xref: /openbmc/linux/net/bluetooth/hci_request.c (revision 62eab49f)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3 
4    Copyright (C) 2014 Intel Corporation
5 
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9 
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21    SOFTWARE IS DISCLAIMED.
22 */
23 
24 #include <linux/sched/signal.h>
25 
26 #include <net/bluetooth/bluetooth.h>
27 #include <net/bluetooth/hci_core.h>
28 #include <net/bluetooth/mgmt.h>
29 
30 #include "smp.h"
31 #include "hci_request.h"
32 #include "msft.h"
33 
34 #define HCI_REQ_DONE	  0
35 #define HCI_REQ_PEND	  1
36 #define HCI_REQ_CANCELED  2
37 
38 void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
39 {
40 	skb_queue_head_init(&req->cmd_q);
41 	req->hdev = hdev;
42 	req->err = 0;
43 }
44 
45 void hci_req_purge(struct hci_request *req)
46 {
47 	skb_queue_purge(&req->cmd_q);
48 }
49 
50 bool hci_req_status_pend(struct hci_dev *hdev)
51 {
52 	return hdev->req_status == HCI_REQ_PEND;
53 }
54 
55 static int req_run(struct hci_request *req, hci_req_complete_t complete,
56 		   hci_req_complete_skb_t complete_skb)
57 {
58 	struct hci_dev *hdev = req->hdev;
59 	struct sk_buff *skb;
60 	unsigned long flags;
61 
62 	bt_dev_dbg(hdev, "length %u", skb_queue_len(&req->cmd_q));
63 
64 	/* If an error occurred during request building, remove all HCI
65 	 * commands queued on the HCI request queue.
66 	 */
67 	if (req->err) {
68 		skb_queue_purge(&req->cmd_q);
69 		return req->err;
70 	}
71 
72 	/* Do not allow empty requests */
73 	if (skb_queue_empty(&req->cmd_q))
74 		return -ENODATA;
75 
76 	skb = skb_peek_tail(&req->cmd_q);
77 	if (complete) {
78 		bt_cb(skb)->hci.req_complete = complete;
79 	} else if (complete_skb) {
80 		bt_cb(skb)->hci.req_complete_skb = complete_skb;
81 		bt_cb(skb)->hci.req_flags |= HCI_REQ_SKB;
82 	}
83 
84 	spin_lock_irqsave(&hdev->cmd_q.lock, flags);
85 	skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
86 	spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
87 
88 	queue_work(hdev->workqueue, &hdev->cmd_work);
89 
90 	return 0;
91 }
92 
93 int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
94 {
95 	return req_run(req, complete, NULL);
96 }
97 
98 int hci_req_run_skb(struct hci_request *req, hci_req_complete_skb_t complete)
99 {
100 	return req_run(req, NULL, complete);
101 }
102 
103 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode,
104 				  struct sk_buff *skb)
105 {
106 	bt_dev_dbg(hdev, "result 0x%2.2x", result);
107 
108 	if (hdev->req_status == HCI_REQ_PEND) {
109 		hdev->req_result = result;
110 		hdev->req_status = HCI_REQ_DONE;
111 		if (skb)
112 			hdev->req_skb = skb_get(skb);
113 		wake_up_interruptible(&hdev->req_wait_q);
114 	}
115 }
116 
117 void hci_req_sync_cancel(struct hci_dev *hdev, int err)
118 {
119 	bt_dev_dbg(hdev, "err 0x%2.2x", err);
120 
121 	if (hdev->req_status == HCI_REQ_PEND) {
122 		hdev->req_result = err;
123 		hdev->req_status = HCI_REQ_CANCELED;
124 		wake_up_interruptible(&hdev->req_wait_q);
125 	}
126 }
127 
128 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
129 				  const void *param, u8 event, u32 timeout)
130 {
131 	struct hci_request req;
132 	struct sk_buff *skb;
133 	int err = 0;
134 
135 	bt_dev_dbg(hdev, "");
136 
137 	hci_req_init(&req, hdev);
138 
139 	hci_req_add_ev(&req, opcode, plen, param, event);
140 
141 	hdev->req_status = HCI_REQ_PEND;
142 
143 	err = hci_req_run_skb(&req, hci_req_sync_complete);
144 	if (err < 0)
145 		return ERR_PTR(err);
146 
147 	err = wait_event_interruptible_timeout(hdev->req_wait_q,
148 			hdev->req_status != HCI_REQ_PEND, timeout);
149 
150 	if (err == -ERESTARTSYS)
151 		return ERR_PTR(-EINTR);
152 
153 	switch (hdev->req_status) {
154 	case HCI_REQ_DONE:
155 		err = -bt_to_errno(hdev->req_result);
156 		break;
157 
158 	case HCI_REQ_CANCELED:
159 		err = -hdev->req_result;
160 		break;
161 
162 	default:
163 		err = -ETIMEDOUT;
164 		break;
165 	}
166 
167 	hdev->req_status = hdev->req_result = 0;
168 	skb = hdev->req_skb;
169 	hdev->req_skb = NULL;
170 
171 	bt_dev_dbg(hdev, "end: err %d", err);
172 
173 	if (err < 0) {
174 		kfree_skb(skb);
175 		return ERR_PTR(err);
176 	}
177 
178 	if (!skb)
179 		return ERR_PTR(-ENODATA);
180 
181 	return skb;
182 }
183 EXPORT_SYMBOL(__hci_cmd_sync_ev);
184 
185 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
186 			       const void *param, u32 timeout)
187 {
188 	return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
189 }
190 EXPORT_SYMBOL(__hci_cmd_sync);
191 
192 /* Execute request and wait for completion. */
193 int __hci_req_sync(struct hci_dev *hdev, int (*func)(struct hci_request *req,
194 						     unsigned long opt),
195 		   unsigned long opt, u32 timeout, u8 *hci_status)
196 {
197 	struct hci_request req;
198 	int err = 0;
199 
200 	bt_dev_dbg(hdev, "start");
201 
202 	hci_req_init(&req, hdev);
203 
204 	hdev->req_status = HCI_REQ_PEND;
205 
206 	err = func(&req, opt);
207 	if (err) {
208 		if (hci_status)
209 			*hci_status = HCI_ERROR_UNSPECIFIED;
210 		return err;
211 	}
212 
213 	err = hci_req_run_skb(&req, hci_req_sync_complete);
214 	if (err < 0) {
215 		hdev->req_status = 0;
216 
217 		/* ENODATA means the HCI request command queue is empty.
218 		 * This can happen when a request with conditionals doesn't
219 		 * trigger any commands to be sent. This is normal behavior
220 		 * and should not trigger an error return.
221 		 */
222 		if (err == -ENODATA) {
223 			if (hci_status)
224 				*hci_status = 0;
225 			return 0;
226 		}
227 
228 		if (hci_status)
229 			*hci_status = HCI_ERROR_UNSPECIFIED;
230 
231 		return err;
232 	}
233 
234 	err = wait_event_interruptible_timeout(hdev->req_wait_q,
235 			hdev->req_status != HCI_REQ_PEND, timeout);
236 
237 	if (err == -ERESTARTSYS)
238 		return -EINTR;
239 
240 	switch (hdev->req_status) {
241 	case HCI_REQ_DONE:
242 		err = -bt_to_errno(hdev->req_result);
243 		if (hci_status)
244 			*hci_status = hdev->req_result;
245 		break;
246 
247 	case HCI_REQ_CANCELED:
248 		err = -hdev->req_result;
249 		if (hci_status)
250 			*hci_status = HCI_ERROR_UNSPECIFIED;
251 		break;
252 
253 	default:
254 		err = -ETIMEDOUT;
255 		if (hci_status)
256 			*hci_status = HCI_ERROR_UNSPECIFIED;
257 		break;
258 	}
259 
260 	kfree_skb(hdev->req_skb);
261 	hdev->req_skb = NULL;
262 	hdev->req_status = hdev->req_result = 0;
263 
264 	bt_dev_dbg(hdev, "end: err %d", err);
265 
266 	return err;
267 }
268 
269 int hci_req_sync(struct hci_dev *hdev, int (*req)(struct hci_request *req,
270 						  unsigned long opt),
271 		 unsigned long opt, u32 timeout, u8 *hci_status)
272 {
273 	int ret;
274 
275 	if (!test_bit(HCI_UP, &hdev->flags))
276 		return -ENETDOWN;
277 
278 	/* Serialize all requests */
279 	hci_req_sync_lock(hdev);
280 	ret = __hci_req_sync(hdev, req, opt, timeout, hci_status);
281 	hci_req_sync_unlock(hdev);
282 
283 	return ret;
284 }
285 
286 struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode, u32 plen,
287 				const void *param)
288 {
289 	int len = HCI_COMMAND_HDR_SIZE + plen;
290 	struct hci_command_hdr *hdr;
291 	struct sk_buff *skb;
292 
293 	skb = bt_skb_alloc(len, GFP_ATOMIC);
294 	if (!skb)
295 		return NULL;
296 
297 	hdr = skb_put(skb, HCI_COMMAND_HDR_SIZE);
298 	hdr->opcode = cpu_to_le16(opcode);
299 	hdr->plen   = plen;
300 
301 	if (plen)
302 		skb_put_data(skb, param, plen);
303 
304 	bt_dev_dbg(hdev, "skb len %d", skb->len);
305 
306 	hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
307 	hci_skb_opcode(skb) = opcode;
308 
309 	return skb;
310 }
311 
312 /* Queue a command to an asynchronous HCI request */
313 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
314 		    const void *param, u8 event)
315 {
316 	struct hci_dev *hdev = req->hdev;
317 	struct sk_buff *skb;
318 
319 	bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen);
320 
321 	/* If an error occurred during request building, there is no point in
322 	 * queueing the HCI command. We can simply return.
323 	 */
324 	if (req->err)
325 		return;
326 
327 	skb = hci_prepare_cmd(hdev, opcode, plen, param);
328 	if (!skb) {
329 		bt_dev_err(hdev, "no memory for command (opcode 0x%4.4x)",
330 			   opcode);
331 		req->err = -ENOMEM;
332 		return;
333 	}
334 
335 	if (skb_queue_empty(&req->cmd_q))
336 		bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
337 
338 	bt_cb(skb)->hci.req_event = event;
339 
340 	skb_queue_tail(&req->cmd_q, skb);
341 }
342 
343 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
344 		 const void *param)
345 {
346 	hci_req_add_ev(req, opcode, plen, param, 0);
347 }
348 
349 void __hci_req_write_fast_connectable(struct hci_request *req, bool enable)
350 {
351 	struct hci_dev *hdev = req->hdev;
352 	struct hci_cp_write_page_scan_activity acp;
353 	u8 type;
354 
355 	if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
356 		return;
357 
358 	if (hdev->hci_ver < BLUETOOTH_VER_1_2)
359 		return;
360 
361 	if (enable) {
362 		type = PAGE_SCAN_TYPE_INTERLACED;
363 
364 		/* 160 msec page scan interval */
365 		acp.interval = cpu_to_le16(0x0100);
366 	} else {
367 		type = hdev->def_page_scan_type;
368 		acp.interval = cpu_to_le16(hdev->def_page_scan_int);
369 	}
370 
371 	acp.window = cpu_to_le16(hdev->def_page_scan_window);
372 
373 	if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
374 	    __cpu_to_le16(hdev->page_scan_window) != acp.window)
375 		hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
376 			    sizeof(acp), &acp);
377 
378 	if (hdev->page_scan_type != type)
379 		hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
380 }
381 
382 static void start_interleave_scan(struct hci_dev *hdev)
383 {
384 	hdev->interleave_scan_state = INTERLEAVE_SCAN_NO_FILTER;
385 	queue_delayed_work(hdev->req_workqueue,
386 			   &hdev->interleave_scan, 0);
387 }
388 
389 static bool is_interleave_scanning(struct hci_dev *hdev)
390 {
391 	return hdev->interleave_scan_state != INTERLEAVE_SCAN_NONE;
392 }
393 
394 static void cancel_interleave_scan(struct hci_dev *hdev)
395 {
396 	bt_dev_dbg(hdev, "cancelling interleave scan");
397 
398 	cancel_delayed_work_sync(&hdev->interleave_scan);
399 
400 	hdev->interleave_scan_state = INTERLEAVE_SCAN_NONE;
401 }
402 
403 /* Return true if interleave_scan wasn't started until exiting this function,
404  * otherwise, return false
405  */
406 static bool __hci_update_interleaved_scan(struct hci_dev *hdev)
407 {
408 	/* Do interleaved scan only if all of the following are true:
409 	 * - There is at least one ADV monitor
410 	 * - At least one pending LE connection or one device to be scanned for
411 	 * - Monitor offloading is not supported
412 	 * If so, we should alternate between allowlist scan and one without
413 	 * any filters to save power.
414 	 */
415 	bool use_interleaving = hci_is_adv_monitoring(hdev) &&
416 				!(list_empty(&hdev->pend_le_conns) &&
417 				  list_empty(&hdev->pend_le_reports)) &&
418 				hci_get_adv_monitor_offload_ext(hdev) ==
419 				    HCI_ADV_MONITOR_EXT_NONE;
420 	bool is_interleaving = is_interleave_scanning(hdev);
421 
422 	if (use_interleaving && !is_interleaving) {
423 		start_interleave_scan(hdev);
424 		bt_dev_dbg(hdev, "starting interleave scan");
425 		return true;
426 	}
427 
428 	if (!use_interleaving && is_interleaving)
429 		cancel_interleave_scan(hdev);
430 
431 	return false;
432 }
433 
434 /* This function controls the background scanning based on hdev->pend_le_conns
435  * list. If there are pending LE connection we start the background scanning,
436  * otherwise we stop it.
437  *
438  * This function requires the caller holds hdev->lock.
439  */
440 static void __hci_update_background_scan(struct hci_request *req)
441 {
442 	struct hci_dev *hdev = req->hdev;
443 
444 	if (!test_bit(HCI_UP, &hdev->flags) ||
445 	    test_bit(HCI_INIT, &hdev->flags) ||
446 	    hci_dev_test_flag(hdev, HCI_SETUP) ||
447 	    hci_dev_test_flag(hdev, HCI_CONFIG) ||
448 	    hci_dev_test_flag(hdev, HCI_AUTO_OFF) ||
449 	    hci_dev_test_flag(hdev, HCI_UNREGISTER))
450 		return;
451 
452 	/* No point in doing scanning if LE support hasn't been enabled */
453 	if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
454 		return;
455 
456 	/* If discovery is active don't interfere with it */
457 	if (hdev->discovery.state != DISCOVERY_STOPPED)
458 		return;
459 
460 	/* Reset RSSI and UUID filters when starting background scanning
461 	 * since these filters are meant for service discovery only.
462 	 *
463 	 * The Start Discovery and Start Service Discovery operations
464 	 * ensure to set proper values for RSSI threshold and UUID
465 	 * filter list. So it is safe to just reset them here.
466 	 */
467 	hci_discovery_filter_clear(hdev);
468 
469 	bt_dev_dbg(hdev, "ADV monitoring is %s",
470 		   hci_is_adv_monitoring(hdev) ? "on" : "off");
471 
472 	if (list_empty(&hdev->pend_le_conns) &&
473 	    list_empty(&hdev->pend_le_reports) &&
474 	    !hci_is_adv_monitoring(hdev)) {
475 		/* If there is no pending LE connections or devices
476 		 * to be scanned for or no ADV monitors, we should stop the
477 		 * background scanning.
478 		 */
479 
480 		/* If controller is not scanning we are done. */
481 		if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
482 			return;
483 
484 		hci_req_add_le_scan_disable(req, false);
485 
486 		bt_dev_dbg(hdev, "stopping background scanning");
487 	} else {
488 		/* If there is at least one pending LE connection, we should
489 		 * keep the background scan running.
490 		 */
491 
492 		/* If controller is connecting, we should not start scanning
493 		 * since some controllers are not able to scan and connect at
494 		 * the same time.
495 		 */
496 		if (hci_lookup_le_connect(hdev))
497 			return;
498 
499 		/* If controller is currently scanning, we stop it to ensure we
500 		 * don't miss any advertising (due to duplicates filter).
501 		 */
502 		if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
503 			hci_req_add_le_scan_disable(req, false);
504 
505 		hci_req_add_le_passive_scan(req);
506 		bt_dev_dbg(hdev, "starting background scanning");
507 	}
508 }
509 
510 void __hci_req_update_name(struct hci_request *req)
511 {
512 	struct hci_dev *hdev = req->hdev;
513 	struct hci_cp_write_local_name cp;
514 
515 	memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
516 
517 	hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
518 }
519 
520 #define PNP_INFO_SVCLASS_ID		0x1200
521 
522 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
523 {
524 	u8 *ptr = data, *uuids_start = NULL;
525 	struct bt_uuid *uuid;
526 
527 	if (len < 4)
528 		return ptr;
529 
530 	list_for_each_entry(uuid, &hdev->uuids, list) {
531 		u16 uuid16;
532 
533 		if (uuid->size != 16)
534 			continue;
535 
536 		uuid16 = get_unaligned_le16(&uuid->uuid[12]);
537 		if (uuid16 < 0x1100)
538 			continue;
539 
540 		if (uuid16 == PNP_INFO_SVCLASS_ID)
541 			continue;
542 
543 		if (!uuids_start) {
544 			uuids_start = ptr;
545 			uuids_start[0] = 1;
546 			uuids_start[1] = EIR_UUID16_ALL;
547 			ptr += 2;
548 		}
549 
550 		/* Stop if not enough space to put next UUID */
551 		if ((ptr - data) + sizeof(u16) > len) {
552 			uuids_start[1] = EIR_UUID16_SOME;
553 			break;
554 		}
555 
556 		*ptr++ = (uuid16 & 0x00ff);
557 		*ptr++ = (uuid16 & 0xff00) >> 8;
558 		uuids_start[0] += sizeof(uuid16);
559 	}
560 
561 	return ptr;
562 }
563 
564 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
565 {
566 	u8 *ptr = data, *uuids_start = NULL;
567 	struct bt_uuid *uuid;
568 
569 	if (len < 6)
570 		return ptr;
571 
572 	list_for_each_entry(uuid, &hdev->uuids, list) {
573 		if (uuid->size != 32)
574 			continue;
575 
576 		if (!uuids_start) {
577 			uuids_start = ptr;
578 			uuids_start[0] = 1;
579 			uuids_start[1] = EIR_UUID32_ALL;
580 			ptr += 2;
581 		}
582 
583 		/* Stop if not enough space to put next UUID */
584 		if ((ptr - data) + sizeof(u32) > len) {
585 			uuids_start[1] = EIR_UUID32_SOME;
586 			break;
587 		}
588 
589 		memcpy(ptr, &uuid->uuid[12], sizeof(u32));
590 		ptr += sizeof(u32);
591 		uuids_start[0] += sizeof(u32);
592 	}
593 
594 	return ptr;
595 }
596 
597 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
598 {
599 	u8 *ptr = data, *uuids_start = NULL;
600 	struct bt_uuid *uuid;
601 
602 	if (len < 18)
603 		return ptr;
604 
605 	list_for_each_entry(uuid, &hdev->uuids, list) {
606 		if (uuid->size != 128)
607 			continue;
608 
609 		if (!uuids_start) {
610 			uuids_start = ptr;
611 			uuids_start[0] = 1;
612 			uuids_start[1] = EIR_UUID128_ALL;
613 			ptr += 2;
614 		}
615 
616 		/* Stop if not enough space to put next UUID */
617 		if ((ptr - data) + 16 > len) {
618 			uuids_start[1] = EIR_UUID128_SOME;
619 			break;
620 		}
621 
622 		memcpy(ptr, uuid->uuid, 16);
623 		ptr += 16;
624 		uuids_start[0] += 16;
625 	}
626 
627 	return ptr;
628 }
629 
630 static void create_eir(struct hci_dev *hdev, u8 *data)
631 {
632 	u8 *ptr = data;
633 	size_t name_len;
634 
635 	name_len = strlen(hdev->dev_name);
636 
637 	if (name_len > 0) {
638 		/* EIR Data type */
639 		if (name_len > 48) {
640 			name_len = 48;
641 			ptr[1] = EIR_NAME_SHORT;
642 		} else
643 			ptr[1] = EIR_NAME_COMPLETE;
644 
645 		/* EIR Data length */
646 		ptr[0] = name_len + 1;
647 
648 		memcpy(ptr + 2, hdev->dev_name, name_len);
649 
650 		ptr += (name_len + 2);
651 	}
652 
653 	if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
654 		ptr[0] = 2;
655 		ptr[1] = EIR_TX_POWER;
656 		ptr[2] = (u8) hdev->inq_tx_power;
657 
658 		ptr += 3;
659 	}
660 
661 	if (hdev->devid_source > 0) {
662 		ptr[0] = 9;
663 		ptr[1] = EIR_DEVICE_ID;
664 
665 		put_unaligned_le16(hdev->devid_source, ptr + 2);
666 		put_unaligned_le16(hdev->devid_vendor, ptr + 4);
667 		put_unaligned_le16(hdev->devid_product, ptr + 6);
668 		put_unaligned_le16(hdev->devid_version, ptr + 8);
669 
670 		ptr += 10;
671 	}
672 
673 	ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
674 	ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
675 	ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
676 }
677 
678 void __hci_req_update_eir(struct hci_request *req)
679 {
680 	struct hci_dev *hdev = req->hdev;
681 	struct hci_cp_write_eir cp;
682 
683 	if (!hdev_is_powered(hdev))
684 		return;
685 
686 	if (!lmp_ext_inq_capable(hdev))
687 		return;
688 
689 	if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
690 		return;
691 
692 	if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
693 		return;
694 
695 	memset(&cp, 0, sizeof(cp));
696 
697 	create_eir(hdev, cp.data);
698 
699 	if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
700 		return;
701 
702 	memcpy(hdev->eir, cp.data, sizeof(cp.data));
703 
704 	hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
705 }
706 
707 void hci_req_add_le_scan_disable(struct hci_request *req, bool rpa_le_conn)
708 {
709 	struct hci_dev *hdev = req->hdev;
710 
711 	if (hdev->scanning_paused) {
712 		bt_dev_dbg(hdev, "Scanning is paused for suspend");
713 		return;
714 	}
715 
716 	if (hdev->suspended)
717 		set_bit(SUSPEND_SCAN_DISABLE, hdev->suspend_tasks);
718 
719 	if (use_ext_scan(hdev)) {
720 		struct hci_cp_le_set_ext_scan_enable cp;
721 
722 		memset(&cp, 0, sizeof(cp));
723 		cp.enable = LE_SCAN_DISABLE;
724 		hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE, sizeof(cp),
725 			    &cp);
726 	} else {
727 		struct hci_cp_le_set_scan_enable cp;
728 
729 		memset(&cp, 0, sizeof(cp));
730 		cp.enable = LE_SCAN_DISABLE;
731 		hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
732 	}
733 
734 	/* Disable address resolution */
735 	if (use_ll_privacy(hdev) &&
736 	    hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) &&
737 	    hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION) && !rpa_le_conn) {
738 		__u8 enable = 0x00;
739 
740 		hci_req_add(req, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE, 1, &enable);
741 	}
742 }
743 
744 static void del_from_white_list(struct hci_request *req, bdaddr_t *bdaddr,
745 				u8 bdaddr_type)
746 {
747 	struct hci_cp_le_del_from_white_list cp;
748 
749 	cp.bdaddr_type = bdaddr_type;
750 	bacpy(&cp.bdaddr, bdaddr);
751 
752 	bt_dev_dbg(req->hdev, "Remove %pMR (0x%x) from whitelist", &cp.bdaddr,
753 		   cp.bdaddr_type);
754 	hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST, sizeof(cp), &cp);
755 
756 	if (use_ll_privacy(req->hdev) &&
757 	    hci_dev_test_flag(req->hdev, HCI_ENABLE_LL_PRIVACY)) {
758 		struct smp_irk *irk;
759 
760 		irk = hci_find_irk_by_addr(req->hdev, bdaddr, bdaddr_type);
761 		if (irk) {
762 			struct hci_cp_le_del_from_resolv_list cp;
763 
764 			cp.bdaddr_type = bdaddr_type;
765 			bacpy(&cp.bdaddr, bdaddr);
766 
767 			hci_req_add(req, HCI_OP_LE_DEL_FROM_RESOLV_LIST,
768 				    sizeof(cp), &cp);
769 		}
770 	}
771 }
772 
773 /* Adds connection to white list if needed. On error, returns -1. */
774 static int add_to_white_list(struct hci_request *req,
775 			     struct hci_conn_params *params, u8 *num_entries,
776 			     bool allow_rpa)
777 {
778 	struct hci_cp_le_add_to_white_list cp;
779 	struct hci_dev *hdev = req->hdev;
780 
781 	/* Already in white list */
782 	if (hci_bdaddr_list_lookup(&hdev->le_white_list, &params->addr,
783 				   params->addr_type))
784 		return 0;
785 
786 	/* Select filter policy to accept all advertising */
787 	if (*num_entries >= hdev->le_white_list_size)
788 		return -1;
789 
790 	/* White list can not be used with RPAs */
791 	if (!allow_rpa &&
792 	    !hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) &&
793 	    hci_find_irk_by_addr(hdev, &params->addr, params->addr_type)) {
794 		return -1;
795 	}
796 
797 	/* During suspend, only wakeable devices can be in whitelist */
798 	if (hdev->suspended && !hci_conn_test_flag(HCI_CONN_FLAG_REMOTE_WAKEUP,
799 						   params->current_flags))
800 		return 0;
801 
802 	*num_entries += 1;
803 	cp.bdaddr_type = params->addr_type;
804 	bacpy(&cp.bdaddr, &params->addr);
805 
806 	bt_dev_dbg(hdev, "Add %pMR (0x%x) to whitelist", &cp.bdaddr,
807 		   cp.bdaddr_type);
808 	hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp);
809 
810 	if (use_ll_privacy(hdev) &&
811 	    hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) {
812 		struct smp_irk *irk;
813 
814 		irk = hci_find_irk_by_addr(hdev, &params->addr,
815 					   params->addr_type);
816 		if (irk) {
817 			struct hci_cp_le_add_to_resolv_list cp;
818 
819 			cp.bdaddr_type = params->addr_type;
820 			bacpy(&cp.bdaddr, &params->addr);
821 			memcpy(cp.peer_irk, irk->val, 16);
822 
823 			if (hci_dev_test_flag(hdev, HCI_PRIVACY))
824 				memcpy(cp.local_irk, hdev->irk, 16);
825 			else
826 				memset(cp.local_irk, 0, 16);
827 
828 			hci_req_add(req, HCI_OP_LE_ADD_TO_RESOLV_LIST,
829 				    sizeof(cp), &cp);
830 		}
831 	}
832 
833 	return 0;
834 }
835 
836 static u8 update_white_list(struct hci_request *req)
837 {
838 	struct hci_dev *hdev = req->hdev;
839 	struct hci_conn_params *params;
840 	struct bdaddr_list *b;
841 	u8 num_entries = 0;
842 	bool pend_conn, pend_report;
843 	/* We allow whitelisting even with RPAs in suspend. In the worst case,
844 	 * we won't be able to wake from devices that use the privacy1.2
845 	 * features. Additionally, once we support privacy1.2 and IRK
846 	 * offloading, we can update this to also check for those conditions.
847 	 */
848 	bool allow_rpa = hdev->suspended;
849 
850 	/* Go through the current white list programmed into the
851 	 * controller one by one and check if that address is still
852 	 * in the list of pending connections or list of devices to
853 	 * report. If not present in either list, then queue the
854 	 * command to remove it from the controller.
855 	 */
856 	list_for_each_entry(b, &hdev->le_white_list, list) {
857 		pend_conn = hci_pend_le_action_lookup(&hdev->pend_le_conns,
858 						      &b->bdaddr,
859 						      b->bdaddr_type);
860 		pend_report = hci_pend_le_action_lookup(&hdev->pend_le_reports,
861 							&b->bdaddr,
862 							b->bdaddr_type);
863 
864 		/* If the device is not likely to connect or report,
865 		 * remove it from the whitelist.
866 		 */
867 		if (!pend_conn && !pend_report) {
868 			del_from_white_list(req, &b->bdaddr, b->bdaddr_type);
869 			continue;
870 		}
871 
872 		/* White list can not be used with RPAs */
873 		if (!allow_rpa &&
874 		    !hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) &&
875 		    hci_find_irk_by_addr(hdev, &b->bdaddr, b->bdaddr_type)) {
876 			return 0x00;
877 		}
878 
879 		num_entries++;
880 	}
881 
882 	/* Since all no longer valid white list entries have been
883 	 * removed, walk through the list of pending connections
884 	 * and ensure that any new device gets programmed into
885 	 * the controller.
886 	 *
887 	 * If the list of the devices is larger than the list of
888 	 * available white list entries in the controller, then
889 	 * just abort and return filer policy value to not use the
890 	 * white list.
891 	 */
892 	list_for_each_entry(params, &hdev->pend_le_conns, action) {
893 		if (add_to_white_list(req, params, &num_entries, allow_rpa))
894 			return 0x00;
895 	}
896 
897 	/* After adding all new pending connections, walk through
898 	 * the list of pending reports and also add these to the
899 	 * white list if there is still space. Abort if space runs out.
900 	 */
901 	list_for_each_entry(params, &hdev->pend_le_reports, action) {
902 		if (add_to_white_list(req, params, &num_entries, allow_rpa))
903 			return 0x00;
904 	}
905 
906 	/* Use the allowlist unless the following conditions are all true:
907 	 * - We are not currently suspending
908 	 * - There are 1 or more ADV monitors registered and it's not offloaded
909 	 * - Interleaved scanning is not currently using the allowlist
910 	 */
911 	if (!idr_is_empty(&hdev->adv_monitors_idr) && !hdev->suspended &&
912 	    hci_get_adv_monitor_offload_ext(hdev) == HCI_ADV_MONITOR_EXT_NONE &&
913 	    hdev->interleave_scan_state != INTERLEAVE_SCAN_ALLOWLIST)
914 		return 0x00;
915 
916 	/* Select filter policy to use white list */
917 	return 0x01;
918 }
919 
920 static bool scan_use_rpa(struct hci_dev *hdev)
921 {
922 	return hci_dev_test_flag(hdev, HCI_PRIVACY);
923 }
924 
925 static void hci_req_start_scan(struct hci_request *req, u8 type, u16 interval,
926 			       u16 window, u8 own_addr_type, u8 filter_policy,
927 			       bool addr_resolv)
928 {
929 	struct hci_dev *hdev = req->hdev;
930 
931 	if (hdev->scanning_paused) {
932 		bt_dev_dbg(hdev, "Scanning is paused for suspend");
933 		return;
934 	}
935 
936 	if (use_ll_privacy(hdev) &&
937 	    hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) &&
938 	    addr_resolv) {
939 		u8 enable = 0x01;
940 
941 		hci_req_add(req, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE, 1, &enable);
942 	}
943 
944 	/* Use ext scanning if set ext scan param and ext scan enable is
945 	 * supported
946 	 */
947 	if (use_ext_scan(hdev)) {
948 		struct hci_cp_le_set_ext_scan_params *ext_param_cp;
949 		struct hci_cp_le_set_ext_scan_enable ext_enable_cp;
950 		struct hci_cp_le_scan_phy_params *phy_params;
951 		u8 data[sizeof(*ext_param_cp) + sizeof(*phy_params) * 2];
952 		u32 plen;
953 
954 		ext_param_cp = (void *)data;
955 		phy_params = (void *)ext_param_cp->data;
956 
957 		memset(ext_param_cp, 0, sizeof(*ext_param_cp));
958 		ext_param_cp->own_addr_type = own_addr_type;
959 		ext_param_cp->filter_policy = filter_policy;
960 
961 		plen = sizeof(*ext_param_cp);
962 
963 		if (scan_1m(hdev) || scan_2m(hdev)) {
964 			ext_param_cp->scanning_phys |= LE_SCAN_PHY_1M;
965 
966 			memset(phy_params, 0, sizeof(*phy_params));
967 			phy_params->type = type;
968 			phy_params->interval = cpu_to_le16(interval);
969 			phy_params->window = cpu_to_le16(window);
970 
971 			plen += sizeof(*phy_params);
972 			phy_params++;
973 		}
974 
975 		if (scan_coded(hdev)) {
976 			ext_param_cp->scanning_phys |= LE_SCAN_PHY_CODED;
977 
978 			memset(phy_params, 0, sizeof(*phy_params));
979 			phy_params->type = type;
980 			phy_params->interval = cpu_to_le16(interval);
981 			phy_params->window = cpu_to_le16(window);
982 
983 			plen += sizeof(*phy_params);
984 			phy_params++;
985 		}
986 
987 		hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_PARAMS,
988 			    plen, ext_param_cp);
989 
990 		memset(&ext_enable_cp, 0, sizeof(ext_enable_cp));
991 		ext_enable_cp.enable = LE_SCAN_ENABLE;
992 		ext_enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
993 
994 		hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE,
995 			    sizeof(ext_enable_cp), &ext_enable_cp);
996 	} else {
997 		struct hci_cp_le_set_scan_param param_cp;
998 		struct hci_cp_le_set_scan_enable enable_cp;
999 
1000 		memset(&param_cp, 0, sizeof(param_cp));
1001 		param_cp.type = type;
1002 		param_cp.interval = cpu_to_le16(interval);
1003 		param_cp.window = cpu_to_le16(window);
1004 		param_cp.own_address_type = own_addr_type;
1005 		param_cp.filter_policy = filter_policy;
1006 		hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
1007 			    &param_cp);
1008 
1009 		memset(&enable_cp, 0, sizeof(enable_cp));
1010 		enable_cp.enable = LE_SCAN_ENABLE;
1011 		enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
1012 		hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
1013 			    &enable_cp);
1014 	}
1015 }
1016 
1017 /* Returns true if an le connection is in the scanning state */
1018 static inline bool hci_is_le_conn_scanning(struct hci_dev *hdev)
1019 {
1020 	struct hci_conn_hash *h = &hdev->conn_hash;
1021 	struct hci_conn  *c;
1022 
1023 	rcu_read_lock();
1024 
1025 	list_for_each_entry_rcu(c, &h->list, list) {
1026 		if (c->type == LE_LINK && c->state == BT_CONNECT &&
1027 		    test_bit(HCI_CONN_SCANNING, &c->flags)) {
1028 			rcu_read_unlock();
1029 			return true;
1030 		}
1031 	}
1032 
1033 	rcu_read_unlock();
1034 
1035 	return false;
1036 }
1037 
1038 /* Ensure to call hci_req_add_le_scan_disable() first to disable the
1039  * controller based address resolution to be able to reconfigure
1040  * resolving list.
1041  */
1042 void hci_req_add_le_passive_scan(struct hci_request *req)
1043 {
1044 	struct hci_dev *hdev = req->hdev;
1045 	u8 own_addr_type;
1046 	u8 filter_policy;
1047 	u16 window, interval;
1048 	/* Background scanning should run with address resolution */
1049 	bool addr_resolv = true;
1050 
1051 	if (hdev->scanning_paused) {
1052 		bt_dev_dbg(hdev, "Scanning is paused for suspend");
1053 		return;
1054 	}
1055 
1056 	/* Set require_privacy to false since no SCAN_REQ are send
1057 	 * during passive scanning. Not using an non-resolvable address
1058 	 * here is important so that peer devices using direct
1059 	 * advertising with our address will be correctly reported
1060 	 * by the controller.
1061 	 */
1062 	if (hci_update_random_address(req, false, scan_use_rpa(hdev),
1063 				      &own_addr_type))
1064 		return;
1065 
1066 	if (hdev->enable_advmon_interleave_scan &&
1067 	    __hci_update_interleaved_scan(hdev))
1068 		return;
1069 
1070 	bt_dev_dbg(hdev, "interleave state %d", hdev->interleave_scan_state);
1071 	/* Adding or removing entries from the white list must
1072 	 * happen before enabling scanning. The controller does
1073 	 * not allow white list modification while scanning.
1074 	 */
1075 	filter_policy = update_white_list(req);
1076 
1077 	/* When the controller is using random resolvable addresses and
1078 	 * with that having LE privacy enabled, then controllers with
1079 	 * Extended Scanner Filter Policies support can now enable support
1080 	 * for handling directed advertising.
1081 	 *
1082 	 * So instead of using filter polices 0x00 (no whitelist)
1083 	 * and 0x01 (whitelist enabled) use the new filter policies
1084 	 * 0x02 (no whitelist) and 0x03 (whitelist enabled).
1085 	 */
1086 	if (hci_dev_test_flag(hdev, HCI_PRIVACY) &&
1087 	    (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY))
1088 		filter_policy |= 0x02;
1089 
1090 	if (hdev->suspended) {
1091 		window = hdev->le_scan_window_suspend;
1092 		interval = hdev->le_scan_int_suspend;
1093 
1094 		set_bit(SUSPEND_SCAN_ENABLE, hdev->suspend_tasks);
1095 	} else if (hci_is_le_conn_scanning(hdev)) {
1096 		window = hdev->le_scan_window_connect;
1097 		interval = hdev->le_scan_int_connect;
1098 	} else if (hci_is_adv_monitoring(hdev)) {
1099 		window = hdev->le_scan_window_adv_monitor;
1100 		interval = hdev->le_scan_int_adv_monitor;
1101 	} else {
1102 		window = hdev->le_scan_window;
1103 		interval = hdev->le_scan_interval;
1104 	}
1105 
1106 	bt_dev_dbg(hdev, "LE passive scan with whitelist = %d", filter_policy);
1107 	hci_req_start_scan(req, LE_SCAN_PASSIVE, interval, window,
1108 			   own_addr_type, filter_policy, addr_resolv);
1109 }
1110 
1111 static bool adv_instance_is_scannable(struct hci_dev *hdev, u8 instance)
1112 {
1113 	struct adv_info *adv_instance;
1114 
1115 	/* Instance 0x00 always set local name */
1116 	if (instance == 0x00)
1117 		return true;
1118 
1119 	adv_instance = hci_find_adv_instance(hdev, instance);
1120 	if (!adv_instance)
1121 		return false;
1122 
1123 	if (adv_instance->flags & MGMT_ADV_FLAG_APPEARANCE ||
1124 	    adv_instance->flags & MGMT_ADV_FLAG_LOCAL_NAME)
1125 		return true;
1126 
1127 	return adv_instance->scan_rsp_len ? true : false;
1128 }
1129 
1130 static void hci_req_clear_event_filter(struct hci_request *req)
1131 {
1132 	struct hci_cp_set_event_filter f;
1133 
1134 	memset(&f, 0, sizeof(f));
1135 	f.flt_type = HCI_FLT_CLEAR_ALL;
1136 	hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &f);
1137 
1138 	/* Update page scan state (since we may have modified it when setting
1139 	 * the event filter).
1140 	 */
1141 	__hci_req_update_scan(req);
1142 }
1143 
1144 static void hci_req_set_event_filter(struct hci_request *req)
1145 {
1146 	struct bdaddr_list_with_flags *b;
1147 	struct hci_cp_set_event_filter f;
1148 	struct hci_dev *hdev = req->hdev;
1149 	u8 scan = SCAN_DISABLED;
1150 
1151 	/* Always clear event filter when starting */
1152 	hci_req_clear_event_filter(req);
1153 
1154 	list_for_each_entry(b, &hdev->whitelist, list) {
1155 		if (!hci_conn_test_flag(HCI_CONN_FLAG_REMOTE_WAKEUP,
1156 					b->current_flags))
1157 			continue;
1158 
1159 		memset(&f, 0, sizeof(f));
1160 		bacpy(&f.addr_conn_flt.bdaddr, &b->bdaddr);
1161 		f.flt_type = HCI_FLT_CONN_SETUP;
1162 		f.cond_type = HCI_CONN_SETUP_ALLOW_BDADDR;
1163 		f.addr_conn_flt.auto_accept = HCI_CONN_SETUP_AUTO_ON;
1164 
1165 		bt_dev_dbg(hdev, "Adding event filters for %pMR", &b->bdaddr);
1166 		hci_req_add(req, HCI_OP_SET_EVENT_FLT, sizeof(f), &f);
1167 		scan = SCAN_PAGE;
1168 	}
1169 
1170 	if (scan)
1171 		set_bit(SUSPEND_SCAN_ENABLE, hdev->suspend_tasks);
1172 	else
1173 		set_bit(SUSPEND_SCAN_DISABLE, hdev->suspend_tasks);
1174 
1175 	hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1176 }
1177 
1178 static void cancel_adv_timeout(struct hci_dev *hdev)
1179 {
1180 	if (hdev->adv_instance_timeout) {
1181 		hdev->adv_instance_timeout = 0;
1182 		cancel_delayed_work(&hdev->adv_instance_expire);
1183 	}
1184 }
1185 
1186 /* This function requires the caller holds hdev->lock */
1187 void __hci_req_pause_adv_instances(struct hci_request *req)
1188 {
1189 	bt_dev_dbg(req->hdev, "Pausing advertising instances");
1190 
1191 	/* Call to disable any advertisements active on the controller.
1192 	 * This will succeed even if no advertisements are configured.
1193 	 */
1194 	__hci_req_disable_advertising(req);
1195 
1196 	/* If we are using software rotation, pause the loop */
1197 	if (!ext_adv_capable(req->hdev))
1198 		cancel_adv_timeout(req->hdev);
1199 }
1200 
1201 /* This function requires the caller holds hdev->lock */
1202 static void __hci_req_resume_adv_instances(struct hci_request *req)
1203 {
1204 	struct adv_info *adv;
1205 
1206 	bt_dev_dbg(req->hdev, "Resuming advertising instances");
1207 
1208 	if (ext_adv_capable(req->hdev)) {
1209 		/* Call for each tracked instance to be re-enabled */
1210 		list_for_each_entry(adv, &req->hdev->adv_instances, list) {
1211 			__hci_req_enable_ext_advertising(req,
1212 							 adv->instance);
1213 		}
1214 
1215 	} else {
1216 		/* Schedule for most recent instance to be restarted and begin
1217 		 * the software rotation loop
1218 		 */
1219 		__hci_req_schedule_adv_instance(req,
1220 						req->hdev->cur_adv_instance,
1221 						true);
1222 	}
1223 }
1224 
1225 /* This function requires the caller holds hdev->lock */
1226 int hci_req_resume_adv_instances(struct hci_dev *hdev)
1227 {
1228 	struct hci_request req;
1229 
1230 	hci_req_init(&req, hdev);
1231 	__hci_req_resume_adv_instances(&req);
1232 
1233 	return hci_req_run(&req, NULL);
1234 }
1235 
1236 static void suspend_req_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1237 {
1238 	bt_dev_dbg(hdev, "Request complete opcode=0x%x, status=0x%x", opcode,
1239 		   status);
1240 	if (test_bit(SUSPEND_SCAN_ENABLE, hdev->suspend_tasks) ||
1241 	    test_bit(SUSPEND_SCAN_DISABLE, hdev->suspend_tasks)) {
1242 		clear_bit(SUSPEND_SCAN_ENABLE, hdev->suspend_tasks);
1243 		clear_bit(SUSPEND_SCAN_DISABLE, hdev->suspend_tasks);
1244 		wake_up(&hdev->suspend_wait_q);
1245 	}
1246 
1247 	if (test_bit(SUSPEND_SET_ADV_FILTER, hdev->suspend_tasks)) {
1248 		clear_bit(SUSPEND_SET_ADV_FILTER, hdev->suspend_tasks);
1249 		wake_up(&hdev->suspend_wait_q);
1250 	}
1251 }
1252 
1253 static void hci_req_add_set_adv_filter_enable(struct hci_request *req,
1254 					      bool enable)
1255 {
1256 	struct hci_dev *hdev = req->hdev;
1257 
1258 	switch (hci_get_adv_monitor_offload_ext(hdev)) {
1259 	case HCI_ADV_MONITOR_EXT_MSFT:
1260 		msft_req_add_set_filter_enable(req, enable);
1261 		break;
1262 	default:
1263 		return;
1264 	}
1265 
1266 	/* No need to block when enabling since it's on resume path */
1267 	if (hdev->suspended && !enable)
1268 		set_bit(SUSPEND_SET_ADV_FILTER, hdev->suspend_tasks);
1269 }
1270 
1271 /* Call with hci_dev_lock */
1272 void hci_req_prepare_suspend(struct hci_dev *hdev, enum suspended_state next)
1273 {
1274 	int old_state;
1275 	struct hci_conn *conn;
1276 	struct hci_request req;
1277 	u8 page_scan;
1278 	int disconnect_counter;
1279 
1280 	if (next == hdev->suspend_state) {
1281 		bt_dev_dbg(hdev, "Same state before and after: %d", next);
1282 		goto done;
1283 	}
1284 
1285 	hdev->suspend_state = next;
1286 	hci_req_init(&req, hdev);
1287 
1288 	if (next == BT_SUSPEND_DISCONNECT) {
1289 		/* Mark device as suspended */
1290 		hdev->suspended = true;
1291 
1292 		/* Pause discovery if not already stopped */
1293 		old_state = hdev->discovery.state;
1294 		if (old_state != DISCOVERY_STOPPED) {
1295 			set_bit(SUSPEND_PAUSE_DISCOVERY, hdev->suspend_tasks);
1296 			hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1297 			queue_work(hdev->req_workqueue, &hdev->discov_update);
1298 		}
1299 
1300 		hdev->discovery_paused = true;
1301 		hdev->discovery_old_state = old_state;
1302 
1303 		/* Stop directed advertising */
1304 		old_state = hci_dev_test_flag(hdev, HCI_ADVERTISING);
1305 		if (old_state) {
1306 			set_bit(SUSPEND_PAUSE_ADVERTISING, hdev->suspend_tasks);
1307 			cancel_delayed_work(&hdev->discov_off);
1308 			queue_delayed_work(hdev->req_workqueue,
1309 					   &hdev->discov_off, 0);
1310 		}
1311 
1312 		/* Pause other advertisements */
1313 		if (hdev->adv_instance_cnt)
1314 			__hci_req_pause_adv_instances(&req);
1315 
1316 		hdev->advertising_paused = true;
1317 		hdev->advertising_old_state = old_state;
1318 		/* Disable page scan */
1319 		page_scan = SCAN_DISABLED;
1320 		hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &page_scan);
1321 
1322 		/* Disable LE passive scan if enabled */
1323 		if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1324 			cancel_interleave_scan(hdev);
1325 			hci_req_add_le_scan_disable(&req, false);
1326 		}
1327 
1328 		/* Disable advertisement filters */
1329 		hci_req_add_set_adv_filter_enable(&req, false);
1330 
1331 		/* Mark task needing completion */
1332 		set_bit(SUSPEND_SCAN_DISABLE, hdev->suspend_tasks);
1333 
1334 		/* Prevent disconnects from causing scanning to be re-enabled */
1335 		hdev->scanning_paused = true;
1336 
1337 		/* Run commands before disconnecting */
1338 		hci_req_run(&req, suspend_req_complete);
1339 
1340 		disconnect_counter = 0;
1341 		/* Soft disconnect everything (power off) */
1342 		list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1343 			hci_disconnect(conn, HCI_ERROR_REMOTE_POWER_OFF);
1344 			disconnect_counter++;
1345 		}
1346 
1347 		if (disconnect_counter > 0) {
1348 			bt_dev_dbg(hdev,
1349 				   "Had %d disconnects. Will wait on them",
1350 				   disconnect_counter);
1351 			set_bit(SUSPEND_DISCONNECTING, hdev->suspend_tasks);
1352 		}
1353 	} else if (next == BT_SUSPEND_CONFIGURE_WAKE) {
1354 		/* Unpause to take care of updating scanning params */
1355 		hdev->scanning_paused = false;
1356 		/* Enable event filter for paired devices */
1357 		hci_req_set_event_filter(&req);
1358 		/* Enable passive scan at lower duty cycle */
1359 		__hci_update_background_scan(&req);
1360 		/* Pause scan changes again. */
1361 		hdev->scanning_paused = true;
1362 		hci_req_run(&req, suspend_req_complete);
1363 	} else {
1364 		hdev->suspended = false;
1365 		hdev->scanning_paused = false;
1366 
1367 		hci_req_clear_event_filter(&req);
1368 		/* Reset passive/background scanning to normal */
1369 		__hci_update_background_scan(&req);
1370 		/* Enable all of the advertisement filters */
1371 		hci_req_add_set_adv_filter_enable(&req, true);
1372 
1373 		/* Unpause directed advertising */
1374 		hdev->advertising_paused = false;
1375 		if (hdev->advertising_old_state) {
1376 			set_bit(SUSPEND_UNPAUSE_ADVERTISING,
1377 				hdev->suspend_tasks);
1378 			hci_dev_set_flag(hdev, HCI_ADVERTISING);
1379 			queue_work(hdev->req_workqueue,
1380 				   &hdev->discoverable_update);
1381 			hdev->advertising_old_state = 0;
1382 		}
1383 
1384 		/* Resume other advertisements */
1385 		if (hdev->adv_instance_cnt)
1386 			__hci_req_resume_adv_instances(&req);
1387 
1388 		/* Unpause discovery */
1389 		hdev->discovery_paused = false;
1390 		if (hdev->discovery_old_state != DISCOVERY_STOPPED &&
1391 		    hdev->discovery_old_state != DISCOVERY_STOPPING) {
1392 			set_bit(SUSPEND_UNPAUSE_DISCOVERY, hdev->suspend_tasks);
1393 			hci_discovery_set_state(hdev, DISCOVERY_STARTING);
1394 			queue_work(hdev->req_workqueue, &hdev->discov_update);
1395 		}
1396 
1397 		hci_req_run(&req, suspend_req_complete);
1398 	}
1399 
1400 	hdev->suspend_state = next;
1401 
1402 done:
1403 	clear_bit(SUSPEND_PREPARE_NOTIFIER, hdev->suspend_tasks);
1404 	wake_up(&hdev->suspend_wait_q);
1405 }
1406 
1407 static bool adv_cur_instance_is_scannable(struct hci_dev *hdev)
1408 {
1409 	return adv_instance_is_scannable(hdev, hdev->cur_adv_instance);
1410 }
1411 
1412 void __hci_req_disable_advertising(struct hci_request *req)
1413 {
1414 	if (ext_adv_capable(req->hdev)) {
1415 		__hci_req_disable_ext_adv_instance(req, 0x00);
1416 
1417 	} else {
1418 		u8 enable = 0x00;
1419 
1420 		hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1421 	}
1422 }
1423 
1424 static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
1425 {
1426 	u32 flags;
1427 	struct adv_info *adv_instance;
1428 
1429 	if (instance == 0x00) {
1430 		/* Instance 0 always manages the "Tx Power" and "Flags"
1431 		 * fields
1432 		 */
1433 		flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
1434 
1435 		/* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting
1436 		 * corresponds to the "connectable" instance flag.
1437 		 */
1438 		if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
1439 			flags |= MGMT_ADV_FLAG_CONNECTABLE;
1440 
1441 		if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1442 			flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
1443 		else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
1444 			flags |= MGMT_ADV_FLAG_DISCOV;
1445 
1446 		return flags;
1447 	}
1448 
1449 	adv_instance = hci_find_adv_instance(hdev, instance);
1450 
1451 	/* Return 0 when we got an invalid instance identifier. */
1452 	if (!adv_instance)
1453 		return 0;
1454 
1455 	return adv_instance->flags;
1456 }
1457 
1458 static bool adv_use_rpa(struct hci_dev *hdev, uint32_t flags)
1459 {
1460 	/* If privacy is not enabled don't use RPA */
1461 	if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
1462 		return false;
1463 
1464 	/* If basic privacy mode is enabled use RPA */
1465 	if (!hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1466 		return true;
1467 
1468 	/* If limited privacy mode is enabled don't use RPA if we're
1469 	 * both discoverable and bondable.
1470 	 */
1471 	if ((flags & MGMT_ADV_FLAG_DISCOV) &&
1472 	    hci_dev_test_flag(hdev, HCI_BONDABLE))
1473 		return false;
1474 
1475 	/* We're neither bondable nor discoverable in the limited
1476 	 * privacy mode, therefore use RPA.
1477 	 */
1478 	return true;
1479 }
1480 
1481 static bool is_advertising_allowed(struct hci_dev *hdev, bool connectable)
1482 {
1483 	/* If there is no connection we are OK to advertise. */
1484 	if (hci_conn_num(hdev, LE_LINK) == 0)
1485 		return true;
1486 
1487 	/* Check le_states if there is any connection in slave role. */
1488 	if (hdev->conn_hash.le_num_slave > 0) {
1489 		/* Slave connection state and non connectable mode bit 20. */
1490 		if (!connectable && !(hdev->le_states[2] & 0x10))
1491 			return false;
1492 
1493 		/* Slave connection state and connectable mode bit 38
1494 		 * and scannable bit 21.
1495 		 */
1496 		if (connectable && (!(hdev->le_states[4] & 0x40) ||
1497 				    !(hdev->le_states[2] & 0x20)))
1498 			return false;
1499 	}
1500 
1501 	/* Check le_states if there is any connection in master role. */
1502 	if (hci_conn_num(hdev, LE_LINK) != hdev->conn_hash.le_num_slave) {
1503 		/* Master connection state and non connectable mode bit 18. */
1504 		if (!connectable && !(hdev->le_states[2] & 0x02))
1505 			return false;
1506 
1507 		/* Master connection state and connectable mode bit 35 and
1508 		 * scannable 19.
1509 		 */
1510 		if (connectable && (!(hdev->le_states[4] & 0x08) ||
1511 				    !(hdev->le_states[2] & 0x08)))
1512 			return false;
1513 	}
1514 
1515 	return true;
1516 }
1517 
1518 void __hci_req_enable_advertising(struct hci_request *req)
1519 {
1520 	struct hci_dev *hdev = req->hdev;
1521 	struct adv_info *adv_instance;
1522 	struct hci_cp_le_set_adv_param cp;
1523 	u8 own_addr_type, enable = 0x01;
1524 	bool connectable;
1525 	u16 adv_min_interval, adv_max_interval;
1526 	u32 flags;
1527 
1528 	flags = get_adv_instance_flags(hdev, hdev->cur_adv_instance);
1529 	adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
1530 
1531 	/* If the "connectable" instance flag was not set, then choose between
1532 	 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1533 	 */
1534 	connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1535 		      mgmt_get_connectable(hdev);
1536 
1537 	if (!is_advertising_allowed(hdev, connectable))
1538 		return;
1539 
1540 	if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1541 		__hci_req_disable_advertising(req);
1542 
1543 	/* Clear the HCI_LE_ADV bit temporarily so that the
1544 	 * hci_update_random_address knows that it's safe to go ahead
1545 	 * and write a new random address. The flag will be set back on
1546 	 * as soon as the SET_ADV_ENABLE HCI command completes.
1547 	 */
1548 	hci_dev_clear_flag(hdev, HCI_LE_ADV);
1549 
1550 	/* Set require_privacy to true only when non-connectable
1551 	 * advertising is used. In that case it is fine to use a
1552 	 * non-resolvable private address.
1553 	 */
1554 	if (hci_update_random_address(req, !connectable,
1555 				      adv_use_rpa(hdev, flags),
1556 				      &own_addr_type) < 0)
1557 		return;
1558 
1559 	memset(&cp, 0, sizeof(cp));
1560 
1561 	if (adv_instance) {
1562 		adv_min_interval = adv_instance->min_interval;
1563 		adv_max_interval = adv_instance->max_interval;
1564 	} else {
1565 		adv_min_interval = hdev->le_adv_min_interval;
1566 		adv_max_interval = hdev->le_adv_max_interval;
1567 	}
1568 
1569 	if (connectable) {
1570 		cp.type = LE_ADV_IND;
1571 	} else {
1572 		if (adv_cur_instance_is_scannable(hdev))
1573 			cp.type = LE_ADV_SCAN_IND;
1574 		else
1575 			cp.type = LE_ADV_NONCONN_IND;
1576 
1577 		if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE) ||
1578 		    hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) {
1579 			adv_min_interval = DISCOV_LE_FAST_ADV_INT_MIN;
1580 			adv_max_interval = DISCOV_LE_FAST_ADV_INT_MAX;
1581 		}
1582 	}
1583 
1584 	cp.min_interval = cpu_to_le16(adv_min_interval);
1585 	cp.max_interval = cpu_to_le16(adv_max_interval);
1586 	cp.own_address_type = own_addr_type;
1587 	cp.channel_map = hdev->le_adv_channel_map;
1588 
1589 	hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1590 
1591 	hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1592 }
1593 
1594 u8 append_local_name(struct hci_dev *hdev, u8 *ptr, u8 ad_len)
1595 {
1596 	size_t short_len;
1597 	size_t complete_len;
1598 
1599 	/* no space left for name (+ NULL + type + len) */
1600 	if ((HCI_MAX_AD_LENGTH - ad_len) < HCI_MAX_SHORT_NAME_LENGTH + 3)
1601 		return ad_len;
1602 
1603 	/* use complete name if present and fits */
1604 	complete_len = strlen(hdev->dev_name);
1605 	if (complete_len && complete_len <= HCI_MAX_SHORT_NAME_LENGTH)
1606 		return eir_append_data(ptr, ad_len, EIR_NAME_COMPLETE,
1607 				       hdev->dev_name, complete_len + 1);
1608 
1609 	/* use short name if present */
1610 	short_len = strlen(hdev->short_name);
1611 	if (short_len)
1612 		return eir_append_data(ptr, ad_len, EIR_NAME_SHORT,
1613 				       hdev->short_name, short_len + 1);
1614 
1615 	/* use shortened full name if present, we already know that name
1616 	 * is longer then HCI_MAX_SHORT_NAME_LENGTH
1617 	 */
1618 	if (complete_len) {
1619 		u8 name[HCI_MAX_SHORT_NAME_LENGTH + 1];
1620 
1621 		memcpy(name, hdev->dev_name, HCI_MAX_SHORT_NAME_LENGTH);
1622 		name[HCI_MAX_SHORT_NAME_LENGTH] = '\0';
1623 
1624 		return eir_append_data(ptr, ad_len, EIR_NAME_SHORT, name,
1625 				       sizeof(name));
1626 	}
1627 
1628 	return ad_len;
1629 }
1630 
1631 static u8 append_appearance(struct hci_dev *hdev, u8 *ptr, u8 ad_len)
1632 {
1633 	return eir_append_le16(ptr, ad_len, EIR_APPEARANCE, hdev->appearance);
1634 }
1635 
1636 static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
1637 {
1638 	u8 scan_rsp_len = 0;
1639 
1640 	if (hdev->appearance) {
1641 		scan_rsp_len = append_appearance(hdev, ptr, scan_rsp_len);
1642 	}
1643 
1644 	return append_local_name(hdev, ptr, scan_rsp_len);
1645 }
1646 
1647 static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance,
1648 					u8 *ptr)
1649 {
1650 	struct adv_info *adv_instance;
1651 	u32 instance_flags;
1652 	u8 scan_rsp_len = 0;
1653 
1654 	adv_instance = hci_find_adv_instance(hdev, instance);
1655 	if (!adv_instance)
1656 		return 0;
1657 
1658 	instance_flags = adv_instance->flags;
1659 
1660 	if ((instance_flags & MGMT_ADV_FLAG_APPEARANCE) && hdev->appearance) {
1661 		scan_rsp_len = append_appearance(hdev, ptr, scan_rsp_len);
1662 	}
1663 
1664 	memcpy(&ptr[scan_rsp_len], adv_instance->scan_rsp_data,
1665 	       adv_instance->scan_rsp_len);
1666 
1667 	scan_rsp_len += adv_instance->scan_rsp_len;
1668 
1669 	if (instance_flags & MGMT_ADV_FLAG_LOCAL_NAME)
1670 		scan_rsp_len = append_local_name(hdev, ptr, scan_rsp_len);
1671 
1672 	return scan_rsp_len;
1673 }
1674 
1675 void __hci_req_update_scan_rsp_data(struct hci_request *req, u8 instance)
1676 {
1677 	struct hci_dev *hdev = req->hdev;
1678 	u8 len;
1679 
1680 	if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1681 		return;
1682 
1683 	if (ext_adv_capable(hdev)) {
1684 		struct hci_cp_le_set_ext_scan_rsp_data cp;
1685 
1686 		memset(&cp, 0, sizeof(cp));
1687 
1688 		if (instance)
1689 			len = create_instance_scan_rsp_data(hdev, instance,
1690 							    cp.data);
1691 		else
1692 			len = create_default_scan_rsp_data(hdev, cp.data);
1693 
1694 		if (hdev->scan_rsp_data_len == len &&
1695 		    !memcmp(cp.data, hdev->scan_rsp_data, len))
1696 			return;
1697 
1698 		memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
1699 		hdev->scan_rsp_data_len = len;
1700 
1701 		cp.handle = instance;
1702 		cp.length = len;
1703 		cp.operation = LE_SET_ADV_DATA_OP_COMPLETE;
1704 		cp.frag_pref = LE_SET_ADV_DATA_NO_FRAG;
1705 
1706 		hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_RSP_DATA, sizeof(cp),
1707 			    &cp);
1708 	} else {
1709 		struct hci_cp_le_set_scan_rsp_data cp;
1710 
1711 		memset(&cp, 0, sizeof(cp));
1712 
1713 		if (instance)
1714 			len = create_instance_scan_rsp_data(hdev, instance,
1715 							    cp.data);
1716 		else
1717 			len = create_default_scan_rsp_data(hdev, cp.data);
1718 
1719 		if (hdev->scan_rsp_data_len == len &&
1720 		    !memcmp(cp.data, hdev->scan_rsp_data, len))
1721 			return;
1722 
1723 		memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
1724 		hdev->scan_rsp_data_len = len;
1725 
1726 		cp.length = len;
1727 
1728 		hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
1729 	}
1730 }
1731 
1732 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
1733 {
1734 	struct adv_info *adv_instance = NULL;
1735 	u8 ad_len = 0, flags = 0;
1736 	u32 instance_flags;
1737 
1738 	/* Return 0 when the current instance identifier is invalid. */
1739 	if (instance) {
1740 		adv_instance = hci_find_adv_instance(hdev, instance);
1741 		if (!adv_instance)
1742 			return 0;
1743 	}
1744 
1745 	instance_flags = get_adv_instance_flags(hdev, instance);
1746 
1747 	/* If instance already has the flags set skip adding it once
1748 	 * again.
1749 	 */
1750 	if (adv_instance && eir_get_data(adv_instance->adv_data,
1751 					 adv_instance->adv_data_len, EIR_FLAGS,
1752 					 NULL))
1753 		goto skip_flags;
1754 
1755 	/* The Add Advertising command allows userspace to set both the general
1756 	 * and limited discoverable flags.
1757 	 */
1758 	if (instance_flags & MGMT_ADV_FLAG_DISCOV)
1759 		flags |= LE_AD_GENERAL;
1760 
1761 	if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
1762 		flags |= LE_AD_LIMITED;
1763 
1764 	if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1765 		flags |= LE_AD_NO_BREDR;
1766 
1767 	if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
1768 		/* If a discovery flag wasn't provided, simply use the global
1769 		 * settings.
1770 		 */
1771 		if (!flags)
1772 			flags |= mgmt_get_adv_discov_flags(hdev);
1773 
1774 		/* If flags would still be empty, then there is no need to
1775 		 * include the "Flags" AD field".
1776 		 */
1777 		if (flags) {
1778 			ptr[0] = 0x02;
1779 			ptr[1] = EIR_FLAGS;
1780 			ptr[2] = flags;
1781 
1782 			ad_len += 3;
1783 			ptr += 3;
1784 		}
1785 	}
1786 
1787 skip_flags:
1788 	if (adv_instance) {
1789 		memcpy(ptr, adv_instance->adv_data,
1790 		       adv_instance->adv_data_len);
1791 		ad_len += adv_instance->adv_data_len;
1792 		ptr += adv_instance->adv_data_len;
1793 	}
1794 
1795 	if (instance_flags & MGMT_ADV_FLAG_TX_POWER) {
1796 		s8 adv_tx_power;
1797 
1798 		if (ext_adv_capable(hdev)) {
1799 			if (adv_instance)
1800 				adv_tx_power = adv_instance->tx_power;
1801 			else
1802 				adv_tx_power = hdev->adv_tx_power;
1803 		} else {
1804 			adv_tx_power = hdev->adv_tx_power;
1805 		}
1806 
1807 		/* Provide Tx Power only if we can provide a valid value for it */
1808 		if (adv_tx_power != HCI_TX_POWER_INVALID) {
1809 			ptr[0] = 0x02;
1810 			ptr[1] = EIR_TX_POWER;
1811 			ptr[2] = (u8)adv_tx_power;
1812 
1813 			ad_len += 3;
1814 			ptr += 3;
1815 		}
1816 	}
1817 
1818 	return ad_len;
1819 }
1820 
1821 void __hci_req_update_adv_data(struct hci_request *req, u8 instance)
1822 {
1823 	struct hci_dev *hdev = req->hdev;
1824 	u8 len;
1825 
1826 	if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1827 		return;
1828 
1829 	if (ext_adv_capable(hdev)) {
1830 		struct hci_cp_le_set_ext_adv_data cp;
1831 
1832 		memset(&cp, 0, sizeof(cp));
1833 
1834 		len = create_instance_adv_data(hdev, instance, cp.data);
1835 
1836 		/* There's nothing to do if the data hasn't changed */
1837 		if (hdev->adv_data_len == len &&
1838 		    memcmp(cp.data, hdev->adv_data, len) == 0)
1839 			return;
1840 
1841 		memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1842 		hdev->adv_data_len = len;
1843 
1844 		cp.length = len;
1845 		cp.handle = instance;
1846 		cp.operation = LE_SET_ADV_DATA_OP_COMPLETE;
1847 		cp.frag_pref = LE_SET_ADV_DATA_NO_FRAG;
1848 
1849 		hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_DATA, sizeof(cp), &cp);
1850 	} else {
1851 		struct hci_cp_le_set_adv_data cp;
1852 
1853 		memset(&cp, 0, sizeof(cp));
1854 
1855 		len = create_instance_adv_data(hdev, instance, cp.data);
1856 
1857 		/* There's nothing to do if the data hasn't changed */
1858 		if (hdev->adv_data_len == len &&
1859 		    memcmp(cp.data, hdev->adv_data, len) == 0)
1860 			return;
1861 
1862 		memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1863 		hdev->adv_data_len = len;
1864 
1865 		cp.length = len;
1866 
1867 		hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1868 	}
1869 }
1870 
1871 int hci_req_update_adv_data(struct hci_dev *hdev, u8 instance)
1872 {
1873 	struct hci_request req;
1874 
1875 	hci_req_init(&req, hdev);
1876 	__hci_req_update_adv_data(&req, instance);
1877 
1878 	return hci_req_run(&req, NULL);
1879 }
1880 
1881 static void enable_addr_resolution_complete(struct hci_dev *hdev, u8 status,
1882 					    u16 opcode)
1883 {
1884 	BT_DBG("%s status %u", hdev->name, status);
1885 }
1886 
1887 void hci_req_disable_address_resolution(struct hci_dev *hdev)
1888 {
1889 	struct hci_request req;
1890 	__u8 enable = 0x00;
1891 
1892 	if (!use_ll_privacy(hdev) &&
1893 	    !hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION))
1894 		return;
1895 
1896 	hci_req_init(&req, hdev);
1897 
1898 	hci_req_add(&req, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE, 1, &enable);
1899 
1900 	hci_req_run(&req, enable_addr_resolution_complete);
1901 }
1902 
1903 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1904 {
1905 	bt_dev_dbg(hdev, "status %u", status);
1906 }
1907 
1908 void hci_req_reenable_advertising(struct hci_dev *hdev)
1909 {
1910 	struct hci_request req;
1911 
1912 	if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1913 	    list_empty(&hdev->adv_instances))
1914 		return;
1915 
1916 	hci_req_init(&req, hdev);
1917 
1918 	if (hdev->cur_adv_instance) {
1919 		__hci_req_schedule_adv_instance(&req, hdev->cur_adv_instance,
1920 						true);
1921 	} else {
1922 		if (ext_adv_capable(hdev)) {
1923 			__hci_req_start_ext_adv(&req, 0x00);
1924 		} else {
1925 			__hci_req_update_adv_data(&req, 0x00);
1926 			__hci_req_update_scan_rsp_data(&req, 0x00);
1927 			__hci_req_enable_advertising(&req);
1928 		}
1929 	}
1930 
1931 	hci_req_run(&req, adv_enable_complete);
1932 }
1933 
1934 static void adv_timeout_expire(struct work_struct *work)
1935 {
1936 	struct hci_dev *hdev = container_of(work, struct hci_dev,
1937 					    adv_instance_expire.work);
1938 
1939 	struct hci_request req;
1940 	u8 instance;
1941 
1942 	bt_dev_dbg(hdev, "");
1943 
1944 	hci_dev_lock(hdev);
1945 
1946 	hdev->adv_instance_timeout = 0;
1947 
1948 	instance = hdev->cur_adv_instance;
1949 	if (instance == 0x00)
1950 		goto unlock;
1951 
1952 	hci_req_init(&req, hdev);
1953 
1954 	hci_req_clear_adv_instance(hdev, NULL, &req, instance, false);
1955 
1956 	if (list_empty(&hdev->adv_instances))
1957 		__hci_req_disable_advertising(&req);
1958 
1959 	hci_req_run(&req, NULL);
1960 
1961 unlock:
1962 	hci_dev_unlock(hdev);
1963 }
1964 
1965 static int hci_req_add_le_interleaved_scan(struct hci_request *req,
1966 					   unsigned long opt)
1967 {
1968 	struct hci_dev *hdev = req->hdev;
1969 	int ret = 0;
1970 
1971 	hci_dev_lock(hdev);
1972 
1973 	if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
1974 		hci_req_add_le_scan_disable(req, false);
1975 	hci_req_add_le_passive_scan(req);
1976 
1977 	switch (hdev->interleave_scan_state) {
1978 	case INTERLEAVE_SCAN_ALLOWLIST:
1979 		bt_dev_dbg(hdev, "next state: allowlist");
1980 		hdev->interleave_scan_state = INTERLEAVE_SCAN_NO_FILTER;
1981 		break;
1982 	case INTERLEAVE_SCAN_NO_FILTER:
1983 		bt_dev_dbg(hdev, "next state: no filter");
1984 		hdev->interleave_scan_state = INTERLEAVE_SCAN_ALLOWLIST;
1985 		break;
1986 	case INTERLEAVE_SCAN_NONE:
1987 		BT_ERR("unexpected error");
1988 		ret = -1;
1989 	}
1990 
1991 	hci_dev_unlock(hdev);
1992 
1993 	return ret;
1994 }
1995 
1996 static void interleave_scan_work(struct work_struct *work)
1997 {
1998 	struct hci_dev *hdev = container_of(work, struct hci_dev,
1999 					    interleave_scan.work);
2000 	u8 status;
2001 	unsigned long timeout;
2002 
2003 	if (hdev->interleave_scan_state == INTERLEAVE_SCAN_ALLOWLIST) {
2004 		timeout = msecs_to_jiffies(hdev->advmon_allowlist_duration);
2005 	} else if (hdev->interleave_scan_state == INTERLEAVE_SCAN_NO_FILTER) {
2006 		timeout = msecs_to_jiffies(hdev->advmon_no_filter_duration);
2007 	} else {
2008 		bt_dev_err(hdev, "unexpected error");
2009 		return;
2010 	}
2011 
2012 	hci_req_sync(hdev, hci_req_add_le_interleaved_scan, 0,
2013 		     HCI_CMD_TIMEOUT, &status);
2014 
2015 	/* Don't continue interleaving if it was canceled */
2016 	if (is_interleave_scanning(hdev))
2017 		queue_delayed_work(hdev->req_workqueue,
2018 				   &hdev->interleave_scan, timeout);
2019 }
2020 
2021 int hci_get_random_address(struct hci_dev *hdev, bool require_privacy,
2022 			   bool use_rpa, struct adv_info *adv_instance,
2023 			   u8 *own_addr_type, bdaddr_t *rand_addr)
2024 {
2025 	int err;
2026 
2027 	bacpy(rand_addr, BDADDR_ANY);
2028 
2029 	/* If privacy is enabled use a resolvable private address. If
2030 	 * current RPA has expired then generate a new one.
2031 	 */
2032 	if (use_rpa) {
2033 		int to;
2034 
2035 		/* If Controller supports LL Privacy use own address type is
2036 		 * 0x03
2037 		 */
2038 		if (use_ll_privacy(hdev))
2039 			*own_addr_type = ADDR_LE_DEV_RANDOM_RESOLVED;
2040 		else
2041 			*own_addr_type = ADDR_LE_DEV_RANDOM;
2042 
2043 		if (adv_instance) {
2044 			if (!adv_instance->rpa_expired &&
2045 			    !bacmp(&adv_instance->random_addr, &hdev->rpa))
2046 				return 0;
2047 
2048 			adv_instance->rpa_expired = false;
2049 		} else {
2050 			if (!hci_dev_test_and_clear_flag(hdev, HCI_RPA_EXPIRED) &&
2051 			    !bacmp(&hdev->random_addr, &hdev->rpa))
2052 				return 0;
2053 		}
2054 
2055 		err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
2056 		if (err < 0) {
2057 			bt_dev_err(hdev, "failed to generate new RPA");
2058 			return err;
2059 		}
2060 
2061 		bacpy(rand_addr, &hdev->rpa);
2062 
2063 		to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
2064 		if (adv_instance)
2065 			queue_delayed_work(hdev->workqueue,
2066 					   &adv_instance->rpa_expired_cb, to);
2067 		else
2068 			queue_delayed_work(hdev->workqueue,
2069 					   &hdev->rpa_expired, to);
2070 
2071 		return 0;
2072 	}
2073 
2074 	/* In case of required privacy without resolvable private address,
2075 	 * use an non-resolvable private address. This is useful for
2076 	 * non-connectable advertising.
2077 	 */
2078 	if (require_privacy) {
2079 		bdaddr_t nrpa;
2080 
2081 		while (true) {
2082 			/* The non-resolvable private address is generated
2083 			 * from random six bytes with the two most significant
2084 			 * bits cleared.
2085 			 */
2086 			get_random_bytes(&nrpa, 6);
2087 			nrpa.b[5] &= 0x3f;
2088 
2089 			/* The non-resolvable private address shall not be
2090 			 * equal to the public address.
2091 			 */
2092 			if (bacmp(&hdev->bdaddr, &nrpa))
2093 				break;
2094 		}
2095 
2096 		*own_addr_type = ADDR_LE_DEV_RANDOM;
2097 		bacpy(rand_addr, &nrpa);
2098 
2099 		return 0;
2100 	}
2101 
2102 	/* No privacy so use a public address. */
2103 	*own_addr_type = ADDR_LE_DEV_PUBLIC;
2104 
2105 	return 0;
2106 }
2107 
2108 void __hci_req_clear_ext_adv_sets(struct hci_request *req)
2109 {
2110 	hci_req_add(req, HCI_OP_LE_CLEAR_ADV_SETS, 0, NULL);
2111 }
2112 
2113 int __hci_req_setup_ext_adv_instance(struct hci_request *req, u8 instance)
2114 {
2115 	struct hci_cp_le_set_ext_adv_params cp;
2116 	struct hci_dev *hdev = req->hdev;
2117 	bool connectable;
2118 	u32 flags;
2119 	bdaddr_t random_addr;
2120 	u8 own_addr_type;
2121 	int err;
2122 	struct adv_info *adv_instance;
2123 	bool secondary_adv;
2124 
2125 	if (instance > 0) {
2126 		adv_instance = hci_find_adv_instance(hdev, instance);
2127 		if (!adv_instance)
2128 			return -EINVAL;
2129 	} else {
2130 		adv_instance = NULL;
2131 	}
2132 
2133 	flags = get_adv_instance_flags(hdev, instance);
2134 
2135 	/* If the "connectable" instance flag was not set, then choose between
2136 	 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
2137 	 */
2138 	connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
2139 		      mgmt_get_connectable(hdev);
2140 
2141 	if (!is_advertising_allowed(hdev, connectable))
2142 		return -EPERM;
2143 
2144 	/* Set require_privacy to true only when non-connectable
2145 	 * advertising is used. In that case it is fine to use a
2146 	 * non-resolvable private address.
2147 	 */
2148 	err = hci_get_random_address(hdev, !connectable,
2149 				     adv_use_rpa(hdev, flags), adv_instance,
2150 				     &own_addr_type, &random_addr);
2151 	if (err < 0)
2152 		return err;
2153 
2154 	memset(&cp, 0, sizeof(cp));
2155 
2156 	if (adv_instance) {
2157 		hci_cpu_to_le24(adv_instance->min_interval, cp.min_interval);
2158 		hci_cpu_to_le24(adv_instance->max_interval, cp.max_interval);
2159 		cp.tx_power = adv_instance->tx_power;
2160 	} else {
2161 		hci_cpu_to_le24(hdev->le_adv_min_interval, cp.min_interval);
2162 		hci_cpu_to_le24(hdev->le_adv_max_interval, cp.max_interval);
2163 		cp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE;
2164 	}
2165 
2166 	secondary_adv = (flags & MGMT_ADV_FLAG_SEC_MASK);
2167 
2168 	if (connectable) {
2169 		if (secondary_adv)
2170 			cp.evt_properties = cpu_to_le16(LE_EXT_ADV_CONN_IND);
2171 		else
2172 			cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_IND);
2173 	} else if (adv_instance_is_scannable(hdev, instance)) {
2174 		if (secondary_adv)
2175 			cp.evt_properties = cpu_to_le16(LE_EXT_ADV_SCAN_IND);
2176 		else
2177 			cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_SCAN_IND);
2178 	} else {
2179 		if (secondary_adv)
2180 			cp.evt_properties = cpu_to_le16(LE_EXT_ADV_NON_CONN_IND);
2181 		else
2182 			cp.evt_properties = cpu_to_le16(LE_LEGACY_NONCONN_IND);
2183 	}
2184 
2185 	cp.own_addr_type = own_addr_type;
2186 	cp.channel_map = hdev->le_adv_channel_map;
2187 	cp.handle = instance;
2188 
2189 	if (flags & MGMT_ADV_FLAG_SEC_2M) {
2190 		cp.primary_phy = HCI_ADV_PHY_1M;
2191 		cp.secondary_phy = HCI_ADV_PHY_2M;
2192 	} else if (flags & MGMT_ADV_FLAG_SEC_CODED) {
2193 		cp.primary_phy = HCI_ADV_PHY_CODED;
2194 		cp.secondary_phy = HCI_ADV_PHY_CODED;
2195 	} else {
2196 		/* In all other cases use 1M */
2197 		cp.primary_phy = HCI_ADV_PHY_1M;
2198 		cp.secondary_phy = HCI_ADV_PHY_1M;
2199 	}
2200 
2201 	hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_PARAMS, sizeof(cp), &cp);
2202 
2203 	if (own_addr_type == ADDR_LE_DEV_RANDOM &&
2204 	    bacmp(&random_addr, BDADDR_ANY)) {
2205 		struct hci_cp_le_set_adv_set_rand_addr cp;
2206 
2207 		/* Check if random address need to be updated */
2208 		if (adv_instance) {
2209 			if (!bacmp(&random_addr, &adv_instance->random_addr))
2210 				return 0;
2211 		} else {
2212 			if (!bacmp(&random_addr, &hdev->random_addr))
2213 				return 0;
2214 		}
2215 
2216 		memset(&cp, 0, sizeof(cp));
2217 
2218 		cp.handle = instance;
2219 		bacpy(&cp.bdaddr, &random_addr);
2220 
2221 		hci_req_add(req,
2222 			    HCI_OP_LE_SET_ADV_SET_RAND_ADDR,
2223 			    sizeof(cp), &cp);
2224 	}
2225 
2226 	return 0;
2227 }
2228 
2229 int __hci_req_enable_ext_advertising(struct hci_request *req, u8 instance)
2230 {
2231 	struct hci_dev *hdev = req->hdev;
2232 	struct hci_cp_le_set_ext_adv_enable *cp;
2233 	struct hci_cp_ext_adv_set *adv_set;
2234 	u8 data[sizeof(*cp) + sizeof(*adv_set) * 1];
2235 	struct adv_info *adv_instance;
2236 
2237 	if (instance > 0) {
2238 		adv_instance = hci_find_adv_instance(hdev, instance);
2239 		if (!adv_instance)
2240 			return -EINVAL;
2241 	} else {
2242 		adv_instance = NULL;
2243 	}
2244 
2245 	cp = (void *) data;
2246 	adv_set = (void *) cp->data;
2247 
2248 	memset(cp, 0, sizeof(*cp));
2249 
2250 	cp->enable = 0x01;
2251 	cp->num_of_sets = 0x01;
2252 
2253 	memset(adv_set, 0, sizeof(*adv_set));
2254 
2255 	adv_set->handle = instance;
2256 
2257 	/* Set duration per instance since controller is responsible for
2258 	 * scheduling it.
2259 	 */
2260 	if (adv_instance && adv_instance->duration) {
2261 		u16 duration = adv_instance->timeout * MSEC_PER_SEC;
2262 
2263 		/* Time = N * 10 ms */
2264 		adv_set->duration = cpu_to_le16(duration / 10);
2265 	}
2266 
2267 	hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_ENABLE,
2268 		    sizeof(*cp) + sizeof(*adv_set) * cp->num_of_sets,
2269 		    data);
2270 
2271 	return 0;
2272 }
2273 
2274 int __hci_req_disable_ext_adv_instance(struct hci_request *req, u8 instance)
2275 {
2276 	struct hci_dev *hdev = req->hdev;
2277 	struct hci_cp_le_set_ext_adv_enable *cp;
2278 	struct hci_cp_ext_adv_set *adv_set;
2279 	u8 data[sizeof(*cp) + sizeof(*adv_set) * 1];
2280 	u8 req_size;
2281 
2282 	/* If request specifies an instance that doesn't exist, fail */
2283 	if (instance > 0 && !hci_find_adv_instance(hdev, instance))
2284 		return -EINVAL;
2285 
2286 	memset(data, 0, sizeof(data));
2287 
2288 	cp = (void *)data;
2289 	adv_set = (void *)cp->data;
2290 
2291 	/* Instance 0x00 indicates all advertising instances will be disabled */
2292 	cp->num_of_sets = !!instance;
2293 	cp->enable = 0x00;
2294 
2295 	adv_set->handle = instance;
2296 
2297 	req_size = sizeof(*cp) + sizeof(*adv_set) * cp->num_of_sets;
2298 	hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_ENABLE, req_size, data);
2299 
2300 	return 0;
2301 }
2302 
2303 int __hci_req_remove_ext_adv_instance(struct hci_request *req, u8 instance)
2304 {
2305 	struct hci_dev *hdev = req->hdev;
2306 
2307 	/* If request specifies an instance that doesn't exist, fail */
2308 	if (instance > 0 && !hci_find_adv_instance(hdev, instance))
2309 		return -EINVAL;
2310 
2311 	hci_req_add(req, HCI_OP_LE_REMOVE_ADV_SET, sizeof(instance), &instance);
2312 
2313 	return 0;
2314 }
2315 
2316 int __hci_req_start_ext_adv(struct hci_request *req, u8 instance)
2317 {
2318 	struct hci_dev *hdev = req->hdev;
2319 	struct adv_info *adv_instance = hci_find_adv_instance(hdev, instance);
2320 	int err;
2321 
2322 	/* If instance isn't pending, the chip knows about it, and it's safe to
2323 	 * disable
2324 	 */
2325 	if (adv_instance && !adv_instance->pending)
2326 		__hci_req_disable_ext_adv_instance(req, instance);
2327 
2328 	err = __hci_req_setup_ext_adv_instance(req, instance);
2329 	if (err < 0)
2330 		return err;
2331 
2332 	__hci_req_update_scan_rsp_data(req, instance);
2333 	__hci_req_enable_ext_advertising(req, instance);
2334 
2335 	return 0;
2336 }
2337 
2338 int __hci_req_schedule_adv_instance(struct hci_request *req, u8 instance,
2339 				    bool force)
2340 {
2341 	struct hci_dev *hdev = req->hdev;
2342 	struct adv_info *adv_instance = NULL;
2343 	u16 timeout;
2344 
2345 	if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2346 	    list_empty(&hdev->adv_instances))
2347 		return -EPERM;
2348 
2349 	if (hdev->adv_instance_timeout)
2350 		return -EBUSY;
2351 
2352 	adv_instance = hci_find_adv_instance(hdev, instance);
2353 	if (!adv_instance)
2354 		return -ENOENT;
2355 
2356 	/* A zero timeout means unlimited advertising. As long as there is
2357 	 * only one instance, duration should be ignored. We still set a timeout
2358 	 * in case further instances are being added later on.
2359 	 *
2360 	 * If the remaining lifetime of the instance is more than the duration
2361 	 * then the timeout corresponds to the duration, otherwise it will be
2362 	 * reduced to the remaining instance lifetime.
2363 	 */
2364 	if (adv_instance->timeout == 0 ||
2365 	    adv_instance->duration <= adv_instance->remaining_time)
2366 		timeout = adv_instance->duration;
2367 	else
2368 		timeout = adv_instance->remaining_time;
2369 
2370 	/* The remaining time is being reduced unless the instance is being
2371 	 * advertised without time limit.
2372 	 */
2373 	if (adv_instance->timeout)
2374 		adv_instance->remaining_time =
2375 				adv_instance->remaining_time - timeout;
2376 
2377 	/* Only use work for scheduling instances with legacy advertising */
2378 	if (!ext_adv_capable(hdev)) {
2379 		hdev->adv_instance_timeout = timeout;
2380 		queue_delayed_work(hdev->req_workqueue,
2381 			   &hdev->adv_instance_expire,
2382 			   msecs_to_jiffies(timeout * 1000));
2383 	}
2384 
2385 	/* If we're just re-scheduling the same instance again then do not
2386 	 * execute any HCI commands. This happens when a single instance is
2387 	 * being advertised.
2388 	 */
2389 	if (!force && hdev->cur_adv_instance == instance &&
2390 	    hci_dev_test_flag(hdev, HCI_LE_ADV))
2391 		return 0;
2392 
2393 	hdev->cur_adv_instance = instance;
2394 	if (ext_adv_capable(hdev)) {
2395 		__hci_req_start_ext_adv(req, instance);
2396 	} else {
2397 		__hci_req_update_adv_data(req, instance);
2398 		__hci_req_update_scan_rsp_data(req, instance);
2399 		__hci_req_enable_advertising(req);
2400 	}
2401 
2402 	return 0;
2403 }
2404 
2405 /* For a single instance:
2406  * - force == true: The instance will be removed even when its remaining
2407  *   lifetime is not zero.
2408  * - force == false: the instance will be deactivated but kept stored unless
2409  *   the remaining lifetime is zero.
2410  *
2411  * For instance == 0x00:
2412  * - force == true: All instances will be removed regardless of their timeout
2413  *   setting.
2414  * - force == false: Only instances that have a timeout will be removed.
2415  */
2416 void hci_req_clear_adv_instance(struct hci_dev *hdev, struct sock *sk,
2417 				struct hci_request *req, u8 instance,
2418 				bool force)
2419 {
2420 	struct adv_info *adv_instance, *n, *next_instance = NULL;
2421 	int err;
2422 	u8 rem_inst;
2423 
2424 	/* Cancel any timeout concerning the removed instance(s). */
2425 	if (!instance || hdev->cur_adv_instance == instance)
2426 		cancel_adv_timeout(hdev);
2427 
2428 	/* Get the next instance to advertise BEFORE we remove
2429 	 * the current one. This can be the same instance again
2430 	 * if there is only one instance.
2431 	 */
2432 	if (instance && hdev->cur_adv_instance == instance)
2433 		next_instance = hci_get_next_instance(hdev, instance);
2434 
2435 	if (instance == 0x00) {
2436 		list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances,
2437 					 list) {
2438 			if (!(force || adv_instance->timeout))
2439 				continue;
2440 
2441 			rem_inst = adv_instance->instance;
2442 			err = hci_remove_adv_instance(hdev, rem_inst);
2443 			if (!err)
2444 				mgmt_advertising_removed(sk, hdev, rem_inst);
2445 		}
2446 	} else {
2447 		adv_instance = hci_find_adv_instance(hdev, instance);
2448 
2449 		if (force || (adv_instance && adv_instance->timeout &&
2450 			      !adv_instance->remaining_time)) {
2451 			/* Don't advertise a removed instance. */
2452 			if (next_instance &&
2453 			    next_instance->instance == instance)
2454 				next_instance = NULL;
2455 
2456 			err = hci_remove_adv_instance(hdev, instance);
2457 			if (!err)
2458 				mgmt_advertising_removed(sk, hdev, instance);
2459 		}
2460 	}
2461 
2462 	if (!req || !hdev_is_powered(hdev) ||
2463 	    hci_dev_test_flag(hdev, HCI_ADVERTISING))
2464 		return;
2465 
2466 	if (next_instance && !ext_adv_capable(hdev))
2467 		__hci_req_schedule_adv_instance(req, next_instance->instance,
2468 						false);
2469 }
2470 
2471 static void set_random_addr(struct hci_request *req, bdaddr_t *rpa)
2472 {
2473 	struct hci_dev *hdev = req->hdev;
2474 
2475 	/* If we're advertising or initiating an LE connection we can't
2476 	 * go ahead and change the random address at this time. This is
2477 	 * because the eventual initiator address used for the
2478 	 * subsequently created connection will be undefined (some
2479 	 * controllers use the new address and others the one we had
2480 	 * when the operation started).
2481 	 *
2482 	 * In this kind of scenario skip the update and let the random
2483 	 * address be updated at the next cycle.
2484 	 */
2485 	if (hci_dev_test_flag(hdev, HCI_LE_ADV) ||
2486 	    hci_lookup_le_connect(hdev)) {
2487 		bt_dev_dbg(hdev, "Deferring random address update");
2488 		hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
2489 		return;
2490 	}
2491 
2492 	hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa);
2493 }
2494 
2495 int hci_update_random_address(struct hci_request *req, bool require_privacy,
2496 			      bool use_rpa, u8 *own_addr_type)
2497 {
2498 	struct hci_dev *hdev = req->hdev;
2499 	int err;
2500 
2501 	/* If privacy is enabled use a resolvable private address. If
2502 	 * current RPA has expired or there is something else than
2503 	 * the current RPA in use, then generate a new one.
2504 	 */
2505 	if (use_rpa) {
2506 		int to;
2507 
2508 		/* If Controller supports LL Privacy use own address type is
2509 		 * 0x03
2510 		 */
2511 		if (use_ll_privacy(hdev))
2512 			*own_addr_type = ADDR_LE_DEV_RANDOM_RESOLVED;
2513 		else
2514 			*own_addr_type = ADDR_LE_DEV_RANDOM;
2515 
2516 		if (!hci_dev_test_and_clear_flag(hdev, HCI_RPA_EXPIRED) &&
2517 		    !bacmp(&hdev->random_addr, &hdev->rpa))
2518 			return 0;
2519 
2520 		err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
2521 		if (err < 0) {
2522 			bt_dev_err(hdev, "failed to generate new RPA");
2523 			return err;
2524 		}
2525 
2526 		set_random_addr(req, &hdev->rpa);
2527 
2528 		to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
2529 		queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to);
2530 
2531 		return 0;
2532 	}
2533 
2534 	/* In case of required privacy without resolvable private address,
2535 	 * use an non-resolvable private address. This is useful for active
2536 	 * scanning and non-connectable advertising.
2537 	 */
2538 	if (require_privacy) {
2539 		bdaddr_t nrpa;
2540 
2541 		while (true) {
2542 			/* The non-resolvable private address is generated
2543 			 * from random six bytes with the two most significant
2544 			 * bits cleared.
2545 			 */
2546 			get_random_bytes(&nrpa, 6);
2547 			nrpa.b[5] &= 0x3f;
2548 
2549 			/* The non-resolvable private address shall not be
2550 			 * equal to the public address.
2551 			 */
2552 			if (bacmp(&hdev->bdaddr, &nrpa))
2553 				break;
2554 		}
2555 
2556 		*own_addr_type = ADDR_LE_DEV_RANDOM;
2557 		set_random_addr(req, &nrpa);
2558 		return 0;
2559 	}
2560 
2561 	/* If forcing static address is in use or there is no public
2562 	 * address use the static address as random address (but skip
2563 	 * the HCI command if the current random address is already the
2564 	 * static one.
2565 	 *
2566 	 * In case BR/EDR has been disabled on a dual-mode controller
2567 	 * and a static address has been configured, then use that
2568 	 * address instead of the public BR/EDR address.
2569 	 */
2570 	if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
2571 	    !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
2572 	    (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
2573 	     bacmp(&hdev->static_addr, BDADDR_ANY))) {
2574 		*own_addr_type = ADDR_LE_DEV_RANDOM;
2575 		if (bacmp(&hdev->static_addr, &hdev->random_addr))
2576 			hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
2577 				    &hdev->static_addr);
2578 		return 0;
2579 	}
2580 
2581 	/* Neither privacy nor static address is being used so use a
2582 	 * public address.
2583 	 */
2584 	*own_addr_type = ADDR_LE_DEV_PUBLIC;
2585 
2586 	return 0;
2587 }
2588 
2589 static bool disconnected_whitelist_entries(struct hci_dev *hdev)
2590 {
2591 	struct bdaddr_list *b;
2592 
2593 	list_for_each_entry(b, &hdev->whitelist, list) {
2594 		struct hci_conn *conn;
2595 
2596 		conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr);
2597 		if (!conn)
2598 			return true;
2599 
2600 		if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2601 			return true;
2602 	}
2603 
2604 	return false;
2605 }
2606 
2607 void __hci_req_update_scan(struct hci_request *req)
2608 {
2609 	struct hci_dev *hdev = req->hdev;
2610 	u8 scan;
2611 
2612 	if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2613 		return;
2614 
2615 	if (!hdev_is_powered(hdev))
2616 		return;
2617 
2618 	if (mgmt_powering_down(hdev))
2619 		return;
2620 
2621 	if (hdev->scanning_paused)
2622 		return;
2623 
2624 	if (hci_dev_test_flag(hdev, HCI_CONNECTABLE) ||
2625 	    disconnected_whitelist_entries(hdev))
2626 		scan = SCAN_PAGE;
2627 	else
2628 		scan = SCAN_DISABLED;
2629 
2630 	if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
2631 		scan |= SCAN_INQUIRY;
2632 
2633 	if (test_bit(HCI_PSCAN, &hdev->flags) == !!(scan & SCAN_PAGE) &&
2634 	    test_bit(HCI_ISCAN, &hdev->flags) == !!(scan & SCAN_INQUIRY))
2635 		return;
2636 
2637 	hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2638 }
2639 
2640 static int update_scan(struct hci_request *req, unsigned long opt)
2641 {
2642 	hci_dev_lock(req->hdev);
2643 	__hci_req_update_scan(req);
2644 	hci_dev_unlock(req->hdev);
2645 	return 0;
2646 }
2647 
2648 static void scan_update_work(struct work_struct *work)
2649 {
2650 	struct hci_dev *hdev = container_of(work, struct hci_dev, scan_update);
2651 
2652 	hci_req_sync(hdev, update_scan, 0, HCI_CMD_TIMEOUT, NULL);
2653 }
2654 
2655 static int connectable_update(struct hci_request *req, unsigned long opt)
2656 {
2657 	struct hci_dev *hdev = req->hdev;
2658 
2659 	hci_dev_lock(hdev);
2660 
2661 	__hci_req_update_scan(req);
2662 
2663 	/* If BR/EDR is not enabled and we disable advertising as a
2664 	 * by-product of disabling connectable, we need to update the
2665 	 * advertising flags.
2666 	 */
2667 	if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2668 		__hci_req_update_adv_data(req, hdev->cur_adv_instance);
2669 
2670 	/* Update the advertising parameters if necessary */
2671 	if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2672 	    !list_empty(&hdev->adv_instances)) {
2673 		if (ext_adv_capable(hdev))
2674 			__hci_req_start_ext_adv(req, hdev->cur_adv_instance);
2675 		else
2676 			__hci_req_enable_advertising(req);
2677 	}
2678 
2679 	__hci_update_background_scan(req);
2680 
2681 	hci_dev_unlock(hdev);
2682 
2683 	return 0;
2684 }
2685 
2686 static void connectable_update_work(struct work_struct *work)
2687 {
2688 	struct hci_dev *hdev = container_of(work, struct hci_dev,
2689 					    connectable_update);
2690 	u8 status;
2691 
2692 	hci_req_sync(hdev, connectable_update, 0, HCI_CMD_TIMEOUT, &status);
2693 	mgmt_set_connectable_complete(hdev, status);
2694 }
2695 
2696 static u8 get_service_classes(struct hci_dev *hdev)
2697 {
2698 	struct bt_uuid *uuid;
2699 	u8 val = 0;
2700 
2701 	list_for_each_entry(uuid, &hdev->uuids, list)
2702 		val |= uuid->svc_hint;
2703 
2704 	return val;
2705 }
2706 
2707 void __hci_req_update_class(struct hci_request *req)
2708 {
2709 	struct hci_dev *hdev = req->hdev;
2710 	u8 cod[3];
2711 
2712 	bt_dev_dbg(hdev, "");
2713 
2714 	if (!hdev_is_powered(hdev))
2715 		return;
2716 
2717 	if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2718 		return;
2719 
2720 	if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
2721 		return;
2722 
2723 	cod[0] = hdev->minor_class;
2724 	cod[1] = hdev->major_class;
2725 	cod[2] = get_service_classes(hdev);
2726 
2727 	if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
2728 		cod[1] |= 0x20;
2729 
2730 	if (memcmp(cod, hdev->dev_class, 3) == 0)
2731 		return;
2732 
2733 	hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
2734 }
2735 
2736 static void write_iac(struct hci_request *req)
2737 {
2738 	struct hci_dev *hdev = req->hdev;
2739 	struct hci_cp_write_current_iac_lap cp;
2740 
2741 	if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
2742 		return;
2743 
2744 	if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) {
2745 		/* Limited discoverable mode */
2746 		cp.num_iac = min_t(u8, hdev->num_iac, 2);
2747 		cp.iac_lap[0] = 0x00;	/* LIAC */
2748 		cp.iac_lap[1] = 0x8b;
2749 		cp.iac_lap[2] = 0x9e;
2750 		cp.iac_lap[3] = 0x33;	/* GIAC */
2751 		cp.iac_lap[4] = 0x8b;
2752 		cp.iac_lap[5] = 0x9e;
2753 	} else {
2754 		/* General discoverable mode */
2755 		cp.num_iac = 1;
2756 		cp.iac_lap[0] = 0x33;	/* GIAC */
2757 		cp.iac_lap[1] = 0x8b;
2758 		cp.iac_lap[2] = 0x9e;
2759 	}
2760 
2761 	hci_req_add(req, HCI_OP_WRITE_CURRENT_IAC_LAP,
2762 		    (cp.num_iac * 3) + 1, &cp);
2763 }
2764 
2765 static int discoverable_update(struct hci_request *req, unsigned long opt)
2766 {
2767 	struct hci_dev *hdev = req->hdev;
2768 
2769 	hci_dev_lock(hdev);
2770 
2771 	if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2772 		write_iac(req);
2773 		__hci_req_update_scan(req);
2774 		__hci_req_update_class(req);
2775 	}
2776 
2777 	/* Advertising instances don't use the global discoverable setting, so
2778 	 * only update AD if advertising was enabled using Set Advertising.
2779 	 */
2780 	if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2781 		__hci_req_update_adv_data(req, 0x00);
2782 
2783 		/* Discoverable mode affects the local advertising
2784 		 * address in limited privacy mode.
2785 		 */
2786 		if (hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) {
2787 			if (ext_adv_capable(hdev))
2788 				__hci_req_start_ext_adv(req, 0x00);
2789 			else
2790 				__hci_req_enable_advertising(req);
2791 		}
2792 	}
2793 
2794 	hci_dev_unlock(hdev);
2795 
2796 	return 0;
2797 }
2798 
2799 static void discoverable_update_work(struct work_struct *work)
2800 {
2801 	struct hci_dev *hdev = container_of(work, struct hci_dev,
2802 					    discoverable_update);
2803 	u8 status;
2804 
2805 	hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, &status);
2806 	mgmt_set_discoverable_complete(hdev, status);
2807 }
2808 
2809 void __hci_abort_conn(struct hci_request *req, struct hci_conn *conn,
2810 		      u8 reason)
2811 {
2812 	switch (conn->state) {
2813 	case BT_CONNECTED:
2814 	case BT_CONFIG:
2815 		if (conn->type == AMP_LINK) {
2816 			struct hci_cp_disconn_phy_link cp;
2817 
2818 			cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
2819 			cp.reason = reason;
2820 			hci_req_add(req, HCI_OP_DISCONN_PHY_LINK, sizeof(cp),
2821 				    &cp);
2822 		} else {
2823 			struct hci_cp_disconnect dc;
2824 
2825 			dc.handle = cpu_to_le16(conn->handle);
2826 			dc.reason = reason;
2827 			hci_req_add(req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2828 		}
2829 
2830 		conn->state = BT_DISCONN;
2831 
2832 		break;
2833 	case BT_CONNECT:
2834 		if (conn->type == LE_LINK) {
2835 			if (test_bit(HCI_CONN_SCANNING, &conn->flags))
2836 				break;
2837 			hci_req_add(req, HCI_OP_LE_CREATE_CONN_CANCEL,
2838 				    0, NULL);
2839 		} else if (conn->type == ACL_LINK) {
2840 			if (req->hdev->hci_ver < BLUETOOTH_VER_1_2)
2841 				break;
2842 			hci_req_add(req, HCI_OP_CREATE_CONN_CANCEL,
2843 				    6, &conn->dst);
2844 		}
2845 		break;
2846 	case BT_CONNECT2:
2847 		if (conn->type == ACL_LINK) {
2848 			struct hci_cp_reject_conn_req rej;
2849 
2850 			bacpy(&rej.bdaddr, &conn->dst);
2851 			rej.reason = reason;
2852 
2853 			hci_req_add(req, HCI_OP_REJECT_CONN_REQ,
2854 				    sizeof(rej), &rej);
2855 		} else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
2856 			struct hci_cp_reject_sync_conn_req rej;
2857 
2858 			bacpy(&rej.bdaddr, &conn->dst);
2859 
2860 			/* SCO rejection has its own limited set of
2861 			 * allowed error values (0x0D-0x0F) which isn't
2862 			 * compatible with most values passed to this
2863 			 * function. To be safe hard-code one of the
2864 			 * values that's suitable for SCO.
2865 			 */
2866 			rej.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
2867 
2868 			hci_req_add(req, HCI_OP_REJECT_SYNC_CONN_REQ,
2869 				    sizeof(rej), &rej);
2870 		}
2871 		break;
2872 	default:
2873 		conn->state = BT_CLOSED;
2874 		break;
2875 	}
2876 }
2877 
2878 static void abort_conn_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2879 {
2880 	if (status)
2881 		bt_dev_dbg(hdev, "Failed to abort connection: status 0x%2.2x", status);
2882 }
2883 
2884 int hci_abort_conn(struct hci_conn *conn, u8 reason)
2885 {
2886 	struct hci_request req;
2887 	int err;
2888 
2889 	hci_req_init(&req, conn->hdev);
2890 
2891 	__hci_abort_conn(&req, conn, reason);
2892 
2893 	err = hci_req_run(&req, abort_conn_complete);
2894 	if (err && err != -ENODATA) {
2895 		bt_dev_err(conn->hdev, "failed to run HCI request: err %d", err);
2896 		return err;
2897 	}
2898 
2899 	return 0;
2900 }
2901 
2902 static int update_bg_scan(struct hci_request *req, unsigned long opt)
2903 {
2904 	hci_dev_lock(req->hdev);
2905 	__hci_update_background_scan(req);
2906 	hci_dev_unlock(req->hdev);
2907 	return 0;
2908 }
2909 
2910 static void bg_scan_update(struct work_struct *work)
2911 {
2912 	struct hci_dev *hdev = container_of(work, struct hci_dev,
2913 					    bg_scan_update);
2914 	struct hci_conn *conn;
2915 	u8 status;
2916 	int err;
2917 
2918 	err = hci_req_sync(hdev, update_bg_scan, 0, HCI_CMD_TIMEOUT, &status);
2919 	if (!err)
2920 		return;
2921 
2922 	hci_dev_lock(hdev);
2923 
2924 	conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
2925 	if (conn)
2926 		hci_le_conn_failed(conn, status);
2927 
2928 	hci_dev_unlock(hdev);
2929 }
2930 
2931 static int le_scan_disable(struct hci_request *req, unsigned long opt)
2932 {
2933 	hci_req_add_le_scan_disable(req, false);
2934 	return 0;
2935 }
2936 
2937 static int bredr_inquiry(struct hci_request *req, unsigned long opt)
2938 {
2939 	u8 length = opt;
2940 	const u8 giac[3] = { 0x33, 0x8b, 0x9e };
2941 	const u8 liac[3] = { 0x00, 0x8b, 0x9e };
2942 	struct hci_cp_inquiry cp;
2943 
2944 	bt_dev_dbg(req->hdev, "");
2945 
2946 	hci_dev_lock(req->hdev);
2947 	hci_inquiry_cache_flush(req->hdev);
2948 	hci_dev_unlock(req->hdev);
2949 
2950 	memset(&cp, 0, sizeof(cp));
2951 
2952 	if (req->hdev->discovery.limited)
2953 		memcpy(&cp.lap, liac, sizeof(cp.lap));
2954 	else
2955 		memcpy(&cp.lap, giac, sizeof(cp.lap));
2956 
2957 	cp.length = length;
2958 
2959 	hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
2960 
2961 	return 0;
2962 }
2963 
2964 static void le_scan_disable_work(struct work_struct *work)
2965 {
2966 	struct hci_dev *hdev = container_of(work, struct hci_dev,
2967 					    le_scan_disable.work);
2968 	u8 status;
2969 
2970 	bt_dev_dbg(hdev, "");
2971 
2972 	if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
2973 		return;
2974 
2975 	cancel_delayed_work(&hdev->le_scan_restart);
2976 
2977 	hci_req_sync(hdev, le_scan_disable, 0, HCI_CMD_TIMEOUT, &status);
2978 	if (status) {
2979 		bt_dev_err(hdev, "failed to disable LE scan: status 0x%02x",
2980 			   status);
2981 		return;
2982 	}
2983 
2984 	hdev->discovery.scan_start = 0;
2985 
2986 	/* If we were running LE only scan, change discovery state. If
2987 	 * we were running both LE and BR/EDR inquiry simultaneously,
2988 	 * and BR/EDR inquiry is already finished, stop discovery,
2989 	 * otherwise BR/EDR inquiry will stop discovery when finished.
2990 	 * If we will resolve remote device name, do not change
2991 	 * discovery state.
2992 	 */
2993 
2994 	if (hdev->discovery.type == DISCOV_TYPE_LE)
2995 		goto discov_stopped;
2996 
2997 	if (hdev->discovery.type != DISCOV_TYPE_INTERLEAVED)
2998 		return;
2999 
3000 	if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks)) {
3001 		if (!test_bit(HCI_INQUIRY, &hdev->flags) &&
3002 		    hdev->discovery.state != DISCOVERY_RESOLVING)
3003 			goto discov_stopped;
3004 
3005 		return;
3006 	}
3007 
3008 	hci_req_sync(hdev, bredr_inquiry, DISCOV_INTERLEAVED_INQUIRY_LEN,
3009 		     HCI_CMD_TIMEOUT, &status);
3010 	if (status) {
3011 		bt_dev_err(hdev, "inquiry failed: status 0x%02x", status);
3012 		goto discov_stopped;
3013 	}
3014 
3015 	return;
3016 
3017 discov_stopped:
3018 	hci_dev_lock(hdev);
3019 	hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3020 	hci_dev_unlock(hdev);
3021 }
3022 
3023 static int le_scan_restart(struct hci_request *req, unsigned long opt)
3024 {
3025 	struct hci_dev *hdev = req->hdev;
3026 
3027 	/* If controller is not scanning we are done. */
3028 	if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
3029 		return 0;
3030 
3031 	if (hdev->scanning_paused) {
3032 		bt_dev_dbg(hdev, "Scanning is paused for suspend");
3033 		return 0;
3034 	}
3035 
3036 	hci_req_add_le_scan_disable(req, false);
3037 
3038 	if (use_ext_scan(hdev)) {
3039 		struct hci_cp_le_set_ext_scan_enable ext_enable_cp;
3040 
3041 		memset(&ext_enable_cp, 0, sizeof(ext_enable_cp));
3042 		ext_enable_cp.enable = LE_SCAN_ENABLE;
3043 		ext_enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3044 
3045 		hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE,
3046 			    sizeof(ext_enable_cp), &ext_enable_cp);
3047 	} else {
3048 		struct hci_cp_le_set_scan_enable cp;
3049 
3050 		memset(&cp, 0, sizeof(cp));
3051 		cp.enable = LE_SCAN_ENABLE;
3052 		cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3053 		hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
3054 	}
3055 
3056 	return 0;
3057 }
3058 
3059 static void le_scan_restart_work(struct work_struct *work)
3060 {
3061 	struct hci_dev *hdev = container_of(work, struct hci_dev,
3062 					    le_scan_restart.work);
3063 	unsigned long timeout, duration, scan_start, now;
3064 	u8 status;
3065 
3066 	bt_dev_dbg(hdev, "");
3067 
3068 	hci_req_sync(hdev, le_scan_restart, 0, HCI_CMD_TIMEOUT, &status);
3069 	if (status) {
3070 		bt_dev_err(hdev, "failed to restart LE scan: status %d",
3071 			   status);
3072 		return;
3073 	}
3074 
3075 	hci_dev_lock(hdev);
3076 
3077 	if (!test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) ||
3078 	    !hdev->discovery.scan_start)
3079 		goto unlock;
3080 
3081 	/* When the scan was started, hdev->le_scan_disable has been queued
3082 	 * after duration from scan_start. During scan restart this job
3083 	 * has been canceled, and we need to queue it again after proper
3084 	 * timeout, to make sure that scan does not run indefinitely.
3085 	 */
3086 	duration = hdev->discovery.scan_duration;
3087 	scan_start = hdev->discovery.scan_start;
3088 	now = jiffies;
3089 	if (now - scan_start <= duration) {
3090 		int elapsed;
3091 
3092 		if (now >= scan_start)
3093 			elapsed = now - scan_start;
3094 		else
3095 			elapsed = ULONG_MAX - scan_start + now;
3096 
3097 		timeout = duration - elapsed;
3098 	} else {
3099 		timeout = 0;
3100 	}
3101 
3102 	queue_delayed_work(hdev->req_workqueue,
3103 			   &hdev->le_scan_disable, timeout);
3104 
3105 unlock:
3106 	hci_dev_unlock(hdev);
3107 }
3108 
3109 static int active_scan(struct hci_request *req, unsigned long opt)
3110 {
3111 	uint16_t interval = opt;
3112 	struct hci_dev *hdev = req->hdev;
3113 	u8 own_addr_type;
3114 	/* White list is not used for discovery */
3115 	u8 filter_policy = 0x00;
3116 	/* Discovery doesn't require controller address resolution */
3117 	bool addr_resolv = false;
3118 	int err;
3119 
3120 	bt_dev_dbg(hdev, "");
3121 
3122 	/* If controller is scanning, it means the background scanning is
3123 	 * running. Thus, we should temporarily stop it in order to set the
3124 	 * discovery scanning parameters.
3125 	 */
3126 	if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
3127 		hci_req_add_le_scan_disable(req, false);
3128 		cancel_interleave_scan(hdev);
3129 	}
3130 
3131 	/* All active scans will be done with either a resolvable private
3132 	 * address (when privacy feature has been enabled) or non-resolvable
3133 	 * private address.
3134 	 */
3135 	err = hci_update_random_address(req, true, scan_use_rpa(hdev),
3136 					&own_addr_type);
3137 	if (err < 0)
3138 		own_addr_type = ADDR_LE_DEV_PUBLIC;
3139 
3140 	hci_req_start_scan(req, LE_SCAN_ACTIVE, interval,
3141 			   hdev->le_scan_window_discovery, own_addr_type,
3142 			   filter_policy, addr_resolv);
3143 	return 0;
3144 }
3145 
3146 static int interleaved_discov(struct hci_request *req, unsigned long opt)
3147 {
3148 	int err;
3149 
3150 	bt_dev_dbg(req->hdev, "");
3151 
3152 	err = active_scan(req, opt);
3153 	if (err)
3154 		return err;
3155 
3156 	return bredr_inquiry(req, DISCOV_BREDR_INQUIRY_LEN);
3157 }
3158 
3159 static void start_discovery(struct hci_dev *hdev, u8 *status)
3160 {
3161 	unsigned long timeout;
3162 
3163 	bt_dev_dbg(hdev, "type %u", hdev->discovery.type);
3164 
3165 	switch (hdev->discovery.type) {
3166 	case DISCOV_TYPE_BREDR:
3167 		if (!hci_dev_test_flag(hdev, HCI_INQUIRY))
3168 			hci_req_sync(hdev, bredr_inquiry,
3169 				     DISCOV_BREDR_INQUIRY_LEN, HCI_CMD_TIMEOUT,
3170 				     status);
3171 		return;
3172 	case DISCOV_TYPE_INTERLEAVED:
3173 		/* When running simultaneous discovery, the LE scanning time
3174 		 * should occupy the whole discovery time sine BR/EDR inquiry
3175 		 * and LE scanning are scheduled by the controller.
3176 		 *
3177 		 * For interleaving discovery in comparison, BR/EDR inquiry
3178 		 * and LE scanning are done sequentially with separate
3179 		 * timeouts.
3180 		 */
3181 		if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
3182 			     &hdev->quirks)) {
3183 			timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3184 			/* During simultaneous discovery, we double LE scan
3185 			 * interval. We must leave some time for the controller
3186 			 * to do BR/EDR inquiry.
3187 			 */
3188 			hci_req_sync(hdev, interleaved_discov,
3189 				     hdev->le_scan_int_discovery * 2, HCI_CMD_TIMEOUT,
3190 				     status);
3191 			break;
3192 		}
3193 
3194 		timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3195 		hci_req_sync(hdev, active_scan, hdev->le_scan_int_discovery,
3196 			     HCI_CMD_TIMEOUT, status);
3197 		break;
3198 	case DISCOV_TYPE_LE:
3199 		timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3200 		hci_req_sync(hdev, active_scan, hdev->le_scan_int_discovery,
3201 			     HCI_CMD_TIMEOUT, status);
3202 		break;
3203 	default:
3204 		*status = HCI_ERROR_UNSPECIFIED;
3205 		return;
3206 	}
3207 
3208 	if (*status)
3209 		return;
3210 
3211 	bt_dev_dbg(hdev, "timeout %u ms", jiffies_to_msecs(timeout));
3212 
3213 	/* When service discovery is used and the controller has a
3214 	 * strict duplicate filter, it is important to remember the
3215 	 * start and duration of the scan. This is required for
3216 	 * restarting scanning during the discovery phase.
3217 	 */
3218 	if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) &&
3219 		     hdev->discovery.result_filtering) {
3220 		hdev->discovery.scan_start = jiffies;
3221 		hdev->discovery.scan_duration = timeout;
3222 	}
3223 
3224 	queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_disable,
3225 			   timeout);
3226 }
3227 
3228 bool hci_req_stop_discovery(struct hci_request *req)
3229 {
3230 	struct hci_dev *hdev = req->hdev;
3231 	struct discovery_state *d = &hdev->discovery;
3232 	struct hci_cp_remote_name_req_cancel cp;
3233 	struct inquiry_entry *e;
3234 	bool ret = false;
3235 
3236 	bt_dev_dbg(hdev, "state %u", hdev->discovery.state);
3237 
3238 	if (d->state == DISCOVERY_FINDING || d->state == DISCOVERY_STOPPING) {
3239 		if (test_bit(HCI_INQUIRY, &hdev->flags))
3240 			hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3241 
3242 		if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
3243 			cancel_delayed_work(&hdev->le_scan_disable);
3244 			hci_req_add_le_scan_disable(req, false);
3245 		}
3246 
3247 		ret = true;
3248 	} else {
3249 		/* Passive scanning */
3250 		if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
3251 			hci_req_add_le_scan_disable(req, false);
3252 			ret = true;
3253 		}
3254 	}
3255 
3256 	/* No further actions needed for LE-only discovery */
3257 	if (d->type == DISCOV_TYPE_LE)
3258 		return ret;
3259 
3260 	if (d->state == DISCOVERY_RESOLVING || d->state == DISCOVERY_STOPPING) {
3261 		e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3262 						     NAME_PENDING);
3263 		if (!e)
3264 			return ret;
3265 
3266 		bacpy(&cp.bdaddr, &e->data.bdaddr);
3267 		hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3268 			    &cp);
3269 		ret = true;
3270 	}
3271 
3272 	return ret;
3273 }
3274 
3275 static int stop_discovery(struct hci_request *req, unsigned long opt)
3276 {
3277 	hci_dev_lock(req->hdev);
3278 	hci_req_stop_discovery(req);
3279 	hci_dev_unlock(req->hdev);
3280 
3281 	return 0;
3282 }
3283 
3284 static void discov_update(struct work_struct *work)
3285 {
3286 	struct hci_dev *hdev = container_of(work, struct hci_dev,
3287 					    discov_update);
3288 	u8 status = 0;
3289 
3290 	switch (hdev->discovery.state) {
3291 	case DISCOVERY_STARTING:
3292 		start_discovery(hdev, &status);
3293 		mgmt_start_discovery_complete(hdev, status);
3294 		if (status)
3295 			hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3296 		else
3297 			hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3298 		break;
3299 	case DISCOVERY_STOPPING:
3300 		hci_req_sync(hdev, stop_discovery, 0, HCI_CMD_TIMEOUT, &status);
3301 		mgmt_stop_discovery_complete(hdev, status);
3302 		if (!status)
3303 			hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3304 		break;
3305 	case DISCOVERY_STOPPED:
3306 	default:
3307 		return;
3308 	}
3309 }
3310 
3311 static void discov_off(struct work_struct *work)
3312 {
3313 	struct hci_dev *hdev = container_of(work, struct hci_dev,
3314 					    discov_off.work);
3315 
3316 	bt_dev_dbg(hdev, "");
3317 
3318 	hci_dev_lock(hdev);
3319 
3320 	/* When discoverable timeout triggers, then just make sure
3321 	 * the limited discoverable flag is cleared. Even in the case
3322 	 * of a timeout triggered from general discoverable, it is
3323 	 * safe to unconditionally clear the flag.
3324 	 */
3325 	hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
3326 	hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
3327 	hdev->discov_timeout = 0;
3328 
3329 	hci_dev_unlock(hdev);
3330 
3331 	hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, NULL);
3332 	mgmt_new_settings(hdev);
3333 }
3334 
3335 static int powered_update_hci(struct hci_request *req, unsigned long opt)
3336 {
3337 	struct hci_dev *hdev = req->hdev;
3338 	u8 link_sec;
3339 
3340 	hci_dev_lock(hdev);
3341 
3342 	if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
3343 	    !lmp_host_ssp_capable(hdev)) {
3344 		u8 mode = 0x01;
3345 
3346 		hci_req_add(req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
3347 
3348 		if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
3349 			u8 support = 0x01;
3350 
3351 			hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
3352 				    sizeof(support), &support);
3353 		}
3354 	}
3355 
3356 	if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
3357 	    lmp_bredr_capable(hdev)) {
3358 		struct hci_cp_write_le_host_supported cp;
3359 
3360 		cp.le = 0x01;
3361 		cp.simul = 0x00;
3362 
3363 		/* Check first if we already have the right
3364 		 * host state (host features set)
3365 		 */
3366 		if (cp.le != lmp_host_le_capable(hdev) ||
3367 		    cp.simul != lmp_host_le_br_capable(hdev))
3368 			hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3369 				    sizeof(cp), &cp);
3370 	}
3371 
3372 	if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
3373 		/* Make sure the controller has a good default for
3374 		 * advertising data. This also applies to the case
3375 		 * where BR/EDR was toggled during the AUTO_OFF phase.
3376 		 */
3377 		if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
3378 		    list_empty(&hdev->adv_instances)) {
3379 			int err;
3380 
3381 			if (ext_adv_capable(hdev)) {
3382 				err = __hci_req_setup_ext_adv_instance(req,
3383 								       0x00);
3384 				if (!err)
3385 					__hci_req_update_scan_rsp_data(req,
3386 								       0x00);
3387 			} else {
3388 				err = 0;
3389 				__hci_req_update_adv_data(req, 0x00);
3390 				__hci_req_update_scan_rsp_data(req, 0x00);
3391 			}
3392 
3393 			if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
3394 				if (!ext_adv_capable(hdev))
3395 					__hci_req_enable_advertising(req);
3396 				else if (!err)
3397 					__hci_req_enable_ext_advertising(req,
3398 									 0x00);
3399 			}
3400 		} else if (!list_empty(&hdev->adv_instances)) {
3401 			struct adv_info *adv_instance;
3402 
3403 			adv_instance = list_first_entry(&hdev->adv_instances,
3404 							struct adv_info, list);
3405 			__hci_req_schedule_adv_instance(req,
3406 							adv_instance->instance,
3407 							true);
3408 		}
3409 	}
3410 
3411 	link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
3412 	if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
3413 		hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE,
3414 			    sizeof(link_sec), &link_sec);
3415 
3416 	if (lmp_bredr_capable(hdev)) {
3417 		if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
3418 			__hci_req_write_fast_connectable(req, true);
3419 		else
3420 			__hci_req_write_fast_connectable(req, false);
3421 		__hci_req_update_scan(req);
3422 		__hci_req_update_class(req);
3423 		__hci_req_update_name(req);
3424 		__hci_req_update_eir(req);
3425 	}
3426 
3427 	hci_dev_unlock(hdev);
3428 	return 0;
3429 }
3430 
3431 int __hci_req_hci_power_on(struct hci_dev *hdev)
3432 {
3433 	/* Register the available SMP channels (BR/EDR and LE) only when
3434 	 * successfully powering on the controller. This late
3435 	 * registration is required so that LE SMP can clearly decide if
3436 	 * the public address or static address is used.
3437 	 */
3438 	smp_register(hdev);
3439 
3440 	return __hci_req_sync(hdev, powered_update_hci, 0, HCI_CMD_TIMEOUT,
3441 			      NULL);
3442 }
3443 
3444 void hci_request_setup(struct hci_dev *hdev)
3445 {
3446 	INIT_WORK(&hdev->discov_update, discov_update);
3447 	INIT_WORK(&hdev->bg_scan_update, bg_scan_update);
3448 	INIT_WORK(&hdev->scan_update, scan_update_work);
3449 	INIT_WORK(&hdev->connectable_update, connectable_update_work);
3450 	INIT_WORK(&hdev->discoverable_update, discoverable_update_work);
3451 	INIT_DELAYED_WORK(&hdev->discov_off, discov_off);
3452 	INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
3453 	INIT_DELAYED_WORK(&hdev->le_scan_restart, le_scan_restart_work);
3454 	INIT_DELAYED_WORK(&hdev->adv_instance_expire, adv_timeout_expire);
3455 	INIT_DELAYED_WORK(&hdev->interleave_scan, interleave_scan_work);
3456 }
3457 
3458 void hci_request_cancel_all(struct hci_dev *hdev)
3459 {
3460 	hci_req_sync_cancel(hdev, ENODEV);
3461 
3462 	cancel_work_sync(&hdev->discov_update);
3463 	cancel_work_sync(&hdev->bg_scan_update);
3464 	cancel_work_sync(&hdev->scan_update);
3465 	cancel_work_sync(&hdev->connectable_update);
3466 	cancel_work_sync(&hdev->discoverable_update);
3467 	cancel_delayed_work_sync(&hdev->discov_off);
3468 	cancel_delayed_work_sync(&hdev->le_scan_disable);
3469 	cancel_delayed_work_sync(&hdev->le_scan_restart);
3470 
3471 	if (hdev->adv_instance_timeout) {
3472 		cancel_delayed_work_sync(&hdev->adv_instance_expire);
3473 		hdev->adv_instance_timeout = 0;
3474 	}
3475 
3476 	cancel_interleave_scan(hdev);
3477 }
3478