2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI core. */
27 #include <linux/jiffies.h>
28 #include <linux/module.h>
29 #include <linux/kmod.h>
31 #include <linux/types.h>
32 #include <linux/errno.h>
33 #include <linux/kernel.h>
34 #include <linux/sched.h>
35 #include <linux/slab.h>
36 #include <linux/poll.h>
37 #include <linux/fcntl.h>
38 #include <linux/init.h>
39 #include <linux/skbuff.h>
40 #include <linux/workqueue.h>
41 #include <linux/interrupt.h>
42 #include <linux/notifier.h>
43 #include <linux/rfkill.h>
46 #include <asm/system.h>
47 #include <linux/uaccess.h>
48 #include <asm/unaligned.h>
50 #include <net/bluetooth/bluetooth.h>
51 #include <net/bluetooth/hci_core.h>
53 static void hci_cmd_task(unsigned long arg);
54 static void hci_rx_task(unsigned long arg);
55 static void hci_tx_task(unsigned long arg);
56 static void hci_notify(struct hci_dev *hdev, int event);
58 static DEFINE_RWLOCK(hci_task_lock);
61 LIST_HEAD(hci_dev_list);
62 DEFINE_RWLOCK(hci_dev_list_lock);
64 /* HCI callback list */
65 LIST_HEAD(hci_cb_list);
66 DEFINE_RWLOCK(hci_cb_list_lock);
69 #define HCI_MAX_PROTO 2
70 struct hci_proto *hci_proto[HCI_MAX_PROTO];
72 /* HCI notifiers list */
73 static ATOMIC_NOTIFIER_HEAD(hci_notifier);
75 /* ---- HCI notifications ---- */
77 int hci_register_notifier(struct notifier_block *nb)
79 return atomic_notifier_chain_register(&hci_notifier, nb);
82 int hci_unregister_notifier(struct notifier_block *nb)
84 return atomic_notifier_chain_unregister(&hci_notifier, nb);
87 static void hci_notify(struct hci_dev *hdev, int event)
89 atomic_notifier_call_chain(&hci_notifier, event, hdev);
92 /* ---- HCI requests ---- */
94 void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
96 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result);
98 /* If the request has set req_last_cmd (typical for multi-HCI
99 * command requests) check if the completed command matches
100 * this, and if not just return. Single HCI command requests
101 * typically leave req_last_cmd as 0 */
102 if (hdev->req_last_cmd && cmd != hdev->req_last_cmd)
105 if (hdev->req_status == HCI_REQ_PEND) {
106 hdev->req_result = result;
107 hdev->req_status = HCI_REQ_DONE;
108 wake_up_interruptible(&hdev->req_wait_q);
112 static void hci_req_cancel(struct hci_dev *hdev, int err)
114 BT_DBG("%s err 0x%2.2x", hdev->name, err);
116 if (hdev->req_status == HCI_REQ_PEND) {
117 hdev->req_result = err;
118 hdev->req_status = HCI_REQ_CANCELED;
119 wake_up_interruptible(&hdev->req_wait_q);
123 /* Execute request and wait for completion. */
124 static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
125 unsigned long opt, __u32 timeout)
127 DECLARE_WAITQUEUE(wait, current);
130 BT_DBG("%s start", hdev->name);
132 hdev->req_status = HCI_REQ_PEND;
134 add_wait_queue(&hdev->req_wait_q, &wait);
135 set_current_state(TASK_INTERRUPTIBLE);
138 schedule_timeout(timeout);
140 remove_wait_queue(&hdev->req_wait_q, &wait);
142 if (signal_pending(current))
145 switch (hdev->req_status) {
147 err = -bt_err(hdev->req_result);
150 case HCI_REQ_CANCELED:
151 err = -hdev->req_result;
159 hdev->req_last_cmd = hdev->req_status = hdev->req_result = 0;
161 BT_DBG("%s end: err %d", hdev->name, err);
166 static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
167 unsigned long opt, __u32 timeout)
171 if (!test_bit(HCI_UP, &hdev->flags))
174 /* Serialize all requests */
176 ret = __hci_request(hdev, req, opt, timeout);
177 hci_req_unlock(hdev);
182 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
184 BT_DBG("%s %ld", hdev->name, opt);
187 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
190 static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
196 BT_DBG("%s %ld", hdev->name, opt);
198 /* Driver initialization */
200 /* Special commands */
201 while ((skb = skb_dequeue(&hdev->driver_init))) {
202 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
203 skb->dev = (void *) hdev;
205 skb_queue_tail(&hdev->cmd_q, skb);
206 tasklet_schedule(&hdev->cmd_task);
208 skb_queue_purge(&hdev->driver_init);
210 /* Mandatory initialization */
213 if (!test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks))
214 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
216 /* Read Local Supported Features */
217 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
219 /* Read Local Version */
220 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
222 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
223 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
226 /* Host buffer size */
228 struct hci_cp_host_buffer_size cp;
229 cp.acl_mtu = cpu_to_le16(HCI_MAX_ACL_SIZE);
230 cp.sco_mtu = HCI_MAX_SCO_SIZE;
231 cp.acl_max_pkt = cpu_to_le16(0xffff);
232 cp.sco_max_pkt = cpu_to_le16(0xffff);
233 hci_send_cmd(hdev, HCI_OP_HOST_BUFFER_SIZE, sizeof(cp), &cp);
237 /* Read BD Address */
238 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
240 /* Read Class of Device */
241 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
243 /* Read Local Name */
244 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
246 /* Read Voice Setting */
247 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
249 /* Optional initialization */
251 /* Clear Event Filters */
252 flt_type = HCI_FLT_CLEAR_ALL;
253 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
255 /* Page timeout ~20 secs */
256 param = cpu_to_le16(0x8000);
257 hci_send_cmd(hdev, HCI_OP_WRITE_PG_TIMEOUT, 2, ¶m);
259 /* Connection accept timeout ~20 secs */
260 param = cpu_to_le16(0x7d00);
261 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
263 hdev->req_last_cmd = HCI_OP_WRITE_CA_TIMEOUT;
266 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
270 BT_DBG("%s %x", hdev->name, scan);
272 /* Inquiry and Page scans */
273 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
276 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
280 BT_DBG("%s %x", hdev->name, auth);
283 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
286 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
290 BT_DBG("%s %x", hdev->name, encrypt);
293 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
296 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
298 __le16 policy = cpu_to_le16(opt);
300 BT_DBG("%s %x", hdev->name, policy);
302 /* Default link policy */
303 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
306 /* Get HCI device by index.
307 * Device is held on return. */
308 struct hci_dev *hci_dev_get(int index)
310 struct hci_dev *hdev = NULL;
318 read_lock(&hci_dev_list_lock);
319 list_for_each(p, &hci_dev_list) {
320 struct hci_dev *d = list_entry(p, struct hci_dev, list);
321 if (d->id == index) {
322 hdev = hci_dev_hold(d);
326 read_unlock(&hci_dev_list_lock);
330 /* ---- Inquiry support ---- */
331 static void inquiry_cache_flush(struct hci_dev *hdev)
333 struct inquiry_cache *cache = &hdev->inq_cache;
334 struct inquiry_entry *next = cache->list, *e;
336 BT_DBG("cache %p", cache);
345 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
347 struct inquiry_cache *cache = &hdev->inq_cache;
348 struct inquiry_entry *e;
350 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
352 for (e = cache->list; e; e = e->next)
353 if (!bacmp(&e->data.bdaddr, bdaddr))
358 void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data)
360 struct inquiry_cache *cache = &hdev->inq_cache;
361 struct inquiry_entry *ie;
363 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
365 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
367 /* Entry not in the cache. Add new one. */
368 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
372 ie->next = cache->list;
376 memcpy(&ie->data, data, sizeof(*data));
377 ie->timestamp = jiffies;
378 cache->timestamp = jiffies;
381 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
383 struct inquiry_cache *cache = &hdev->inq_cache;
384 struct inquiry_info *info = (struct inquiry_info *) buf;
385 struct inquiry_entry *e;
388 for (e = cache->list; e && copied < num; e = e->next, copied++) {
389 struct inquiry_data *data = &e->data;
390 bacpy(&info->bdaddr, &data->bdaddr);
391 info->pscan_rep_mode = data->pscan_rep_mode;
392 info->pscan_period_mode = data->pscan_period_mode;
393 info->pscan_mode = data->pscan_mode;
394 memcpy(info->dev_class, data->dev_class, 3);
395 info->clock_offset = data->clock_offset;
399 BT_DBG("cache %p, copied %d", cache, copied);
403 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
405 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
406 struct hci_cp_inquiry cp;
408 BT_DBG("%s", hdev->name);
410 if (test_bit(HCI_INQUIRY, &hdev->flags))
414 memcpy(&cp.lap, &ir->lap, 3);
415 cp.length = ir->length;
416 cp.num_rsp = ir->num_rsp;
417 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
420 int hci_inquiry(void __user *arg)
422 __u8 __user *ptr = arg;
423 struct hci_inquiry_req ir;
424 struct hci_dev *hdev;
425 int err = 0, do_inquiry = 0, max_rsp;
429 if (copy_from_user(&ir, ptr, sizeof(ir)))
432 if (!(hdev = hci_dev_get(ir.dev_id)))
435 hci_dev_lock_bh(hdev);
436 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
437 inquiry_cache_empty(hdev) ||
438 ir.flags & IREQ_CACHE_FLUSH) {
439 inquiry_cache_flush(hdev);
442 hci_dev_unlock_bh(hdev);
444 timeo = ir.length * msecs_to_jiffies(2000);
447 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
452 /* for unlimited number of responses we will use buffer with 255 entries */
453 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
455 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
456 * copy it to the user space.
458 buf = kmalloc(sizeof(struct inquiry_info) *max_rsp, GFP_KERNEL);
464 hci_dev_lock_bh(hdev);
465 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
466 hci_dev_unlock_bh(hdev);
468 BT_DBG("num_rsp %d", ir.num_rsp);
470 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
472 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
485 /* ---- HCI ioctl helpers ---- */
487 int hci_dev_open(__u16 dev)
489 struct hci_dev *hdev;
492 if (!(hdev = hci_dev_get(dev)))
495 BT_DBG("%s %p", hdev->name, hdev);
499 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
504 if (test_bit(HCI_UP, &hdev->flags)) {
509 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
510 set_bit(HCI_RAW, &hdev->flags);
512 /* Treat all non BR/EDR controllers as raw devices for now */
513 if (hdev->dev_type != HCI_BREDR)
514 set_bit(HCI_RAW, &hdev->flags);
516 if (hdev->open(hdev)) {
521 if (!test_bit(HCI_RAW, &hdev->flags)) {
522 atomic_set(&hdev->cmd_cnt, 1);
523 set_bit(HCI_INIT, &hdev->flags);
525 //__hci_request(hdev, hci_reset_req, 0, HZ);
526 ret = __hci_request(hdev, hci_init_req, 0,
527 msecs_to_jiffies(HCI_INIT_TIMEOUT));
529 clear_bit(HCI_INIT, &hdev->flags);
534 set_bit(HCI_UP, &hdev->flags);
535 hci_notify(hdev, HCI_DEV_UP);
537 /* Init failed, cleanup */
538 tasklet_kill(&hdev->rx_task);
539 tasklet_kill(&hdev->tx_task);
540 tasklet_kill(&hdev->cmd_task);
542 skb_queue_purge(&hdev->cmd_q);
543 skb_queue_purge(&hdev->rx_q);
548 if (hdev->sent_cmd) {
549 kfree_skb(hdev->sent_cmd);
550 hdev->sent_cmd = NULL;
558 hci_req_unlock(hdev);
563 static int hci_dev_do_close(struct hci_dev *hdev)
565 BT_DBG("%s %p", hdev->name, hdev);
567 hci_req_cancel(hdev, ENODEV);
570 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
571 hci_req_unlock(hdev);
575 /* Kill RX and TX tasks */
576 tasklet_kill(&hdev->rx_task);
577 tasklet_kill(&hdev->tx_task);
579 hci_dev_lock_bh(hdev);
580 inquiry_cache_flush(hdev);
581 hci_conn_hash_flush(hdev);
582 hci_dev_unlock_bh(hdev);
584 hci_notify(hdev, HCI_DEV_DOWN);
590 skb_queue_purge(&hdev->cmd_q);
591 atomic_set(&hdev->cmd_cnt, 1);
592 if (!test_bit(HCI_RAW, &hdev->flags)) {
593 set_bit(HCI_INIT, &hdev->flags);
594 __hci_request(hdev, hci_reset_req, 0,
595 msecs_to_jiffies(250));
596 clear_bit(HCI_INIT, &hdev->flags);
600 tasklet_kill(&hdev->cmd_task);
603 skb_queue_purge(&hdev->rx_q);
604 skb_queue_purge(&hdev->cmd_q);
605 skb_queue_purge(&hdev->raw_q);
607 /* Drop last sent command */
608 if (hdev->sent_cmd) {
609 kfree_skb(hdev->sent_cmd);
610 hdev->sent_cmd = NULL;
613 /* After this point our queues are empty
614 * and no tasks are scheduled. */
620 hci_req_unlock(hdev);
626 int hci_dev_close(__u16 dev)
628 struct hci_dev *hdev;
631 hdev = hci_dev_get(dev);
634 err = hci_dev_do_close(hdev);
639 int hci_dev_reset(__u16 dev)
641 struct hci_dev *hdev;
644 hdev = hci_dev_get(dev);
649 tasklet_disable(&hdev->tx_task);
651 if (!test_bit(HCI_UP, &hdev->flags))
655 skb_queue_purge(&hdev->rx_q);
656 skb_queue_purge(&hdev->cmd_q);
658 hci_dev_lock_bh(hdev);
659 inquiry_cache_flush(hdev);
660 hci_conn_hash_flush(hdev);
661 hci_dev_unlock_bh(hdev);
666 atomic_set(&hdev->cmd_cnt, 1);
667 hdev->acl_cnt = 0; hdev->sco_cnt = 0;
669 if (!test_bit(HCI_RAW, &hdev->flags))
670 ret = __hci_request(hdev, hci_reset_req, 0,
671 msecs_to_jiffies(HCI_INIT_TIMEOUT));
674 tasklet_enable(&hdev->tx_task);
675 hci_req_unlock(hdev);
680 int hci_dev_reset_stat(__u16 dev)
682 struct hci_dev *hdev;
685 hdev = hci_dev_get(dev);
689 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
696 int hci_dev_cmd(unsigned int cmd, void __user *arg)
698 struct hci_dev *hdev;
699 struct hci_dev_req dr;
702 if (copy_from_user(&dr, arg, sizeof(dr)))
705 hdev = hci_dev_get(dr.dev_id);
711 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
712 msecs_to_jiffies(HCI_INIT_TIMEOUT));
716 if (!lmp_encrypt_capable(hdev)) {
721 if (!test_bit(HCI_AUTH, &hdev->flags)) {
722 /* Auth must be enabled first */
723 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
724 msecs_to_jiffies(HCI_INIT_TIMEOUT));
729 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
730 msecs_to_jiffies(HCI_INIT_TIMEOUT));
734 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
735 msecs_to_jiffies(HCI_INIT_TIMEOUT));
739 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
740 msecs_to_jiffies(HCI_INIT_TIMEOUT));
744 hdev->link_mode = ((__u16) dr.dev_opt) &
745 (HCI_LM_MASTER | HCI_LM_ACCEPT);
749 hdev->pkt_type = (__u16) dr.dev_opt;
753 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
754 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
758 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
759 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
771 int hci_get_dev_list(void __user *arg)
773 struct hci_dev_list_req *dl;
774 struct hci_dev_req *dr;
776 int n = 0, size, err;
779 if (get_user(dev_num, (__u16 __user *) arg))
782 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
785 size = sizeof(*dl) + dev_num * sizeof(*dr);
787 dl = kzalloc(size, GFP_KERNEL);
793 read_lock_bh(&hci_dev_list_lock);
794 list_for_each(p, &hci_dev_list) {
795 struct hci_dev *hdev;
796 hdev = list_entry(p, struct hci_dev, list);
797 (dr + n)->dev_id = hdev->id;
798 (dr + n)->dev_opt = hdev->flags;
802 read_unlock_bh(&hci_dev_list_lock);
805 size = sizeof(*dl) + n * sizeof(*dr);
807 err = copy_to_user(arg, dl, size);
810 return err ? -EFAULT : 0;
813 int hci_get_dev_info(void __user *arg)
815 struct hci_dev *hdev;
816 struct hci_dev_info di;
819 if (copy_from_user(&di, arg, sizeof(di)))
822 hdev = hci_dev_get(di.dev_id);
826 strcpy(di.name, hdev->name);
827 di.bdaddr = hdev->bdaddr;
828 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
829 di.flags = hdev->flags;
830 di.pkt_type = hdev->pkt_type;
831 di.acl_mtu = hdev->acl_mtu;
832 di.acl_pkts = hdev->acl_pkts;
833 di.sco_mtu = hdev->sco_mtu;
834 di.sco_pkts = hdev->sco_pkts;
835 di.link_policy = hdev->link_policy;
836 di.link_mode = hdev->link_mode;
838 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
839 memcpy(&di.features, &hdev->features, sizeof(di.features));
841 if (copy_to_user(arg, &di, sizeof(di)))
849 /* ---- Interface to HCI drivers ---- */
851 static int hci_rfkill_set_block(void *data, bool blocked)
853 struct hci_dev *hdev = data;
855 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
860 hci_dev_do_close(hdev);
865 static const struct rfkill_ops hci_rfkill_ops = {
866 .set_block = hci_rfkill_set_block,
869 /* Alloc HCI device */
870 struct hci_dev *hci_alloc_dev(void)
872 struct hci_dev *hdev;
874 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
878 skb_queue_head_init(&hdev->driver_init);
882 EXPORT_SYMBOL(hci_alloc_dev);
884 /* Free HCI device */
885 void hci_free_dev(struct hci_dev *hdev)
887 skb_queue_purge(&hdev->driver_init);
889 /* will free via device release */
890 put_device(&hdev->dev);
892 EXPORT_SYMBOL(hci_free_dev);
894 /* Register HCI device */
895 int hci_register_dev(struct hci_dev *hdev)
897 struct list_head *head = &hci_dev_list, *p;
900 BT_DBG("%p name %s bus %d owner %p", hdev, hdev->name,
901 hdev->bus, hdev->owner);
903 if (!hdev->open || !hdev->close || !hdev->destruct)
906 write_lock_bh(&hci_dev_list_lock);
908 /* Find first available device id */
909 list_for_each(p, &hci_dev_list) {
910 if (list_entry(p, struct hci_dev, list)->id != id)
915 sprintf(hdev->name, "hci%d", id);
917 list_add(&hdev->list, head);
919 atomic_set(&hdev->refcnt, 1);
920 spin_lock_init(&hdev->lock);
923 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
924 hdev->esco_type = (ESCO_HV1);
925 hdev->link_mode = (HCI_LM_ACCEPT);
927 hdev->idle_timeout = 0;
928 hdev->sniff_max_interval = 800;
929 hdev->sniff_min_interval = 80;
931 tasklet_init(&hdev->cmd_task, hci_cmd_task, (unsigned long) hdev);
932 tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev);
933 tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev);
935 skb_queue_head_init(&hdev->rx_q);
936 skb_queue_head_init(&hdev->cmd_q);
937 skb_queue_head_init(&hdev->raw_q);
939 for (i = 0; i < NUM_REASSEMBLY; i++)
940 hdev->reassembly[i] = NULL;
942 init_waitqueue_head(&hdev->req_wait_q);
943 mutex_init(&hdev->req_lock);
945 inquiry_cache_init(hdev);
947 hci_conn_hash_init(hdev);
949 INIT_LIST_HEAD(&hdev->blacklist);
951 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
953 atomic_set(&hdev->promisc, 0);
955 write_unlock_bh(&hci_dev_list_lock);
957 hdev->workqueue = create_singlethread_workqueue(hdev->name);
958 if (!hdev->workqueue)
961 hci_register_sysfs(hdev);
963 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
964 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, hdev);
966 if (rfkill_register(hdev->rfkill) < 0) {
967 rfkill_destroy(hdev->rfkill);
972 mgmt_index_added(hdev->id);
973 hci_notify(hdev, HCI_DEV_REG);
978 write_lock_bh(&hci_dev_list_lock);
979 list_del(&hdev->list);
980 write_unlock_bh(&hci_dev_list_lock);
984 EXPORT_SYMBOL(hci_register_dev);
986 /* Unregister HCI device */
987 int hci_unregister_dev(struct hci_dev *hdev)
991 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
993 write_lock_bh(&hci_dev_list_lock);
994 list_del(&hdev->list);
995 write_unlock_bh(&hci_dev_list_lock);
997 hci_dev_do_close(hdev);
999 for (i = 0; i < NUM_REASSEMBLY; i++)
1000 kfree_skb(hdev->reassembly[i]);
1002 mgmt_index_removed(hdev->id);
1003 hci_notify(hdev, HCI_DEV_UNREG);
1006 rfkill_unregister(hdev->rfkill);
1007 rfkill_destroy(hdev->rfkill);
1010 hci_unregister_sysfs(hdev);
1012 destroy_workqueue(hdev->workqueue);
1014 __hci_dev_put(hdev);
1018 EXPORT_SYMBOL(hci_unregister_dev);
1020 /* Suspend HCI device */
1021 int hci_suspend_dev(struct hci_dev *hdev)
1023 hci_notify(hdev, HCI_DEV_SUSPEND);
1026 EXPORT_SYMBOL(hci_suspend_dev);
1028 /* Resume HCI device */
1029 int hci_resume_dev(struct hci_dev *hdev)
1031 hci_notify(hdev, HCI_DEV_RESUME);
1034 EXPORT_SYMBOL(hci_resume_dev);
1036 /* Receive frame from HCI drivers */
1037 int hci_recv_frame(struct sk_buff *skb)
1039 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1040 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1041 && !test_bit(HCI_INIT, &hdev->flags))) {
1047 bt_cb(skb)->incoming = 1;
1050 __net_timestamp(skb);
1052 /* Queue frame for rx task */
1053 skb_queue_tail(&hdev->rx_q, skb);
1054 tasklet_schedule(&hdev->rx_task);
1058 EXPORT_SYMBOL(hci_recv_frame);
1060 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1061 int count, __u8 index, gfp_t gfp_mask)
1066 struct sk_buff *skb;
1067 struct bt_skb_cb *scb;
1069 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1070 index >= NUM_REASSEMBLY)
1073 skb = hdev->reassembly[index];
1077 case HCI_ACLDATA_PKT:
1078 len = HCI_MAX_FRAME_SIZE;
1079 hlen = HCI_ACL_HDR_SIZE;
1082 len = HCI_MAX_EVENT_SIZE;
1083 hlen = HCI_EVENT_HDR_SIZE;
1085 case HCI_SCODATA_PKT:
1086 len = HCI_MAX_SCO_SIZE;
1087 hlen = HCI_SCO_HDR_SIZE;
1091 skb = bt_skb_alloc(len, gfp_mask);
1095 scb = (void *) skb->cb;
1097 scb->pkt_type = type;
1099 skb->dev = (void *) hdev;
1100 hdev->reassembly[index] = skb;
1104 scb = (void *) skb->cb;
1105 len = min(scb->expect, (__u16)count);
1107 memcpy(skb_put(skb, len), data, len);
1116 if (skb->len == HCI_EVENT_HDR_SIZE) {
1117 struct hci_event_hdr *h = hci_event_hdr(skb);
1118 scb->expect = h->plen;
1120 if (skb_tailroom(skb) < scb->expect) {
1122 hdev->reassembly[index] = NULL;
1128 case HCI_ACLDATA_PKT:
1129 if (skb->len == HCI_ACL_HDR_SIZE) {
1130 struct hci_acl_hdr *h = hci_acl_hdr(skb);
1131 scb->expect = __le16_to_cpu(h->dlen);
1133 if (skb_tailroom(skb) < scb->expect) {
1135 hdev->reassembly[index] = NULL;
1141 case HCI_SCODATA_PKT:
1142 if (skb->len == HCI_SCO_HDR_SIZE) {
1143 struct hci_sco_hdr *h = hci_sco_hdr(skb);
1144 scb->expect = h->dlen;
1146 if (skb_tailroom(skb) < scb->expect) {
1148 hdev->reassembly[index] = NULL;
1155 if (scb->expect == 0) {
1156 /* Complete frame */
1158 bt_cb(skb)->pkt_type = type;
1159 hci_recv_frame(skb);
1161 hdev->reassembly[index] = NULL;
1169 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1173 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
1177 rem = hci_reassembly(hdev, type, data, count,
1178 type - 1, GFP_ATOMIC);
1182 data += (count - rem);
1188 EXPORT_SYMBOL(hci_recv_fragment);
1190 #define STREAM_REASSEMBLY 0
1192 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
1198 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
1201 struct { char type; } *pkt;
1203 /* Start of the frame */
1210 type = bt_cb(skb)->pkt_type;
1212 rem = hci_reassembly(hdev, type, data,
1213 count, STREAM_REASSEMBLY, GFP_ATOMIC);
1217 data += (count - rem);
1223 EXPORT_SYMBOL(hci_recv_stream_fragment);
1225 /* ---- Interface to upper protocols ---- */
1227 /* Register/Unregister protocols.
1228 * hci_task_lock is used to ensure that no tasks are running. */
1229 int hci_register_proto(struct hci_proto *hp)
1233 BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
1235 if (hp->id >= HCI_MAX_PROTO)
1238 write_lock_bh(&hci_task_lock);
1240 if (!hci_proto[hp->id])
1241 hci_proto[hp->id] = hp;
1245 write_unlock_bh(&hci_task_lock);
1249 EXPORT_SYMBOL(hci_register_proto);
1251 int hci_unregister_proto(struct hci_proto *hp)
1255 BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
1257 if (hp->id >= HCI_MAX_PROTO)
1260 write_lock_bh(&hci_task_lock);
1262 if (hci_proto[hp->id])
1263 hci_proto[hp->id] = NULL;
1267 write_unlock_bh(&hci_task_lock);
1271 EXPORT_SYMBOL(hci_unregister_proto);
1273 int hci_register_cb(struct hci_cb *cb)
1275 BT_DBG("%p name %s", cb, cb->name);
1277 write_lock_bh(&hci_cb_list_lock);
1278 list_add(&cb->list, &hci_cb_list);
1279 write_unlock_bh(&hci_cb_list_lock);
1283 EXPORT_SYMBOL(hci_register_cb);
1285 int hci_unregister_cb(struct hci_cb *cb)
1287 BT_DBG("%p name %s", cb, cb->name);
1289 write_lock_bh(&hci_cb_list_lock);
1290 list_del(&cb->list);
1291 write_unlock_bh(&hci_cb_list_lock);
1295 EXPORT_SYMBOL(hci_unregister_cb);
1297 static int hci_send_frame(struct sk_buff *skb)
1299 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1306 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
1308 if (atomic_read(&hdev->promisc)) {
1310 __net_timestamp(skb);
1312 hci_send_to_sock(hdev, skb);
1315 /* Get rid of skb owner, prior to sending to the driver. */
1318 return hdev->send(skb);
1321 /* Send HCI command */
1322 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
1324 int len = HCI_COMMAND_HDR_SIZE + plen;
1325 struct hci_command_hdr *hdr;
1326 struct sk_buff *skb;
1328 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen);
1330 skb = bt_skb_alloc(len, GFP_ATOMIC);
1332 BT_ERR("%s no memory for command", hdev->name);
1336 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
1337 hdr->opcode = cpu_to_le16(opcode);
1341 memcpy(skb_put(skb, plen), param, plen);
1343 BT_DBG("skb len %d", skb->len);
1345 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
1346 skb->dev = (void *) hdev;
1348 skb_queue_tail(&hdev->cmd_q, skb);
1349 tasklet_schedule(&hdev->cmd_task);
1354 /* Get data from the previously sent command */
1355 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
1357 struct hci_command_hdr *hdr;
1359 if (!hdev->sent_cmd)
1362 hdr = (void *) hdev->sent_cmd->data;
1364 if (hdr->opcode != cpu_to_le16(opcode))
1367 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1369 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
1373 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
1375 struct hci_acl_hdr *hdr;
1378 skb_push(skb, HCI_ACL_HDR_SIZE);
1379 skb_reset_transport_header(skb);
1380 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
1381 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
1382 hdr->dlen = cpu_to_le16(len);
1385 void hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags)
1387 struct hci_dev *hdev = conn->hdev;
1388 struct sk_buff *list;
1390 BT_DBG("%s conn %p flags 0x%x", hdev->name, conn, flags);
1392 skb->dev = (void *) hdev;
1393 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1394 hci_add_acl_hdr(skb, conn->handle, flags | ACL_START);
1396 list = skb_shinfo(skb)->frag_list;
1398 /* Non fragmented */
1399 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
1401 skb_queue_tail(&conn->data_q, skb);
1404 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1406 skb_shinfo(skb)->frag_list = NULL;
1408 /* Queue all fragments atomically */
1409 spin_lock_bh(&conn->data_q.lock);
1411 __skb_queue_tail(&conn->data_q, skb);
1413 skb = list; list = list->next;
1415 skb->dev = (void *) hdev;
1416 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1417 hci_add_acl_hdr(skb, conn->handle, flags | ACL_CONT);
1419 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1421 __skb_queue_tail(&conn->data_q, skb);
1424 spin_unlock_bh(&conn->data_q.lock);
1427 tasklet_schedule(&hdev->tx_task);
1429 EXPORT_SYMBOL(hci_send_acl);
1432 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
1434 struct hci_dev *hdev = conn->hdev;
1435 struct hci_sco_hdr hdr;
1437 BT_DBG("%s len %d", hdev->name, skb->len);
1439 hdr.handle = cpu_to_le16(conn->handle);
1440 hdr.dlen = skb->len;
1442 skb_push(skb, HCI_SCO_HDR_SIZE);
1443 skb_reset_transport_header(skb);
1444 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
1446 skb->dev = (void *) hdev;
1447 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
1449 skb_queue_tail(&conn->data_q, skb);
1450 tasklet_schedule(&hdev->tx_task);
1452 EXPORT_SYMBOL(hci_send_sco);
1454 /* ---- HCI TX task (outgoing data) ---- */
1456 /* HCI Connection scheduler */
1457 static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
1459 struct hci_conn_hash *h = &hdev->conn_hash;
1460 struct hci_conn *conn = NULL;
1461 int num = 0, min = ~0;
1462 struct list_head *p;
1464 /* We don't have to lock device here. Connections are always
1465 * added and removed with TX task disabled. */
1466 list_for_each(p, &h->list) {
1468 c = list_entry(p, struct hci_conn, list);
1470 if (c->type != type || skb_queue_empty(&c->data_q))
1473 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
1478 if (c->sent < min) {
1485 int cnt = (type == ACL_LINK ? hdev->acl_cnt : hdev->sco_cnt);
1491 BT_DBG("conn %p quote %d", conn, *quote);
1495 static inline void hci_acl_tx_to(struct hci_dev *hdev)
1497 struct hci_conn_hash *h = &hdev->conn_hash;
1498 struct list_head *p;
1501 BT_ERR("%s ACL tx timeout", hdev->name);
1503 /* Kill stalled connections */
1504 list_for_each(p, &h->list) {
1505 c = list_entry(p, struct hci_conn, list);
1506 if (c->type == ACL_LINK && c->sent) {
1507 BT_ERR("%s killing stalled ACL connection %s",
1508 hdev->name, batostr(&c->dst));
1509 hci_acl_disconn(c, 0x13);
1514 static inline void hci_sched_acl(struct hci_dev *hdev)
1516 struct hci_conn *conn;
1517 struct sk_buff *skb;
1520 BT_DBG("%s", hdev->name);
1522 if (!test_bit(HCI_RAW, &hdev->flags)) {
1523 /* ACL tx timeout must be longer than maximum
1524 * link supervision timeout (40.9 seconds) */
1525 if (!hdev->acl_cnt && time_after(jiffies, hdev->acl_last_tx + HZ * 45))
1526 hci_acl_tx_to(hdev);
1529 while (hdev->acl_cnt && (conn = hci_low_sent(hdev, ACL_LINK, "e))) {
1530 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
1531 BT_DBG("skb %p len %d", skb, skb->len);
1533 hci_conn_enter_active_mode(conn);
1535 hci_send_frame(skb);
1536 hdev->acl_last_tx = jiffies;
1545 static inline void hci_sched_sco(struct hci_dev *hdev)
1547 struct hci_conn *conn;
1548 struct sk_buff *skb;
1551 BT_DBG("%s", hdev->name);
1553 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
1554 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
1555 BT_DBG("skb %p len %d", skb, skb->len);
1556 hci_send_frame(skb);
1559 if (conn->sent == ~0)
1565 static inline void hci_sched_esco(struct hci_dev *hdev)
1567 struct hci_conn *conn;
1568 struct sk_buff *skb;
1571 BT_DBG("%s", hdev->name);
1573 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, "e))) {
1574 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
1575 BT_DBG("skb %p len %d", skb, skb->len);
1576 hci_send_frame(skb);
1579 if (conn->sent == ~0)
1585 static void hci_tx_task(unsigned long arg)
1587 struct hci_dev *hdev = (struct hci_dev *) arg;
1588 struct sk_buff *skb;
1590 read_lock(&hci_task_lock);
1592 BT_DBG("%s acl %d sco %d", hdev->name, hdev->acl_cnt, hdev->sco_cnt);
1594 /* Schedule queues and send stuff to HCI driver */
1596 hci_sched_acl(hdev);
1598 hci_sched_sco(hdev);
1600 hci_sched_esco(hdev);
1602 /* Send next queued raw (unknown type) packet */
1603 while ((skb = skb_dequeue(&hdev->raw_q)))
1604 hci_send_frame(skb);
1606 read_unlock(&hci_task_lock);
1609 /* ----- HCI RX task (incoming data proccessing) ----- */
1611 /* ACL data packet */
1612 static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
1614 struct hci_acl_hdr *hdr = (void *) skb->data;
1615 struct hci_conn *conn;
1616 __u16 handle, flags;
1618 skb_pull(skb, HCI_ACL_HDR_SIZE);
1620 handle = __le16_to_cpu(hdr->handle);
1621 flags = hci_flags(handle);
1622 handle = hci_handle(handle);
1624 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
1626 hdev->stat.acl_rx++;
1629 conn = hci_conn_hash_lookup_handle(hdev, handle);
1630 hci_dev_unlock(hdev);
1633 register struct hci_proto *hp;
1635 hci_conn_enter_active_mode(conn);
1637 /* Send to upper protocol */
1638 hp = hci_proto[HCI_PROTO_L2CAP];
1639 if (hp && hp->recv_acldata) {
1640 hp->recv_acldata(conn, skb, flags);
1644 BT_ERR("%s ACL packet for unknown connection handle %d",
1645 hdev->name, handle);
1651 /* SCO data packet */
1652 static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
1654 struct hci_sco_hdr *hdr = (void *) skb->data;
1655 struct hci_conn *conn;
1658 skb_pull(skb, HCI_SCO_HDR_SIZE);
1660 handle = __le16_to_cpu(hdr->handle);
1662 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
1664 hdev->stat.sco_rx++;
1667 conn = hci_conn_hash_lookup_handle(hdev, handle);
1668 hci_dev_unlock(hdev);
1671 register struct hci_proto *hp;
1673 /* Send to upper protocol */
1674 hp = hci_proto[HCI_PROTO_SCO];
1675 if (hp && hp->recv_scodata) {
1676 hp->recv_scodata(conn, skb);
1680 BT_ERR("%s SCO packet for unknown connection handle %d",
1681 hdev->name, handle);
1687 static void hci_rx_task(unsigned long arg)
1689 struct hci_dev *hdev = (struct hci_dev *) arg;
1690 struct sk_buff *skb;
1692 BT_DBG("%s", hdev->name);
1694 read_lock(&hci_task_lock);
1696 while ((skb = skb_dequeue(&hdev->rx_q))) {
1697 if (atomic_read(&hdev->promisc)) {
1698 /* Send copy to the sockets */
1699 hci_send_to_sock(hdev, skb);
1702 if (test_bit(HCI_RAW, &hdev->flags)) {
1707 if (test_bit(HCI_INIT, &hdev->flags)) {
1708 /* Don't process data packets in this states. */
1709 switch (bt_cb(skb)->pkt_type) {
1710 case HCI_ACLDATA_PKT:
1711 case HCI_SCODATA_PKT:
1718 switch (bt_cb(skb)->pkt_type) {
1720 hci_event_packet(hdev, skb);
1723 case HCI_ACLDATA_PKT:
1724 BT_DBG("%s ACL data packet", hdev->name);
1725 hci_acldata_packet(hdev, skb);
1728 case HCI_SCODATA_PKT:
1729 BT_DBG("%s SCO data packet", hdev->name);
1730 hci_scodata_packet(hdev, skb);
1739 read_unlock(&hci_task_lock);
1742 static void hci_cmd_task(unsigned long arg)
1744 struct hci_dev *hdev = (struct hci_dev *) arg;
1745 struct sk_buff *skb;
1747 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
1749 if (!atomic_read(&hdev->cmd_cnt) && time_after(jiffies, hdev->cmd_last_tx + HZ)) {
1750 BT_ERR("%s command tx timeout", hdev->name);
1751 atomic_set(&hdev->cmd_cnt, 1);
1754 /* Send queued commands */
1755 if (atomic_read(&hdev->cmd_cnt) && (skb = skb_dequeue(&hdev->cmd_q))) {
1756 kfree_skb(hdev->sent_cmd);
1758 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
1759 if (hdev->sent_cmd) {
1760 atomic_dec(&hdev->cmd_cnt);
1761 hci_send_frame(skb);
1762 hdev->cmd_last_tx = jiffies;
1764 skb_queue_head(&hdev->cmd_q, skb);
1765 tasklet_schedule(&hdev->cmd_task);
projects / mv-sheeva.git / blob