1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#include <linux/sched/signal.h>
25
26#include <net/bluetooth/bluetooth.h>
27#include <net/bluetooth/hci_core.h>
28#include <net/bluetooth/mgmt.h>
29
30#include "smp.h"
31#include "hci_request.h"
32
33#define HCI_REQ_DONE 0
34#define HCI_REQ_PEND 1
35#define HCI_REQ_CANCELED 2
36
37void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
38{
39 skb_queue_head_init(&req->cmd_q);
40 req->hdev = hdev;
41 req->err = 0;
42}
43
44void hci_req_purge(struct hci_request *req)
45{
46 skb_queue_purge(&req->cmd_q);
47}
48
49static int req_run(struct hci_request *req, hci_req_complete_t complete,
50 hci_req_complete_skb_t complete_skb)
51{
52 struct hci_dev *hdev = req->hdev;
53 struct sk_buff *skb;
54 unsigned long flags;
55
56 BT_DBG("length %u", skb_queue_len(&req->cmd_q));
57
58
59
60
61 if (req->err) {
62 skb_queue_purge(&req->cmd_q);
63 return req->err;
64 }
65
66
67 if (skb_queue_empty(&req->cmd_q))
68 return -ENODATA;
69
70 skb = skb_peek_tail(&req->cmd_q);
71 if (complete) {
72 bt_cb(skb)->hci.req_complete = complete;
73 } else if (complete_skb) {
74 bt_cb(skb)->hci.req_complete_skb = complete_skb;
75 bt_cb(skb)->hci.req_flags |= HCI_REQ_SKB;
76 }
77
78 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
79 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
80 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
81
82 queue_work(hdev->workqueue, &hdev->cmd_work);
83
84 return 0;
85}
86
87int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
88{
89 return req_run(req, complete, NULL);
90}
91
92int hci_req_run_skb(struct hci_request *req, hci_req_complete_skb_t complete)
93{
94 return req_run(req, NULL, complete);
95}
96
97static void hci_req_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode,
98 struct sk_buff *skb)
99{
100 BT_DBG("%s result 0x%2.2x", hdev->name, result);
101
102 if (hdev->req_status == HCI_REQ_PEND) {
103 hdev->req_result = result;
104 hdev->req_status = HCI_REQ_DONE;
105 if (skb)
106 hdev->req_skb = skb_get(skb);
107 wake_up_interruptible(&hdev->req_wait_q);
108 }
109}
110
111void hci_req_sync_cancel(struct hci_dev *hdev, int err)
112{
113 BT_DBG("%s err 0x%2.2x", hdev->name, err);
114
115 if (hdev->req_status == HCI_REQ_PEND) {
116 hdev->req_result = err;
117 hdev->req_status = HCI_REQ_CANCELED;
118 wake_up_interruptible(&hdev->req_wait_q);
119 }
120}
121
122struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
123 const void *param, u8 event, u32 timeout)
124{
125 struct hci_request req;
126 struct sk_buff *skb;
127 int err = 0;
128
129 BT_DBG("%s", hdev->name);
130
131 hci_req_init(&req, hdev);
132
133 hci_req_add_ev(&req, opcode, plen, param, event);
134
135 hdev->req_status = HCI_REQ_PEND;
136
137 err = hci_req_run_skb(&req, hci_req_sync_complete);
138 if (err < 0)
139 return ERR_PTR(err);
140
141 err = wait_event_interruptible_timeout(hdev->req_wait_q,
142 hdev->req_status != HCI_REQ_PEND, timeout);
143
144 if (err == -ERESTARTSYS)
145 return ERR_PTR(-EINTR);
146
147 switch (hdev->req_status) {
148 case HCI_REQ_DONE:
149 err = -bt_to_errno(hdev->req_result);
150 break;
151
152 case HCI_REQ_CANCELED:
153 err = -hdev->req_result;
154 break;
155
156 default:
157 err = -ETIMEDOUT;
158 break;
159 }
160
161 hdev->req_status = hdev->req_result = 0;
162 skb = hdev->req_skb;
163 hdev->req_skb = NULL;
164
165 BT_DBG("%s end: err %d", hdev->name, err);
166
167 if (err < 0) {
168 kfree_skb(skb);
169 return ERR_PTR(err);
170 }
171
172 if (!skb)
173 return ERR_PTR(-ENODATA);
174
175 return skb;
176}
177EXPORT_SYMBOL(__hci_cmd_sync_ev);
178
179struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
180 const void *param, u32 timeout)
181{
182 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
183}
184EXPORT_SYMBOL(__hci_cmd_sync);
185
186
187int __hci_req_sync(struct hci_dev *hdev, int (*func)(struct hci_request *req,
188 unsigned long opt),
189 unsigned long opt, u32 timeout, u8 *hci_status)
190{
191 struct hci_request req;
192 int err = 0;
193
194 BT_DBG("%s start", hdev->name);
195
196 hci_req_init(&req, hdev);
197
198 hdev->req_status = HCI_REQ_PEND;
199
200 err = func(&req, opt);
201 if (err) {
202 if (hci_status)
203 *hci_status = HCI_ERROR_UNSPECIFIED;
204 return err;
205 }
206
207 err = hci_req_run_skb(&req, hci_req_sync_complete);
208 if (err < 0) {
209 hdev->req_status = 0;
210
211
212
213
214
215
216 if (err == -ENODATA) {
217 if (hci_status)
218 *hci_status = 0;
219 return 0;
220 }
221
222 if (hci_status)
223 *hci_status = HCI_ERROR_UNSPECIFIED;
224
225 return err;
226 }
227
228 err = wait_event_interruptible_timeout(hdev->req_wait_q,
229 hdev->req_status != HCI_REQ_PEND, timeout);
230
231 if (err == -ERESTARTSYS)
232 return -EINTR;
233
234 switch (hdev->req_status) {
235 case HCI_REQ_DONE:
236 err = -bt_to_errno(hdev->req_result);
237 if (hci_status)
238 *hci_status = hdev->req_result;
239 break;
240
241 case HCI_REQ_CANCELED:
242 err = -hdev->req_result;
243 if (hci_status)
244 *hci_status = HCI_ERROR_UNSPECIFIED;
245 break;
246
247 default:
248 err = -ETIMEDOUT;
249 if (hci_status)
250 *hci_status = HCI_ERROR_UNSPECIFIED;
251 break;
252 }
253
254 kfree_skb(hdev->req_skb);
255 hdev->req_skb = NULL;
256 hdev->req_status = hdev->req_result = 0;
257
258 BT_DBG("%s end: err %d", hdev->name, err);
259
260 return err;
261}
262
263int hci_req_sync(struct hci_dev *hdev, int (*req)(struct hci_request *req,
264 unsigned long opt),
265 unsigned long opt, u32 timeout, u8 *hci_status)
266{
267 int ret;
268
269 if (!test_bit(HCI_UP, &hdev->flags))
270 return -ENETDOWN;
271
272
273 hci_req_sync_lock(hdev);
274 ret = __hci_req_sync(hdev, req, opt, timeout, hci_status);
275 hci_req_sync_unlock(hdev);
276
277 return ret;
278}
279
280struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode, u32 plen,
281 const void *param)
282{
283 int len = HCI_COMMAND_HDR_SIZE + plen;
284 struct hci_command_hdr *hdr;
285 struct sk_buff *skb;
286
287 skb = bt_skb_alloc(len, GFP_ATOMIC);
288 if (!skb)
289 return NULL;
290
291 hdr = skb_put(skb, HCI_COMMAND_HDR_SIZE);
292 hdr->opcode = cpu_to_le16(opcode);
293 hdr->plen = plen;
294
295 if (plen)
296 skb_put_data(skb, param, plen);
297
298 BT_DBG("skb len %d", skb->len);
299
300 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
301 hci_skb_opcode(skb) = opcode;
302
303 return skb;
304}
305
306
307void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
308 const void *param, u8 event)
309{
310 struct hci_dev *hdev = req->hdev;
311 struct sk_buff *skb;
312
313 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
314
315
316
317
318 if (req->err)
319 return;
320
321 skb = hci_prepare_cmd(hdev, opcode, plen, param);
322 if (!skb) {
323 bt_dev_err(hdev, "no memory for command (opcode 0x%4.4x)",
324 opcode);
325 req->err = -ENOMEM;
326 return;
327 }
328
329 if (skb_queue_empty(&req->cmd_q))
330 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
331
332 bt_cb(skb)->hci.req_event = event;
333
334 skb_queue_tail(&req->cmd_q, skb);
335}
336
337void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
338 const void *param)
339{
340 hci_req_add_ev(req, opcode, plen, param, 0);
341}
342
343void __hci_req_write_fast_connectable(struct hci_request *req, bool enable)
344{
345 struct hci_dev *hdev = req->hdev;
346 struct hci_cp_write_page_scan_activity acp;
347 u8 type;
348
349 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
350 return;
351
352 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
353 return;
354
355 if (enable) {
356 type = PAGE_SCAN_TYPE_INTERLACED;
357
358
359 acp.interval = cpu_to_le16(0x0100);
360 } else {
361 type = PAGE_SCAN_TYPE_STANDARD;
362
363
364 acp.interval = cpu_to_le16(0x0800);
365 }
366
367 acp.window = cpu_to_le16(0x0012);
368
369 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
370 __cpu_to_le16(hdev->page_scan_window) != acp.window)
371 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
372 sizeof(acp), &acp);
373
374 if (hdev->page_scan_type != type)
375 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
376}
377
378
379
380
381
382
383
384static void __hci_update_background_scan(struct hci_request *req)
385{
386 struct hci_dev *hdev = req->hdev;
387
388 if (!test_bit(HCI_UP, &hdev->flags) ||
389 test_bit(HCI_INIT, &hdev->flags) ||
390 hci_dev_test_flag(hdev, HCI_SETUP) ||
391 hci_dev_test_flag(hdev, HCI_CONFIG) ||
392 hci_dev_test_flag(hdev, HCI_AUTO_OFF) ||
393 hci_dev_test_flag(hdev, HCI_UNREGISTER))
394 return;
395
396
397 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
398 return;
399
400
401 if (hdev->discovery.state != DISCOVERY_STOPPED)
402 return;
403
404
405
406
407
408
409
410
411 hci_discovery_filter_clear(hdev);
412
413 if (list_empty(&hdev->pend_le_conns) &&
414 list_empty(&hdev->pend_le_reports)) {
415
416
417
418
419
420
421 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
422 return;
423
424 hci_req_add_le_scan_disable(req);
425
426 BT_DBG("%s stopping background scanning", hdev->name);
427 } else {
428
429
430
431
432
433
434
435
436 if (hci_lookup_le_connect(hdev))
437 return;
438
439
440
441
442 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
443 hci_req_add_le_scan_disable(req);
444
445 hci_req_add_le_passive_scan(req);
446
447 BT_DBG("%s starting background scanning", hdev->name);
448 }
449}
450
451void __hci_req_update_name(struct hci_request *req)
452{
453 struct hci_dev *hdev = req->hdev;
454 struct hci_cp_write_local_name cp;
455
456 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
457
458 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
459}
460
461#define PNP_INFO_SVCLASS_ID 0x1200
462
463static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
464{
465 u8 *ptr = data, *uuids_start = NULL;
466 struct bt_uuid *uuid;
467
468 if (len < 4)
469 return ptr;
470
471 list_for_each_entry(uuid, &hdev->uuids, list) {
472 u16 uuid16;
473
474 if (uuid->size != 16)
475 continue;
476
477 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
478 if (uuid16 < 0x1100)
479 continue;
480
481 if (uuid16 == PNP_INFO_SVCLASS_ID)
482 continue;
483
484 if (!uuids_start) {
485 uuids_start = ptr;
486 uuids_start[0] = 1;
487 uuids_start[1] = EIR_UUID16_ALL;
488 ptr += 2;
489 }
490
491
492 if ((ptr - data) + sizeof(u16) > len) {
493 uuids_start[1] = EIR_UUID16_SOME;
494 break;
495 }
496
497 *ptr++ = (uuid16 & 0x00ff);
498 *ptr++ = (uuid16 & 0xff00) >> 8;
499 uuids_start[0] += sizeof(uuid16);
500 }
501
502 return ptr;
503}
504
505static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
506{
507 u8 *ptr = data, *uuids_start = NULL;
508 struct bt_uuid *uuid;
509
510 if (len < 6)
511 return ptr;
512
513 list_for_each_entry(uuid, &hdev->uuids, list) {
514 if (uuid->size != 32)
515 continue;
516
517 if (!uuids_start) {
518 uuids_start = ptr;
519 uuids_start[0] = 1;
520 uuids_start[1] = EIR_UUID32_ALL;
521 ptr += 2;
522 }
523
524
525 if ((ptr - data) + sizeof(u32) > len) {
526 uuids_start[1] = EIR_UUID32_SOME;
527 break;
528 }
529
530 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
531 ptr += sizeof(u32);
532 uuids_start[0] += sizeof(u32);
533 }
534
535 return ptr;
536}
537
538static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
539{
540 u8 *ptr = data, *uuids_start = NULL;
541 struct bt_uuid *uuid;
542
543 if (len < 18)
544 return ptr;
545
546 list_for_each_entry(uuid, &hdev->uuids, list) {
547 if (uuid->size != 128)
548 continue;
549
550 if (!uuids_start) {
551 uuids_start = ptr;
552 uuids_start[0] = 1;
553 uuids_start[1] = EIR_UUID128_ALL;
554 ptr += 2;
555 }
556
557
558 if ((ptr - data) + 16 > len) {
559 uuids_start[1] = EIR_UUID128_SOME;
560 break;
561 }
562
563 memcpy(ptr, uuid->uuid, 16);
564 ptr += 16;
565 uuids_start[0] += 16;
566 }
567
568 return ptr;
569}
570
571static void create_eir(struct hci_dev *hdev, u8 *data)
572{
573 u8 *ptr = data;
574 size_t name_len;
575
576 name_len = strlen(hdev->dev_name);
577
578 if (name_len > 0) {
579
580 if (name_len > 48) {
581 name_len = 48;
582 ptr[1] = EIR_NAME_SHORT;
583 } else
584 ptr[1] = EIR_NAME_COMPLETE;
585
586
587 ptr[0] = name_len + 1;
588
589 memcpy(ptr + 2, hdev->dev_name, name_len);
590
591 ptr += (name_len + 2);
592 }
593
594 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
595 ptr[0] = 2;
596 ptr[1] = EIR_TX_POWER;
597 ptr[2] = (u8) hdev->inq_tx_power;
598
599 ptr += 3;
600 }
601
602 if (hdev->devid_source > 0) {
603 ptr[0] = 9;
604 ptr[1] = EIR_DEVICE_ID;
605
606 put_unaligned_le16(hdev->devid_source, ptr + 2);
607 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
608 put_unaligned_le16(hdev->devid_product, ptr + 6);
609 put_unaligned_le16(hdev->devid_version, ptr + 8);
610
611 ptr += 10;
612 }
613
614 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
615 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
616 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
617}
618
619void __hci_req_update_eir(struct hci_request *req)
620{
621 struct hci_dev *hdev = req->hdev;
622 struct hci_cp_write_eir cp;
623
624 if (!hdev_is_powered(hdev))
625 return;
626
627 if (!lmp_ext_inq_capable(hdev))
628 return;
629
630 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
631 return;
632
633 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
634 return;
635
636 memset(&cp, 0, sizeof(cp));
637
638 create_eir(hdev, cp.data);
639
640 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
641 return;
642
643 memcpy(hdev->eir, cp.data, sizeof(cp.data));
644
645 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
646}
647
648void hci_req_add_le_scan_disable(struct hci_request *req)
649{
650 struct hci_dev *hdev = req->hdev;
651
652 if (use_ext_scan(hdev)) {
653 struct hci_cp_le_set_ext_scan_enable cp;
654
655 memset(&cp, 0, sizeof(cp));
656 cp.enable = LE_SCAN_DISABLE;
657 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE, sizeof(cp),
658 &cp);
659 } else {
660 struct hci_cp_le_set_scan_enable cp;
661
662 memset(&cp, 0, sizeof(cp));
663 cp.enable = LE_SCAN_DISABLE;
664 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
665 }
666}
667
668static void add_to_white_list(struct hci_request *req,
669 struct hci_conn_params *params)
670{
671 struct hci_cp_le_add_to_white_list cp;
672
673 cp.bdaddr_type = params->addr_type;
674 bacpy(&cp.bdaddr, ¶ms->addr);
675
676 hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp);
677}
678
679static u8 update_white_list(struct hci_request *req)
680{
681 struct hci_dev *hdev = req->hdev;
682 struct hci_conn_params *params;
683 struct bdaddr_list *b;
684 uint8_t white_list_entries = 0;
685
686
687
688
689
690
691
692 list_for_each_entry(b, &hdev->le_white_list, list) {
693
694
695
696 if (!hci_pend_le_action_lookup(&hdev->pend_le_conns,
697 &b->bdaddr, b->bdaddr_type) &&
698 !hci_pend_le_action_lookup(&hdev->pend_le_reports,
699 &b->bdaddr, b->bdaddr_type)) {
700 struct hci_cp_le_del_from_white_list cp;
701
702 cp.bdaddr_type = b->bdaddr_type;
703 bacpy(&cp.bdaddr, &b->bdaddr);
704
705 hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST,
706 sizeof(cp), &cp);
707 continue;
708 }
709
710 if (hci_find_irk_by_addr(hdev, &b->bdaddr, b->bdaddr_type)) {
711
712 return 0x00;
713 }
714
715 white_list_entries++;
716 }
717
718
719
720
721
722
723
724
725
726
727
728 list_for_each_entry(params, &hdev->pend_le_conns, action) {
729 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
730 ¶ms->addr, params->addr_type))
731 continue;
732
733 if (white_list_entries >= hdev->le_white_list_size) {
734
735 return 0x00;
736 }
737
738 if (hci_find_irk_by_addr(hdev, ¶ms->addr,
739 params->addr_type)) {
740
741 return 0x00;
742 }
743
744 white_list_entries++;
745 add_to_white_list(req, params);
746 }
747
748
749
750
751
752 list_for_each_entry(params, &hdev->pend_le_reports, action) {
753 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
754 ¶ms->addr, params->addr_type))
755 continue;
756
757 if (white_list_entries >= hdev->le_white_list_size) {
758
759 return 0x00;
760 }
761
762 if (hci_find_irk_by_addr(hdev, ¶ms->addr,
763 params->addr_type)) {
764
765 return 0x00;
766 }
767
768 white_list_entries++;
769 add_to_white_list(req, params);
770 }
771
772
773 return 0x01;
774}
775
776static bool scan_use_rpa(struct hci_dev *hdev)
777{
778 return hci_dev_test_flag(hdev, HCI_PRIVACY);
779}
780
781static void hci_req_start_scan(struct hci_request *req, u8 type, u16 interval,
782 u16 window, u8 own_addr_type, u8 filter_policy)
783{
784 struct hci_dev *hdev = req->hdev;
785
786
787
788
789 if (use_ext_scan(hdev)) {
790 struct hci_cp_le_set_ext_scan_params *ext_param_cp;
791 struct hci_cp_le_set_ext_scan_enable ext_enable_cp;
792 struct hci_cp_le_scan_phy_params *phy_params;
793 u8 data[sizeof(*ext_param_cp) + sizeof(*phy_params) * 2];
794 u32 plen;
795
796 ext_param_cp = (void *)data;
797 phy_params = (void *)ext_param_cp->data;
798
799 memset(ext_param_cp, 0, sizeof(*ext_param_cp));
800 ext_param_cp->own_addr_type = own_addr_type;
801 ext_param_cp->filter_policy = filter_policy;
802
803 plen = sizeof(*ext_param_cp);
804
805 if (scan_1m(hdev) || scan_2m(hdev)) {
806 ext_param_cp->scanning_phys |= LE_SCAN_PHY_1M;
807
808 memset(phy_params, 0, sizeof(*phy_params));
809 phy_params->type = type;
810 phy_params->interval = cpu_to_le16(interval);
811 phy_params->window = cpu_to_le16(window);
812
813 plen += sizeof(*phy_params);
814 phy_params++;
815 }
816
817 if (scan_coded(hdev)) {
818 ext_param_cp->scanning_phys |= LE_SCAN_PHY_CODED;
819
820 memset(phy_params, 0, sizeof(*phy_params));
821 phy_params->type = type;
822 phy_params->interval = cpu_to_le16(interval);
823 phy_params->window = cpu_to_le16(window);
824
825 plen += sizeof(*phy_params);
826 phy_params++;
827 }
828
829 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_PARAMS,
830 plen, ext_param_cp);
831
832 memset(&ext_enable_cp, 0, sizeof(ext_enable_cp));
833 ext_enable_cp.enable = LE_SCAN_ENABLE;
834 ext_enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
835
836 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE,
837 sizeof(ext_enable_cp), &ext_enable_cp);
838 } else {
839 struct hci_cp_le_set_scan_param param_cp;
840 struct hci_cp_le_set_scan_enable enable_cp;
841
842 memset(¶m_cp, 0, sizeof(param_cp));
843 param_cp.type = type;
844 param_cp.interval = cpu_to_le16(interval);
845 param_cp.window = cpu_to_le16(window);
846 param_cp.own_address_type = own_addr_type;
847 param_cp.filter_policy = filter_policy;
848 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
849 ¶m_cp);
850
851 memset(&enable_cp, 0, sizeof(enable_cp));
852 enable_cp.enable = LE_SCAN_ENABLE;
853 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
854 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
855 &enable_cp);
856 }
857}
858
859void hci_req_add_le_passive_scan(struct hci_request *req)
860{
861 struct hci_dev *hdev = req->hdev;
862 u8 own_addr_type;
863 u8 filter_policy;
864
865
866
867
868
869
870
871 if (hci_update_random_address(req, false, scan_use_rpa(hdev),
872 &own_addr_type))
873 return;
874
875
876
877
878
879 filter_policy = update_white_list(req);
880
881
882
883
884
885
886
887
888
889
890 if (hci_dev_test_flag(hdev, HCI_PRIVACY) &&
891 (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY))
892 filter_policy |= 0x02;
893
894 hci_req_start_scan(req, LE_SCAN_PASSIVE, hdev->le_scan_interval,
895 hdev->le_scan_window, own_addr_type, filter_policy);
896}
897
898static u8 get_adv_instance_scan_rsp_len(struct hci_dev *hdev, u8 instance)
899{
900 struct adv_info *adv_instance;
901
902
903 if (instance == 0x00)
904 return 0;
905
906 adv_instance = hci_find_adv_instance(hdev, instance);
907 if (!adv_instance)
908 return 0;
909
910
911
912
913 return adv_instance->scan_rsp_len;
914}
915
916static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev)
917{
918 u8 instance = hdev->cur_adv_instance;
919 struct adv_info *adv_instance;
920
921
922 if (instance == 0x00)
923 return 0;
924
925 adv_instance = hci_find_adv_instance(hdev, instance);
926 if (!adv_instance)
927 return 0;
928
929
930
931
932 return adv_instance->scan_rsp_len;
933}
934
935void __hci_req_disable_advertising(struct hci_request *req)
936{
937 if (ext_adv_capable(req->hdev)) {
938 struct hci_cp_le_set_ext_adv_enable cp;
939
940 cp.enable = 0x00;
941
942 cp.num_of_sets = 0x00;
943
944 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp), &cp);
945 } else {
946 u8 enable = 0x00;
947
948 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
949 }
950}
951
952static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
953{
954 u32 flags;
955 struct adv_info *adv_instance;
956
957 if (instance == 0x00) {
958
959
960
961 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
962
963
964
965
966 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
967 flags |= MGMT_ADV_FLAG_CONNECTABLE;
968
969 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
970 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
971 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
972 flags |= MGMT_ADV_FLAG_DISCOV;
973
974 return flags;
975 }
976
977 adv_instance = hci_find_adv_instance(hdev, instance);
978
979
980 if (!adv_instance)
981 return 0;
982
983 return adv_instance->flags;
984}
985
986static bool adv_use_rpa(struct hci_dev *hdev, uint32_t flags)
987{
988
989 if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
990 return false;
991
992
993 if (!hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
994 return true;
995
996
997
998
999 if ((flags & MGMT_ADV_FLAG_DISCOV) &&
1000 hci_dev_test_flag(hdev, HCI_BONDABLE))
1001 return false;
1002
1003
1004
1005
1006 return true;
1007}
1008
1009static bool is_advertising_allowed(struct hci_dev *hdev, bool connectable)
1010{
1011
1012 if (hci_conn_num(hdev, LE_LINK) == 0)
1013 return true;
1014
1015
1016 if (hdev->conn_hash.le_num_slave > 0) {
1017
1018 if (!connectable && !(hdev->le_states[2] & 0x10))
1019 return false;
1020
1021
1022
1023
1024 if (connectable && (!(hdev->le_states[4] & 0x40) ||
1025 !(hdev->le_states[2] & 0x20)))
1026 return false;
1027 }
1028
1029
1030 if (hci_conn_num(hdev, LE_LINK) != hdev->conn_hash.le_num_slave) {
1031
1032 if (!connectable && !(hdev->le_states[2] & 0x02))
1033 return false;
1034
1035
1036
1037
1038 if (connectable && (!(hdev->le_states[4] & 0x08) ||
1039 !(hdev->le_states[2] & 0x08)))
1040 return false;
1041 }
1042
1043 return true;
1044}
1045
1046void __hci_req_enable_advertising(struct hci_request *req)
1047{
1048 struct hci_dev *hdev = req->hdev;
1049 struct hci_cp_le_set_adv_param cp;
1050 u8 own_addr_type, enable = 0x01;
1051 bool connectable;
1052 u32 flags;
1053
1054 flags = get_adv_instance_flags(hdev, hdev->cur_adv_instance);
1055
1056
1057
1058
1059 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1060 mgmt_get_connectable(hdev);
1061
1062 if (!is_advertising_allowed(hdev, connectable))
1063 return;
1064
1065 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1066 __hci_req_disable_advertising(req);
1067
1068
1069
1070
1071
1072
1073 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1074
1075
1076
1077
1078
1079 if (hci_update_random_address(req, !connectable,
1080 adv_use_rpa(hdev, flags),
1081 &own_addr_type) < 0)
1082 return;
1083
1084 memset(&cp, 0, sizeof(cp));
1085 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1086 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1087
1088 if (connectable)
1089 cp.type = LE_ADV_IND;
1090 else if (get_cur_adv_instance_scan_rsp_len(hdev))
1091 cp.type = LE_ADV_SCAN_IND;
1092 else
1093 cp.type = LE_ADV_NONCONN_IND;
1094
1095 cp.own_address_type = own_addr_type;
1096 cp.channel_map = hdev->le_adv_channel_map;
1097
1098 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1099
1100 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1101}
1102
1103u8 append_local_name(struct hci_dev *hdev, u8 *ptr, u8 ad_len)
1104{
1105 size_t short_len;
1106 size_t complete_len;
1107
1108
1109 if ((HCI_MAX_AD_LENGTH - ad_len) < HCI_MAX_SHORT_NAME_LENGTH + 3)
1110 return ad_len;
1111
1112
1113 complete_len = strlen(hdev->dev_name);
1114 if (complete_len && complete_len <= HCI_MAX_SHORT_NAME_LENGTH)
1115 return eir_append_data(ptr, ad_len, EIR_NAME_COMPLETE,
1116 hdev->dev_name, complete_len + 1);
1117
1118
1119 short_len = strlen(hdev->short_name);
1120 if (short_len)
1121 return eir_append_data(ptr, ad_len, EIR_NAME_SHORT,
1122 hdev->short_name, short_len + 1);
1123
1124
1125
1126
1127 if (complete_len) {
1128 u8 name[HCI_MAX_SHORT_NAME_LENGTH + 1];
1129
1130 memcpy(name, hdev->dev_name, HCI_MAX_SHORT_NAME_LENGTH);
1131 name[HCI_MAX_SHORT_NAME_LENGTH] = '\0';
1132
1133 return eir_append_data(ptr, ad_len, EIR_NAME_SHORT, name,
1134 sizeof(name));
1135 }
1136
1137 return ad_len;
1138}
1139
1140static u8 append_appearance(struct hci_dev *hdev, u8 *ptr, u8 ad_len)
1141{
1142 return eir_append_le16(ptr, ad_len, EIR_APPEARANCE, hdev->appearance);
1143}
1144
1145static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
1146{
1147 u8 scan_rsp_len = 0;
1148
1149 if (hdev->appearance) {
1150 scan_rsp_len = append_appearance(hdev, ptr, scan_rsp_len);
1151 }
1152
1153 return append_local_name(hdev, ptr, scan_rsp_len);
1154}
1155
1156static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance,
1157 u8 *ptr)
1158{
1159 struct adv_info *adv_instance;
1160 u32 instance_flags;
1161 u8 scan_rsp_len = 0;
1162
1163 adv_instance = hci_find_adv_instance(hdev, instance);
1164 if (!adv_instance)
1165 return 0;
1166
1167 instance_flags = adv_instance->flags;
1168
1169 if ((instance_flags & MGMT_ADV_FLAG_APPEARANCE) && hdev->appearance) {
1170 scan_rsp_len = append_appearance(hdev, ptr, scan_rsp_len);
1171 }
1172
1173 memcpy(&ptr[scan_rsp_len], adv_instance->scan_rsp_data,
1174 adv_instance->scan_rsp_len);
1175
1176 scan_rsp_len += adv_instance->scan_rsp_len;
1177
1178 if (instance_flags & MGMT_ADV_FLAG_LOCAL_NAME)
1179 scan_rsp_len = append_local_name(hdev, ptr, scan_rsp_len);
1180
1181 return scan_rsp_len;
1182}
1183
1184void __hci_req_update_scan_rsp_data(struct hci_request *req, u8 instance)
1185{
1186 struct hci_dev *hdev = req->hdev;
1187 u8 len;
1188
1189 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1190 return;
1191
1192 if (ext_adv_capable(hdev)) {
1193 struct hci_cp_le_set_ext_scan_rsp_data cp;
1194
1195 memset(&cp, 0, sizeof(cp));
1196
1197 if (instance)
1198 len = create_instance_scan_rsp_data(hdev, instance,
1199 cp.data);
1200 else
1201 len = create_default_scan_rsp_data(hdev, cp.data);
1202
1203 if (hdev->scan_rsp_data_len == len &&
1204 !memcmp(cp.data, hdev->scan_rsp_data, len))
1205 return;
1206
1207 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
1208 hdev->scan_rsp_data_len = len;
1209
1210 cp.handle = 0;
1211 cp.length = len;
1212 cp.operation = LE_SET_ADV_DATA_OP_COMPLETE;
1213 cp.frag_pref = LE_SET_ADV_DATA_NO_FRAG;
1214
1215 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_RSP_DATA, sizeof(cp),
1216 &cp);
1217 } else {
1218 struct hci_cp_le_set_scan_rsp_data cp;
1219
1220 memset(&cp, 0, sizeof(cp));
1221
1222 if (instance)
1223 len = create_instance_scan_rsp_data(hdev, instance,
1224 cp.data);
1225 else
1226 len = create_default_scan_rsp_data(hdev, cp.data);
1227
1228 if (hdev->scan_rsp_data_len == len &&
1229 !memcmp(cp.data, hdev->scan_rsp_data, len))
1230 return;
1231
1232 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
1233 hdev->scan_rsp_data_len = len;
1234
1235 cp.length = len;
1236
1237 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
1238 }
1239}
1240
1241static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
1242{
1243 struct adv_info *adv_instance = NULL;
1244 u8 ad_len = 0, flags = 0;
1245 u32 instance_flags;
1246
1247
1248 if (instance) {
1249 adv_instance = hci_find_adv_instance(hdev, instance);
1250 if (!adv_instance)
1251 return 0;
1252 }
1253
1254 instance_flags = get_adv_instance_flags(hdev, instance);
1255
1256
1257
1258
1259 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
1260 flags |= LE_AD_GENERAL;
1261
1262 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
1263 flags |= LE_AD_LIMITED;
1264
1265 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1266 flags |= LE_AD_NO_BREDR;
1267
1268 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
1269
1270
1271
1272 if (!flags)
1273 flags |= mgmt_get_adv_discov_flags(hdev);
1274
1275
1276
1277
1278 if (flags) {
1279 ptr[0] = 0x02;
1280 ptr[1] = EIR_FLAGS;
1281 ptr[2] = flags;
1282
1283 ad_len += 3;
1284 ptr += 3;
1285 }
1286 }
1287
1288 if (adv_instance) {
1289 memcpy(ptr, adv_instance->adv_data,
1290 adv_instance->adv_data_len);
1291 ad_len += adv_instance->adv_data_len;
1292 ptr += adv_instance->adv_data_len;
1293 }
1294
1295 if (instance_flags & MGMT_ADV_FLAG_TX_POWER) {
1296 s8 adv_tx_power;
1297
1298 if (ext_adv_capable(hdev)) {
1299 if (adv_instance)
1300 adv_tx_power = adv_instance->tx_power;
1301 else
1302 adv_tx_power = hdev->adv_tx_power;
1303 } else {
1304 adv_tx_power = hdev->adv_tx_power;
1305 }
1306
1307
1308 if (adv_tx_power != HCI_TX_POWER_INVALID) {
1309 ptr[0] = 0x02;
1310 ptr[1] = EIR_TX_POWER;
1311 ptr[2] = (u8)adv_tx_power;
1312
1313 ad_len += 3;
1314 ptr += 3;
1315 }
1316 }
1317
1318 return ad_len;
1319}
1320
1321void __hci_req_update_adv_data(struct hci_request *req, u8 instance)
1322{
1323 struct hci_dev *hdev = req->hdev;
1324 u8 len;
1325
1326 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1327 return;
1328
1329 if (ext_adv_capable(hdev)) {
1330 struct hci_cp_le_set_ext_adv_data cp;
1331
1332 memset(&cp, 0, sizeof(cp));
1333
1334 len = create_instance_adv_data(hdev, instance, cp.data);
1335
1336
1337 if (hdev->adv_data_len == len &&
1338 memcmp(cp.data, hdev->adv_data, len) == 0)
1339 return;
1340
1341 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1342 hdev->adv_data_len = len;
1343
1344 cp.length = len;
1345 cp.handle = 0;
1346 cp.operation = LE_SET_ADV_DATA_OP_COMPLETE;
1347 cp.frag_pref = LE_SET_ADV_DATA_NO_FRAG;
1348
1349 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_DATA, sizeof(cp), &cp);
1350 } else {
1351 struct hci_cp_le_set_adv_data cp;
1352
1353 memset(&cp, 0, sizeof(cp));
1354
1355 len = create_instance_adv_data(hdev, instance, cp.data);
1356
1357
1358 if (hdev->adv_data_len == len &&
1359 memcmp(cp.data, hdev->adv_data, len) == 0)
1360 return;
1361
1362 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1363 hdev->adv_data_len = len;
1364
1365 cp.length = len;
1366
1367 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1368 }
1369}
1370
1371int hci_req_update_adv_data(struct hci_dev *hdev, u8 instance)
1372{
1373 struct hci_request req;
1374
1375 hci_req_init(&req, hdev);
1376 __hci_req_update_adv_data(&req, instance);
1377
1378 return hci_req_run(&req, NULL);
1379}
1380
1381static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1382{
1383 BT_DBG("%s status %u", hdev->name, status);
1384}
1385
1386void hci_req_reenable_advertising(struct hci_dev *hdev)
1387{
1388 struct hci_request req;
1389
1390 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1391 list_empty(&hdev->adv_instances))
1392 return;
1393
1394 hci_req_init(&req, hdev);
1395
1396 if (hdev->cur_adv_instance) {
1397 __hci_req_schedule_adv_instance(&req, hdev->cur_adv_instance,
1398 true);
1399 } else {
1400 if (ext_adv_capable(hdev)) {
1401 __hci_req_start_ext_adv(&req, 0x00);
1402 } else {
1403 __hci_req_update_adv_data(&req, 0x00);
1404 __hci_req_update_scan_rsp_data(&req, 0x00);
1405 __hci_req_enable_advertising(&req);
1406 }
1407 }
1408
1409 hci_req_run(&req, adv_enable_complete);
1410}
1411
1412static void adv_timeout_expire(struct work_struct *work)
1413{
1414 struct hci_dev *hdev = container_of(work, struct hci_dev,
1415 adv_instance_expire.work);
1416
1417 struct hci_request req;
1418 u8 instance;
1419
1420 BT_DBG("%s", hdev->name);
1421
1422 hci_dev_lock(hdev);
1423
1424 hdev->adv_instance_timeout = 0;
1425
1426 instance = hdev->cur_adv_instance;
1427 if (instance == 0x00)
1428 goto unlock;
1429
1430 hci_req_init(&req, hdev);
1431
1432 hci_req_clear_adv_instance(hdev, NULL, &req, instance, false);
1433
1434 if (list_empty(&hdev->adv_instances))
1435 __hci_req_disable_advertising(&req);
1436
1437 hci_req_run(&req, NULL);
1438
1439unlock:
1440 hci_dev_unlock(hdev);
1441}
1442
1443int hci_get_random_address(struct hci_dev *hdev, bool require_privacy,
1444 bool use_rpa, struct adv_info *adv_instance,
1445 u8 *own_addr_type, bdaddr_t *rand_addr)
1446{
1447 int err;
1448
1449 bacpy(rand_addr, BDADDR_ANY);
1450
1451
1452
1453
1454 if (use_rpa) {
1455 int to;
1456
1457 *own_addr_type = ADDR_LE_DEV_RANDOM;
1458
1459 if (adv_instance) {
1460 if (!adv_instance->rpa_expired &&
1461 !bacmp(&adv_instance->random_addr, &hdev->rpa))
1462 return 0;
1463
1464 adv_instance->rpa_expired = false;
1465 } else {
1466 if (!hci_dev_test_and_clear_flag(hdev, HCI_RPA_EXPIRED) &&
1467 !bacmp(&hdev->random_addr, &hdev->rpa))
1468 return 0;
1469 }
1470
1471 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
1472 if (err < 0) {
1473 BT_ERR("%s failed to generate new RPA", hdev->name);
1474 return err;
1475 }
1476
1477 bacpy(rand_addr, &hdev->rpa);
1478
1479 to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
1480 if (adv_instance)
1481 queue_delayed_work(hdev->workqueue,
1482 &adv_instance->rpa_expired_cb, to);
1483 else
1484 queue_delayed_work(hdev->workqueue,
1485 &hdev->rpa_expired, to);
1486
1487 return 0;
1488 }
1489
1490
1491
1492
1493
1494 if (require_privacy) {
1495 bdaddr_t nrpa;
1496
1497 while (true) {
1498
1499
1500
1501
1502 get_random_bytes(&nrpa, 6);
1503 nrpa.b[5] &= 0x3f;
1504
1505
1506
1507
1508 if (bacmp(&hdev->bdaddr, &nrpa))
1509 break;
1510 }
1511
1512 *own_addr_type = ADDR_LE_DEV_RANDOM;
1513 bacpy(rand_addr, &nrpa);
1514
1515 return 0;
1516 }
1517
1518
1519 *own_addr_type = ADDR_LE_DEV_PUBLIC;
1520
1521 return 0;
1522}
1523
1524void __hci_req_clear_ext_adv_sets(struct hci_request *req)
1525{
1526 hci_req_add(req, HCI_OP_LE_CLEAR_ADV_SETS, 0, NULL);
1527}
1528
1529int __hci_req_setup_ext_adv_instance(struct hci_request *req, u8 instance)
1530{
1531 struct hci_cp_le_set_ext_adv_params cp;
1532 struct hci_dev *hdev = req->hdev;
1533 bool connectable;
1534 u32 flags;
1535 bdaddr_t random_addr;
1536 u8 own_addr_type;
1537 int err;
1538 struct adv_info *adv_instance;
1539 bool secondary_adv;
1540
1541 const u8 adv_interval[3] = { 0x00, 0x08, 0x00 };
1542
1543 if (instance > 0) {
1544 adv_instance = hci_find_adv_instance(hdev, instance);
1545 if (!adv_instance)
1546 return -EINVAL;
1547 } else {
1548 adv_instance = NULL;
1549 }
1550
1551 flags = get_adv_instance_flags(hdev, instance);
1552
1553
1554
1555
1556 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1557 mgmt_get_connectable(hdev);
1558
1559 if (!is_advertising_allowed(hdev, connectable))
1560 return -EPERM;
1561
1562
1563
1564
1565
1566 err = hci_get_random_address(hdev, !connectable,
1567 adv_use_rpa(hdev, flags), adv_instance,
1568 &own_addr_type, &random_addr);
1569 if (err < 0)
1570 return err;
1571
1572 memset(&cp, 0, sizeof(cp));
1573
1574 memcpy(cp.min_interval, adv_interval, sizeof(cp.min_interval));
1575 memcpy(cp.max_interval, adv_interval, sizeof(cp.max_interval));
1576
1577 secondary_adv = (flags & MGMT_ADV_FLAG_SEC_MASK);
1578
1579 if (connectable) {
1580 if (secondary_adv)
1581 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_CONN_IND);
1582 else
1583 cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_IND);
1584 } else if (get_adv_instance_scan_rsp_len(hdev, instance)) {
1585 if (secondary_adv)
1586 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_SCAN_IND);
1587 else
1588 cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_SCAN_IND);
1589 } else {
1590 if (secondary_adv)
1591 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_NON_CONN_IND);
1592 else
1593 cp.evt_properties = cpu_to_le16(LE_LEGACY_NONCONN_IND);
1594 }
1595
1596 cp.own_addr_type = own_addr_type;
1597 cp.channel_map = hdev->le_adv_channel_map;
1598 cp.tx_power = 127;
1599 cp.handle = 0;
1600
1601 if (flags & MGMT_ADV_FLAG_SEC_2M) {
1602 cp.primary_phy = HCI_ADV_PHY_1M;
1603 cp.secondary_phy = HCI_ADV_PHY_2M;
1604 } else if (flags & MGMT_ADV_FLAG_SEC_CODED) {
1605 cp.primary_phy = HCI_ADV_PHY_CODED;
1606 cp.secondary_phy = HCI_ADV_PHY_CODED;
1607 } else {
1608
1609 cp.primary_phy = HCI_ADV_PHY_1M;
1610 cp.secondary_phy = HCI_ADV_PHY_1M;
1611 }
1612
1613 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_PARAMS, sizeof(cp), &cp);
1614
1615 if (own_addr_type == ADDR_LE_DEV_RANDOM &&
1616 bacmp(&random_addr, BDADDR_ANY)) {
1617 struct hci_cp_le_set_adv_set_rand_addr cp;
1618
1619
1620 if (adv_instance) {
1621 if (!bacmp(&random_addr, &adv_instance->random_addr))
1622 return 0;
1623 } else {
1624 if (!bacmp(&random_addr, &hdev->random_addr))
1625 return 0;
1626 }
1627
1628 memset(&cp, 0, sizeof(cp));
1629
1630 cp.handle = 0;
1631 bacpy(&cp.bdaddr, &random_addr);
1632
1633 hci_req_add(req,
1634 HCI_OP_LE_SET_ADV_SET_RAND_ADDR,
1635 sizeof(cp), &cp);
1636 }
1637
1638 return 0;
1639}
1640
1641void __hci_req_enable_ext_advertising(struct hci_request *req)
1642{
1643 struct hci_cp_le_set_ext_adv_enable *cp;
1644 struct hci_cp_ext_adv_set *adv_set;
1645 u8 data[sizeof(*cp) + sizeof(*adv_set) * 1];
1646
1647 cp = (void *) data;
1648 adv_set = (void *) cp->data;
1649
1650 memset(cp, 0, sizeof(*cp));
1651
1652 cp->enable = 0x01;
1653 cp->num_of_sets = 0x01;
1654
1655 memset(adv_set, 0, sizeof(*adv_set));
1656
1657 adv_set->handle = 0;
1658
1659 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_ENABLE,
1660 sizeof(*cp) + sizeof(*adv_set) * cp->num_of_sets,
1661 data);
1662}
1663
1664int __hci_req_start_ext_adv(struct hci_request *req, u8 instance)
1665{
1666 struct hci_dev *hdev = req->hdev;
1667 int err;
1668
1669 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1670 __hci_req_disable_advertising(req);
1671
1672 err = __hci_req_setup_ext_adv_instance(req, instance);
1673 if (err < 0)
1674 return err;
1675
1676 __hci_req_update_scan_rsp_data(req, instance);
1677 __hci_req_enable_ext_advertising(req);
1678
1679 return 0;
1680}
1681
1682int __hci_req_schedule_adv_instance(struct hci_request *req, u8 instance,
1683 bool force)
1684{
1685 struct hci_dev *hdev = req->hdev;
1686 struct adv_info *adv_instance = NULL;
1687 u16 timeout;
1688
1689 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1690 list_empty(&hdev->adv_instances))
1691 return -EPERM;
1692
1693 if (hdev->adv_instance_timeout)
1694 return -EBUSY;
1695
1696 adv_instance = hci_find_adv_instance(hdev, instance);
1697 if (!adv_instance)
1698 return -ENOENT;
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708 if (adv_instance->timeout == 0 ||
1709 adv_instance->duration <= adv_instance->remaining_time)
1710 timeout = adv_instance->duration;
1711 else
1712 timeout = adv_instance->remaining_time;
1713
1714
1715
1716
1717 if (adv_instance->timeout)
1718 adv_instance->remaining_time =
1719 adv_instance->remaining_time - timeout;
1720
1721 hdev->adv_instance_timeout = timeout;
1722 queue_delayed_work(hdev->req_workqueue,
1723 &hdev->adv_instance_expire,
1724 msecs_to_jiffies(timeout * 1000));
1725
1726
1727
1728
1729
1730 if (!force && hdev->cur_adv_instance == instance &&
1731 hci_dev_test_flag(hdev, HCI_LE_ADV))
1732 return 0;
1733
1734 hdev->cur_adv_instance = instance;
1735 if (ext_adv_capable(hdev)) {
1736 __hci_req_start_ext_adv(req, instance);
1737 } else {
1738 __hci_req_update_adv_data(req, instance);
1739 __hci_req_update_scan_rsp_data(req, instance);
1740 __hci_req_enable_advertising(req);
1741 }
1742
1743 return 0;
1744}
1745
1746static void cancel_adv_timeout(struct hci_dev *hdev)
1747{
1748 if (hdev->adv_instance_timeout) {
1749 hdev->adv_instance_timeout = 0;
1750 cancel_delayed_work(&hdev->adv_instance_expire);
1751 }
1752}
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765void hci_req_clear_adv_instance(struct hci_dev *hdev, struct sock *sk,
1766 struct hci_request *req, u8 instance,
1767 bool force)
1768{
1769 struct adv_info *adv_instance, *n, *next_instance = NULL;
1770 int err;
1771 u8 rem_inst;
1772
1773
1774 if (!instance || hdev->cur_adv_instance == instance)
1775 cancel_adv_timeout(hdev);
1776
1777
1778
1779
1780
1781 if (instance && hdev->cur_adv_instance == instance)
1782 next_instance = hci_get_next_instance(hdev, instance);
1783
1784 if (instance == 0x00) {
1785 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances,
1786 list) {
1787 if (!(force || adv_instance->timeout))
1788 continue;
1789
1790 rem_inst = adv_instance->instance;
1791 err = hci_remove_adv_instance(hdev, rem_inst);
1792 if (!err)
1793 mgmt_advertising_removed(sk, hdev, rem_inst);
1794 }
1795 } else {
1796 adv_instance = hci_find_adv_instance(hdev, instance);
1797
1798 if (force || (adv_instance && adv_instance->timeout &&
1799 !adv_instance->remaining_time)) {
1800
1801 if (next_instance &&
1802 next_instance->instance == instance)
1803 next_instance = NULL;
1804
1805 err = hci_remove_adv_instance(hdev, instance);
1806 if (!err)
1807 mgmt_advertising_removed(sk, hdev, instance);
1808 }
1809 }
1810
1811 if (!req || !hdev_is_powered(hdev) ||
1812 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1813 return;
1814
1815 if (next_instance)
1816 __hci_req_schedule_adv_instance(req, next_instance->instance,
1817 false);
1818}
1819
1820static void set_random_addr(struct hci_request *req, bdaddr_t *rpa)
1821{
1822 struct hci_dev *hdev = req->hdev;
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834 if (hci_dev_test_flag(hdev, HCI_LE_ADV) ||
1835 hci_lookup_le_connect(hdev)) {
1836 BT_DBG("Deferring random address update");
1837 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1838 return;
1839 }
1840
1841 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa);
1842}
1843
1844int hci_update_random_address(struct hci_request *req, bool require_privacy,
1845 bool use_rpa, u8 *own_addr_type)
1846{
1847 struct hci_dev *hdev = req->hdev;
1848 int err;
1849
1850
1851
1852
1853
1854 if (use_rpa) {
1855 int to;
1856
1857 *own_addr_type = ADDR_LE_DEV_RANDOM;
1858
1859 if (!hci_dev_test_and_clear_flag(hdev, HCI_RPA_EXPIRED) &&
1860 !bacmp(&hdev->random_addr, &hdev->rpa))
1861 return 0;
1862
1863 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
1864 if (err < 0) {
1865 bt_dev_err(hdev, "failed to generate new RPA");
1866 return err;
1867 }
1868
1869 set_random_addr(req, &hdev->rpa);
1870
1871 to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
1872 queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to);
1873
1874 return 0;
1875 }
1876
1877
1878
1879
1880
1881 if (require_privacy) {
1882 bdaddr_t nrpa;
1883
1884 while (true) {
1885
1886
1887
1888
1889 get_random_bytes(&nrpa, 6);
1890 nrpa.b[5] &= 0x3f;
1891
1892
1893
1894
1895 if (bacmp(&hdev->bdaddr, &nrpa))
1896 break;
1897 }
1898
1899 *own_addr_type = ADDR_LE_DEV_RANDOM;
1900 set_random_addr(req, &nrpa);
1901 return 0;
1902 }
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
1914 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
1915 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
1916 bacmp(&hdev->static_addr, BDADDR_ANY))) {
1917 *own_addr_type = ADDR_LE_DEV_RANDOM;
1918 if (bacmp(&hdev->static_addr, &hdev->random_addr))
1919 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
1920 &hdev->static_addr);
1921 return 0;
1922 }
1923
1924
1925
1926
1927 *own_addr_type = ADDR_LE_DEV_PUBLIC;
1928
1929 return 0;
1930}
1931
1932static bool disconnected_whitelist_entries(struct hci_dev *hdev)
1933{
1934 struct bdaddr_list *b;
1935
1936 list_for_each_entry(b, &hdev->whitelist, list) {
1937 struct hci_conn *conn;
1938
1939 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr);
1940 if (!conn)
1941 return true;
1942
1943 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
1944 return true;
1945 }
1946
1947 return false;
1948}
1949
1950void __hci_req_update_scan(struct hci_request *req)
1951{
1952 struct hci_dev *hdev = req->hdev;
1953 u8 scan;
1954
1955 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1956 return;
1957
1958 if (!hdev_is_powered(hdev))
1959 return;
1960
1961 if (mgmt_powering_down(hdev))
1962 return;
1963
1964 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE) ||
1965 disconnected_whitelist_entries(hdev))
1966 scan = SCAN_PAGE;
1967 else
1968 scan = SCAN_DISABLED;
1969
1970 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
1971 scan |= SCAN_INQUIRY;
1972
1973 if (test_bit(HCI_PSCAN, &hdev->flags) == !!(scan & SCAN_PAGE) &&
1974 test_bit(HCI_ISCAN, &hdev->flags) == !!(scan & SCAN_INQUIRY))
1975 return;
1976
1977 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1978}
1979
1980static int update_scan(struct hci_request *req, unsigned long opt)
1981{
1982 hci_dev_lock(req->hdev);
1983 __hci_req_update_scan(req);
1984 hci_dev_unlock(req->hdev);
1985 return 0;
1986}
1987
1988static void scan_update_work(struct work_struct *work)
1989{
1990 struct hci_dev *hdev = container_of(work, struct hci_dev, scan_update);
1991
1992 hci_req_sync(hdev, update_scan, 0, HCI_CMD_TIMEOUT, NULL);
1993}
1994
1995static int connectable_update(struct hci_request *req, unsigned long opt)
1996{
1997 struct hci_dev *hdev = req->hdev;
1998
1999 hci_dev_lock(hdev);
2000
2001 __hci_req_update_scan(req);
2002
2003
2004
2005
2006
2007 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2008 __hci_req_update_adv_data(req, hdev->cur_adv_instance);
2009
2010
2011 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2012 !list_empty(&hdev->adv_instances)) {
2013 if (ext_adv_capable(hdev))
2014 __hci_req_start_ext_adv(req, hdev->cur_adv_instance);
2015 else
2016 __hci_req_enable_advertising(req);
2017 }
2018
2019 __hci_update_background_scan(req);
2020
2021 hci_dev_unlock(hdev);
2022
2023 return 0;
2024}
2025
2026static void connectable_update_work(struct work_struct *work)
2027{
2028 struct hci_dev *hdev = container_of(work, struct hci_dev,
2029 connectable_update);
2030 u8 status;
2031
2032 hci_req_sync(hdev, connectable_update, 0, HCI_CMD_TIMEOUT, &status);
2033 mgmt_set_connectable_complete(hdev, status);
2034}
2035
2036static u8 get_service_classes(struct hci_dev *hdev)
2037{
2038 struct bt_uuid *uuid;
2039 u8 val = 0;
2040
2041 list_for_each_entry(uuid, &hdev->uuids, list)
2042 val |= uuid->svc_hint;
2043
2044 return val;
2045}
2046
2047void __hci_req_update_class(struct hci_request *req)
2048{
2049 struct hci_dev *hdev = req->hdev;
2050 u8 cod[3];
2051
2052 BT_DBG("%s", hdev->name);
2053
2054 if (!hdev_is_powered(hdev))
2055 return;
2056
2057 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2058 return;
2059
2060 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
2061 return;
2062
2063 cod[0] = hdev->minor_class;
2064 cod[1] = hdev->major_class;
2065 cod[2] = get_service_classes(hdev);
2066
2067 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
2068 cod[1] |= 0x20;
2069
2070 if (memcmp(cod, hdev->dev_class, 3) == 0)
2071 return;
2072
2073 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
2074}
2075
2076static void write_iac(struct hci_request *req)
2077{
2078 struct hci_dev *hdev = req->hdev;
2079 struct hci_cp_write_current_iac_lap cp;
2080
2081 if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
2082 return;
2083
2084 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) {
2085
2086 cp.num_iac = min_t(u8, hdev->num_iac, 2);
2087 cp.iac_lap[0] = 0x00;
2088 cp.iac_lap[1] = 0x8b;
2089 cp.iac_lap[2] = 0x9e;
2090 cp.iac_lap[3] = 0x33;
2091 cp.iac_lap[4] = 0x8b;
2092 cp.iac_lap[5] = 0x9e;
2093 } else {
2094
2095 cp.num_iac = 1;
2096 cp.iac_lap[0] = 0x33;
2097 cp.iac_lap[1] = 0x8b;
2098 cp.iac_lap[2] = 0x9e;
2099 }
2100
2101 hci_req_add(req, HCI_OP_WRITE_CURRENT_IAC_LAP,
2102 (cp.num_iac * 3) + 1, &cp);
2103}
2104
2105static int discoverable_update(struct hci_request *req, unsigned long opt)
2106{
2107 struct hci_dev *hdev = req->hdev;
2108
2109 hci_dev_lock(hdev);
2110
2111 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2112 write_iac(req);
2113 __hci_req_update_scan(req);
2114 __hci_req_update_class(req);
2115 }
2116
2117
2118
2119
2120 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2121 __hci_req_update_adv_data(req, 0x00);
2122
2123
2124
2125
2126 if (hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) {
2127 if (ext_adv_capable(hdev))
2128 __hci_req_start_ext_adv(req, 0x00);
2129 else
2130 __hci_req_enable_advertising(req);
2131 }
2132 }
2133
2134 hci_dev_unlock(hdev);
2135
2136 return 0;
2137}
2138
2139static void discoverable_update_work(struct work_struct *work)
2140{
2141 struct hci_dev *hdev = container_of(work, struct hci_dev,
2142 discoverable_update);
2143 u8 status;
2144
2145 hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, &status);
2146 mgmt_set_discoverable_complete(hdev, status);
2147}
2148
2149void __hci_abort_conn(struct hci_request *req, struct hci_conn *conn,
2150 u8 reason)
2151{
2152 switch (conn->state) {
2153 case BT_CONNECTED:
2154 case BT_CONFIG:
2155 if (conn->type == AMP_LINK) {
2156 struct hci_cp_disconn_phy_link cp;
2157
2158 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
2159 cp.reason = reason;
2160 hci_req_add(req, HCI_OP_DISCONN_PHY_LINK, sizeof(cp),
2161 &cp);
2162 } else {
2163 struct hci_cp_disconnect dc;
2164
2165 dc.handle = cpu_to_le16(conn->handle);
2166 dc.reason = reason;
2167 hci_req_add(req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2168 }
2169
2170 conn->state = BT_DISCONN;
2171
2172 break;
2173 case BT_CONNECT:
2174 if (conn->type == LE_LINK) {
2175 if (test_bit(HCI_CONN_SCANNING, &conn->flags))
2176 break;
2177 hci_req_add(req, HCI_OP_LE_CREATE_CONN_CANCEL,
2178 0, NULL);
2179 } else if (conn->type == ACL_LINK) {
2180 if (req->hdev->hci_ver < BLUETOOTH_VER_1_2)
2181 break;
2182 hci_req_add(req, HCI_OP_CREATE_CONN_CANCEL,
2183 6, &conn->dst);
2184 }
2185 break;
2186 case BT_CONNECT2:
2187 if (conn->type == ACL_LINK) {
2188 struct hci_cp_reject_conn_req rej;
2189
2190 bacpy(&rej.bdaddr, &conn->dst);
2191 rej.reason = reason;
2192
2193 hci_req_add(req, HCI_OP_REJECT_CONN_REQ,
2194 sizeof(rej), &rej);
2195 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
2196 struct hci_cp_reject_sync_conn_req rej;
2197
2198 bacpy(&rej.bdaddr, &conn->dst);
2199
2200
2201
2202
2203
2204
2205
2206 rej.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
2207
2208 hci_req_add(req, HCI_OP_REJECT_SYNC_CONN_REQ,
2209 sizeof(rej), &rej);
2210 }
2211 break;
2212 default:
2213 conn->state = BT_CLOSED;
2214 break;
2215 }
2216}
2217
2218static void abort_conn_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2219{
2220 if (status)
2221 BT_DBG("Failed to abort connection: status 0x%2.2x", status);
2222}
2223
2224int hci_abort_conn(struct hci_conn *conn, u8 reason)
2225{
2226 struct hci_request req;
2227 int err;
2228
2229 hci_req_init(&req, conn->hdev);
2230
2231 __hci_abort_conn(&req, conn, reason);
2232
2233 err = hci_req_run(&req, abort_conn_complete);
2234 if (err && err != -ENODATA) {
2235 bt_dev_err(conn->hdev, "failed to run HCI request: err %d", err);
2236 return err;
2237 }
2238
2239 return 0;
2240}
2241
2242static int update_bg_scan(struct hci_request *req, unsigned long opt)
2243{
2244 hci_dev_lock(req->hdev);
2245 __hci_update_background_scan(req);
2246 hci_dev_unlock(req->hdev);
2247 return 0;
2248}
2249
2250static void bg_scan_update(struct work_struct *work)
2251{
2252 struct hci_dev *hdev = container_of(work, struct hci_dev,
2253 bg_scan_update);
2254 struct hci_conn *conn;
2255 u8 status;
2256 int err;
2257
2258 err = hci_req_sync(hdev, update_bg_scan, 0, HCI_CMD_TIMEOUT, &status);
2259 if (!err)
2260 return;
2261
2262 hci_dev_lock(hdev);
2263
2264 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
2265 if (conn)
2266 hci_le_conn_failed(conn, status);
2267
2268 hci_dev_unlock(hdev);
2269}
2270
2271static int le_scan_disable(struct hci_request *req, unsigned long opt)
2272{
2273 hci_req_add_le_scan_disable(req);
2274 return 0;
2275}
2276
2277static int bredr_inquiry(struct hci_request *req, unsigned long opt)
2278{
2279 u8 length = opt;
2280 const u8 giac[3] = { 0x33, 0x8b, 0x9e };
2281 const u8 liac[3] = { 0x00, 0x8b, 0x9e };
2282 struct hci_cp_inquiry cp;
2283
2284 BT_DBG("%s", req->hdev->name);
2285
2286 hci_dev_lock(req->hdev);
2287 hci_inquiry_cache_flush(req->hdev);
2288 hci_dev_unlock(req->hdev);
2289
2290 memset(&cp, 0, sizeof(cp));
2291
2292 if (req->hdev->discovery.limited)
2293 memcpy(&cp.lap, liac, sizeof(cp.lap));
2294 else
2295 memcpy(&cp.lap, giac, sizeof(cp.lap));
2296
2297 cp.length = length;
2298
2299 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
2300
2301 return 0;
2302}
2303
2304static void le_scan_disable_work(struct work_struct *work)
2305{
2306 struct hci_dev *hdev = container_of(work, struct hci_dev,
2307 le_scan_disable.work);
2308 u8 status;
2309
2310 BT_DBG("%s", hdev->name);
2311
2312 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
2313 return;
2314
2315 cancel_delayed_work(&hdev->le_scan_restart);
2316
2317 hci_req_sync(hdev, le_scan_disable, 0, HCI_CMD_TIMEOUT, &status);
2318 if (status) {
2319 bt_dev_err(hdev, "failed to disable LE scan: status 0x%02x",
2320 status);
2321 return;
2322 }
2323
2324 hdev->discovery.scan_start = 0;
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334 if (hdev->discovery.type == DISCOV_TYPE_LE)
2335 goto discov_stopped;
2336
2337 if (hdev->discovery.type != DISCOV_TYPE_INTERLEAVED)
2338 return;
2339
2340 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks)) {
2341 if (!test_bit(HCI_INQUIRY, &hdev->flags) &&
2342 hdev->discovery.state != DISCOVERY_RESOLVING)
2343 goto discov_stopped;
2344
2345 return;
2346 }
2347
2348 hci_req_sync(hdev, bredr_inquiry, DISCOV_INTERLEAVED_INQUIRY_LEN,
2349 HCI_CMD_TIMEOUT, &status);
2350 if (status) {
2351 bt_dev_err(hdev, "inquiry failed: status 0x%02x", status);
2352 goto discov_stopped;
2353 }
2354
2355 return;
2356
2357discov_stopped:
2358 hci_dev_lock(hdev);
2359 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2360 hci_dev_unlock(hdev);
2361}
2362
2363static int le_scan_restart(struct hci_request *req, unsigned long opt)
2364{
2365 struct hci_dev *hdev = req->hdev;
2366
2367
2368 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
2369 return 0;
2370
2371 hci_req_add_le_scan_disable(req);
2372
2373 if (use_ext_scan(hdev)) {
2374 struct hci_cp_le_set_ext_scan_enable ext_enable_cp;
2375
2376 memset(&ext_enable_cp, 0, sizeof(ext_enable_cp));
2377 ext_enable_cp.enable = LE_SCAN_ENABLE;
2378 ext_enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2379
2380 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE,
2381 sizeof(ext_enable_cp), &ext_enable_cp);
2382 } else {
2383 struct hci_cp_le_set_scan_enable cp;
2384
2385 memset(&cp, 0, sizeof(cp));
2386 cp.enable = LE_SCAN_ENABLE;
2387 cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2388 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
2389 }
2390
2391 return 0;
2392}
2393
2394static void le_scan_restart_work(struct work_struct *work)
2395{
2396 struct hci_dev *hdev = container_of(work, struct hci_dev,
2397 le_scan_restart.work);
2398 unsigned long timeout, duration, scan_start, now;
2399 u8 status;
2400
2401 BT_DBG("%s", hdev->name);
2402
2403 hci_req_sync(hdev, le_scan_restart, 0, HCI_CMD_TIMEOUT, &status);
2404 if (status) {
2405 bt_dev_err(hdev, "failed to restart LE scan: status %d",
2406 status);
2407 return;
2408 }
2409
2410 hci_dev_lock(hdev);
2411
2412 if (!test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) ||
2413 !hdev->discovery.scan_start)
2414 goto unlock;
2415
2416
2417
2418
2419
2420
2421 duration = hdev->discovery.scan_duration;
2422 scan_start = hdev->discovery.scan_start;
2423 now = jiffies;
2424 if (now - scan_start <= duration) {
2425 int elapsed;
2426
2427 if (now >= scan_start)
2428 elapsed = now - scan_start;
2429 else
2430 elapsed = ULONG_MAX - scan_start + now;
2431
2432 timeout = duration - elapsed;
2433 } else {
2434 timeout = 0;
2435 }
2436
2437 queue_delayed_work(hdev->req_workqueue,
2438 &hdev->le_scan_disable, timeout);
2439
2440unlock:
2441 hci_dev_unlock(hdev);
2442}
2443
2444static int active_scan(struct hci_request *req, unsigned long opt)
2445{
2446 uint16_t interval = opt;
2447 struct hci_dev *hdev = req->hdev;
2448 u8 own_addr_type;
2449 int err;
2450
2451 BT_DBG("%s", hdev->name);
2452
2453 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
2454 hci_dev_lock(hdev);
2455
2456
2457
2458
2459 if (hci_lookup_le_connect(hdev)) {
2460 hci_dev_unlock(hdev);
2461 return -EBUSY;
2462 }
2463
2464 cancel_adv_timeout(hdev);
2465 hci_dev_unlock(hdev);
2466
2467 __hci_req_disable_advertising(req);
2468 }
2469
2470
2471
2472
2473
2474 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
2475 hci_req_add_le_scan_disable(req);
2476
2477
2478
2479
2480
2481 err = hci_update_random_address(req, true, scan_use_rpa(hdev),
2482 &own_addr_type);
2483 if (err < 0)
2484 own_addr_type = ADDR_LE_DEV_PUBLIC;
2485
2486 hci_req_start_scan(req, LE_SCAN_ACTIVE, interval, DISCOV_LE_SCAN_WIN,
2487 own_addr_type, 0);
2488 return 0;
2489}
2490
2491static int interleaved_discov(struct hci_request *req, unsigned long opt)
2492{
2493 int err;
2494
2495 BT_DBG("%s", req->hdev->name);
2496
2497 err = active_scan(req, opt);
2498 if (err)
2499 return err;
2500
2501 return bredr_inquiry(req, DISCOV_BREDR_INQUIRY_LEN);
2502}
2503
2504static void start_discovery(struct hci_dev *hdev, u8 *status)
2505{
2506 unsigned long timeout;
2507
2508 BT_DBG("%s type %u", hdev->name, hdev->discovery.type);
2509
2510 switch (hdev->discovery.type) {
2511 case DISCOV_TYPE_BREDR:
2512 if (!hci_dev_test_flag(hdev, HCI_INQUIRY))
2513 hci_req_sync(hdev, bredr_inquiry,
2514 DISCOV_BREDR_INQUIRY_LEN, HCI_CMD_TIMEOUT,
2515 status);
2516 return;
2517 case DISCOV_TYPE_INTERLEAVED:
2518
2519
2520
2521
2522
2523
2524
2525
2526 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
2527 &hdev->quirks)) {
2528 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
2529
2530
2531
2532
2533 hci_req_sync(hdev, interleaved_discov,
2534 DISCOV_LE_SCAN_INT * 2, HCI_CMD_TIMEOUT,
2535 status);
2536 break;
2537 }
2538
2539 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
2540 hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT,
2541 HCI_CMD_TIMEOUT, status);
2542 break;
2543 case DISCOV_TYPE_LE:
2544 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
2545 hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT,
2546 HCI_CMD_TIMEOUT, status);
2547 break;
2548 default:
2549 *status = HCI_ERROR_UNSPECIFIED;
2550 return;
2551 }
2552
2553 if (*status)
2554 return;
2555
2556 BT_DBG("%s timeout %u ms", hdev->name, jiffies_to_msecs(timeout));
2557
2558
2559
2560
2561
2562
2563 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) &&
2564 hdev->discovery.result_filtering) {
2565 hdev->discovery.scan_start = jiffies;
2566 hdev->discovery.scan_duration = timeout;
2567 }
2568
2569 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_disable,
2570 timeout);
2571}
2572
2573bool hci_req_stop_discovery(struct hci_request *req)
2574{
2575 struct hci_dev *hdev = req->hdev;
2576 struct discovery_state *d = &hdev->discovery;
2577 struct hci_cp_remote_name_req_cancel cp;
2578 struct inquiry_entry *e;
2579 bool ret = false;
2580
2581 BT_DBG("%s state %u", hdev->name, hdev->discovery.state);
2582
2583 if (d->state == DISCOVERY_FINDING || d->state == DISCOVERY_STOPPING) {
2584 if (test_bit(HCI_INQUIRY, &hdev->flags))
2585 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2586
2587 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
2588 cancel_delayed_work(&hdev->le_scan_disable);
2589 hci_req_add_le_scan_disable(req);
2590 }
2591
2592 ret = true;
2593 } else {
2594
2595 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
2596 hci_req_add_le_scan_disable(req);
2597 ret = true;
2598 }
2599 }
2600
2601
2602 if (d->type == DISCOV_TYPE_LE)
2603 return ret;
2604
2605 if (d->state == DISCOVERY_RESOLVING || d->state == DISCOVERY_STOPPING) {
2606 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2607 NAME_PENDING);
2608 if (!e)
2609 return ret;
2610
2611 bacpy(&cp.bdaddr, &e->data.bdaddr);
2612 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2613 &cp);
2614 ret = true;
2615 }
2616
2617 return ret;
2618}
2619
2620static int stop_discovery(struct hci_request *req, unsigned long opt)
2621{
2622 hci_dev_lock(req->hdev);
2623 hci_req_stop_discovery(req);
2624 hci_dev_unlock(req->hdev);
2625
2626 return 0;
2627}
2628
2629static void discov_update(struct work_struct *work)
2630{
2631 struct hci_dev *hdev = container_of(work, struct hci_dev,
2632 discov_update);
2633 u8 status = 0;
2634
2635 switch (hdev->discovery.state) {
2636 case DISCOVERY_STARTING:
2637 start_discovery(hdev, &status);
2638 mgmt_start_discovery_complete(hdev, status);
2639 if (status)
2640 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2641 else
2642 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2643 break;
2644 case DISCOVERY_STOPPING:
2645 hci_req_sync(hdev, stop_discovery, 0, HCI_CMD_TIMEOUT, &status);
2646 mgmt_stop_discovery_complete(hdev, status);
2647 if (!status)
2648 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2649 break;
2650 case DISCOVERY_STOPPED:
2651 default:
2652 return;
2653 }
2654}
2655
2656static void discov_off(struct work_struct *work)
2657{
2658 struct hci_dev *hdev = container_of(work, struct hci_dev,
2659 discov_off.work);
2660
2661 BT_DBG("%s", hdev->name);
2662
2663 hci_dev_lock(hdev);
2664
2665
2666
2667
2668
2669
2670 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2671 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2672 hdev->discov_timeout = 0;
2673
2674 hci_dev_unlock(hdev);
2675
2676 hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, NULL);
2677 mgmt_new_settings(hdev);
2678}
2679
2680static int powered_update_hci(struct hci_request *req, unsigned long opt)
2681{
2682 struct hci_dev *hdev = req->hdev;
2683 u8 link_sec;
2684
2685 hci_dev_lock(hdev);
2686
2687 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
2688 !lmp_host_ssp_capable(hdev)) {
2689 u8 mode = 0x01;
2690
2691 hci_req_add(req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
2692
2693 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
2694 u8 support = 0x01;
2695
2696 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
2697 sizeof(support), &support);
2698 }
2699 }
2700
2701 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2702 lmp_bredr_capable(hdev)) {
2703 struct hci_cp_write_le_host_supported cp;
2704
2705 cp.le = 0x01;
2706 cp.simul = 0x00;
2707
2708
2709
2710
2711 if (cp.le != lmp_host_le_capable(hdev) ||
2712 cp.simul != lmp_host_le_br_capable(hdev))
2713 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
2714 sizeof(cp), &cp);
2715 }
2716
2717 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2718
2719
2720
2721
2722 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2723 list_empty(&hdev->adv_instances)) {
2724 int err;
2725
2726 if (ext_adv_capable(hdev)) {
2727 err = __hci_req_setup_ext_adv_instance(req,
2728 0x00);
2729 if (!err)
2730 __hci_req_update_scan_rsp_data(req,
2731 0x00);
2732 } else {
2733 err = 0;
2734 __hci_req_update_adv_data(req, 0x00);
2735 __hci_req_update_scan_rsp_data(req, 0x00);
2736 }
2737
2738 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2739 if (!ext_adv_capable(hdev))
2740 __hci_req_enable_advertising(req);
2741 else if (!err)
2742 __hci_req_enable_ext_advertising(req);
2743 }
2744 } else if (!list_empty(&hdev->adv_instances)) {
2745 struct adv_info *adv_instance;
2746
2747 adv_instance = list_first_entry(&hdev->adv_instances,
2748 struct adv_info, list);
2749 __hci_req_schedule_adv_instance(req,
2750 adv_instance->instance,
2751 true);
2752 }
2753 }
2754
2755 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
2756 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
2757 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE,
2758 sizeof(link_sec), &link_sec);
2759
2760 if (lmp_bredr_capable(hdev)) {
2761 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
2762 __hci_req_write_fast_connectable(req, true);
2763 else
2764 __hci_req_write_fast_connectable(req, false);
2765 __hci_req_update_scan(req);
2766 __hci_req_update_class(req);
2767 __hci_req_update_name(req);
2768 __hci_req_update_eir(req);
2769 }
2770
2771 hci_dev_unlock(hdev);
2772 return 0;
2773}
2774
2775int __hci_req_hci_power_on(struct hci_dev *hdev)
2776{
2777
2778
2779
2780
2781
2782 smp_register(hdev);
2783
2784 return __hci_req_sync(hdev, powered_update_hci, 0, HCI_CMD_TIMEOUT,
2785 NULL);
2786}
2787
2788void hci_request_setup(struct hci_dev *hdev)
2789{
2790 INIT_WORK(&hdev->discov_update, discov_update);
2791 INIT_WORK(&hdev->bg_scan_update, bg_scan_update);
2792 INIT_WORK(&hdev->scan_update, scan_update_work);
2793 INIT_WORK(&hdev->connectable_update, connectable_update_work);
2794 INIT_WORK(&hdev->discoverable_update, discoverable_update_work);
2795 INIT_DELAYED_WORK(&hdev->discov_off, discov_off);
2796 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
2797 INIT_DELAYED_WORK(&hdev->le_scan_restart, le_scan_restart_work);
2798 INIT_DELAYED_WORK(&hdev->adv_instance_expire, adv_timeout_expire);
2799}
2800
2801void hci_request_cancel_all(struct hci_dev *hdev)
2802{
2803 hci_req_sync_cancel(hdev, ENODEV);
2804
2805 cancel_work_sync(&hdev->discov_update);
2806 cancel_work_sync(&hdev->bg_scan_update);
2807 cancel_work_sync(&hdev->scan_update);
2808 cancel_work_sync(&hdev->connectable_update);
2809 cancel_work_sync(&hdev->discoverable_update);
2810 cancel_delayed_work_sync(&hdev->discov_off);
2811 cancel_delayed_work_sync(&hdev->le_scan_disable);
2812 cancel_delayed_work_sync(&hdev->le_scan_restart);
2813
2814 if (hdev->adv_instance_timeout) {
2815 cancel_delayed_work_sync(&hdev->adv_instance_expire);
2816 hdev->adv_instance_timeout = 0;
2817 }
2818}
2819
