1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2014 Intel Corporation 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 #include <linux/sched/signal.h> 25 26 #include <net/bluetooth/bluetooth.h> 27 #include <net/bluetooth/hci_core.h> 28 #include <net/bluetooth/mgmt.h> 29 30 #include "smp.h" 31 #include "hci_request.h" 32 #include "msft.h" 33 34 #define HCI_REQ_DONE 0 35 #define HCI_REQ_PEND 1 36 #define HCI_REQ_CANCELED 2 37 38 void hci_req_init(struct hci_request *req, struct hci_dev *hdev) 39 { 40 skb_queue_head_init(&req->cmd_q); 41 req->hdev = hdev; 42 req->err = 0; 43 } 44 45 void hci_req_purge(struct hci_request *req) 46 { 47 skb_queue_purge(&req->cmd_q); 48 } 49 50 bool hci_req_status_pend(struct hci_dev *hdev) 51 { 52 return hdev->req_status == HCI_REQ_PEND; 53 } 54 55 static int req_run(struct hci_request *req, hci_req_complete_t complete, 56 hci_req_complete_skb_t complete_skb) 57 { 58 struct hci_dev *hdev = req->hdev; 59 struct sk_buff *skb; 60 unsigned long flags; 61 62 bt_dev_dbg(hdev, "length %u", skb_queue_len(&req->cmd_q)); 63 64 /* If an error occurred during request building, remove all HCI 65 * commands queued on the HCI request queue. 66 */ 67 if (req->err) { 68 skb_queue_purge(&req->cmd_q); 69 return req->err; 70 } 71 72 /* Do not allow empty requests */ 73 if (skb_queue_empty(&req->cmd_q)) 74 return -ENODATA; 75 76 skb = skb_peek_tail(&req->cmd_q); 77 if (complete) { 78 bt_cb(skb)->hci.req_complete = complete; 79 } else if (complete_skb) { 80 bt_cb(skb)->hci.req_complete_skb = complete_skb; 81 bt_cb(skb)->hci.req_flags |= HCI_REQ_SKB; 82 } 83 84 spin_lock_irqsave(&hdev->cmd_q.lock, flags); 85 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q); 86 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags); 87 88 queue_work(hdev->workqueue, &hdev->cmd_work); 89 90 return 0; 91 } 92 93 int hci_req_run(struct hci_request *req, hci_req_complete_t complete) 94 { 95 return req_run(req, complete, NULL); 96 } 97 98 int hci_req_run_skb(struct hci_request *req, hci_req_complete_skb_t complete) 99 { 100 return req_run(req, NULL, complete); 101 } 102 103 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode, 104 struct sk_buff *skb) 105 { 106 bt_dev_dbg(hdev, "result 0x%2.2x", result); 107 108 if (hdev->req_status == HCI_REQ_PEND) { 109 hdev->req_result = result; 110 hdev->req_status = HCI_REQ_DONE; 111 if (skb) 112 hdev->req_skb = skb_get(skb); 113 wake_up_interruptible(&hdev->req_wait_q); 114 } 115 } 116 117 void hci_req_sync_cancel(struct hci_dev *hdev, int err) 118 { 119 bt_dev_dbg(hdev, "err 0x%2.2x", err); 120 121 if (hdev->req_status == HCI_REQ_PEND) { 122 hdev->req_result = err; 123 hdev->req_status = HCI_REQ_CANCELED; 124 wake_up_interruptible(&hdev->req_wait_q); 125 } 126 } 127 128 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen, 129 const void *param, u8 event, u32 timeout) 130 { 131 struct hci_request req; 132 struct sk_buff *skb; 133 int err = 0; 134 135 bt_dev_dbg(hdev, ""); 136 137 hci_req_init(&req, hdev); 138 139 hci_req_add_ev(&req, opcode, plen, param, event); 140 141 hdev->req_status = HCI_REQ_PEND; 142 143 err = hci_req_run_skb(&req, hci_req_sync_complete); 144 if (err < 0) 145 return ERR_PTR(err); 146 147 err = wait_event_interruptible_timeout(hdev->req_wait_q, 148 hdev->req_status != HCI_REQ_PEND, timeout); 149 150 if (err == -ERESTARTSYS) 151 return ERR_PTR(-EINTR); 152 153 switch (hdev->req_status) { 154 case HCI_REQ_DONE: 155 err = -bt_to_errno(hdev->req_result); 156 break; 157 158 case HCI_REQ_CANCELED: 159 err = -hdev->req_result; 160 break; 161 162 default: 163 err = -ETIMEDOUT; 164 break; 165 } 166 167 hdev->req_status = hdev->req_result = 0; 168 skb = hdev->req_skb; 169 hdev->req_skb = NULL; 170 171 bt_dev_dbg(hdev, "end: err %d", err); 172 173 if (err < 0) { 174 kfree_skb(skb); 175 return ERR_PTR(err); 176 } 177 178 if (!skb) 179 return ERR_PTR(-ENODATA); 180 181 return skb; 182 } 183 EXPORT_SYMBOL(__hci_cmd_sync_ev); 184 185 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen, 186 const void *param, u32 timeout) 187 { 188 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout); 189 } 190 EXPORT_SYMBOL(__hci_cmd_sync); 191 192 /* Execute request and wait for completion. */ 193 int __hci_req_sync(struct hci_dev *hdev, int (*func)(struct hci_request *req, 194 unsigned long opt), 195 unsigned long opt, u32 timeout, u8 *hci_status) 196 { 197 struct hci_request req; 198 int err = 0; 199 200 bt_dev_dbg(hdev, "start"); 201 202 hci_req_init(&req, hdev); 203 204 hdev->req_status = HCI_REQ_PEND; 205 206 err = func(&req, opt); 207 if (err) { 208 if (hci_status) 209 *hci_status = HCI_ERROR_UNSPECIFIED; 210 return err; 211 } 212 213 err = hci_req_run_skb(&req, hci_req_sync_complete); 214 if (err < 0) { 215 hdev->req_status = 0; 216 217 /* ENODATA means the HCI request command queue is empty. 218 * This can happen when a request with conditionals doesn't 219 * trigger any commands to be sent. This is normal behavior 220 * and should not trigger an error return. 221 */ 222 if (err == -ENODATA) { 223 if (hci_status) 224 *hci_status = 0; 225 return 0; 226 } 227 228 if (hci_status) 229 *hci_status = HCI_ERROR_UNSPECIFIED; 230 231 return err; 232 } 233 234 err = wait_event_interruptible_timeout(hdev->req_wait_q, 235 hdev->req_status != HCI_REQ_PEND, timeout); 236 237 if (err == -ERESTARTSYS) 238 return -EINTR; 239 240 switch (hdev->req_status) { 241 case HCI_REQ_DONE: 242 err = -bt_to_errno(hdev->req_result); 243 if (hci_status) 244 *hci_status = hdev->req_result; 245 break; 246 247 case HCI_REQ_CANCELED: 248 err = -hdev->req_result; 249 if (hci_status) 250 *hci_status = HCI_ERROR_UNSPECIFIED; 251 break; 252 253 default: 254 err = -ETIMEDOUT; 255 if (hci_status) 256 *hci_status = HCI_ERROR_UNSPECIFIED; 257 break; 258 } 259 260 kfree_skb(hdev->req_skb); 261 hdev->req_skb = NULL; 262 hdev->req_status = hdev->req_result = 0; 263 264 bt_dev_dbg(hdev, "end: err %d", err); 265 266 return err; 267 } 268 269 int hci_req_sync(struct hci_dev *hdev, int (*req)(struct hci_request *req, 270 unsigned long opt), 271 unsigned long opt, u32 timeout, u8 *hci_status) 272 { 273 int ret; 274 275 /* Serialize all requests */ 276 hci_req_sync_lock(hdev); 277 /* check the state after obtaing the lock to protect the HCI_UP 278 * against any races from hci_dev_do_close when the controller 279 * gets removed. 280 */ 281 if (test_bit(HCI_UP, &hdev->flags)) 282 ret = __hci_req_sync(hdev, req, opt, timeout, hci_status); 283 else 284 ret = -ENETDOWN; 285 hci_req_sync_unlock(hdev); 286 287 return ret; 288 } 289 290 struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode, u32 plen, 291 const void *param) 292 { 293 int len = HCI_COMMAND_HDR_SIZE + plen; 294 struct hci_command_hdr *hdr; 295 struct sk_buff *skb; 296 297 skb = bt_skb_alloc(len, GFP_ATOMIC); 298 if (!skb) 299 return NULL; 300 301 hdr = skb_put(skb, HCI_COMMAND_HDR_SIZE); 302 hdr->opcode = cpu_to_le16(opcode); 303 hdr->plen = plen; 304 305 if (plen) 306 skb_put_data(skb, param, plen); 307 308 bt_dev_dbg(hdev, "skb len %d", skb->len); 309 310 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 311 hci_skb_opcode(skb) = opcode; 312 313 return skb; 314 } 315 316 /* Queue a command to an asynchronous HCI request */ 317 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen, 318 const void *param, u8 event) 319 { 320 struct hci_dev *hdev = req->hdev; 321 struct sk_buff *skb; 322 323 bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen); 324 325 /* If an error occurred during request building, there is no point in 326 * queueing the HCI command. We can simply return. 327 */ 328 if (req->err) 329 return; 330 331 skb = hci_prepare_cmd(hdev, opcode, plen, param); 332 if (!skb) { 333 bt_dev_err(hdev, "no memory for command (opcode 0x%4.4x)", 334 opcode); 335 req->err = -ENOMEM; 336 return; 337 } 338 339 if (skb_queue_empty(&req->cmd_q)) 340 bt_cb(skb)->hci.req_flags |= HCI_REQ_START; 341 342 bt_cb(skb)->hci.req_event = event; 343 344 skb_queue_tail(&req->cmd_q, skb); 345 } 346 347 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, 348 const void *param) 349 { 350 hci_req_add_ev(req, opcode, plen, param, 0); 351 } 352 353 void __hci_req_write_fast_connectable(struct hci_request *req, bool enable) 354 { 355 struct hci_dev *hdev = req->hdev; 356 struct hci_cp_write_page_scan_activity acp; 357 u8 type; 358 359 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 360 return; 361 362 if (hdev->hci_ver < BLUETOOTH_VER_1_2) 363 return; 364 365 if (enable) { 366 type = PAGE_SCAN_TYPE_INTERLACED; 367 368 /* 160 msec page scan interval */ 369 acp.interval = cpu_to_le16(0x0100); 370 } else { 371 type = hdev->def_page_scan_type; 372 acp.interval = cpu_to_le16(hdev->def_page_scan_int); 373 } 374 375 acp.window = cpu_to_le16(hdev->def_page_scan_window); 376 377 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval || 378 __cpu_to_le16(hdev->page_scan_window) != acp.window) 379 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, 380 sizeof(acp), &acp); 381 382 if (hdev->page_scan_type != type) 383 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); 384 } 385 386 static void start_interleave_scan(struct hci_dev *hdev) 387 { 388 hdev->interleave_scan_state = INTERLEAVE_SCAN_NO_FILTER; 389 queue_delayed_work(hdev->req_workqueue, 390 &hdev->interleave_scan, 0); 391 } 392 393 static bool is_interleave_scanning(struct hci_dev *hdev) 394 { 395 return hdev->interleave_scan_state != INTERLEAVE_SCAN_NONE; 396 } 397 398 static void cancel_interleave_scan(struct hci_dev *hdev) 399 { 400 bt_dev_dbg(hdev, "cancelling interleave scan"); 401 402 cancel_delayed_work_sync(&hdev->interleave_scan); 403 404 hdev->interleave_scan_state = INTERLEAVE_SCAN_NONE; 405 } 406 407 /* Return true if interleave_scan wasn't started until exiting this function, 408 * otherwise, return false 409 */ 410 static bool __hci_update_interleaved_scan(struct hci_dev *hdev) 411 { 412 /* Do interleaved scan only if all of the following are true: 413 * - There is at least one ADV monitor 414 * - At least one pending LE connection or one device to be scanned for 415 * - Monitor offloading is not supported 416 * If so, we should alternate between allowlist scan and one without 417 * any filters to save power. 418 */ 419 bool use_interleaving = hci_is_adv_monitoring(hdev) && 420 !(list_empty(&hdev->pend_le_conns) && 421 list_empty(&hdev->pend_le_reports)) && 422 hci_get_adv_monitor_offload_ext(hdev) == 423 HCI_ADV_MONITOR_EXT_NONE; 424 bool is_interleaving = is_interleave_scanning(hdev); 425 426 if (use_interleaving && !is_interleaving) { 427 start_interleave_scan(hdev); 428 bt_dev_dbg(hdev, "starting interleave scan"); 429 return true; 430 } 431 432 if (!use_interleaving && is_interleaving) 433 cancel_interleave_scan(hdev); 434 435 return false; 436 } 437 438 /* This function controls the background scanning based on hdev->pend_le_conns 439 * list. If there are pending LE connection we start the background scanning, 440 * otherwise we stop it. 441 * 442 * This function requires the caller holds hdev->lock. 443 */ 444 static void __hci_update_background_scan(struct hci_request *req) 445 { 446 struct hci_dev *hdev = req->hdev; 447 448 if (!test_bit(HCI_UP, &hdev->flags) || 449 test_bit(HCI_INIT, &hdev->flags) || 450 hci_dev_test_flag(hdev, HCI_SETUP) || 451 hci_dev_test_flag(hdev, HCI_CONFIG) || 452 hci_dev_test_flag(hdev, HCI_AUTO_OFF) || 453 hci_dev_test_flag(hdev, HCI_UNREGISTER)) 454 return; 455 456 /* No point in doing scanning if LE support hasn't been enabled */ 457 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 458 return; 459 460 /* If discovery is active don't interfere with it */ 461 if (hdev->discovery.state != DISCOVERY_STOPPED) 462 return; 463 464 /* Reset RSSI and UUID filters when starting background scanning 465 * since these filters are meant for service discovery only. 466 * 467 * The Start Discovery and Start Service Discovery operations 468 * ensure to set proper values for RSSI threshold and UUID 469 * filter list. So it is safe to just reset them here. 470 */ 471 hci_discovery_filter_clear(hdev); 472 473 bt_dev_dbg(hdev, "ADV monitoring is %s", 474 hci_is_adv_monitoring(hdev) ? "on" : "off"); 475 476 if (list_empty(&hdev->pend_le_conns) && 477 list_empty(&hdev->pend_le_reports) && 478 !hci_is_adv_monitoring(hdev)) { 479 /* If there is no pending LE connections or devices 480 * to be scanned for or no ADV monitors, we should stop the 481 * background scanning. 482 */ 483 484 /* If controller is not scanning we are done. */ 485 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 486 return; 487 488 hci_req_add_le_scan_disable(req, false); 489 490 bt_dev_dbg(hdev, "stopping background scanning"); 491 } else { 492 /* If there is at least one pending LE connection, we should 493 * keep the background scan running. 494 */ 495 496 /* If controller is connecting, we should not start scanning 497 * since some controllers are not able to scan and connect at 498 * the same time. 499 */ 500 if (hci_lookup_le_connect(hdev)) 501 return; 502 503 /* If controller is currently scanning, we stop it to ensure we 504 * don't miss any advertising (due to duplicates filter). 505 */ 506 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) 507 hci_req_add_le_scan_disable(req, false); 508 509 hci_req_add_le_passive_scan(req); 510 bt_dev_dbg(hdev, "starting background scanning"); 511 } 512 } 513 514 void __hci_req_update_name(struct hci_request *req) 515 { 516 struct hci_dev *hdev = req->hdev; 517 struct hci_cp_write_local_name cp; 518 519 memcpy(cp.name, hdev->dev_name, sizeof(cp.name)); 520 521 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp); 522 } 523 524 #define PNP_INFO_SVCLASS_ID 0x1200 525 526 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len) 527 { 528 u8 *ptr = data, *uuids_start = NULL; 529 struct bt_uuid *uuid; 530 531 if (len < 4) 532 return ptr; 533 534 list_for_each_entry(uuid, &hdev->uuids, list) { 535 u16 uuid16; 536 537 if (uuid->size != 16) 538 continue; 539 540 uuid16 = get_unaligned_le16(&uuid->uuid[12]); 541 if (uuid16 < 0x1100) 542 continue; 543 544 if (uuid16 == PNP_INFO_SVCLASS_ID) 545 continue; 546 547 if (!uuids_start) { 548 uuids_start = ptr; 549 uuids_start[0] = 1; 550 uuids_start[1] = EIR_UUID16_ALL; 551 ptr += 2; 552 } 553 554 /* Stop if not enough space to put next UUID */ 555 if ((ptr - data) + sizeof(u16) > len) { 556 uuids_start[1] = EIR_UUID16_SOME; 557 break; 558 } 559 560 *ptr++ = (uuid16 & 0x00ff); 561 *ptr++ = (uuid16 & 0xff00) >> 8; 562 uuids_start[0] += sizeof(uuid16); 563 } 564 565 return ptr; 566 } 567 568 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len) 569 { 570 u8 *ptr = data, *uuids_start = NULL; 571 struct bt_uuid *uuid; 572 573 if (len < 6) 574 return ptr; 575 576 list_for_each_entry(uuid, &hdev->uuids, list) { 577 if (uuid->size != 32) 578 continue; 579 580 if (!uuids_start) { 581 uuids_start = ptr; 582 uuids_start[0] = 1; 583 uuids_start[1] = EIR_UUID32_ALL; 584 ptr += 2; 585 } 586 587 /* Stop if not enough space to put next UUID */ 588 if ((ptr - data) + sizeof(u32) > len) { 589 uuids_start[1] = EIR_UUID32_SOME; 590 break; 591 } 592 593 memcpy(ptr, &uuid->uuid[12], sizeof(u32)); 594 ptr += sizeof(u32); 595 uuids_start[0] += sizeof(u32); 596 } 597 598 return ptr; 599 } 600 601 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len) 602 { 603 u8 *ptr = data, *uuids_start = NULL; 604 struct bt_uuid *uuid; 605 606 if (len < 18) 607 return ptr; 608 609 list_for_each_entry(uuid, &hdev->uuids, list) { 610 if (uuid->size != 128) 611 continue; 612 613 if (!uuids_start) { 614 uuids_start = ptr; 615 uuids_start[0] = 1; 616 uuids_start[1] = EIR_UUID128_ALL; 617 ptr += 2; 618 } 619 620 /* Stop if not enough space to put next UUID */ 621 if ((ptr - data) + 16 > len) { 622 uuids_start[1] = EIR_UUID128_SOME; 623 break; 624 } 625 626 memcpy(ptr, uuid->uuid, 16); 627 ptr += 16; 628 uuids_start[0] += 16; 629 } 630 631 return ptr; 632 } 633 634 static void create_eir(struct hci_dev *hdev, u8 *data) 635 { 636 u8 *ptr = data; 637 size_t name_len; 638 639 name_len = strlen(hdev->dev_name); 640 641 if (name_len > 0) { 642 /* EIR Data type */ 643 if (name_len > 48) { 644 name_len = 48; 645 ptr[1] = EIR_NAME_SHORT; 646 } else 647 ptr[1] = EIR_NAME_COMPLETE; 648 649 /* EIR Data length */ 650 ptr[0] = name_len + 1; 651 652 memcpy(ptr + 2, hdev->dev_name, name_len); 653 654 ptr += (name_len + 2); 655 } 656 657 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) { 658 ptr[0] = 2; 659 ptr[1] = EIR_TX_POWER; 660 ptr[2] = (u8) hdev->inq_tx_power; 661 662 ptr += 3; 663 } 664 665 if (hdev->devid_source > 0) { 666 ptr[0] = 9; 667 ptr[1] = EIR_DEVICE_ID; 668 669 put_unaligned_le16(hdev->devid_source, ptr + 2); 670 put_unaligned_le16(hdev->devid_vendor, ptr + 4); 671 put_unaligned_le16(hdev->devid_product, ptr + 6); 672 put_unaligned_le16(hdev->devid_version, ptr + 8); 673 674 ptr += 10; 675 } 676 677 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data)); 678 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data)); 679 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data)); 680 } 681 682 void __hci_req_update_eir(struct hci_request *req) 683 { 684 struct hci_dev *hdev = req->hdev; 685 struct hci_cp_write_eir cp; 686 687 if (!hdev_is_powered(hdev)) 688 return; 689 690 if (!lmp_ext_inq_capable(hdev)) 691 return; 692 693 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 694 return; 695 696 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE)) 697 return; 698 699 memset(&cp, 0, sizeof(cp)); 700 701 create_eir(hdev, cp.data); 702 703 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0) 704 return; 705 706 memcpy(hdev->eir, cp.data, sizeof(cp.data)); 707 708 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 709 } 710 711 void hci_req_add_le_scan_disable(struct hci_request *req, bool rpa_le_conn) 712 { 713 struct hci_dev *hdev = req->hdev; 714 715 if (hdev->scanning_paused) { 716 bt_dev_dbg(hdev, "Scanning is paused for suspend"); 717 return; 718 } 719 720 if (hdev->suspended) 721 set_bit(SUSPEND_SCAN_DISABLE, hdev->suspend_tasks); 722 723 if (use_ext_scan(hdev)) { 724 struct hci_cp_le_set_ext_scan_enable cp; 725 726 memset(&cp, 0, sizeof(cp)); 727 cp.enable = LE_SCAN_DISABLE; 728 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE, sizeof(cp), 729 &cp); 730 } else { 731 struct hci_cp_le_set_scan_enable cp; 732 733 memset(&cp, 0, sizeof(cp)); 734 cp.enable = LE_SCAN_DISABLE; 735 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 736 } 737 738 /* Disable address resolution */ 739 if (use_ll_privacy(hdev) && 740 hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) && 741 hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION) && !rpa_le_conn) { 742 __u8 enable = 0x00; 743 744 hci_req_add(req, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE, 1, &enable); 745 } 746 } 747 748 static void del_from_white_list(struct hci_request *req, bdaddr_t *bdaddr, 749 u8 bdaddr_type) 750 { 751 struct hci_cp_le_del_from_white_list cp; 752 753 cp.bdaddr_type = bdaddr_type; 754 bacpy(&cp.bdaddr, bdaddr); 755 756 bt_dev_dbg(req->hdev, "Remove %pMR (0x%x) from whitelist", &cp.bdaddr, 757 cp.bdaddr_type); 758 hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST, sizeof(cp), &cp); 759 760 if (use_ll_privacy(req->hdev) && 761 hci_dev_test_flag(req->hdev, HCI_ENABLE_LL_PRIVACY)) { 762 struct smp_irk *irk; 763 764 irk = hci_find_irk_by_addr(req->hdev, bdaddr, bdaddr_type); 765 if (irk) { 766 struct hci_cp_le_del_from_resolv_list cp; 767 768 cp.bdaddr_type = bdaddr_type; 769 bacpy(&cp.bdaddr, bdaddr); 770 771 hci_req_add(req, HCI_OP_LE_DEL_FROM_RESOLV_LIST, 772 sizeof(cp), &cp); 773 } 774 } 775 } 776 777 /* Adds connection to white list if needed. On error, returns -1. */ 778 static int add_to_white_list(struct hci_request *req, 779 struct hci_conn_params *params, u8 *num_entries, 780 bool allow_rpa) 781 { 782 struct hci_cp_le_add_to_white_list cp; 783 struct hci_dev *hdev = req->hdev; 784 785 /* Already in white list */ 786 if (hci_bdaddr_list_lookup(&hdev->le_white_list, ¶ms->addr, 787 params->addr_type)) 788 return 0; 789 790 /* Select filter policy to accept all advertising */ 791 if (*num_entries >= hdev->le_white_list_size) 792 return -1; 793 794 /* White list can not be used with RPAs */ 795 if (!allow_rpa && 796 !hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) && 797 hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type)) { 798 return -1; 799 } 800 801 /* During suspend, only wakeable devices can be in whitelist */ 802 if (hdev->suspended && !hci_conn_test_flag(HCI_CONN_FLAG_REMOTE_WAKEUP, 803 params->current_flags)) 804 return 0; 805 806 *num_entries += 1; 807 cp.bdaddr_type = params->addr_type; 808 bacpy(&cp.bdaddr, ¶ms->addr); 809 810 bt_dev_dbg(hdev, "Add %pMR (0x%x) to whitelist", &cp.bdaddr, 811 cp.bdaddr_type); 812 hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp); 813 814 if (use_ll_privacy(hdev) && 815 hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) { 816 struct smp_irk *irk; 817 818 irk = hci_find_irk_by_addr(hdev, ¶ms->addr, 819 params->addr_type); 820 if (irk) { 821 struct hci_cp_le_add_to_resolv_list cp; 822 823 cp.bdaddr_type = params->addr_type; 824 bacpy(&cp.bdaddr, ¶ms->addr); 825 memcpy(cp.peer_irk, irk->val, 16); 826 827 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) 828 memcpy(cp.local_irk, hdev->irk, 16); 829 else 830 memset(cp.local_irk, 0, 16); 831 832 hci_req_add(req, HCI_OP_LE_ADD_TO_RESOLV_LIST, 833 sizeof(cp), &cp); 834 } 835 } 836 837 return 0; 838 } 839 840 static u8 update_white_list(struct hci_request *req) 841 { 842 struct hci_dev *hdev = req->hdev; 843 struct hci_conn_params *params; 844 struct bdaddr_list *b; 845 u8 num_entries = 0; 846 bool pend_conn, pend_report; 847 /* We allow whitelisting even with RPAs in suspend. In the worst case, 848 * we won't be able to wake from devices that use the privacy1.2 849 * features. Additionally, once we support privacy1.2 and IRK 850 * offloading, we can update this to also check for those conditions. 851 */ 852 bool allow_rpa = hdev->suspended; 853 854 if (use_ll_privacy(hdev) && 855 hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 856 allow_rpa = true; 857 858 /* Go through the current white list programmed into the 859 * controller one by one and check if that address is still 860 * in the list of pending connections or list of devices to 861 * report. If not present in either list, then queue the 862 * command to remove it from the controller. 863 */ 864 list_for_each_entry(b, &hdev->le_white_list, list) { 865 pend_conn = hci_pend_le_action_lookup(&hdev->pend_le_conns, 866 &b->bdaddr, 867 b->bdaddr_type); 868 pend_report = hci_pend_le_action_lookup(&hdev->pend_le_reports, 869 &b->bdaddr, 870 b->bdaddr_type); 871 872 /* If the device is not likely to connect or report, 873 * remove it from the whitelist. 874 */ 875 if (!pend_conn && !pend_report) { 876 del_from_white_list(req, &b->bdaddr, b->bdaddr_type); 877 continue; 878 } 879 880 /* White list can not be used with RPAs */ 881 if (!allow_rpa && 882 !hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) && 883 hci_find_irk_by_addr(hdev, &b->bdaddr, b->bdaddr_type)) { 884 return 0x00; 885 } 886 887 num_entries++; 888 } 889 890 /* Since all no longer valid white list entries have been 891 * removed, walk through the list of pending connections 892 * and ensure that any new device gets programmed into 893 * the controller. 894 * 895 * If the list of the devices is larger than the list of 896 * available white list entries in the controller, then 897 * just abort and return filer policy value to not use the 898 * white list. 899 */ 900 list_for_each_entry(params, &hdev->pend_le_conns, action) { 901 if (add_to_white_list(req, params, &num_entries, allow_rpa)) 902 return 0x00; 903 } 904 905 /* After adding all new pending connections, walk through 906 * the list of pending reports and also add these to the 907 * white list if there is still space. Abort if space runs out. 908 */ 909 list_for_each_entry(params, &hdev->pend_le_reports, action) { 910 if (add_to_white_list(req, params, &num_entries, allow_rpa)) 911 return 0x00; 912 } 913 914 /* Use the allowlist unless the following conditions are all true: 915 * - We are not currently suspending 916 * - There are 1 or more ADV monitors registered and it's not offloaded 917 * - Interleaved scanning is not currently using the allowlist 918 */ 919 if (!idr_is_empty(&hdev->adv_monitors_idr) && !hdev->suspended && 920 hci_get_adv_monitor_offload_ext(hdev) == HCI_ADV_MONITOR_EXT_NONE && 921 hdev->interleave_scan_state != INTERLEAVE_SCAN_ALLOWLIST) 922 return 0x00; 923 924 /* Select filter policy to use white list */ 925 return 0x01; 926 } 927 928 static bool scan_use_rpa(struct hci_dev *hdev) 929 { 930 return hci_dev_test_flag(hdev, HCI_PRIVACY); 931 } 932 933 static void hci_req_start_scan(struct hci_request *req, u8 type, u16 interval, 934 u16 window, u8 own_addr_type, u8 filter_policy, 935 bool addr_resolv) 936 { 937 struct hci_dev *hdev = req->hdev; 938 939 if (hdev->scanning_paused) { 940 bt_dev_dbg(hdev, "Scanning is paused for suspend"); 941 return; 942 } 943 944 if (use_ll_privacy(hdev) && 945 hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) && 946 addr_resolv) { 947 u8 enable = 0x01; 948 949 hci_req_add(req, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE, 1, &enable); 950 } 951 952 /* Use ext scanning if set ext scan param and ext scan enable is 953 * supported 954 */ 955 if (use_ext_scan(hdev)) { 956 struct hci_cp_le_set_ext_scan_params *ext_param_cp; 957 struct hci_cp_le_set_ext_scan_enable ext_enable_cp; 958 struct hci_cp_le_scan_phy_params *phy_params; 959 u8 data[sizeof(*ext_param_cp) + sizeof(*phy_params) * 2]; 960 u32 plen; 961 962 ext_param_cp = (void *)data; 963 phy_params = (void *)ext_param_cp->data; 964 965 memset(ext_param_cp, 0, sizeof(*ext_param_cp)); 966 ext_param_cp->own_addr_type = own_addr_type; 967 ext_param_cp->filter_policy = filter_policy; 968 969 plen = sizeof(*ext_param_cp); 970 971 if (scan_1m(hdev) || scan_2m(hdev)) { 972 ext_param_cp->scanning_phys |= LE_SCAN_PHY_1M; 973 974 memset(phy_params, 0, sizeof(*phy_params)); 975 phy_params->type = type; 976 phy_params->interval = cpu_to_le16(interval); 977 phy_params->window = cpu_to_le16(window); 978 979 plen += sizeof(*phy_params); 980 phy_params++; 981 } 982 983 if (scan_coded(hdev)) { 984 ext_param_cp->scanning_phys |= LE_SCAN_PHY_CODED; 985 986 memset(phy_params, 0, sizeof(*phy_params)); 987 phy_params->type = type; 988 phy_params->interval = cpu_to_le16(interval); 989 phy_params->window = cpu_to_le16(window); 990 991 plen += sizeof(*phy_params); 992 phy_params++; 993 } 994 995 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_PARAMS, 996 plen, ext_param_cp); 997 998 memset(&ext_enable_cp, 0, sizeof(ext_enable_cp)); 999 ext_enable_cp.enable = LE_SCAN_ENABLE; 1000 ext_enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE; 1001 1002 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE, 1003 sizeof(ext_enable_cp), &ext_enable_cp); 1004 } else { 1005 struct hci_cp_le_set_scan_param param_cp; 1006 struct hci_cp_le_set_scan_enable enable_cp; 1007 1008 memset(¶m_cp, 0, sizeof(param_cp)); 1009 param_cp.type = type; 1010 param_cp.interval = cpu_to_le16(interval); 1011 param_cp.window = cpu_to_le16(window); 1012 param_cp.own_address_type = own_addr_type; 1013 param_cp.filter_policy = filter_policy; 1014 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp), 1015 ¶m_cp); 1016 1017 memset(&enable_cp, 0, sizeof(enable_cp)); 1018 enable_cp.enable = LE_SCAN_ENABLE; 1019 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE; 1020 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp), 1021 &enable_cp); 1022 } 1023 } 1024 1025 /* Returns true if an le connection is in the scanning state */ 1026 static inline bool hci_is_le_conn_scanning(struct hci_dev *hdev) 1027 { 1028 struct hci_conn_hash *h = &hdev->conn_hash; 1029 struct hci_conn *c; 1030 1031 rcu_read_lock(); 1032 1033 list_for_each_entry_rcu(c, &h->list, list) { 1034 if (c->type == LE_LINK && c->state == BT_CONNECT && 1035 test_bit(HCI_CONN_SCANNING, &c->flags)) { 1036 rcu_read_unlock(); 1037 return true; 1038 } 1039 } 1040 1041 rcu_read_unlock(); 1042 1043 return false; 1044 } 1045 1046 /* Ensure to call hci_req_add_le_scan_disable() first to disable the 1047 * controller based address resolution to be able to reconfigure 1048 * resolving list. 1049 */ 1050 void hci_req_add_le_passive_scan(struct hci_request *req) 1051 { 1052 struct hci_dev *hdev = req->hdev; 1053 u8 own_addr_type; 1054 u8 filter_policy; 1055 u16 window, interval; 1056 /* Background scanning should run with address resolution */ 1057 bool addr_resolv = true; 1058 1059 if (hdev->scanning_paused) { 1060 bt_dev_dbg(hdev, "Scanning is paused for suspend"); 1061 return; 1062 } 1063 1064 /* Set require_privacy to false since no SCAN_REQ are send 1065 * during passive scanning. Not using an non-resolvable address 1066 * here is important so that peer devices using direct 1067 * advertising with our address will be correctly reported 1068 * by the controller. 1069 */ 1070 if (hci_update_random_address(req, false, scan_use_rpa(hdev), 1071 &own_addr_type)) 1072 return; 1073 1074 if (hdev->enable_advmon_interleave_scan && 1075 __hci_update_interleaved_scan(hdev)) 1076 return; 1077 1078 bt_dev_dbg(hdev, "interleave state %d", hdev->interleave_scan_state); 1079 /* Adding or removing entries from the white list must 1080 * happen before enabling scanning. The controller does 1081 * not allow white list modification while scanning. 1082 */ 1083 filter_policy = update_white_list(req); 1084 1085 /* When the controller is using random resolvable addresses and 1086 * with that having LE privacy enabled, then controllers with 1087 * Extended Scanner Filter Policies support can now enable support 1088 * for handling directed advertising. 1089 * 1090 * So instead of using filter polices 0x00 (no whitelist) 1091 * and 0x01 (whitelist enabled) use the new filter policies 1092 * 0x02 (no whitelist) and 0x03 (whitelist enabled). 1093 */ 1094 if (hci_dev_test_flag(hdev, HCI_PRIVACY) && 1095 (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)) 1096 filter_policy |= 0x02; 1097 1098 if (hdev->suspended) { 1099 window = hdev->le_scan_window_suspend; 1100 interval = hdev->le_scan_int_suspend; 1101 1102 set_bit(SUSPEND_SCAN_ENABLE, hdev->suspend_tasks); 1103 } else if (hci_is_le_conn_scanning(hdev)) { 1104 window = hdev->le_scan_window_connect; 1105 interval = hdev->le_scan_int_connect; 1106 } else if (hci_is_adv_monitoring(hdev)) { 1107 window = hdev->le_scan_window_adv_monitor; 1108 interval = hdev->le_scan_int_adv_monitor; 1109 } else { 1110 window = hdev->le_scan_window; 1111 interval = hdev->le_scan_interval; 1112 } 1113 1114 bt_dev_dbg(hdev, "LE passive scan with whitelist = %d", filter_policy); 1115 hci_req_start_scan(req, LE_SCAN_PASSIVE, interval, window, 1116 own_addr_type, filter_policy, addr_resolv); 1117 } 1118 1119 static bool adv_instance_is_scannable(struct hci_dev *hdev, u8 instance) 1120 { 1121 struct adv_info *adv_instance; 1122 1123 /* Instance 0x00 always set local name */ 1124 if (instance == 0x00) 1125 return true; 1126 1127 adv_instance = hci_find_adv_instance(hdev, instance); 1128 if (!adv_instance) 1129 return false; 1130 1131 if (adv_instance->flags & MGMT_ADV_FLAG_APPEARANCE || 1132 adv_instance->flags & MGMT_ADV_FLAG_LOCAL_NAME) 1133 return true; 1134 1135 return adv_instance->scan_rsp_len ? true : false; 1136 } 1137 1138 static void hci_req_clear_event_filter(struct hci_request *req) 1139 { 1140 struct hci_cp_set_event_filter f; 1141 1142 if (!hci_dev_test_flag(req->hdev, HCI_BREDR_ENABLED)) 1143 return; 1144 1145 if (hci_dev_test_flag(req->hdev, HCI_EVENT_FILTER_CONFIGURED)) { 1146 memset(&f, 0, sizeof(f)); 1147 f.flt_type = HCI_FLT_CLEAR_ALL; 1148 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &f); 1149 } 1150 } 1151 1152 static void hci_req_set_event_filter(struct hci_request *req) 1153 { 1154 struct bdaddr_list_with_flags *b; 1155 struct hci_cp_set_event_filter f; 1156 struct hci_dev *hdev = req->hdev; 1157 u8 scan = SCAN_DISABLED; 1158 bool scanning = test_bit(HCI_PSCAN, &hdev->flags); 1159 1160 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1161 return; 1162 1163 /* Always clear event filter when starting */ 1164 hci_req_clear_event_filter(req); 1165 1166 list_for_each_entry(b, &hdev->whitelist, list) { 1167 if (!hci_conn_test_flag(HCI_CONN_FLAG_REMOTE_WAKEUP, 1168 b->current_flags)) 1169 continue; 1170 1171 memset(&f, 0, sizeof(f)); 1172 bacpy(&f.addr_conn_flt.bdaddr, &b->bdaddr); 1173 f.flt_type = HCI_FLT_CONN_SETUP; 1174 f.cond_type = HCI_CONN_SETUP_ALLOW_BDADDR; 1175 f.addr_conn_flt.auto_accept = HCI_CONN_SETUP_AUTO_ON; 1176 1177 bt_dev_dbg(hdev, "Adding event filters for %pMR", &b->bdaddr); 1178 hci_req_add(req, HCI_OP_SET_EVENT_FLT, sizeof(f), &f); 1179 scan = SCAN_PAGE; 1180 } 1181 1182 if (scan && !scanning) { 1183 set_bit(SUSPEND_SCAN_ENABLE, hdev->suspend_tasks); 1184 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1185 } else if (!scan && scanning) { 1186 set_bit(SUSPEND_SCAN_DISABLE, hdev->suspend_tasks); 1187 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1188 } 1189 } 1190 1191 static void cancel_adv_timeout(struct hci_dev *hdev) 1192 { 1193 if (hdev->adv_instance_timeout) { 1194 hdev->adv_instance_timeout = 0; 1195 cancel_delayed_work(&hdev->adv_instance_expire); 1196 } 1197 } 1198 1199 /* This function requires the caller holds hdev->lock */ 1200 void __hci_req_pause_adv_instances(struct hci_request *req) 1201 { 1202 bt_dev_dbg(req->hdev, "Pausing advertising instances"); 1203 1204 /* Call to disable any advertisements active on the controller. 1205 * This will succeed even if no advertisements are configured. 1206 */ 1207 __hci_req_disable_advertising(req); 1208 1209 /* If we are using software rotation, pause the loop */ 1210 if (!ext_adv_capable(req->hdev)) 1211 cancel_adv_timeout(req->hdev); 1212 } 1213 1214 /* This function requires the caller holds hdev->lock */ 1215 static void __hci_req_resume_adv_instances(struct hci_request *req) 1216 { 1217 struct adv_info *adv; 1218 1219 bt_dev_dbg(req->hdev, "Resuming advertising instances"); 1220 1221 if (ext_adv_capable(req->hdev)) { 1222 /* Call for each tracked instance to be re-enabled */ 1223 list_for_each_entry(adv, &req->hdev->adv_instances, list) { 1224 __hci_req_enable_ext_advertising(req, 1225 adv->instance); 1226 } 1227 1228 } else { 1229 /* Schedule for most recent instance to be restarted and begin 1230 * the software rotation loop 1231 */ 1232 __hci_req_schedule_adv_instance(req, 1233 req->hdev->cur_adv_instance, 1234 true); 1235 } 1236 } 1237 1238 /* This function requires the caller holds hdev->lock */ 1239 int hci_req_resume_adv_instances(struct hci_dev *hdev) 1240 { 1241 struct hci_request req; 1242 1243 hci_req_init(&req, hdev); 1244 __hci_req_resume_adv_instances(&req); 1245 1246 return hci_req_run(&req, NULL); 1247 } 1248 1249 static void suspend_req_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1250 { 1251 bt_dev_dbg(hdev, "Request complete opcode=0x%x, status=0x%x", opcode, 1252 status); 1253 if (test_bit(SUSPEND_SCAN_ENABLE, hdev->suspend_tasks) || 1254 test_bit(SUSPEND_SCAN_DISABLE, hdev->suspend_tasks)) { 1255 clear_bit(SUSPEND_SCAN_ENABLE, hdev->suspend_tasks); 1256 clear_bit(SUSPEND_SCAN_DISABLE, hdev->suspend_tasks); 1257 wake_up(&hdev->suspend_wait_q); 1258 } 1259 1260 if (test_bit(SUSPEND_SET_ADV_FILTER, hdev->suspend_tasks)) { 1261 clear_bit(SUSPEND_SET_ADV_FILTER, hdev->suspend_tasks); 1262 wake_up(&hdev->suspend_wait_q); 1263 } 1264 } 1265 1266 static void hci_req_add_set_adv_filter_enable(struct hci_request *req, 1267 bool enable) 1268 { 1269 struct hci_dev *hdev = req->hdev; 1270 1271 switch (hci_get_adv_monitor_offload_ext(hdev)) { 1272 case HCI_ADV_MONITOR_EXT_MSFT: 1273 msft_req_add_set_filter_enable(req, enable); 1274 break; 1275 default: 1276 return; 1277 } 1278 1279 /* No need to block when enabling since it's on resume path */ 1280 if (hdev->suspended && !enable) 1281 set_bit(SUSPEND_SET_ADV_FILTER, hdev->suspend_tasks); 1282 } 1283 1284 /* Call with hci_dev_lock */ 1285 void hci_req_prepare_suspend(struct hci_dev *hdev, enum suspended_state next) 1286 { 1287 int old_state; 1288 struct hci_conn *conn; 1289 struct hci_request req; 1290 u8 page_scan; 1291 int disconnect_counter; 1292 1293 if (next == hdev->suspend_state) { 1294 bt_dev_dbg(hdev, "Same state before and after: %d", next); 1295 goto done; 1296 } 1297 1298 hdev->suspend_state = next; 1299 hci_req_init(&req, hdev); 1300 1301 if (next == BT_SUSPEND_DISCONNECT) { 1302 /* Mark device as suspended */ 1303 hdev->suspended = true; 1304 1305 /* Pause discovery if not already stopped */ 1306 old_state = hdev->discovery.state; 1307 if (old_state != DISCOVERY_STOPPED) { 1308 set_bit(SUSPEND_PAUSE_DISCOVERY, hdev->suspend_tasks); 1309 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 1310 queue_work(hdev->req_workqueue, &hdev->discov_update); 1311 } 1312 1313 hdev->discovery_paused = true; 1314 hdev->discovery_old_state = old_state; 1315 1316 /* Stop directed advertising */ 1317 old_state = hci_dev_test_flag(hdev, HCI_ADVERTISING); 1318 if (old_state) { 1319 set_bit(SUSPEND_PAUSE_ADVERTISING, hdev->suspend_tasks); 1320 cancel_delayed_work(&hdev->discov_off); 1321 queue_delayed_work(hdev->req_workqueue, 1322 &hdev->discov_off, 0); 1323 } 1324 1325 /* Pause other advertisements */ 1326 if (hdev->adv_instance_cnt) 1327 __hci_req_pause_adv_instances(&req); 1328 1329 hdev->advertising_paused = true; 1330 hdev->advertising_old_state = old_state; 1331 1332 /* Disable page scan if enabled */ 1333 if (test_bit(HCI_PSCAN, &hdev->flags)) { 1334 page_scan = SCAN_DISABLED; 1335 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, 1336 &page_scan); 1337 set_bit(SUSPEND_SCAN_DISABLE, hdev->suspend_tasks); 1338 } 1339 1340 /* Disable LE passive scan if enabled */ 1341 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) { 1342 cancel_interleave_scan(hdev); 1343 hci_req_add_le_scan_disable(&req, false); 1344 } 1345 1346 /* Disable advertisement filters */ 1347 hci_req_add_set_adv_filter_enable(&req, false); 1348 1349 /* Prevent disconnects from causing scanning to be re-enabled */ 1350 hdev->scanning_paused = true; 1351 1352 /* Run commands before disconnecting */ 1353 hci_req_run(&req, suspend_req_complete); 1354 1355 disconnect_counter = 0; 1356 /* Soft disconnect everything (power off) */ 1357 list_for_each_entry(conn, &hdev->conn_hash.list, list) { 1358 hci_disconnect(conn, HCI_ERROR_REMOTE_POWER_OFF); 1359 disconnect_counter++; 1360 } 1361 1362 if (disconnect_counter > 0) { 1363 bt_dev_dbg(hdev, 1364 "Had %d disconnects. Will wait on them", 1365 disconnect_counter); 1366 set_bit(SUSPEND_DISCONNECTING, hdev->suspend_tasks); 1367 } 1368 } else if (next == BT_SUSPEND_CONFIGURE_WAKE) { 1369 /* Unpause to take care of updating scanning params */ 1370 hdev->scanning_paused = false; 1371 /* Enable event filter for paired devices */ 1372 hci_req_set_event_filter(&req); 1373 /* Enable passive scan at lower duty cycle */ 1374 __hci_update_background_scan(&req); 1375 /* Pause scan changes again. */ 1376 hdev->scanning_paused = true; 1377 hci_req_run(&req, suspend_req_complete); 1378 } else { 1379 hdev->suspended = false; 1380 hdev->scanning_paused = false; 1381 1382 /* Clear any event filters and restore scan state */ 1383 hci_req_clear_event_filter(&req); 1384 __hci_req_update_scan(&req); 1385 1386 /* Reset passive/background scanning to normal */ 1387 __hci_update_background_scan(&req); 1388 /* Enable all of the advertisement filters */ 1389 hci_req_add_set_adv_filter_enable(&req, true); 1390 1391 /* Unpause directed advertising */ 1392 hdev->advertising_paused = false; 1393 if (hdev->advertising_old_state) { 1394 set_bit(SUSPEND_UNPAUSE_ADVERTISING, 1395 hdev->suspend_tasks); 1396 hci_dev_set_flag(hdev, HCI_ADVERTISING); 1397 queue_work(hdev->req_workqueue, 1398 &hdev->discoverable_update); 1399 hdev->advertising_old_state = 0; 1400 } 1401 1402 /* Resume other advertisements */ 1403 if (hdev->adv_instance_cnt) 1404 __hci_req_resume_adv_instances(&req); 1405 1406 /* Unpause discovery */ 1407 hdev->discovery_paused = false; 1408 if (hdev->discovery_old_state != DISCOVERY_STOPPED && 1409 hdev->discovery_old_state != DISCOVERY_STOPPING) { 1410 set_bit(SUSPEND_UNPAUSE_DISCOVERY, hdev->suspend_tasks); 1411 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 1412 queue_work(hdev->req_workqueue, &hdev->discov_update); 1413 } 1414 1415 hci_req_run(&req, suspend_req_complete); 1416 } 1417 1418 hdev->suspend_state = next; 1419 1420 done: 1421 clear_bit(SUSPEND_PREPARE_NOTIFIER, hdev->suspend_tasks); 1422 wake_up(&hdev->suspend_wait_q); 1423 } 1424 1425 static bool adv_cur_instance_is_scannable(struct hci_dev *hdev) 1426 { 1427 return adv_instance_is_scannable(hdev, hdev->cur_adv_instance); 1428 } 1429 1430 void __hci_req_disable_advertising(struct hci_request *req) 1431 { 1432 if (ext_adv_capable(req->hdev)) { 1433 __hci_req_disable_ext_adv_instance(req, 0x00); 1434 1435 } else { 1436 u8 enable = 0x00; 1437 1438 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable); 1439 } 1440 } 1441 1442 static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance) 1443 { 1444 u32 flags; 1445 struct adv_info *adv_instance; 1446 1447 if (instance == 0x00) { 1448 /* Instance 0 always manages the "Tx Power" and "Flags" 1449 * fields 1450 */ 1451 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS; 1452 1453 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting 1454 * corresponds to the "connectable" instance flag. 1455 */ 1456 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) 1457 flags |= MGMT_ADV_FLAG_CONNECTABLE; 1458 1459 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 1460 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV; 1461 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 1462 flags |= MGMT_ADV_FLAG_DISCOV; 1463 1464 return flags; 1465 } 1466 1467 adv_instance = hci_find_adv_instance(hdev, instance); 1468 1469 /* Return 0 when we got an invalid instance identifier. */ 1470 if (!adv_instance) 1471 return 0; 1472 1473 return adv_instance->flags; 1474 } 1475 1476 static bool adv_use_rpa(struct hci_dev *hdev, uint32_t flags) 1477 { 1478 /* If privacy is not enabled don't use RPA */ 1479 if (!hci_dev_test_flag(hdev, HCI_PRIVACY)) 1480 return false; 1481 1482 /* If basic privacy mode is enabled use RPA */ 1483 if (!hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) 1484 return true; 1485 1486 /* If limited privacy mode is enabled don't use RPA if we're 1487 * both discoverable and bondable. 1488 */ 1489 if ((flags & MGMT_ADV_FLAG_DISCOV) && 1490 hci_dev_test_flag(hdev, HCI_BONDABLE)) 1491 return false; 1492 1493 /* We're neither bondable nor discoverable in the limited 1494 * privacy mode, therefore use RPA. 1495 */ 1496 return true; 1497 } 1498 1499 static bool is_advertising_allowed(struct hci_dev *hdev, bool connectable) 1500 { 1501 /* If there is no connection we are OK to advertise. */ 1502 if (hci_conn_num(hdev, LE_LINK) == 0) 1503 return true; 1504 1505 /* Check le_states if there is any connection in slave role. */ 1506 if (hdev->conn_hash.le_num_slave > 0) { 1507 /* Slave connection state and non connectable mode bit 20. */ 1508 if (!connectable && !(hdev->le_states[2] & 0x10)) 1509 return false; 1510 1511 /* Slave connection state and connectable mode bit 38 1512 * and scannable bit 21. 1513 */ 1514 if (connectable && (!(hdev->le_states[4] & 0x40) || 1515 !(hdev->le_states[2] & 0x20))) 1516 return false; 1517 } 1518 1519 /* Check le_states if there is any connection in master role. */ 1520 if (hci_conn_num(hdev, LE_LINK) != hdev->conn_hash.le_num_slave) { 1521 /* Master connection state and non connectable mode bit 18. */ 1522 if (!connectable && !(hdev->le_states[2] & 0x02)) 1523 return false; 1524 1525 /* Master connection state and connectable mode bit 35 and 1526 * scannable 19. 1527 */ 1528 if (connectable && (!(hdev->le_states[4] & 0x08) || 1529 !(hdev->le_states[2] & 0x08))) 1530 return false; 1531 } 1532 1533 return true; 1534 } 1535 1536 void __hci_req_enable_advertising(struct hci_request *req) 1537 { 1538 struct hci_dev *hdev = req->hdev; 1539 struct adv_info *adv_instance; 1540 struct hci_cp_le_set_adv_param cp; 1541 u8 own_addr_type, enable = 0x01; 1542 bool connectable; 1543 u16 adv_min_interval, adv_max_interval; 1544 u32 flags; 1545 1546 flags = get_adv_instance_flags(hdev, hdev->cur_adv_instance); 1547 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance); 1548 1549 /* If the "connectable" instance flag was not set, then choose between 1550 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting. 1551 */ 1552 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) || 1553 mgmt_get_connectable(hdev); 1554 1555 if (!is_advertising_allowed(hdev, connectable)) 1556 return; 1557 1558 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 1559 __hci_req_disable_advertising(req); 1560 1561 /* Clear the HCI_LE_ADV bit temporarily so that the 1562 * hci_update_random_address knows that it's safe to go ahead 1563 * and write a new random address. The flag will be set back on 1564 * as soon as the SET_ADV_ENABLE HCI command completes. 1565 */ 1566 hci_dev_clear_flag(hdev, HCI_LE_ADV); 1567 1568 /* Set require_privacy to true only when non-connectable 1569 * advertising is used. In that case it is fine to use a 1570 * non-resolvable private address. 1571 */ 1572 if (hci_update_random_address(req, !connectable, 1573 adv_use_rpa(hdev, flags), 1574 &own_addr_type) < 0) 1575 return; 1576 1577 memset(&cp, 0, sizeof(cp)); 1578 1579 if (adv_instance) { 1580 adv_min_interval = adv_instance->min_interval; 1581 adv_max_interval = adv_instance->max_interval; 1582 } else { 1583 adv_min_interval = hdev->le_adv_min_interval; 1584 adv_max_interval = hdev->le_adv_max_interval; 1585 } 1586 1587 if (connectable) { 1588 cp.type = LE_ADV_IND; 1589 } else { 1590 if (adv_cur_instance_is_scannable(hdev)) 1591 cp.type = LE_ADV_SCAN_IND; 1592 else 1593 cp.type = LE_ADV_NONCONN_IND; 1594 1595 if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE) || 1596 hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) { 1597 adv_min_interval = DISCOV_LE_FAST_ADV_INT_MIN; 1598 adv_max_interval = DISCOV_LE_FAST_ADV_INT_MAX; 1599 } 1600 } 1601 1602 cp.min_interval = cpu_to_le16(adv_min_interval); 1603 cp.max_interval = cpu_to_le16(adv_max_interval); 1604 cp.own_address_type = own_addr_type; 1605 cp.channel_map = hdev->le_adv_channel_map; 1606 1607 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp); 1608 1609 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable); 1610 } 1611 1612 u8 append_local_name(struct hci_dev *hdev, u8 *ptr, u8 ad_len) 1613 { 1614 size_t short_len; 1615 size_t complete_len; 1616 1617 /* no space left for name (+ NULL + type + len) */ 1618 if ((HCI_MAX_AD_LENGTH - ad_len) < HCI_MAX_SHORT_NAME_LENGTH + 3) 1619 return ad_len; 1620 1621 /* use complete name if present and fits */ 1622 complete_len = strlen(hdev->dev_name); 1623 if (complete_len && complete_len <= HCI_MAX_SHORT_NAME_LENGTH) 1624 return eir_append_data(ptr, ad_len, EIR_NAME_COMPLETE, 1625 hdev->dev_name, complete_len + 1); 1626 1627 /* use short name if present */ 1628 short_len = strlen(hdev->short_name); 1629 if (short_len) 1630 return eir_append_data(ptr, ad_len, EIR_NAME_SHORT, 1631 hdev->short_name, short_len + 1); 1632 1633 /* use shortened full name if present, we already know that name 1634 * is longer then HCI_MAX_SHORT_NAME_LENGTH 1635 */ 1636 if (complete_len) { 1637 u8 name[HCI_MAX_SHORT_NAME_LENGTH + 1]; 1638 1639 memcpy(name, hdev->dev_name, HCI_MAX_SHORT_NAME_LENGTH); 1640 name[HCI_MAX_SHORT_NAME_LENGTH] = '\0'; 1641 1642 return eir_append_data(ptr, ad_len, EIR_NAME_SHORT, name, 1643 sizeof(name)); 1644 } 1645 1646 return ad_len; 1647 } 1648 1649 static u8 append_appearance(struct hci_dev *hdev, u8 *ptr, u8 ad_len) 1650 { 1651 return eir_append_le16(ptr, ad_len, EIR_APPEARANCE, hdev->appearance); 1652 } 1653 1654 static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr) 1655 { 1656 u8 scan_rsp_len = 0; 1657 1658 if (hdev->appearance) 1659 scan_rsp_len = append_appearance(hdev, ptr, scan_rsp_len); 1660 1661 return append_local_name(hdev, ptr, scan_rsp_len); 1662 } 1663 1664 static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance, 1665 u8 *ptr) 1666 { 1667 struct adv_info *adv_instance; 1668 u32 instance_flags; 1669 u8 scan_rsp_len = 0; 1670 1671 adv_instance = hci_find_adv_instance(hdev, instance); 1672 if (!adv_instance) 1673 return 0; 1674 1675 instance_flags = adv_instance->flags; 1676 1677 if ((instance_flags & MGMT_ADV_FLAG_APPEARANCE) && hdev->appearance) 1678 scan_rsp_len = append_appearance(hdev, ptr, scan_rsp_len); 1679 1680 memcpy(&ptr[scan_rsp_len], adv_instance->scan_rsp_data, 1681 adv_instance->scan_rsp_len); 1682 1683 scan_rsp_len += adv_instance->scan_rsp_len; 1684 1685 if (instance_flags & MGMT_ADV_FLAG_LOCAL_NAME) 1686 scan_rsp_len = append_local_name(hdev, ptr, scan_rsp_len); 1687 1688 return scan_rsp_len; 1689 } 1690 1691 void __hci_req_update_scan_rsp_data(struct hci_request *req, u8 instance) 1692 { 1693 struct hci_dev *hdev = req->hdev; 1694 u8 len; 1695 1696 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1697 return; 1698 1699 if (ext_adv_capable(hdev)) { 1700 struct hci_cp_le_set_ext_scan_rsp_data cp; 1701 1702 memset(&cp, 0, sizeof(cp)); 1703 1704 if (instance) 1705 len = create_instance_scan_rsp_data(hdev, instance, 1706 cp.data); 1707 else 1708 len = create_default_scan_rsp_data(hdev, cp.data); 1709 1710 if (hdev->scan_rsp_data_len == len && 1711 !memcmp(cp.data, hdev->scan_rsp_data, len)) 1712 return; 1713 1714 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data)); 1715 hdev->scan_rsp_data_len = len; 1716 1717 cp.handle = instance; 1718 cp.length = len; 1719 cp.operation = LE_SET_ADV_DATA_OP_COMPLETE; 1720 cp.frag_pref = LE_SET_ADV_DATA_NO_FRAG; 1721 1722 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_RSP_DATA, sizeof(cp), 1723 &cp); 1724 } else { 1725 struct hci_cp_le_set_scan_rsp_data cp; 1726 1727 memset(&cp, 0, sizeof(cp)); 1728 1729 if (instance) 1730 len = create_instance_scan_rsp_data(hdev, instance, 1731 cp.data); 1732 else 1733 len = create_default_scan_rsp_data(hdev, cp.data); 1734 1735 if (hdev->scan_rsp_data_len == len && 1736 !memcmp(cp.data, hdev->scan_rsp_data, len)) 1737 return; 1738 1739 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data)); 1740 hdev->scan_rsp_data_len = len; 1741 1742 cp.length = len; 1743 1744 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp); 1745 } 1746 } 1747 1748 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr) 1749 { 1750 struct adv_info *adv_instance = NULL; 1751 u8 ad_len = 0, flags = 0; 1752 u32 instance_flags; 1753 1754 /* Return 0 when the current instance identifier is invalid. */ 1755 if (instance) { 1756 adv_instance = hci_find_adv_instance(hdev, instance); 1757 if (!adv_instance) 1758 return 0; 1759 } 1760 1761 instance_flags = get_adv_instance_flags(hdev, instance); 1762 1763 /* If instance already has the flags set skip adding it once 1764 * again. 1765 */ 1766 if (adv_instance && eir_get_data(adv_instance->adv_data, 1767 adv_instance->adv_data_len, EIR_FLAGS, 1768 NULL)) 1769 goto skip_flags; 1770 1771 /* The Add Advertising command allows userspace to set both the general 1772 * and limited discoverable flags. 1773 */ 1774 if (instance_flags & MGMT_ADV_FLAG_DISCOV) 1775 flags |= LE_AD_GENERAL; 1776 1777 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV) 1778 flags |= LE_AD_LIMITED; 1779 1780 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1781 flags |= LE_AD_NO_BREDR; 1782 1783 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) { 1784 /* If a discovery flag wasn't provided, simply use the global 1785 * settings. 1786 */ 1787 if (!flags) 1788 flags |= mgmt_get_adv_discov_flags(hdev); 1789 1790 /* If flags would still be empty, then there is no need to 1791 * include the "Flags" AD field". 1792 */ 1793 if (flags) { 1794 ptr[0] = 0x02; 1795 ptr[1] = EIR_FLAGS; 1796 ptr[2] = flags; 1797 1798 ad_len += 3; 1799 ptr += 3; 1800 } 1801 } 1802 1803 skip_flags: 1804 if (adv_instance) { 1805 memcpy(ptr, adv_instance->adv_data, 1806 adv_instance->adv_data_len); 1807 ad_len += adv_instance->adv_data_len; 1808 ptr += adv_instance->adv_data_len; 1809 } 1810 1811 if (instance_flags & MGMT_ADV_FLAG_TX_POWER) { 1812 s8 adv_tx_power; 1813 1814 if (ext_adv_capable(hdev)) { 1815 if (adv_instance) 1816 adv_tx_power = adv_instance->tx_power; 1817 else 1818 adv_tx_power = hdev->adv_tx_power; 1819 } else { 1820 adv_tx_power = hdev->adv_tx_power; 1821 } 1822 1823 /* Provide Tx Power only if we can provide a valid value for it */ 1824 if (adv_tx_power != HCI_TX_POWER_INVALID) { 1825 ptr[0] = 0x02; 1826 ptr[1] = EIR_TX_POWER; 1827 ptr[2] = (u8)adv_tx_power; 1828 1829 ad_len += 3; 1830 ptr += 3; 1831 } 1832 } 1833 1834 return ad_len; 1835 } 1836 1837 void __hci_req_update_adv_data(struct hci_request *req, u8 instance) 1838 { 1839 struct hci_dev *hdev = req->hdev; 1840 u8 len; 1841 1842 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1843 return; 1844 1845 if (ext_adv_capable(hdev)) { 1846 struct hci_cp_le_set_ext_adv_data cp; 1847 1848 memset(&cp, 0, sizeof(cp)); 1849 1850 len = create_instance_adv_data(hdev, instance, cp.data); 1851 1852 /* There's nothing to do if the data hasn't changed */ 1853 if (hdev->adv_data_len == len && 1854 memcmp(cp.data, hdev->adv_data, len) == 0) 1855 return; 1856 1857 memcpy(hdev->adv_data, cp.data, sizeof(cp.data)); 1858 hdev->adv_data_len = len; 1859 1860 cp.length = len; 1861 cp.handle = instance; 1862 cp.operation = LE_SET_ADV_DATA_OP_COMPLETE; 1863 cp.frag_pref = LE_SET_ADV_DATA_NO_FRAG; 1864 1865 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_DATA, sizeof(cp), &cp); 1866 } else { 1867 struct hci_cp_le_set_adv_data cp; 1868 1869 memset(&cp, 0, sizeof(cp)); 1870 1871 len = create_instance_adv_data(hdev, instance, cp.data); 1872 1873 /* There's nothing to do if the data hasn't changed */ 1874 if (hdev->adv_data_len == len && 1875 memcmp(cp.data, hdev->adv_data, len) == 0) 1876 return; 1877 1878 memcpy(hdev->adv_data, cp.data, sizeof(cp.data)); 1879 hdev->adv_data_len = len; 1880 1881 cp.length = len; 1882 1883 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp); 1884 } 1885 } 1886 1887 int hci_req_update_adv_data(struct hci_dev *hdev, u8 instance) 1888 { 1889 struct hci_request req; 1890 1891 hci_req_init(&req, hdev); 1892 __hci_req_update_adv_data(&req, instance); 1893 1894 return hci_req_run(&req, NULL); 1895 } 1896 1897 static void enable_addr_resolution_complete(struct hci_dev *hdev, u8 status, 1898 u16 opcode) 1899 { 1900 BT_DBG("%s status %u", hdev->name, status); 1901 } 1902 1903 void hci_req_disable_address_resolution(struct hci_dev *hdev) 1904 { 1905 struct hci_request req; 1906 __u8 enable = 0x00; 1907 1908 if (!use_ll_privacy(hdev) && 1909 !hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION)) 1910 return; 1911 1912 hci_req_init(&req, hdev); 1913 1914 hci_req_add(&req, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE, 1, &enable); 1915 1916 hci_req_run(&req, enable_addr_resolution_complete); 1917 } 1918 1919 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1920 { 1921 bt_dev_dbg(hdev, "status %u", status); 1922 } 1923 1924 void hci_req_reenable_advertising(struct hci_dev *hdev) 1925 { 1926 struct hci_request req; 1927 1928 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) && 1929 list_empty(&hdev->adv_instances)) 1930 return; 1931 1932 hci_req_init(&req, hdev); 1933 1934 if (hdev->cur_adv_instance) { 1935 __hci_req_schedule_adv_instance(&req, hdev->cur_adv_instance, 1936 true); 1937 } else { 1938 if (ext_adv_capable(hdev)) { 1939 __hci_req_start_ext_adv(&req, 0x00); 1940 } else { 1941 __hci_req_update_adv_data(&req, 0x00); 1942 __hci_req_update_scan_rsp_data(&req, 0x00); 1943 __hci_req_enable_advertising(&req); 1944 } 1945 } 1946 1947 hci_req_run(&req, adv_enable_complete); 1948 } 1949 1950 static void adv_timeout_expire(struct work_struct *work) 1951 { 1952 struct hci_dev *hdev = container_of(work, struct hci_dev, 1953 adv_instance_expire.work); 1954 1955 struct hci_request req; 1956 u8 instance; 1957 1958 bt_dev_dbg(hdev, ""); 1959 1960 hci_dev_lock(hdev); 1961 1962 hdev->adv_instance_timeout = 0; 1963 1964 instance = hdev->cur_adv_instance; 1965 if (instance == 0x00) 1966 goto unlock; 1967 1968 hci_req_init(&req, hdev); 1969 1970 hci_req_clear_adv_instance(hdev, NULL, &req, instance, false); 1971 1972 if (list_empty(&hdev->adv_instances)) 1973 __hci_req_disable_advertising(&req); 1974 1975 hci_req_run(&req, NULL); 1976 1977 unlock: 1978 hci_dev_unlock(hdev); 1979 } 1980 1981 static int hci_req_add_le_interleaved_scan(struct hci_request *req, 1982 unsigned long opt) 1983 { 1984 struct hci_dev *hdev = req->hdev; 1985 int ret = 0; 1986 1987 hci_dev_lock(hdev); 1988 1989 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) 1990 hci_req_add_le_scan_disable(req, false); 1991 hci_req_add_le_passive_scan(req); 1992 1993 switch (hdev->interleave_scan_state) { 1994 case INTERLEAVE_SCAN_ALLOWLIST: 1995 bt_dev_dbg(hdev, "next state: allowlist"); 1996 hdev->interleave_scan_state = INTERLEAVE_SCAN_NO_FILTER; 1997 break; 1998 case INTERLEAVE_SCAN_NO_FILTER: 1999 bt_dev_dbg(hdev, "next state: no filter"); 2000 hdev->interleave_scan_state = INTERLEAVE_SCAN_ALLOWLIST; 2001 break; 2002 case INTERLEAVE_SCAN_NONE: 2003 BT_ERR("unexpected error"); 2004 ret = -1; 2005 } 2006 2007 hci_dev_unlock(hdev); 2008 2009 return ret; 2010 } 2011 2012 static void interleave_scan_work(struct work_struct *work) 2013 { 2014 struct hci_dev *hdev = container_of(work, struct hci_dev, 2015 interleave_scan.work); 2016 u8 status; 2017 unsigned long timeout; 2018 2019 if (hdev->interleave_scan_state == INTERLEAVE_SCAN_ALLOWLIST) { 2020 timeout = msecs_to_jiffies(hdev->advmon_allowlist_duration); 2021 } else if (hdev->interleave_scan_state == INTERLEAVE_SCAN_NO_FILTER) { 2022 timeout = msecs_to_jiffies(hdev->advmon_no_filter_duration); 2023 } else { 2024 bt_dev_err(hdev, "unexpected error"); 2025 return; 2026 } 2027 2028 hci_req_sync(hdev, hci_req_add_le_interleaved_scan, 0, 2029 HCI_CMD_TIMEOUT, &status); 2030 2031 /* Don't continue interleaving if it was canceled */ 2032 if (is_interleave_scanning(hdev)) 2033 queue_delayed_work(hdev->req_workqueue, 2034 &hdev->interleave_scan, timeout); 2035 } 2036 2037 int hci_get_random_address(struct hci_dev *hdev, bool require_privacy, 2038 bool use_rpa, struct adv_info *adv_instance, 2039 u8 *own_addr_type, bdaddr_t *rand_addr) 2040 { 2041 int err; 2042 2043 bacpy(rand_addr, BDADDR_ANY); 2044 2045 /* If privacy is enabled use a resolvable private address. If 2046 * current RPA has expired then generate a new one. 2047 */ 2048 if (use_rpa) { 2049 int to; 2050 2051 /* If Controller supports LL Privacy use own address type is 2052 * 0x03 2053 */ 2054 if (use_ll_privacy(hdev) && 2055 hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 2056 *own_addr_type = ADDR_LE_DEV_RANDOM_RESOLVED; 2057 else 2058 *own_addr_type = ADDR_LE_DEV_RANDOM; 2059 2060 if (adv_instance) { 2061 if (!adv_instance->rpa_expired && 2062 !bacmp(&adv_instance->random_addr, &hdev->rpa)) 2063 return 0; 2064 2065 adv_instance->rpa_expired = false; 2066 } else { 2067 if (!hci_dev_test_and_clear_flag(hdev, HCI_RPA_EXPIRED) && 2068 !bacmp(&hdev->random_addr, &hdev->rpa)) 2069 return 0; 2070 } 2071 2072 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa); 2073 if (err < 0) { 2074 bt_dev_err(hdev, "failed to generate new RPA"); 2075 return err; 2076 } 2077 2078 bacpy(rand_addr, &hdev->rpa); 2079 2080 to = msecs_to_jiffies(hdev->rpa_timeout * 1000); 2081 if (adv_instance) 2082 queue_delayed_work(hdev->workqueue, 2083 &adv_instance->rpa_expired_cb, to); 2084 else 2085 queue_delayed_work(hdev->workqueue, 2086 &hdev->rpa_expired, to); 2087 2088 return 0; 2089 } 2090 2091 /* In case of required privacy without resolvable private address, 2092 * use an non-resolvable private address. This is useful for 2093 * non-connectable advertising. 2094 */ 2095 if (require_privacy) { 2096 bdaddr_t nrpa; 2097 2098 while (true) { 2099 /* The non-resolvable private address is generated 2100 * from random six bytes with the two most significant 2101 * bits cleared. 2102 */ 2103 get_random_bytes(&nrpa, 6); 2104 nrpa.b[5] &= 0x3f; 2105 2106 /* The non-resolvable private address shall not be 2107 * equal to the public address. 2108 */ 2109 if (bacmp(&hdev->bdaddr, &nrpa)) 2110 break; 2111 } 2112 2113 *own_addr_type = ADDR_LE_DEV_RANDOM; 2114 bacpy(rand_addr, &nrpa); 2115 2116 return 0; 2117 } 2118 2119 /* No privacy so use a public address. */ 2120 *own_addr_type = ADDR_LE_DEV_PUBLIC; 2121 2122 return 0; 2123 } 2124 2125 void __hci_req_clear_ext_adv_sets(struct hci_request *req) 2126 { 2127 hci_req_add(req, HCI_OP_LE_CLEAR_ADV_SETS, 0, NULL); 2128 } 2129 2130 int __hci_req_setup_ext_adv_instance(struct hci_request *req, u8 instance) 2131 { 2132 struct hci_cp_le_set_ext_adv_params cp; 2133 struct hci_dev *hdev = req->hdev; 2134 bool connectable; 2135 u32 flags; 2136 bdaddr_t random_addr; 2137 u8 own_addr_type; 2138 int err; 2139 struct adv_info *adv_instance; 2140 bool secondary_adv; 2141 2142 if (instance > 0) { 2143 adv_instance = hci_find_adv_instance(hdev, instance); 2144 if (!adv_instance) 2145 return -EINVAL; 2146 } else { 2147 adv_instance = NULL; 2148 } 2149 2150 flags = get_adv_instance_flags(hdev, instance); 2151 2152 /* If the "connectable" instance flag was not set, then choose between 2153 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting. 2154 */ 2155 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) || 2156 mgmt_get_connectable(hdev); 2157 2158 if (!is_advertising_allowed(hdev, connectable)) 2159 return -EPERM; 2160 2161 /* Set require_privacy to true only when non-connectable 2162 * advertising is used. In that case it is fine to use a 2163 * non-resolvable private address. 2164 */ 2165 err = hci_get_random_address(hdev, !connectable, 2166 adv_use_rpa(hdev, flags), adv_instance, 2167 &own_addr_type, &random_addr); 2168 if (err < 0) 2169 return err; 2170 2171 memset(&cp, 0, sizeof(cp)); 2172 2173 if (adv_instance) { 2174 hci_cpu_to_le24(adv_instance->min_interval, cp.min_interval); 2175 hci_cpu_to_le24(adv_instance->max_interval, cp.max_interval); 2176 cp.tx_power = adv_instance->tx_power; 2177 } else { 2178 hci_cpu_to_le24(hdev->le_adv_min_interval, cp.min_interval); 2179 hci_cpu_to_le24(hdev->le_adv_max_interval, cp.max_interval); 2180 cp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE; 2181 } 2182 2183 secondary_adv = (flags & MGMT_ADV_FLAG_SEC_MASK); 2184 2185 if (connectable) { 2186 if (secondary_adv) 2187 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_CONN_IND); 2188 else 2189 cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_IND); 2190 } else if (adv_instance_is_scannable(hdev, instance) || 2191 (flags & MGMT_ADV_PARAM_SCAN_RSP)) { 2192 if (secondary_adv) 2193 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_SCAN_IND); 2194 else 2195 cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_SCAN_IND); 2196 } else { 2197 if (secondary_adv) 2198 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_NON_CONN_IND); 2199 else 2200 cp.evt_properties = cpu_to_le16(LE_LEGACY_NONCONN_IND); 2201 } 2202 2203 cp.own_addr_type = own_addr_type; 2204 cp.channel_map = hdev->le_adv_channel_map; 2205 cp.handle = instance; 2206 2207 if (flags & MGMT_ADV_FLAG_SEC_2M) { 2208 cp.primary_phy = HCI_ADV_PHY_1M; 2209 cp.secondary_phy = HCI_ADV_PHY_2M; 2210 } else if (flags & MGMT_ADV_FLAG_SEC_CODED) { 2211 cp.primary_phy = HCI_ADV_PHY_CODED; 2212 cp.secondary_phy = HCI_ADV_PHY_CODED; 2213 } else { 2214 /* In all other cases use 1M */ 2215 cp.primary_phy = HCI_ADV_PHY_1M; 2216 cp.secondary_phy = HCI_ADV_PHY_1M; 2217 } 2218 2219 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_PARAMS, sizeof(cp), &cp); 2220 2221 if (own_addr_type == ADDR_LE_DEV_RANDOM && 2222 bacmp(&random_addr, BDADDR_ANY)) { 2223 struct hci_cp_le_set_adv_set_rand_addr cp; 2224 2225 /* Check if random address need to be updated */ 2226 if (adv_instance) { 2227 if (!bacmp(&random_addr, &adv_instance->random_addr)) 2228 return 0; 2229 } else { 2230 if (!bacmp(&random_addr, &hdev->random_addr)) 2231 return 0; 2232 } 2233 2234 memset(&cp, 0, sizeof(cp)); 2235 2236 cp.handle = instance; 2237 bacpy(&cp.bdaddr, &random_addr); 2238 2239 hci_req_add(req, 2240 HCI_OP_LE_SET_ADV_SET_RAND_ADDR, 2241 sizeof(cp), &cp); 2242 } 2243 2244 return 0; 2245 } 2246 2247 int __hci_req_enable_ext_advertising(struct hci_request *req, u8 instance) 2248 { 2249 struct hci_dev *hdev = req->hdev; 2250 struct hci_cp_le_set_ext_adv_enable *cp; 2251 struct hci_cp_ext_adv_set *adv_set; 2252 u8 data[sizeof(*cp) + sizeof(*adv_set) * 1]; 2253 struct adv_info *adv_instance; 2254 2255 if (instance > 0) { 2256 adv_instance = hci_find_adv_instance(hdev, instance); 2257 if (!adv_instance) 2258 return -EINVAL; 2259 } else { 2260 adv_instance = NULL; 2261 } 2262 2263 cp = (void *) data; 2264 adv_set = (void *) cp->data; 2265 2266 memset(cp, 0, sizeof(*cp)); 2267 2268 cp->enable = 0x01; 2269 cp->num_of_sets = 0x01; 2270 2271 memset(adv_set, 0, sizeof(*adv_set)); 2272 2273 adv_set->handle = instance; 2274 2275 /* Set duration per instance since controller is responsible for 2276 * scheduling it. 2277 */ 2278 if (adv_instance && adv_instance->duration) { 2279 u16 duration = adv_instance->timeout * MSEC_PER_SEC; 2280 2281 /* Time = N * 10 ms */ 2282 adv_set->duration = cpu_to_le16(duration / 10); 2283 } 2284 2285 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_ENABLE, 2286 sizeof(*cp) + sizeof(*adv_set) * cp->num_of_sets, 2287 data); 2288 2289 return 0; 2290 } 2291 2292 int __hci_req_disable_ext_adv_instance(struct hci_request *req, u8 instance) 2293 { 2294 struct hci_dev *hdev = req->hdev; 2295 struct hci_cp_le_set_ext_adv_enable *cp; 2296 struct hci_cp_ext_adv_set *adv_set; 2297 u8 data[sizeof(*cp) + sizeof(*adv_set) * 1]; 2298 u8 req_size; 2299 2300 /* If request specifies an instance that doesn't exist, fail */ 2301 if (instance > 0 && !hci_find_adv_instance(hdev, instance)) 2302 return -EINVAL; 2303 2304 memset(data, 0, sizeof(data)); 2305 2306 cp = (void *)data; 2307 adv_set = (void *)cp->data; 2308 2309 /* Instance 0x00 indicates all advertising instances will be disabled */ 2310 cp->num_of_sets = !!instance; 2311 cp->enable = 0x00; 2312 2313 adv_set->handle = instance; 2314 2315 req_size = sizeof(*cp) + sizeof(*adv_set) * cp->num_of_sets; 2316 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_ENABLE, req_size, data); 2317 2318 return 0; 2319 } 2320 2321 int __hci_req_remove_ext_adv_instance(struct hci_request *req, u8 instance) 2322 { 2323 struct hci_dev *hdev = req->hdev; 2324 2325 /* If request specifies an instance that doesn't exist, fail */ 2326 if (instance > 0 && !hci_find_adv_instance(hdev, instance)) 2327 return -EINVAL; 2328 2329 hci_req_add(req, HCI_OP_LE_REMOVE_ADV_SET, sizeof(instance), &instance); 2330 2331 return 0; 2332 } 2333 2334 int __hci_req_start_ext_adv(struct hci_request *req, u8 instance) 2335 { 2336 struct hci_dev *hdev = req->hdev; 2337 struct adv_info *adv_instance = hci_find_adv_instance(hdev, instance); 2338 int err; 2339 2340 /* If instance isn't pending, the chip knows about it, and it's safe to 2341 * disable 2342 */ 2343 if (adv_instance && !adv_instance->pending) 2344 __hci_req_disable_ext_adv_instance(req, instance); 2345 2346 err = __hci_req_setup_ext_adv_instance(req, instance); 2347 if (err < 0) 2348 return err; 2349 2350 __hci_req_update_scan_rsp_data(req, instance); 2351 __hci_req_enable_ext_advertising(req, instance); 2352 2353 return 0; 2354 } 2355 2356 int __hci_req_schedule_adv_instance(struct hci_request *req, u8 instance, 2357 bool force) 2358 { 2359 struct hci_dev *hdev = req->hdev; 2360 struct adv_info *adv_instance = NULL; 2361 u16 timeout; 2362 2363 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 2364 list_empty(&hdev->adv_instances)) 2365 return -EPERM; 2366 2367 if (hdev->adv_instance_timeout) 2368 return -EBUSY; 2369 2370 adv_instance = hci_find_adv_instance(hdev, instance); 2371 if (!adv_instance) 2372 return -ENOENT; 2373 2374 /* A zero timeout means unlimited advertising. As long as there is 2375 * only one instance, duration should be ignored. We still set a timeout 2376 * in case further instances are being added later on. 2377 * 2378 * If the remaining lifetime of the instance is more than the duration 2379 * then the timeout corresponds to the duration, otherwise it will be 2380 * reduced to the remaining instance lifetime. 2381 */ 2382 if (adv_instance->timeout == 0 || 2383 adv_instance->duration <= adv_instance->remaining_time) 2384 timeout = adv_instance->duration; 2385 else 2386 timeout = adv_instance->remaining_time; 2387 2388 /* The remaining time is being reduced unless the instance is being 2389 * advertised without time limit. 2390 */ 2391 if (adv_instance->timeout) 2392 adv_instance->remaining_time = 2393 adv_instance->remaining_time - timeout; 2394 2395 /* Only use work for scheduling instances with legacy advertising */ 2396 if (!ext_adv_capable(hdev)) { 2397 hdev->adv_instance_timeout = timeout; 2398 queue_delayed_work(hdev->req_workqueue, 2399 &hdev->adv_instance_expire, 2400 msecs_to_jiffies(timeout * 1000)); 2401 } 2402 2403 /* If we're just re-scheduling the same instance again then do not 2404 * execute any HCI commands. This happens when a single instance is 2405 * being advertised. 2406 */ 2407 if (!force && hdev->cur_adv_instance == instance && 2408 hci_dev_test_flag(hdev, HCI_LE_ADV)) 2409 return 0; 2410 2411 hdev->cur_adv_instance = instance; 2412 if (ext_adv_capable(hdev)) { 2413 __hci_req_start_ext_adv(req, instance); 2414 } else { 2415 __hci_req_update_adv_data(req, instance); 2416 __hci_req_update_scan_rsp_data(req, instance); 2417 __hci_req_enable_advertising(req); 2418 } 2419 2420 return 0; 2421 } 2422 2423 /* For a single instance: 2424 * - force == true: The instance will be removed even when its remaining 2425 * lifetime is not zero. 2426 * - force == false: the instance will be deactivated but kept stored unless 2427 * the remaining lifetime is zero. 2428 * 2429 * For instance == 0x00: 2430 * - force == true: All instances will be removed regardless of their timeout 2431 * setting. 2432 * - force == false: Only instances that have a timeout will be removed. 2433 */ 2434 void hci_req_clear_adv_instance(struct hci_dev *hdev, struct sock *sk, 2435 struct hci_request *req, u8 instance, 2436 bool force) 2437 { 2438 struct adv_info *adv_instance, *n, *next_instance = NULL; 2439 int err; 2440 u8 rem_inst; 2441 2442 /* Cancel any timeout concerning the removed instance(s). */ 2443 if (!instance || hdev->cur_adv_instance == instance) 2444 cancel_adv_timeout(hdev); 2445 2446 /* Get the next instance to advertise BEFORE we remove 2447 * the current one. This can be the same instance again 2448 * if there is only one instance. 2449 */ 2450 if (instance && hdev->cur_adv_instance == instance) 2451 next_instance = hci_get_next_instance(hdev, instance); 2452 2453 if (instance == 0x00) { 2454 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, 2455 list) { 2456 if (!(force || adv_instance->timeout)) 2457 continue; 2458 2459 rem_inst = adv_instance->instance; 2460 err = hci_remove_adv_instance(hdev, rem_inst); 2461 if (!err) 2462 mgmt_advertising_removed(sk, hdev, rem_inst); 2463 } 2464 } else { 2465 adv_instance = hci_find_adv_instance(hdev, instance); 2466 2467 if (force || (adv_instance && adv_instance->timeout && 2468 !adv_instance->remaining_time)) { 2469 /* Don't advertise a removed instance. */ 2470 if (next_instance && 2471 next_instance->instance == instance) 2472 next_instance = NULL; 2473 2474 err = hci_remove_adv_instance(hdev, instance); 2475 if (!err) 2476 mgmt_advertising_removed(sk, hdev, instance); 2477 } 2478 } 2479 2480 if (!req || !hdev_is_powered(hdev) || 2481 hci_dev_test_flag(hdev, HCI_ADVERTISING)) 2482 return; 2483 2484 if (next_instance && !ext_adv_capable(hdev)) 2485 __hci_req_schedule_adv_instance(req, next_instance->instance, 2486 false); 2487 } 2488 2489 static void set_random_addr(struct hci_request *req, bdaddr_t *rpa) 2490 { 2491 struct hci_dev *hdev = req->hdev; 2492 2493 /* If we're advertising or initiating an LE connection we can't 2494 * go ahead and change the random address at this time. This is 2495 * because the eventual initiator address used for the 2496 * subsequently created connection will be undefined (some 2497 * controllers use the new address and others the one we had 2498 * when the operation started). 2499 * 2500 * In this kind of scenario skip the update and let the random 2501 * address be updated at the next cycle. 2502 */ 2503 if (hci_dev_test_flag(hdev, HCI_LE_ADV) || 2504 hci_lookup_le_connect(hdev)) { 2505 bt_dev_dbg(hdev, "Deferring random address update"); 2506 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 2507 return; 2508 } 2509 2510 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa); 2511 } 2512 2513 int hci_update_random_address(struct hci_request *req, bool require_privacy, 2514 bool use_rpa, u8 *own_addr_type) 2515 { 2516 struct hci_dev *hdev = req->hdev; 2517 int err; 2518 2519 /* If privacy is enabled use a resolvable private address. If 2520 * current RPA has expired or there is something else than 2521 * the current RPA in use, then generate a new one. 2522 */ 2523 if (use_rpa) { 2524 int to; 2525 2526 /* If Controller supports LL Privacy use own address type is 2527 * 0x03 2528 */ 2529 if (use_ll_privacy(hdev) && 2530 hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 2531 *own_addr_type = ADDR_LE_DEV_RANDOM_RESOLVED; 2532 else 2533 *own_addr_type = ADDR_LE_DEV_RANDOM; 2534 2535 if (!hci_dev_test_and_clear_flag(hdev, HCI_RPA_EXPIRED) && 2536 !bacmp(&hdev->random_addr, &hdev->rpa)) 2537 return 0; 2538 2539 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa); 2540 if (err < 0) { 2541 bt_dev_err(hdev, "failed to generate new RPA"); 2542 return err; 2543 } 2544 2545 set_random_addr(req, &hdev->rpa); 2546 2547 to = msecs_to_jiffies(hdev->rpa_timeout * 1000); 2548 queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to); 2549 2550 return 0; 2551 } 2552 2553 /* In case of required privacy without resolvable private address, 2554 * use an non-resolvable private address. This is useful for active 2555 * scanning and non-connectable advertising. 2556 */ 2557 if (require_privacy) { 2558 bdaddr_t nrpa; 2559 2560 while (true) { 2561 /* The non-resolvable private address is generated 2562 * from random six bytes with the two most significant 2563 * bits cleared. 2564 */ 2565 get_random_bytes(&nrpa, 6); 2566 nrpa.b[5] &= 0x3f; 2567 2568 /* The non-resolvable private address shall not be 2569 * equal to the public address. 2570 */ 2571 if (bacmp(&hdev->bdaddr, &nrpa)) 2572 break; 2573 } 2574 2575 *own_addr_type = ADDR_LE_DEV_RANDOM; 2576 set_random_addr(req, &nrpa); 2577 return 0; 2578 } 2579 2580 /* If forcing static address is in use or there is no public 2581 * address use the static address as random address (but skip 2582 * the HCI command if the current random address is already the 2583 * static one. 2584 * 2585 * In case BR/EDR has been disabled on a dual-mode controller 2586 * and a static address has been configured, then use that 2587 * address instead of the public BR/EDR address. 2588 */ 2589 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 2590 !bacmp(&hdev->bdaddr, BDADDR_ANY) || 2591 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 2592 bacmp(&hdev->static_addr, BDADDR_ANY))) { 2593 *own_addr_type = ADDR_LE_DEV_RANDOM; 2594 if (bacmp(&hdev->static_addr, &hdev->random_addr)) 2595 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, 2596 &hdev->static_addr); 2597 return 0; 2598 } 2599 2600 /* Neither privacy nor static address is being used so use a 2601 * public address. 2602 */ 2603 *own_addr_type = ADDR_LE_DEV_PUBLIC; 2604 2605 return 0; 2606 } 2607 2608 static bool disconnected_whitelist_entries(struct hci_dev *hdev) 2609 { 2610 struct bdaddr_list *b; 2611 2612 list_for_each_entry(b, &hdev->whitelist, list) { 2613 struct hci_conn *conn; 2614 2615 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr); 2616 if (!conn) 2617 return true; 2618 2619 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG) 2620 return true; 2621 } 2622 2623 return false; 2624 } 2625 2626 void __hci_req_update_scan(struct hci_request *req) 2627 { 2628 struct hci_dev *hdev = req->hdev; 2629 u8 scan; 2630 2631 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 2632 return; 2633 2634 if (!hdev_is_powered(hdev)) 2635 return; 2636 2637 if (mgmt_powering_down(hdev)) 2638 return; 2639 2640 if (hdev->scanning_paused) 2641 return; 2642 2643 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE) || 2644 disconnected_whitelist_entries(hdev)) 2645 scan = SCAN_PAGE; 2646 else 2647 scan = SCAN_DISABLED; 2648 2649 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 2650 scan |= SCAN_INQUIRY; 2651 2652 if (test_bit(HCI_PSCAN, &hdev->flags) == !!(scan & SCAN_PAGE) && 2653 test_bit(HCI_ISCAN, &hdev->flags) == !!(scan & SCAN_INQUIRY)) 2654 return; 2655 2656 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 2657 } 2658 2659 static int update_scan(struct hci_request *req, unsigned long opt) 2660 { 2661 hci_dev_lock(req->hdev); 2662 __hci_req_update_scan(req); 2663 hci_dev_unlock(req->hdev); 2664 return 0; 2665 } 2666 2667 static void scan_update_work(struct work_struct *work) 2668 { 2669 struct hci_dev *hdev = container_of(work, struct hci_dev, scan_update); 2670 2671 hci_req_sync(hdev, update_scan, 0, HCI_CMD_TIMEOUT, NULL); 2672 } 2673 2674 static int connectable_update(struct hci_request *req, unsigned long opt) 2675 { 2676 struct hci_dev *hdev = req->hdev; 2677 2678 hci_dev_lock(hdev); 2679 2680 __hci_req_update_scan(req); 2681 2682 /* If BR/EDR is not enabled and we disable advertising as a 2683 * by-product of disabling connectable, we need to update the 2684 * advertising flags. 2685 */ 2686 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 2687 __hci_req_update_adv_data(req, hdev->cur_adv_instance); 2688 2689 /* Update the advertising parameters if necessary */ 2690 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 2691 !list_empty(&hdev->adv_instances)) { 2692 if (ext_adv_capable(hdev)) 2693 __hci_req_start_ext_adv(req, hdev->cur_adv_instance); 2694 else 2695 __hci_req_enable_advertising(req); 2696 } 2697 2698 __hci_update_background_scan(req); 2699 2700 hci_dev_unlock(hdev); 2701 2702 return 0; 2703 } 2704 2705 static void connectable_update_work(struct work_struct *work) 2706 { 2707 struct hci_dev *hdev = container_of(work, struct hci_dev, 2708 connectable_update); 2709 u8 status; 2710 2711 hci_req_sync(hdev, connectable_update, 0, HCI_CMD_TIMEOUT, &status); 2712 mgmt_set_connectable_complete(hdev, status); 2713 } 2714 2715 static u8 get_service_classes(struct hci_dev *hdev) 2716 { 2717 struct bt_uuid *uuid; 2718 u8 val = 0; 2719 2720 list_for_each_entry(uuid, &hdev->uuids, list) 2721 val |= uuid->svc_hint; 2722 2723 return val; 2724 } 2725 2726 void __hci_req_update_class(struct hci_request *req) 2727 { 2728 struct hci_dev *hdev = req->hdev; 2729 u8 cod[3]; 2730 2731 bt_dev_dbg(hdev, ""); 2732 2733 if (!hdev_is_powered(hdev)) 2734 return; 2735 2736 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 2737 return; 2738 2739 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE)) 2740 return; 2741 2742 cod[0] = hdev->minor_class; 2743 cod[1] = hdev->major_class; 2744 cod[2] = get_service_classes(hdev); 2745 2746 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 2747 cod[1] |= 0x20; 2748 2749 if (memcmp(cod, hdev->dev_class, 3) == 0) 2750 return; 2751 2752 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); 2753 } 2754 2755 static void write_iac(struct hci_request *req) 2756 { 2757 struct hci_dev *hdev = req->hdev; 2758 struct hci_cp_write_current_iac_lap cp; 2759 2760 if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 2761 return; 2762 2763 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) { 2764 /* Limited discoverable mode */ 2765 cp.num_iac = min_t(u8, hdev->num_iac, 2); 2766 cp.iac_lap[0] = 0x00; /* LIAC */ 2767 cp.iac_lap[1] = 0x8b; 2768 cp.iac_lap[2] = 0x9e; 2769 cp.iac_lap[3] = 0x33; /* GIAC */ 2770 cp.iac_lap[4] = 0x8b; 2771 cp.iac_lap[5] = 0x9e; 2772 } else { 2773 /* General discoverable mode */ 2774 cp.num_iac = 1; 2775 cp.iac_lap[0] = 0x33; /* GIAC */ 2776 cp.iac_lap[1] = 0x8b; 2777 cp.iac_lap[2] = 0x9e; 2778 } 2779 2780 hci_req_add(req, HCI_OP_WRITE_CURRENT_IAC_LAP, 2781 (cp.num_iac * 3) + 1, &cp); 2782 } 2783 2784 static int discoverable_update(struct hci_request *req, unsigned long opt) 2785 { 2786 struct hci_dev *hdev = req->hdev; 2787 2788 hci_dev_lock(hdev); 2789 2790 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 2791 write_iac(req); 2792 __hci_req_update_scan(req); 2793 __hci_req_update_class(req); 2794 } 2795 2796 /* Advertising instances don't use the global discoverable setting, so 2797 * only update AD if advertising was enabled using Set Advertising. 2798 */ 2799 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 2800 __hci_req_update_adv_data(req, 0x00); 2801 2802 /* Discoverable mode affects the local advertising 2803 * address in limited privacy mode. 2804 */ 2805 if (hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) { 2806 if (ext_adv_capable(hdev)) 2807 __hci_req_start_ext_adv(req, 0x00); 2808 else 2809 __hci_req_enable_advertising(req); 2810 } 2811 } 2812 2813 hci_dev_unlock(hdev); 2814 2815 return 0; 2816 } 2817 2818 static void discoverable_update_work(struct work_struct *work) 2819 { 2820 struct hci_dev *hdev = container_of(work, struct hci_dev, 2821 discoverable_update); 2822 u8 status; 2823 2824 hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, &status); 2825 mgmt_set_discoverable_complete(hdev, status); 2826 } 2827 2828 void __hci_abort_conn(struct hci_request *req, struct hci_conn *conn, 2829 u8 reason) 2830 { 2831 switch (conn->state) { 2832 case BT_CONNECTED: 2833 case BT_CONFIG: 2834 if (conn->type == AMP_LINK) { 2835 struct hci_cp_disconn_phy_link cp; 2836 2837 cp.phy_handle = HCI_PHY_HANDLE(conn->handle); 2838 cp.reason = reason; 2839 hci_req_add(req, HCI_OP_DISCONN_PHY_LINK, sizeof(cp), 2840 &cp); 2841 } else { 2842 struct hci_cp_disconnect dc; 2843 2844 dc.handle = cpu_to_le16(conn->handle); 2845 dc.reason = reason; 2846 hci_req_add(req, HCI_OP_DISCONNECT, sizeof(dc), &dc); 2847 } 2848 2849 conn->state = BT_DISCONN; 2850 2851 break; 2852 case BT_CONNECT: 2853 if (conn->type == LE_LINK) { 2854 if (test_bit(HCI_CONN_SCANNING, &conn->flags)) 2855 break; 2856 hci_req_add(req, HCI_OP_LE_CREATE_CONN_CANCEL, 2857 0, NULL); 2858 } else if (conn->type == ACL_LINK) { 2859 if (req->hdev->hci_ver < BLUETOOTH_VER_1_2) 2860 break; 2861 hci_req_add(req, HCI_OP_CREATE_CONN_CANCEL, 2862 6, &conn->dst); 2863 } 2864 break; 2865 case BT_CONNECT2: 2866 if (conn->type == ACL_LINK) { 2867 struct hci_cp_reject_conn_req rej; 2868 2869 bacpy(&rej.bdaddr, &conn->dst); 2870 rej.reason = reason; 2871 2872 hci_req_add(req, HCI_OP_REJECT_CONN_REQ, 2873 sizeof(rej), &rej); 2874 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) { 2875 struct hci_cp_reject_sync_conn_req rej; 2876 2877 bacpy(&rej.bdaddr, &conn->dst); 2878 2879 /* SCO rejection has its own limited set of 2880 * allowed error values (0x0D-0x0F) which isn't 2881 * compatible with most values passed to this 2882 * function. To be safe hard-code one of the 2883 * values that's suitable for SCO. 2884 */ 2885 rej.reason = HCI_ERROR_REJ_LIMITED_RESOURCES; 2886 2887 hci_req_add(req, HCI_OP_REJECT_SYNC_CONN_REQ, 2888 sizeof(rej), &rej); 2889 } 2890 break; 2891 default: 2892 conn->state = BT_CLOSED; 2893 break; 2894 } 2895 } 2896 2897 static void abort_conn_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2898 { 2899 if (status) 2900 bt_dev_dbg(hdev, "Failed to abort connection: status 0x%2.2x", status); 2901 } 2902 2903 int hci_abort_conn(struct hci_conn *conn, u8 reason) 2904 { 2905 struct hci_request req; 2906 int err; 2907 2908 hci_req_init(&req, conn->hdev); 2909 2910 __hci_abort_conn(&req, conn, reason); 2911 2912 err = hci_req_run(&req, abort_conn_complete); 2913 if (err && err != -ENODATA) { 2914 bt_dev_err(conn->hdev, "failed to run HCI request: err %d", err); 2915 return err; 2916 } 2917 2918 return 0; 2919 } 2920 2921 static int update_bg_scan(struct hci_request *req, unsigned long opt) 2922 { 2923 hci_dev_lock(req->hdev); 2924 __hci_update_background_scan(req); 2925 hci_dev_unlock(req->hdev); 2926 return 0; 2927 } 2928 2929 static void bg_scan_update(struct work_struct *work) 2930 { 2931 struct hci_dev *hdev = container_of(work, struct hci_dev, 2932 bg_scan_update); 2933 struct hci_conn *conn; 2934 u8 status; 2935 int err; 2936 2937 err = hci_req_sync(hdev, update_bg_scan, 0, HCI_CMD_TIMEOUT, &status); 2938 if (!err) 2939 return; 2940 2941 hci_dev_lock(hdev); 2942 2943 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT); 2944 if (conn) 2945 hci_le_conn_failed(conn, status); 2946 2947 hci_dev_unlock(hdev); 2948 } 2949 2950 static int le_scan_disable(struct hci_request *req, unsigned long opt) 2951 { 2952 hci_req_add_le_scan_disable(req, false); 2953 return 0; 2954 } 2955 2956 static int bredr_inquiry(struct hci_request *req, unsigned long opt) 2957 { 2958 u8 length = opt; 2959 const u8 giac[3] = { 0x33, 0x8b, 0x9e }; 2960 const u8 liac[3] = { 0x00, 0x8b, 0x9e }; 2961 struct hci_cp_inquiry cp; 2962 2963 if (test_bit(HCI_INQUIRY, &req->hdev->flags)) 2964 return 0; 2965 2966 bt_dev_dbg(req->hdev, ""); 2967 2968 hci_dev_lock(req->hdev); 2969 hci_inquiry_cache_flush(req->hdev); 2970 hci_dev_unlock(req->hdev); 2971 2972 memset(&cp, 0, sizeof(cp)); 2973 2974 if (req->hdev->discovery.limited) 2975 memcpy(&cp.lap, liac, sizeof(cp.lap)); 2976 else 2977 memcpy(&cp.lap, giac, sizeof(cp.lap)); 2978 2979 cp.length = length; 2980 2981 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp); 2982 2983 return 0; 2984 } 2985 2986 static void le_scan_disable_work(struct work_struct *work) 2987 { 2988 struct hci_dev *hdev = container_of(work, struct hci_dev, 2989 le_scan_disable.work); 2990 u8 status; 2991 2992 bt_dev_dbg(hdev, ""); 2993 2994 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 2995 return; 2996 2997 cancel_delayed_work(&hdev->le_scan_restart); 2998 2999 hci_req_sync(hdev, le_scan_disable, 0, HCI_CMD_TIMEOUT, &status); 3000 if (status) { 3001 bt_dev_err(hdev, "failed to disable LE scan: status 0x%02x", 3002 status); 3003 return; 3004 } 3005 3006 hdev->discovery.scan_start = 0; 3007 3008 /* If we were running LE only scan, change discovery state. If 3009 * we were running both LE and BR/EDR inquiry simultaneously, 3010 * and BR/EDR inquiry is already finished, stop discovery, 3011 * otherwise BR/EDR inquiry will stop discovery when finished. 3012 * If we will resolve remote device name, do not change 3013 * discovery state. 3014 */ 3015 3016 if (hdev->discovery.type == DISCOV_TYPE_LE) 3017 goto discov_stopped; 3018 3019 if (hdev->discovery.type != DISCOV_TYPE_INTERLEAVED) 3020 return; 3021 3022 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks)) { 3023 if (!test_bit(HCI_INQUIRY, &hdev->flags) && 3024 hdev->discovery.state != DISCOVERY_RESOLVING) 3025 goto discov_stopped; 3026 3027 return; 3028 } 3029 3030 hci_req_sync(hdev, bredr_inquiry, DISCOV_INTERLEAVED_INQUIRY_LEN, 3031 HCI_CMD_TIMEOUT, &status); 3032 if (status) { 3033 bt_dev_err(hdev, "inquiry failed: status 0x%02x", status); 3034 goto discov_stopped; 3035 } 3036 3037 return; 3038 3039 discov_stopped: 3040 hci_dev_lock(hdev); 3041 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 3042 hci_dev_unlock(hdev); 3043 } 3044 3045 static int le_scan_restart(struct hci_request *req, unsigned long opt) 3046 { 3047 struct hci_dev *hdev = req->hdev; 3048 3049 /* If controller is not scanning we are done. */ 3050 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 3051 return 0; 3052 3053 if (hdev->scanning_paused) { 3054 bt_dev_dbg(hdev, "Scanning is paused for suspend"); 3055 return 0; 3056 } 3057 3058 hci_req_add_le_scan_disable(req, false); 3059 3060 if (use_ext_scan(hdev)) { 3061 struct hci_cp_le_set_ext_scan_enable ext_enable_cp; 3062 3063 memset(&ext_enable_cp, 0, sizeof(ext_enable_cp)); 3064 ext_enable_cp.enable = LE_SCAN_ENABLE; 3065 ext_enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE; 3066 3067 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE, 3068 sizeof(ext_enable_cp), &ext_enable_cp); 3069 } else { 3070 struct hci_cp_le_set_scan_enable cp; 3071 3072 memset(&cp, 0, sizeof(cp)); 3073 cp.enable = LE_SCAN_ENABLE; 3074 cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE; 3075 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 3076 } 3077 3078 return 0; 3079 } 3080 3081 static void le_scan_restart_work(struct work_struct *work) 3082 { 3083 struct hci_dev *hdev = container_of(work, struct hci_dev, 3084 le_scan_restart.work); 3085 unsigned long timeout, duration, scan_start, now; 3086 u8 status; 3087 3088 bt_dev_dbg(hdev, ""); 3089 3090 hci_req_sync(hdev, le_scan_restart, 0, HCI_CMD_TIMEOUT, &status); 3091 if (status) { 3092 bt_dev_err(hdev, "failed to restart LE scan: status %d", 3093 status); 3094 return; 3095 } 3096 3097 hci_dev_lock(hdev); 3098 3099 if (!test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) || 3100 !hdev->discovery.scan_start) 3101 goto unlock; 3102 3103 /* When the scan was started, hdev->le_scan_disable has been queued 3104 * after duration from scan_start. During scan restart this job 3105 * has been canceled, and we need to queue it again after proper 3106 * timeout, to make sure that scan does not run indefinitely. 3107 */ 3108 duration = hdev->discovery.scan_duration; 3109 scan_start = hdev->discovery.scan_start; 3110 now = jiffies; 3111 if (now - scan_start <= duration) { 3112 int elapsed; 3113 3114 if (now >= scan_start) 3115 elapsed = now - scan_start; 3116 else 3117 elapsed = ULONG_MAX - scan_start + now; 3118 3119 timeout = duration - elapsed; 3120 } else { 3121 timeout = 0; 3122 } 3123 3124 queue_delayed_work(hdev->req_workqueue, 3125 &hdev->le_scan_disable, timeout); 3126 3127 unlock: 3128 hci_dev_unlock(hdev); 3129 } 3130 3131 static int active_scan(struct hci_request *req, unsigned long opt) 3132 { 3133 uint16_t interval = opt; 3134 struct hci_dev *hdev = req->hdev; 3135 u8 own_addr_type; 3136 /* White list is not used for discovery */ 3137 u8 filter_policy = 0x00; 3138 /* Discovery doesn't require controller address resolution */ 3139 bool addr_resolv = false; 3140 int err; 3141 3142 bt_dev_dbg(hdev, ""); 3143 3144 /* If controller is scanning, it means the background scanning is 3145 * running. Thus, we should temporarily stop it in order to set the 3146 * discovery scanning parameters. 3147 */ 3148 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) { 3149 hci_req_add_le_scan_disable(req, false); 3150 cancel_interleave_scan(hdev); 3151 } 3152 3153 /* All active scans will be done with either a resolvable private 3154 * address (when privacy feature has been enabled) or non-resolvable 3155 * private address. 3156 */ 3157 err = hci_update_random_address(req, true, scan_use_rpa(hdev), 3158 &own_addr_type); 3159 if (err < 0) 3160 own_addr_type = ADDR_LE_DEV_PUBLIC; 3161 3162 hci_req_start_scan(req, LE_SCAN_ACTIVE, interval, 3163 hdev->le_scan_window_discovery, own_addr_type, 3164 filter_policy, addr_resolv); 3165 return 0; 3166 } 3167 3168 static int interleaved_discov(struct hci_request *req, unsigned long opt) 3169 { 3170 int err; 3171 3172 bt_dev_dbg(req->hdev, ""); 3173 3174 err = active_scan(req, opt); 3175 if (err) 3176 return err; 3177 3178 return bredr_inquiry(req, DISCOV_BREDR_INQUIRY_LEN); 3179 } 3180 3181 static void start_discovery(struct hci_dev *hdev, u8 *status) 3182 { 3183 unsigned long timeout; 3184 3185 bt_dev_dbg(hdev, "type %u", hdev->discovery.type); 3186 3187 switch (hdev->discovery.type) { 3188 case DISCOV_TYPE_BREDR: 3189 if (!hci_dev_test_flag(hdev, HCI_INQUIRY)) 3190 hci_req_sync(hdev, bredr_inquiry, 3191 DISCOV_BREDR_INQUIRY_LEN, HCI_CMD_TIMEOUT, 3192 status); 3193 return; 3194 case DISCOV_TYPE_INTERLEAVED: 3195 /* When running simultaneous discovery, the LE scanning time 3196 * should occupy the whole discovery time sine BR/EDR inquiry 3197 * and LE scanning are scheduled by the controller. 3198 * 3199 * For interleaving discovery in comparison, BR/EDR inquiry 3200 * and LE scanning are done sequentially with separate 3201 * timeouts. 3202 */ 3203 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, 3204 &hdev->quirks)) { 3205 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT); 3206 /* During simultaneous discovery, we double LE scan 3207 * interval. We must leave some time for the controller 3208 * to do BR/EDR inquiry. 3209 */ 3210 hci_req_sync(hdev, interleaved_discov, 3211 hdev->le_scan_int_discovery * 2, HCI_CMD_TIMEOUT, 3212 status); 3213 break; 3214 } 3215 3216 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout); 3217 hci_req_sync(hdev, active_scan, hdev->le_scan_int_discovery, 3218 HCI_CMD_TIMEOUT, status); 3219 break; 3220 case DISCOV_TYPE_LE: 3221 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT); 3222 hci_req_sync(hdev, active_scan, hdev->le_scan_int_discovery, 3223 HCI_CMD_TIMEOUT, status); 3224 break; 3225 default: 3226 *status = HCI_ERROR_UNSPECIFIED; 3227 return; 3228 } 3229 3230 if (*status) 3231 return; 3232 3233 bt_dev_dbg(hdev, "timeout %u ms", jiffies_to_msecs(timeout)); 3234 3235 /* When service discovery is used and the controller has a 3236 * strict duplicate filter, it is important to remember the 3237 * start and duration of the scan. This is required for 3238 * restarting scanning during the discovery phase. 3239 */ 3240 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) && 3241 hdev->discovery.result_filtering) { 3242 hdev->discovery.scan_start = jiffies; 3243 hdev->discovery.scan_duration = timeout; 3244 } 3245 3246 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_disable, 3247 timeout); 3248 } 3249 3250 bool hci_req_stop_discovery(struct hci_request *req) 3251 { 3252 struct hci_dev *hdev = req->hdev; 3253 struct discovery_state *d = &hdev->discovery; 3254 struct hci_cp_remote_name_req_cancel cp; 3255 struct inquiry_entry *e; 3256 bool ret = false; 3257 3258 bt_dev_dbg(hdev, "state %u", hdev->discovery.state); 3259 3260 if (d->state == DISCOVERY_FINDING || d->state == DISCOVERY_STOPPING) { 3261 if (test_bit(HCI_INQUIRY, &hdev->flags)) 3262 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL); 3263 3264 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) { 3265 cancel_delayed_work(&hdev->le_scan_disable); 3266 cancel_delayed_work(&hdev->le_scan_restart); 3267 hci_req_add_le_scan_disable(req, false); 3268 } 3269 3270 ret = true; 3271 } else { 3272 /* Passive scanning */ 3273 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) { 3274 hci_req_add_le_scan_disable(req, false); 3275 ret = true; 3276 } 3277 } 3278 3279 /* No further actions needed for LE-only discovery */ 3280 if (d->type == DISCOV_TYPE_LE) 3281 return ret; 3282 3283 if (d->state == DISCOVERY_RESOLVING || d->state == DISCOVERY_STOPPING) { 3284 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, 3285 NAME_PENDING); 3286 if (!e) 3287 return ret; 3288 3289 bacpy(&cp.bdaddr, &e->data.bdaddr); 3290 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp), 3291 &cp); 3292 ret = true; 3293 } 3294 3295 return ret; 3296 } 3297 3298 static int stop_discovery(struct hci_request *req, unsigned long opt) 3299 { 3300 hci_dev_lock(req->hdev); 3301 hci_req_stop_discovery(req); 3302 hci_dev_unlock(req->hdev); 3303 3304 return 0; 3305 } 3306 3307 static void discov_update(struct work_struct *work) 3308 { 3309 struct hci_dev *hdev = container_of(work, struct hci_dev, 3310 discov_update); 3311 u8 status = 0; 3312 3313 switch (hdev->discovery.state) { 3314 case DISCOVERY_STARTING: 3315 start_discovery(hdev, &status); 3316 mgmt_start_discovery_complete(hdev, status); 3317 if (status) 3318 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 3319 else 3320 hci_discovery_set_state(hdev, DISCOVERY_FINDING); 3321 break; 3322 case DISCOVERY_STOPPING: 3323 hci_req_sync(hdev, stop_discovery, 0, HCI_CMD_TIMEOUT, &status); 3324 mgmt_stop_discovery_complete(hdev, status); 3325 if (!status) 3326 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 3327 break; 3328 case DISCOVERY_STOPPED: 3329 default: 3330 return; 3331 } 3332 } 3333 3334 static void discov_off(struct work_struct *work) 3335 { 3336 struct hci_dev *hdev = container_of(work, struct hci_dev, 3337 discov_off.work); 3338 3339 bt_dev_dbg(hdev, ""); 3340 3341 hci_dev_lock(hdev); 3342 3343 /* When discoverable timeout triggers, then just make sure 3344 * the limited discoverable flag is cleared. Even in the case 3345 * of a timeout triggered from general discoverable, it is 3346 * safe to unconditionally clear the flag. 3347 */ 3348 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 3349 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 3350 hdev->discov_timeout = 0; 3351 3352 hci_dev_unlock(hdev); 3353 3354 hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, NULL); 3355 mgmt_new_settings(hdev); 3356 } 3357 3358 static int powered_update_hci(struct hci_request *req, unsigned long opt) 3359 { 3360 struct hci_dev *hdev = req->hdev; 3361 u8 link_sec; 3362 3363 hci_dev_lock(hdev); 3364 3365 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) && 3366 !lmp_host_ssp_capable(hdev)) { 3367 u8 mode = 0x01; 3368 3369 hci_req_add(req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode); 3370 3371 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) { 3372 u8 support = 0x01; 3373 3374 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT, 3375 sizeof(support), &support); 3376 } 3377 } 3378 3379 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 3380 lmp_bredr_capable(hdev)) { 3381 struct hci_cp_write_le_host_supported cp; 3382 3383 cp.le = 0x01; 3384 cp.simul = 0x00; 3385 3386 /* Check first if we already have the right 3387 * host state (host features set) 3388 */ 3389 if (cp.le != lmp_host_le_capable(hdev) || 3390 cp.simul != lmp_host_le_br_capable(hdev)) 3391 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, 3392 sizeof(cp), &cp); 3393 } 3394 3395 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 3396 /* Make sure the controller has a good default for 3397 * advertising data. This also applies to the case 3398 * where BR/EDR was toggled during the AUTO_OFF phase. 3399 */ 3400 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 3401 list_empty(&hdev->adv_instances)) { 3402 int err; 3403 3404 if (ext_adv_capable(hdev)) { 3405 err = __hci_req_setup_ext_adv_instance(req, 3406 0x00); 3407 if (!err) 3408 __hci_req_update_scan_rsp_data(req, 3409 0x00); 3410 } else { 3411 err = 0; 3412 __hci_req_update_adv_data(req, 0x00); 3413 __hci_req_update_scan_rsp_data(req, 0x00); 3414 } 3415 3416 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 3417 if (!ext_adv_capable(hdev)) 3418 __hci_req_enable_advertising(req); 3419 else if (!err) 3420 __hci_req_enable_ext_advertising(req, 3421 0x00); 3422 } 3423 } else if (!list_empty(&hdev->adv_instances)) { 3424 struct adv_info *adv_instance; 3425 3426 adv_instance = list_first_entry(&hdev->adv_instances, 3427 struct adv_info, list); 3428 __hci_req_schedule_adv_instance(req, 3429 adv_instance->instance, 3430 true); 3431 } 3432 } 3433 3434 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY); 3435 if (link_sec != test_bit(HCI_AUTH, &hdev->flags)) 3436 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 3437 sizeof(link_sec), &link_sec); 3438 3439 if (lmp_bredr_capable(hdev)) { 3440 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) 3441 __hci_req_write_fast_connectable(req, true); 3442 else 3443 __hci_req_write_fast_connectable(req, false); 3444 __hci_req_update_scan(req); 3445 __hci_req_update_class(req); 3446 __hci_req_update_name(req); 3447 __hci_req_update_eir(req); 3448 } 3449 3450 hci_dev_unlock(hdev); 3451 return 0; 3452 } 3453 3454 int __hci_req_hci_power_on(struct hci_dev *hdev) 3455 { 3456 /* Register the available SMP channels (BR/EDR and LE) only when 3457 * successfully powering on the controller. This late 3458 * registration is required so that LE SMP can clearly decide if 3459 * the public address or static address is used. 3460 */ 3461 smp_register(hdev); 3462 3463 return __hci_req_sync(hdev, powered_update_hci, 0, HCI_CMD_TIMEOUT, 3464 NULL); 3465 } 3466 3467 void hci_request_setup(struct hci_dev *hdev) 3468 { 3469 INIT_WORK(&hdev->discov_update, discov_update); 3470 INIT_WORK(&hdev->bg_scan_update, bg_scan_update); 3471 INIT_WORK(&hdev->scan_update, scan_update_work); 3472 INIT_WORK(&hdev->connectable_update, connectable_update_work); 3473 INIT_WORK(&hdev->discoverable_update, discoverable_update_work); 3474 INIT_DELAYED_WORK(&hdev->discov_off, discov_off); 3475 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work); 3476 INIT_DELAYED_WORK(&hdev->le_scan_restart, le_scan_restart_work); 3477 INIT_DELAYED_WORK(&hdev->adv_instance_expire, adv_timeout_expire); 3478 INIT_DELAYED_WORK(&hdev->interleave_scan, interleave_scan_work); 3479 } 3480 3481 void hci_request_cancel_all(struct hci_dev *hdev) 3482 { 3483 hci_req_sync_cancel(hdev, ENODEV); 3484 3485 cancel_work_sync(&hdev->discov_update); 3486 cancel_work_sync(&hdev->bg_scan_update); 3487 cancel_work_sync(&hdev->scan_update); 3488 cancel_work_sync(&hdev->connectable_update); 3489 cancel_work_sync(&hdev->discoverable_update); 3490 cancel_delayed_work_sync(&hdev->discov_off); 3491 cancel_delayed_work_sync(&hdev->le_scan_disable); 3492 cancel_delayed_work_sync(&hdev->le_scan_restart); 3493 3494 if (hdev->adv_instance_timeout) { 3495 cancel_delayed_work_sync(&hdev->adv_instance_expire); 3496 hdev->adv_instance_timeout = 0; 3497 } 3498 3499 cancel_interleave_scan(hdev); 3500 } 3501