2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/export.h>
29 #include <linux/rfkill.h>
30 #include <linux/debugfs.h>
31 #include <linux/crypto.h>
32 #include <linux/property.h>
33 #include <linux/suspend.h>
34 #include <linux/wait.h>
35 #include <asm/unaligned.h>
37 #include <net/bluetooth/bluetooth.h>
38 #include <net/bluetooth/hci_core.h>
39 #include <net/bluetooth/l2cap.h>
40 #include <net/bluetooth/mgmt.h>
42 #include "hci_request.h"
43 #include "hci_debugfs.h"
49 static void hci_rx_work(struct work_struct *work);
50 static void hci_cmd_work(struct work_struct *work);
51 static void hci_tx_work(struct work_struct *work);
54 LIST_HEAD(hci_dev_list);
55 DEFINE_RWLOCK(hci_dev_list_lock);
57 /* HCI callback list */
58 LIST_HEAD(hci_cb_list);
59 DEFINE_MUTEX(hci_cb_list_lock);
61 /* HCI ID Numbering */
62 static DEFINE_IDA(hci_index_ida);
64 /* ---- HCI debugfs entries ---- */
66 static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
67 size_t count, loff_t *ppos)
69 struct hci_dev *hdev = file->private_data;
72 buf[0] = hci_dev_test_flag(hdev, HCI_DUT_MODE) ? 'Y' : 'N';
75 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
78 static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
79 size_t count, loff_t *ppos)
81 struct hci_dev *hdev = file->private_data;
86 if (!test_bit(HCI_UP, &hdev->flags))
89 err = kstrtobool_from_user(user_buf, count, &enable);
93 if (enable == hci_dev_test_flag(hdev, HCI_DUT_MODE))
96 hci_req_sync_lock(hdev);
98 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
101 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
103 hci_req_sync_unlock(hdev);
110 hci_dev_change_flag(hdev, HCI_DUT_MODE);
115 static const struct file_operations dut_mode_fops = {
117 .read = dut_mode_read,
118 .write = dut_mode_write,
119 .llseek = default_llseek,
122 static ssize_t vendor_diag_read(struct file *file, char __user *user_buf,
123 size_t count, loff_t *ppos)
125 struct hci_dev *hdev = file->private_data;
128 buf[0] = hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) ? 'Y' : 'N';
131 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
134 static ssize_t vendor_diag_write(struct file *file, const char __user *user_buf,
135 size_t count, loff_t *ppos)
137 struct hci_dev *hdev = file->private_data;
141 err = kstrtobool_from_user(user_buf, count, &enable);
145 /* When the diagnostic flags are not persistent and the transport
146 * is not active or in user channel operation, then there is no need
147 * for the vendor callback. Instead just store the desired value and
148 * the setting will be programmed when the controller gets powered on.
150 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
151 (!test_bit(HCI_RUNNING, &hdev->flags) ||
152 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)))
155 hci_req_sync_lock(hdev);
156 err = hdev->set_diag(hdev, enable);
157 hci_req_sync_unlock(hdev);
164 hci_dev_set_flag(hdev, HCI_VENDOR_DIAG);
166 hci_dev_clear_flag(hdev, HCI_VENDOR_DIAG);
171 static const struct file_operations vendor_diag_fops = {
173 .read = vendor_diag_read,
174 .write = vendor_diag_write,
175 .llseek = default_llseek,
178 static void hci_debugfs_create_basic(struct hci_dev *hdev)
180 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
184 debugfs_create_file("vendor_diag", 0644, hdev->debugfs, hdev,
188 static int hci_reset_req(struct hci_request *req, unsigned long opt)
190 BT_DBG("%s %ld", req->hdev->name, opt);
193 set_bit(HCI_RESET, &req->hdev->flags);
194 hci_req_add(req, HCI_OP_RESET, 0, NULL);
198 static void bredr_init(struct hci_request *req)
200 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
202 /* Read Local Supported Features */
203 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
205 /* Read Local Version */
206 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
208 /* Read BD Address */
209 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
212 static void amp_init1(struct hci_request *req)
214 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
216 /* Read Local Version */
217 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
219 /* Read Local Supported Commands */
220 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
222 /* Read Local AMP Info */
223 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
225 /* Read Data Blk size */
226 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
228 /* Read Flow Control Mode */
229 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
231 /* Read Location Data */
232 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
235 static int amp_init2(struct hci_request *req)
237 /* Read Local Supported Features. Not all AMP controllers
238 * support this so it's placed conditionally in the second
241 if (req->hdev->commands[14] & 0x20)
242 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
247 static int hci_init1_req(struct hci_request *req, unsigned long opt)
249 struct hci_dev *hdev = req->hdev;
251 BT_DBG("%s %ld", hdev->name, opt);
254 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
255 hci_reset_req(req, 0);
257 switch (hdev->dev_type) {
265 bt_dev_err(hdev, "Unknown device type %d", hdev->dev_type);
272 static void bredr_setup(struct hci_request *req)
277 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
278 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
280 /* Read Class of Device */
281 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
283 /* Read Local Name */
284 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
286 /* Read Voice Setting */
287 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
289 /* Read Number of Supported IAC */
290 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
292 /* Read Current IAC LAP */
293 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
295 /* Clear Event Filters */
296 flt_type = HCI_FLT_CLEAR_ALL;
297 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
299 /* Connection accept timeout ~20 secs */
300 param = cpu_to_le16(0x7d00);
301 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
304 static void le_setup(struct hci_request *req)
306 struct hci_dev *hdev = req->hdev;
308 /* Read LE Buffer Size */
309 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
311 /* Read LE Local Supported Features */
312 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
314 /* Read LE Supported States */
315 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
317 /* LE-only controllers have LE implicitly enabled */
318 if (!lmp_bredr_capable(hdev))
319 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
322 static void hci_setup_event_mask(struct hci_request *req)
324 struct hci_dev *hdev = req->hdev;
326 /* The second byte is 0xff instead of 0x9f (two reserved bits
327 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
330 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
332 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
333 * any event mask for pre 1.2 devices.
335 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
338 if (lmp_bredr_capable(hdev)) {
339 events[4] |= 0x01; /* Flow Specification Complete */
341 /* Use a different default for LE-only devices */
342 memset(events, 0, sizeof(events));
343 events[1] |= 0x20; /* Command Complete */
344 events[1] |= 0x40; /* Command Status */
345 events[1] |= 0x80; /* Hardware Error */
347 /* If the controller supports the Disconnect command, enable
348 * the corresponding event. In addition enable packet flow
349 * control related events.
351 if (hdev->commands[0] & 0x20) {
352 events[0] |= 0x10; /* Disconnection Complete */
353 events[2] |= 0x04; /* Number of Completed Packets */
354 events[3] |= 0x02; /* Data Buffer Overflow */
357 /* If the controller supports the Read Remote Version
358 * Information command, enable the corresponding event.
360 if (hdev->commands[2] & 0x80)
361 events[1] |= 0x08; /* Read Remote Version Information
365 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
366 events[0] |= 0x80; /* Encryption Change */
367 events[5] |= 0x80; /* Encryption Key Refresh Complete */
371 if (lmp_inq_rssi_capable(hdev) ||
372 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks))
373 events[4] |= 0x02; /* Inquiry Result with RSSI */
375 if (lmp_ext_feat_capable(hdev))
376 events[4] |= 0x04; /* Read Remote Extended Features Complete */
378 if (lmp_esco_capable(hdev)) {
379 events[5] |= 0x08; /* Synchronous Connection Complete */
380 events[5] |= 0x10; /* Synchronous Connection Changed */
383 if (lmp_sniffsubr_capable(hdev))
384 events[5] |= 0x20; /* Sniff Subrating */
386 if (lmp_pause_enc_capable(hdev))
387 events[5] |= 0x80; /* Encryption Key Refresh Complete */
389 if (lmp_ext_inq_capable(hdev))
390 events[5] |= 0x40; /* Extended Inquiry Result */
392 if (lmp_no_flush_capable(hdev))
393 events[7] |= 0x01; /* Enhanced Flush Complete */
395 if (lmp_lsto_capable(hdev))
396 events[6] |= 0x80; /* Link Supervision Timeout Changed */
398 if (lmp_ssp_capable(hdev)) {
399 events[6] |= 0x01; /* IO Capability Request */
400 events[6] |= 0x02; /* IO Capability Response */
401 events[6] |= 0x04; /* User Confirmation Request */
402 events[6] |= 0x08; /* User Passkey Request */
403 events[6] |= 0x10; /* Remote OOB Data Request */
404 events[6] |= 0x20; /* Simple Pairing Complete */
405 events[7] |= 0x04; /* User Passkey Notification */
406 events[7] |= 0x08; /* Keypress Notification */
407 events[7] |= 0x10; /* Remote Host Supported
408 * Features Notification
412 if (lmp_le_capable(hdev))
413 events[7] |= 0x20; /* LE Meta-Event */
415 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
418 static int hci_init2_req(struct hci_request *req, unsigned long opt)
420 struct hci_dev *hdev = req->hdev;
422 if (hdev->dev_type == HCI_AMP)
423 return amp_init2(req);
425 if (lmp_bredr_capable(hdev))
428 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
430 if (lmp_le_capable(hdev))
433 /* All Bluetooth 1.2 and later controllers should support the
434 * HCI command for reading the local supported commands.
436 * Unfortunately some controllers indicate Bluetooth 1.2 support,
437 * but do not have support for this command. If that is the case,
438 * the driver can quirk the behavior and skip reading the local
439 * supported commands.
441 if (hdev->hci_ver > BLUETOOTH_VER_1_1 &&
442 !test_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks))
443 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
445 if (lmp_ssp_capable(hdev)) {
446 /* When SSP is available, then the host features page
447 * should also be available as well. However some
448 * controllers list the max_page as 0 as long as SSP
449 * has not been enabled. To achieve proper debugging
450 * output, force the minimum max_page to 1 at least.
452 hdev->max_page = 0x01;
454 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
457 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
458 sizeof(mode), &mode);
460 struct hci_cp_write_eir cp;
462 memset(hdev->eir, 0, sizeof(hdev->eir));
463 memset(&cp, 0, sizeof(cp));
465 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
469 if (lmp_inq_rssi_capable(hdev) ||
470 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks)) {
473 /* If Extended Inquiry Result events are supported, then
474 * they are clearly preferred over Inquiry Result with RSSI
477 mode = lmp_ext_inq_capable(hdev) ? 0x02 : 0x01;
479 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
482 if (lmp_inq_tx_pwr_capable(hdev))
483 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
485 if (lmp_ext_feat_capable(hdev)) {
486 struct hci_cp_read_local_ext_features cp;
489 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
493 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
495 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
502 static void hci_setup_link_policy(struct hci_request *req)
504 struct hci_dev *hdev = req->hdev;
505 struct hci_cp_write_def_link_policy cp;
508 if (lmp_rswitch_capable(hdev))
509 link_policy |= HCI_LP_RSWITCH;
510 if (lmp_hold_capable(hdev))
511 link_policy |= HCI_LP_HOLD;
512 if (lmp_sniff_capable(hdev))
513 link_policy |= HCI_LP_SNIFF;
514 if (lmp_park_capable(hdev))
515 link_policy |= HCI_LP_PARK;
517 cp.policy = cpu_to_le16(link_policy);
518 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
521 static void hci_set_le_support(struct hci_request *req)
523 struct hci_dev *hdev = req->hdev;
524 struct hci_cp_write_le_host_supported cp;
526 /* LE-only devices do not support explicit enablement */
527 if (!lmp_bredr_capable(hdev))
530 memset(&cp, 0, sizeof(cp));
532 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
537 if (cp.le != lmp_host_le_capable(hdev))
538 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
542 static void hci_set_event_mask_page_2(struct hci_request *req)
544 struct hci_dev *hdev = req->hdev;
545 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
546 bool changed = false;
548 /* If Connectionless Slave Broadcast master role is supported
549 * enable all necessary events for it.
551 if (lmp_csb_master_capable(hdev)) {
552 events[1] |= 0x40; /* Triggered Clock Capture */
553 events[1] |= 0x80; /* Synchronization Train Complete */
554 events[2] |= 0x10; /* Slave Page Response Timeout */
555 events[2] |= 0x20; /* CSB Channel Map Change */
559 /* If Connectionless Slave Broadcast slave role is supported
560 * enable all necessary events for it.
562 if (lmp_csb_slave_capable(hdev)) {
563 events[2] |= 0x01; /* Synchronization Train Received */
564 events[2] |= 0x02; /* CSB Receive */
565 events[2] |= 0x04; /* CSB Timeout */
566 events[2] |= 0x08; /* Truncated Page Complete */
570 /* Enable Authenticated Payload Timeout Expired event if supported */
571 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING) {
576 /* Some Broadcom based controllers indicate support for Set Event
577 * Mask Page 2 command, but then actually do not support it. Since
578 * the default value is all bits set to zero, the command is only
579 * required if the event mask has to be changed. In case no change
580 * to the event mask is needed, skip this command.
583 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2,
584 sizeof(events), events);
587 static int hci_init3_req(struct hci_request *req, unsigned long opt)
589 struct hci_dev *hdev = req->hdev;
592 hci_setup_event_mask(req);
594 if (hdev->commands[6] & 0x20 &&
595 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
596 struct hci_cp_read_stored_link_key cp;
598 bacpy(&cp.bdaddr, BDADDR_ANY);
600 hci_req_add(req, HCI_OP_READ_STORED_LINK_KEY, sizeof(cp), &cp);
603 if (hdev->commands[5] & 0x10)
604 hci_setup_link_policy(req);
606 if (hdev->commands[8] & 0x01)
607 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
609 if (hdev->commands[18] & 0x04 &&
610 !test_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks))
611 hci_req_add(req, HCI_OP_READ_DEF_ERR_DATA_REPORTING, 0, NULL);
613 /* Some older Broadcom based Bluetooth 1.2 controllers do not
614 * support the Read Page Scan Type command. Check support for
615 * this command in the bit mask of supported commands.
617 if (hdev->commands[13] & 0x01)
618 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
620 if (lmp_le_capable(hdev)) {
623 memset(events, 0, sizeof(events));
625 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
626 events[0] |= 0x10; /* LE Long Term Key Request */
628 /* If controller supports the Connection Parameters Request
629 * Link Layer Procedure, enable the corresponding event.
631 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
632 events[0] |= 0x20; /* LE Remote Connection
636 /* If the controller supports the Data Length Extension
637 * feature, enable the corresponding event.
639 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT)
640 events[0] |= 0x40; /* LE Data Length Change */
642 /* If the controller supports LL Privacy feature, enable
643 * the corresponding event.
645 if (hdev->le_features[0] & HCI_LE_LL_PRIVACY)
646 events[1] |= 0x02; /* LE Enhanced Connection
650 /* If the controller supports Extended Scanner Filter
651 * Policies, enable the correspondig event.
653 if (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)
654 events[1] |= 0x04; /* LE Direct Advertising
658 /* If the controller supports Channel Selection Algorithm #2
659 * feature, enable the corresponding event.
661 if (hdev->le_features[1] & HCI_LE_CHAN_SEL_ALG2)
662 events[2] |= 0x08; /* LE Channel Selection
666 /* If the controller supports the LE Set Scan Enable command,
667 * enable the corresponding advertising report event.
669 if (hdev->commands[26] & 0x08)
670 events[0] |= 0x02; /* LE Advertising Report */
672 /* If the controller supports the LE Create Connection
673 * command, enable the corresponding event.
675 if (hdev->commands[26] & 0x10)
676 events[0] |= 0x01; /* LE Connection Complete */
678 /* If the controller supports the LE Connection Update
679 * command, enable the corresponding event.
681 if (hdev->commands[27] & 0x04)
682 events[0] |= 0x04; /* LE Connection Update
686 /* If the controller supports the LE Read Remote Used Features
687 * command, enable the corresponding event.
689 if (hdev->commands[27] & 0x20)
690 events[0] |= 0x08; /* LE Read Remote Used
694 /* If the controller supports the LE Read Local P-256
695 * Public Key command, enable the corresponding event.
697 if (hdev->commands[34] & 0x02)
698 events[0] |= 0x80; /* LE Read Local P-256
699 * Public Key Complete
702 /* If the controller supports the LE Generate DHKey
703 * command, enable the corresponding event.
705 if (hdev->commands[34] & 0x04)
706 events[1] |= 0x01; /* LE Generate DHKey Complete */
708 /* If the controller supports the LE Set Default PHY or
709 * LE Set PHY commands, enable the corresponding event.
711 if (hdev->commands[35] & (0x20 | 0x40))
712 events[1] |= 0x08; /* LE PHY Update Complete */
714 /* If the controller supports LE Set Extended Scan Parameters
715 * and LE Set Extended Scan Enable commands, enable the
716 * corresponding event.
718 if (use_ext_scan(hdev))
719 events[1] |= 0x10; /* LE Extended Advertising
723 /* If the controller supports the LE Extended Advertising
724 * command, enable the corresponding event.
726 if (ext_adv_capable(hdev))
727 events[2] |= 0x02; /* LE Advertising Set
731 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
734 /* Read LE Advertising Channel TX Power */
735 if ((hdev->commands[25] & 0x40) && !ext_adv_capable(hdev)) {
736 /* HCI TS spec forbids mixing of legacy and extended
737 * advertising commands wherein READ_ADV_TX_POWER is
738 * also included. So do not call it if extended adv
739 * is supported otherwise controller will return
740 * COMMAND_DISALLOWED for extended commands.
742 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
745 if (hdev->commands[38] & 0x80) {
746 /* Read LE Min/Max Tx Power*/
747 hci_req_add(req, HCI_OP_LE_READ_TRANSMIT_POWER,
751 if (hdev->commands[26] & 0x40) {
752 /* Read LE White List Size */
753 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE,
757 if (hdev->commands[26] & 0x80) {
758 /* Clear LE White List */
759 hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
762 if (hdev->commands[34] & 0x40) {
763 /* Read LE Resolving List Size */
764 hci_req_add(req, HCI_OP_LE_READ_RESOLV_LIST_SIZE,
768 if (hdev->commands[34] & 0x20) {
769 /* Clear LE Resolving List */
770 hci_req_add(req, HCI_OP_LE_CLEAR_RESOLV_LIST, 0, NULL);
773 if (hdev->commands[35] & 0x04) {
774 __le16 rpa_timeout = cpu_to_le16(hdev->rpa_timeout);
776 /* Set RPA timeout */
777 hci_req_add(req, HCI_OP_LE_SET_RPA_TIMEOUT, 2,
781 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
782 /* Read LE Maximum Data Length */
783 hci_req_add(req, HCI_OP_LE_READ_MAX_DATA_LEN, 0, NULL);
785 /* Read LE Suggested Default Data Length */
786 hci_req_add(req, HCI_OP_LE_READ_DEF_DATA_LEN, 0, NULL);
789 if (ext_adv_capable(hdev)) {
790 /* Read LE Number of Supported Advertising Sets */
791 hci_req_add(req, HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS,
795 hci_set_le_support(req);
798 /* Read features beyond page 1 if available */
799 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
800 struct hci_cp_read_local_ext_features cp;
803 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
810 static int hci_init4_req(struct hci_request *req, unsigned long opt)
812 struct hci_dev *hdev = req->hdev;
814 /* Some Broadcom based Bluetooth controllers do not support the
815 * Delete Stored Link Key command. They are clearly indicating its
816 * absence in the bit mask of supported commands.
818 * Check the supported commands and only if the command is marked
819 * as supported send it. If not supported assume that the controller
820 * does not have actual support for stored link keys which makes this
821 * command redundant anyway.
823 * Some controllers indicate that they support handling deleting
824 * stored link keys, but they don't. The quirk lets a driver
825 * just disable this command.
827 if (hdev->commands[6] & 0x80 &&
828 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
829 struct hci_cp_delete_stored_link_key cp;
831 bacpy(&cp.bdaddr, BDADDR_ANY);
832 cp.delete_all = 0x01;
833 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
837 /* Set event mask page 2 if the HCI command for it is supported */
838 if (hdev->commands[22] & 0x04)
839 hci_set_event_mask_page_2(req);
841 /* Read local codec list if the HCI command is supported */
842 if (hdev->commands[29] & 0x20)
843 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
845 /* Read local pairing options if the HCI command is supported */
846 if (hdev->commands[41] & 0x08)
847 hci_req_add(req, HCI_OP_READ_LOCAL_PAIRING_OPTS, 0, NULL);
849 /* Get MWS transport configuration if the HCI command is supported */
850 if (hdev->commands[30] & 0x08)
851 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
853 /* Check for Synchronization Train support */
854 if (lmp_sync_train_capable(hdev))
855 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
857 /* Enable Secure Connections if supported and configured */
858 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
859 bredr_sc_enabled(hdev)) {
862 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
863 sizeof(support), &support);
866 /* Set erroneous data reporting if supported to the wideband speech
869 if (hdev->commands[18] & 0x08 &&
870 !test_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks)) {
871 bool enabled = hci_dev_test_flag(hdev,
872 HCI_WIDEBAND_SPEECH_ENABLED);
875 (hdev->err_data_reporting == ERR_DATA_REPORTING_ENABLED)) {
876 struct hci_cp_write_def_err_data_reporting cp;
878 cp.err_data_reporting = enabled ?
879 ERR_DATA_REPORTING_ENABLED :
880 ERR_DATA_REPORTING_DISABLED;
882 hci_req_add(req, HCI_OP_WRITE_DEF_ERR_DATA_REPORTING,
887 /* Set Suggested Default Data Length to maximum if supported */
888 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
889 struct hci_cp_le_write_def_data_len cp;
891 cp.tx_len = cpu_to_le16(hdev->le_max_tx_len);
892 cp.tx_time = cpu_to_le16(hdev->le_max_tx_time);
893 hci_req_add(req, HCI_OP_LE_WRITE_DEF_DATA_LEN, sizeof(cp), &cp);
896 /* Set Default PHY parameters if command is supported */
897 if (hdev->commands[35] & 0x20) {
898 struct hci_cp_le_set_default_phy cp;
901 cp.tx_phys = hdev->le_tx_def_phys;
902 cp.rx_phys = hdev->le_rx_def_phys;
904 hci_req_add(req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp), &cp);
910 static int __hci_init(struct hci_dev *hdev)
914 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT, NULL);
918 if (hci_dev_test_flag(hdev, HCI_SETUP))
919 hci_debugfs_create_basic(hdev);
921 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT, NULL);
925 /* HCI_PRIMARY covers both single-mode LE, BR/EDR and dual-mode
926 * BR/EDR/LE type controllers. AMP controllers only need the
927 * first two stages of init.
929 if (hdev->dev_type != HCI_PRIMARY)
932 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT, NULL);
936 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT, NULL);
940 /* This function is only called when the controller is actually in
941 * configured state. When the controller is marked as unconfigured,
942 * this initialization procedure is not run.
944 * It means that it is possible that a controller runs through its
945 * setup phase and then discovers missing settings. If that is the
946 * case, then this function will not be called. It then will only
947 * be called during the config phase.
949 * So only when in setup phase or config phase, create the debugfs
950 * entries and register the SMP channels.
952 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
953 !hci_dev_test_flag(hdev, HCI_CONFIG))
956 hci_debugfs_create_common(hdev);
958 if (lmp_bredr_capable(hdev))
959 hci_debugfs_create_bredr(hdev);
961 if (lmp_le_capable(hdev))
962 hci_debugfs_create_le(hdev);
967 static int hci_init0_req(struct hci_request *req, unsigned long opt)
969 struct hci_dev *hdev = req->hdev;
971 BT_DBG("%s %ld", hdev->name, opt);
974 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
975 hci_reset_req(req, 0);
977 /* Read Local Version */
978 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
980 /* Read BD Address */
981 if (hdev->set_bdaddr)
982 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
987 static int __hci_unconf_init(struct hci_dev *hdev)
991 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
994 err = __hci_req_sync(hdev, hci_init0_req, 0, HCI_INIT_TIMEOUT, NULL);
998 if (hci_dev_test_flag(hdev, HCI_SETUP))
999 hci_debugfs_create_basic(hdev);
1004 static int hci_scan_req(struct hci_request *req, unsigned long opt)
1008 BT_DBG("%s %x", req->hdev->name, scan);
1010 /* Inquiry and Page scans */
1011 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1015 static int hci_auth_req(struct hci_request *req, unsigned long opt)
1019 BT_DBG("%s %x", req->hdev->name, auth);
1021 /* Authentication */
1022 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
1026 static int hci_encrypt_req(struct hci_request *req, unsigned long opt)
1030 BT_DBG("%s %x", req->hdev->name, encrypt);
1033 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
1037 static int hci_linkpol_req(struct hci_request *req, unsigned long opt)
1039 __le16 policy = cpu_to_le16(opt);
1041 BT_DBG("%s %x", req->hdev->name, policy);
1043 /* Default link policy */
1044 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
1048 /* Get HCI device by index.
1049 * Device is held on return. */
1050 struct hci_dev *hci_dev_get(int index)
1052 struct hci_dev *hdev = NULL, *d;
1054 BT_DBG("%d", index);
1059 read_lock(&hci_dev_list_lock);
1060 list_for_each_entry(d, &hci_dev_list, list) {
1061 if (d->id == index) {
1062 hdev = hci_dev_hold(d);
1066 read_unlock(&hci_dev_list_lock);
1070 /* ---- Inquiry support ---- */
1072 bool hci_discovery_active(struct hci_dev *hdev)
1074 struct discovery_state *discov = &hdev->discovery;
1076 switch (discov->state) {
1077 case DISCOVERY_FINDING:
1078 case DISCOVERY_RESOLVING:
1086 void hci_discovery_set_state(struct hci_dev *hdev, int state)
1088 int old_state = hdev->discovery.state;
1090 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
1092 if (old_state == state)
1095 hdev->discovery.state = state;
1098 case DISCOVERY_STOPPED:
1099 hci_update_background_scan(hdev);
1101 if (old_state != DISCOVERY_STARTING)
1102 mgmt_discovering(hdev, 0);
1104 case DISCOVERY_STARTING:
1106 case DISCOVERY_FINDING:
1107 mgmt_discovering(hdev, 1);
1109 case DISCOVERY_RESOLVING:
1111 case DISCOVERY_STOPPING:
1116 void hci_inquiry_cache_flush(struct hci_dev *hdev)
1118 struct discovery_state *cache = &hdev->discovery;
1119 struct inquiry_entry *p, *n;
1121 list_for_each_entry_safe(p, n, &cache->all, all) {
1126 INIT_LIST_HEAD(&cache->unknown);
1127 INIT_LIST_HEAD(&cache->resolve);
1130 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
1133 struct discovery_state *cache = &hdev->discovery;
1134 struct inquiry_entry *e;
1136 BT_DBG("cache %p, %pMR", cache, bdaddr);
1138 list_for_each_entry(e, &cache->all, all) {
1139 if (!bacmp(&e->data.bdaddr, bdaddr))
1146 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
1149 struct discovery_state *cache = &hdev->discovery;
1150 struct inquiry_entry *e;
1152 BT_DBG("cache %p, %pMR", cache, bdaddr);
1154 list_for_each_entry(e, &cache->unknown, list) {
1155 if (!bacmp(&e->data.bdaddr, bdaddr))
1162 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
1166 struct discovery_state *cache = &hdev->discovery;
1167 struct inquiry_entry *e;
1169 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
1171 list_for_each_entry(e, &cache->resolve, list) {
1172 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
1174 if (!bacmp(&e->data.bdaddr, bdaddr))
1181 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
1182 struct inquiry_entry *ie)
1184 struct discovery_state *cache = &hdev->discovery;
1185 struct list_head *pos = &cache->resolve;
1186 struct inquiry_entry *p;
1188 list_del(&ie->list);
1190 list_for_each_entry(p, &cache->resolve, list) {
1191 if (p->name_state != NAME_PENDING &&
1192 abs(p->data.rssi) >= abs(ie->data.rssi))
1197 list_add(&ie->list, pos);
1200 u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
1203 struct discovery_state *cache = &hdev->discovery;
1204 struct inquiry_entry *ie;
1207 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
1209 hci_remove_remote_oob_data(hdev, &data->bdaddr, BDADDR_BREDR);
1211 if (!data->ssp_mode)
1212 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1214 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
1216 if (!ie->data.ssp_mode)
1217 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1219 if (ie->name_state == NAME_NEEDED &&
1220 data->rssi != ie->data.rssi) {
1221 ie->data.rssi = data->rssi;
1222 hci_inquiry_cache_update_resolve(hdev, ie);
1228 /* Entry not in the cache. Add new one. */
1229 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
1231 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1235 list_add(&ie->all, &cache->all);
1238 ie->name_state = NAME_KNOWN;
1240 ie->name_state = NAME_NOT_KNOWN;
1241 list_add(&ie->list, &cache->unknown);
1245 if (name_known && ie->name_state != NAME_KNOWN &&
1246 ie->name_state != NAME_PENDING) {
1247 ie->name_state = NAME_KNOWN;
1248 list_del(&ie->list);
1251 memcpy(&ie->data, data, sizeof(*data));
1252 ie->timestamp = jiffies;
1253 cache->timestamp = jiffies;
1255 if (ie->name_state == NAME_NOT_KNOWN)
1256 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1262 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
1264 struct discovery_state *cache = &hdev->discovery;
1265 struct inquiry_info *info = (struct inquiry_info *) buf;
1266 struct inquiry_entry *e;
1269 list_for_each_entry(e, &cache->all, all) {
1270 struct inquiry_data *data = &e->data;
1275 bacpy(&info->bdaddr, &data->bdaddr);
1276 info->pscan_rep_mode = data->pscan_rep_mode;
1277 info->pscan_period_mode = data->pscan_period_mode;
1278 info->pscan_mode = data->pscan_mode;
1279 memcpy(info->dev_class, data->dev_class, 3);
1280 info->clock_offset = data->clock_offset;
1286 BT_DBG("cache %p, copied %d", cache, copied);
1290 static int hci_inq_req(struct hci_request *req, unsigned long opt)
1292 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
1293 struct hci_dev *hdev = req->hdev;
1294 struct hci_cp_inquiry cp;
1296 BT_DBG("%s", hdev->name);
1298 if (test_bit(HCI_INQUIRY, &hdev->flags))
1302 memcpy(&cp.lap, &ir->lap, 3);
1303 cp.length = ir->length;
1304 cp.num_rsp = ir->num_rsp;
1305 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
1310 int hci_inquiry(void __user *arg)
1312 __u8 __user *ptr = arg;
1313 struct hci_inquiry_req ir;
1314 struct hci_dev *hdev;
1315 int err = 0, do_inquiry = 0, max_rsp;
1319 if (copy_from_user(&ir, ptr, sizeof(ir)))
1322 hdev = hci_dev_get(ir.dev_id);
1326 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1331 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1336 if (hdev->dev_type != HCI_PRIMARY) {
1341 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1347 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
1348 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
1349 hci_inquiry_cache_flush(hdev);
1352 hci_dev_unlock(hdev);
1354 timeo = ir.length * msecs_to_jiffies(2000);
1357 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
1362 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
1363 * cleared). If it is interrupted by a signal, return -EINTR.
1365 if (wait_on_bit(&hdev->flags, HCI_INQUIRY,
1366 TASK_INTERRUPTIBLE)) {
1372 /* for unlimited number of responses we will use buffer with
1375 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
1377 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
1378 * copy it to the user space.
1380 buf = kmalloc_array(max_rsp, sizeof(struct inquiry_info), GFP_KERNEL);
1387 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
1388 hci_dev_unlock(hdev);
1390 BT_DBG("num_rsp %d", ir.num_rsp);
1392 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
1394 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
1408 * hci_dev_get_bd_addr_from_property - Get the Bluetooth Device Address
1409 * (BD_ADDR) for a HCI device from
1410 * a firmware node property.
1411 * @hdev: The HCI device
1413 * Search the firmware node for 'local-bd-address'.
1415 * All-zero BD addresses are rejected, because those could be properties
1416 * that exist in the firmware tables, but were not updated by the firmware. For
1417 * example, the DTS could define 'local-bd-address', with zero BD addresses.
1419 static void hci_dev_get_bd_addr_from_property(struct hci_dev *hdev)
1421 struct fwnode_handle *fwnode = dev_fwnode(hdev->dev.parent);
1425 ret = fwnode_property_read_u8_array(fwnode, "local-bd-address",
1426 (u8 *)&ba, sizeof(ba));
1427 if (ret < 0 || !bacmp(&ba, BDADDR_ANY))
1430 bacpy(&hdev->public_addr, &ba);
1433 static int hci_dev_do_open(struct hci_dev *hdev)
1437 BT_DBG("%s %p", hdev->name, hdev);
1439 hci_req_sync_lock(hdev);
1441 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) {
1446 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1447 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
1448 /* Check for rfkill but allow the HCI setup stage to
1449 * proceed (which in itself doesn't cause any RF activity).
1451 if (hci_dev_test_flag(hdev, HCI_RFKILLED)) {
1456 /* Check for valid public address or a configured static
1457 * random adddress, but let the HCI setup proceed to
1458 * be able to determine if there is a public address
1461 * In case of user channel usage, it is not important
1462 * if a public address or static random address is
1465 * This check is only valid for BR/EDR controllers
1466 * since AMP controllers do not have an address.
1468 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1469 hdev->dev_type == HCI_PRIMARY &&
1470 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
1471 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
1472 ret = -EADDRNOTAVAIL;
1477 if (test_bit(HCI_UP, &hdev->flags)) {
1482 if (hdev->open(hdev)) {
1487 set_bit(HCI_RUNNING, &hdev->flags);
1488 hci_sock_dev_event(hdev, HCI_DEV_OPEN);
1490 atomic_set(&hdev->cmd_cnt, 1);
1491 set_bit(HCI_INIT, &hdev->flags);
1493 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
1494 test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks)) {
1495 bool invalid_bdaddr;
1497 hci_sock_dev_event(hdev, HCI_DEV_SETUP);
1500 ret = hdev->setup(hdev);
1502 /* The transport driver can set the quirk to mark the
1503 * BD_ADDR invalid before creating the HCI device or in
1504 * its setup callback.
1506 invalid_bdaddr = test_bit(HCI_QUIRK_INVALID_BDADDR,
1512 if (test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) {
1513 if (!bacmp(&hdev->public_addr, BDADDR_ANY))
1514 hci_dev_get_bd_addr_from_property(hdev);
1516 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
1518 ret = hdev->set_bdaddr(hdev,
1519 &hdev->public_addr);
1521 /* If setting of the BD_ADDR from the device
1522 * property succeeds, then treat the address
1523 * as valid even if the invalid BD_ADDR
1524 * quirk indicates otherwise.
1527 invalid_bdaddr = false;
1532 /* The transport driver can set these quirks before
1533 * creating the HCI device or in its setup callback.
1535 * For the invalid BD_ADDR quirk it is possible that
1536 * it becomes a valid address if the bootloader does
1537 * provide it (see above).
1539 * In case any of them is set, the controller has to
1540 * start up as unconfigured.
1542 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
1544 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
1546 /* For an unconfigured controller it is required to
1547 * read at least the version information provided by
1548 * the Read Local Version Information command.
1550 * If the set_bdaddr driver callback is provided, then
1551 * also the original Bluetooth public device address
1552 * will be read using the Read BD Address command.
1554 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
1555 ret = __hci_unconf_init(hdev);
1558 if (hci_dev_test_flag(hdev, HCI_CONFIG)) {
1559 /* If public address change is configured, ensure that
1560 * the address gets programmed. If the driver does not
1561 * support changing the public address, fail the power
1564 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
1566 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
1568 ret = -EADDRNOTAVAIL;
1572 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1573 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1574 ret = __hci_init(hdev);
1575 if (!ret && hdev->post_init)
1576 ret = hdev->post_init(hdev);
1580 /* If the HCI Reset command is clearing all diagnostic settings,
1581 * then they need to be reprogrammed after the init procedure
1584 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
1585 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1586 hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) && hdev->set_diag)
1587 ret = hdev->set_diag(hdev, true);
1592 clear_bit(HCI_INIT, &hdev->flags);
1596 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1597 hci_adv_instances_set_rpa_expired(hdev, true);
1598 set_bit(HCI_UP, &hdev->flags);
1599 hci_sock_dev_event(hdev, HCI_DEV_UP);
1600 hci_leds_update_powered(hdev, true);
1601 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1602 !hci_dev_test_flag(hdev, HCI_CONFIG) &&
1603 !hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1604 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1605 hci_dev_test_flag(hdev, HCI_MGMT) &&
1606 hdev->dev_type == HCI_PRIMARY) {
1607 ret = __hci_req_hci_power_on(hdev);
1608 mgmt_power_on(hdev, ret);
1611 /* Init failed, cleanup */
1612 flush_work(&hdev->tx_work);
1613 flush_work(&hdev->cmd_work);
1614 flush_work(&hdev->rx_work);
1616 skb_queue_purge(&hdev->cmd_q);
1617 skb_queue_purge(&hdev->rx_q);
1622 if (hdev->sent_cmd) {
1623 kfree_skb(hdev->sent_cmd);
1624 hdev->sent_cmd = NULL;
1627 clear_bit(HCI_RUNNING, &hdev->flags);
1628 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
1631 hdev->flags &= BIT(HCI_RAW);
1635 hci_req_sync_unlock(hdev);
1639 /* ---- HCI ioctl helpers ---- */
1641 int hci_dev_open(__u16 dev)
1643 struct hci_dev *hdev;
1646 hdev = hci_dev_get(dev);
1650 /* Devices that are marked as unconfigured can only be powered
1651 * up as user channel. Trying to bring them up as normal devices
1652 * will result into a failure. Only user channel operation is
1655 * When this function is called for a user channel, the flag
1656 * HCI_USER_CHANNEL will be set first before attempting to
1659 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1660 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1665 /* We need to ensure that no other power on/off work is pending
1666 * before proceeding to call hci_dev_do_open. This is
1667 * particularly important if the setup procedure has not yet
1670 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1671 cancel_delayed_work(&hdev->power_off);
1673 /* After this call it is guaranteed that the setup procedure
1674 * has finished. This means that error conditions like RFKILL
1675 * or no valid public or static random address apply.
1677 flush_workqueue(hdev->req_workqueue);
1679 /* For controllers not using the management interface and that
1680 * are brought up using legacy ioctl, set the HCI_BONDABLE bit
1681 * so that pairing works for them. Once the management interface
1682 * is in use this bit will be cleared again and userspace has
1683 * to explicitly enable it.
1685 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1686 !hci_dev_test_flag(hdev, HCI_MGMT))
1687 hci_dev_set_flag(hdev, HCI_BONDABLE);
1689 err = hci_dev_do_open(hdev);
1696 /* This function requires the caller holds hdev->lock */
1697 static void hci_pend_le_actions_clear(struct hci_dev *hdev)
1699 struct hci_conn_params *p;
1701 list_for_each_entry(p, &hdev->le_conn_params, list) {
1703 hci_conn_drop(p->conn);
1704 hci_conn_put(p->conn);
1707 list_del_init(&p->action);
1710 BT_DBG("All LE pending actions cleared");
1713 int hci_dev_do_close(struct hci_dev *hdev)
1717 BT_DBG("%s %p", hdev->name, hdev);
1719 if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) &&
1720 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1721 test_bit(HCI_UP, &hdev->flags)) {
1722 /* Execute vendor specific shutdown routine */
1724 hdev->shutdown(hdev);
1727 cancel_delayed_work(&hdev->power_off);
1729 hci_request_cancel_all(hdev);
1730 hci_req_sync_lock(hdev);
1732 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
1733 cancel_delayed_work_sync(&hdev->cmd_timer);
1734 hci_req_sync_unlock(hdev);
1738 hci_leds_update_powered(hdev, false);
1740 /* Flush RX and TX works */
1741 flush_work(&hdev->tx_work);
1742 flush_work(&hdev->rx_work);
1744 if (hdev->discov_timeout > 0) {
1745 hdev->discov_timeout = 0;
1746 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1747 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1750 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1751 cancel_delayed_work(&hdev->service_cache);
1753 if (hci_dev_test_flag(hdev, HCI_MGMT)) {
1754 struct adv_info *adv_instance;
1756 cancel_delayed_work_sync(&hdev->rpa_expired);
1758 list_for_each_entry(adv_instance, &hdev->adv_instances, list)
1759 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
1762 /* Avoid potential lockdep warnings from the *_flush() calls by
1763 * ensuring the workqueue is empty up front.
1765 drain_workqueue(hdev->workqueue);
1769 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1771 auto_off = hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF);
1773 if (!auto_off && hdev->dev_type == HCI_PRIMARY &&
1774 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1775 hci_dev_test_flag(hdev, HCI_MGMT))
1776 __mgmt_power_off(hdev);
1778 hci_inquiry_cache_flush(hdev);
1779 hci_pend_le_actions_clear(hdev);
1780 hci_conn_hash_flush(hdev);
1781 hci_dev_unlock(hdev);
1783 smp_unregister(hdev);
1785 hci_sock_dev_event(hdev, HCI_DEV_DOWN);
1787 aosp_do_close(hdev);
1788 msft_do_close(hdev);
1794 skb_queue_purge(&hdev->cmd_q);
1795 atomic_set(&hdev->cmd_cnt, 1);
1796 if (test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks) &&
1797 !auto_off && !hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1798 set_bit(HCI_INIT, &hdev->flags);
1799 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT, NULL);
1800 clear_bit(HCI_INIT, &hdev->flags);
1803 /* flush cmd work */
1804 flush_work(&hdev->cmd_work);
1807 skb_queue_purge(&hdev->rx_q);
1808 skb_queue_purge(&hdev->cmd_q);
1809 skb_queue_purge(&hdev->raw_q);
1811 /* Drop last sent command */
1812 if (hdev->sent_cmd) {
1813 cancel_delayed_work_sync(&hdev->cmd_timer);
1814 kfree_skb(hdev->sent_cmd);
1815 hdev->sent_cmd = NULL;
1818 clear_bit(HCI_RUNNING, &hdev->flags);
1819 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
1821 if (test_and_clear_bit(SUSPEND_POWERING_DOWN, hdev->suspend_tasks))
1822 wake_up(&hdev->suspend_wait_q);
1824 /* After this point our queues are empty
1825 * and no tasks are scheduled. */
1829 hdev->flags &= BIT(HCI_RAW);
1830 hci_dev_clear_volatile_flags(hdev);
1832 /* Controller radio is available but is currently powered down */
1833 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
1835 memset(hdev->eir, 0, sizeof(hdev->eir));
1836 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
1837 bacpy(&hdev->random_addr, BDADDR_ANY);
1839 hci_req_sync_unlock(hdev);
1845 int hci_dev_close(__u16 dev)
1847 struct hci_dev *hdev;
1850 hdev = hci_dev_get(dev);
1854 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1859 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1860 cancel_delayed_work(&hdev->power_off);
1862 err = hci_dev_do_close(hdev);
1869 static int hci_dev_do_reset(struct hci_dev *hdev)
1873 BT_DBG("%s %p", hdev->name, hdev);
1875 hci_req_sync_lock(hdev);
1878 skb_queue_purge(&hdev->rx_q);
1879 skb_queue_purge(&hdev->cmd_q);
1881 /* Avoid potential lockdep warnings from the *_flush() calls by
1882 * ensuring the workqueue is empty up front.
1884 drain_workqueue(hdev->workqueue);
1887 hci_inquiry_cache_flush(hdev);
1888 hci_conn_hash_flush(hdev);
1889 hci_dev_unlock(hdev);
1894 atomic_set(&hdev->cmd_cnt, 1);
1895 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
1897 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT, NULL);
1899 hci_req_sync_unlock(hdev);
1903 int hci_dev_reset(__u16 dev)
1905 struct hci_dev *hdev;
1908 hdev = hci_dev_get(dev);
1912 if (!test_bit(HCI_UP, &hdev->flags)) {
1917 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1922 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1927 err = hci_dev_do_reset(hdev);
1934 int hci_dev_reset_stat(__u16 dev)
1936 struct hci_dev *hdev;
1939 hdev = hci_dev_get(dev);
1943 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1948 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1953 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1960 static void hci_update_scan_state(struct hci_dev *hdev, u8 scan)
1962 bool conn_changed, discov_changed;
1964 BT_DBG("%s scan 0x%02x", hdev->name, scan);
1966 if ((scan & SCAN_PAGE))
1967 conn_changed = !hci_dev_test_and_set_flag(hdev,
1970 conn_changed = hci_dev_test_and_clear_flag(hdev,
1973 if ((scan & SCAN_INQUIRY)) {
1974 discov_changed = !hci_dev_test_and_set_flag(hdev,
1977 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1978 discov_changed = hci_dev_test_and_clear_flag(hdev,
1982 if (!hci_dev_test_flag(hdev, HCI_MGMT))
1985 if (conn_changed || discov_changed) {
1986 /* In case this was disabled through mgmt */
1987 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
1989 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1990 hci_req_update_adv_data(hdev, hdev->cur_adv_instance);
1992 mgmt_new_settings(hdev);
1996 int hci_dev_cmd(unsigned int cmd, void __user *arg)
1998 struct hci_dev *hdev;
1999 struct hci_dev_req dr;
2002 if (copy_from_user(&dr, arg, sizeof(dr)))
2005 hdev = hci_dev_get(dr.dev_id);
2009 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
2014 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
2019 if (hdev->dev_type != HCI_PRIMARY) {
2024 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2031 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2032 HCI_INIT_TIMEOUT, NULL);
2036 if (!lmp_encrypt_capable(hdev)) {
2041 if (!test_bit(HCI_AUTH, &hdev->flags)) {
2042 /* Auth must be enabled first */
2043 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2044 HCI_INIT_TIMEOUT, NULL);
2049 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
2050 HCI_INIT_TIMEOUT, NULL);
2054 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
2055 HCI_INIT_TIMEOUT, NULL);
2057 /* Ensure that the connectable and discoverable states
2058 * get correctly modified as this was a non-mgmt change.
2061 hci_update_scan_state(hdev, dr.dev_opt);
2065 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
2066 HCI_INIT_TIMEOUT, NULL);
2069 case HCISETLINKMODE:
2070 hdev->link_mode = ((__u16) dr.dev_opt) &
2071 (HCI_LM_MASTER | HCI_LM_ACCEPT);
2075 if (hdev->pkt_type == (__u16) dr.dev_opt)
2078 hdev->pkt_type = (__u16) dr.dev_opt;
2079 mgmt_phy_configuration_changed(hdev, NULL);
2083 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
2084 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
2088 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
2089 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
2102 int hci_get_dev_list(void __user *arg)
2104 struct hci_dev *hdev;
2105 struct hci_dev_list_req *dl;
2106 struct hci_dev_req *dr;
2107 int n = 0, size, err;
2110 if (get_user(dev_num, (__u16 __user *) arg))
2113 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
2116 size = sizeof(*dl) + dev_num * sizeof(*dr);
2118 dl = kzalloc(size, GFP_KERNEL);
2124 read_lock(&hci_dev_list_lock);
2125 list_for_each_entry(hdev, &hci_dev_list, list) {
2126 unsigned long flags = hdev->flags;
2128 /* When the auto-off is configured it means the transport
2129 * is running, but in that case still indicate that the
2130 * device is actually down.
2132 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
2133 flags &= ~BIT(HCI_UP);
2135 (dr + n)->dev_id = hdev->id;
2136 (dr + n)->dev_opt = flags;
2141 read_unlock(&hci_dev_list_lock);
2144 size = sizeof(*dl) + n * sizeof(*dr);
2146 err = copy_to_user(arg, dl, size);
2149 return err ? -EFAULT : 0;
2152 int hci_get_dev_info(void __user *arg)
2154 struct hci_dev *hdev;
2155 struct hci_dev_info di;
2156 unsigned long flags;
2159 if (copy_from_user(&di, arg, sizeof(di)))
2162 hdev = hci_dev_get(di.dev_id);
2166 /* When the auto-off is configured it means the transport
2167 * is running, but in that case still indicate that the
2168 * device is actually down.
2170 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
2171 flags = hdev->flags & ~BIT(HCI_UP);
2173 flags = hdev->flags;
2175 strcpy(di.name, hdev->name);
2176 di.bdaddr = hdev->bdaddr;
2177 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
2179 di.pkt_type = hdev->pkt_type;
2180 if (lmp_bredr_capable(hdev)) {
2181 di.acl_mtu = hdev->acl_mtu;
2182 di.acl_pkts = hdev->acl_pkts;
2183 di.sco_mtu = hdev->sco_mtu;
2184 di.sco_pkts = hdev->sco_pkts;
2186 di.acl_mtu = hdev->le_mtu;
2187 di.acl_pkts = hdev->le_pkts;
2191 di.link_policy = hdev->link_policy;
2192 di.link_mode = hdev->link_mode;
2194 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
2195 memcpy(&di.features, &hdev->features, sizeof(di.features));
2197 if (copy_to_user(arg, &di, sizeof(di)))
2205 /* ---- Interface to HCI drivers ---- */
2207 static int hci_rfkill_set_block(void *data, bool blocked)
2209 struct hci_dev *hdev = data;
2211 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
2213 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
2217 hci_dev_set_flag(hdev, HCI_RFKILLED);
2218 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
2219 !hci_dev_test_flag(hdev, HCI_CONFIG))
2220 hci_dev_do_close(hdev);
2222 hci_dev_clear_flag(hdev, HCI_RFKILLED);
2228 static const struct rfkill_ops hci_rfkill_ops = {
2229 .set_block = hci_rfkill_set_block,
2232 static void hci_power_on(struct work_struct *work)
2234 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
2237 BT_DBG("%s", hdev->name);
2239 if (test_bit(HCI_UP, &hdev->flags) &&
2240 hci_dev_test_flag(hdev, HCI_MGMT) &&
2241 hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
2242 cancel_delayed_work(&hdev->power_off);
2243 hci_req_sync_lock(hdev);
2244 err = __hci_req_hci_power_on(hdev);
2245 hci_req_sync_unlock(hdev);
2246 mgmt_power_on(hdev, err);
2250 err = hci_dev_do_open(hdev);
2253 mgmt_set_powered_failed(hdev, err);
2254 hci_dev_unlock(hdev);
2258 /* During the HCI setup phase, a few error conditions are
2259 * ignored and they need to be checked now. If they are still
2260 * valid, it is important to turn the device back off.
2262 if (hci_dev_test_flag(hdev, HCI_RFKILLED) ||
2263 hci_dev_test_flag(hdev, HCI_UNCONFIGURED) ||
2264 (hdev->dev_type == HCI_PRIMARY &&
2265 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2266 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
2267 hci_dev_clear_flag(hdev, HCI_AUTO_OFF);
2268 hci_dev_do_close(hdev);
2269 } else if (hci_dev_test_flag(hdev, HCI_AUTO_OFF)) {
2270 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
2271 HCI_AUTO_OFF_TIMEOUT);
2274 if (hci_dev_test_and_clear_flag(hdev, HCI_SETUP)) {
2275 /* For unconfigured devices, set the HCI_RAW flag
2276 * so that userspace can easily identify them.
2278 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2279 set_bit(HCI_RAW, &hdev->flags);
2281 /* For fully configured devices, this will send
2282 * the Index Added event. For unconfigured devices,
2283 * it will send Unconfigued Index Added event.
2285 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
2286 * and no event will be send.
2288 mgmt_index_added(hdev);
2289 } else if (hci_dev_test_and_clear_flag(hdev, HCI_CONFIG)) {
2290 /* When the controller is now configured, then it
2291 * is important to clear the HCI_RAW flag.
2293 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2294 clear_bit(HCI_RAW, &hdev->flags);
2296 /* Powering on the controller with HCI_CONFIG set only
2297 * happens with the transition from unconfigured to
2298 * configured. This will send the Index Added event.
2300 mgmt_index_added(hdev);
2304 static void hci_power_off(struct work_struct *work)
2306 struct hci_dev *hdev = container_of(work, struct hci_dev,
2309 BT_DBG("%s", hdev->name);
2311 hci_dev_do_close(hdev);
2314 static void hci_error_reset(struct work_struct *work)
2316 struct hci_dev *hdev = container_of(work, struct hci_dev, error_reset);
2318 BT_DBG("%s", hdev->name);
2321 hdev->hw_error(hdev, hdev->hw_error_code);
2323 bt_dev_err(hdev, "hardware error 0x%2.2x", hdev->hw_error_code);
2325 if (hci_dev_do_close(hdev))
2328 hci_dev_do_open(hdev);
2331 void hci_uuids_clear(struct hci_dev *hdev)
2333 struct bt_uuid *uuid, *tmp;
2335 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
2336 list_del(&uuid->list);
2341 void hci_link_keys_clear(struct hci_dev *hdev)
2343 struct link_key *key;
2345 list_for_each_entry(key, &hdev->link_keys, list) {
2346 list_del_rcu(&key->list);
2347 kfree_rcu(key, rcu);
2351 void hci_smp_ltks_clear(struct hci_dev *hdev)
2355 list_for_each_entry(k, &hdev->long_term_keys, list) {
2356 list_del_rcu(&k->list);
2361 void hci_smp_irks_clear(struct hci_dev *hdev)
2365 list_for_each_entry(k, &hdev->identity_resolving_keys, list) {
2366 list_del_rcu(&k->list);
2371 void hci_blocked_keys_clear(struct hci_dev *hdev)
2373 struct blocked_key *b;
2375 list_for_each_entry(b, &hdev->blocked_keys, list) {
2376 list_del_rcu(&b->list);
2381 bool hci_is_blocked_key(struct hci_dev *hdev, u8 type, u8 val[16])
2383 bool blocked = false;
2384 struct blocked_key *b;
2387 list_for_each_entry_rcu(b, &hdev->blocked_keys, list) {
2388 if (b->type == type && !memcmp(b->val, val, sizeof(b->val))) {
2398 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2403 list_for_each_entry_rcu(k, &hdev->link_keys, list) {
2404 if (bacmp(bdaddr, &k->bdaddr) == 0) {
2407 if (hci_is_blocked_key(hdev,
2408 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2410 bt_dev_warn_ratelimited(hdev,
2411 "Link key blocked for %pMR",
2424 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
2425 u8 key_type, u8 old_key_type)
2428 if (key_type < 0x03)
2431 /* Debug keys are insecure so don't store them persistently */
2432 if (key_type == HCI_LK_DEBUG_COMBINATION)
2435 /* Changed combination key and there's no previous one */
2436 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
2439 /* Security mode 3 case */
2443 /* BR/EDR key derived using SC from an LE link */
2444 if (conn->type == LE_LINK)
2447 /* Neither local nor remote side had no-bonding as requirement */
2448 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
2451 /* Local side had dedicated bonding as requirement */
2452 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
2455 /* Remote side had dedicated bonding as requirement */
2456 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
2459 /* If none of the above criteria match, then don't store the key
2464 static u8 ltk_role(u8 type)
2466 if (type == SMP_LTK)
2467 return HCI_ROLE_MASTER;
2469 return HCI_ROLE_SLAVE;
2472 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2473 u8 addr_type, u8 role)
2478 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2479 if (addr_type != k->bdaddr_type || bacmp(bdaddr, &k->bdaddr))
2482 if (smp_ltk_is_sc(k) || ltk_role(k->type) == role) {
2485 if (hci_is_blocked_key(hdev, HCI_BLOCKED_KEY_TYPE_LTK,
2487 bt_dev_warn_ratelimited(hdev,
2488 "LTK blocked for %pMR",
2501 struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa)
2503 struct smp_irk *irk_to_return = NULL;
2504 struct smp_irk *irk;
2507 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2508 if (!bacmp(&irk->rpa, rpa)) {
2509 irk_to_return = irk;
2514 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2515 if (smp_irk_matches(hdev, irk->val, rpa)) {
2516 bacpy(&irk->rpa, rpa);
2517 irk_to_return = irk;
2523 if (irk_to_return && hci_is_blocked_key(hdev, HCI_BLOCKED_KEY_TYPE_IRK,
2524 irk_to_return->val)) {
2525 bt_dev_warn_ratelimited(hdev, "Identity key blocked for %pMR",
2526 &irk_to_return->bdaddr);
2527 irk_to_return = NULL;
2532 return irk_to_return;
2535 struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
2538 struct smp_irk *irk_to_return = NULL;
2539 struct smp_irk *irk;
2541 /* Identity Address must be public or static random */
2542 if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0)
2546 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2547 if (addr_type == irk->addr_type &&
2548 bacmp(bdaddr, &irk->bdaddr) == 0) {
2549 irk_to_return = irk;
2556 if (irk_to_return && hci_is_blocked_key(hdev, HCI_BLOCKED_KEY_TYPE_IRK,
2557 irk_to_return->val)) {
2558 bt_dev_warn_ratelimited(hdev, "Identity key blocked for %pMR",
2559 &irk_to_return->bdaddr);
2560 irk_to_return = NULL;
2565 return irk_to_return;
2568 struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
2569 bdaddr_t *bdaddr, u8 *val, u8 type,
2570 u8 pin_len, bool *persistent)
2572 struct link_key *key, *old_key;
2575 old_key = hci_find_link_key(hdev, bdaddr);
2577 old_key_type = old_key->type;
2580 old_key_type = conn ? conn->key_type : 0xff;
2581 key = kzalloc(sizeof(*key), GFP_KERNEL);
2584 list_add_rcu(&key->list, &hdev->link_keys);
2587 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
2589 /* Some buggy controller combinations generate a changed
2590 * combination key for legacy pairing even when there's no
2592 if (type == HCI_LK_CHANGED_COMBINATION &&
2593 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
2594 type = HCI_LK_COMBINATION;
2596 conn->key_type = type;
2599 bacpy(&key->bdaddr, bdaddr);
2600 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
2601 key->pin_len = pin_len;
2603 if (type == HCI_LK_CHANGED_COMBINATION)
2604 key->type = old_key_type;
2609 *persistent = hci_persistent_key(hdev, conn, type,
2615 struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2616 u8 addr_type, u8 type, u8 authenticated,
2617 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
2619 struct smp_ltk *key, *old_key;
2620 u8 role = ltk_role(type);
2622 old_key = hci_find_ltk(hdev, bdaddr, addr_type, role);
2626 key = kzalloc(sizeof(*key), GFP_KERNEL);
2629 list_add_rcu(&key->list, &hdev->long_term_keys);
2632 bacpy(&key->bdaddr, bdaddr);
2633 key->bdaddr_type = addr_type;
2634 memcpy(key->val, tk, sizeof(key->val));
2635 key->authenticated = authenticated;
2638 key->enc_size = enc_size;
2644 struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2645 u8 addr_type, u8 val[16], bdaddr_t *rpa)
2647 struct smp_irk *irk;
2649 irk = hci_find_irk_by_addr(hdev, bdaddr, addr_type);
2651 irk = kzalloc(sizeof(*irk), GFP_KERNEL);
2655 bacpy(&irk->bdaddr, bdaddr);
2656 irk->addr_type = addr_type;
2658 list_add_rcu(&irk->list, &hdev->identity_resolving_keys);
2661 memcpy(irk->val, val, 16);
2662 bacpy(&irk->rpa, rpa);
2667 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2669 struct link_key *key;
2671 key = hci_find_link_key(hdev, bdaddr);
2675 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2677 list_del_rcu(&key->list);
2678 kfree_rcu(key, rcu);
2683 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
2688 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2689 if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type)
2692 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2694 list_del_rcu(&k->list);
2699 return removed ? 0 : -ENOENT;
2702 void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
2706 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
2707 if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type)
2710 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2712 list_del_rcu(&k->list);
2717 bool hci_bdaddr_is_paired(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2720 struct smp_irk *irk;
2723 if (type == BDADDR_BREDR) {
2724 if (hci_find_link_key(hdev, bdaddr))
2729 /* Convert to HCI addr type which struct smp_ltk uses */
2730 if (type == BDADDR_LE_PUBLIC)
2731 addr_type = ADDR_LE_DEV_PUBLIC;
2733 addr_type = ADDR_LE_DEV_RANDOM;
2735 irk = hci_get_irk(hdev, bdaddr, addr_type);
2737 bdaddr = &irk->bdaddr;
2738 addr_type = irk->addr_type;
2742 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2743 if (k->bdaddr_type == addr_type && !bacmp(bdaddr, &k->bdaddr)) {
2753 /* HCI command timer function */
2754 static void hci_cmd_timeout(struct work_struct *work)
2756 struct hci_dev *hdev = container_of(work, struct hci_dev,
2759 if (hdev->sent_cmd) {
2760 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
2761 u16 opcode = __le16_to_cpu(sent->opcode);
2763 bt_dev_err(hdev, "command 0x%4.4x tx timeout", opcode);
2765 bt_dev_err(hdev, "command tx timeout");
2768 if (hdev->cmd_timeout)
2769 hdev->cmd_timeout(hdev);
2771 atomic_set(&hdev->cmd_cnt, 1);
2772 queue_work(hdev->workqueue, &hdev->cmd_work);
2775 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
2776 bdaddr_t *bdaddr, u8 bdaddr_type)
2778 struct oob_data *data;
2780 list_for_each_entry(data, &hdev->remote_oob_data, list) {
2781 if (bacmp(bdaddr, &data->bdaddr) != 0)
2783 if (data->bdaddr_type != bdaddr_type)
2791 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2794 struct oob_data *data;
2796 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2800 BT_DBG("%s removing %pMR (%u)", hdev->name, bdaddr, bdaddr_type);
2802 list_del(&data->list);
2808 void hci_remote_oob_data_clear(struct hci_dev *hdev)
2810 struct oob_data *data, *n;
2812 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
2813 list_del(&data->list);
2818 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2819 u8 bdaddr_type, u8 *hash192, u8 *rand192,
2820 u8 *hash256, u8 *rand256)
2822 struct oob_data *data;
2824 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2826 data = kmalloc(sizeof(*data), GFP_KERNEL);
2830 bacpy(&data->bdaddr, bdaddr);
2831 data->bdaddr_type = bdaddr_type;
2832 list_add(&data->list, &hdev->remote_oob_data);
2835 if (hash192 && rand192) {
2836 memcpy(data->hash192, hash192, sizeof(data->hash192));
2837 memcpy(data->rand192, rand192, sizeof(data->rand192));
2838 if (hash256 && rand256)
2839 data->present = 0x03;
2841 memset(data->hash192, 0, sizeof(data->hash192));
2842 memset(data->rand192, 0, sizeof(data->rand192));
2843 if (hash256 && rand256)
2844 data->present = 0x02;
2846 data->present = 0x00;
2849 if (hash256 && rand256) {
2850 memcpy(data->hash256, hash256, sizeof(data->hash256));
2851 memcpy(data->rand256, rand256, sizeof(data->rand256));
2853 memset(data->hash256, 0, sizeof(data->hash256));
2854 memset(data->rand256, 0, sizeof(data->rand256));
2855 if (hash192 && rand192)
2856 data->present = 0x01;
2859 BT_DBG("%s for %pMR", hdev->name, bdaddr);
2864 /* This function requires the caller holds hdev->lock */
2865 struct adv_info *hci_find_adv_instance(struct hci_dev *hdev, u8 instance)
2867 struct adv_info *adv_instance;
2869 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
2870 if (adv_instance->instance == instance)
2871 return adv_instance;
2877 /* This function requires the caller holds hdev->lock */
2878 struct adv_info *hci_get_next_instance(struct hci_dev *hdev, u8 instance)
2880 struct adv_info *cur_instance;
2882 cur_instance = hci_find_adv_instance(hdev, instance);
2886 if (cur_instance == list_last_entry(&hdev->adv_instances,
2887 struct adv_info, list))
2888 return list_first_entry(&hdev->adv_instances,
2889 struct adv_info, list);
2891 return list_next_entry(cur_instance, list);
2894 /* This function requires the caller holds hdev->lock */
2895 int hci_remove_adv_instance(struct hci_dev *hdev, u8 instance)
2897 struct adv_info *adv_instance;
2899 adv_instance = hci_find_adv_instance(hdev, instance);
2903 BT_DBG("%s removing %dMR", hdev->name, instance);
2905 if (hdev->cur_adv_instance == instance) {
2906 if (hdev->adv_instance_timeout) {
2907 cancel_delayed_work(&hdev->adv_instance_expire);
2908 hdev->adv_instance_timeout = 0;
2910 hdev->cur_adv_instance = 0x00;
2913 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
2915 list_del(&adv_instance->list);
2916 kfree(adv_instance);
2918 hdev->adv_instance_cnt--;
2923 void hci_adv_instances_set_rpa_expired(struct hci_dev *hdev, bool rpa_expired)
2925 struct adv_info *adv_instance, *n;
2927 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list)
2928 adv_instance->rpa_expired = rpa_expired;
2931 /* This function requires the caller holds hdev->lock */
2932 void hci_adv_instances_clear(struct hci_dev *hdev)
2934 struct adv_info *adv_instance, *n;
2936 if (hdev->adv_instance_timeout) {
2937 cancel_delayed_work(&hdev->adv_instance_expire);
2938 hdev->adv_instance_timeout = 0;
2941 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
2942 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
2943 list_del(&adv_instance->list);
2944 kfree(adv_instance);
2947 hdev->adv_instance_cnt = 0;
2948 hdev->cur_adv_instance = 0x00;
2951 static void adv_instance_rpa_expired(struct work_struct *work)
2953 struct adv_info *adv_instance = container_of(work, struct adv_info,
2954 rpa_expired_cb.work);
2958 adv_instance->rpa_expired = true;
2961 /* This function requires the caller holds hdev->lock */
2962 int hci_add_adv_instance(struct hci_dev *hdev, u8 instance, u32 flags,
2963 u16 adv_data_len, u8 *adv_data,
2964 u16 scan_rsp_len, u8 *scan_rsp_data,
2965 u16 timeout, u16 duration, s8 tx_power,
2966 u32 min_interval, u32 max_interval)
2968 struct adv_info *adv_instance;
2970 adv_instance = hci_find_adv_instance(hdev, instance);
2972 memset(adv_instance->adv_data, 0,
2973 sizeof(adv_instance->adv_data));
2974 memset(adv_instance->scan_rsp_data, 0,
2975 sizeof(adv_instance->scan_rsp_data));
2977 if (hdev->adv_instance_cnt >= hdev->le_num_of_adv_sets ||
2978 instance < 1 || instance > hdev->le_num_of_adv_sets)
2981 adv_instance = kzalloc(sizeof(*adv_instance), GFP_KERNEL);
2985 adv_instance->pending = true;
2986 adv_instance->instance = instance;
2987 list_add(&adv_instance->list, &hdev->adv_instances);
2988 hdev->adv_instance_cnt++;
2991 adv_instance->flags = flags;
2992 adv_instance->adv_data_len = adv_data_len;
2993 adv_instance->scan_rsp_len = scan_rsp_len;
2994 adv_instance->min_interval = min_interval;
2995 adv_instance->max_interval = max_interval;
2996 adv_instance->tx_power = tx_power;
2999 memcpy(adv_instance->adv_data, adv_data, adv_data_len);
3002 memcpy(adv_instance->scan_rsp_data,
3003 scan_rsp_data, scan_rsp_len);
3005 adv_instance->timeout = timeout;
3006 adv_instance->remaining_time = timeout;
3009 adv_instance->duration = hdev->def_multi_adv_rotation_duration;
3011 adv_instance->duration = duration;
3013 INIT_DELAYED_WORK(&adv_instance->rpa_expired_cb,
3014 adv_instance_rpa_expired);
3016 BT_DBG("%s for %dMR", hdev->name, instance);
3021 /* This function requires the caller holds hdev->lock */
3022 int hci_set_adv_instance_data(struct hci_dev *hdev, u8 instance,
3023 u16 adv_data_len, u8 *adv_data,
3024 u16 scan_rsp_len, u8 *scan_rsp_data)
3026 struct adv_info *adv_instance;
3028 adv_instance = hci_find_adv_instance(hdev, instance);
3030 /* If advertisement doesn't exist, we can't modify its data */
3035 memset(adv_instance->adv_data, 0,
3036 sizeof(adv_instance->adv_data));
3037 memcpy(adv_instance->adv_data, adv_data, adv_data_len);
3038 adv_instance->adv_data_len = adv_data_len;
3042 memset(adv_instance->scan_rsp_data, 0,
3043 sizeof(adv_instance->scan_rsp_data));
3044 memcpy(adv_instance->scan_rsp_data,
3045 scan_rsp_data, scan_rsp_len);
3046 adv_instance->scan_rsp_len = scan_rsp_len;
3052 /* This function requires the caller holds hdev->lock */
3053 void hci_adv_monitors_clear(struct hci_dev *hdev)
3055 struct adv_monitor *monitor;
3058 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle)
3059 hci_free_adv_monitor(hdev, monitor);
3061 idr_destroy(&hdev->adv_monitors_idr);
3064 /* Frees the monitor structure and do some bookkeepings.
3065 * This function requires the caller holds hdev->lock.
3067 void hci_free_adv_monitor(struct hci_dev *hdev, struct adv_monitor *monitor)
3069 struct adv_pattern *pattern;
3070 struct adv_pattern *tmp;
3075 list_for_each_entry_safe(pattern, tmp, &monitor->patterns, list) {
3076 list_del(&pattern->list);
3080 if (monitor->handle)
3081 idr_remove(&hdev->adv_monitors_idr, monitor->handle);
3083 if (monitor->state != ADV_MONITOR_STATE_NOT_REGISTERED) {
3084 hdev->adv_monitors_cnt--;
3085 mgmt_adv_monitor_removed(hdev, monitor->handle);
3091 int hci_add_adv_patterns_monitor_complete(struct hci_dev *hdev, u8 status)
3093 return mgmt_add_adv_patterns_monitor_complete(hdev, status);
3096 int hci_remove_adv_monitor_complete(struct hci_dev *hdev, u8 status)
3098 return mgmt_remove_adv_monitor_complete(hdev, status);
3101 /* Assigns handle to a monitor, and if offloading is supported and power is on,
3102 * also attempts to forward the request to the controller.
3103 * Returns true if request is forwarded (result is pending), false otherwise.
3104 * This function requires the caller holds hdev->lock.
3106 bool hci_add_adv_monitor(struct hci_dev *hdev, struct adv_monitor *monitor,
3109 int min, max, handle;
3118 min = HCI_MIN_ADV_MONITOR_HANDLE;
3119 max = HCI_MIN_ADV_MONITOR_HANDLE + HCI_MAX_ADV_MONITOR_NUM_HANDLES;
3120 handle = idr_alloc(&hdev->adv_monitors_idr, monitor, min, max,
3127 monitor->handle = handle;
3129 if (!hdev_is_powered(hdev))
3132 switch (hci_get_adv_monitor_offload_ext(hdev)) {
3133 case HCI_ADV_MONITOR_EXT_NONE:
3134 hci_update_background_scan(hdev);
3135 bt_dev_dbg(hdev, "%s add monitor status %d", hdev->name, *err);
3136 /* Message was not forwarded to controller - not an error */
3138 case HCI_ADV_MONITOR_EXT_MSFT:
3139 *err = msft_add_monitor_pattern(hdev, monitor);
3140 bt_dev_dbg(hdev, "%s add monitor msft status %d", hdev->name,
3148 /* Attempts to tell the controller and free the monitor. If somehow the
3149 * controller doesn't have a corresponding handle, remove anyway.
3150 * Returns true if request is forwarded (result is pending), false otherwise.
3151 * This function requires the caller holds hdev->lock.
3153 static bool hci_remove_adv_monitor(struct hci_dev *hdev,
3154 struct adv_monitor *monitor,
3155 u16 handle, int *err)
3159 switch (hci_get_adv_monitor_offload_ext(hdev)) {
3160 case HCI_ADV_MONITOR_EXT_NONE: /* also goes here when powered off */
3162 case HCI_ADV_MONITOR_EXT_MSFT:
3163 *err = msft_remove_monitor(hdev, monitor, handle);
3167 /* In case no matching handle registered, just free the monitor */
3168 if (*err == -ENOENT)
3174 if (*err == -ENOENT)
3175 bt_dev_warn(hdev, "Removing monitor with no matching handle %d",
3177 hci_free_adv_monitor(hdev, monitor);
3183 /* Returns true if request is forwarded (result is pending), false otherwise.
3184 * This function requires the caller holds hdev->lock.
3186 bool hci_remove_single_adv_monitor(struct hci_dev *hdev, u16 handle, int *err)
3188 struct adv_monitor *monitor = idr_find(&hdev->adv_monitors_idr, handle);
3196 pending = hci_remove_adv_monitor(hdev, monitor, handle, err);
3197 if (!*err && !pending)
3198 hci_update_background_scan(hdev);
3200 bt_dev_dbg(hdev, "%s remove monitor handle %d, status %d, %spending",
3201 hdev->name, handle, *err, pending ? "" : "not ");
3206 /* Returns true if request is forwarded (result is pending), false otherwise.
3207 * This function requires the caller holds hdev->lock.
3209 bool hci_remove_all_adv_monitor(struct hci_dev *hdev, int *err)
3211 struct adv_monitor *monitor;
3212 int idr_next_id = 0;
3213 bool pending = false;
3214 bool update = false;
3218 while (!*err && !pending) {
3219 monitor = idr_get_next(&hdev->adv_monitors_idr, &idr_next_id);
3223 pending = hci_remove_adv_monitor(hdev, monitor, 0, err);
3225 if (!*err && !pending)
3230 hci_update_background_scan(hdev);
3232 bt_dev_dbg(hdev, "%s remove all monitors status %d, %spending",
3233 hdev->name, *err, pending ? "" : "not ");
3238 /* This function requires the caller holds hdev->lock */
3239 bool hci_is_adv_monitoring(struct hci_dev *hdev)
3241 return !idr_is_empty(&hdev->adv_monitors_idr);
3244 int hci_get_adv_monitor_offload_ext(struct hci_dev *hdev)
3246 if (msft_monitor_supported(hdev))
3247 return HCI_ADV_MONITOR_EXT_MSFT;
3249 return HCI_ADV_MONITOR_EXT_NONE;
3252 struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list,
3253 bdaddr_t *bdaddr, u8 type)
3255 struct bdaddr_list *b;
3257 list_for_each_entry(b, bdaddr_list, list) {
3258 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3265 struct bdaddr_list_with_irk *hci_bdaddr_list_lookup_with_irk(
3266 struct list_head *bdaddr_list, bdaddr_t *bdaddr,
3269 struct bdaddr_list_with_irk *b;
3271 list_for_each_entry(b, bdaddr_list, list) {
3272 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3279 struct bdaddr_list_with_flags *
3280 hci_bdaddr_list_lookup_with_flags(struct list_head *bdaddr_list,
3281 bdaddr_t *bdaddr, u8 type)
3283 struct bdaddr_list_with_flags *b;
3285 list_for_each_entry(b, bdaddr_list, list) {
3286 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3293 void hci_bdaddr_list_clear(struct list_head *bdaddr_list)
3295 struct bdaddr_list *b, *n;
3297 list_for_each_entry_safe(b, n, bdaddr_list, list) {
3303 int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3305 struct bdaddr_list *entry;
3307 if (!bacmp(bdaddr, BDADDR_ANY))
3310 if (hci_bdaddr_list_lookup(list, bdaddr, type))
3313 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
3317 bacpy(&entry->bdaddr, bdaddr);
3318 entry->bdaddr_type = type;
3320 list_add(&entry->list, list);
3325 int hci_bdaddr_list_add_with_irk(struct list_head *list, bdaddr_t *bdaddr,
3326 u8 type, u8 *peer_irk, u8 *local_irk)
3328 struct bdaddr_list_with_irk *entry;
3330 if (!bacmp(bdaddr, BDADDR_ANY))
3333 if (hci_bdaddr_list_lookup(list, bdaddr, type))
3336 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
3340 bacpy(&entry->bdaddr, bdaddr);
3341 entry->bdaddr_type = type;
3344 memcpy(entry->peer_irk, peer_irk, 16);
3347 memcpy(entry->local_irk, local_irk, 16);
3349 list_add(&entry->list, list);
3354 int hci_bdaddr_list_add_with_flags(struct list_head *list, bdaddr_t *bdaddr,
3357 struct bdaddr_list_with_flags *entry;
3359 if (!bacmp(bdaddr, BDADDR_ANY))
3362 if (hci_bdaddr_list_lookup(list, bdaddr, type))
3365 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
3369 bacpy(&entry->bdaddr, bdaddr);
3370 entry->bdaddr_type = type;
3371 entry->current_flags = flags;
3373 list_add(&entry->list, list);
3378 int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3380 struct bdaddr_list *entry;
3382 if (!bacmp(bdaddr, BDADDR_ANY)) {
3383 hci_bdaddr_list_clear(list);
3387 entry = hci_bdaddr_list_lookup(list, bdaddr, type);
3391 list_del(&entry->list);
3397 int hci_bdaddr_list_del_with_irk(struct list_head *list, bdaddr_t *bdaddr,
3400 struct bdaddr_list_with_irk *entry;
3402 if (!bacmp(bdaddr, BDADDR_ANY)) {
3403 hci_bdaddr_list_clear(list);
3407 entry = hci_bdaddr_list_lookup_with_irk(list, bdaddr, type);
3411 list_del(&entry->list);
3417 int hci_bdaddr_list_del_with_flags(struct list_head *list, bdaddr_t *bdaddr,
3420 struct bdaddr_list_with_flags *entry;
3422 if (!bacmp(bdaddr, BDADDR_ANY)) {
3423 hci_bdaddr_list_clear(list);
3427 entry = hci_bdaddr_list_lookup_with_flags(list, bdaddr, type);
3431 list_del(&entry->list);
3437 /* This function requires the caller holds hdev->lock */
3438 struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
3439 bdaddr_t *addr, u8 addr_type)
3441 struct hci_conn_params *params;
3443 list_for_each_entry(params, &hdev->le_conn_params, list) {
3444 if (bacmp(¶ms->addr, addr) == 0 &&
3445 params->addr_type == addr_type) {
3453 /* This function requires the caller holds hdev->lock */
3454 struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
3455 bdaddr_t *addr, u8 addr_type)
3457 struct hci_conn_params *param;
3459 switch (addr_type) {
3460 case ADDR_LE_DEV_PUBLIC_RESOLVED:
3461 addr_type = ADDR_LE_DEV_PUBLIC;
3463 case ADDR_LE_DEV_RANDOM_RESOLVED:
3464 addr_type = ADDR_LE_DEV_RANDOM;
3468 list_for_each_entry(param, list, action) {
3469 if (bacmp(¶m->addr, addr) == 0 &&
3470 param->addr_type == addr_type)
3477 /* This function requires the caller holds hdev->lock */
3478 struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
3479 bdaddr_t *addr, u8 addr_type)
3481 struct hci_conn_params *params;
3483 params = hci_conn_params_lookup(hdev, addr, addr_type);
3487 params = kzalloc(sizeof(*params), GFP_KERNEL);
3489 bt_dev_err(hdev, "out of memory");
3493 bacpy(¶ms->addr, addr);
3494 params->addr_type = addr_type;
3496 list_add(¶ms->list, &hdev->le_conn_params);
3497 INIT_LIST_HEAD(¶ms->action);
3499 params->conn_min_interval = hdev->le_conn_min_interval;
3500 params->conn_max_interval = hdev->le_conn_max_interval;
3501 params->conn_latency = hdev->le_conn_latency;
3502 params->supervision_timeout = hdev->le_supv_timeout;
3503 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3505 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3510 static void hci_conn_params_free(struct hci_conn_params *params)
3513 hci_conn_drop(params->conn);
3514 hci_conn_put(params->conn);
3517 list_del(¶ms->action);
3518 list_del(¶ms->list);
3522 /* This function requires the caller holds hdev->lock */
3523 void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
3525 struct hci_conn_params *params;
3527 params = hci_conn_params_lookup(hdev, addr, addr_type);
3531 hci_conn_params_free(params);
3533 hci_update_background_scan(hdev);
3535 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3538 /* This function requires the caller holds hdev->lock */
3539 void hci_conn_params_clear_disabled(struct hci_dev *hdev)
3541 struct hci_conn_params *params, *tmp;
3543 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
3544 if (params->auto_connect != HCI_AUTO_CONN_DISABLED)
3547 /* If trying to estabilish one time connection to disabled
3548 * device, leave the params, but mark them as just once.
3550 if (params->explicit_connect) {
3551 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3555 list_del(¶ms->list);
3559 BT_DBG("All LE disabled connection parameters were removed");
3562 /* This function requires the caller holds hdev->lock */
3563 static void hci_conn_params_clear_all(struct hci_dev *hdev)
3565 struct hci_conn_params *params, *tmp;
3567 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list)
3568 hci_conn_params_free(params);
3570 BT_DBG("All LE connection parameters were removed");
3573 /* Copy the Identity Address of the controller.
3575 * If the controller has a public BD_ADDR, then by default use that one.
3576 * If this is a LE only controller without a public address, default to
3577 * the static random address.
3579 * For debugging purposes it is possible to force controllers with a
3580 * public address to use the static random address instead.
3582 * In case BR/EDR has been disabled on a dual-mode controller and
3583 * userspace has configured a static address, then that address
3584 * becomes the identity address instead of the public BR/EDR address.
3586 void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
3589 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
3590 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
3591 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3592 bacmp(&hdev->static_addr, BDADDR_ANY))) {
3593 bacpy(bdaddr, &hdev->static_addr);
3594 *bdaddr_type = ADDR_LE_DEV_RANDOM;
3596 bacpy(bdaddr, &hdev->bdaddr);
3597 *bdaddr_type = ADDR_LE_DEV_PUBLIC;
3601 static void hci_suspend_clear_tasks(struct hci_dev *hdev)
3605 for (i = 0; i < __SUSPEND_NUM_TASKS; i++)
3606 clear_bit(i, hdev->suspend_tasks);
3608 wake_up(&hdev->suspend_wait_q);
3611 static int hci_suspend_wait_event(struct hci_dev *hdev)
3614 (find_first_bit(hdev->suspend_tasks, __SUSPEND_NUM_TASKS) == \
3615 __SUSPEND_NUM_TASKS)
3618 int ret = wait_event_timeout(hdev->suspend_wait_q,
3619 WAKE_COND, SUSPEND_NOTIFIER_TIMEOUT);
3622 bt_dev_err(hdev, "Timed out waiting for suspend events");
3623 for (i = 0; i < __SUSPEND_NUM_TASKS; ++i) {
3624 if (test_bit(i, hdev->suspend_tasks))
3625 bt_dev_err(hdev, "Suspend timeout bit: %d", i);
3626 clear_bit(i, hdev->suspend_tasks);
3637 static void hci_prepare_suspend(struct work_struct *work)
3639 struct hci_dev *hdev =
3640 container_of(work, struct hci_dev, suspend_prepare);
3643 hci_req_prepare_suspend(hdev, hdev->suspend_state_next);
3644 hci_dev_unlock(hdev);
3647 static int hci_change_suspend_state(struct hci_dev *hdev,
3648 enum suspended_state next)
3650 hdev->suspend_state_next = next;
3651 set_bit(SUSPEND_PREPARE_NOTIFIER, hdev->suspend_tasks);
3652 queue_work(hdev->req_workqueue, &hdev->suspend_prepare);
3653 return hci_suspend_wait_event(hdev);
3656 static void hci_clear_wake_reason(struct hci_dev *hdev)
3660 hdev->wake_reason = 0;
3661 bacpy(&hdev->wake_addr, BDADDR_ANY);
3662 hdev->wake_addr_type = 0;
3664 hci_dev_unlock(hdev);
3667 static int hci_suspend_notifier(struct notifier_block *nb, unsigned long action,
3670 struct hci_dev *hdev =
3671 container_of(nb, struct hci_dev, suspend_notifier);
3673 u8 state = BT_RUNNING;
3675 /* If powering down, wait for completion. */
3676 if (mgmt_powering_down(hdev)) {
3677 set_bit(SUSPEND_POWERING_DOWN, hdev->suspend_tasks);
3678 ret = hci_suspend_wait_event(hdev);
3683 /* Suspend notifier should only act on events when powered. */
3684 if (!hdev_is_powered(hdev) ||
3685 hci_dev_test_flag(hdev, HCI_UNREGISTER))
3688 if (action == PM_SUSPEND_PREPARE) {
3689 /* Suspend consists of two actions:
3690 * - First, disconnect everything and make the controller not
3691 * connectable (disabling scanning)
3692 * - Second, program event filter/whitelist and enable scan
3694 ret = hci_change_suspend_state(hdev, BT_SUSPEND_DISCONNECT);
3696 state = BT_SUSPEND_DISCONNECT;
3698 /* Only configure whitelist if disconnect succeeded and wake
3699 * isn't being prevented.
3701 if (!ret && !(hdev->prevent_wake && hdev->prevent_wake(hdev))) {
3702 ret = hci_change_suspend_state(hdev,
3703 BT_SUSPEND_CONFIGURE_WAKE);
3705 state = BT_SUSPEND_CONFIGURE_WAKE;
3708 hci_clear_wake_reason(hdev);
3709 mgmt_suspending(hdev, state);
3711 } else if (action == PM_POST_SUSPEND) {
3712 ret = hci_change_suspend_state(hdev, BT_RUNNING);
3714 mgmt_resuming(hdev, hdev->wake_reason, &hdev->wake_addr,
3715 hdev->wake_addr_type);
3719 /* We always allow suspend even if suspend preparation failed and
3720 * attempt to recover in resume.
3723 bt_dev_err(hdev, "Suspend notifier action (%lu) failed: %d",
3729 /* Alloc HCI device */
3730 struct hci_dev *hci_alloc_dev(void)
3732 struct hci_dev *hdev;
3734 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
3738 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
3739 hdev->esco_type = (ESCO_HV1);
3740 hdev->link_mode = (HCI_LM_ACCEPT);
3741 hdev->num_iac = 0x01; /* One IAC support is mandatory */
3742 hdev->io_capability = 0x03; /* No Input No Output */
3743 hdev->manufacturer = 0xffff; /* Default to internal use */
3744 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
3745 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3746 hdev->adv_instance_cnt = 0;
3747 hdev->cur_adv_instance = 0x00;
3748 hdev->adv_instance_timeout = 0;
3750 hdev->advmon_allowlist_duration = 300;
3751 hdev->advmon_no_filter_duration = 500;
3752 hdev->enable_advmon_interleave_scan = 0x00; /* Default to disable */
3754 hdev->sniff_max_interval = 800;
3755 hdev->sniff_min_interval = 80;
3757 hdev->le_adv_channel_map = 0x07;
3758 hdev->le_adv_min_interval = 0x0800;
3759 hdev->le_adv_max_interval = 0x0800;
3760 hdev->le_scan_interval = 0x0060;
3761 hdev->le_scan_window = 0x0030;
3762 hdev->le_scan_int_suspend = 0x0400;
3763 hdev->le_scan_window_suspend = 0x0012;
3764 hdev->le_scan_int_discovery = DISCOV_LE_SCAN_INT;
3765 hdev->le_scan_window_discovery = DISCOV_LE_SCAN_WIN;
3766 hdev->le_scan_int_adv_monitor = 0x0060;
3767 hdev->le_scan_window_adv_monitor = 0x0030;
3768 hdev->le_scan_int_connect = 0x0060;
3769 hdev->le_scan_window_connect = 0x0060;
3770 hdev->le_conn_min_interval = 0x0018;
3771 hdev->le_conn_max_interval = 0x0028;
3772 hdev->le_conn_latency = 0x0000;
3773 hdev->le_supv_timeout = 0x002a;
3774 hdev->le_def_tx_len = 0x001b;
3775 hdev->le_def_tx_time = 0x0148;
3776 hdev->le_max_tx_len = 0x001b;
3777 hdev->le_max_tx_time = 0x0148;
3778 hdev->le_max_rx_len = 0x001b;
3779 hdev->le_max_rx_time = 0x0148;
3780 hdev->le_max_key_size = SMP_MAX_ENC_KEY_SIZE;
3781 hdev->le_min_key_size = SMP_MIN_ENC_KEY_SIZE;
3782 hdev->le_tx_def_phys = HCI_LE_SET_PHY_1M;
3783 hdev->le_rx_def_phys = HCI_LE_SET_PHY_1M;
3784 hdev->le_num_of_adv_sets = HCI_MAX_ADV_INSTANCES;
3785 hdev->def_multi_adv_rotation_duration = HCI_DEFAULT_ADV_DURATION;
3786 hdev->def_le_autoconnect_timeout = HCI_LE_AUTOCONN_TIMEOUT;
3787 hdev->min_le_tx_power = HCI_TX_POWER_INVALID;
3788 hdev->max_le_tx_power = HCI_TX_POWER_INVALID;
3790 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
3791 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
3792 hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
3793 hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
3794 hdev->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT;
3795 hdev->min_enc_key_size = HCI_MIN_ENC_KEY_SIZE;
3797 /* default 1.28 sec page scan */
3798 hdev->def_page_scan_type = PAGE_SCAN_TYPE_STANDARD;
3799 hdev->def_page_scan_int = 0x0800;
3800 hdev->def_page_scan_window = 0x0012;
3802 mutex_init(&hdev->lock);
3803 mutex_init(&hdev->req_lock);
3805 INIT_LIST_HEAD(&hdev->mgmt_pending);
3806 INIT_LIST_HEAD(&hdev->blacklist);
3807 INIT_LIST_HEAD(&hdev->whitelist);
3808 INIT_LIST_HEAD(&hdev->uuids);
3809 INIT_LIST_HEAD(&hdev->link_keys);
3810 INIT_LIST_HEAD(&hdev->long_term_keys);
3811 INIT_LIST_HEAD(&hdev->identity_resolving_keys);
3812 INIT_LIST_HEAD(&hdev->remote_oob_data);
3813 INIT_LIST_HEAD(&hdev->le_white_list);
3814 INIT_LIST_HEAD(&hdev->le_resolv_list);
3815 INIT_LIST_HEAD(&hdev->le_conn_params);
3816 INIT_LIST_HEAD(&hdev->pend_le_conns);
3817 INIT_LIST_HEAD(&hdev->pend_le_reports);
3818 INIT_LIST_HEAD(&hdev->conn_hash.list);
3819 INIT_LIST_HEAD(&hdev->adv_instances);
3820 INIT_LIST_HEAD(&hdev->blocked_keys);
3822 INIT_WORK(&hdev->rx_work, hci_rx_work);
3823 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
3824 INIT_WORK(&hdev->tx_work, hci_tx_work);
3825 INIT_WORK(&hdev->power_on, hci_power_on);
3826 INIT_WORK(&hdev->error_reset, hci_error_reset);
3827 INIT_WORK(&hdev->suspend_prepare, hci_prepare_suspend);
3829 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
3831 skb_queue_head_init(&hdev->rx_q);
3832 skb_queue_head_init(&hdev->cmd_q);
3833 skb_queue_head_init(&hdev->raw_q);
3835 init_waitqueue_head(&hdev->req_wait_q);
3836 init_waitqueue_head(&hdev->suspend_wait_q);
3838 INIT_DELAYED_WORK(&hdev->cmd_timer, hci_cmd_timeout);
3840 hci_request_setup(hdev);
3842 hci_init_sysfs(hdev);
3843 discovery_init(hdev);
3847 EXPORT_SYMBOL(hci_alloc_dev);
3849 /* Free HCI device */
3850 void hci_free_dev(struct hci_dev *hdev)
3852 /* will free via device release */
3853 put_device(&hdev->dev);
3855 EXPORT_SYMBOL(hci_free_dev);
3857 /* Register HCI device */
3858 int hci_register_dev(struct hci_dev *hdev)
3862 if (!hdev->open || !hdev->close || !hdev->send)
3865 /* Do not allow HCI_AMP devices to register at index 0,
3866 * so the index can be used as the AMP controller ID.
3868 switch (hdev->dev_type) {
3870 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
3873 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
3882 sprintf(hdev->name, "hci%d", id);
3885 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3887 hdev->workqueue = alloc_ordered_workqueue("%s", WQ_HIGHPRI, hdev->name);
3888 if (!hdev->workqueue) {
3893 hdev->req_workqueue = alloc_ordered_workqueue("%s", WQ_HIGHPRI,
3895 if (!hdev->req_workqueue) {
3896 destroy_workqueue(hdev->workqueue);
3901 if (!IS_ERR_OR_NULL(bt_debugfs))
3902 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
3904 dev_set_name(&hdev->dev, "%s", hdev->name);
3906 error = device_add(&hdev->dev);
3910 hci_leds_init(hdev);
3912 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
3913 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
3916 if (rfkill_register(hdev->rfkill) < 0) {
3917 rfkill_destroy(hdev->rfkill);
3918 hdev->rfkill = NULL;
3922 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
3923 hci_dev_set_flag(hdev, HCI_RFKILLED);
3925 hci_dev_set_flag(hdev, HCI_SETUP);
3926 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
3928 if (hdev->dev_type == HCI_PRIMARY) {
3929 /* Assume BR/EDR support until proven otherwise (such as
3930 * through reading supported features during init.
3932 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
3935 write_lock(&hci_dev_list_lock);
3936 list_add(&hdev->list, &hci_dev_list);
3937 write_unlock(&hci_dev_list_lock);
3939 /* Devices that are marked for raw-only usage are unconfigured
3940 * and should not be included in normal operation.
3942 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
3943 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
3945 hci_sock_dev_event(hdev, HCI_DEV_REG);
3948 if (!test_bit(HCI_QUIRK_NO_SUSPEND_NOTIFIER, &hdev->quirks)) {
3949 hdev->suspend_notifier.notifier_call = hci_suspend_notifier;
3950 error = register_pm_notifier(&hdev->suspend_notifier);
3955 queue_work(hdev->req_workqueue, &hdev->power_on);
3957 idr_init(&hdev->adv_monitors_idr);
3962 destroy_workqueue(hdev->workqueue);
3963 destroy_workqueue(hdev->req_workqueue);
3965 ida_simple_remove(&hci_index_ida, hdev->id);
3969 EXPORT_SYMBOL(hci_register_dev);
3971 /* Unregister HCI device */
3972 void hci_unregister_dev(struct hci_dev *hdev)
3976 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3978 hci_dev_set_flag(hdev, HCI_UNREGISTER);
3982 write_lock(&hci_dev_list_lock);
3983 list_del(&hdev->list);
3984 write_unlock(&hci_dev_list_lock);
3986 cancel_work_sync(&hdev->power_on);
3988 if (!test_bit(HCI_QUIRK_NO_SUSPEND_NOTIFIER, &hdev->quirks)) {
3989 hci_suspend_clear_tasks(hdev);
3990 unregister_pm_notifier(&hdev->suspend_notifier);
3991 cancel_work_sync(&hdev->suspend_prepare);
3994 hci_dev_do_close(hdev);
3996 if (!test_bit(HCI_INIT, &hdev->flags) &&
3997 !hci_dev_test_flag(hdev, HCI_SETUP) &&
3998 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
4000 mgmt_index_removed(hdev);
4001 hci_dev_unlock(hdev);
4004 /* mgmt_index_removed should take care of emptying the
4006 BUG_ON(!list_empty(&hdev->mgmt_pending));
4008 hci_sock_dev_event(hdev, HCI_DEV_UNREG);
4011 rfkill_unregister(hdev->rfkill);
4012 rfkill_destroy(hdev->rfkill);
4015 device_del(&hdev->dev);
4017 debugfs_remove_recursive(hdev->debugfs);
4018 kfree_const(hdev->hw_info);
4019 kfree_const(hdev->fw_info);
4021 destroy_workqueue(hdev->workqueue);
4022 destroy_workqueue(hdev->req_workqueue);
4025 hci_bdaddr_list_clear(&hdev->blacklist);
4026 hci_bdaddr_list_clear(&hdev->whitelist);
4027 hci_uuids_clear(hdev);
4028 hci_link_keys_clear(hdev);
4029 hci_smp_ltks_clear(hdev);
4030 hci_smp_irks_clear(hdev);
4031 hci_remote_oob_data_clear(hdev);
4032 hci_adv_instances_clear(hdev);
4033 hci_adv_monitors_clear(hdev);
4034 hci_bdaddr_list_clear(&hdev->le_white_list);
4035 hci_bdaddr_list_clear(&hdev->le_resolv_list);
4036 hci_conn_params_clear_all(hdev);
4037 hci_discovery_filter_clear(hdev);
4038 hci_blocked_keys_clear(hdev);
4039 hci_dev_unlock(hdev);
4043 ida_simple_remove(&hci_index_ida, id);
4045 EXPORT_SYMBOL(hci_unregister_dev);
4047 /* Suspend HCI device */
4048 int hci_suspend_dev(struct hci_dev *hdev)
4050 hci_sock_dev_event(hdev, HCI_DEV_SUSPEND);
4053 EXPORT_SYMBOL(hci_suspend_dev);
4055 /* Resume HCI device */
4056 int hci_resume_dev(struct hci_dev *hdev)
4058 hci_sock_dev_event(hdev, HCI_DEV_RESUME);
4061 EXPORT_SYMBOL(hci_resume_dev);
4063 /* Reset HCI device */
4064 int hci_reset_dev(struct hci_dev *hdev)
4066 static const u8 hw_err[] = { HCI_EV_HARDWARE_ERROR, 0x01, 0x00 };
4067 struct sk_buff *skb;
4069 skb = bt_skb_alloc(3, GFP_ATOMIC);
4073 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
4074 skb_put_data(skb, hw_err, 3);
4076 /* Send Hardware Error to upper stack */
4077 return hci_recv_frame(hdev, skb);
4079 EXPORT_SYMBOL(hci_reset_dev);
4081 /* Receive frame from HCI drivers */
4082 int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
4084 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
4085 && !test_bit(HCI_INIT, &hdev->flags))) {
4090 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
4091 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
4092 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT &&
4093 hci_skb_pkt_type(skb) != HCI_ISODATA_PKT) {
4099 bt_cb(skb)->incoming = 1;
4102 __net_timestamp(skb);
4104 skb_queue_tail(&hdev->rx_q, skb);
4105 queue_work(hdev->workqueue, &hdev->rx_work);
4109 EXPORT_SYMBOL(hci_recv_frame);
4111 /* Receive diagnostic message from HCI drivers */
4112 int hci_recv_diag(struct hci_dev *hdev, struct sk_buff *skb)
4114 /* Mark as diagnostic packet */
4115 hci_skb_pkt_type(skb) = HCI_DIAG_PKT;
4118 __net_timestamp(skb);
4120 skb_queue_tail(&hdev->rx_q, skb);
4121 queue_work(hdev->workqueue, &hdev->rx_work);
4125 EXPORT_SYMBOL(hci_recv_diag);
4127 void hci_set_hw_info(struct hci_dev *hdev, const char *fmt, ...)
4131 va_start(vargs, fmt);
4132 kfree_const(hdev->hw_info);
4133 hdev->hw_info = kvasprintf_const(GFP_KERNEL, fmt, vargs);
4136 EXPORT_SYMBOL(hci_set_hw_info);
4138 void hci_set_fw_info(struct hci_dev *hdev, const char *fmt, ...)
4142 va_start(vargs, fmt);
4143 kfree_const(hdev->fw_info);
4144 hdev->fw_info = kvasprintf_const(GFP_KERNEL, fmt, vargs);
4147 EXPORT_SYMBOL(hci_set_fw_info);
4149 /* ---- Interface to upper protocols ---- */
4151 int hci_register_cb(struct hci_cb *cb)
4153 BT_DBG("%p name %s", cb, cb->name);
4155 mutex_lock(&hci_cb_list_lock);
4156 list_add_tail(&cb->list, &hci_cb_list);
4157 mutex_unlock(&hci_cb_list_lock);
4161 EXPORT_SYMBOL(hci_register_cb);
4163 int hci_unregister_cb(struct hci_cb *cb)
4165 BT_DBG("%p name %s", cb, cb->name);
4167 mutex_lock(&hci_cb_list_lock);
4168 list_del(&cb->list);
4169 mutex_unlock(&hci_cb_list_lock);
4173 EXPORT_SYMBOL(hci_unregister_cb);
4175 static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
4179 BT_DBG("%s type %d len %d", hdev->name, hci_skb_pkt_type(skb),
4183 __net_timestamp(skb);
4185 /* Send copy to monitor */
4186 hci_send_to_monitor(hdev, skb);
4188 if (atomic_read(&hdev->promisc)) {
4189 /* Send copy to the sockets */
4190 hci_send_to_sock(hdev, skb);
4193 /* Get rid of skb owner, prior to sending to the driver. */
4196 if (!test_bit(HCI_RUNNING, &hdev->flags)) {
4201 err = hdev->send(hdev, skb);
4203 bt_dev_err(hdev, "sending frame failed (%d)", err);
4208 /* Send HCI command */
4209 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
4212 struct sk_buff *skb;
4214 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
4216 skb = hci_prepare_cmd(hdev, opcode, plen, param);
4218 bt_dev_err(hdev, "no memory for command");
4222 /* Stand-alone HCI commands must be flagged as
4223 * single-command requests.
4225 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
4227 skb_queue_tail(&hdev->cmd_q, skb);
4228 queue_work(hdev->workqueue, &hdev->cmd_work);
4233 int __hci_cmd_send(struct hci_dev *hdev, u16 opcode, u32 plen,
4236 struct sk_buff *skb;
4238 if (hci_opcode_ogf(opcode) != 0x3f) {
4239 /* A controller receiving a command shall respond with either
4240 * a Command Status Event or a Command Complete Event.
4241 * Therefore, all standard HCI commands must be sent via the
4242 * standard API, using hci_send_cmd or hci_cmd_sync helpers.
4243 * Some vendors do not comply with this rule for vendor-specific
4244 * commands and do not return any event. We want to support
4245 * unresponded commands for such cases only.
4247 bt_dev_err(hdev, "unresponded command not supported");
4251 skb = hci_prepare_cmd(hdev, opcode, plen, param);
4253 bt_dev_err(hdev, "no memory for command (opcode 0x%4.4x)",
4258 hci_send_frame(hdev, skb);
4262 EXPORT_SYMBOL(__hci_cmd_send);
4264 /* Get data from the previously sent command */
4265 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
4267 struct hci_command_hdr *hdr;
4269 if (!hdev->sent_cmd)
4272 hdr = (void *) hdev->sent_cmd->data;
4274 if (hdr->opcode != cpu_to_le16(opcode))
4277 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
4279 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
4282 /* Send HCI command and wait for command commplete event */
4283 struct sk_buff *hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
4284 const void *param, u32 timeout)
4286 struct sk_buff *skb;
4288 if (!test_bit(HCI_UP, &hdev->flags))
4289 return ERR_PTR(-ENETDOWN);
4291 bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen);
4293 hci_req_sync_lock(hdev);
4294 skb = __hci_cmd_sync(hdev, opcode, plen, param, timeout);
4295 hci_req_sync_unlock(hdev);
4299 EXPORT_SYMBOL(hci_cmd_sync);
4302 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
4304 struct hci_acl_hdr *hdr;
4307 skb_push(skb, HCI_ACL_HDR_SIZE);
4308 skb_reset_transport_header(skb);
4309 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
4310 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
4311 hdr->dlen = cpu_to_le16(len);
4314 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
4315 struct sk_buff *skb, __u16 flags)
4317 struct hci_conn *conn = chan->conn;
4318 struct hci_dev *hdev = conn->hdev;
4319 struct sk_buff *list;
4321 skb->len = skb_headlen(skb);
4324 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
4326 switch (hdev->dev_type) {
4328 hci_add_acl_hdr(skb, conn->handle, flags);
4331 hci_add_acl_hdr(skb, chan->handle, flags);
4334 bt_dev_err(hdev, "unknown dev_type %d", hdev->dev_type);
4338 list = skb_shinfo(skb)->frag_list;
4340 /* Non fragmented */
4341 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
4343 skb_queue_tail(queue, skb);
4346 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
4348 skb_shinfo(skb)->frag_list = NULL;
4350 /* Queue all fragments atomically. We need to use spin_lock_bh
4351 * here because of 6LoWPAN links, as there this function is
4352 * called from softirq and using normal spin lock could cause
4355 spin_lock_bh(&queue->lock);
4357 __skb_queue_tail(queue, skb);
4359 flags &= ~ACL_START;
4362 skb = list; list = list->next;
4364 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
4365 hci_add_acl_hdr(skb, conn->handle, flags);
4367 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
4369 __skb_queue_tail(queue, skb);
4372 spin_unlock_bh(&queue->lock);
4376 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
4378 struct hci_dev *hdev = chan->conn->hdev;
4380 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
4382 hci_queue_acl(chan, &chan->data_q, skb, flags);
4384 queue_work(hdev->workqueue, &hdev->tx_work);
4388 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
4390 struct hci_dev *hdev = conn->hdev;
4391 struct hci_sco_hdr hdr;
4393 BT_DBG("%s len %d", hdev->name, skb->len);
4395 hdr.handle = cpu_to_le16(conn->handle);
4396 hdr.dlen = skb->len;
4398 skb_push(skb, HCI_SCO_HDR_SIZE);
4399 skb_reset_transport_header(skb);
4400 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
4402 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
4404 skb_queue_tail(&conn->data_q, skb);
4405 queue_work(hdev->workqueue, &hdev->tx_work);
4408 /* ---- HCI TX task (outgoing data) ---- */
4410 /* HCI Connection scheduler */
4411 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
4414 struct hci_conn_hash *h = &hdev->conn_hash;
4415 struct hci_conn *conn = NULL, *c;
4416 unsigned int num = 0, min = ~0;
4418 /* We don't have to lock device here. Connections are always
4419 * added and removed with TX task disabled. */
4423 list_for_each_entry_rcu(c, &h->list, list) {
4424 if (c->type != type || skb_queue_empty(&c->data_q))
4427 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
4432 if (c->sent < min) {
4437 if (hci_conn_num(hdev, type) == num)
4446 switch (conn->type) {
4448 cnt = hdev->acl_cnt;
4452 cnt = hdev->sco_cnt;
4455 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
4459 bt_dev_err(hdev, "unknown link type %d", conn->type);
4467 BT_DBG("conn %p quote %d", conn, *quote);
4471 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
4473 struct hci_conn_hash *h = &hdev->conn_hash;
4476 bt_dev_err(hdev, "link tx timeout");
4480 /* Kill stalled connections */
4481 list_for_each_entry_rcu(c, &h->list, list) {
4482 if (c->type == type && c->sent) {
4483 bt_dev_err(hdev, "killing stalled connection %pMR",
4485 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
4492 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
4495 struct hci_conn_hash *h = &hdev->conn_hash;
4496 struct hci_chan *chan = NULL;
4497 unsigned int num = 0, min = ~0, cur_prio = 0;
4498 struct hci_conn *conn;
4499 int cnt, q, conn_num = 0;
4501 BT_DBG("%s", hdev->name);
4505 list_for_each_entry_rcu(conn, &h->list, list) {
4506 struct hci_chan *tmp;
4508 if (conn->type != type)
4511 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
4516 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
4517 struct sk_buff *skb;
4519 if (skb_queue_empty(&tmp->data_q))
4522 skb = skb_peek(&tmp->data_q);
4523 if (skb->priority < cur_prio)
4526 if (skb->priority > cur_prio) {
4529 cur_prio = skb->priority;
4534 if (conn->sent < min) {
4540 if (hci_conn_num(hdev, type) == conn_num)
4549 switch (chan->conn->type) {
4551 cnt = hdev->acl_cnt;
4554 cnt = hdev->block_cnt;
4558 cnt = hdev->sco_cnt;
4561 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
4565 bt_dev_err(hdev, "unknown link type %d", chan->conn->type);
4570 BT_DBG("chan %p quote %d", chan, *quote);
4574 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
4576 struct hci_conn_hash *h = &hdev->conn_hash;
4577 struct hci_conn *conn;
4580 BT_DBG("%s", hdev->name);
4584 list_for_each_entry_rcu(conn, &h->list, list) {
4585 struct hci_chan *chan;
4587 if (conn->type != type)
4590 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
4595 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
4596 struct sk_buff *skb;
4603 if (skb_queue_empty(&chan->data_q))
4606 skb = skb_peek(&chan->data_q);
4607 if (skb->priority >= HCI_PRIO_MAX - 1)
4610 skb->priority = HCI_PRIO_MAX - 1;
4612 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
4616 if (hci_conn_num(hdev, type) == num)
4624 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
4626 /* Calculate count of blocks used by this packet */
4627 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
4630 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
4632 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
4633 /* ACL tx timeout must be longer than maximum
4634 * link supervision timeout (40.9 seconds) */
4635 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
4636 HCI_ACL_TX_TIMEOUT))
4637 hci_link_tx_to(hdev, ACL_LINK);
4642 static void hci_sched_sco(struct hci_dev *hdev)
4644 struct hci_conn *conn;
4645 struct sk_buff *skb;
4648 BT_DBG("%s", hdev->name);
4650 if (!hci_conn_num(hdev, SCO_LINK))
4653 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
4654 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
4655 BT_DBG("skb %p len %d", skb, skb->len);
4656 hci_send_frame(hdev, skb);
4659 if (conn->sent == ~0)
4665 static void hci_sched_esco(struct hci_dev *hdev)
4667 struct hci_conn *conn;
4668 struct sk_buff *skb;
4671 BT_DBG("%s", hdev->name);
4673 if (!hci_conn_num(hdev, ESCO_LINK))
4676 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
4678 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
4679 BT_DBG("skb %p len %d", skb, skb->len);
4680 hci_send_frame(hdev, skb);
4683 if (conn->sent == ~0)
4689 static void hci_sched_acl_pkt(struct hci_dev *hdev)
4691 unsigned int cnt = hdev->acl_cnt;
4692 struct hci_chan *chan;
4693 struct sk_buff *skb;
4696 __check_timeout(hdev, cnt);
4698 while (hdev->acl_cnt &&
4699 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
4700 u32 priority = (skb_peek(&chan->data_q))->priority;
4701 while (quote-- && (skb = skb_peek(&chan->data_q))) {
4702 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4703 skb->len, skb->priority);
4705 /* Stop if priority has changed */
4706 if (skb->priority < priority)
4709 skb = skb_dequeue(&chan->data_q);
4711 hci_conn_enter_active_mode(chan->conn,
4712 bt_cb(skb)->force_active);
4714 hci_send_frame(hdev, skb);
4715 hdev->acl_last_tx = jiffies;
4721 /* Send pending SCO packets right away */
4722 hci_sched_sco(hdev);
4723 hci_sched_esco(hdev);
4727 if (cnt != hdev->acl_cnt)
4728 hci_prio_recalculate(hdev, ACL_LINK);
4731 static void hci_sched_acl_blk(struct hci_dev *hdev)
4733 unsigned int cnt = hdev->block_cnt;
4734 struct hci_chan *chan;
4735 struct sk_buff *skb;
4739 __check_timeout(hdev, cnt);
4741 BT_DBG("%s", hdev->name);
4743 if (hdev->dev_type == HCI_AMP)
4748 while (hdev->block_cnt > 0 &&
4749 (chan = hci_chan_sent(hdev, type, "e))) {
4750 u32 priority = (skb_peek(&chan->data_q))->priority;
4751 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
4754 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4755 skb->len, skb->priority);
4757 /* Stop if priority has changed */
4758 if (skb->priority < priority)
4761 skb = skb_dequeue(&chan->data_q);
4763 blocks = __get_blocks(hdev, skb);
4764 if (blocks > hdev->block_cnt)
4767 hci_conn_enter_active_mode(chan->conn,
4768 bt_cb(skb)->force_active);
4770 hci_send_frame(hdev, skb);
4771 hdev->acl_last_tx = jiffies;
4773 hdev->block_cnt -= blocks;
4776 chan->sent += blocks;
4777 chan->conn->sent += blocks;
4781 if (cnt != hdev->block_cnt)
4782 hci_prio_recalculate(hdev, type);
4785 static void hci_sched_acl(struct hci_dev *hdev)
4787 BT_DBG("%s", hdev->name);
4789 /* No ACL link over BR/EDR controller */
4790 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_PRIMARY)
4793 /* No AMP link over AMP controller */
4794 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
4797 switch (hdev->flow_ctl_mode) {
4798 case HCI_FLOW_CTL_MODE_PACKET_BASED:
4799 hci_sched_acl_pkt(hdev);
4802 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
4803 hci_sched_acl_blk(hdev);
4808 static void hci_sched_le(struct hci_dev *hdev)
4810 struct hci_chan *chan;
4811 struct sk_buff *skb;
4812 int quote, cnt, tmp;
4814 BT_DBG("%s", hdev->name);
4816 if (!hci_conn_num(hdev, LE_LINK))
4819 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
4821 __check_timeout(hdev, cnt);
4824 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
4825 u32 priority = (skb_peek(&chan->data_q))->priority;
4826 while (quote-- && (skb = skb_peek(&chan->data_q))) {
4827 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4828 skb->len, skb->priority);
4830 /* Stop if priority has changed */
4831 if (skb->priority < priority)
4834 skb = skb_dequeue(&chan->data_q);
4836 hci_send_frame(hdev, skb);
4837 hdev->le_last_tx = jiffies;
4843 /* Send pending SCO packets right away */
4844 hci_sched_sco(hdev);
4845 hci_sched_esco(hdev);
4852 hdev->acl_cnt = cnt;
4855 hci_prio_recalculate(hdev, LE_LINK);
4858 static void hci_tx_work(struct work_struct *work)
4860 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
4861 struct sk_buff *skb;
4863 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
4864 hdev->sco_cnt, hdev->le_cnt);
4866 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
4867 /* Schedule queues and send stuff to HCI driver */
4868 hci_sched_sco(hdev);
4869 hci_sched_esco(hdev);
4870 hci_sched_acl(hdev);
4874 /* Send next queued raw (unknown type) packet */
4875 while ((skb = skb_dequeue(&hdev->raw_q)))
4876 hci_send_frame(hdev, skb);
4879 /* ----- HCI RX task (incoming data processing) ----- */
4881 /* ACL data packet */
4882 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4884 struct hci_acl_hdr *hdr = (void *) skb->data;
4885 struct hci_conn *conn;
4886 __u16 handle, flags;
4888 skb_pull(skb, HCI_ACL_HDR_SIZE);
4890 handle = __le16_to_cpu(hdr->handle);
4891 flags = hci_flags(handle);
4892 handle = hci_handle(handle);
4894 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
4897 hdev->stat.acl_rx++;
4900 conn = hci_conn_hash_lookup_handle(hdev, handle);
4901 hci_dev_unlock(hdev);
4904 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
4906 /* Send to upper protocol */
4907 l2cap_recv_acldata(conn, skb, flags);
4910 bt_dev_err(hdev, "ACL packet for unknown connection handle %d",
4917 /* SCO data packet */
4918 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4920 struct hci_sco_hdr *hdr = (void *) skb->data;
4921 struct hci_conn *conn;
4922 __u16 handle, flags;
4924 skb_pull(skb, HCI_SCO_HDR_SIZE);
4926 handle = __le16_to_cpu(hdr->handle);
4927 flags = hci_flags(handle);
4928 handle = hci_handle(handle);
4930 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
4933 hdev->stat.sco_rx++;
4936 conn = hci_conn_hash_lookup_handle(hdev, handle);
4937 hci_dev_unlock(hdev);
4940 /* Send to upper protocol */
4941 bt_cb(skb)->sco.pkt_status = flags & 0x03;
4942 sco_recv_scodata(conn, skb);
4945 bt_dev_err(hdev, "SCO packet for unknown connection handle %d",
4952 static bool hci_req_is_complete(struct hci_dev *hdev)
4954 struct sk_buff *skb;
4956 skb = skb_peek(&hdev->cmd_q);
4960 return (bt_cb(skb)->hci.req_flags & HCI_REQ_START);
4963 static void hci_resend_last(struct hci_dev *hdev)
4965 struct hci_command_hdr *sent;
4966 struct sk_buff *skb;
4969 if (!hdev->sent_cmd)
4972 sent = (void *) hdev->sent_cmd->data;
4973 opcode = __le16_to_cpu(sent->opcode);
4974 if (opcode == HCI_OP_RESET)
4977 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
4981 skb_queue_head(&hdev->cmd_q, skb);
4982 queue_work(hdev->workqueue, &hdev->cmd_work);
4985 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
4986 hci_req_complete_t *req_complete,
4987 hci_req_complete_skb_t *req_complete_skb)
4989 struct sk_buff *skb;
4990 unsigned long flags;
4992 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
4994 /* If the completed command doesn't match the last one that was
4995 * sent we need to do special handling of it.
4997 if (!hci_sent_cmd_data(hdev, opcode)) {
4998 /* Some CSR based controllers generate a spontaneous
4999 * reset complete event during init and any pending
5000 * command will never be completed. In such a case we
5001 * need to resend whatever was the last sent
5004 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
5005 hci_resend_last(hdev);
5010 /* If we reach this point this event matches the last command sent */
5011 hci_dev_clear_flag(hdev, HCI_CMD_PENDING);
5013 /* If the command succeeded and there's still more commands in
5014 * this request the request is not yet complete.
5016 if (!status && !hci_req_is_complete(hdev))
5019 /* If this was the last command in a request the complete
5020 * callback would be found in hdev->sent_cmd instead of the
5021 * command queue (hdev->cmd_q).
5023 if (bt_cb(hdev->sent_cmd)->hci.req_flags & HCI_REQ_SKB) {
5024 *req_complete_skb = bt_cb(hdev->sent_cmd)->hci.req_complete_skb;
5028 if (bt_cb(hdev->sent_cmd)->hci.req_complete) {
5029 *req_complete = bt_cb(hdev->sent_cmd)->hci.req_complete;
5033 /* Remove all pending commands belonging to this request */
5034 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
5035 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
5036 if (bt_cb(skb)->hci.req_flags & HCI_REQ_START) {
5037 __skb_queue_head(&hdev->cmd_q, skb);
5041 if (bt_cb(skb)->hci.req_flags & HCI_REQ_SKB)
5042 *req_complete_skb = bt_cb(skb)->hci.req_complete_skb;
5044 *req_complete = bt_cb(skb)->hci.req_complete;
5047 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
5050 static void hci_rx_work(struct work_struct *work)
5052 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
5053 struct sk_buff *skb;
5055 BT_DBG("%s", hdev->name);
5057 while ((skb = skb_dequeue(&hdev->rx_q))) {
5058 /* Send copy to monitor */
5059 hci_send_to_monitor(hdev, skb);
5061 if (atomic_read(&hdev->promisc)) {
5062 /* Send copy to the sockets */
5063 hci_send_to_sock(hdev, skb);
5066 /* If the device has been opened in HCI_USER_CHANNEL,
5067 * the userspace has exclusive access to device.
5068 * When device is HCI_INIT, we still need to process
5069 * the data packets to the driver in order
5070 * to complete its setup().
5072 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
5073 !test_bit(HCI_INIT, &hdev->flags)) {
5078 if (test_bit(HCI_INIT, &hdev->flags)) {
5079 /* Don't process data packets in this states. */
5080 switch (hci_skb_pkt_type(skb)) {
5081 case HCI_ACLDATA_PKT:
5082 case HCI_SCODATA_PKT:
5083 case HCI_ISODATA_PKT:
5090 switch (hci_skb_pkt_type(skb)) {
5092 BT_DBG("%s Event packet", hdev->name);
5093 hci_event_packet(hdev, skb);
5096 case HCI_ACLDATA_PKT:
5097 BT_DBG("%s ACL data packet", hdev->name);
5098 hci_acldata_packet(hdev, skb);
5101 case HCI_SCODATA_PKT:
5102 BT_DBG("%s SCO data packet", hdev->name);
5103 hci_scodata_packet(hdev, skb);
5113 static void hci_cmd_work(struct work_struct *work)
5115 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
5116 struct sk_buff *skb;
5118 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
5119 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
5121 /* Send queued commands */
5122 if (atomic_read(&hdev->cmd_cnt)) {
5123 skb = skb_dequeue(&hdev->cmd_q);
5127 kfree_skb(hdev->sent_cmd);
5129 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
5130 if (hdev->sent_cmd) {
5131 if (hci_req_status_pend(hdev))
5132 hci_dev_set_flag(hdev, HCI_CMD_PENDING);
5133 atomic_dec(&hdev->cmd_cnt);
5134 hci_send_frame(hdev, skb);
5135 if (test_bit(HCI_RESET, &hdev->flags))
5136 cancel_delayed_work(&hdev->cmd_timer);
5138 schedule_delayed_work(&hdev->cmd_timer,
5141 skb_queue_head(&hdev->cmd_q, skb);
5142 queue_work(hdev->workqueue, &hdev->cmd_work);
projects / linux-2.6-microblaze.git / blob