Pull bugzilla-9535 into release branch
[linux-2.6] / net / bluetooth / hci_core.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI core. */
26
27 #include <linux/module.h>
28 #include <linux/kmod.h>
29
30 #include <linux/types.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/skbuff.h>
39 #include <linux/interrupt.h>
40 #include <linux/notifier.h>
41 #include <net/sock.h>
42
43 #include <asm/system.h>
44 #include <asm/uaccess.h>
45 #include <asm/unaligned.h>
46
47 #include <net/bluetooth/bluetooth.h>
48 #include <net/bluetooth/hci_core.h>
49
50 #ifndef CONFIG_BT_HCI_CORE_DEBUG
51 #undef  BT_DBG
52 #define BT_DBG(D...)
53 #endif
54
55 static void hci_cmd_task(unsigned long arg);
56 static void hci_rx_task(unsigned long arg);
57 static void hci_tx_task(unsigned long arg);
58 static void hci_notify(struct hci_dev *hdev, int event);
59
60 static DEFINE_RWLOCK(hci_task_lock);
61
62 /* HCI device list */
63 LIST_HEAD(hci_dev_list);
64 DEFINE_RWLOCK(hci_dev_list_lock);
65
66 /* HCI callback list */
67 LIST_HEAD(hci_cb_list);
68 DEFINE_RWLOCK(hci_cb_list_lock);
69
70 /* HCI protocols */
71 #define HCI_MAX_PROTO   2
72 struct hci_proto *hci_proto[HCI_MAX_PROTO];
73
74 /* HCI notifiers list */
75 static ATOMIC_NOTIFIER_HEAD(hci_notifier);
76
77 /* ---- HCI notifications ---- */
78
79 int hci_register_notifier(struct notifier_block *nb)
80 {
81         return atomic_notifier_chain_register(&hci_notifier, nb);
82 }
83
84 int hci_unregister_notifier(struct notifier_block *nb)
85 {
86         return atomic_notifier_chain_unregister(&hci_notifier, nb);
87 }
88
89 static void hci_notify(struct hci_dev *hdev, int event)
90 {
91         atomic_notifier_call_chain(&hci_notifier, event, hdev);
92 }
93
94 /* ---- HCI requests ---- */
95
96 void hci_req_complete(struct hci_dev *hdev, int result)
97 {
98         BT_DBG("%s result 0x%2.2x", hdev->name, result);
99
100         if (hdev->req_status == HCI_REQ_PEND) {
101                 hdev->req_result = result;
102                 hdev->req_status = HCI_REQ_DONE;
103                 wake_up_interruptible(&hdev->req_wait_q);
104         }
105 }
106
107 static void hci_req_cancel(struct hci_dev *hdev, int err)
108 {
109         BT_DBG("%s err 0x%2.2x", hdev->name, err);
110
111         if (hdev->req_status == HCI_REQ_PEND) {
112                 hdev->req_result = err;
113                 hdev->req_status = HCI_REQ_CANCELED;
114                 wake_up_interruptible(&hdev->req_wait_q);
115         }
116 }
117
118 /* Execute request and wait for completion. */
119 static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
120                                 unsigned long opt, __u32 timeout)
121 {
122         DECLARE_WAITQUEUE(wait, current);
123         int err = 0;
124
125         BT_DBG("%s start", hdev->name);
126
127         hdev->req_status = HCI_REQ_PEND;
128
129         add_wait_queue(&hdev->req_wait_q, &wait);
130         set_current_state(TASK_INTERRUPTIBLE);
131
132         req(hdev, opt);
133         schedule_timeout(timeout);
134
135         remove_wait_queue(&hdev->req_wait_q, &wait);
136
137         if (signal_pending(current))
138                 return -EINTR;
139
140         switch (hdev->req_status) {
141         case HCI_REQ_DONE:
142                 err = -bt_err(hdev->req_result);
143                 break;
144
145         case HCI_REQ_CANCELED:
146                 err = -hdev->req_result;
147                 break;
148
149         default:
150                 err = -ETIMEDOUT;
151                 break;
152         }
153
154         hdev->req_status = hdev->req_result = 0;
155
156         BT_DBG("%s end: err %d", hdev->name, err);
157
158         return err;
159 }
160
161 static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
162                                 unsigned long opt, __u32 timeout)
163 {
164         int ret;
165
166         /* Serialize all requests */
167         hci_req_lock(hdev);
168         ret = __hci_request(hdev, req, opt, timeout);
169         hci_req_unlock(hdev);
170
171         return ret;
172 }
173
174 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
175 {
176         BT_DBG("%s %ld", hdev->name, opt);
177
178         /* Reset device */
179         hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
180 }
181
182 static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
183 {
184         struct sk_buff *skb;
185         __le16 param;
186         __u8 flt_type;
187
188         BT_DBG("%s %ld", hdev->name, opt);
189
190         /* Driver initialization */
191
192         /* Special commands */
193         while ((skb = skb_dequeue(&hdev->driver_init))) {
194                 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
195                 skb->dev = (void *) hdev;
196                 skb_queue_tail(&hdev->cmd_q, skb);
197                 hci_sched_cmd(hdev);
198         }
199         skb_queue_purge(&hdev->driver_init);
200
201         /* Mandatory initialization */
202
203         /* Reset */
204         if (test_bit(HCI_QUIRK_RESET_ON_INIT, &hdev->quirks))
205                         hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
206
207         /* Read Local Supported Features */
208         hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
209
210         /* Read Local Version */
211         hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
212
213         /* Read Buffer Size (ACL mtu, max pkt, etc.) */
214         hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
215
216 #if 0
217         /* Host buffer size */
218         {
219                 struct hci_cp_host_buffer_size cp;
220                 cp.acl_mtu = cpu_to_le16(HCI_MAX_ACL_SIZE);
221                 cp.sco_mtu = HCI_MAX_SCO_SIZE;
222                 cp.acl_max_pkt = cpu_to_le16(0xffff);
223                 cp.sco_max_pkt = cpu_to_le16(0xffff);
224                 hci_send_cmd(hdev, HCI_OP_HOST_BUFFER_SIZE, sizeof(cp), &cp);
225         }
226 #endif
227
228         /* Read BD Address */
229         hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
230
231         /* Read Class of Device */
232         hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
233
234         /* Read Local Name */
235         hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
236
237         /* Read Voice Setting */
238         hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
239
240         /* Optional initialization */
241
242         /* Clear Event Filters */
243         flt_type = HCI_FLT_CLEAR_ALL;
244         hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
245
246         /* Page timeout ~20 secs */
247         param = cpu_to_le16(0x8000);
248         hci_send_cmd(hdev, HCI_OP_WRITE_PG_TIMEOUT, 2, &param);
249
250         /* Connection accept timeout ~20 secs */
251         param = cpu_to_le16(0x7d00);
252         hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
253 }
254
255 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
256 {
257         __u8 scan = opt;
258
259         BT_DBG("%s %x", hdev->name, scan);
260
261         /* Inquiry and Page scans */
262         hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
263 }
264
265 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
266 {
267         __u8 auth = opt;
268
269         BT_DBG("%s %x", hdev->name, auth);
270
271         /* Authentication */
272         hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
273 }
274
275 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
276 {
277         __u8 encrypt = opt;
278
279         BT_DBG("%s %x", hdev->name, encrypt);
280
281         /* Authentication */
282         hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
283 }
284
285 /* Get HCI device by index.
286  * Device is held on return. */
287 struct hci_dev *hci_dev_get(int index)
288 {
289         struct hci_dev *hdev = NULL;
290         struct list_head *p;
291
292         BT_DBG("%d", index);
293
294         if (index < 0)
295                 return NULL;
296
297         read_lock(&hci_dev_list_lock);
298         list_for_each(p, &hci_dev_list) {
299                 struct hci_dev *d = list_entry(p, struct hci_dev, list);
300                 if (d->id == index) {
301                         hdev = hci_dev_hold(d);
302                         break;
303                 }
304         }
305         read_unlock(&hci_dev_list_lock);
306         return hdev;
307 }
308
309 /* ---- Inquiry support ---- */
310 static void inquiry_cache_flush(struct hci_dev *hdev)
311 {
312         struct inquiry_cache *cache = &hdev->inq_cache;
313         struct inquiry_entry *next  = cache->list, *e;
314
315         BT_DBG("cache %p", cache);
316
317         cache->list = NULL;
318         while ((e = next)) {
319                 next = e->next;
320                 kfree(e);
321         }
322 }
323
324 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
325 {
326         struct inquiry_cache *cache = &hdev->inq_cache;
327         struct inquiry_entry *e;
328
329         BT_DBG("cache %p, %s", cache, batostr(bdaddr));
330
331         for (e = cache->list; e; e = e->next)
332                 if (!bacmp(&e->data.bdaddr, bdaddr))
333                         break;
334         return e;
335 }
336
337 void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data)
338 {
339         struct inquiry_cache *cache = &hdev->inq_cache;
340         struct inquiry_entry *e;
341
342         BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
343
344         if (!(e = hci_inquiry_cache_lookup(hdev, &data->bdaddr))) {
345                 /* Entry not in the cache. Add new one. */
346                 if (!(e = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC)))
347                         return;
348                 e->next     = cache->list;
349                 cache->list = e;
350         }
351
352         memcpy(&e->data, data, sizeof(*data));
353         e->timestamp = jiffies;
354         cache->timestamp = jiffies;
355 }
356
357 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
358 {
359         struct inquiry_cache *cache = &hdev->inq_cache;
360         struct inquiry_info *info = (struct inquiry_info *) buf;
361         struct inquiry_entry *e;
362         int copied = 0;
363
364         for (e = cache->list; e && copied < num; e = e->next, copied++) {
365                 struct inquiry_data *data = &e->data;
366                 bacpy(&info->bdaddr, &data->bdaddr);
367                 info->pscan_rep_mode    = data->pscan_rep_mode;
368                 info->pscan_period_mode = data->pscan_period_mode;
369                 info->pscan_mode        = data->pscan_mode;
370                 memcpy(info->dev_class, data->dev_class, 3);
371                 info->clock_offset      = data->clock_offset;
372                 info++;
373         }
374
375         BT_DBG("cache %p, copied %d", cache, copied);
376         return copied;
377 }
378
379 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
380 {
381         struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
382         struct hci_cp_inquiry cp;
383
384         BT_DBG("%s", hdev->name);
385
386         if (test_bit(HCI_INQUIRY, &hdev->flags))
387                 return;
388
389         /* Start Inquiry */
390         memcpy(&cp.lap, &ir->lap, 3);
391         cp.length  = ir->length;
392         cp.num_rsp = ir->num_rsp;
393         hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
394 }
395
396 int hci_inquiry(void __user *arg)
397 {
398         __u8 __user *ptr = arg;
399         struct hci_inquiry_req ir;
400         struct hci_dev *hdev;
401         int err = 0, do_inquiry = 0, max_rsp;
402         long timeo;
403         __u8 *buf;
404
405         if (copy_from_user(&ir, ptr, sizeof(ir)))
406                 return -EFAULT;
407
408         if (!(hdev = hci_dev_get(ir.dev_id)))
409                 return -ENODEV;
410
411         hci_dev_lock_bh(hdev);
412         if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
413                                         inquiry_cache_empty(hdev) ||
414                                         ir.flags & IREQ_CACHE_FLUSH) {
415                 inquiry_cache_flush(hdev);
416                 do_inquiry = 1;
417         }
418         hci_dev_unlock_bh(hdev);
419
420         timeo = ir.length * msecs_to_jiffies(2000);
421         if (do_inquiry && (err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo)) < 0)
422                 goto done;
423
424         /* for unlimited number of responses we will use buffer with 255 entries */
425         max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
426
427         /* cache_dump can't sleep. Therefore we allocate temp buffer and then
428          * copy it to the user space.
429          */
430         if (!(buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL))) {
431                 err = -ENOMEM;
432                 goto done;
433         }
434
435         hci_dev_lock_bh(hdev);
436         ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
437         hci_dev_unlock_bh(hdev);
438
439         BT_DBG("num_rsp %d", ir.num_rsp);
440
441         if (!copy_to_user(ptr, &ir, sizeof(ir))) {
442                 ptr += sizeof(ir);
443                 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
444                                         ir.num_rsp))
445                         err = -EFAULT;
446         } else
447                 err = -EFAULT;
448
449         kfree(buf);
450
451 done:
452         hci_dev_put(hdev);
453         return err;
454 }
455
456 /* ---- HCI ioctl helpers ---- */
457
458 int hci_dev_open(__u16 dev)
459 {
460         struct hci_dev *hdev;
461         int ret = 0;
462
463         if (!(hdev = hci_dev_get(dev)))
464                 return -ENODEV;
465
466         BT_DBG("%s %p", hdev->name, hdev);
467
468         hci_req_lock(hdev);
469
470         if (test_bit(HCI_UP, &hdev->flags)) {
471                 ret = -EALREADY;
472                 goto done;
473         }
474
475         if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
476                 set_bit(HCI_RAW, &hdev->flags);
477
478         if (hdev->open(hdev)) {
479                 ret = -EIO;
480                 goto done;
481         }
482
483         if (!test_bit(HCI_RAW, &hdev->flags)) {
484                 atomic_set(&hdev->cmd_cnt, 1);
485                 set_bit(HCI_INIT, &hdev->flags);
486
487                 //__hci_request(hdev, hci_reset_req, 0, HZ);
488                 ret = __hci_request(hdev, hci_init_req, 0,
489                                         msecs_to_jiffies(HCI_INIT_TIMEOUT));
490
491                 clear_bit(HCI_INIT, &hdev->flags);
492         }
493
494         if (!ret) {
495                 hci_dev_hold(hdev);
496                 set_bit(HCI_UP, &hdev->flags);
497                 hci_notify(hdev, HCI_DEV_UP);
498         } else {
499                 /* Init failed, cleanup */
500                 tasklet_kill(&hdev->rx_task);
501                 tasklet_kill(&hdev->tx_task);
502                 tasklet_kill(&hdev->cmd_task);
503
504                 skb_queue_purge(&hdev->cmd_q);
505                 skb_queue_purge(&hdev->rx_q);
506
507                 if (hdev->flush)
508                         hdev->flush(hdev);
509
510                 if (hdev->sent_cmd) {
511                         kfree_skb(hdev->sent_cmd);
512                         hdev->sent_cmd = NULL;
513                 }
514
515                 hdev->close(hdev);
516                 hdev->flags = 0;
517         }
518
519 done:
520         hci_req_unlock(hdev);
521         hci_dev_put(hdev);
522         return ret;
523 }
524
525 static int hci_dev_do_close(struct hci_dev *hdev)
526 {
527         BT_DBG("%s %p", hdev->name, hdev);
528
529         hci_req_cancel(hdev, ENODEV);
530         hci_req_lock(hdev);
531
532         if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
533                 hci_req_unlock(hdev);
534                 return 0;
535         }
536
537         /* Kill RX and TX tasks */
538         tasklet_kill(&hdev->rx_task);
539         tasklet_kill(&hdev->tx_task);
540
541         hci_dev_lock_bh(hdev);
542         inquiry_cache_flush(hdev);
543         hci_conn_hash_flush(hdev);
544         hci_dev_unlock_bh(hdev);
545
546         hci_notify(hdev, HCI_DEV_DOWN);
547
548         if (hdev->flush)
549                 hdev->flush(hdev);
550
551         /* Reset device */
552         skb_queue_purge(&hdev->cmd_q);
553         atomic_set(&hdev->cmd_cnt, 1);
554         if (!test_bit(HCI_RAW, &hdev->flags)) {
555                 set_bit(HCI_INIT, &hdev->flags);
556                 __hci_request(hdev, hci_reset_req, 0,
557                                         msecs_to_jiffies(250));
558                 clear_bit(HCI_INIT, &hdev->flags);
559         }
560
561         /* Kill cmd task */
562         tasklet_kill(&hdev->cmd_task);
563
564         /* Drop queues */
565         skb_queue_purge(&hdev->rx_q);
566         skb_queue_purge(&hdev->cmd_q);
567         skb_queue_purge(&hdev->raw_q);
568
569         /* Drop last sent command */
570         if (hdev->sent_cmd) {
571                 kfree_skb(hdev->sent_cmd);
572                 hdev->sent_cmd = NULL;
573         }
574
575         /* After this point our queues are empty
576          * and no tasks are scheduled. */
577         hdev->close(hdev);
578
579         /* Clear flags */
580         hdev->flags = 0;
581
582         hci_req_unlock(hdev);
583
584         hci_dev_put(hdev);
585         return 0;
586 }
587
588 int hci_dev_close(__u16 dev)
589 {
590         struct hci_dev *hdev;
591         int err;
592
593         if (!(hdev = hci_dev_get(dev)))
594                 return -ENODEV;
595         err = hci_dev_do_close(hdev);
596         hci_dev_put(hdev);
597         return err;
598 }
599
600 int hci_dev_reset(__u16 dev)
601 {
602         struct hci_dev *hdev;
603         int ret = 0;
604
605         if (!(hdev = hci_dev_get(dev)))
606                 return -ENODEV;
607
608         hci_req_lock(hdev);
609         tasklet_disable(&hdev->tx_task);
610
611         if (!test_bit(HCI_UP, &hdev->flags))
612                 goto done;
613
614         /* Drop queues */
615         skb_queue_purge(&hdev->rx_q);
616         skb_queue_purge(&hdev->cmd_q);
617
618         hci_dev_lock_bh(hdev);
619         inquiry_cache_flush(hdev);
620         hci_conn_hash_flush(hdev);
621         hci_dev_unlock_bh(hdev);
622
623         if (hdev->flush)
624                 hdev->flush(hdev);
625
626         atomic_set(&hdev->cmd_cnt, 1);
627         hdev->acl_cnt = 0; hdev->sco_cnt = 0;
628
629         if (!test_bit(HCI_RAW, &hdev->flags))
630                 ret = __hci_request(hdev, hci_reset_req, 0,
631                                         msecs_to_jiffies(HCI_INIT_TIMEOUT));
632
633 done:
634         tasklet_enable(&hdev->tx_task);
635         hci_req_unlock(hdev);
636         hci_dev_put(hdev);
637         return ret;
638 }
639
640 int hci_dev_reset_stat(__u16 dev)
641 {
642         struct hci_dev *hdev;
643         int ret = 0;
644
645         if (!(hdev = hci_dev_get(dev)))
646                 return -ENODEV;
647
648         memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
649
650         hci_dev_put(hdev);
651
652         return ret;
653 }
654
655 int hci_dev_cmd(unsigned int cmd, void __user *arg)
656 {
657         struct hci_dev *hdev;
658         struct hci_dev_req dr;
659         int err = 0;
660
661         if (copy_from_user(&dr, arg, sizeof(dr)))
662                 return -EFAULT;
663
664         if (!(hdev = hci_dev_get(dr.dev_id)))
665                 return -ENODEV;
666
667         switch (cmd) {
668         case HCISETAUTH:
669                 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
670                                         msecs_to_jiffies(HCI_INIT_TIMEOUT));
671                 break;
672
673         case HCISETENCRYPT:
674                 if (!lmp_encrypt_capable(hdev)) {
675                         err = -EOPNOTSUPP;
676                         break;
677                 }
678
679                 if (!test_bit(HCI_AUTH, &hdev->flags)) {
680                         /* Auth must be enabled first */
681                         err = hci_request(hdev, hci_auth_req, dr.dev_opt,
682                                         msecs_to_jiffies(HCI_INIT_TIMEOUT));
683                         if (err)
684                                 break;
685                 }
686
687                 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
688                                         msecs_to_jiffies(HCI_INIT_TIMEOUT));
689                 break;
690
691         case HCISETSCAN:
692                 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
693                                         msecs_to_jiffies(HCI_INIT_TIMEOUT));
694                 break;
695
696         case HCISETPTYPE:
697                 hdev->pkt_type = (__u16) dr.dev_opt;
698                 break;
699
700         case HCISETLINKPOL:
701                 hdev->link_policy = (__u16) dr.dev_opt;
702                 break;
703
704         case HCISETLINKMODE:
705                 hdev->link_mode = ((__u16) dr.dev_opt) & (HCI_LM_MASTER | HCI_LM_ACCEPT);
706                 break;
707
708         case HCISETACLMTU:
709                 hdev->acl_mtu  = *((__u16 *)&dr.dev_opt + 1);
710                 hdev->acl_pkts = *((__u16 *)&dr.dev_opt + 0);
711                 break;
712
713         case HCISETSCOMTU:
714                 hdev->sco_mtu  = *((__u16 *)&dr.dev_opt + 1);
715                 hdev->sco_pkts = *((__u16 *)&dr.dev_opt + 0);
716                 break;
717
718         default:
719                 err = -EINVAL;
720                 break;
721         }
722         hci_dev_put(hdev);
723         return err;
724 }
725
726 int hci_get_dev_list(void __user *arg)
727 {
728         struct hci_dev_list_req *dl;
729         struct hci_dev_req *dr;
730         struct list_head *p;
731         int n = 0, size, err;
732         __u16 dev_num;
733
734         if (get_user(dev_num, (__u16 __user *) arg))
735                 return -EFAULT;
736
737         if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
738                 return -EINVAL;
739
740         size = sizeof(*dl) + dev_num * sizeof(*dr);
741
742         if (!(dl = kmalloc(size, GFP_KERNEL)))
743                 return -ENOMEM;
744
745         dr = dl->dev_req;
746
747         read_lock_bh(&hci_dev_list_lock);
748         list_for_each(p, &hci_dev_list) {
749                 struct hci_dev *hdev;
750                 hdev = list_entry(p, struct hci_dev, list);
751                 (dr + n)->dev_id  = hdev->id;
752                 (dr + n)->dev_opt = hdev->flags;
753                 if (++n >= dev_num)
754                         break;
755         }
756         read_unlock_bh(&hci_dev_list_lock);
757
758         dl->dev_num = n;
759         size = sizeof(*dl) + n * sizeof(*dr);
760
761         err = copy_to_user(arg, dl, size);
762         kfree(dl);
763
764         return err ? -EFAULT : 0;
765 }
766
767 int hci_get_dev_info(void __user *arg)
768 {
769         struct hci_dev *hdev;
770         struct hci_dev_info di;
771         int err = 0;
772
773         if (copy_from_user(&di, arg, sizeof(di)))
774                 return -EFAULT;
775
776         if (!(hdev = hci_dev_get(di.dev_id)))
777                 return -ENODEV;
778
779         strcpy(di.name, hdev->name);
780         di.bdaddr   = hdev->bdaddr;
781         di.type     = hdev->type;
782         di.flags    = hdev->flags;
783         di.pkt_type = hdev->pkt_type;
784         di.acl_mtu  = hdev->acl_mtu;
785         di.acl_pkts = hdev->acl_pkts;
786         di.sco_mtu  = hdev->sco_mtu;
787         di.sco_pkts = hdev->sco_pkts;
788         di.link_policy = hdev->link_policy;
789         di.link_mode   = hdev->link_mode;
790
791         memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
792         memcpy(&di.features, &hdev->features, sizeof(di.features));
793
794         if (copy_to_user(arg, &di, sizeof(di)))
795                 err = -EFAULT;
796
797         hci_dev_put(hdev);
798
799         return err;
800 }
801
802 /* ---- Interface to HCI drivers ---- */
803
804 /* Alloc HCI device */
805 struct hci_dev *hci_alloc_dev(void)
806 {
807         struct hci_dev *hdev;
808
809         hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
810         if (!hdev)
811                 return NULL;
812
813         skb_queue_head_init(&hdev->driver_init);
814
815         return hdev;
816 }
817 EXPORT_SYMBOL(hci_alloc_dev);
818
819 /* Free HCI device */
820 void hci_free_dev(struct hci_dev *hdev)
821 {
822         skb_queue_purge(&hdev->driver_init);
823
824         /* will free via device release */
825         put_device(&hdev->dev);
826 }
827 EXPORT_SYMBOL(hci_free_dev);
828
829 /* Register HCI device */
830 int hci_register_dev(struct hci_dev *hdev)
831 {
832         struct list_head *head = &hci_dev_list, *p;
833         int i, id = 0;
834
835         BT_DBG("%p name %s type %d owner %p", hdev, hdev->name, hdev->type, hdev->owner);
836
837         if (!hdev->open || !hdev->close || !hdev->destruct)
838                 return -EINVAL;
839
840         write_lock_bh(&hci_dev_list_lock);
841
842         /* Find first available device id */
843         list_for_each(p, &hci_dev_list) {
844                 if (list_entry(p, struct hci_dev, list)->id != id)
845                         break;
846                 head = p; id++;
847         }
848
849         sprintf(hdev->name, "hci%d", id);
850         hdev->id = id;
851         list_add(&hdev->list, head);
852
853         atomic_set(&hdev->refcnt, 1);
854         spin_lock_init(&hdev->lock);
855
856         hdev->flags = 0;
857         hdev->pkt_type  = (HCI_DM1 | HCI_DH1 | HCI_HV1);
858         hdev->esco_type = (ESCO_HV1);
859         hdev->link_mode = (HCI_LM_ACCEPT);
860
861         hdev->idle_timeout = 0;
862         hdev->sniff_max_interval = 800;
863         hdev->sniff_min_interval = 80;
864
865         tasklet_init(&hdev->cmd_task, hci_cmd_task,(unsigned long) hdev);
866         tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev);
867         tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev);
868
869         skb_queue_head_init(&hdev->rx_q);
870         skb_queue_head_init(&hdev->cmd_q);
871         skb_queue_head_init(&hdev->raw_q);
872
873         for (i = 0; i < 3; i++)
874                 hdev->reassembly[i] = NULL;
875
876         init_waitqueue_head(&hdev->req_wait_q);
877         init_MUTEX(&hdev->req_lock);
878
879         inquiry_cache_init(hdev);
880
881         hci_conn_hash_init(hdev);
882
883         memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
884
885         atomic_set(&hdev->promisc, 0);
886
887         write_unlock_bh(&hci_dev_list_lock);
888
889         hci_register_sysfs(hdev);
890
891         hci_notify(hdev, HCI_DEV_REG);
892
893         return id;
894 }
895 EXPORT_SYMBOL(hci_register_dev);
896
897 /* Unregister HCI device */
898 int hci_unregister_dev(struct hci_dev *hdev)
899 {
900         int i;
901
902         BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type);
903
904         hci_unregister_sysfs(hdev);
905
906         write_lock_bh(&hci_dev_list_lock);
907         list_del(&hdev->list);
908         write_unlock_bh(&hci_dev_list_lock);
909
910         hci_dev_do_close(hdev);
911
912         for (i = 0; i < 3; i++)
913                 kfree_skb(hdev->reassembly[i]);
914
915         hci_notify(hdev, HCI_DEV_UNREG);
916
917         __hci_dev_put(hdev);
918
919         return 0;
920 }
921 EXPORT_SYMBOL(hci_unregister_dev);
922
923 /* Suspend HCI device */
924 int hci_suspend_dev(struct hci_dev *hdev)
925 {
926         hci_notify(hdev, HCI_DEV_SUSPEND);
927         return 0;
928 }
929 EXPORT_SYMBOL(hci_suspend_dev);
930
931 /* Resume HCI device */
932 int hci_resume_dev(struct hci_dev *hdev)
933 {
934         hci_notify(hdev, HCI_DEV_RESUME);
935         return 0;
936 }
937 EXPORT_SYMBOL(hci_resume_dev);
938
939 /* Receive packet type fragment */
940 #define __reassembly(hdev, type)  ((hdev)->reassembly[(type) - 2])
941
942 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
943 {
944         if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
945                 return -EILSEQ;
946
947         while (count) {
948                 struct sk_buff *skb = __reassembly(hdev, type);
949                 struct { int expect; } *scb;
950                 int len = 0;
951
952                 if (!skb) {
953                         /* Start of the frame */
954
955                         switch (type) {
956                         case HCI_EVENT_PKT:
957                                 if (count >= HCI_EVENT_HDR_SIZE) {
958                                         struct hci_event_hdr *h = data;
959                                         len = HCI_EVENT_HDR_SIZE + h->plen;
960                                 } else
961                                         return -EILSEQ;
962                                 break;
963
964                         case HCI_ACLDATA_PKT:
965                                 if (count >= HCI_ACL_HDR_SIZE) {
966                                         struct hci_acl_hdr *h = data;
967                                         len = HCI_ACL_HDR_SIZE + __le16_to_cpu(h->dlen);
968                                 } else
969                                         return -EILSEQ;
970                                 break;
971
972                         case HCI_SCODATA_PKT:
973                                 if (count >= HCI_SCO_HDR_SIZE) {
974                                         struct hci_sco_hdr *h = data;
975                                         len = HCI_SCO_HDR_SIZE + h->dlen;
976                                 } else
977                                         return -EILSEQ;
978                                 break;
979                         }
980
981                         skb = bt_skb_alloc(len, GFP_ATOMIC);
982                         if (!skb) {
983                                 BT_ERR("%s no memory for packet", hdev->name);
984                                 return -ENOMEM;
985                         }
986
987                         skb->dev = (void *) hdev;
988                         bt_cb(skb)->pkt_type = type;
989
990                         __reassembly(hdev, type) = skb;
991
992                         scb = (void *) skb->cb;
993                         scb->expect = len;
994                 } else {
995                         /* Continuation */
996
997                         scb = (void *) skb->cb;
998                         len = scb->expect;
999                 }
1000
1001                 len = min(len, count);
1002
1003                 memcpy(skb_put(skb, len), data, len);
1004
1005                 scb->expect -= len;
1006
1007                 if (scb->expect == 0) {
1008                         /* Complete frame */
1009
1010                         __reassembly(hdev, type) = NULL;
1011
1012                         bt_cb(skb)->pkt_type = type;
1013                         hci_recv_frame(skb);
1014                 }
1015
1016                 count -= len; data += len;
1017         }
1018
1019         return 0;
1020 }
1021 EXPORT_SYMBOL(hci_recv_fragment);
1022
1023 /* ---- Interface to upper protocols ---- */
1024
1025 /* Register/Unregister protocols.
1026  * hci_task_lock is used to ensure that no tasks are running. */
1027 int hci_register_proto(struct hci_proto *hp)
1028 {
1029         int err = 0;
1030
1031         BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
1032
1033         if (hp->id >= HCI_MAX_PROTO)
1034                 return -EINVAL;
1035
1036         write_lock_bh(&hci_task_lock);
1037
1038         if (!hci_proto[hp->id])
1039                 hci_proto[hp->id] = hp;
1040         else
1041                 err = -EEXIST;
1042
1043         write_unlock_bh(&hci_task_lock);
1044
1045         return err;
1046 }
1047 EXPORT_SYMBOL(hci_register_proto);
1048
1049 int hci_unregister_proto(struct hci_proto *hp)
1050 {
1051         int err = 0;
1052
1053         BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
1054
1055         if (hp->id >= HCI_MAX_PROTO)
1056                 return -EINVAL;
1057
1058         write_lock_bh(&hci_task_lock);
1059
1060         if (hci_proto[hp->id])
1061                 hci_proto[hp->id] = NULL;
1062         else
1063                 err = -ENOENT;
1064
1065         write_unlock_bh(&hci_task_lock);
1066
1067         return err;
1068 }
1069 EXPORT_SYMBOL(hci_unregister_proto);
1070
1071 int hci_register_cb(struct hci_cb *cb)
1072 {
1073         BT_DBG("%p name %s", cb, cb->name);
1074
1075         write_lock_bh(&hci_cb_list_lock);
1076         list_add(&cb->list, &hci_cb_list);
1077         write_unlock_bh(&hci_cb_list_lock);
1078
1079         return 0;
1080 }
1081 EXPORT_SYMBOL(hci_register_cb);
1082
1083 int hci_unregister_cb(struct hci_cb *cb)
1084 {
1085         BT_DBG("%p name %s", cb, cb->name);
1086
1087         write_lock_bh(&hci_cb_list_lock);
1088         list_del(&cb->list);
1089         write_unlock_bh(&hci_cb_list_lock);
1090
1091         return 0;
1092 }
1093 EXPORT_SYMBOL(hci_unregister_cb);
1094
1095 static int hci_send_frame(struct sk_buff *skb)
1096 {
1097         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1098
1099         if (!hdev) {
1100                 kfree_skb(skb);
1101                 return -ENODEV;
1102         }
1103
1104         BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
1105
1106         if (atomic_read(&hdev->promisc)) {
1107                 /* Time stamp */
1108                 __net_timestamp(skb);
1109
1110                 hci_send_to_sock(hdev, skb);
1111         }
1112
1113         /* Get rid of skb owner, prior to sending to the driver. */
1114         skb_orphan(skb);
1115
1116         return hdev->send(skb);
1117 }
1118
1119 /* Send HCI command */
1120 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
1121 {
1122         int len = HCI_COMMAND_HDR_SIZE + plen;
1123         struct hci_command_hdr *hdr;
1124         struct sk_buff *skb;
1125
1126         BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen);
1127
1128         skb = bt_skb_alloc(len, GFP_ATOMIC);
1129         if (!skb) {
1130                 BT_ERR("%s no memory for command", hdev->name);
1131                 return -ENOMEM;
1132         }
1133
1134         hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
1135         hdr->opcode = cpu_to_le16(opcode);
1136         hdr->plen   = plen;
1137
1138         if (plen)
1139                 memcpy(skb_put(skb, plen), param, plen);
1140
1141         BT_DBG("skb len %d", skb->len);
1142
1143         bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
1144         skb->dev = (void *) hdev;
1145         skb_queue_tail(&hdev->cmd_q, skb);
1146         hci_sched_cmd(hdev);
1147
1148         return 0;
1149 }
1150
1151 /* Get data from the previously sent command */
1152 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
1153 {
1154         struct hci_command_hdr *hdr;
1155
1156         if (!hdev->sent_cmd)
1157                 return NULL;
1158
1159         hdr = (void *) hdev->sent_cmd->data;
1160
1161         if (hdr->opcode != cpu_to_le16(opcode))
1162                 return NULL;
1163
1164         BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1165
1166         return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
1167 }
1168
1169 /* Send ACL data */
1170 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
1171 {
1172         struct hci_acl_hdr *hdr;
1173         int len = skb->len;
1174
1175         skb_push(skb, HCI_ACL_HDR_SIZE);
1176         skb_reset_transport_header(skb);
1177         hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
1178         hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
1179         hdr->dlen   = cpu_to_le16(len);
1180 }
1181
1182 int hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags)
1183 {
1184         struct hci_dev *hdev = conn->hdev;
1185         struct sk_buff *list;
1186
1187         BT_DBG("%s conn %p flags 0x%x", hdev->name, conn, flags);
1188
1189         skb->dev = (void *) hdev;
1190         bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1191         hci_add_acl_hdr(skb, conn->handle, flags | ACL_START);
1192
1193         if (!(list = skb_shinfo(skb)->frag_list)) {
1194                 /* Non fragmented */
1195                 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
1196
1197                 skb_queue_tail(&conn->data_q, skb);
1198         } else {
1199                 /* Fragmented */
1200                 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1201
1202                 skb_shinfo(skb)->frag_list = NULL;
1203
1204                 /* Queue all fragments atomically */
1205                 spin_lock_bh(&conn->data_q.lock);
1206
1207                 __skb_queue_tail(&conn->data_q, skb);
1208                 do {
1209                         skb = list; list = list->next;
1210
1211                         skb->dev = (void *) hdev;
1212                         bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1213                         hci_add_acl_hdr(skb, conn->handle, flags | ACL_CONT);
1214
1215                         BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1216
1217                         __skb_queue_tail(&conn->data_q, skb);
1218                 } while (list);
1219
1220                 spin_unlock_bh(&conn->data_q.lock);
1221         }
1222
1223         hci_sched_tx(hdev);
1224         return 0;
1225 }
1226 EXPORT_SYMBOL(hci_send_acl);
1227
1228 /* Send SCO data */
1229 int hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
1230 {
1231         struct hci_dev *hdev = conn->hdev;
1232         struct hci_sco_hdr hdr;
1233
1234         BT_DBG("%s len %d", hdev->name, skb->len);
1235
1236         if (skb->len > hdev->sco_mtu) {
1237                 kfree_skb(skb);
1238                 return -EINVAL;
1239         }
1240
1241         hdr.handle = cpu_to_le16(conn->handle);
1242         hdr.dlen   = skb->len;
1243
1244         skb_push(skb, HCI_SCO_HDR_SIZE);
1245         skb_reset_transport_header(skb);
1246         memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
1247
1248         skb->dev = (void *) hdev;
1249         bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
1250         skb_queue_tail(&conn->data_q, skb);
1251         hci_sched_tx(hdev);
1252         return 0;
1253 }
1254 EXPORT_SYMBOL(hci_send_sco);
1255
1256 /* ---- HCI TX task (outgoing data) ---- */
1257
1258 /* HCI Connection scheduler */
1259 static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
1260 {
1261         struct hci_conn_hash *h = &hdev->conn_hash;
1262         struct hci_conn *conn = NULL;
1263         int num = 0, min = ~0;
1264         struct list_head *p;
1265
1266         /* We don't have to lock device here. Connections are always
1267          * added and removed with TX task disabled. */
1268         list_for_each(p, &h->list) {
1269                 struct hci_conn *c;
1270                 c = list_entry(p, struct hci_conn, list);
1271
1272                 if (c->type != type || c->state != BT_CONNECTED
1273                                 || skb_queue_empty(&c->data_q))
1274                         continue;
1275                 num++;
1276
1277                 if (c->sent < min) {
1278                         min  = c->sent;
1279                         conn = c;
1280                 }
1281         }
1282
1283         if (conn) {
1284                 int cnt = (type == ACL_LINK ? hdev->acl_cnt : hdev->sco_cnt);
1285                 int q = cnt / num;
1286                 *quote = q ? q : 1;
1287         } else
1288                 *quote = 0;
1289
1290         BT_DBG("conn %p quote %d", conn, *quote);
1291         return conn;
1292 }
1293
1294 static inline void hci_acl_tx_to(struct hci_dev *hdev)
1295 {
1296         struct hci_conn_hash *h = &hdev->conn_hash;
1297         struct list_head *p;
1298         struct hci_conn  *c;
1299
1300         BT_ERR("%s ACL tx timeout", hdev->name);
1301
1302         /* Kill stalled connections */
1303         list_for_each(p, &h->list) {
1304                 c = list_entry(p, struct hci_conn, list);
1305                 if (c->type == ACL_LINK && c->sent) {
1306                         BT_ERR("%s killing stalled ACL connection %s",
1307                                 hdev->name, batostr(&c->dst));
1308                         hci_acl_disconn(c, 0x13);
1309                 }
1310         }
1311 }
1312
1313 static inline void hci_sched_acl(struct hci_dev *hdev)
1314 {
1315         struct hci_conn *conn;
1316         struct sk_buff *skb;
1317         int quote;
1318
1319         BT_DBG("%s", hdev->name);
1320
1321         if (!test_bit(HCI_RAW, &hdev->flags)) {
1322                 /* ACL tx timeout must be longer than maximum
1323                  * link supervision timeout (40.9 seconds) */
1324                 if (!hdev->acl_cnt && (jiffies - hdev->acl_last_tx) > (HZ * 45))
1325                         hci_acl_tx_to(hdev);
1326         }
1327
1328         while (hdev->acl_cnt && (conn = hci_low_sent(hdev, ACL_LINK, &quote))) {
1329                 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
1330                         BT_DBG("skb %p len %d", skb, skb->len);
1331
1332                         hci_conn_enter_active_mode(conn);
1333
1334                         hci_send_frame(skb);
1335                         hdev->acl_last_tx = jiffies;
1336
1337                         hdev->acl_cnt--;
1338                         conn->sent++;
1339                 }
1340         }
1341 }
1342
1343 /* Schedule SCO */
1344 static inline void hci_sched_sco(struct hci_dev *hdev)
1345 {
1346         struct hci_conn *conn;
1347         struct sk_buff *skb;
1348         int quote;
1349
1350         BT_DBG("%s", hdev->name);
1351
1352         while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, &quote))) {
1353                 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
1354                         BT_DBG("skb %p len %d", skb, skb->len);
1355                         hci_send_frame(skb);
1356
1357                         conn->sent++;
1358                         if (conn->sent == ~0)
1359                                 conn->sent = 0;
1360                 }
1361         }
1362 }
1363
1364 static inline void hci_sched_esco(struct hci_dev *hdev)
1365 {
1366         struct hci_conn *conn;
1367         struct sk_buff *skb;
1368         int quote;
1369
1370         BT_DBG("%s", hdev->name);
1371
1372         while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, &quote))) {
1373                 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
1374                         BT_DBG("skb %p len %d", skb, skb->len);
1375                         hci_send_frame(skb);
1376
1377                         conn->sent++;
1378                         if (conn->sent == ~0)
1379                                 conn->sent = 0;
1380                 }
1381         }
1382 }
1383
1384 static void hci_tx_task(unsigned long arg)
1385 {
1386         struct hci_dev *hdev = (struct hci_dev *) arg;
1387         struct sk_buff *skb;
1388
1389         read_lock(&hci_task_lock);
1390
1391         BT_DBG("%s acl %d sco %d", hdev->name, hdev->acl_cnt, hdev->sco_cnt);
1392
1393         /* Schedule queues and send stuff to HCI driver */
1394
1395         hci_sched_acl(hdev);
1396
1397         hci_sched_sco(hdev);
1398
1399         hci_sched_esco(hdev);
1400
1401         /* Send next queued raw (unknown type) packet */
1402         while ((skb = skb_dequeue(&hdev->raw_q)))
1403                 hci_send_frame(skb);
1404
1405         read_unlock(&hci_task_lock);
1406 }
1407
1408 /* ----- HCI RX task (incoming data proccessing) ----- */
1409
1410 /* ACL data packet */
1411 static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
1412 {
1413         struct hci_acl_hdr *hdr = (void *) skb->data;
1414         struct hci_conn *conn;
1415         __u16 handle, flags;
1416
1417         skb_pull(skb, HCI_ACL_HDR_SIZE);
1418
1419         handle = __le16_to_cpu(hdr->handle);
1420         flags  = hci_flags(handle);
1421         handle = hci_handle(handle);
1422
1423         BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
1424
1425         hdev->stat.acl_rx++;
1426
1427         hci_dev_lock(hdev);
1428         conn = hci_conn_hash_lookup_handle(hdev, handle);
1429         hci_dev_unlock(hdev);
1430
1431         if (conn) {
1432                 register struct hci_proto *hp;
1433
1434                 hci_conn_enter_active_mode(conn);
1435
1436                 /* Send to upper protocol */
1437                 if ((hp = hci_proto[HCI_PROTO_L2CAP]) && hp->recv_acldata) {
1438                         hp->recv_acldata(conn, skb, flags);
1439                         return;
1440                 }
1441         } else {
1442                 BT_ERR("%s ACL packet for unknown connection handle %d",
1443                         hdev->name, handle);
1444         }
1445
1446         kfree_skb(skb);
1447 }
1448
1449 /* SCO data packet */
1450 static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
1451 {
1452         struct hci_sco_hdr *hdr = (void *) skb->data;
1453         struct hci_conn *conn;
1454         __u16 handle;
1455
1456         skb_pull(skb, HCI_SCO_HDR_SIZE);
1457
1458         handle = __le16_to_cpu(hdr->handle);
1459
1460         BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
1461
1462         hdev->stat.sco_rx++;
1463
1464         hci_dev_lock(hdev);
1465         conn = hci_conn_hash_lookup_handle(hdev, handle);
1466         hci_dev_unlock(hdev);
1467
1468         if (conn) {
1469                 register struct hci_proto *hp;
1470
1471                 /* Send to upper protocol */
1472                 if ((hp = hci_proto[HCI_PROTO_SCO]) && hp->recv_scodata) {
1473                         hp->recv_scodata(conn, skb);
1474                         return;
1475                 }
1476         } else {
1477                 BT_ERR("%s SCO packet for unknown connection handle %d",
1478                         hdev->name, handle);
1479         }
1480
1481         kfree_skb(skb);
1482 }
1483
1484 static void hci_rx_task(unsigned long arg)
1485 {
1486         struct hci_dev *hdev = (struct hci_dev *) arg;
1487         struct sk_buff *skb;
1488
1489         BT_DBG("%s", hdev->name);
1490
1491         read_lock(&hci_task_lock);
1492
1493         while ((skb = skb_dequeue(&hdev->rx_q))) {
1494                 if (atomic_read(&hdev->promisc)) {
1495                         /* Send copy to the sockets */
1496                         hci_send_to_sock(hdev, skb);
1497                 }
1498
1499                 if (test_bit(HCI_RAW, &hdev->flags)) {
1500                         kfree_skb(skb);
1501                         continue;
1502                 }
1503
1504                 if (test_bit(HCI_INIT, &hdev->flags)) {
1505                         /* Don't process data packets in this states. */
1506                         switch (bt_cb(skb)->pkt_type) {
1507                         case HCI_ACLDATA_PKT:
1508                         case HCI_SCODATA_PKT:
1509                                 kfree_skb(skb);
1510                                 continue;
1511                         }
1512                 }
1513
1514                 /* Process frame */
1515                 switch (bt_cb(skb)->pkt_type) {
1516                 case HCI_EVENT_PKT:
1517                         hci_event_packet(hdev, skb);
1518                         break;
1519
1520                 case HCI_ACLDATA_PKT:
1521                         BT_DBG("%s ACL data packet", hdev->name);
1522                         hci_acldata_packet(hdev, skb);
1523                         break;
1524
1525                 case HCI_SCODATA_PKT:
1526                         BT_DBG("%s SCO data packet", hdev->name);
1527                         hci_scodata_packet(hdev, skb);
1528                         break;
1529
1530                 default:
1531                         kfree_skb(skb);
1532                         break;
1533                 }
1534         }
1535
1536         read_unlock(&hci_task_lock);
1537 }
1538
1539 static void hci_cmd_task(unsigned long arg)
1540 {
1541         struct hci_dev *hdev = (struct hci_dev *) arg;
1542         struct sk_buff *skb;
1543
1544         BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
1545
1546         if (!atomic_read(&hdev->cmd_cnt) && (jiffies - hdev->cmd_last_tx) > HZ) {
1547                 BT_ERR("%s command tx timeout", hdev->name);
1548                 atomic_set(&hdev->cmd_cnt, 1);
1549         }
1550
1551         /* Send queued commands */
1552         if (atomic_read(&hdev->cmd_cnt) && (skb = skb_dequeue(&hdev->cmd_q))) {
1553                 if (hdev->sent_cmd)
1554                         kfree_skb(hdev->sent_cmd);
1555
1556                 if ((hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC))) {
1557                         atomic_dec(&hdev->cmd_cnt);
1558                         hci_send_frame(skb);
1559                         hdev->cmd_last_tx = jiffies;
1560                 } else {
1561                         skb_queue_head(&hdev->cmd_q, skb);
1562                         hci_sched_cmd(hdev);
1563                 }
1564         }
1565 }