1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2011 ProFUSION Embedded Systems 5 6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License version 2 as 10 published by the Free Software Foundation; 11 12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 20 21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 23 SOFTWARE IS DISCLAIMED. 24 */ 25 26 /* Bluetooth HCI core. */ 27 28 #include <linux/export.h> 29 #include <linux/idr.h> 30 31 #include <linux/rfkill.h> 32 33 #include <net/bluetooth/bluetooth.h> 34 #include <net/bluetooth/hci_core.h> 35 36 static void hci_rx_work(struct work_struct *work); 37 static void hci_cmd_work(struct work_struct *work); 38 static void hci_tx_work(struct work_struct *work); 39 40 /* HCI device list */ 41 LIST_HEAD(hci_dev_list); 42 DEFINE_RWLOCK(hci_dev_list_lock); 43 44 /* HCI callback list */ 45 LIST_HEAD(hci_cb_list); 46 DEFINE_RWLOCK(hci_cb_list_lock); 47 48 /* HCI ID Numbering */ 49 static DEFINE_IDA(hci_index_ida); 50 51 /* ---- HCI notifications ---- */ 52 53 static void hci_notify(struct hci_dev *hdev, int event) 54 { 55 hci_sock_dev_event(hdev, event); 56 } 57 58 /* ---- HCI requests ---- */ 59 60 void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result) 61 { 62 BT_DBG("%s command 0x%4.4x result 0x%2.2x", hdev->name, cmd, result); 63 64 /* If this is the init phase check if the completed command matches 65 * the last init command, and if not just return. 66 */ 67 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd) { 68 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data; 69 u16 opcode = __le16_to_cpu(sent->opcode); 70 struct sk_buff *skb; 71 72 /* Some CSR based controllers generate a spontaneous 73 * reset complete event during init and any pending 74 * command will never be completed. In such a case we 75 * need to resend whatever was the last sent 76 * command. 77 */ 78 79 if (cmd != HCI_OP_RESET || opcode == HCI_OP_RESET) 80 return; 81 82 skb = skb_clone(hdev->sent_cmd, GFP_ATOMIC); 83 if (skb) { 84 skb_queue_head(&hdev->cmd_q, skb); 85 queue_work(hdev->workqueue, &hdev->cmd_work); 86 } 87 88 return; 89 } 90 91 if (hdev->req_status == HCI_REQ_PEND) { 92 hdev->req_result = result; 93 hdev->req_status = HCI_REQ_DONE; 94 wake_up_interruptible(&hdev->req_wait_q); 95 } 96 } 97 98 static void hci_req_cancel(struct hci_dev *hdev, int err) 99 { 100 BT_DBG("%s err 0x%2.2x", hdev->name, err); 101 102 if (hdev->req_status == HCI_REQ_PEND) { 103 hdev->req_result = err; 104 hdev->req_status = HCI_REQ_CANCELED; 105 wake_up_interruptible(&hdev->req_wait_q); 106 } 107 } 108 109 /* Execute request and wait for completion. */ 110 static int __hci_request(struct hci_dev *hdev, 111 void (*req)(struct hci_dev *hdev, unsigned long opt), 112 unsigned long opt, __u32 timeout) 113 { 114 DECLARE_WAITQUEUE(wait, current); 115 int err = 0; 116 117 BT_DBG("%s start", hdev->name); 118 119 hdev->req_status = HCI_REQ_PEND; 120 121 add_wait_queue(&hdev->req_wait_q, &wait); 122 set_current_state(TASK_INTERRUPTIBLE); 123 124 req(hdev, opt); 125 schedule_timeout(timeout); 126 127 remove_wait_queue(&hdev->req_wait_q, &wait); 128 129 if (signal_pending(current)) 130 return -EINTR; 131 132 switch (hdev->req_status) { 133 case HCI_REQ_DONE: 134 err = -bt_to_errno(hdev->req_result); 135 break; 136 137 case HCI_REQ_CANCELED: 138 err = -hdev->req_result; 139 break; 140 141 default: 142 err = -ETIMEDOUT; 143 break; 144 } 145 146 hdev->req_status = hdev->req_result = 0; 147 148 BT_DBG("%s end: err %d", hdev->name, err); 149 150 return err; 151 } 152 153 static int hci_request(struct hci_dev *hdev, 154 void (*req)(struct hci_dev *hdev, unsigned long opt), 155 unsigned long opt, __u32 timeout) 156 { 157 int ret; 158 159 if (!test_bit(HCI_UP, &hdev->flags)) 160 return -ENETDOWN; 161 162 /* Serialize all requests */ 163 hci_req_lock(hdev); 164 ret = __hci_request(hdev, req, opt, timeout); 165 hci_req_unlock(hdev); 166 167 return ret; 168 } 169 170 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt) 171 { 172 BT_DBG("%s %ld", hdev->name, opt); 173 174 /* Reset device */ 175 set_bit(HCI_RESET, &hdev->flags); 176 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL); 177 } 178 179 static void bredr_init(struct hci_dev *hdev) 180 { 181 struct hci_cp_delete_stored_link_key cp; 182 __le16 param; 183 __u8 flt_type; 184 185 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED; 186 187 /* Mandatory initialization */ 188 189 /* Read Local Supported Features */ 190 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL); 191 192 /* Read Local Version */ 193 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL); 194 195 /* Read Buffer Size (ACL mtu, max pkt, etc.) */ 196 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL); 197 198 /* Read BD Address */ 199 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL); 200 201 /* Read Class of Device */ 202 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL); 203 204 /* Read Local Name */ 205 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL); 206 207 /* Read Voice Setting */ 208 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL); 209 210 /* Optional initialization */ 211 212 /* Clear Event Filters */ 213 flt_type = HCI_FLT_CLEAR_ALL; 214 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type); 215 216 /* Connection accept timeout ~20 secs */ 217 param = __constant_cpu_to_le16(0x7d00); 218 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m); 219 220 bacpy(&cp.bdaddr, BDADDR_ANY); 221 cp.delete_all = 1; 222 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp); 223 } 224 225 static void amp_init(struct hci_dev *hdev) 226 { 227 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED; 228 229 /* Read Local Version */ 230 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL); 231 232 /* Read Local AMP Info */ 233 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL); 234 235 /* Read Data Blk size */ 236 hci_send_cmd(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL); 237 } 238 239 static void hci_init_req(struct hci_dev *hdev, unsigned long opt) 240 { 241 struct sk_buff *skb; 242 243 BT_DBG("%s %ld", hdev->name, opt); 244 245 /* Driver initialization */ 246 247 /* Special commands */ 248 while ((skb = skb_dequeue(&hdev->driver_init))) { 249 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT; 250 skb->dev = (void *) hdev; 251 252 skb_queue_tail(&hdev->cmd_q, skb); 253 queue_work(hdev->workqueue, &hdev->cmd_work); 254 } 255 skb_queue_purge(&hdev->driver_init); 256 257 /* Reset */ 258 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) 259 hci_reset_req(hdev, 0); 260 261 switch (hdev->dev_type) { 262 case HCI_BREDR: 263 bredr_init(hdev); 264 break; 265 266 case HCI_AMP: 267 amp_init(hdev); 268 break; 269 270 default: 271 BT_ERR("Unknown device type %d", hdev->dev_type); 272 break; 273 } 274 } 275 276 static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt) 277 { 278 BT_DBG("%s", hdev->name); 279 280 /* Read LE buffer size */ 281 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL); 282 } 283 284 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt) 285 { 286 __u8 scan = opt; 287 288 BT_DBG("%s %x", hdev->name, scan); 289 290 /* Inquiry and Page scans */ 291 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 292 } 293 294 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt) 295 { 296 __u8 auth = opt; 297 298 BT_DBG("%s %x", hdev->name, auth); 299 300 /* Authentication */ 301 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth); 302 } 303 304 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt) 305 { 306 __u8 encrypt = opt; 307 308 BT_DBG("%s %x", hdev->name, encrypt); 309 310 /* Encryption */ 311 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt); 312 } 313 314 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt) 315 { 316 __le16 policy = cpu_to_le16(opt); 317 318 BT_DBG("%s %x", hdev->name, policy); 319 320 /* Default link policy */ 321 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy); 322 } 323 324 /* Get HCI device by index. 325 * Device is held on return. */ 326 struct hci_dev *hci_dev_get(int index) 327 { 328 struct hci_dev *hdev = NULL, *d; 329 330 BT_DBG("%d", index); 331 332 if (index < 0) 333 return NULL; 334 335 read_lock(&hci_dev_list_lock); 336 list_for_each_entry(d, &hci_dev_list, list) { 337 if (d->id == index) { 338 hdev = hci_dev_hold(d); 339 break; 340 } 341 } 342 read_unlock(&hci_dev_list_lock); 343 return hdev; 344 } 345 346 /* ---- Inquiry support ---- */ 347 348 bool hci_discovery_active(struct hci_dev *hdev) 349 { 350 struct discovery_state *discov = &hdev->discovery; 351 352 switch (discov->state) { 353 case DISCOVERY_FINDING: 354 case DISCOVERY_RESOLVING: 355 return true; 356 357 default: 358 return false; 359 } 360 } 361 362 void hci_discovery_set_state(struct hci_dev *hdev, int state) 363 { 364 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state); 365 366 if (hdev->discovery.state == state) 367 return; 368 369 switch (state) { 370 case DISCOVERY_STOPPED: 371 if (hdev->discovery.state != DISCOVERY_STARTING) 372 mgmt_discovering(hdev, 0); 373 break; 374 case DISCOVERY_STARTING: 375 break; 376 case DISCOVERY_FINDING: 377 mgmt_discovering(hdev, 1); 378 break; 379 case DISCOVERY_RESOLVING: 380 break; 381 case DISCOVERY_STOPPING: 382 break; 383 } 384 385 hdev->discovery.state = state; 386 } 387 388 static void inquiry_cache_flush(struct hci_dev *hdev) 389 { 390 struct discovery_state *cache = &hdev->discovery; 391 struct inquiry_entry *p, *n; 392 393 list_for_each_entry_safe(p, n, &cache->all, all) { 394 list_del(&p->all); 395 kfree(p); 396 } 397 398 INIT_LIST_HEAD(&cache->unknown); 399 INIT_LIST_HEAD(&cache->resolve); 400 } 401 402 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, 403 bdaddr_t *bdaddr) 404 { 405 struct discovery_state *cache = &hdev->discovery; 406 struct inquiry_entry *e; 407 408 BT_DBG("cache %p, %s", cache, batostr(bdaddr)); 409 410 list_for_each_entry(e, &cache->all, all) { 411 if (!bacmp(&e->data.bdaddr, bdaddr)) 412 return e; 413 } 414 415 return NULL; 416 } 417 418 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev, 419 bdaddr_t *bdaddr) 420 { 421 struct discovery_state *cache = &hdev->discovery; 422 struct inquiry_entry *e; 423 424 BT_DBG("cache %p, %s", cache, batostr(bdaddr)); 425 426 list_for_each_entry(e, &cache->unknown, list) { 427 if (!bacmp(&e->data.bdaddr, bdaddr)) 428 return e; 429 } 430 431 return NULL; 432 } 433 434 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev, 435 bdaddr_t *bdaddr, 436 int state) 437 { 438 struct discovery_state *cache = &hdev->discovery; 439 struct inquiry_entry *e; 440 441 BT_DBG("cache %p bdaddr %s state %d", cache, batostr(bdaddr), state); 442 443 list_for_each_entry(e, &cache->resolve, list) { 444 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state) 445 return e; 446 if (!bacmp(&e->data.bdaddr, bdaddr)) 447 return e; 448 } 449 450 return NULL; 451 } 452 453 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev, 454 struct inquiry_entry *ie) 455 { 456 struct discovery_state *cache = &hdev->discovery; 457 struct list_head *pos = &cache->resolve; 458 struct inquiry_entry *p; 459 460 list_del(&ie->list); 461 462 list_for_each_entry(p, &cache->resolve, list) { 463 if (p->name_state != NAME_PENDING && 464 abs(p->data.rssi) >= abs(ie->data.rssi)) 465 break; 466 pos = &p->list; 467 } 468 469 list_add(&ie->list, pos); 470 } 471 472 bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data, 473 bool name_known, bool *ssp) 474 { 475 struct discovery_state *cache = &hdev->discovery; 476 struct inquiry_entry *ie; 477 478 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr)); 479 480 if (ssp) 481 *ssp = data->ssp_mode; 482 483 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr); 484 if (ie) { 485 if (ie->data.ssp_mode && ssp) 486 *ssp = true; 487 488 if (ie->name_state == NAME_NEEDED && 489 data->rssi != ie->data.rssi) { 490 ie->data.rssi = data->rssi; 491 hci_inquiry_cache_update_resolve(hdev, ie); 492 } 493 494 goto update; 495 } 496 497 /* Entry not in the cache. Add new one. */ 498 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC); 499 if (!ie) 500 return false; 501 502 list_add(&ie->all, &cache->all); 503 504 if (name_known) { 505 ie->name_state = NAME_KNOWN; 506 } else { 507 ie->name_state = NAME_NOT_KNOWN; 508 list_add(&ie->list, &cache->unknown); 509 } 510 511 update: 512 if (name_known && ie->name_state != NAME_KNOWN && 513 ie->name_state != NAME_PENDING) { 514 ie->name_state = NAME_KNOWN; 515 list_del(&ie->list); 516 } 517 518 memcpy(&ie->data, data, sizeof(*data)); 519 ie->timestamp = jiffies; 520 cache->timestamp = jiffies; 521 522 if (ie->name_state == NAME_NOT_KNOWN) 523 return false; 524 525 return true; 526 } 527 528 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf) 529 { 530 struct discovery_state *cache = &hdev->discovery; 531 struct inquiry_info *info = (struct inquiry_info *) buf; 532 struct inquiry_entry *e; 533 int copied = 0; 534 535 list_for_each_entry(e, &cache->all, all) { 536 struct inquiry_data *data = &e->data; 537 538 if (copied >= num) 539 break; 540 541 bacpy(&info->bdaddr, &data->bdaddr); 542 info->pscan_rep_mode = data->pscan_rep_mode; 543 info->pscan_period_mode = data->pscan_period_mode; 544 info->pscan_mode = data->pscan_mode; 545 memcpy(info->dev_class, data->dev_class, 3); 546 info->clock_offset = data->clock_offset; 547 548 info++; 549 copied++; 550 } 551 552 BT_DBG("cache %p, copied %d", cache, copied); 553 return copied; 554 } 555 556 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt) 557 { 558 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt; 559 struct hci_cp_inquiry cp; 560 561 BT_DBG("%s", hdev->name); 562 563 if (test_bit(HCI_INQUIRY, &hdev->flags)) 564 return; 565 566 /* Start Inquiry */ 567 memcpy(&cp.lap, &ir->lap, 3); 568 cp.length = ir->length; 569 cp.num_rsp = ir->num_rsp; 570 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp); 571 } 572 573 int hci_inquiry(void __user *arg) 574 { 575 __u8 __user *ptr = arg; 576 struct hci_inquiry_req ir; 577 struct hci_dev *hdev; 578 int err = 0, do_inquiry = 0, max_rsp; 579 long timeo; 580 __u8 *buf; 581 582 if (copy_from_user(&ir, ptr, sizeof(ir))) 583 return -EFAULT; 584 585 hdev = hci_dev_get(ir.dev_id); 586 if (!hdev) 587 return -ENODEV; 588 589 hci_dev_lock(hdev); 590 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX || 591 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) { 592 inquiry_cache_flush(hdev); 593 do_inquiry = 1; 594 } 595 hci_dev_unlock(hdev); 596 597 timeo = ir.length * msecs_to_jiffies(2000); 598 599 if (do_inquiry) { 600 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo); 601 if (err < 0) 602 goto done; 603 } 604 605 /* for unlimited number of responses we will use buffer with 606 * 255 entries 607 */ 608 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp; 609 610 /* cache_dump can't sleep. Therefore we allocate temp buffer and then 611 * copy it to the user space. 612 */ 613 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL); 614 if (!buf) { 615 err = -ENOMEM; 616 goto done; 617 } 618 619 hci_dev_lock(hdev); 620 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf); 621 hci_dev_unlock(hdev); 622 623 BT_DBG("num_rsp %d", ir.num_rsp); 624 625 if (!copy_to_user(ptr, &ir, sizeof(ir))) { 626 ptr += sizeof(ir); 627 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) * 628 ir.num_rsp)) 629 err = -EFAULT; 630 } else 631 err = -EFAULT; 632 633 kfree(buf); 634 635 done: 636 hci_dev_put(hdev); 637 return err; 638 } 639 640 /* ---- HCI ioctl helpers ---- */ 641 642 int hci_dev_open(__u16 dev) 643 { 644 struct hci_dev *hdev; 645 int ret = 0; 646 647 hdev = hci_dev_get(dev); 648 if (!hdev) 649 return -ENODEV; 650 651 BT_DBG("%s %p", hdev->name, hdev); 652 653 hci_req_lock(hdev); 654 655 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) { 656 ret = -ENODEV; 657 goto done; 658 } 659 660 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) { 661 ret = -ERFKILL; 662 goto done; 663 } 664 665 if (test_bit(HCI_UP, &hdev->flags)) { 666 ret = -EALREADY; 667 goto done; 668 } 669 670 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 671 set_bit(HCI_RAW, &hdev->flags); 672 673 /* Treat all non BR/EDR controllers as raw devices if 674 enable_hs is not set */ 675 if (hdev->dev_type != HCI_BREDR && !enable_hs) 676 set_bit(HCI_RAW, &hdev->flags); 677 678 if (hdev->open(hdev)) { 679 ret = -EIO; 680 goto done; 681 } 682 683 if (!test_bit(HCI_RAW, &hdev->flags)) { 684 atomic_set(&hdev->cmd_cnt, 1); 685 set_bit(HCI_INIT, &hdev->flags); 686 hdev->init_last_cmd = 0; 687 688 ret = __hci_request(hdev, hci_init_req, 0, HCI_INIT_TIMEOUT); 689 690 if (lmp_host_le_capable(hdev)) 691 ret = __hci_request(hdev, hci_le_init_req, 0, 692 HCI_INIT_TIMEOUT); 693 694 clear_bit(HCI_INIT, &hdev->flags); 695 } 696 697 if (!ret) { 698 hci_dev_hold(hdev); 699 set_bit(HCI_UP, &hdev->flags); 700 hci_notify(hdev, HCI_DEV_UP); 701 if (!test_bit(HCI_SETUP, &hdev->dev_flags) && 702 mgmt_valid_hdev(hdev)) { 703 hci_dev_lock(hdev); 704 mgmt_powered(hdev, 1); 705 hci_dev_unlock(hdev); 706 } 707 } else { 708 /* Init failed, cleanup */ 709 flush_work(&hdev->tx_work); 710 flush_work(&hdev->cmd_work); 711 flush_work(&hdev->rx_work); 712 713 skb_queue_purge(&hdev->cmd_q); 714 skb_queue_purge(&hdev->rx_q); 715 716 if (hdev->flush) 717 hdev->flush(hdev); 718 719 if (hdev->sent_cmd) { 720 kfree_skb(hdev->sent_cmd); 721 hdev->sent_cmd = NULL; 722 } 723 724 hdev->close(hdev); 725 hdev->flags = 0; 726 } 727 728 done: 729 hci_req_unlock(hdev); 730 hci_dev_put(hdev); 731 return ret; 732 } 733 734 static int hci_dev_do_close(struct hci_dev *hdev) 735 { 736 BT_DBG("%s %p", hdev->name, hdev); 737 738 cancel_work_sync(&hdev->le_scan); 739 740 cancel_delayed_work(&hdev->power_off); 741 742 hci_req_cancel(hdev, ENODEV); 743 hci_req_lock(hdev); 744 745 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) { 746 del_timer_sync(&hdev->cmd_timer); 747 hci_req_unlock(hdev); 748 return 0; 749 } 750 751 /* Flush RX and TX works */ 752 flush_work(&hdev->tx_work); 753 flush_work(&hdev->rx_work); 754 755 if (hdev->discov_timeout > 0) { 756 cancel_delayed_work(&hdev->discov_off); 757 hdev->discov_timeout = 0; 758 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 759 } 760 761 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 762 cancel_delayed_work(&hdev->service_cache); 763 764 cancel_delayed_work_sync(&hdev->le_scan_disable); 765 766 hci_dev_lock(hdev); 767 inquiry_cache_flush(hdev); 768 hci_conn_hash_flush(hdev); 769 hci_dev_unlock(hdev); 770 771 hci_notify(hdev, HCI_DEV_DOWN); 772 773 if (hdev->flush) 774 hdev->flush(hdev); 775 776 /* Reset device */ 777 skb_queue_purge(&hdev->cmd_q); 778 atomic_set(&hdev->cmd_cnt, 1); 779 if (!test_bit(HCI_RAW, &hdev->flags) && 780 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) { 781 set_bit(HCI_INIT, &hdev->flags); 782 __hci_request(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT); 783 clear_bit(HCI_INIT, &hdev->flags); 784 } 785 786 /* flush cmd work */ 787 flush_work(&hdev->cmd_work); 788 789 /* Drop queues */ 790 skb_queue_purge(&hdev->rx_q); 791 skb_queue_purge(&hdev->cmd_q); 792 skb_queue_purge(&hdev->raw_q); 793 794 /* Drop last sent command */ 795 if (hdev->sent_cmd) { 796 del_timer_sync(&hdev->cmd_timer); 797 kfree_skb(hdev->sent_cmd); 798 hdev->sent_cmd = NULL; 799 } 800 801 /* After this point our queues are empty 802 * and no tasks are scheduled. */ 803 hdev->close(hdev); 804 805 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags) && 806 mgmt_valid_hdev(hdev)) { 807 hci_dev_lock(hdev); 808 mgmt_powered(hdev, 0); 809 hci_dev_unlock(hdev); 810 } 811 812 /* Clear flags */ 813 hdev->flags = 0; 814 815 memset(hdev->eir, 0, sizeof(hdev->eir)); 816 memset(hdev->dev_class, 0, sizeof(hdev->dev_class)); 817 818 hci_req_unlock(hdev); 819 820 hci_dev_put(hdev); 821 return 0; 822 } 823 824 int hci_dev_close(__u16 dev) 825 { 826 struct hci_dev *hdev; 827 int err; 828 829 hdev = hci_dev_get(dev); 830 if (!hdev) 831 return -ENODEV; 832 833 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 834 cancel_delayed_work(&hdev->power_off); 835 836 err = hci_dev_do_close(hdev); 837 838 hci_dev_put(hdev); 839 return err; 840 } 841 842 int hci_dev_reset(__u16 dev) 843 { 844 struct hci_dev *hdev; 845 int ret = 0; 846 847 hdev = hci_dev_get(dev); 848 if (!hdev) 849 return -ENODEV; 850 851 hci_req_lock(hdev); 852 853 if (!test_bit(HCI_UP, &hdev->flags)) 854 goto done; 855 856 /* Drop queues */ 857 skb_queue_purge(&hdev->rx_q); 858 skb_queue_purge(&hdev->cmd_q); 859 860 hci_dev_lock(hdev); 861 inquiry_cache_flush(hdev); 862 hci_conn_hash_flush(hdev); 863 hci_dev_unlock(hdev); 864 865 if (hdev->flush) 866 hdev->flush(hdev); 867 868 atomic_set(&hdev->cmd_cnt, 1); 869 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0; 870 871 if (!test_bit(HCI_RAW, &hdev->flags)) 872 ret = __hci_request(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT); 873 874 done: 875 hci_req_unlock(hdev); 876 hci_dev_put(hdev); 877 return ret; 878 } 879 880 int hci_dev_reset_stat(__u16 dev) 881 { 882 struct hci_dev *hdev; 883 int ret = 0; 884 885 hdev = hci_dev_get(dev); 886 if (!hdev) 887 return -ENODEV; 888 889 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats)); 890 891 hci_dev_put(hdev); 892 893 return ret; 894 } 895 896 int hci_dev_cmd(unsigned int cmd, void __user *arg) 897 { 898 struct hci_dev *hdev; 899 struct hci_dev_req dr; 900 int err = 0; 901 902 if (copy_from_user(&dr, arg, sizeof(dr))) 903 return -EFAULT; 904 905 hdev = hci_dev_get(dr.dev_id); 906 if (!hdev) 907 return -ENODEV; 908 909 switch (cmd) { 910 case HCISETAUTH: 911 err = hci_request(hdev, hci_auth_req, dr.dev_opt, 912 HCI_INIT_TIMEOUT); 913 break; 914 915 case HCISETENCRYPT: 916 if (!lmp_encrypt_capable(hdev)) { 917 err = -EOPNOTSUPP; 918 break; 919 } 920 921 if (!test_bit(HCI_AUTH, &hdev->flags)) { 922 /* Auth must be enabled first */ 923 err = hci_request(hdev, hci_auth_req, dr.dev_opt, 924 HCI_INIT_TIMEOUT); 925 if (err) 926 break; 927 } 928 929 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt, 930 HCI_INIT_TIMEOUT); 931 break; 932 933 case HCISETSCAN: 934 err = hci_request(hdev, hci_scan_req, dr.dev_opt, 935 HCI_INIT_TIMEOUT); 936 break; 937 938 case HCISETLINKPOL: 939 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt, 940 HCI_INIT_TIMEOUT); 941 break; 942 943 case HCISETLINKMODE: 944 hdev->link_mode = ((__u16) dr.dev_opt) & 945 (HCI_LM_MASTER | HCI_LM_ACCEPT); 946 break; 947 948 case HCISETPTYPE: 949 hdev->pkt_type = (__u16) dr.dev_opt; 950 break; 951 952 case HCISETACLMTU: 953 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1); 954 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0); 955 break; 956 957 case HCISETSCOMTU: 958 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1); 959 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0); 960 break; 961 962 default: 963 err = -EINVAL; 964 break; 965 } 966 967 hci_dev_put(hdev); 968 return err; 969 } 970 971 int hci_get_dev_list(void __user *arg) 972 { 973 struct hci_dev *hdev; 974 struct hci_dev_list_req *dl; 975 struct hci_dev_req *dr; 976 int n = 0, size, err; 977 __u16 dev_num; 978 979 if (get_user(dev_num, (__u16 __user *) arg)) 980 return -EFAULT; 981 982 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr)) 983 return -EINVAL; 984 985 size = sizeof(*dl) + dev_num * sizeof(*dr); 986 987 dl = kzalloc(size, GFP_KERNEL); 988 if (!dl) 989 return -ENOMEM; 990 991 dr = dl->dev_req; 992 993 read_lock(&hci_dev_list_lock); 994 list_for_each_entry(hdev, &hci_dev_list, list) { 995 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 996 cancel_delayed_work(&hdev->power_off); 997 998 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 999 set_bit(HCI_PAIRABLE, &hdev->dev_flags); 1000 1001 (dr + n)->dev_id = hdev->id; 1002 (dr + n)->dev_opt = hdev->flags; 1003 1004 if (++n >= dev_num) 1005 break; 1006 } 1007 read_unlock(&hci_dev_list_lock); 1008 1009 dl->dev_num = n; 1010 size = sizeof(*dl) + n * sizeof(*dr); 1011 1012 err = copy_to_user(arg, dl, size); 1013 kfree(dl); 1014 1015 return err ? -EFAULT : 0; 1016 } 1017 1018 int hci_get_dev_info(void __user *arg) 1019 { 1020 struct hci_dev *hdev; 1021 struct hci_dev_info di; 1022 int err = 0; 1023 1024 if (copy_from_user(&di, arg, sizeof(di))) 1025 return -EFAULT; 1026 1027 hdev = hci_dev_get(di.dev_id); 1028 if (!hdev) 1029 return -ENODEV; 1030 1031 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 1032 cancel_delayed_work_sync(&hdev->power_off); 1033 1034 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 1035 set_bit(HCI_PAIRABLE, &hdev->dev_flags); 1036 1037 strcpy(di.name, hdev->name); 1038 di.bdaddr = hdev->bdaddr; 1039 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4); 1040 di.flags = hdev->flags; 1041 di.pkt_type = hdev->pkt_type; 1042 di.acl_mtu = hdev->acl_mtu; 1043 di.acl_pkts = hdev->acl_pkts; 1044 di.sco_mtu = hdev->sco_mtu; 1045 di.sco_pkts = hdev->sco_pkts; 1046 di.link_policy = hdev->link_policy; 1047 di.link_mode = hdev->link_mode; 1048 1049 memcpy(&di.stat, &hdev->stat, sizeof(di.stat)); 1050 memcpy(&di.features, &hdev->features, sizeof(di.features)); 1051 1052 if (copy_to_user(arg, &di, sizeof(di))) 1053 err = -EFAULT; 1054 1055 hci_dev_put(hdev); 1056 1057 return err; 1058 } 1059 1060 /* ---- Interface to HCI drivers ---- */ 1061 1062 static int hci_rfkill_set_block(void *data, bool blocked) 1063 { 1064 struct hci_dev *hdev = data; 1065 1066 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked); 1067 1068 if (!blocked) 1069 return 0; 1070 1071 hci_dev_do_close(hdev); 1072 1073 return 0; 1074 } 1075 1076 static const struct rfkill_ops hci_rfkill_ops = { 1077 .set_block = hci_rfkill_set_block, 1078 }; 1079 1080 static void hci_power_on(struct work_struct *work) 1081 { 1082 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on); 1083 1084 BT_DBG("%s", hdev->name); 1085 1086 if (hci_dev_open(hdev->id) < 0) 1087 return; 1088 1089 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 1090 schedule_delayed_work(&hdev->power_off, HCI_AUTO_OFF_TIMEOUT); 1091 1092 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags)) 1093 mgmt_index_added(hdev); 1094 } 1095 1096 static void hci_power_off(struct work_struct *work) 1097 { 1098 struct hci_dev *hdev = container_of(work, struct hci_dev, 1099 power_off.work); 1100 1101 BT_DBG("%s", hdev->name); 1102 1103 hci_dev_do_close(hdev); 1104 } 1105 1106 static void hci_discov_off(struct work_struct *work) 1107 { 1108 struct hci_dev *hdev; 1109 u8 scan = SCAN_PAGE; 1110 1111 hdev = container_of(work, struct hci_dev, discov_off.work); 1112 1113 BT_DBG("%s", hdev->name); 1114 1115 hci_dev_lock(hdev); 1116 1117 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan); 1118 1119 hdev->discov_timeout = 0; 1120 1121 hci_dev_unlock(hdev); 1122 } 1123 1124 int hci_uuids_clear(struct hci_dev *hdev) 1125 { 1126 struct list_head *p, *n; 1127 1128 list_for_each_safe(p, n, &hdev->uuids) { 1129 struct bt_uuid *uuid; 1130 1131 uuid = list_entry(p, struct bt_uuid, list); 1132 1133 list_del(p); 1134 kfree(uuid); 1135 } 1136 1137 return 0; 1138 } 1139 1140 int hci_link_keys_clear(struct hci_dev *hdev) 1141 { 1142 struct list_head *p, *n; 1143 1144 list_for_each_safe(p, n, &hdev->link_keys) { 1145 struct link_key *key; 1146 1147 key = list_entry(p, struct link_key, list); 1148 1149 list_del(p); 1150 kfree(key); 1151 } 1152 1153 return 0; 1154 } 1155 1156 int hci_smp_ltks_clear(struct hci_dev *hdev) 1157 { 1158 struct smp_ltk *k, *tmp; 1159 1160 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) { 1161 list_del(&k->list); 1162 kfree(k); 1163 } 1164 1165 return 0; 1166 } 1167 1168 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr) 1169 { 1170 struct link_key *k; 1171 1172 list_for_each_entry(k, &hdev->link_keys, list) 1173 if (bacmp(bdaddr, &k->bdaddr) == 0) 1174 return k; 1175 1176 return NULL; 1177 } 1178 1179 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn, 1180 u8 key_type, u8 old_key_type) 1181 { 1182 /* Legacy key */ 1183 if (key_type < 0x03) 1184 return true; 1185 1186 /* Debug keys are insecure so don't store them persistently */ 1187 if (key_type == HCI_LK_DEBUG_COMBINATION) 1188 return false; 1189 1190 /* Changed combination key and there's no previous one */ 1191 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff) 1192 return false; 1193 1194 /* Security mode 3 case */ 1195 if (!conn) 1196 return true; 1197 1198 /* Neither local nor remote side had no-bonding as requirement */ 1199 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01) 1200 return true; 1201 1202 /* Local side had dedicated bonding as requirement */ 1203 if (conn->auth_type == 0x02 || conn->auth_type == 0x03) 1204 return true; 1205 1206 /* Remote side had dedicated bonding as requirement */ 1207 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) 1208 return true; 1209 1210 /* If none of the above criteria match, then don't store the key 1211 * persistently */ 1212 return false; 1213 } 1214 1215 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8]) 1216 { 1217 struct smp_ltk *k; 1218 1219 list_for_each_entry(k, &hdev->long_term_keys, list) { 1220 if (k->ediv != ediv || 1221 memcmp(rand, k->rand, sizeof(k->rand))) 1222 continue; 1223 1224 return k; 1225 } 1226 1227 return NULL; 1228 } 1229 1230 struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr, 1231 u8 addr_type) 1232 { 1233 struct smp_ltk *k; 1234 1235 list_for_each_entry(k, &hdev->long_term_keys, list) 1236 if (addr_type == k->bdaddr_type && 1237 bacmp(bdaddr, &k->bdaddr) == 0) 1238 return k; 1239 1240 return NULL; 1241 } 1242 1243 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key, 1244 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len) 1245 { 1246 struct link_key *key, *old_key; 1247 u8 old_key_type; 1248 bool persistent; 1249 1250 old_key = hci_find_link_key(hdev, bdaddr); 1251 if (old_key) { 1252 old_key_type = old_key->type; 1253 key = old_key; 1254 } else { 1255 old_key_type = conn ? conn->key_type : 0xff; 1256 key = kzalloc(sizeof(*key), GFP_ATOMIC); 1257 if (!key) 1258 return -ENOMEM; 1259 list_add(&key->list, &hdev->link_keys); 1260 } 1261 1262 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type); 1263 1264 /* Some buggy controller combinations generate a changed 1265 * combination key for legacy pairing even when there's no 1266 * previous key */ 1267 if (type == HCI_LK_CHANGED_COMBINATION && 1268 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) { 1269 type = HCI_LK_COMBINATION; 1270 if (conn) 1271 conn->key_type = type; 1272 } 1273 1274 bacpy(&key->bdaddr, bdaddr); 1275 memcpy(key->val, val, HCI_LINK_KEY_SIZE); 1276 key->pin_len = pin_len; 1277 1278 if (type == HCI_LK_CHANGED_COMBINATION) 1279 key->type = old_key_type; 1280 else 1281 key->type = type; 1282 1283 if (!new_key) 1284 return 0; 1285 1286 persistent = hci_persistent_key(hdev, conn, type, old_key_type); 1287 1288 mgmt_new_link_key(hdev, key, persistent); 1289 1290 if (conn) 1291 conn->flush_key = !persistent; 1292 1293 return 0; 1294 } 1295 1296 int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type, 1297 int new_key, u8 authenticated, u8 tk[16], u8 enc_size, __le16 1298 ediv, u8 rand[8]) 1299 { 1300 struct smp_ltk *key, *old_key; 1301 1302 if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK)) 1303 return 0; 1304 1305 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type); 1306 if (old_key) 1307 key = old_key; 1308 else { 1309 key = kzalloc(sizeof(*key), GFP_ATOMIC); 1310 if (!key) 1311 return -ENOMEM; 1312 list_add(&key->list, &hdev->long_term_keys); 1313 } 1314 1315 bacpy(&key->bdaddr, bdaddr); 1316 key->bdaddr_type = addr_type; 1317 memcpy(key->val, tk, sizeof(key->val)); 1318 key->authenticated = authenticated; 1319 key->ediv = ediv; 1320 key->enc_size = enc_size; 1321 key->type = type; 1322 memcpy(key->rand, rand, sizeof(key->rand)); 1323 1324 if (!new_key) 1325 return 0; 1326 1327 if (type & HCI_SMP_LTK) 1328 mgmt_new_ltk(hdev, key, 1); 1329 1330 return 0; 1331 } 1332 1333 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr) 1334 { 1335 struct link_key *key; 1336 1337 key = hci_find_link_key(hdev, bdaddr); 1338 if (!key) 1339 return -ENOENT; 1340 1341 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr)); 1342 1343 list_del(&key->list); 1344 kfree(key); 1345 1346 return 0; 1347 } 1348 1349 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr) 1350 { 1351 struct smp_ltk *k, *tmp; 1352 1353 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) { 1354 if (bacmp(bdaddr, &k->bdaddr)) 1355 continue; 1356 1357 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr)); 1358 1359 list_del(&k->list); 1360 kfree(k); 1361 } 1362 1363 return 0; 1364 } 1365 1366 /* HCI command timer function */ 1367 static void hci_cmd_timeout(unsigned long arg) 1368 { 1369 struct hci_dev *hdev = (void *) arg; 1370 1371 if (hdev->sent_cmd) { 1372 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data; 1373 u16 opcode = __le16_to_cpu(sent->opcode); 1374 1375 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode); 1376 } else { 1377 BT_ERR("%s command tx timeout", hdev->name); 1378 } 1379 1380 atomic_set(&hdev->cmd_cnt, 1); 1381 queue_work(hdev->workqueue, &hdev->cmd_work); 1382 } 1383 1384 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev, 1385 bdaddr_t *bdaddr) 1386 { 1387 struct oob_data *data; 1388 1389 list_for_each_entry(data, &hdev->remote_oob_data, list) 1390 if (bacmp(bdaddr, &data->bdaddr) == 0) 1391 return data; 1392 1393 return NULL; 1394 } 1395 1396 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr) 1397 { 1398 struct oob_data *data; 1399 1400 data = hci_find_remote_oob_data(hdev, bdaddr); 1401 if (!data) 1402 return -ENOENT; 1403 1404 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr)); 1405 1406 list_del(&data->list); 1407 kfree(data); 1408 1409 return 0; 1410 } 1411 1412 int hci_remote_oob_data_clear(struct hci_dev *hdev) 1413 { 1414 struct oob_data *data, *n; 1415 1416 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) { 1417 list_del(&data->list); 1418 kfree(data); 1419 } 1420 1421 return 0; 1422 } 1423 1424 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash, 1425 u8 *randomizer) 1426 { 1427 struct oob_data *data; 1428 1429 data = hci_find_remote_oob_data(hdev, bdaddr); 1430 1431 if (!data) { 1432 data = kmalloc(sizeof(*data), GFP_ATOMIC); 1433 if (!data) 1434 return -ENOMEM; 1435 1436 bacpy(&data->bdaddr, bdaddr); 1437 list_add(&data->list, &hdev->remote_oob_data); 1438 } 1439 1440 memcpy(data->hash, hash, sizeof(data->hash)); 1441 memcpy(data->randomizer, randomizer, sizeof(data->randomizer)); 1442 1443 BT_DBG("%s for %s", hdev->name, batostr(bdaddr)); 1444 1445 return 0; 1446 } 1447 1448 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr) 1449 { 1450 struct bdaddr_list *b; 1451 1452 list_for_each_entry(b, &hdev->blacklist, list) 1453 if (bacmp(bdaddr, &b->bdaddr) == 0) 1454 return b; 1455 1456 return NULL; 1457 } 1458 1459 int hci_blacklist_clear(struct hci_dev *hdev) 1460 { 1461 struct list_head *p, *n; 1462 1463 list_for_each_safe(p, n, &hdev->blacklist) { 1464 struct bdaddr_list *b; 1465 1466 b = list_entry(p, struct bdaddr_list, list); 1467 1468 list_del(p); 1469 kfree(b); 1470 } 1471 1472 return 0; 1473 } 1474 1475 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 1476 { 1477 struct bdaddr_list *entry; 1478 1479 if (bacmp(bdaddr, BDADDR_ANY) == 0) 1480 return -EBADF; 1481 1482 if (hci_blacklist_lookup(hdev, bdaddr)) 1483 return -EEXIST; 1484 1485 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL); 1486 if (!entry) 1487 return -ENOMEM; 1488 1489 bacpy(&entry->bdaddr, bdaddr); 1490 1491 list_add(&entry->list, &hdev->blacklist); 1492 1493 return mgmt_device_blocked(hdev, bdaddr, type); 1494 } 1495 1496 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 1497 { 1498 struct bdaddr_list *entry; 1499 1500 if (bacmp(bdaddr, BDADDR_ANY) == 0) 1501 return hci_blacklist_clear(hdev); 1502 1503 entry = hci_blacklist_lookup(hdev, bdaddr); 1504 if (!entry) 1505 return -ENOENT; 1506 1507 list_del(&entry->list); 1508 kfree(entry); 1509 1510 return mgmt_device_unblocked(hdev, bdaddr, type); 1511 } 1512 1513 static void le_scan_param_req(struct hci_dev *hdev, unsigned long opt) 1514 { 1515 struct le_scan_params *param = (struct le_scan_params *) opt; 1516 struct hci_cp_le_set_scan_param cp; 1517 1518 memset(&cp, 0, sizeof(cp)); 1519 cp.type = param->type; 1520 cp.interval = cpu_to_le16(param->interval); 1521 cp.window = cpu_to_le16(param->window); 1522 1523 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_PARAM, sizeof(cp), &cp); 1524 } 1525 1526 static void le_scan_enable_req(struct hci_dev *hdev, unsigned long opt) 1527 { 1528 struct hci_cp_le_set_scan_enable cp; 1529 1530 memset(&cp, 0, sizeof(cp)); 1531 cp.enable = 1; 1532 cp.filter_dup = 1; 1533 1534 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 1535 } 1536 1537 static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval, 1538 u16 window, int timeout) 1539 { 1540 long timeo = msecs_to_jiffies(3000); 1541 struct le_scan_params param; 1542 int err; 1543 1544 BT_DBG("%s", hdev->name); 1545 1546 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) 1547 return -EINPROGRESS; 1548 1549 param.type = type; 1550 param.interval = interval; 1551 param.window = window; 1552 1553 hci_req_lock(hdev); 1554 1555 err = __hci_request(hdev, le_scan_param_req, (unsigned long) ¶m, 1556 timeo); 1557 if (!err) 1558 err = __hci_request(hdev, le_scan_enable_req, 0, timeo); 1559 1560 hci_req_unlock(hdev); 1561 1562 if (err < 0) 1563 return err; 1564 1565 schedule_delayed_work(&hdev->le_scan_disable, 1566 msecs_to_jiffies(timeout)); 1567 1568 return 0; 1569 } 1570 1571 int hci_cancel_le_scan(struct hci_dev *hdev) 1572 { 1573 BT_DBG("%s", hdev->name); 1574 1575 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags)) 1576 return -EALREADY; 1577 1578 if (cancel_delayed_work(&hdev->le_scan_disable)) { 1579 struct hci_cp_le_set_scan_enable cp; 1580 1581 /* Send HCI command to disable LE Scan */ 1582 memset(&cp, 0, sizeof(cp)); 1583 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 1584 } 1585 1586 return 0; 1587 } 1588 1589 static void le_scan_disable_work(struct work_struct *work) 1590 { 1591 struct hci_dev *hdev = container_of(work, struct hci_dev, 1592 le_scan_disable.work); 1593 struct hci_cp_le_set_scan_enable cp; 1594 1595 BT_DBG("%s", hdev->name); 1596 1597 memset(&cp, 0, sizeof(cp)); 1598 1599 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 1600 } 1601 1602 static void le_scan_work(struct work_struct *work) 1603 { 1604 struct hci_dev *hdev = container_of(work, struct hci_dev, le_scan); 1605 struct le_scan_params *param = &hdev->le_scan_params; 1606 1607 BT_DBG("%s", hdev->name); 1608 1609 hci_do_le_scan(hdev, param->type, param->interval, param->window, 1610 param->timeout); 1611 } 1612 1613 int hci_le_scan(struct hci_dev *hdev, u8 type, u16 interval, u16 window, 1614 int timeout) 1615 { 1616 struct le_scan_params *param = &hdev->le_scan_params; 1617 1618 BT_DBG("%s", hdev->name); 1619 1620 if (work_busy(&hdev->le_scan)) 1621 return -EINPROGRESS; 1622 1623 param->type = type; 1624 param->interval = interval; 1625 param->window = window; 1626 param->timeout = timeout; 1627 1628 queue_work(system_long_wq, &hdev->le_scan); 1629 1630 return 0; 1631 } 1632 1633 /* Alloc HCI device */ 1634 struct hci_dev *hci_alloc_dev(void) 1635 { 1636 struct hci_dev *hdev; 1637 1638 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL); 1639 if (!hdev) 1640 return NULL; 1641 1642 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1); 1643 hdev->esco_type = (ESCO_HV1); 1644 hdev->link_mode = (HCI_LM_ACCEPT); 1645 hdev->io_capability = 0x03; /* No Input No Output */ 1646 1647 hdev->sniff_max_interval = 800; 1648 hdev->sniff_min_interval = 80; 1649 1650 mutex_init(&hdev->lock); 1651 mutex_init(&hdev->req_lock); 1652 1653 INIT_LIST_HEAD(&hdev->mgmt_pending); 1654 INIT_LIST_HEAD(&hdev->blacklist); 1655 INIT_LIST_HEAD(&hdev->uuids); 1656 INIT_LIST_HEAD(&hdev->link_keys); 1657 INIT_LIST_HEAD(&hdev->long_term_keys); 1658 INIT_LIST_HEAD(&hdev->remote_oob_data); 1659 INIT_LIST_HEAD(&hdev->conn_hash.list); 1660 1661 INIT_WORK(&hdev->rx_work, hci_rx_work); 1662 INIT_WORK(&hdev->cmd_work, hci_cmd_work); 1663 INIT_WORK(&hdev->tx_work, hci_tx_work); 1664 INIT_WORK(&hdev->power_on, hci_power_on); 1665 INIT_WORK(&hdev->le_scan, le_scan_work); 1666 1667 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off); 1668 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off); 1669 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work); 1670 1671 skb_queue_head_init(&hdev->driver_init); 1672 skb_queue_head_init(&hdev->rx_q); 1673 skb_queue_head_init(&hdev->cmd_q); 1674 skb_queue_head_init(&hdev->raw_q); 1675 1676 init_waitqueue_head(&hdev->req_wait_q); 1677 1678 setup_timer(&hdev->cmd_timer, hci_cmd_timeout, (unsigned long) hdev); 1679 1680 hci_init_sysfs(hdev); 1681 discovery_init(hdev); 1682 1683 return hdev; 1684 } 1685 EXPORT_SYMBOL(hci_alloc_dev); 1686 1687 /* Free HCI device */ 1688 void hci_free_dev(struct hci_dev *hdev) 1689 { 1690 skb_queue_purge(&hdev->driver_init); 1691 1692 /* will free via device release */ 1693 put_device(&hdev->dev); 1694 } 1695 EXPORT_SYMBOL(hci_free_dev); 1696 1697 /* Register HCI device */ 1698 int hci_register_dev(struct hci_dev *hdev) 1699 { 1700 int id, error; 1701 1702 if (!hdev->open || !hdev->close) 1703 return -EINVAL; 1704 1705 /* Do not allow HCI_AMP devices to register at index 0, 1706 * so the index can be used as the AMP controller ID. 1707 */ 1708 switch (hdev->dev_type) { 1709 case HCI_BREDR: 1710 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL); 1711 break; 1712 case HCI_AMP: 1713 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL); 1714 break; 1715 default: 1716 return -EINVAL; 1717 } 1718 1719 if (id < 0) 1720 return id; 1721 1722 sprintf(hdev->name, "hci%d", id); 1723 hdev->id = id; 1724 1725 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus); 1726 1727 write_lock(&hci_dev_list_lock); 1728 list_add(&hdev->list, &hci_dev_list); 1729 write_unlock(&hci_dev_list_lock); 1730 1731 hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND | 1732 WQ_MEM_RECLAIM, 1); 1733 if (!hdev->workqueue) { 1734 error = -ENOMEM; 1735 goto err; 1736 } 1737 1738 error = hci_add_sysfs(hdev); 1739 if (error < 0) 1740 goto err_wqueue; 1741 1742 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev, 1743 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, 1744 hdev); 1745 if (hdev->rfkill) { 1746 if (rfkill_register(hdev->rfkill) < 0) { 1747 rfkill_destroy(hdev->rfkill); 1748 hdev->rfkill = NULL; 1749 } 1750 } 1751 1752 set_bit(HCI_SETUP, &hdev->dev_flags); 1753 1754 if (hdev->dev_type != HCI_AMP) 1755 set_bit(HCI_AUTO_OFF, &hdev->dev_flags); 1756 1757 schedule_work(&hdev->power_on); 1758 1759 hci_notify(hdev, HCI_DEV_REG); 1760 hci_dev_hold(hdev); 1761 1762 return id; 1763 1764 err_wqueue: 1765 destroy_workqueue(hdev->workqueue); 1766 err: 1767 ida_simple_remove(&hci_index_ida, hdev->id); 1768 write_lock(&hci_dev_list_lock); 1769 list_del(&hdev->list); 1770 write_unlock(&hci_dev_list_lock); 1771 1772 return error; 1773 } 1774 EXPORT_SYMBOL(hci_register_dev); 1775 1776 /* Unregister HCI device */ 1777 void hci_unregister_dev(struct hci_dev *hdev) 1778 { 1779 int i, id; 1780 1781 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus); 1782 1783 set_bit(HCI_UNREGISTER, &hdev->dev_flags); 1784 1785 id = hdev->id; 1786 1787 write_lock(&hci_dev_list_lock); 1788 list_del(&hdev->list); 1789 write_unlock(&hci_dev_list_lock); 1790 1791 hci_dev_do_close(hdev); 1792 1793 for (i = 0; i < NUM_REASSEMBLY; i++) 1794 kfree_skb(hdev->reassembly[i]); 1795 1796 if (!test_bit(HCI_INIT, &hdev->flags) && 1797 !test_bit(HCI_SETUP, &hdev->dev_flags)) { 1798 hci_dev_lock(hdev); 1799 mgmt_index_removed(hdev); 1800 hci_dev_unlock(hdev); 1801 } 1802 1803 /* mgmt_index_removed should take care of emptying the 1804 * pending list */ 1805 BUG_ON(!list_empty(&hdev->mgmt_pending)); 1806 1807 hci_notify(hdev, HCI_DEV_UNREG); 1808 1809 if (hdev->rfkill) { 1810 rfkill_unregister(hdev->rfkill); 1811 rfkill_destroy(hdev->rfkill); 1812 } 1813 1814 hci_del_sysfs(hdev); 1815 1816 destroy_workqueue(hdev->workqueue); 1817 1818 hci_dev_lock(hdev); 1819 hci_blacklist_clear(hdev); 1820 hci_uuids_clear(hdev); 1821 hci_link_keys_clear(hdev); 1822 hci_smp_ltks_clear(hdev); 1823 hci_remote_oob_data_clear(hdev); 1824 hci_dev_unlock(hdev); 1825 1826 hci_dev_put(hdev); 1827 1828 ida_simple_remove(&hci_index_ida, id); 1829 } 1830 EXPORT_SYMBOL(hci_unregister_dev); 1831 1832 /* Suspend HCI device */ 1833 int hci_suspend_dev(struct hci_dev *hdev) 1834 { 1835 hci_notify(hdev, HCI_DEV_SUSPEND); 1836 return 0; 1837 } 1838 EXPORT_SYMBOL(hci_suspend_dev); 1839 1840 /* Resume HCI device */ 1841 int hci_resume_dev(struct hci_dev *hdev) 1842 { 1843 hci_notify(hdev, HCI_DEV_RESUME); 1844 return 0; 1845 } 1846 EXPORT_SYMBOL(hci_resume_dev); 1847 1848 /* Receive frame from HCI drivers */ 1849 int hci_recv_frame(struct sk_buff *skb) 1850 { 1851 struct hci_dev *hdev = (struct hci_dev *) skb->dev; 1852 if (!hdev || (!test_bit(HCI_UP, &hdev->flags) 1853 && !test_bit(HCI_INIT, &hdev->flags))) { 1854 kfree_skb(skb); 1855 return -ENXIO; 1856 } 1857 1858 /* Incomming skb */ 1859 bt_cb(skb)->incoming = 1; 1860 1861 /* Time stamp */ 1862 __net_timestamp(skb); 1863 1864 skb_queue_tail(&hdev->rx_q, skb); 1865 queue_work(hdev->workqueue, &hdev->rx_work); 1866 1867 return 0; 1868 } 1869 EXPORT_SYMBOL(hci_recv_frame); 1870 1871 static int hci_reassembly(struct hci_dev *hdev, int type, void *data, 1872 int count, __u8 index) 1873 { 1874 int len = 0; 1875 int hlen = 0; 1876 int remain = count; 1877 struct sk_buff *skb; 1878 struct bt_skb_cb *scb; 1879 1880 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) || 1881 index >= NUM_REASSEMBLY) 1882 return -EILSEQ; 1883 1884 skb = hdev->reassembly[index]; 1885 1886 if (!skb) { 1887 switch (type) { 1888 case HCI_ACLDATA_PKT: 1889 len = HCI_MAX_FRAME_SIZE; 1890 hlen = HCI_ACL_HDR_SIZE; 1891 break; 1892 case HCI_EVENT_PKT: 1893 len = HCI_MAX_EVENT_SIZE; 1894 hlen = HCI_EVENT_HDR_SIZE; 1895 break; 1896 case HCI_SCODATA_PKT: 1897 len = HCI_MAX_SCO_SIZE; 1898 hlen = HCI_SCO_HDR_SIZE; 1899 break; 1900 } 1901 1902 skb = bt_skb_alloc(len, GFP_ATOMIC); 1903 if (!skb) 1904 return -ENOMEM; 1905 1906 scb = (void *) skb->cb; 1907 scb->expect = hlen; 1908 scb->pkt_type = type; 1909 1910 skb->dev = (void *) hdev; 1911 hdev->reassembly[index] = skb; 1912 } 1913 1914 while (count) { 1915 scb = (void *) skb->cb; 1916 len = min_t(uint, scb->expect, count); 1917 1918 memcpy(skb_put(skb, len), data, len); 1919 1920 count -= len; 1921 data += len; 1922 scb->expect -= len; 1923 remain = count; 1924 1925 switch (type) { 1926 case HCI_EVENT_PKT: 1927 if (skb->len == HCI_EVENT_HDR_SIZE) { 1928 struct hci_event_hdr *h = hci_event_hdr(skb); 1929 scb->expect = h->plen; 1930 1931 if (skb_tailroom(skb) < scb->expect) { 1932 kfree_skb(skb); 1933 hdev->reassembly[index] = NULL; 1934 return -ENOMEM; 1935 } 1936 } 1937 break; 1938 1939 case HCI_ACLDATA_PKT: 1940 if (skb->len == HCI_ACL_HDR_SIZE) { 1941 struct hci_acl_hdr *h = hci_acl_hdr(skb); 1942 scb->expect = __le16_to_cpu(h->dlen); 1943 1944 if (skb_tailroom(skb) < scb->expect) { 1945 kfree_skb(skb); 1946 hdev->reassembly[index] = NULL; 1947 return -ENOMEM; 1948 } 1949 } 1950 break; 1951 1952 case HCI_SCODATA_PKT: 1953 if (skb->len == HCI_SCO_HDR_SIZE) { 1954 struct hci_sco_hdr *h = hci_sco_hdr(skb); 1955 scb->expect = h->dlen; 1956 1957 if (skb_tailroom(skb) < scb->expect) { 1958 kfree_skb(skb); 1959 hdev->reassembly[index] = NULL; 1960 return -ENOMEM; 1961 } 1962 } 1963 break; 1964 } 1965 1966 if (scb->expect == 0) { 1967 /* Complete frame */ 1968 1969 bt_cb(skb)->pkt_type = type; 1970 hci_recv_frame(skb); 1971 1972 hdev->reassembly[index] = NULL; 1973 return remain; 1974 } 1975 } 1976 1977 return remain; 1978 } 1979 1980 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count) 1981 { 1982 int rem = 0; 1983 1984 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) 1985 return -EILSEQ; 1986 1987 while (count) { 1988 rem = hci_reassembly(hdev, type, data, count, type - 1); 1989 if (rem < 0) 1990 return rem; 1991 1992 data += (count - rem); 1993 count = rem; 1994 } 1995 1996 return rem; 1997 } 1998 EXPORT_SYMBOL(hci_recv_fragment); 1999 2000 #define STREAM_REASSEMBLY 0 2001 2002 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count) 2003 { 2004 int type; 2005 int rem = 0; 2006 2007 while (count) { 2008 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY]; 2009 2010 if (!skb) { 2011 struct { char type; } *pkt; 2012 2013 /* Start of the frame */ 2014 pkt = data; 2015 type = pkt->type; 2016 2017 data++; 2018 count--; 2019 } else 2020 type = bt_cb(skb)->pkt_type; 2021 2022 rem = hci_reassembly(hdev, type, data, count, 2023 STREAM_REASSEMBLY); 2024 if (rem < 0) 2025 return rem; 2026 2027 data += (count - rem); 2028 count = rem; 2029 } 2030 2031 return rem; 2032 } 2033 EXPORT_SYMBOL(hci_recv_stream_fragment); 2034 2035 /* ---- Interface to upper protocols ---- */ 2036 2037 int hci_register_cb(struct hci_cb *cb) 2038 { 2039 BT_DBG("%p name %s", cb, cb->name); 2040 2041 write_lock(&hci_cb_list_lock); 2042 list_add(&cb->list, &hci_cb_list); 2043 write_unlock(&hci_cb_list_lock); 2044 2045 return 0; 2046 } 2047 EXPORT_SYMBOL(hci_register_cb); 2048 2049 int hci_unregister_cb(struct hci_cb *cb) 2050 { 2051 BT_DBG("%p name %s", cb, cb->name); 2052 2053 write_lock(&hci_cb_list_lock); 2054 list_del(&cb->list); 2055 write_unlock(&hci_cb_list_lock); 2056 2057 return 0; 2058 } 2059 EXPORT_SYMBOL(hci_unregister_cb); 2060 2061 static int hci_send_frame(struct sk_buff *skb) 2062 { 2063 struct hci_dev *hdev = (struct hci_dev *) skb->dev; 2064 2065 if (!hdev) { 2066 kfree_skb(skb); 2067 return -ENODEV; 2068 } 2069 2070 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len); 2071 2072 /* Time stamp */ 2073 __net_timestamp(skb); 2074 2075 /* Send copy to monitor */ 2076 hci_send_to_monitor(hdev, skb); 2077 2078 if (atomic_read(&hdev->promisc)) { 2079 /* Send copy to the sockets */ 2080 hci_send_to_sock(hdev, skb); 2081 } 2082 2083 /* Get rid of skb owner, prior to sending to the driver. */ 2084 skb_orphan(skb); 2085 2086 return hdev->send(skb); 2087 } 2088 2089 /* Send HCI command */ 2090 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param) 2091 { 2092 int len = HCI_COMMAND_HDR_SIZE + plen; 2093 struct hci_command_hdr *hdr; 2094 struct sk_buff *skb; 2095 2096 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen); 2097 2098 skb = bt_skb_alloc(len, GFP_ATOMIC); 2099 if (!skb) { 2100 BT_ERR("%s no memory for command", hdev->name); 2101 return -ENOMEM; 2102 } 2103 2104 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE); 2105 hdr->opcode = cpu_to_le16(opcode); 2106 hdr->plen = plen; 2107 2108 if (plen) 2109 memcpy(skb_put(skb, plen), param, plen); 2110 2111 BT_DBG("skb len %d", skb->len); 2112 2113 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT; 2114 skb->dev = (void *) hdev; 2115 2116 if (test_bit(HCI_INIT, &hdev->flags)) 2117 hdev->init_last_cmd = opcode; 2118 2119 skb_queue_tail(&hdev->cmd_q, skb); 2120 queue_work(hdev->workqueue, &hdev->cmd_work); 2121 2122 return 0; 2123 } 2124 2125 /* Get data from the previously sent command */ 2126 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode) 2127 { 2128 struct hci_command_hdr *hdr; 2129 2130 if (!hdev->sent_cmd) 2131 return NULL; 2132 2133 hdr = (void *) hdev->sent_cmd->data; 2134 2135 if (hdr->opcode != cpu_to_le16(opcode)) 2136 return NULL; 2137 2138 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); 2139 2140 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE; 2141 } 2142 2143 /* Send ACL data */ 2144 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags) 2145 { 2146 struct hci_acl_hdr *hdr; 2147 int len = skb->len; 2148 2149 skb_push(skb, HCI_ACL_HDR_SIZE); 2150 skb_reset_transport_header(skb); 2151 hdr = (struct hci_acl_hdr *)skb_transport_header(skb); 2152 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags)); 2153 hdr->dlen = cpu_to_le16(len); 2154 } 2155 2156 static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue, 2157 struct sk_buff *skb, __u16 flags) 2158 { 2159 struct hci_dev *hdev = conn->hdev; 2160 struct sk_buff *list; 2161 2162 skb->len = skb_headlen(skb); 2163 skb->data_len = 0; 2164 2165 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 2166 hci_add_acl_hdr(skb, conn->handle, flags); 2167 2168 list = skb_shinfo(skb)->frag_list; 2169 if (!list) { 2170 /* Non fragmented */ 2171 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len); 2172 2173 skb_queue_tail(queue, skb); 2174 } else { 2175 /* Fragmented */ 2176 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len); 2177 2178 skb_shinfo(skb)->frag_list = NULL; 2179 2180 /* Queue all fragments atomically */ 2181 spin_lock(&queue->lock); 2182 2183 __skb_queue_tail(queue, skb); 2184 2185 flags &= ~ACL_START; 2186 flags |= ACL_CONT; 2187 do { 2188 skb = list; list = list->next; 2189 2190 skb->dev = (void *) hdev; 2191 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 2192 hci_add_acl_hdr(skb, conn->handle, flags); 2193 2194 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len); 2195 2196 __skb_queue_tail(queue, skb); 2197 } while (list); 2198 2199 spin_unlock(&queue->lock); 2200 } 2201 } 2202 2203 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags) 2204 { 2205 struct hci_conn *conn = chan->conn; 2206 struct hci_dev *hdev = conn->hdev; 2207 2208 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags); 2209 2210 skb->dev = (void *) hdev; 2211 2212 hci_queue_acl(conn, &chan->data_q, skb, flags); 2213 2214 queue_work(hdev->workqueue, &hdev->tx_work); 2215 } 2216 2217 /* Send SCO data */ 2218 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb) 2219 { 2220 struct hci_dev *hdev = conn->hdev; 2221 struct hci_sco_hdr hdr; 2222 2223 BT_DBG("%s len %d", hdev->name, skb->len); 2224 2225 hdr.handle = cpu_to_le16(conn->handle); 2226 hdr.dlen = skb->len; 2227 2228 skb_push(skb, HCI_SCO_HDR_SIZE); 2229 skb_reset_transport_header(skb); 2230 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE); 2231 2232 skb->dev = (void *) hdev; 2233 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT; 2234 2235 skb_queue_tail(&conn->data_q, skb); 2236 queue_work(hdev->workqueue, &hdev->tx_work); 2237 } 2238 2239 /* ---- HCI TX task (outgoing data) ---- */ 2240 2241 /* HCI Connection scheduler */ 2242 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, 2243 int *quote) 2244 { 2245 struct hci_conn_hash *h = &hdev->conn_hash; 2246 struct hci_conn *conn = NULL, *c; 2247 unsigned int num = 0, min = ~0; 2248 2249 /* We don't have to lock device here. Connections are always 2250 * added and removed with TX task disabled. */ 2251 2252 rcu_read_lock(); 2253 2254 list_for_each_entry_rcu(c, &h->list, list) { 2255 if (c->type != type || skb_queue_empty(&c->data_q)) 2256 continue; 2257 2258 if (c->state != BT_CONNECTED && c->state != BT_CONFIG) 2259 continue; 2260 2261 num++; 2262 2263 if (c->sent < min) { 2264 min = c->sent; 2265 conn = c; 2266 } 2267 2268 if (hci_conn_num(hdev, type) == num) 2269 break; 2270 } 2271 2272 rcu_read_unlock(); 2273 2274 if (conn) { 2275 int cnt, q; 2276 2277 switch (conn->type) { 2278 case ACL_LINK: 2279 cnt = hdev->acl_cnt; 2280 break; 2281 case SCO_LINK: 2282 case ESCO_LINK: 2283 cnt = hdev->sco_cnt; 2284 break; 2285 case LE_LINK: 2286 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt; 2287 break; 2288 default: 2289 cnt = 0; 2290 BT_ERR("Unknown link type"); 2291 } 2292 2293 q = cnt / num; 2294 *quote = q ? q : 1; 2295 } else 2296 *quote = 0; 2297 2298 BT_DBG("conn %p quote %d", conn, *quote); 2299 return conn; 2300 } 2301 2302 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type) 2303 { 2304 struct hci_conn_hash *h = &hdev->conn_hash; 2305 struct hci_conn *c; 2306 2307 BT_ERR("%s link tx timeout", hdev->name); 2308 2309 rcu_read_lock(); 2310 2311 /* Kill stalled connections */ 2312 list_for_each_entry_rcu(c, &h->list, list) { 2313 if (c->type == type && c->sent) { 2314 BT_ERR("%s killing stalled connection %s", 2315 hdev->name, batostr(&c->dst)); 2316 hci_acl_disconn(c, HCI_ERROR_REMOTE_USER_TERM); 2317 } 2318 } 2319 2320 rcu_read_unlock(); 2321 } 2322 2323 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type, 2324 int *quote) 2325 { 2326 struct hci_conn_hash *h = &hdev->conn_hash; 2327 struct hci_chan *chan = NULL; 2328 unsigned int num = 0, min = ~0, cur_prio = 0; 2329 struct hci_conn *conn; 2330 int cnt, q, conn_num = 0; 2331 2332 BT_DBG("%s", hdev->name); 2333 2334 rcu_read_lock(); 2335 2336 list_for_each_entry_rcu(conn, &h->list, list) { 2337 struct hci_chan *tmp; 2338 2339 if (conn->type != type) 2340 continue; 2341 2342 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG) 2343 continue; 2344 2345 conn_num++; 2346 2347 list_for_each_entry_rcu(tmp, &conn->chan_list, list) { 2348 struct sk_buff *skb; 2349 2350 if (skb_queue_empty(&tmp->data_q)) 2351 continue; 2352 2353 skb = skb_peek(&tmp->data_q); 2354 if (skb->priority < cur_prio) 2355 continue; 2356 2357 if (skb->priority > cur_prio) { 2358 num = 0; 2359 min = ~0; 2360 cur_prio = skb->priority; 2361 } 2362 2363 num++; 2364 2365 if (conn->sent < min) { 2366 min = conn->sent; 2367 chan = tmp; 2368 } 2369 } 2370 2371 if (hci_conn_num(hdev, type) == conn_num) 2372 break; 2373 } 2374 2375 rcu_read_unlock(); 2376 2377 if (!chan) 2378 return NULL; 2379 2380 switch (chan->conn->type) { 2381 case ACL_LINK: 2382 cnt = hdev->acl_cnt; 2383 break; 2384 case SCO_LINK: 2385 case ESCO_LINK: 2386 cnt = hdev->sco_cnt; 2387 break; 2388 case LE_LINK: 2389 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt; 2390 break; 2391 default: 2392 cnt = 0; 2393 BT_ERR("Unknown link type"); 2394 } 2395 2396 q = cnt / num; 2397 *quote = q ? q : 1; 2398 BT_DBG("chan %p quote %d", chan, *quote); 2399 return chan; 2400 } 2401 2402 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type) 2403 { 2404 struct hci_conn_hash *h = &hdev->conn_hash; 2405 struct hci_conn *conn; 2406 int num = 0; 2407 2408 BT_DBG("%s", hdev->name); 2409 2410 rcu_read_lock(); 2411 2412 list_for_each_entry_rcu(conn, &h->list, list) { 2413 struct hci_chan *chan; 2414 2415 if (conn->type != type) 2416 continue; 2417 2418 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG) 2419 continue; 2420 2421 num++; 2422 2423 list_for_each_entry_rcu(chan, &conn->chan_list, list) { 2424 struct sk_buff *skb; 2425 2426 if (chan->sent) { 2427 chan->sent = 0; 2428 continue; 2429 } 2430 2431 if (skb_queue_empty(&chan->data_q)) 2432 continue; 2433 2434 skb = skb_peek(&chan->data_q); 2435 if (skb->priority >= HCI_PRIO_MAX - 1) 2436 continue; 2437 2438 skb->priority = HCI_PRIO_MAX - 1; 2439 2440 BT_DBG("chan %p skb %p promoted to %d", chan, skb, 2441 skb->priority); 2442 } 2443 2444 if (hci_conn_num(hdev, type) == num) 2445 break; 2446 } 2447 2448 rcu_read_unlock(); 2449 2450 } 2451 2452 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb) 2453 { 2454 /* Calculate count of blocks used by this packet */ 2455 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len); 2456 } 2457 2458 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt) 2459 { 2460 if (!test_bit(HCI_RAW, &hdev->flags)) { 2461 /* ACL tx timeout must be longer than maximum 2462 * link supervision timeout (40.9 seconds) */ 2463 if (!cnt && time_after(jiffies, hdev->acl_last_tx + 2464 HCI_ACL_TX_TIMEOUT)) 2465 hci_link_tx_to(hdev, ACL_LINK); 2466 } 2467 } 2468 2469 static void hci_sched_acl_pkt(struct hci_dev *hdev) 2470 { 2471 unsigned int cnt = hdev->acl_cnt; 2472 struct hci_chan *chan; 2473 struct sk_buff *skb; 2474 int quote; 2475 2476 __check_timeout(hdev, cnt); 2477 2478 while (hdev->acl_cnt && 2479 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) { 2480 u32 priority = (skb_peek(&chan->data_q))->priority; 2481 while (quote-- && (skb = skb_peek(&chan->data_q))) { 2482 BT_DBG("chan %p skb %p len %d priority %u", chan, skb, 2483 skb->len, skb->priority); 2484 2485 /* Stop if priority has changed */ 2486 if (skb->priority < priority) 2487 break; 2488 2489 skb = skb_dequeue(&chan->data_q); 2490 2491 hci_conn_enter_active_mode(chan->conn, 2492 bt_cb(skb)->force_active); 2493 2494 hci_send_frame(skb); 2495 hdev->acl_last_tx = jiffies; 2496 2497 hdev->acl_cnt--; 2498 chan->sent++; 2499 chan->conn->sent++; 2500 } 2501 } 2502 2503 if (cnt != hdev->acl_cnt) 2504 hci_prio_recalculate(hdev, ACL_LINK); 2505 } 2506 2507 static void hci_sched_acl_blk(struct hci_dev *hdev) 2508 { 2509 unsigned int cnt = hdev->block_cnt; 2510 struct hci_chan *chan; 2511 struct sk_buff *skb; 2512 int quote; 2513 2514 __check_timeout(hdev, cnt); 2515 2516 while (hdev->block_cnt > 0 && 2517 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) { 2518 u32 priority = (skb_peek(&chan->data_q))->priority; 2519 while (quote > 0 && (skb = skb_peek(&chan->data_q))) { 2520 int blocks; 2521 2522 BT_DBG("chan %p skb %p len %d priority %u", chan, skb, 2523 skb->len, skb->priority); 2524 2525 /* Stop if priority has changed */ 2526 if (skb->priority < priority) 2527 break; 2528 2529 skb = skb_dequeue(&chan->data_q); 2530 2531 blocks = __get_blocks(hdev, skb); 2532 if (blocks > hdev->block_cnt) 2533 return; 2534 2535 hci_conn_enter_active_mode(chan->conn, 2536 bt_cb(skb)->force_active); 2537 2538 hci_send_frame(skb); 2539 hdev->acl_last_tx = jiffies; 2540 2541 hdev->block_cnt -= blocks; 2542 quote -= blocks; 2543 2544 chan->sent += blocks; 2545 chan->conn->sent += blocks; 2546 } 2547 } 2548 2549 if (cnt != hdev->block_cnt) 2550 hci_prio_recalculate(hdev, ACL_LINK); 2551 } 2552 2553 static void hci_sched_acl(struct hci_dev *hdev) 2554 { 2555 BT_DBG("%s", hdev->name); 2556 2557 if (!hci_conn_num(hdev, ACL_LINK)) 2558 return; 2559 2560 switch (hdev->flow_ctl_mode) { 2561 case HCI_FLOW_CTL_MODE_PACKET_BASED: 2562 hci_sched_acl_pkt(hdev); 2563 break; 2564 2565 case HCI_FLOW_CTL_MODE_BLOCK_BASED: 2566 hci_sched_acl_blk(hdev); 2567 break; 2568 } 2569 } 2570 2571 /* Schedule SCO */ 2572 static void hci_sched_sco(struct hci_dev *hdev) 2573 { 2574 struct hci_conn *conn; 2575 struct sk_buff *skb; 2576 int quote; 2577 2578 BT_DBG("%s", hdev->name); 2579 2580 if (!hci_conn_num(hdev, SCO_LINK)) 2581 return; 2582 2583 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) { 2584 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 2585 BT_DBG("skb %p len %d", skb, skb->len); 2586 hci_send_frame(skb); 2587 2588 conn->sent++; 2589 if (conn->sent == ~0) 2590 conn->sent = 0; 2591 } 2592 } 2593 } 2594 2595 static void hci_sched_esco(struct hci_dev *hdev) 2596 { 2597 struct hci_conn *conn; 2598 struct sk_buff *skb; 2599 int quote; 2600 2601 BT_DBG("%s", hdev->name); 2602 2603 if (!hci_conn_num(hdev, ESCO_LINK)) 2604 return; 2605 2606 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, 2607 "e))) { 2608 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 2609 BT_DBG("skb %p len %d", skb, skb->len); 2610 hci_send_frame(skb); 2611 2612 conn->sent++; 2613 if (conn->sent == ~0) 2614 conn->sent = 0; 2615 } 2616 } 2617 } 2618 2619 static void hci_sched_le(struct hci_dev *hdev) 2620 { 2621 struct hci_chan *chan; 2622 struct sk_buff *skb; 2623 int quote, cnt, tmp; 2624 2625 BT_DBG("%s", hdev->name); 2626 2627 if (!hci_conn_num(hdev, LE_LINK)) 2628 return; 2629 2630 if (!test_bit(HCI_RAW, &hdev->flags)) { 2631 /* LE tx timeout must be longer than maximum 2632 * link supervision timeout (40.9 seconds) */ 2633 if (!hdev->le_cnt && hdev->le_pkts && 2634 time_after(jiffies, hdev->le_last_tx + HZ * 45)) 2635 hci_link_tx_to(hdev, LE_LINK); 2636 } 2637 2638 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt; 2639 tmp = cnt; 2640 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) { 2641 u32 priority = (skb_peek(&chan->data_q))->priority; 2642 while (quote-- && (skb = skb_peek(&chan->data_q))) { 2643 BT_DBG("chan %p skb %p len %d priority %u", chan, skb, 2644 skb->len, skb->priority); 2645 2646 /* Stop if priority has changed */ 2647 if (skb->priority < priority) 2648 break; 2649 2650 skb = skb_dequeue(&chan->data_q); 2651 2652 hci_send_frame(skb); 2653 hdev->le_last_tx = jiffies; 2654 2655 cnt--; 2656 chan->sent++; 2657 chan->conn->sent++; 2658 } 2659 } 2660 2661 if (hdev->le_pkts) 2662 hdev->le_cnt = cnt; 2663 else 2664 hdev->acl_cnt = cnt; 2665 2666 if (cnt != tmp) 2667 hci_prio_recalculate(hdev, LE_LINK); 2668 } 2669 2670 static void hci_tx_work(struct work_struct *work) 2671 { 2672 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work); 2673 struct sk_buff *skb; 2674 2675 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt, 2676 hdev->sco_cnt, hdev->le_cnt); 2677 2678 /* Schedule queues and send stuff to HCI driver */ 2679 2680 hci_sched_acl(hdev); 2681 2682 hci_sched_sco(hdev); 2683 2684 hci_sched_esco(hdev); 2685 2686 hci_sched_le(hdev); 2687 2688 /* Send next queued raw (unknown type) packet */ 2689 while ((skb = skb_dequeue(&hdev->raw_q))) 2690 hci_send_frame(skb); 2691 } 2692 2693 /* ----- HCI RX task (incoming data processing) ----- */ 2694 2695 /* ACL data packet */ 2696 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb) 2697 { 2698 struct hci_acl_hdr *hdr = (void *) skb->data; 2699 struct hci_conn *conn; 2700 __u16 handle, flags; 2701 2702 skb_pull(skb, HCI_ACL_HDR_SIZE); 2703 2704 handle = __le16_to_cpu(hdr->handle); 2705 flags = hci_flags(handle); 2706 handle = hci_handle(handle); 2707 2708 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len, 2709 handle, flags); 2710 2711 hdev->stat.acl_rx++; 2712 2713 hci_dev_lock(hdev); 2714 conn = hci_conn_hash_lookup_handle(hdev, handle); 2715 hci_dev_unlock(hdev); 2716 2717 if (conn) { 2718 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF); 2719 2720 hci_dev_lock(hdev); 2721 if (test_bit(HCI_MGMT, &hdev->dev_flags) && 2722 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) 2723 mgmt_device_connected(hdev, &conn->dst, conn->type, 2724 conn->dst_type, 0, NULL, 0, 2725 conn->dev_class); 2726 hci_dev_unlock(hdev); 2727 2728 /* Send to upper protocol */ 2729 l2cap_recv_acldata(conn, skb, flags); 2730 return; 2731 } else { 2732 BT_ERR("%s ACL packet for unknown connection handle %d", 2733 hdev->name, handle); 2734 } 2735 2736 kfree_skb(skb); 2737 } 2738 2739 /* SCO data packet */ 2740 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb) 2741 { 2742 struct hci_sco_hdr *hdr = (void *) skb->data; 2743 struct hci_conn *conn; 2744 __u16 handle; 2745 2746 skb_pull(skb, HCI_SCO_HDR_SIZE); 2747 2748 handle = __le16_to_cpu(hdr->handle); 2749 2750 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle); 2751 2752 hdev->stat.sco_rx++; 2753 2754 hci_dev_lock(hdev); 2755 conn = hci_conn_hash_lookup_handle(hdev, handle); 2756 hci_dev_unlock(hdev); 2757 2758 if (conn) { 2759 /* Send to upper protocol */ 2760 sco_recv_scodata(conn, skb); 2761 return; 2762 } else { 2763 BT_ERR("%s SCO packet for unknown connection handle %d", 2764 hdev->name, handle); 2765 } 2766 2767 kfree_skb(skb); 2768 } 2769 2770 static void hci_rx_work(struct work_struct *work) 2771 { 2772 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work); 2773 struct sk_buff *skb; 2774 2775 BT_DBG("%s", hdev->name); 2776 2777 while ((skb = skb_dequeue(&hdev->rx_q))) { 2778 /* Send copy to monitor */ 2779 hci_send_to_monitor(hdev, skb); 2780 2781 if (atomic_read(&hdev->promisc)) { 2782 /* Send copy to the sockets */ 2783 hci_send_to_sock(hdev, skb); 2784 } 2785 2786 if (test_bit(HCI_RAW, &hdev->flags)) { 2787 kfree_skb(skb); 2788 continue; 2789 } 2790 2791 if (test_bit(HCI_INIT, &hdev->flags)) { 2792 /* Don't process data packets in this states. */ 2793 switch (bt_cb(skb)->pkt_type) { 2794 case HCI_ACLDATA_PKT: 2795 case HCI_SCODATA_PKT: 2796 kfree_skb(skb); 2797 continue; 2798 } 2799 } 2800 2801 /* Process frame */ 2802 switch (bt_cb(skb)->pkt_type) { 2803 case HCI_EVENT_PKT: 2804 BT_DBG("%s Event packet", hdev->name); 2805 hci_event_packet(hdev, skb); 2806 break; 2807 2808 case HCI_ACLDATA_PKT: 2809 BT_DBG("%s ACL data packet", hdev->name); 2810 hci_acldata_packet(hdev, skb); 2811 break; 2812 2813 case HCI_SCODATA_PKT: 2814 BT_DBG("%s SCO data packet", hdev->name); 2815 hci_scodata_packet(hdev, skb); 2816 break; 2817 2818 default: 2819 kfree_skb(skb); 2820 break; 2821 } 2822 } 2823 } 2824 2825 static void hci_cmd_work(struct work_struct *work) 2826 { 2827 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work); 2828 struct sk_buff *skb; 2829 2830 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name, 2831 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q)); 2832 2833 /* Send queued commands */ 2834 if (atomic_read(&hdev->cmd_cnt)) { 2835 skb = skb_dequeue(&hdev->cmd_q); 2836 if (!skb) 2837 return; 2838 2839 kfree_skb(hdev->sent_cmd); 2840 2841 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC); 2842 if (hdev->sent_cmd) { 2843 atomic_dec(&hdev->cmd_cnt); 2844 hci_send_frame(skb); 2845 if (test_bit(HCI_RESET, &hdev->flags)) 2846 del_timer(&hdev->cmd_timer); 2847 else 2848 mod_timer(&hdev->cmd_timer, 2849 jiffies + HCI_CMD_TIMEOUT); 2850 } else { 2851 skb_queue_head(&hdev->cmd_q, skb); 2852 queue_work(hdev->workqueue, &hdev->cmd_work); 2853 } 2854 } 2855 } 2856 2857 int hci_do_inquiry(struct hci_dev *hdev, u8 length) 2858 { 2859 /* General inquiry access code (GIAC) */ 2860 u8 lap[3] = { 0x33, 0x8b, 0x9e }; 2861 struct hci_cp_inquiry cp; 2862 2863 BT_DBG("%s", hdev->name); 2864 2865 if (test_bit(HCI_INQUIRY, &hdev->flags)) 2866 return -EINPROGRESS; 2867 2868 inquiry_cache_flush(hdev); 2869 2870 memset(&cp, 0, sizeof(cp)); 2871 memcpy(&cp.lap, lap, sizeof(cp.lap)); 2872 cp.length = length; 2873 2874 return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp); 2875 } 2876 2877 int hci_cancel_inquiry(struct hci_dev *hdev) 2878 { 2879 BT_DBG("%s", hdev->name); 2880 2881 if (!test_bit(HCI_INQUIRY, &hdev->flags)) 2882 return -EALREADY; 2883 2884 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL); 2885 } 2886 2887 u8 bdaddr_to_le(u8 bdaddr_type) 2888 { 2889 switch (bdaddr_type) { 2890 case BDADDR_LE_PUBLIC: 2891 return ADDR_LE_DEV_PUBLIC; 2892 2893 default: 2894 /* Fallback to LE Random address type */ 2895 return ADDR_LE_DEV_RANDOM; 2896 } 2897 } 2898