |= 0x02; /* Inquiry Result with RSSI */
374 if (lmp_ext_feat_capable(hdev))
375 events[4] |= 0x04; /* Read Remote Extended Features Complete */
377 if (lmp_esco_capable(hdev)) {
378 events[5] |= 0x08; /* Synchronous Connection Complete */
379 events[5] |= 0x10; /* Synchronous Connection Changed */
382 if (lmp_sniffsubr_capable(hdev))
383 events[5] |= 0x20; /* Sniff Subrating */
385 if (lmp_pause_enc_capable(hdev))
386 events[5] |= 0x80; /* Encryption Key Refresh Complete */
388 if (lmp_ext_inq_capable(hdev))
389 events[5] |= 0x40; /* Extended Inquiry Result */
391 if (lmp_no_flush_capable(hdev))
392 events[7] |= 0x01; /* Enhanced Flush Complete */
394 if (lmp_lsto_capable(hdev))
395 events[6] |= 0x80; /* Link Supervision Timeout Changed */
397 if (lmp_ssp_capable(hdev)) {
398 events[6] |= 0x01; /* IO Capability Request */
399 events[6] |= 0x02; /* IO Capability Response */
400 events[6] |= 0x04; /* User Confirmation Request */
401 events[6] |= 0x08; /* User Passkey Request */
402 events[6] |= 0x10; /* Remote OOB Data Request */
403 events[6] |= 0x20; /* Simple Pairing Complete */
404 events[7] |= 0x04; /* User Passkey Notification */
405 events[7] |= 0x08; /* Keypress Notification */
406 events[7] |= 0x10; /* Remote Host Supported
407 * Features Notification
411 if (lmp_le_capable(hdev))
412 events[7] |= 0x20; /* LE Meta-Event */
414 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
417 static int hci_init2_req(struct hci_request *req, unsigned long opt)
419 struct hci_dev *hdev = req->hdev;
421 if (hdev->dev_type == HCI_AMP)
422 return amp_init2(req);
424 if (lmp_bredr_capable(hdev))
427 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
429 if (lmp_le_capable(hdev))
432 /* All Bluetooth 1.2 and later controllers should support the
433 * HCI command for reading the local supported commands.
435 * Unfortunately some controllers indicate Bluetooth 1.2 support,
436 * but do not have support for this command. If that is the case,
437 * the driver can quirk the behavior and skip reading the local
438 * supported commands.
440 if (hdev->hci_ver > BLUETOOTH_VER_1_1 &&
441 !test_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks))
442 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
444 if (lmp_ssp_capable(hdev)) {
445 /* When SSP is available, then the host features page
446 * should also be available as well. However some
447 * controllers list the max_page as 0 as long as SSP
448 * has not been enabled. To achieve proper debugging
449 * output, force the minimum max_page to 1 at least.
451 hdev->max_page = 0x01;
453 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
456 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
457 sizeof(mode), &mode);
459 struct hci_cp_write_eir cp;
461 memset(hdev->eir, 0, sizeof(hdev->eir));
462 memset(&cp, 0, sizeof(cp));
464 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
468 if (lmp_inq_rssi_capable(hdev) ||
469 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks)) {
472 /* If Extended Inquiry Result events are supported, then
473 * they are clearly preferred over Inquiry Result with RSSI
476 mode = lmp_ext_inq_capable(hdev) ? 0x02 : 0x01;
478 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
481 if (lmp_inq_tx_pwr_capable(hdev))
482 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
484 if (lmp_ext_feat_capable(hdev)) {
485 struct hci_cp_read_local_ext_features cp;
488 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
492 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
494 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
501 static void hci_setup_link_policy(struct hci_request *req)
503 struct hci_dev *hdev = req->hdev;
504 struct hci_cp_write_def_link_policy cp;
507 if (lmp_rswitch_capable(hdev))
508 link_policy |= HCI_LP_RSWITCH;
509 if (lmp_hold_capable(hdev))
510 link_policy |= HCI_LP_HOLD;
511 if (lmp_sniff_capable(hdev))
512 link_policy |= HCI_LP_SNIFF;
513 if (lmp_park_capable(hdev))
514 link_policy |= HCI_LP_PARK;
516 cp.policy = cpu_to_le16(link_policy);
517 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
520 static void hci_set_le_support(struct hci_request *req)
522 struct hci_dev *hdev = req->hdev;
523 struct hci_cp_write_le_host_supported cp;
525 /* LE-only devices do not support explicit enablement */
526 if (!lmp_bredr_capable(hdev))
529 memset(&cp, 0, sizeof(cp));
531 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
536 if (cp.le != lmp_host_le_capable(hdev))
537 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
541 static void hci_set_event_mask_page_2(struct hci_request *req)
543 struct hci_dev *hdev = req->hdev;
544 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
545 bool changed = false;
547 /* If Connectionless Slave Broadcast master role is supported
548 * enable all necessary events for it.
550 if (lmp_csb_master_capable(hdev)) {
551 events[1] |= 0x40; /* Triggered Clock Capture */
552 events[1] |= 0x80; /* Synchronization Train Complete */
553 events[2] |= 0x10; /* Slave Page Response Timeout */
554 events[2] |= 0x20; /* CSB Channel Map Change */
558 /* If Connectionless Slave Broadcast slave role is supported
559 * enable all necessary events for it.
561 if (lmp_csb_slave_capable(hdev)) {
562 events[2] |= 0x01; /* Synchronization Train Received */
563 events[2] |= 0x02; /* CSB Receive */
564 events[2] |= 0x04; /* CSB Timeout */
565 events[2] |= 0x08; /* Truncated Page Complete */
569 /* Enable Authenticated Payload Timeout Expired event if supported */
570 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING) {
575 /* Some Broadcom based controllers indicate support for Set Event
576 * Mask Page 2 command, but then actually do not support it. Since
577 * the default value is all bits set to zero, the command is only
578 * required if the event mask has to be changed. In case no change
579 * to the event mask is needed, skip this command.
582 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2,
583 sizeof(events), events);
586 static int hci_init3_req(struct hci_request *req, unsigned long opt)
588 struct hci_dev *hdev = req->hdev;
591 hci_setup_event_mask(req);
593 if (hdev->commands[6] & 0x20 &&
594 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
595 struct hci_cp_read_stored_link_key cp;
597 bacpy(&cp.bdaddr, BDADDR_ANY);
599 hci_req_add(req, HCI_OP_READ_STORED_LINK_KEY, sizeof(cp), &cp);
602 if (hdev->commands[5] & 0x10)
603 hci_setup_link_policy(req);
605 if (hdev->commands[8] & 0x01)
606 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
608 if (hdev->commands[18] & 0x04 &&
609 !test_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks))
610 hci_req_add(req, HCI_OP_READ_DEF_ERR_DATA_REPORTING, 0, NULL);
612 /* Some older Broadcom based Bluetooth 1.2 controllers do not
613 * support the Read Page Scan Type command. Check support for
614 * this command in the bit mask of supported commands.
616 if (hdev->commands[13] & 0x01)
617 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
619 if (lmp_le_capable(hdev)) {
622 memset(events, 0, sizeof(events));
624 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
625 events[0] |= 0x10; /* LE Long Term Key Request */
627 /* If controller supports the Connection Parameters Request
628 * Link Layer Procedure, enable the corresponding event.
630 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
631 events[0] |= 0x20; /* LE Remote Connection
635 /* If the controller supports the Data Length Extension
636 * feature, enable the corresponding event.
638 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT)
639 events[0] |= 0x40; /* LE Data Length Change */
641 /* If the controller supports LL Privacy feature, enable
642 * the corresponding event.
644 if (hdev->le_features[0] & HCI_LE_LL_PRIVACY)
645 events[1] |= 0x02; /* LE Enhanced Connection
649 /* If the controller supports Extended Scanner Filter
650 * Policies, enable the correspondig event.
652 if (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)
653 events[1] |= 0x04; /* LE Direct Advertising
657 /* If the controller supports Channel Selection Algorithm #2
658 * feature, enable the corresponding event.
660 if (hdev->le_features[1] & HCI_LE_CHAN_SEL_ALG2)
661 events[2] |= 0x08; /* LE Channel Selection
665 /* If the controller supports the LE Set Scan Enable command,
666 * enable the corresponding advertising report event.
668 if (hdev->commands[26] & 0x08)
669 events[0] |= 0x02; /* LE Advertising Report */
671 /* If the controller supports the LE Create Connection
672 * command, enable the corresponding event.
674 if (hdev->commands[26] & 0x10)
675 events[0] |= 0x01; /* LE Connection Complete */
677 /* If the controller supports the LE Connection Update
678 * command, enable the corresponding event.
680 if (hdev->commands[27] & 0x04)
681 events[0] |= 0x04; /* LE Connection Update
685 /* If the controller supports the LE Read Remote Used Features
686 * command, enable the corresponding event.
688 if (hdev->commands[27] & 0x20)
689 events[0] |= 0x08; /* LE Read Remote Used
693 /* If the controller supports the LE Read Local P-256
694 * Public Key command, enable the corresponding event.
696 if (hdev->commands[34] & 0x02)
697 events[0] |= 0x80; /* LE Read Local P-256
698 * Public Key Complete
701 /* If the controller supports the LE Generate DHKey
702 * command, enable the corresponding event.
704 if (hdev->commands[34] & 0x04)
705 events[1] |= 0x01; /* LE Generate DHKey Complete */
707 /* If the controller supports the LE Set Default PHY or
708 * LE Set PHY commands, enable the corresponding event.
710 if (hdev->commands[35] & (0x20 | 0x40))
711 events[1] |= 0x08; /* LE PHY Update Complete */
713 /* If the controller supports LE Set Extended Scan Parameters
714 * and LE Set Extended Scan Enable commands, enable the
715 * corresponding event.
717 if (use_ext_scan(hdev))
718 events[1] |= 0x10; /* LE Extended Advertising
722 /* If the controller supports the LE Extended Advertising
723 * command, enable the corresponding event.
725 if (ext_adv_capable(hdev))
726 events[2] |= 0x02; /* LE Advertising Set
730 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
733 /* Read LE Advertising Channel TX Power */
734 if ((hdev->commands[25] & 0x40) && !ext_adv_capable(hdev)) {
735 /* HCI TS spec forbids mixing of legacy and extended
736 * advertising commands wherein READ_ADV_TX_POWER is
737 * also included. So do not call it if extended adv
738 * is supported otherwise controller will return
739 * COMMAND_DISALLOWED for extended commands.
741 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
744 if (hdev->commands[26] & 0x40) {
745 /* Read LE White List Size */
746 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE,
750 if (hdev->commands[26] & 0x80) {
751 /* Clear LE White List */
752 hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
755 if (hdev->commands[34] & 0x40) {
756 /* Read LE Resolving List Size */
757 hci_req_add(req, HCI_OP_LE_READ_RESOLV_LIST_SIZE,
761 if (hdev->commands[34] & 0x20) {
762 /* Clear LE Resolving List */
763 hci_req_add(req, HCI_OP_LE_CLEAR_RESOLV_LIST, 0, NULL);
766 if (hdev->commands[35] & 0x40) {
767 __le16 rpa_timeout = cpu_to_le16(hdev->rpa_timeout);
769 /* Set RPA timeout */
770 hci_req_add(req, HCI_OP_LE_SET_RPA_TIMEOUT, 2,
774 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
775 /* Read LE Maximum Data Length */
776 hci_req_add(req, HCI_OP_LE_READ_MAX_DATA_LEN, 0, NULL);
778 /* Read LE Suggested Default Data Length */
779 hci_req_add(req, HCI_OP_LE_READ_DEF_DATA_LEN, 0, NULL);
782 if (ext_adv_capable(hdev)) {
783 /* Read LE Number of Supported Advertising Sets */
784 hci_req_add(req, HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS,
788 hci_set_le_support(req);
791 /* Read features beyond page 1 if available */
792 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
793 struct hci_cp_read_local_ext_features cp;
796 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
803 static int hci_init4_req(struct hci_request *req, unsigned long opt)
805 struct hci_dev *hdev = req->hdev;
807 /* Some Broadcom based Bluetooth controllers do not support the
808 * Delete Stored Link Key command. They are clearly indicating its
809 * absence in the bit mask of supported commands.
811 * Check the supported commands and only if the command is marked
812 * as supported send it. If not supported assume that the controller
813 * does not have actual support for stored link keys which makes this
814 * command redundant anyway.
816 * Some controllers indicate that they support handling deleting
817 * stored link keys, but they don't. The quirk lets a driver
818 * just disable this command.
820 if (hdev->commands[6] & 0x80 &&
821 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
822 struct hci_cp_delete_stored_link_key cp;
824 bacpy(&cp.bdaddr, BDADDR_ANY);
825 cp.delete_all = 0x01;
826 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
830 /* Set event mask page 2 if the HCI command for it is supported */
831 if (hdev->commands[22] & 0x04)
832 hci_set_event_mask_page_2(req);
834 /* Read local codec list if the HCI command is supported */
835 if (hdev->commands[29] & 0x20)
836 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
838 /* Read local pairing options if the HCI command is supported */
839 if (hdev->commands[41] & 0x08)
840 hci_req_add(req, HCI_OP_READ_LOCAL_PAIRING_OPTS, 0, NULL);
842 /* Get MWS transport configuration if the HCI command is supported */
843 if (hdev->commands[30] & 0x08)
844 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
846 /* Check for Synchronization Train support */
847 if (lmp_sync_train_capable(hdev))
848 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
850 /* Enable Secure Connections if supported and configured */
851 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
852 bredr_sc_enabled(hdev)) {
855 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
856 sizeof(support), &support);
859 /* Set erroneous data reporting if supported to the wideband speech
862 if (hdev->commands[18] & 0x08 &&
863 !test_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks)) {
864 bool enabled = hci_dev_test_flag(hdev,
865 HCI_WIDEBAND_SPEECH_ENABLED);
868 (hdev->err_data_reporting == ERR_DATA_REPORTING_ENABLED)) {
869 struct hci_cp_write_def_err_data_reporting cp;
871 cp.err_data_reporting = enabled ?
872 ERR_DATA_REPORTING_ENABLED :
873 ERR_DATA_REPORTING_DISABLED;
875 hci_req_add(req, HCI_OP_WRITE_DEF_ERR_DATA_REPORTING,
880 /* Set Suggested Default Data Length to maximum if supported */
881 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
882 struct hci_cp_le_write_def_data_len cp;
884 cp.tx_len = cpu_to_le16(hdev->le_max_tx_len);
885 cp.tx_time = cpu_to_le16(hdev->le_max_tx_time);
886 hci_req_add(req, HCI_OP_LE_WRITE_DEF_DATA_LEN, sizeof(cp), &cp);
889 /* Set Default PHY parameters if command is supported */
890 if (hdev->commands[35] & 0x20) {
891 struct hci_cp_le_set_default_phy cp;
894 cp.tx_phys = hdev->le_tx_def_phys;
895 cp.rx_phys = hdev->le_rx_def_phys;
897 hci_req_add(req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp), &cp);
903 static int __hci_init(struct hci_dev *hdev)
907 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT, NULL);
911 if (hci_dev_test_flag(hdev, HCI_SETUP))
912 hci_debugfs_create_basic(hdev);
914 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT, NULL);
918 /* HCI_PRIMARY covers both single-mode LE, BR/EDR and dual-mode
919 * BR/EDR/LE type controllers. AMP controllers only need the
920 * first two stages of init.
922 if (hdev->dev_type != HCI_PRIMARY)
925 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT, NULL);
929 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT, NULL);
933 /* This function is only called when the controller is actually in
934 * configured state. When the controller is marked as unconfigured,
935 * this initialization procedure is not run.
937 * It means that it is possible that a controller runs through its
938 * setup phase and then discovers missing settings. If that is the
939 * case, then this function will not be called. It then will only
940 * be called during the config phase.
942 * So only when in setup phase or config phase, create the debugfs
943 * entries and register the SMP channels.
945 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
946 !hci_dev_test_flag(hdev, HCI_CONFIG))
949 hci_debugfs_create_common(hdev);
951 if (lmp_bredr_capable(hdev))
952 hci_debugfs_create_bredr(hdev);
954 if (lmp_le_capable(hdev))
955 hci_debugfs_create_le(hdev);
960 static int hci_init0_req(struct hci_request *req, unsigned long opt)
962 struct hci_dev *hdev = req->hdev;
964 BT_DBG("%s %ld", hdev->name, opt);
967 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
968 hci_reset_req(req, 0);
970 /* Read Local Version */
971 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
973 /* Read BD Address */
974 if (hdev->set_bdaddr)
975 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
980 static int __hci_unconf_init(struct hci_dev *hdev)
984 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
987 err = __hci_req_sync(hdev, hci_init0_req, 0, HCI_INIT_TIMEOUT, NULL);
991 if (hci_dev_test_flag(hdev, HCI_SETUP))
992 hci_debugfs_create_basic(hdev);
997 static int hci_scan_req(struct hci_request *req, unsigned long opt)
1001 BT_DBG("%s %x", req->hdev->name, scan);
1003 /* Inquiry and Page scans */
1004 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1008 static int hci_auth_req(struct hci_request *req, unsigned long opt)
1012 BT_DBG("%s %x", req->hdev->name, auth);
1014 /* Authentication */
1015 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
1019 static int hci_encrypt_req(struct hci_request *req, unsigned long opt)
1023 BT_DBG("%s %x", req->hdev->name, encrypt);
1026 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
1030 static int hci_linkpol_req(struct hci_request *req, unsigned long opt)
1032 __le16 policy = cpu_to_le16(opt);
1034 BT_DBG("%s %x", req->hdev->name, policy);
1036 /* Default link policy */
1037 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
1041 /* Get HCI device by index.
1042 * Device is held on return. */
1043 struct hci_dev *hci_dev_get(int index)
1045 struct hci_dev *hdev = NULL, *d;
1047 BT_DBG("%d", index);
1052 read_lock(&hci_dev_list_lock);
1053 list_for_each_entry(d, &hci_dev_list, list) {
1054 if (d->id == index) {
1055 hdev = hci_dev_hold(d);
1059 read_unlock(&hci_dev_list_lock);
1063 /* ---- Inquiry support ---- */
1065 bool hci_discovery_active(struct hci_dev *hdev)
1067 struct discovery_state *discov = &hdev->discovery;
1069 switch (discov->state) {
1070 case DISCOVERY_FINDING:
1071 case DISCOVERY_RESOLVING:
1079 void hci_discovery_set_state(struct hci_dev *hdev, int state)
1081 int old_state = hdev->discovery.state;
1083 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
1085 if (old_state == state)
1088 hdev->discovery.state = state;
1091 case DISCOVERY_STOPPED:
1092 hci_update_background_scan(hdev);
1094 if (old_state != DISCOVERY_STARTING)
1095 mgmt_discovering(hdev, 0);
1097 case DISCOVERY_STARTING:
1099 case DISCOVERY_FINDING:
1100 mgmt_discovering(hdev, 1);
1102 case DISCOVERY_RESOLVING:
1104 case DISCOVERY_STOPPING:
1109 void hci_inquiry_cache_flush(struct hci_dev *hdev)
1111 struct discovery_state *cache = &hdev->discovery;
1112 struct inquiry_entry *p, *n;
1114 list_for_each_entry_safe(p, n, &cache->all, all) {
1119 INIT_LIST_HEAD(&cache->unknown);
1120 INIT_LIST_HEAD(&cache->resolve);
1123 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
1126 struct discovery_state *cache = &hdev->discovery;
1127 struct inquiry_entry *e;
1129 BT_DBG("cache %p, %pMR", cache, bdaddr);
1131 list_for_each_entry(e, &cache->all, all) {
1132 if (!bacmp(&e->data.bdaddr, bdaddr))
1139 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
1142 struct discovery_state *cache = &hdev->discovery;
1143 struct inquiry_entry *e;
1145 BT_DBG("cache %p, %pMR", cache, bdaddr);
1147 list_for_each_entry(e, &cache->unknown, list) {
1148 if (!bacmp(&e->data.bdaddr, bdaddr))
1155 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
1159 struct discovery_state *cache = &hdev->discovery;
1160 struct inquiry_entry *e;
1162 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
1164 list_for_each_entry(e, &cache->resolve, list) {
1165 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
1167 if (!bacmp(&e->data.bdaddr, bdaddr))
1174 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
1175 struct inquiry_entry *ie)
1177 struct discovery_state *cache = &hdev->discovery;
1178 struct list_head *pos = &cache->resolve;
1179 struct inquiry_entry *p;
1181 list_del(&ie->list);
1183 list_for_each_entry(p, &cache->resolve, list) {
1184 if (p->name_state != NAME_PENDING &&
1185 abs(p->data.rssi) >= abs(ie->data.rssi))
1190 list_add(&ie->list, pos);
1193 u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
1196 struct discovery_state *cache = &hdev->discovery;
1197 struct inquiry_entry *ie;
1200 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
1202 hci_remove_remote_oob_data(hdev, &data->bdaddr, BDADDR_BREDR);
1204 if (!data->ssp_mode)
1205 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1207 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
1209 if (!ie->data.ssp_mode)
1210 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1212 if (ie->name_state == NAME_NEEDED &&
1213 data->rssi != ie->data.rssi) {
1214 ie->data.rssi = data->rssi;
1215 hci_inquiry_cache_update_resolve(hdev, ie);
1221 /* Entry not in the cache. Add new one. */
1222 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
1224 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1228 list_add(&ie->all, &cache->all);
1231 ie->name_state = NAME_KNOWN;
1233 ie->name_state = NAME_NOT_KNOWN;
1234 list_add(&ie->list, &cache->unknown);
1238 if (name_known && ie->name_state != NAME_KNOWN &&
1239 ie->name_state != NAME_PENDING) {
1240 ie->name_state = NAME_KNOWN;
1241 list_del(&ie->list);
1244 memcpy(&ie->data, data, sizeof(*data));
1245 ie->timestamp = jiffies;
1246 cache->timestamp = jiffies;
1248 if (ie->name_state == NAME_NOT_KNOWN)
1249 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1255 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
1257 struct discovery_state *cache = &hdev->discovery;
1258 struct inquiry_info *info = (struct inquiry_info *) buf;
1259 struct inquiry_entry *e;
1262 list_for_each_entry(e, &cache->all, all) {
1263 struct inquiry_data *data = &e->data;
1268 bacpy(&info->bdaddr, &data->bdaddr);
1269 info->pscan_rep_mode = data->pscan_rep_mode;
1270 info->pscan_period_mode = data->pscan_period_mode;
1271 info->pscan_mode = data->pscan_mode;
1272 memcpy(info->dev_class, data->dev_class, 3);
1273 info->clock_offset = data->clock_offset;
1279 BT_DBG("cache %p, copied %d", cache, copied);
1283 static int hci_inq_req(struct hci_request *req, unsigned long opt)
1285 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
1286 struct hci_dev *hdev = req->hdev;
1287 struct hci_cp_inquiry cp;
1289 BT_DBG("%s", hdev->name);
1291 if (test_bit(HCI_INQUIRY, &hdev->flags))
1295 memcpy(&cp.lap, &ir->lap, 3);
1296 cp.length = ir->length;
1297 cp.num_rsp = ir->num_rsp;
1298 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
1303 int hci_inquiry(void __user *arg)
1305 __u8 __user *ptr = arg;
1306 struct hci_inquiry_req ir;
1307 struct hci_dev *hdev;
1308 int err = 0, do_inquiry = 0, max_rsp;
1312 if (copy_from_user(&ir, ptr, sizeof(ir)))
1315 hdev = hci_dev_get(ir.dev_id);
1319 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1324 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1329 if (hdev->dev_type != HCI_PRIMARY) {
1334 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1340 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
1341 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
1342 hci_inquiry_cache_flush(hdev);
1345 hci_dev_unlock(hdev);
1347 timeo = ir.length * msecs_to_jiffies(2000);
1350 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
1355 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
1356 * cleared). If it is interrupted by a signal, return -EINTR.
1358 if (wait_on_bit(&hdev->flags, HCI_INQUIRY,
1359 TASK_INTERRUPTIBLE))
1363 /* for unlimited number of responses we will use buffer with
1366 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
1368 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
1369 * copy it to the user space.
1371 buf = kmalloc_array(max_rsp, sizeof(struct inquiry_info), GFP_KERNEL);
1378 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
1379 hci_dev_unlock(hdev);
1381 BT_DBG("num_rsp %d", ir.num_rsp);
1383 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
1385 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
1399 * hci_dev_get_bd_addr_from_property - Get the Bluetooth Device Address
1400 * (BD_ADDR) for a HCI device from
1401 * a firmware node property.
1402 * @hdev: The HCI device
1404 * Search the firmware node for 'local-bd-address'.
1406 * All-zero BD addresses are rejected, because those could be properties
1407 * that exist in the firmware tables, but were not updated by the firmware. For
1408 * example, the DTS could define 'local-bd-address', with zero BD addresses.
1410 static void hci_dev_get_bd_addr_from_property(struct hci_dev *hdev)
1412 struct fwnode_handle *fwnode = dev_fwnode(hdev->dev.parent);
1416 ret = fwnode_property_read_u8_array(fwnode, "local-bd-address",
1417 (u8 *)&ba, sizeof(ba));
1418 if (ret < 0 || !bacmp(&ba, BDADDR_ANY))
1421 bacpy(&hdev->public_addr, &ba);
1424 static int hci_dev_do_open(struct hci_dev *hdev)
1428 BT_DBG("%s %p", hdev->name, hdev);
1430 hci_req_sync_lock(hdev);
1432 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) {
1437 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1438 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
1439 /* Check for rfkill but allow the HCI setup stage to
1440 * proceed (which in itself doesn't cause any RF activity).
1442 if (hci_dev_test_flag(hdev, HCI_RFKILLED)) {
1447 /* Check for valid public address or a configured static
1448 * random adddress, but let the HCI setup proceed to
1449 * be able to determine if there is a public address
1452 * In case of user channel usage, it is not important
1453 * if a public address or static random address is
1456 * This check is only valid for BR/EDR controllers
1457 * since AMP controllers do not have an address.
1459 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1460 hdev->dev_type == HCI_PRIMARY &&
1461 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
1462 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
1463 ret = -EADDRNOTAVAIL;
1468 if (test_bit(HCI_UP, &hdev->flags)) {
1473 if (hdev->open(hdev)) {
1478 set_bit(HCI_RUNNING, &hdev->flags);
1479 hci_sock_dev_event(hdev, HCI_DEV_OPEN);
1481 atomic_set(&hdev->cmd_cnt, 1);
1482 set_bit(HCI_INIT, &hdev->flags);
1484 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
1485 test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks)) {
1486 bool invalid_bdaddr;
1488 hci_sock_dev_event(hdev, HCI_DEV_SETUP);
1491 ret = hdev->setup(hdev);
1493 /* The transport driver can set the quirk to mark the
1494 * BD_ADDR invalid before creating the HCI device or in
1495 * its setup callback.
1497 invalid_bdaddr = test_bit(HCI_QUIRK_INVALID_BDADDR,
1503 if (test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) {
1504 if (!bacmp(&hdev->public_addr, BDADDR_ANY))
1505 hci_dev_get_bd_addr_from_property(hdev);
1507 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
1509 ret = hdev->set_bdaddr(hdev,
1510 &hdev->public_addr);
1512 /* If setting of the BD_ADDR from the device
1513 * property succeeds, then treat the address
1514 * as valid even if the invalid BD_ADDR
1515 * quirk indicates otherwise.
1518 invalid_bdaddr = false;
1523 /* The transport driver can set these quirks before
1524 * creating the HCI device or in its setup callback.
1526 * For the invalid BD_ADDR quirk it is possible that
1527 * it becomes a valid address if the bootloader does
1528 * provide it (see above).
1530 * In case any of them is set, the controller has to
1531 * start up as unconfigured.
1533 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
1535 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
1537 /* For an unconfigured controller it is required to
1538 * read at least the version information provided by
1539 * the Read Local Version Information command.
1541 * If the set_bdaddr driver callback is provided, then
1542 * also the original Bluetooth public device address
1543 * will be read using the Read BD Address command.
1545 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
1546 ret = __hci_unconf_init(hdev);
1549 if (hci_dev_test_flag(hdev, HCI_CONFIG)) {
1550 /* If public address change is configured, ensure that
1551 * the address gets programmed. If the driver does not
1552 * support changing the public address, fail the power
1555 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
1557 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
1559 ret = -EADDRNOTAVAIL;
1563 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1564 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1565 ret = __hci_init(hdev);
1566 if (!ret && hdev->post_init)
1567 ret = hdev->post_init(hdev);
1571 /* If the HCI Reset command is clearing all diagnostic settings,
1572 * then they need to be reprogrammed after the init procedure
1575 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
1576 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1577 hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) && hdev->set_diag)
1578 ret = hdev->set_diag(hdev, true);
1582 clear_bit(HCI_INIT, &hdev->flags);
1586 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1587 hci_adv_instances_set_rpa_expired(hdev, true);
1588 set_bit(HCI_UP, &hdev->flags);
1589 hci_sock_dev_event(hdev, HCI_DEV_UP);
1590 hci_leds_update_powered(hdev, true);
1591 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1592 !hci_dev_test_flag(hdev, HCI_CONFIG) &&
1593 !hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1594 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1595 hci_dev_test_flag(hdev, HCI_MGMT) &&
1596 hdev->dev_type == HCI_PRIMARY) {
1597 ret = __hci_req_hci_power_on(hdev);
1598 mgmt_power_on(hdev, ret);
1601 /* Init failed, cleanup */
1602 flush_work(&hdev->tx_work);
1603 flush_work(&hdev->cmd_work);
1604 flush_work(&hdev->rx_work);
1606 skb_queue_purge(&hdev->cmd_q);
1607 skb_queue_purge(&hdev->rx_q);
1612 if (hdev->sent_cmd) {
1613 kfree_skb(hdev->sent_cmd);
1614 hdev->sent_cmd = NULL;
1617 clear_bit(HCI_RUNNING, &hdev->flags);
1618 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
1621 hdev->flags &= BIT(HCI_RAW);
1625 hci_req_sync_unlock(hdev);
1629 /* ---- HCI ioctl helpers ---- */
1631 int hci_dev_open(__u16 dev)
1633 struct hci_dev *hdev;
1636 hdev = hci_dev_get(dev);
1640 /* Devices that are marked as unconfigured can only be powered
1641 * up as user channel. Trying to bring them up as normal devices
1642 * will result into a failure. Only user channel operation is
1645 * When this function is called for a user channel, the flag
1646 * HCI_USER_CHANNEL will be set first before attempting to
1649 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1650 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1655 /* We need to ensure that no other power on/off work is pending
1656 * before proceeding to call hci_dev_do_open. This is
1657 * particularly important if the setup procedure has not yet
1660 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1661 cancel_delayed_work(&hdev->power_off);
1663 /* After this call it is guaranteed that the setup procedure
1664 * has finished. This means that error conditions like RFKILL
1665 * or no valid public or static random address apply.
1667 flush_workqueue(hdev->req_workqueue);
1669 /* For controllers not using the management interface and that
1670 * are brought up using legacy ioctl, set the HCI_BONDABLE bit
1671 * so that pairing works for them. Once the management interface
1672 * is in use this bit will be cleared again and userspace has
1673 * to explicitly enable it.
1675 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1676 !hci_dev_test_flag(hdev, HCI_MGMT))
1677 hci_dev_set_flag(hdev, HCI_BONDABLE);
1679 err = hci_dev_do_open(hdev);
1686 /* This function requires the caller holds hdev->lock */
1687 static void hci_pend_le_actions_clear(struct hci_dev *hdev)
1689 struct hci_conn_params *p;
1691 list_for_each_entry(p, &hdev->le_conn_params, list) {
1693 hci_conn_drop(p->conn);
1694 hci_conn_put(p->conn);
1697 list_del_init(&p->action);
1700 BT_DBG("All LE pending actions cleared");
1703 int hci_dev_do_close(struct hci_dev *hdev)
1707 BT_DBG("%s %p", hdev->name, hdev);
1709 if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) &&
1710 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1711 test_bit(HCI_UP, &hdev->flags)) {
1712 /* Execute vendor specific shutdown routine */
1714 hdev->shutdown(hdev);
1717 cancel_delayed_work(&hdev->power_off);
1719 hci_request_cancel_all(hdev);
1720 hci_req_sync_lock(hdev);
1722 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
1723 cancel_delayed_work_sync(&hdev->cmd_timer);
1724 hci_req_sync_unlock(hdev);
1728 hci_leds_update_powered(hdev, false);
1730 /* Flush RX and TX works */
1731 flush_work(&hdev->tx_work);
1732 flush_work(&hdev->rx_work);
1734 if (hdev->discov_timeout > 0) {
1735 hdev->discov_timeout = 0;
1736 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1737 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1740 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1741 cancel_delayed_work(&hdev->service_cache);
1743 if (hci_dev_test_flag(hdev, HCI_MGMT)) {
1744 struct adv_info *adv_instance;
1746 cancel_delayed_work_sync(&hdev->rpa_expired);
1748 list_for_each_entry(adv_instance, &hdev->adv_instances, list)
1749 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
1752 /* Avoid potential lockdep warnings from the *_flush() calls by
1753 * ensuring the workqueue is empty up front.
1755 drain_workqueue(hdev->workqueue);
1759 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1761 auto_off = hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF);
1763 if (!auto_off && hdev->dev_type == HCI_PRIMARY &&
1764 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1765 hci_dev_test_flag(hdev, HCI_MGMT))
1766 __mgmt_power_off(hdev);
1768 hci_inquiry_cache_flush(hdev);
1769 hci_pend_le_actions_clear(hdev);
1770 hci_conn_hash_flush(hdev);
1771 hci_dev_unlock(hdev);
1773 smp_unregister(hdev);
1775 hci_sock_dev_event(hdev, HCI_DEV_DOWN);
1777 msft_do_close(hdev);
1783 skb_queue_purge(&hdev->cmd_q);
1784 atomic_set(&hdev->cmd_cnt, 1);
1785 if (test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks) &&
1786 !auto_off && !hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1787 set_bit(HCI_INIT, &hdev->flags);
1788 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT, NULL);
1789 clear_bit(HCI_INIT, &hdev->flags);
1792 /* flush cmd work */
1793 flush_work(&hdev->cmd_work);
1796 skb_queue_purge(&hdev->rx_q);
1797 skb_queue_purge(&hdev->cmd_q);
1798 skb_queue_purge(&hdev->raw_q);
1800 /* Drop last sent command */
1801 if (hdev->sent_cmd) {
1802 cancel_delayed_work_sync(&hdev->cmd_timer);
1803 kfree_skb(hdev->sent_cmd);
1804 hdev->sent_cmd = NULL;
1807 clear_bit(HCI_RUNNING, &hdev->flags);
1808 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
1810 if (test_and_clear_bit(SUSPEND_POWERING_DOWN, hdev->suspend_tasks))
1811 wake_up(&hdev->suspend_wait_q);
1813 /* After this point our queues are empty
1814 * and no tasks are scheduled. */
1818 hdev->flags &= BIT(HCI_RAW);
1819 hci_dev_clear_volatile_flags(hdev);
1821 /* Controller radio is available but is currently powered down */
1822 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
1824 memset(hdev->eir, 0, sizeof(hdev->eir));
1825 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
1826 bacpy(&hdev->random_addr, BDADDR_ANY);
1828 hci_req_sync_unlock(hdev);
1834 int hci_dev_close(__u16 dev)
1836 struct hci_dev *hdev;
1839 hdev = hci_dev_get(dev);
1843 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1848 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1849 cancel_delayed_work(&hdev->power_off);
1851 err = hci_dev_do_close(hdev);
1858 static int hci_dev_do_reset(struct hci_dev *hdev)
1862 BT_DBG("%s %p", hdev->name, hdev);
1864 hci_req_sync_lock(hdev);
1867 skb_queue_purge(&hdev->rx_q);
1868 skb_queue_purge(&hdev->cmd_q);
1870 /* Avoid potential lockdep warnings from the *_flush() calls by
1871 * ensuring the workqueue is empty up front.
1873 drain_workqueue(hdev->workqueue);
1876 hci_inquiry_cache_flush(hdev);
1877 hci_conn_hash_flush(hdev);
1878 hci_dev_unlock(hdev);
1883 atomic_set(&hdev->cmd_cnt, 1);
1884 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
1886 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT, NULL);
1888 hci_req_sync_unlock(hdev);
1892 int hci_dev_reset(__u16 dev)
1894 struct hci_dev *hdev;
1897 hdev = hci_dev_get(dev);
1901 if (!test_bit(HCI_UP, &hdev->flags)) {
1906 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1911 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1916 err = hci_dev_do_reset(hdev);
1923 int hci_dev_reset_stat(__u16 dev)
1925 struct hci_dev *hdev;
1928 hdev = hci_dev_get(dev);
1932 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1937 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1942 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1949 static void hci_update_scan_state(struct hci_dev *hdev, u8 scan)
1951 bool conn_changed, discov_changed;
1953 BT_DBG("%s scan 0x%02x", hdev->name, scan);
1955 if ((scan & SCAN_PAGE))
1956 conn_changed = !hci_dev_test_and_set_flag(hdev,
1959 conn_changed = hci_dev_test_and_clear_flag(hdev,
1962 if ((scan & SCAN_INQUIRY)) {
1963 discov_changed = !hci_dev_test_and_set_flag(hdev,
1966 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1967 discov_changed = hci_dev_test_and_clear_flag(hdev,
1971 if (!hci_dev_test_flag(hdev, HCI_MGMT))
1974 if (conn_changed || discov_changed) {
1975 /* In case this was disabled through mgmt */
1976 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
1978 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1979 hci_req_update_adv_data(hdev, hdev->cur_adv_instance);
1981 mgmt_new_settings(hdev);
1985 int hci_dev_cmd(unsigned int cmd, void __user *arg)
1987 struct hci_dev *hdev;
1988 struct hci_dev_req dr;
1991 if (copy_from_user(&dr, arg, sizeof(dr)))
1994 hdev = hci_dev_get(dr.dev_id);
1998 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
2003 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
2008 if (hdev->dev_type != HCI_PRIMARY) {
2013 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2020 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2021 HCI_INIT_TIMEOUT, NULL);
2025 if (!lmp_encrypt_capable(hdev)) {
2030 if (!test_bit(HCI_AUTH, &hdev->flags)) {
2031 /* Auth must be enabled first */
2032 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2033 HCI_INIT_TIMEOUT, NULL);
2038 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
2039 HCI_INIT_TIMEOUT, NULL);
2043 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
2044 HCI_INIT_TIMEOUT, NULL);
2046 /* Ensure that the connectable and discoverable states
2047 * get correctly modified as this was a non-mgmt change.
2050 hci_update_scan_state(hdev, dr.dev_opt);
2054 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
2055 HCI_INIT_TIMEOUT, NULL);
2058 case HCISETLINKMODE:
2059 hdev->link_mode = ((__u16) dr.dev_opt) &
2060 (HCI_LM_MASTER | HCI_LM_ACCEPT);
2064 if (hdev->pkt_type == (__u16) dr.dev_opt)
2067 hdev->pkt_type = (__u16) dr.dev_opt;
2068 mgmt_phy_configuration_changed(hdev, NULL);
2072 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
2073 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
2077 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
2078 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
2091 int hci_get_dev_list(void __user *arg)
2093 struct hci_dev *hdev;
2094 struct hci_dev_list_req *dl;
2095 struct hci_dev_req *dr;
2096 int n = 0, size, err;
2099 if (get_user(dev_num, (__u16 __user *) arg))
2102 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
2105 size = sizeof(*dl) + dev_num * sizeof(*dr);
2107 dl = kzalloc(size, GFP_KERNEL);
2113 read_lock(&hci_dev_list_lock);
2114 list_for_each_entry(hdev, &hci_dev_list, list) {
2115 unsigned long flags = hdev->flags;
2117 /* When the auto-off is configured it means the transport
2118 * is running, but in that case still indicate that the
2119 * device is actually down.
2121 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
2122 flags &= ~BIT(HCI_UP);
2124 (dr + n)->dev_id = hdev->id;
2125 (dr + n)->dev_opt = flags;
2130 read_unlock(&hci_dev_list_lock);
2133 size = sizeof(*dl) + n * sizeof(*dr);
2135 err = copy_to_user(arg, dl, size);
2138 return err ? -EFAULT : 0;
2141 int hci_get_dev_info(void __user *arg)
2143 struct hci_dev *hdev;
2144 struct hci_dev_info di;
2145 unsigned long flags;
2148 if (copy_from_user(&di, arg, sizeof(di)))
2151 hdev = hci_dev_get(di.dev_id);
2155 /* When the auto-off is configured it means the transport
2156 * is running, but in that case still indicate that the
2157 * device is actually down.
2159 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
2160 flags = hdev->flags & ~BIT(HCI_UP);
2162 flags = hdev->flags;
2164 strcpy(di.name, hdev->name);
2165 di.bdaddr = hdev->bdaddr;
2166 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
2168 di.pkt_type = hdev->pkt_type;
2169 if (lmp_bredr_capable(hdev)) {
2170 di.acl_mtu = hdev->acl_mtu;
2171 di.acl_pkts = hdev->acl_pkts;
2172 di.sco_mtu = hdev->sco_mtu;
2173 di.sco_pkts = hdev->sco_pkts;
2175 di.acl_mtu = hdev->le_mtu;
2176 di.acl_pkts = hdev->le_pkts;
2180 di.link_policy = hdev->link_policy;
2181 di.link_mode = hdev->link_mode;
2183 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
2184 memcpy(&di.features, &hdev->features, sizeof(di.features));
2186 if (copy_to_user(arg, &di, sizeof(di)))
2194 /* ---- Interface to HCI drivers ---- */
2196 static int hci_rfkill_set_block(void *data, bool blocked)
2198 struct hci_dev *hdev = data;
2200 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
2202 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
2206 hci_dev_set_flag(hdev, HCI_RFKILLED);
2207 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
2208 !hci_dev_test_flag(hdev, HCI_CONFIG))
2209 hci_dev_do_close(hdev);
2211 hci_dev_clear_flag(hdev, HCI_RFKILLED);
2217 static const struct rfkill_ops hci_rfkill_ops = {
2218 .set_block = hci_rfkill_set_block,
2221 static void hci_power_on(struct work_struct *work)
2223 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
2226 BT_DBG("%s", hdev->name);
2228 if (test_bit(HCI_UP, &hdev->flags) &&
2229 hci_dev_test_flag(hdev, HCI_MGMT) &&
2230 hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
2231 cancel_delayed_work(&hdev->power_off);
2232 hci_req_sync_lock(hdev);
2233 err = __hci_req_hci_power_on(hdev);
2234 hci_req_sync_unlock(hdev);
2235 mgmt_power_on(hdev, err);
2239 err = hci_dev_do_open(hdev);
2242 mgmt_set_powered_failed(hdev, err);
2243 hci_dev_unlock(hdev);
2247 /* During the HCI setup phase, a few error conditions are
2248 * ignored and they need to be checked now. If they are still
2249 * valid, it is important to turn the device back off.
2251 if (hci_dev_test_flag(hdev, HCI_RFKILLED) ||
2252 hci_dev_test_flag(hdev, HCI_UNCONFIGURED) ||
2253 (hdev->dev_type == HCI_PRIMARY &&
2254 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2255 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
2256 hci_dev_clear_flag(hdev, HCI_AUTO_OFF);
2257 hci_dev_do_close(hdev);
2258 } else if (hci_dev_test_flag(hdev, HCI_AUTO_OFF)) {
2259 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
2260 HCI_AUTO_OFF_TIMEOUT);
2263 if (hci_dev_test_and_clear_flag(hdev, HCI_SETUP)) {
2264 /* For unconfigured devices, set the HCI_RAW flag
2265 * so that userspace can easily identify them.
2267 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2268 set_bit(HCI_RAW, &hdev->flags);
2270 /* For fully configured devices, this will send
2271 * the Index Added event. For unconfigured devices,
2272 * it will send Unconfigued Index Added event.
2274 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
2275 * and no event will be send.
2277 mgmt_index_added(hdev);
2278 } else if (hci_dev_test_and_clear_flag(hdev, HCI_CONFIG)) {
2279 /* When the controller is now configured, then it
2280 * is important to clear the HCI_RAW flag.
2282 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2283 clear_bit(HCI_RAW, &hdev->flags);
2285 /* Powering on the controller with HCI_CONFIG set only
2286 * happens with the transition from unconfigured to
2287 * configured. This will send the Index Added event.
2289 mgmt_index_added(hdev);
2293 static void hci_power_off(struct work_struct *work)
2295 struct hci_dev *hdev = container_of(work, struct hci_dev,
2298 BT_DBG("%s", hdev->name);
2300 hci_dev_do_close(hdev);
2303 static void hci_error_reset(struct work_struct *work)
2305 struct hci_dev *hdev = container_of(work, struct hci_dev, error_reset);
2307 BT_DBG("%s", hdev->name);
2310 hdev->hw_error(hdev, hdev->hw_error_code);
2312 bt_dev_err(hdev, "hardware error 0x%2.2x", hdev->hw_error_code);
2314 if (hci_dev_do_close(hdev))
2317 hci_dev_do_open(hdev);
2320 void hci_uuids_clear(struct hci_dev *hdev)
2322 struct bt_uuid *uuid, *tmp;
2324 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
2325 list_del(&uuid->list);
2330 void hci_link_keys_clear(struct hci_dev *hdev)
2332 struct link_key *key;
2334 list_for_each_entry(key, &hdev->link_keys, list) {
2335 list_del_rcu(&key->list);
2336 kfree_rcu(key, rcu);
2340 void hci_smp_ltks_clear(struct hci_dev *hdev)
2344 list_for_each_entry(k, &hdev->long_term_keys, list) {
2345 list_del_rcu(&k->list);
2350 void hci_smp_irks_clear(struct hci_dev *hdev)
2354 list_for_each_entry(k, &hdev->identity_resolving_keys, list) {
2355 list_del_rcu(&k->list);
2360 void hci_blocked_keys_clear(struct hci_dev *hdev)
2362 struct blocked_key *b;
2364 list_for_each_entry(b, &hdev->blocked_keys, list) {
2365 list_del_rcu(&b->list);
2370 bool hci_is_blocked_key(struct hci_dev *hdev, u8 type, u8 val[16])
2372 bool blocked = false;
2373 struct blocked_key *b;
2376 list_for_each_entry_rcu(b, &hdev->blocked_keys, list) {
2377 if (b->type == type && !memcmp(b->val, val, sizeof(b->val))) {
2387 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2392 list_for_each_entry_rcu(k, &hdev->link_keys, list) {
2393 if (bacmp(bdaddr, &k->bdaddr) == 0) {
2396 if (hci_is_blocked_key(hdev,
2397 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2399 bt_dev_warn_ratelimited(hdev,
2400 "Link key blocked for %pMR",
2413 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
2414 u8 key_type, u8 old_key_type)
2417 if (key_type < 0x03)
2420 /* Debug keys are insecure so don't store them persistently */
2421 if (key_type == HCI_LK_DEBUG_COMBINATION)
2424 /* Changed combination key and there's no previous one */
2425 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
2428 /* Security mode 3 case */
2432 /* BR/EDR key derived using SC from an LE link */
2433 if (conn->type == LE_LINK)
2436 /* Neither local nor remote side had no-bonding as requirement */
2437 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
2440 /* Local side had dedicated bonding as requirement */
2441 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
2444 /* Remote side had dedicated bonding as requirement */
2445 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
2448 /* If none of the above criteria match, then don't store the key
2453 static u8 ltk_role(u8 type)
2455 if (type == SMP_LTK)
2456 return HCI_ROLE_MASTER;
2458 return HCI_ROLE_SLAVE;
2461 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2462 u8 addr_type, u8 role)
2467 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2468 if (addr_type != k->bdaddr_type || bacmp(bdaddr, &k->bdaddr))
2471 if (smp_ltk_is_sc(k) || ltk_role(k->type) == role) {
2474 if (hci_is_blocked_key(hdev, HCI_BLOCKED_KEY_TYPE_LTK,
2476 bt_dev_warn_ratelimited(hdev,
2477 "LTK blocked for %pMR",
2490 struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa)
2492 struct smp_irk *irk_to_return = NULL;
2493 struct smp_irk *irk;
2496 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2497 if (!bacmp(&irk->rpa, rpa)) {
2498 irk_to_return = irk;
2503 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2504 if (smp_irk_matches(hdev, irk->val, rpa)) {
2505 bacpy(&irk->rpa, rpa);
2506 irk_to_return = irk;
2512 if (irk_to_return && hci_is_blocked_key(hdev, HCI_BLOCKED_KEY_TYPE_IRK,
2513 irk_to_return->val)) {
2514 bt_dev_warn_ratelimited(hdev, "Identity key blocked for %pMR",
2515 &irk_to_return->bdaddr);
2516 irk_to_return = NULL;
2521 return irk_to_return;
2524 struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
2527 struct smp_irk *irk_to_return = NULL;
2528 struct smp_irk *irk;
2530 /* Identity Address must be public or static random */
2531 if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0)
2535 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2536 if (addr_type == irk->addr_type &&
2537 bacmp(bdaddr, &irk->bdaddr) == 0) {
2538 irk_to_return = irk;
2545 if (irk_to_return && hci_is_blocked_key(hdev, HCI_BLOCKED_KEY_TYPE_IRK,
2546 irk_to_return->val)) {
2547 bt_dev_warn_ratelimited(hdev, "Identity key blocked for %pMR",
2548 &irk_to_return->bdaddr);
2549 irk_to_return = NULL;
2554 return irk_to_return;
2557 struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
2558 bdaddr_t *bdaddr, u8 *val, u8 type,
2559 u8 pin_len, bool *persistent)
2561 struct link_key *key, *old_key;
2564 old_key = hci_find_link_key(hdev, bdaddr);
2566 old_key_type = old_key->type;
2569 old_key_type = conn ? conn->key_type : 0xff;
2570 key = kzalloc(sizeof(*key), GFP_KERNEL);
2573 list_add_rcu(&key->list, &hdev->link_keys);
2576 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
2578 /* Some buggy controller combinations generate a changed
2579 * combination key for legacy pairing even when there's no
2581 if (type == HCI_LK_CHANGED_COMBINATION &&
2582 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
2583 type = HCI_LK_COMBINATION;
2585 conn->key_type = type;
2588 bacpy(&key->bdaddr, bdaddr);
2589 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
2590 key->pin_len = pin_len;
2592 if (type == HCI_LK_CHANGED_COMBINATION)
2593 key->type = old_key_type;
2598 *persistent = hci_persistent_key(hdev, conn, type,
2604 struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2605 u8 addr_type, u8 type, u8 authenticated,
2606 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
2608 struct smp_ltk *key, *old_key;
2609 u8 role = ltk_role(type);
2611 old_key = hci_find_ltk(hdev, bdaddr, addr_type, role);
2615 key = kzalloc(sizeof(*key), GFP_KERNEL);
2618 list_add_rcu(&key->list, &hdev->long_term_keys);
2621 bacpy(&key->bdaddr, bdaddr);
2622 key->bdaddr_type = addr_type;
2623 memcpy(key->val, tk, sizeof(key->val));
2624 key->authenticated = authenticated;
2627 key->enc_size = enc_size;
2633 struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2634 u8 addr_type, u8 val[16], bdaddr_t *rpa)
2636 struct smp_irk *irk;
2638 irk = hci_find_irk_by_addr(hdev, bdaddr, addr_type);
2640 irk = kzalloc(sizeof(*irk), GFP_KERNEL);
2644 bacpy(&irk->bdaddr, bdaddr);
2645 irk->addr_type = addr_type;
2647 list_add_rcu(&irk->list, &hdev->identity_resolving_keys);
2650 memcpy(irk->val, val, 16);
2651 bacpy(&irk->rpa, rpa);
2656 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2658 struct link_key *key;
2660 key = hci_find_link_key(hdev, bdaddr);
2664 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2666 list_del_rcu(&key->list);
2667 kfree_rcu(key, rcu);
2672 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
2677 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2678 if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type)
2681 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2683 list_del_rcu(&k->list);
2688 return removed ? 0 : -ENOENT;
2691 void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
2695 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
2696 if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type)
2699 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2701 list_del_rcu(&k->list);
2706 bool hci_bdaddr_is_paired(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2709 struct smp_irk *irk;
2712 if (type == BDADDR_BREDR) {
2713 if (hci_find_link_key(hdev, bdaddr))
2718 /* Convert to HCI addr type which struct smp_ltk uses */
2719 if (type == BDADDR_LE_PUBLIC)
2720 addr_type = ADDR_LE_DEV_PUBLIC;
2722 addr_type = ADDR_LE_DEV_RANDOM;
2724 irk = hci_get_irk(hdev, bdaddr, addr_type);
2726 bdaddr = &irk->bdaddr;
2727 addr_type = irk->addr_type;
2731 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2732 if (k->bdaddr_type == addr_type && !bacmp(bdaddr, &k->bdaddr)) {
2742 /* HCI command timer function */
2743 static void hci_cmd_timeout(struct work_struct *work)
2745 struct hci_dev *hdev = container_of(work, struct hci_dev,
2748 if (hdev->sent_cmd) {
2749 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
2750 u16 opcode = __le16_to_cpu(sent->opcode);
2752 bt_dev_err(hdev, "command 0x%4.4x tx timeout", opcode);
2754 bt_dev_err(hdev, "command tx timeout");
2757 if (hdev->cmd_timeout)
2758 hdev->cmd_timeout(hdev);
2760 atomic_set(&hdev->cmd_cnt, 1);
2761 queue_work(hdev->workqueue, &hdev->cmd_work);
2764 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
2765 bdaddr_t *bdaddr, u8 bdaddr_type)
2767 struct oob_data *data;
2769 list_for_each_entry(data, &hdev->remote_oob_data, list) {
2770 if (bacmp(bdaddr, &data->bdaddr) != 0)
2772 if (data->bdaddr_type != bdaddr_type)
2780 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2783 struct oob_data *data;
2785 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2789 BT_DBG("%s removing %pMR (%u)", hdev->name, bdaddr, bdaddr_type);
2791 list_del(&data->list);
2797 void hci_remote_oob_data_clear(struct hci_dev *hdev)
2799 struct oob_data *data, *n;
2801 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
2802 list_del(&data->list);
2807 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2808 u8 bdaddr_type, u8 *hash192, u8 *rand192,
2809 u8 *hash256, u8 *rand256)
2811 struct oob_data *data;
2813 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2815 data = kmalloc(sizeof(*data), GFP_KERNEL);
2819 bacpy(&data->bdaddr, bdaddr);
2820 data->bdaddr_type = bdaddr_type;
2821 list_add(&data->list, &hdev->remote_oob_data);
2824 if (hash192 && rand192) {
2825 memcpy(data->hash192, hash192, sizeof(data->hash192));
2826 memcpy(data->rand192, rand192, sizeof(data->rand192));
2827 if (hash256 && rand256)
2828 data->present = 0x03;
2830 memset(data->hash192, 0, sizeof(data->hash192));
2831 memset(data->rand192, 0, sizeof(data->rand192));
2832 if (hash256 && rand256)
2833 data->present = 0x02;
2835 data->present = 0x00;
2838 if (hash256 && rand256) {
2839 memcpy(data->hash256, hash256, sizeof(data->hash256));
2840 memcpy(data->rand256, rand256, sizeof(data->rand256));
2842 memset(data->hash256, 0, sizeof(data->hash256));
2843 memset(data->rand256, 0, sizeof(data->rand256));
2844 if (hash192 && rand192)
2845 data->present = 0x01;
2848 BT_DBG("%s for %pMR", hdev->name, bdaddr);
2853 /* This function requires the caller holds hdev->lock */
2854 struct adv_info *hci_find_adv_instance(struct hci_dev *hdev, u8 instance)
2856 struct adv_info *adv_instance;
2858 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
2859 if (adv_instance->instance == instance)
2860 return adv_instance;
2866 /* This function requires the caller holds hdev->lock */
2867 struct adv_info *hci_get_next_instance(struct hci_dev *hdev, u8 instance)
2869 struct adv_info *cur_instance;
2871 cur_instance = hci_find_adv_instance(hdev, instance);
2875 if (cur_instance == list_last_entry(&hdev->adv_instances,
2876 struct adv_info, list))
2877 return list_first_entry(&hdev->adv_instances,
2878 struct adv_info, list);
2880 return list_next_entry(cur_instance, list);
2883 /* This function requires the caller holds hdev->lock */
2884 int hci_remove_adv_instance(struct hci_dev *hdev, u8 instance)
2886 struct adv_info *adv_instance;
2888 adv_instance = hci_find_adv_instance(hdev, instance);
2892 BT_DBG("%s removing %dMR", hdev->name, instance);
2894 if (hdev->cur_adv_instance == instance) {
2895 if (hdev->adv_instance_timeout) {
2896 cancel_delayed_work(&hdev->adv_instance_expire);
2897 hdev->adv_instance_timeout = 0;
2899 hdev->cur_adv_instance = 0x00;
2902 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
2904 list_del(&adv_instance->list);
2905 kfree(adv_instance);
2907 hdev->adv_instance_cnt--;
2912 void hci_adv_instances_set_rpa_expired(struct hci_dev *hdev, bool rpa_expired)
2914 struct adv_info *adv_instance, *n;
2916 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list)
2917 adv_instance->rpa_expired = rpa_expired;
2920 /* This function requires the caller holds hdev->lock */
2921 void hci_adv_instances_clear(struct hci_dev *hdev)
2923 struct adv_info *adv_instance, *n;
2925 if (hdev->adv_instance_timeout) {
2926 cancel_delayed_work(&hdev->adv_instance_expire);
2927 hdev->adv_instance_timeout = 0;
2930 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
2931 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
2932 list_del(&adv_instance->list);
2933 kfree(adv_instance);
2936 hdev->adv_instance_cnt = 0;
2937 hdev->cur_adv_instance = 0x00;
2940 static void adv_instance_rpa_expired(struct work_struct *work)
2942 struct adv_info *adv_instance = container_of(work, struct adv_info,
2943 rpa_expired_cb.work);
2947 adv_instance->rpa_expired = true;
2950 /* This function requires the caller holds hdev->lock */
2951 int hci_add_adv_instance(struct hci_dev *hdev, u8 instance, u32 flags,
2952 u16 adv_data_len, u8 *adv_data,
2953 u16 scan_rsp_len, u8 *scan_rsp_data,
2954 u16 timeout, u16 duration)
2956 struct adv_info *adv_instance;
2958 adv_instance = hci_find_adv_instance(hdev, instance);
2960 memset(adv_instance->adv_data, 0,
2961 sizeof(adv_instance->adv_data));
2962 memset(adv_instance->scan_rsp_data, 0,
2963 sizeof(adv_instance->scan_rsp_data));
2965 if (hdev->adv_instance_cnt >= hdev->le_num_of_adv_sets ||
2966 instance < 1 || instance > hdev->le_num_of_adv_sets)
2969 adv_instance = kzalloc(sizeof(*adv_instance), GFP_KERNEL);
2973 adv_instance->pending = true;
2974 adv_instance->instance = instance;
2975 list_add(&adv_instance->list, &hdev->adv_instances);
2976 hdev->adv_instance_cnt++;
2979 adv_instance->flags = flags;
2980 adv_instance->adv_data_len = adv_data_len;
2981 adv_instance->scan_rsp_len = scan_rsp_len;
2984 memcpy(adv_instance->adv_data, adv_data, adv_data_len);
2987 memcpy(adv_instance->scan_rsp_data,
2988 scan_rsp_data, scan_rsp_len);
2990 adv_instance->timeout = timeout;
2991 adv_instance->remaining_time = timeout;
2994 adv_instance->duration = hdev->def_multi_adv_rotation_duration;
2996 adv_instance->duration = duration;
2998 adv_instance->tx_power = HCI_TX_POWER_INVALID;
3000 INIT_DELAYED_WORK(&adv_instance->rpa_expired_cb,
3001 adv_instance_rpa_expired);
3003 BT_DBG("%s for %dMR", hdev->name, instance);
3008 /* This function requires the caller holds hdev->lock */
3009 void hci_adv_monitors_clear(struct hci_dev *hdev)
3011 struct adv_monitor *monitor;
3014 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle)
3015 hci_free_adv_monitor(monitor);
3017 idr_destroy(&hdev->adv_monitors_idr);
3020 void hci_free_adv_monitor(struct adv_monitor *monitor)
3022 struct adv_pattern *pattern;
3023 struct adv_pattern *tmp;
3028 list_for_each_entry_safe(pattern, tmp, &monitor->patterns, list)
3034 /* This function requires the caller holds hdev->lock */
3035 int hci_add_adv_monitor(struct hci_dev *hdev, struct adv_monitor *monitor)
3037 int min, max, handle;
3042 min = HCI_MIN_ADV_MONITOR_HANDLE;
3043 max = HCI_MIN_ADV_MONITOR_HANDLE + HCI_MAX_ADV_MONITOR_NUM_HANDLES;
3044 handle = idr_alloc(&hdev->adv_monitors_idr, monitor, min, max,
3049 hdev->adv_monitors_cnt++;
3050 monitor->handle = handle;
3052 hci_update_background_scan(hdev);
3057 static int free_adv_monitor(int id, void *ptr, void *data)
3059 struct hci_dev *hdev = data;
3060 struct adv_monitor *monitor = ptr;
3062 idr_remove(&hdev->adv_monitors_idr, monitor->handle);
3063 hci_free_adv_monitor(monitor);
3064 hdev->adv_monitors_cnt--;
3069 /* This function requires the caller holds hdev->lock */
3070 int hci_remove_adv_monitor(struct hci_dev *hdev, u16 handle)
3072 struct adv_monitor *monitor;
3075 monitor = idr_find(&hdev->adv_monitors_idr, handle);
3079 idr_remove(&hdev->adv_monitors_idr, monitor->handle);
3080 hci_free_adv_monitor(monitor);
3081 hdev->adv_monitors_cnt--;
3083 /* Remove all monitors if handle is 0. */
3084 idr_for_each(&hdev->adv_monitors_idr, &free_adv_monitor, hdev);
3087 hci_update_background_scan(hdev);
3092 /* This function requires the caller holds hdev->lock */
3093 bool hci_is_adv_monitoring(struct hci_dev *hdev)
3095 return !idr_is_empty(&hdev->adv_monitors_idr);
3098 struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list,
3099 bdaddr_t *bdaddr, u8 type)
3101 struct bdaddr_list *b;
3103 list_for_each_entry(b, bdaddr_list, list) {
3104 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3111 struct bdaddr_list_with_irk *hci_bdaddr_list_lookup_with_irk(
3112 struct list_head *bdaddr_list, bdaddr_t *bdaddr,
3115 struct bdaddr_list_with_irk *b;
3117 list_for_each_entry(b, bdaddr_list, list) {
3118 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3125 struct bdaddr_list_with_flags *
3126 hci_bdaddr_list_lookup_with_flags(struct list_head *bdaddr_list,
3127 bdaddr_t *bdaddr, u8 type)
3129 struct bdaddr_list_with_flags *b;
3131 list_for_each_entry(b, bdaddr_list, list) {
3132 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3139 void hci_bdaddr_list_clear(struct list_head *bdaddr_list)
3141 struct bdaddr_list *b, *n;
3143 list_for_each_entry_safe(b, n, bdaddr_list, list) {
3149 int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3151 struct bdaddr_list *entry;
3153 if (!bacmp(bdaddr, BDADDR_ANY))
3156 if (hci_bdaddr_list_lookup(list, bdaddr, type))
3159 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
3163 bacpy(&entry->bdaddr, bdaddr);
3164 entry->bdaddr_type = type;
3166 list_add(&entry->list, list);
3171 int hci_bdaddr_list_add_with_irk(struct list_head *list, bdaddr_t *bdaddr,
3172 u8 type, u8 *peer_irk, u8 *local_irk)
3174 struct bdaddr_list_with_irk *entry;
3176 if (!bacmp(bdaddr, BDADDR_ANY))
3179 if (hci_bdaddr_list_lookup(list, bdaddr, type))
3182 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
3186 bacpy(&entry->bdaddr, bdaddr);
3187 entry->bdaddr_type = type;
3190 memcpy(entry->peer_irk, peer_irk, 16);
3193 memcpy(entry->local_irk, local_irk, 16);
3195 list_add(&entry->list, list);
3200 int hci_bdaddr_list_add_with_flags(struct list_head *list, bdaddr_t *bdaddr,
3203 struct bdaddr_list_with_flags *entry;
3205 if (!bacmp(bdaddr, BDADDR_ANY))
3208 if (hci_bdaddr_list_lookup(list, bdaddr, type))
3211 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
3215 bacpy(&entry->bdaddr, bdaddr);
3216 entry->bdaddr_type = type;
3217 entry->current_flags = flags;
3219 list_add(&entry->list, list);
3224 int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3226 struct bdaddr_list *entry;
3228 if (!bacmp(bdaddr, BDADDR_ANY)) {
3229 hci_bdaddr_list_clear(list);
3233 entry = hci_bdaddr_list_lookup(list, bdaddr, type);
3237 list_del(&entry->list);
3243 int hci_bdaddr_list_del_with_irk(struct list_head *list, bdaddr_t *bdaddr,
3246 struct bdaddr_list_with_irk *entry;
3248 if (!bacmp(bdaddr, BDADDR_ANY)) {
3249 hci_bdaddr_list_clear(list);
3253 entry = hci_bdaddr_list_lookup_with_irk(list, bdaddr, type);
3257 list_del(&entry->list);
3263 int hci_bdaddr_list_del_with_flags(struct list_head *list, bdaddr_t *bdaddr,
3266 struct bdaddr_list_with_flags *entry;
3268 if (!bacmp(bdaddr, BDADDR_ANY)) {
3269 hci_bdaddr_list_clear(list);
3273 entry = hci_bdaddr_list_lookup_with_flags(list, bdaddr, type);
3277 list_del(&entry->list);
3283 /* This function requires the caller holds hdev->lock */
3284 struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
3285 bdaddr_t *addr, u8 addr_type)
3287 struct hci_conn_params *params;
3289 list_for_each_entry(params, &hdev->le_conn_params, list) {
3290 if (bacmp(¶ms->addr, addr) == 0 &&
3291 params->addr_type == addr_type) {
3299 /* This function requires the caller holds hdev->lock */
3300 struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
3301 bdaddr_t *addr, u8 addr_type)
3303 struct hci_conn_params *param;
3305 switch (addr_type) {
3306 case ADDR_LE_DEV_PUBLIC_RESOLVED:
3307 addr_type = ADDR_LE_DEV_PUBLIC;
3309 case ADDR_LE_DEV_RANDOM_RESOLVED:
3310 addr_type = ADDR_LE_DEV_RANDOM;
3314 list_for_each_entry(param, list, action) {
3315 if (bacmp(¶m->addr, addr) == 0 &&
3316 param->addr_type == addr_type)
3323 /* This function requires the caller holds hdev->lock */
3324 struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
3325 bdaddr_t *addr, u8 addr_type)
3327 struct hci_conn_params *params;
3329 params = hci_conn_params_lookup(hdev, addr, addr_type);
3333 params = kzalloc(sizeof(*params), GFP_KERNEL);
3335 bt_dev_err(hdev, "out of memory");
3339 bacpy(¶ms->addr, addr);
3340 params->addr_type = addr_type;
3342 list_add(¶ms->list, &hdev->le_conn_params);
3343 INIT_LIST_HEAD(¶ms->action);
3345 params->conn_min_interval = hdev->le_conn_min_interval;
3346 params->conn_max_interval = hdev->le_conn_max_interval;
3347 params->conn_latency = hdev->le_conn_latency;
3348 params->supervision_timeout = hdev->le_supv_timeout;
3349 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3351 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3356 static void hci_conn_params_free(struct hci_conn_params *params)
3359 hci_conn_drop(params->conn);
3360 hci_conn_put(params->conn);
3363 list_del(¶ms->action);
3364 list_del(¶ms->list);
3368 /* This function requires the caller holds hdev->lock */
3369 void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
3371 struct hci_conn_params *params;
3373 params = hci_conn_params_lookup(hdev, addr, addr_type);
3377 hci_conn_params_free(params);
3379 hci_update_background_scan(hdev);
3381 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3384 /* This function requires the caller holds hdev->lock */
3385 void hci_conn_params_clear_disabled(struct hci_dev *hdev)
3387 struct hci_conn_params *params, *tmp;
3389 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
3390 if (params->auto_connect != HCI_AUTO_CONN_DISABLED)
3393 /* If trying to estabilish one time connection to disabled
3394 * device, leave the params, but mark them as just once.
3396 if (params->explicit_connect) {
3397 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3401 list_del(¶ms->list);
3405 BT_DBG("All LE disabled connection parameters were removed");
3408 /* This function requires the caller holds hdev->lock */
3409 static void hci_conn_params_clear_all(struct hci_dev *hdev)
3411 struct hci_conn_params *params, *tmp;
3413 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list)
3414 hci_conn_params_free(params);
3416 BT_DBG("All LE connection parameters were removed");
3419 /* Copy the Identity Address of the controller.
3421 * If the controller has a public BD_ADDR, then by default use that one.
3422 * If this is a LE only controller without a public address, default to
3423 * the static random address.
3425 * For debugging purposes it is possible to force controllers with a
3426 * public address to use the static random address instead.
3428 * In case BR/EDR has been disabled on a dual-mode controller and
3429 * userspace has configured a static address, then that address
3430 * becomes the identity address instead of the public BR/EDR address.
3432 void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
3435 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
3436 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
3437 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3438 bacmp(&hdev->static_addr, BDADDR_ANY))) {
3439 bacpy(bdaddr, &hdev->static_addr);
3440 *bdaddr_type = ADDR_LE_DEV_RANDOM;
3442 bacpy(bdaddr, &hdev->bdaddr);
3443 *bdaddr_type = ADDR_LE_DEV_PUBLIC;
3447 static void hci_suspend_clear_tasks(struct hci_dev *hdev)
3451 for (i = 0; i < __SUSPEND_NUM_TASKS; i++)
3452 clear_bit(i, hdev->suspend_tasks);
3454 wake_up(&hdev->suspend_wait_q);
3457 static int hci_suspend_wait_event(struct hci_dev *hdev)
3460 (find_first_bit(hdev->suspend_tasks, __SUSPEND_NUM_TASKS) == \
3461 __SUSPEND_NUM_TASKS)
3464 int ret = wait_event_timeout(hdev->suspend_wait_q,
3465 WAKE_COND, SUSPEND_NOTIFIER_TIMEOUT);
3468 bt_dev_err(hdev, "Timed out waiting for suspend events");
3469 for (i = 0; i < __SUSPEND_NUM_TASKS; ++i) {
3470 if (test_bit(i, hdev->suspend_tasks))
3471 bt_dev_err(hdev, "Suspend timeout bit: %d", i);
3472 clear_bit(i, hdev->suspend_tasks);
3483 static void hci_prepare_suspend(struct work_struct *work)
3485 struct hci_dev *hdev =
3486 container_of(work, struct hci_dev, suspend_prepare);
3489 hci_req_prepare_suspend(hdev, hdev->suspend_state_next);
3490 hci_dev_unlock(hdev);
3493 static int hci_change_suspend_state(struct hci_dev *hdev,
3494 enum suspended_state next)
3496 hdev->suspend_state_next = next;
3497 set_bit(SUSPEND_PREPARE_NOTIFIER, hdev->suspend_tasks);
3498 queue_work(hdev->req_workqueue, &hdev->suspend_prepare);
3499 return hci_suspend_wait_event(hdev);
3502 static void hci_clear_wake_reason(struct hci_dev *hdev)
3506 hdev->wake_reason = 0;
3507 bacpy(&hdev->wake_addr, BDADDR_ANY);
3508 hdev->wake_addr_type = 0;
3510 hci_dev_unlock(hdev);
3513 static int hci_suspend_notifier(struct notifier_block *nb, unsigned long action,
3516 struct hci_dev *hdev =
3517 container_of(nb, struct hci_dev, suspend_notifier);
3519 u8 state = BT_RUNNING;
3521 /* If powering down, wait for completion. */
3522 if (mgmt_powering_down(hdev)) {
3523 set_bit(SUSPEND_POWERING_DOWN, hdev->suspend_tasks);
3524 ret = hci_suspend_wait_event(hdev);
3529 /* Suspend notifier should only act on events when powered. */
3530 if (!hdev_is_powered(hdev))
3533 if (action == PM_SUSPEND_PREPARE) {
3534 /* Suspend consists of two actions:
3535 * - First, disconnect everything and make the controller not
3536 * connectable (disabling scanning)
3537 * - Second, program event filter/whitelist and enable scan
3539 ret = hci_change_suspend_state(hdev, BT_SUSPEND_DISCONNECT);
3541 state = BT_SUSPEND_DISCONNECT;
3543 /* Only configure whitelist if disconnect succeeded and wake
3544 * isn't being prevented.
3546 if (!ret && !(hdev->prevent_wake && hdev->prevent_wake(hdev))) {
3547 ret = hci_change_suspend_state(hdev,
3548 BT_SUSPEND_CONFIGURE_WAKE);
3550 state = BT_SUSPEND_CONFIGURE_WAKE;
3553 hci_clear_wake_reason(hdev);
3554 mgmt_suspending(hdev, state);
3556 } else if (action == PM_POST_SUSPEND) {
3557 ret = hci_change_suspend_state(hdev, BT_RUNNING);
3559 mgmt_resuming(hdev, hdev->wake_reason, &hdev->wake_addr,
3560 hdev->wake_addr_type);
3564 /* We always allow suspend even if suspend preparation failed and
3565 * attempt to recover in resume.
3568 bt_dev_err(hdev, "Suspend notifier action (%lu) failed: %d",
3574 /* Alloc HCI device */
3575 struct hci_dev *hci_alloc_dev(void)
3577 struct hci_dev *hdev;
3579 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
3583 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
3584 hdev->esco_type = (ESCO_HV1);
3585 hdev->link_mode = (HCI_LM_ACCEPT);
3586 hdev->num_iac = 0x01; /* One IAC support is mandatory */
3587 hdev->io_capability = 0x03; /* No Input No Output */
3588 hdev->manufacturer = 0xffff; /* Default to internal use */
3589 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
3590 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3591 hdev->adv_instance_cnt = 0;
3592 hdev->cur_adv_instance = 0x00;
3593 hdev->adv_instance_timeout = 0;
3595 hdev->sniff_max_interval = 800;
3596 hdev->sniff_min_interval = 80;
3598 hdev->le_adv_channel_map = 0x07;
3599 hdev->le_adv_min_interval = 0x0800;
3600 hdev->le_adv_max_interval = 0x0800;
3601 hdev->le_scan_interval = 0x0060;
3602 hdev->le_scan_window = 0x0030;
3603 hdev->le_scan_int_suspend = 0x0400;
3604 hdev->le_scan_window_suspend = 0x0012;
3605 hdev->le_scan_int_discovery = DISCOV_LE_SCAN_INT;
3606 hdev->le_scan_window_discovery = DISCOV_LE_SCAN_WIN;
3607 hdev->le_scan_int_connect = 0x0060;
3608 hdev->le_scan_window_connect = 0x0060;
3609 hdev->le_conn_min_interval = 0x0018;
3610 hdev->le_conn_max_interval = 0x0028;
3611 hdev->le_conn_latency = 0x0000;
3612 hdev->le_supv_timeout = 0x002a;
3613 hdev->le_def_tx_len = 0x001b;
3614 hdev->le_def_tx_time = 0x0148;
3615 hdev->le_max_tx_len = 0x001b;
3616 hdev->le_max_tx_time = 0x0148;
3617 hdev->le_max_rx_len = 0x001b;
3618 hdev->le_max_rx_time = 0x0148;
3619 hdev->le_max_key_size = SMP_MAX_ENC_KEY_SIZE;
3620 hdev->le_min_key_size = SMP_MIN_ENC_KEY_SIZE;
3621 hdev->le_tx_def_phys = HCI_LE_SET_PHY_1M;
3622 hdev->le_rx_def_phys = HCI_LE_SET_PHY_1M;
3623 hdev->le_num_of_adv_sets = HCI_MAX_ADV_INSTANCES;
3624 hdev->def_multi_adv_rotation_duration = HCI_DEFAULT_ADV_DURATION;
3625 hdev->def_le_autoconnect_timeout = HCI_LE_AUTOCONN_TIMEOUT;
3627 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
3628 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
3629 hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
3630 hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
3631 hdev->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT;
3632 hdev->min_enc_key_size = HCI_MIN_ENC_KEY_SIZE;
3634 /* default 1.28 sec page scan */
3635 hdev->def_page_scan_type = PAGE_SCAN_TYPE_STANDARD;
3636 hdev->def_page_scan_int = 0x0800;
3637 hdev->def_page_scan_window = 0x0012;
3639 mutex_init(&hdev->lock);
3640 mutex_init(&hdev->req_lock);
3642 INIT_LIST_HEAD(&hdev->mgmt_pending);
3643 INIT_LIST_HEAD(&hdev->blacklist);
3644 INIT_LIST_HEAD(&hdev->whitelist);
3645 INIT_LIST_HEAD(&hdev->uuids);
3646 INIT_LIST_HEAD(&hdev->link_keys);
3647 INIT_LIST_HEAD(&hdev->long_term_keys);
3648 INIT_LIST_HEAD(&hdev->identity_resolving_keys);
3649 INIT_LIST_HEAD(&hdev->remote_oob_data);
3650 INIT_LIST_HEAD(&hdev->le_white_list);
3651 INIT_LIST_HEAD(&hdev->le_resolv_list);
3652 INIT_LIST_HEAD(&hdev->le_conn_params);
3653 INIT_LIST_HEAD(&hdev->pend_le_conns);
3654 INIT_LIST_HEAD(&hdev->pend_le_reports);
3655 INIT_LIST_HEAD(&hdev->conn_hash.list);
3656 INIT_LIST_HEAD(&hdev->adv_instances);
3657 INIT_LIST_HEAD(&hdev->blocked_keys);
3659 INIT_WORK(&hdev->rx_work, hci_rx_work);
3660 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
3661 INIT_WORK(&hdev->tx_work, hci_tx_work);
3662 INIT_WORK(&hdev->power_on, hci_power_on);
3663 INIT_WORK(&hdev->error_reset, hci_error_reset);
3664 INIT_WORK(&hdev->suspend_prepare, hci_prepare_suspend);
3666 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
3668 skb_queue_head_init(&hdev->rx_q);
3669 skb_queue_head_init(&hdev->cmd_q);
3670 skb_queue_head_init(&hdev->raw_q);
3672 init_waitqueue_head(&hdev->req_wait_q);
3673 init_waitqueue_head(&hdev->suspend_wait_q);
3675 INIT_DELAYED_WORK(&hdev->cmd_timer, hci_cmd_timeout);
3677 hci_request_setup(hdev);
3679 hci_init_sysfs(hdev);
3680 discovery_init(hdev);
3684 EXPORT_SYMBOL(hci_alloc_dev);
3686 /* Free HCI device */
3687 void hci_free_dev(struct hci_dev *hdev)
3689 /* will free via device release */
3690 put_device(&hdev->dev);
3692 EXPORT_SYMBOL(hci_free_dev);
3694 /* Register HCI device */
3695 int hci_register_dev(struct hci_dev *hdev)
3699 if (!hdev->open || !hdev->close || !hdev->send)
3702 /* Do not allow HCI_AMP devices to register at index 0,
3703 * so the index can be used as the AMP controller ID.
3705 switch (hdev->dev_type) {
3707 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
3710 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
3719 sprintf(hdev->name, "hci%d", id);
3722 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3724 hdev->workqueue = alloc_ordered_workqueue("%s", WQ_HIGHPRI, hdev->name);
3725 if (!hdev->workqueue) {
3730 hdev->req_workqueue = alloc_ordered_workqueue("%s", WQ_HIGHPRI,
3732 if (!hdev->req_workqueue) {
3733 destroy_workqueue(hdev->workqueue);
3738 if (!IS_ERR_OR_NULL(bt_debugfs))
3739 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
3741 dev_set_name(&hdev->dev, "%s", hdev->name);
3743 error = device_add(&hdev->dev);
3747 hci_leds_init(hdev);
3749 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
3750 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
3753 if (rfkill_register(hdev->rfkill) < 0) {
3754 rfkill_destroy(hdev->rfkill);
3755 hdev->rfkill = NULL;
3759 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
3760 hci_dev_set_flag(hdev, HCI_RFKILLED);
3762 hci_dev_set_flag(hdev, HCI_SETUP);
3763 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
3765 if (hdev->dev_type == HCI_PRIMARY) {
3766 /* Assume BR/EDR support until proven otherwise (such as
3767 * through reading supported features during init.
3769 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
3772 write_lock(&hci_dev_list_lock);
3773 list_add(&hdev->list, &hci_dev_list);
3774 write_unlock(&hci_dev_list_lock);
3776 /* Devices that are marked for raw-only usage are unconfigured
3777 * and should not be included in normal operation.
3779 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
3780 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
3782 hci_sock_dev_event(hdev, HCI_DEV_REG);
3785 hdev->suspend_notifier.notifier_call = hci_suspend_notifier;
3786 error = register_pm_notifier(&hdev->suspend_notifier);
3790 queue_work(hdev->req_workqueue, &hdev->power_on);
3792 idr_init(&hdev->adv_monitors_idr);
3797 destroy_workqueue(hdev->workqueue);
3798 destroy_workqueue(hdev->req_workqueue);
3800 ida_simple_remove(&hci_index_ida, hdev->id);
3804 EXPORT_SYMBOL(hci_register_dev);
3806 /* Unregister HCI device */
3807 void hci_unregister_dev(struct hci_dev *hdev)
3811 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3813 hci_dev_set_flag(hdev, HCI_UNREGISTER);
3817 write_lock(&hci_dev_list_lock);
3818 list_del(&hdev->list);
3819 write_unlock(&hci_dev_list_lock);
3821 cancel_work_sync(&hdev->power_on);
3823 hci_suspend_clear_tasks(hdev);
3824 unregister_pm_notifier(&hdev->suspend_notifier);
3825 cancel_work_sync(&hdev->suspend_prepare);
3827 hci_dev_do_close(hdev);
3829 if (!test_bit(HCI_INIT, &hdev->flags) &&
3830 !hci_dev_test_flag(hdev, HCI_SETUP) &&
3831 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
3833 mgmt_index_removed(hdev);
3834 hci_dev_unlock(hdev);
3837 /* mgmt_index_removed should take care of emptying the
3839 BUG_ON(!list_empty(&hdev->mgmt_pending));
3841 hci_sock_dev_event(hdev, HCI_DEV_UNREG);
3844 rfkill_unregister(hdev->rfkill);
3845 rfkill_destroy(hdev->rfkill);
3848 device_del(&hdev->dev);
3850 debugfs_remove_recursive(hdev->debugfs);
3851 kfree_const(hdev->hw_info);
3852 kfree_const(hdev->fw_info);
3854 destroy_workqueue(hdev->workqueue);
3855 destroy_workqueue(hdev->req_workqueue);
3858 hci_bdaddr_list_clear(&hdev->blacklist);
3859 hci_bdaddr_list_clear(&hdev->whitelist);
3860 hci_uuids_clear(hdev);
3861 hci_link_keys_clear(hdev);
3862 hci_smp_ltks_clear(hdev);
3863 hci_smp_irks_clear(hdev);
3864 hci_remote_oob_data_clear(hdev);
3865 hci_adv_instances_clear(hdev);
3866 hci_adv_monitors_clear(hdev);
3867 hci_bdaddr_list_clear(&hdev->le_white_list);
3868 hci_bdaddr_list_clear(&hdev->le_resolv_list);
3869 hci_conn_params_clear_all(hdev);
3870 hci_discovery_filter_clear(hdev);
3871 hci_blocked_keys_clear(hdev);
3872 hci_dev_unlock(hdev);
3876 ida_simple_remove(&hci_index_ida, id);
3878 EXPORT_SYMBOL(hci_unregister_dev);
3880 /* Suspend HCI device */
3881 int hci_suspend_dev(struct hci_dev *hdev)
3883 hci_sock_dev_event(hdev, HCI_DEV_SUSPEND);
3886 EXPORT_SYMBOL(hci_suspend_dev);
3888 /* Resume HCI device */
3889 int hci_resume_dev(struct hci_dev *hdev)
3891 hci_sock_dev_event(hdev, HCI_DEV_RESUME);
3894 EXPORT_SYMBOL(hci_resume_dev);
3896 /* Reset HCI device */
3897 int hci_reset_dev(struct hci_dev *hdev)
3899 static const u8 hw_err[] = { HCI_EV_HARDWARE_ERROR, 0x01, 0x00 };
3900 struct sk_buff *skb;
3902 skb = bt_skb_alloc(3, GFP_ATOMIC);
3906 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
3907 skb_put_data(skb, hw_err, 3);
3909 /* Send Hardware Error to upper stack */
3910 return hci_recv_frame(hdev, skb);
3912 EXPORT_SYMBOL(hci_reset_dev);
3914 /* Receive frame from HCI drivers */
3915 int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
3917 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
3918 && !test_bit(HCI_INIT, &hdev->flags))) {
3923 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
3924 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
3925 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT &&
3926 hci_skb_pkt_type(skb) != HCI_ISODATA_PKT) {
3932 bt_cb(skb)->incoming = 1;
3935 __net_timestamp(skb);
3937 skb_queue_tail(&hdev->rx_q, skb);
3938 queue_work(hdev->workqueue, &hdev->rx_work);
3942 EXPORT_SYMBOL(hci_recv_frame);
3944 /* Receive diagnostic message from HCI drivers */
3945 int hci_recv_diag(struct hci_dev *hdev, struct sk_buff *skb)
3947 /* Mark as diagnostic packet */
3948 hci_skb_pkt_type(skb) = HCI_DIAG_PKT;
3951 __net_timestamp(skb);
3953 skb_queue_tail(&hdev->rx_q, skb);
3954 queue_work(hdev->workqueue, &hdev->rx_work);
3958 EXPORT_SYMBOL(hci_recv_diag);
3960 void hci_set_hw_info(struct hci_dev *hdev, const char *fmt, ...)
3964 va_start(vargs, fmt);
3965 kfree_const(hdev->hw_info);
3966 hdev->hw_info = kvasprintf_const(GFP_KERNEL, fmt, vargs);
3969 EXPORT_SYMBOL(hci_set_hw_info);
3971 void hci_set_fw_info(struct hci_dev *hdev, const char *fmt, ...)
3975 va_start(vargs, fmt);
3976 kfree_const(hdev->fw_info);
3977 hdev->fw_info = kvasprintf_const(GFP_KERNEL, fmt, vargs);
3980 EXPORT_SYMBOL(hci_set_fw_info);
3982 /* ---- Interface to upper protocols ---- */
3984 int hci_register_cb(struct hci_cb *cb)
3986 BT_DBG("%p name %s", cb, cb->name);
3988 mutex_lock(&hci_cb_list_lock);
3989 list_add_tail(&cb->list, &hci_cb_list);
3990 mutex_unlock(&hci_cb_list_lock);
3994 EXPORT_SYMBOL(hci_register_cb);
3996 int hci_unregister_cb(struct hci_cb *cb)
3998 BT_DBG("%p name %s", cb, cb->name);
4000 mutex_lock(&hci_cb_list_lock);
4001 list_del(&cb->list);
4002 mutex_unlock(&hci_cb_list_lock);
4006 EXPORT_SYMBOL(hci_unregister_cb);
4008 static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
4012 BT_DBG("%s type %d len %d", hdev->name, hci_skb_pkt_type(skb),
4016 __net_timestamp(skb);
4018 /* Send copy to monitor */
4019 hci_send_to_monitor(hdev, skb);
4021 if (atomic_read(&hdev->promisc)) {
4022 /* Send copy to the sockets */
4023 hci_send_to_sock(hdev, skb);
4026 /* Get rid of skb owner, prior to sending to the driver. */
4029 if (!test_bit(HCI_RUNNING, &hdev->flags)) {
4034 err = hdev->send(hdev, skb);
4036 bt_dev_err(hdev, "sending frame failed (%d)", err);
4041 /* Send HCI command */
4042 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
4045 struct sk_buff *skb;
4047 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
4049 skb = hci_prepare_cmd(hdev, opcode, plen, param);
4051 bt_dev_err(hdev, "no memory for command");
4055 /* Stand-alone HCI commands must be flagged as
4056 * single-command requests.
4058 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
4060 skb_queue_tail(&hdev->cmd_q, skb);
4061 queue_work(hdev->workqueue, &hdev->cmd_work);
4066 int __hci_cmd_send(struct hci_dev *hdev, u16 opcode, u32 plen,
4069 struct sk_buff *skb;
4071 if (hci_opcode_ogf(opcode) != 0x3f) {
4072 /* A controller receiving a command shall respond with either
4073 * a Command Status Event or a Command Complete Event.
4074 * Therefore, all standard HCI commands must be sent via the
4075 * standard API, using hci_send_cmd or hci_cmd_sync helpers.
4076 * Some vendors do not comply with this rule for vendor-specific
4077 * commands and do not return any event. We want to support
4078 * unresponded commands for such cases only.
4080 bt_dev_err(hdev, "unresponded command not supported");
4084 skb = hci_prepare_cmd(hdev, opcode, plen, param);
4086 bt_dev_err(hdev, "no memory for command (opcode 0x%4.4x)",
4091 hci_send_frame(hdev, skb);
4095 EXPORT_SYMBOL(__hci_cmd_send);
4097 /* Get data from the previously sent command */
4098 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
4100 struct hci_command_hdr *hdr;
4102 if (!hdev->sent_cmd)
4105 hdr = (void *) hdev->sent_cmd->data;
4107 if (hdr->opcode != cpu_to_le16(opcode))
4110 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
4112 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
4115 /* Send HCI command and wait for command commplete event */
4116 struct sk_buff *hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
4117 const void *param, u32 timeout)
4119 struct sk_buff *skb;
4121 if (!test_bit(HCI_UP, &hdev->flags))
4122 return ERR_PTR(-ENETDOWN);
4124 bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen);
4126 hci_req_sync_lock(hdev);
4127 skb = __hci_cmd_sync(hdev, opcode, plen, param, timeout);
4128 hci_req_sync_unlock(hdev);
4132 EXPORT_SYMBOL(hci_cmd_sync);
4135 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
4137 struct hci_acl_hdr *hdr;
4140 skb_push(skb, HCI_ACL_HDR_SIZE);
4141 skb_reset_transport_header(skb);
4142 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
4143 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
4144 hdr->dlen = cpu_to_le16(len);
4147 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
4148 struct sk_buff *skb, __u16 flags)
4150 struct hci_conn *conn = chan->conn;
4151 struct hci_dev *hdev = conn->hdev;
4152 struct sk_buff *list;
4154 skb->len = skb_headlen(skb);
4157 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
4159 switch (hdev->dev_type) {
4161 hci_add_acl_hdr(skb, conn->handle, flags);
4164 hci_add_acl_hdr(skb, chan->handle, flags);
4167 bt_dev_err(hdev, "unknown dev_type %d", hdev->dev_type);
4171 list = skb_shinfo(skb)->frag_list;
4173 /* Non fragmented */
4174 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
4176 skb_queue_tail(queue, skb);
4179 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
4181 skb_shinfo(skb)->frag_list = NULL;
4183 /* Queue all fragments atomically. We need to use spin_lock_bh
4184 * here because of 6LoWPAN links, as there this function is
4185 * called from softirq and using normal spin lock could cause
4188 spin_lock_bh(&queue->lock);
4190 __skb_queue_tail(queue, skb);
4192 flags &= ~ACL_START;
4195 skb = list; list = list->next;
4197 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
4198 hci_add_acl_hdr(skb, conn->handle, flags);
4200 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
4202 __skb_queue_tail(queue, skb);
4205 spin_unlock_bh(&queue->lock);
4209 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
4211 struct hci_dev *hdev = chan->conn->hdev;
4213 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
4215 hci_queue_acl(chan, &chan->data_q, skb, flags);
4217 queue_work(hdev->workqueue, &hdev->tx_work);
4221 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
4223 struct hci_dev *hdev = conn->hdev;
4224 struct hci_sco_hdr hdr;
4226 BT_DBG("%s len %d", hdev->name, skb->len);
4228 hdr.handle = cpu_to_le16(conn->handle);
4229 hdr.dlen = skb->len;
4231 skb_push(skb, HCI_SCO_HDR_SIZE);
4232 skb_reset_transport_header(skb);
4233 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
4235 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
4237 skb_queue_tail(&conn->data_q, skb);
4238 queue_work(hdev->workqueue, &hdev->tx_work);
4241 /* ---- HCI TX task (outgoing data) ---- */
4243 /* HCI Connection scheduler */
4244 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
4247 struct hci_conn_hash *h = &hdev->conn_hash;
4248 struct hci_conn *conn = NULL, *c;
4249 unsigned int num = 0, min = ~0;
4251 /* We don't have to lock device here. Connections are always
4252 * added and removed with TX task disabled. */
4256 list_for_each_entry_rcu(c, &h->list, list) {
4257 if (c->type != type || skb_queue_empty(&c->data_q))
4260 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
4265 if (c->sent < min) {
4270 if (hci_conn_num(hdev, type) == num)
4279 switch (conn->type) {
4281 cnt = hdev->acl_cnt;
4285 cnt = hdev->sco_cnt;
4288 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
4292 bt_dev_err(hdev, "unknown link type %d", conn->type);
4300 BT_DBG("conn %p quote %d", conn, *quote);
4304 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
4306 struct hci_conn_hash *h = &hdev->conn_hash;
4309 bt_dev_err(hdev, "link tx timeout");
4313 /* Kill stalled connections */
4314 list_for_each_entry_rcu(c, &h->list, list) {
4315 if (c->type == type && c->sent) {
4316 bt_dev_err(hdev, "killing stalled connection %pMR",
4318 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
4325 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
4328 struct hci_conn_hash *h = &hdev->conn_hash;
4329 struct hci_chan *chan = NULL;
4330 unsigned int num = 0, min = ~0, cur_prio = 0;
4331 struct hci_conn *conn;
4332 int cnt, q, conn_num = 0;
4334 BT_DBG("%s", hdev->name);
4338 list_for_each_entry_rcu(conn, &h->list, list) {
4339 struct hci_chan *tmp;
4341 if (conn->type != type)
4344 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
4349 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
4350 struct sk_buff *skb;
4352 if (skb_queue_empty(&tmp->data_q))
4355 skb = skb_peek(&tmp->data_q);
4356 if (skb->priority < cur_prio)
4359 if (skb->priority > cur_prio) {
4362 cur_prio = skb->priority;
4367 if (conn->sent < min) {
4373 if (hci_conn_num(hdev, type) == conn_num)
4382 switch (chan->conn->type) {
4384 cnt = hdev->acl_cnt;
4387 cnt = hdev->block_cnt;
4391 cnt = hdev->sco_cnt;
4394 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
4398 bt_dev_err(hdev, "unknown link type %d", chan->conn->type);
4403 BT_DBG("chan %p quote %d", chan, *quote);
4407 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
4409 struct hci_conn_hash *h = &hdev->conn_hash;
4410 struct hci_conn *conn;
4413 BT_DBG("%s", hdev->name);
4417 list_for_each_entry_rcu(conn, &h->list, list) {
4418 struct hci_chan *chan;
4420 if (conn->type != type)
4423 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
4428 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
4429 struct sk_buff *skb;
4436 if (skb_queue_empty(&chan->data_q))
4439 skb = skb_peek(&chan->data_q);
4440 if (skb->priority >= HCI_PRIO_MAX - 1)
4443 skb->priority = HCI_PRIO_MAX - 1;
4445 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
4449 if (hci_conn_num(hdev, type) == num)
4457 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
4459 /* Calculate count of blocks used by this packet */
4460 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
4463 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
4465 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
4466 /* ACL tx timeout must be longer than maximum
4467 * link supervision timeout (40.9 seconds) */
4468 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
4469 HCI_ACL_TX_TIMEOUT))
4470 hci_link_tx_to(hdev, ACL_LINK);
4475 static void hci_sched_sco(struct hci_dev *hdev)
4477 struct hci_conn *conn;
4478 struct sk_buff *skb;
4481 BT_DBG("%s", hdev->name);
4483 if (!hci_conn_num(hdev, SCO_LINK))
4486 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
4487 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
4488 BT_DBG("skb %p len %d", skb, skb->len);
4489 hci_send_frame(hdev, skb);
4492 if (conn->sent == ~0)
4498 static void hci_sched_esco(struct hci_dev *hdev)
4500 struct hci_conn *conn;
4501 struct sk_buff *skb;
4504 BT_DBG("%s", hdev->name);
4506 if (!hci_conn_num(hdev, ESCO_LINK))
4509 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
4511 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
4512 BT_DBG("skb %p len %d", skb, skb->len);
4513 hci_send_frame(hdev, skb);
4516 if (conn->sent == ~0)
4522 static void hci_sched_acl_pkt(struct hci_dev *hdev)
4524 unsigned int cnt = hdev->acl_cnt;
4525 struct hci_chan *chan;
4526 struct sk_buff *skb;
4529 __check_timeout(hdev, cnt);
4531 while (hdev->acl_cnt &&
4532 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
4533 u32 priority = (skb_peek(&chan->data_q))->priority;
4534 while (quote-- && (skb = skb_peek(&chan->data_q))) {
4535 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4536 skb->len, skb->priority);
4538 /* Stop if priority has changed */
4539 if (skb->priority < priority)
4542 skb = skb_dequeue(&chan->data_q);
4544 hci_conn_enter_active_mode(chan->conn,
4545 bt_cb(skb)->force_active);
4547 hci_send_frame(hdev, skb);
4548 hdev->acl_last_tx = jiffies;
4554 /* Send pending SCO packets right away */
4555 hci_sched_sco(hdev);
4556 hci_sched_esco(hdev);
4560 if (cnt != hdev->acl_cnt)
4561 hci_prio_recalculate(hdev, ACL_LINK);
4564 static void hci_sched_acl_blk(struct hci_dev *hdev)
4566 unsigned int cnt = hdev->block_cnt;
4567 struct hci_chan *chan;
4568 struct sk_buff *skb;
4572 __check_timeout(hdev, cnt);
4574 BT_DBG("%s", hdev->name);
4576 if (hdev->dev_type == HCI_AMP)
4581 while (hdev->block_cnt > 0 &&
4582 (chan = hci_chan_sent(hdev, type, "e))) {
4583 u32 priority = (skb_peek(&chan->data_q))->priority;
4584 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
4587 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4588 skb->len, skb->priority);
4590 /* Stop if priority has changed */
4591 if (skb->priority < priority)
4594 skb = skb_dequeue(&chan->data_q);
4596 blocks = __get_blocks(hdev, skb);
4597 if (blocks > hdev->block_cnt)
4600 hci_conn_enter_active_mode(chan->conn,
4601 bt_cb(skb)->force_active);
4603 hci_send_frame(hdev, skb);
4604 hdev->acl_last_tx = jiffies;
4606 hdev->block_cnt -= blocks;
4609 chan->sent += blocks;
4610 chan->conn->sent += blocks;
4614 if (cnt != hdev->block_cnt)
4615 hci_prio_recalculate(hdev, type);
4618 static void hci_sched_acl(struct hci_dev *hdev)
4620 BT_DBG("%s", hdev->name);
4622 /* No ACL link over BR/EDR controller */
4623 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_PRIMARY)
4626 /* No AMP link over AMP controller */
4627 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
4630 switch (hdev->flow_ctl_mode) {
4631 case HCI_FLOW_CTL_MODE_PACKET_BASED:
4632 hci_sched_acl_pkt(hdev);
4635 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
4636 hci_sched_acl_blk(hdev);
4641 static void hci_sched_le(struct hci_dev *hdev)
4643 struct hci_chan *chan;
4644 struct sk_buff *skb;
4645 int quote, cnt, tmp;
4647 BT_DBG("%s", hdev->name);
4649 if (!hci_conn_num(hdev, LE_LINK))
4652 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
4654 __check_timeout(hdev, cnt);
4657 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
4658 u32 priority = (skb_peek(&chan->data_q))->priority;
4659 while (quote-- && (skb = skb_peek(&chan->data_q))) {
4660 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4661 skb->len, skb->priority);
4663 /* Stop if priority has changed */
4664 if (skb->priority < priority)
4667 skb = skb_dequeue(&chan->data_q);
4669 hci_send_frame(hdev, skb);
4670 hdev->le_last_tx = jiffies;
4676 /* Send pending SCO packets right away */
4677 hci_sched_sco(hdev);
4678 hci_sched_esco(hdev);
4685 hdev->acl_cnt = cnt;
4688 hci_prio_recalculate(hdev, LE_LINK);
4691 static void hci_tx_work(struct work_struct *work)
4693 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
4694 struct sk_buff *skb;
4696 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
4697 hdev->sco_cnt, hdev->le_cnt);
4699 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
4700 /* Schedule queues and send stuff to HCI driver */
4701 hci_sched_sco(hdev);
4702 hci_sched_esco(hdev);
4703 hci_sched_acl(hdev);
4707 /* Send next queued raw (unknown type) packet */
4708 while ((skb = skb_dequeue(&hdev->raw_q)))
4709 hci_send_frame(hdev, skb);
4712 /* ----- HCI RX task (incoming data processing) ----- */
4714 /* ACL data packet */
4715 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4717 struct hci_acl_hdr *hdr = (void *) skb->data;
4718 struct hci_conn *conn;
4719 __u16 handle, flags;
4721 skb_pull(skb, HCI_ACL_HDR_SIZE);
4723 handle = __le16_to_cpu(hdr->handle);
4724 flags = hci_flags(handle);
4725 handle = hci_handle(handle);
4727 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
4730 hdev->stat.acl_rx++;
4733 conn = hci_conn_hash_lookup_handle(hdev, handle);
4734 hci_dev_unlock(hdev);
4737 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
4739 /* Send to upper protocol */
4740 l2cap_recv_acldata(conn, skb, flags);
4743 bt_dev_err(hdev, "ACL packet for unknown connection handle %d",
4750 /* SCO data packet */
4751 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4753 struct hci_sco_hdr *hdr = (void *) skb->data;
4754 struct hci_conn *conn;
4755 __u16 handle, flags;
4757 skb_pull(skb, HCI_SCO_HDR_SIZE);
4759 handle = __le16_to_cpu(hdr->handle);
4760 flags = hci_flags(handle);
4761 handle = hci_handle(handle);
4763 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
4766 hdev->stat.sco_rx++;
4769 conn = hci_conn_hash_lookup_handle(hdev, handle);
4770 hci_dev_unlock(hdev);
4773 /* Send to upper protocol */
4774 bt_cb(skb)->sco.pkt_status = flags & 0x03;
4775 sco_recv_scodata(conn, skb);
4778 bt_dev_err(hdev, "SCO packet for unknown connection handle %d",
4785 static bool hci_req_is_complete(struct hci_dev *hdev)
4787 struct sk_buff *skb;
4789 skb = skb_peek(&hdev->cmd_q);
4793 return (bt_cb(skb)->hci.req_flags & HCI_REQ_START);
4796 static void hci_resend_last(struct hci_dev *hdev)
4798 struct hci_command_hdr *sent;
4799 struct sk_buff *skb;
4802 if (!hdev->sent_cmd)
4805 sent = (void *) hdev->sent_cmd->data;
4806 opcode = __le16_to_cpu(sent->opcode);
4807 if (opcode == HCI_OP_RESET)
4810 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
4814 skb_queue_head(&hdev->cmd_q, skb);
4815 queue_work(hdev->workqueue, &hdev->cmd_work);
4818 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
4819 hci_req_complete_t *req_complete,
4820 hci_req_complete_skb_t *req_complete_skb)
4822 struct sk_buff *skb;
4823 unsigned long flags;
4825 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
4827 /* If the completed command doesn't match the last one that was
4828 * sent we need to do special handling of it.
4830 if (!hci_sent_cmd_data(hdev, opcode)) {
4831 /* Some CSR based controllers generate a spontaneous
4832 * reset complete event during init and any pending
4833 * command will never be completed. In such a case we
4834 * need to resend whatever was the last sent
4837 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
4838 hci_resend_last(hdev);
4843 /* If we reach this point this event matches the last command sent */
4844 hci_dev_clear_flag(hdev, HCI_CMD_PENDING);
4846 /* If the command succeeded and there's still more commands in
4847 * this request the request is not yet complete.
4849 if (!status && !hci_req_is_complete(hdev))
4852 /* If this was the last command in a request the complete
4853 * callback would be found in hdev->sent_cmd instead of the
4854 * command queue (hdev->cmd_q).
4856 if (bt_cb(hdev->sent_cmd)->hci.req_flags & HCI_REQ_SKB) {
4857 *req_complete_skb = bt_cb(hdev->sent_cmd)->hci.req_complete_skb;
4861 if (bt_cb(hdev->sent_cmd)->hci.req_complete) {
4862 *req_complete = bt_cb(hdev->sent_cmd)->hci.req_complete;
4866 /* Remove all pending commands belonging to this request */
4867 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4868 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
4869 if (bt_cb(skb)->hci.req_flags & HCI_REQ_START) {
4870 __skb_queue_head(&hdev->cmd_q, skb);
4874 if (bt_cb(skb)->hci.req_flags & HCI_REQ_SKB)
4875 *req_complete_skb = bt_cb(skb)->hci.req_complete_skb;
4877 *req_complete = bt_cb(skb)->hci.req_complete;
4880 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
4883 static void hci_rx_work(struct work_struct *work)
4885 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
4886 struct sk_buff *skb;
4888 BT_DBG("%s", hdev->name);
4890 while ((skb = skb_dequeue(&hdev->rx_q))) {
4891 /* Send copy to monitor */
4892 hci_send_to_monitor(hdev, skb);
4894 if (atomic_read(&hdev->promisc)) {
4895 /* Send copy to the sockets */
4896 hci_send_to_sock(hdev, skb);
4899 /* If the device has been opened in HCI_USER_CHANNEL,
4900 * the userspace has exclusive access to device.
4901 * When device is HCI_INIT, we still need to process
4902 * the data packets to the driver in order
4903 * to complete its setup().
4905 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
4906 !test_bit(HCI_INIT, &hdev->flags)) {
4911 if (test_bit(HCI_INIT, &hdev->flags)) {
4912 /* Don't process data packets in this states. */
4913 switch (hci_skb_pkt_type(skb)) {
4914 case HCI_ACLDATA_PKT:
4915 case HCI_SCODATA_PKT:
4916 case HCI_ISODATA_PKT:
4923 switch (hci_skb_pkt_type(skb)) {
4925 BT_DBG("%s Event packet", hdev->name);
4926 hci_event_packet(hdev, skb);
4929 case HCI_ACLDATA_PKT:
4930 BT_DBG("%s ACL data packet", hdev->name);
4931 hci_acldata_packet(hdev, skb);
4934 case HCI_SCODATA_PKT:
4935 BT_DBG("%s SCO data packet", hdev->name);
4936 hci_scodata_packet(hdev, skb);
4946 static void hci_cmd_work(struct work_struct *work)
4948 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
4949 struct sk_buff *skb;
4951 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
4952 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
4954 /* Send queued commands */
4955 if (atomic_read(&hdev->cmd_cnt)) {
4956 skb = skb_dequeue(&hdev->cmd_q);
4960 kfree_skb(hdev->sent_cmd);
4962 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
4963 if (hdev->sent_cmd) {
4964 if (hci_req_status_pend(hdev))
4965 hci_dev_set_flag(hdev, HCI_CMD_PENDING);
4966 atomic_dec(&hdev->cmd_cnt);
4967 hci_send_frame(hdev, skb);
4968 if (test_bit(HCI_RESET, &hdev->flags))
4969 cancel_delayed_work(&hdev->cmd_timer);
4971 schedule_delayed_work(&hdev->cmd_timer,
4974 skb_queue_head(&hdev->cmd_q, skb);
4975 queue_work(hdev->workqueue, &hdev->cmd_work);
projects / linux-2.6-microblaze.git / blob