1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2014 Intel Corporation 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 #include <net/bluetooth/bluetooth.h> 25 #include <net/bluetooth/hci_core.h> 26 #include <net/bluetooth/mgmt.h> 27 28 #include "smp.h" 29 #include "hci_request.h" 30 31 #define HCI_REQ_DONE 0 32 #define HCI_REQ_PEND 1 33 #define HCI_REQ_CANCELED 2 34 35 void hci_req_init(struct hci_request *req, struct hci_dev *hdev) 36 { 37 skb_queue_head_init(&req->cmd_q); 38 req->hdev = hdev; 39 req->err = 0; 40 } 41 42 static int req_run(struct hci_request *req, hci_req_complete_t complete, 43 hci_req_complete_skb_t complete_skb) 44 { 45 struct hci_dev *hdev = req->hdev; 46 struct sk_buff *skb; 47 unsigned long flags; 48 49 BT_DBG("length %u", skb_queue_len(&req->cmd_q)); 50 51 /* If an error occurred during request building, remove all HCI 52 * commands queued on the HCI request queue. 53 */ 54 if (req->err) { 55 skb_queue_purge(&req->cmd_q); 56 return req->err; 57 } 58 59 /* Do not allow empty requests */ 60 if (skb_queue_empty(&req->cmd_q)) 61 return -ENODATA; 62 63 skb = skb_peek_tail(&req->cmd_q); 64 if (complete) { 65 bt_cb(skb)->hci.req_complete = complete; 66 } else if (complete_skb) { 67 bt_cb(skb)->hci.req_complete_skb = complete_skb; 68 bt_cb(skb)->hci.req_flags |= HCI_REQ_SKB; 69 } 70 71 spin_lock_irqsave(&hdev->cmd_q.lock, flags); 72 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q); 73 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags); 74 75 queue_work(hdev->workqueue, &hdev->cmd_work); 76 77 return 0; 78 } 79 80 int hci_req_run(struct hci_request *req, hci_req_complete_t complete) 81 { 82 return req_run(req, complete, NULL); 83 } 84 85 int hci_req_run_skb(struct hci_request *req, hci_req_complete_skb_t complete) 86 { 87 return req_run(req, NULL, complete); 88 } 89 90 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode, 91 struct sk_buff *skb) 92 { 93 BT_DBG("%s result 0x%2.2x", hdev->name, result); 94 95 if (hdev->req_status == HCI_REQ_PEND) { 96 hdev->req_result = result; 97 hdev->req_status = HCI_REQ_DONE; 98 if (skb) 99 hdev->req_skb = skb_get(skb); 100 wake_up_interruptible(&hdev->req_wait_q); 101 } 102 } 103 104 void hci_req_sync_cancel(struct hci_dev *hdev, int err) 105 { 106 BT_DBG("%s err 0x%2.2x", hdev->name, err); 107 108 if (hdev->req_status == HCI_REQ_PEND) { 109 hdev->req_result = err; 110 hdev->req_status = HCI_REQ_CANCELED; 111 wake_up_interruptible(&hdev->req_wait_q); 112 } 113 } 114 115 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen, 116 const void *param, u8 event, u32 timeout) 117 { 118 DECLARE_WAITQUEUE(wait, current); 119 struct hci_request req; 120 struct sk_buff *skb; 121 int err = 0; 122 123 BT_DBG("%s", hdev->name); 124 125 hci_req_init(&req, hdev); 126 127 hci_req_add_ev(&req, opcode, plen, param, event); 128 129 hdev->req_status = HCI_REQ_PEND; 130 131 add_wait_queue(&hdev->req_wait_q, &wait); 132 set_current_state(TASK_INTERRUPTIBLE); 133 134 err = hci_req_run_skb(&req, hci_req_sync_complete); 135 if (err < 0) { 136 remove_wait_queue(&hdev->req_wait_q, &wait); 137 set_current_state(TASK_RUNNING); 138 return ERR_PTR(err); 139 } 140 141 schedule_timeout(timeout); 142 143 remove_wait_queue(&hdev->req_wait_q, &wait); 144 145 if (signal_pending(current)) 146 return ERR_PTR(-EINTR); 147 148 switch (hdev->req_status) { 149 case HCI_REQ_DONE: 150 err = -bt_to_errno(hdev->req_result); 151 break; 152 153 case HCI_REQ_CANCELED: 154 err = -hdev->req_result; 155 break; 156 157 default: 158 err = -ETIMEDOUT; 159 break; 160 } 161 162 hdev->req_status = hdev->req_result = 0; 163 skb = hdev->req_skb; 164 hdev->req_skb = NULL; 165 166 BT_DBG("%s end: err %d", hdev->name, err); 167 168 if (err < 0) { 169 kfree_skb(skb); 170 return ERR_PTR(err); 171 } 172 173 if (!skb) 174 return ERR_PTR(-ENODATA); 175 176 return skb; 177 } 178 EXPORT_SYMBOL(__hci_cmd_sync_ev); 179 180 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen, 181 const void *param, u32 timeout) 182 { 183 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout); 184 } 185 EXPORT_SYMBOL(__hci_cmd_sync); 186 187 /* Execute request and wait for completion. */ 188 int __hci_req_sync(struct hci_dev *hdev, int (*func)(struct hci_request *req, 189 unsigned long opt), 190 unsigned long opt, u32 timeout, u8 *hci_status) 191 { 192 struct hci_request req; 193 DECLARE_WAITQUEUE(wait, current); 194 int err = 0; 195 196 BT_DBG("%s start", hdev->name); 197 198 hci_req_init(&req, hdev); 199 200 hdev->req_status = HCI_REQ_PEND; 201 202 err = func(&req, opt); 203 if (err) { 204 if (hci_status) 205 *hci_status = HCI_ERROR_UNSPECIFIED; 206 return err; 207 } 208 209 add_wait_queue(&hdev->req_wait_q, &wait); 210 set_current_state(TASK_INTERRUPTIBLE); 211 212 err = hci_req_run_skb(&req, hci_req_sync_complete); 213 if (err < 0) { 214 hdev->req_status = 0; 215 216 remove_wait_queue(&hdev->req_wait_q, &wait); 217 set_current_state(TASK_RUNNING); 218 219 /* ENODATA means the HCI request command queue is empty. 220 * This can happen when a request with conditionals doesn't 221 * trigger any commands to be sent. This is normal behavior 222 * and should not trigger an error return. 223 */ 224 if (err == -ENODATA) { 225 if (hci_status) 226 *hci_status = 0; 227 return 0; 228 } 229 230 if (hci_status) 231 *hci_status = HCI_ERROR_UNSPECIFIED; 232 233 return err; 234 } 235 236 schedule_timeout(timeout); 237 238 remove_wait_queue(&hdev->req_wait_q, &wait); 239 240 if (signal_pending(current)) 241 return -EINTR; 242 243 switch (hdev->req_status) { 244 case HCI_REQ_DONE: 245 err = -bt_to_errno(hdev->req_result); 246 if (hci_status) 247 *hci_status = hdev->req_result; 248 break; 249 250 case HCI_REQ_CANCELED: 251 err = -hdev->req_result; 252 if (hci_status) 253 *hci_status = HCI_ERROR_UNSPECIFIED; 254 break; 255 256 default: 257 err = -ETIMEDOUT; 258 if (hci_status) 259 *hci_status = HCI_ERROR_UNSPECIFIED; 260 break; 261 } 262 263 kfree_skb(hdev->req_skb); 264 hdev->req_skb = NULL; 265 hdev->req_status = hdev->req_result = 0; 266 267 BT_DBG("%s end: err %d", hdev->name, err); 268 269 return err; 270 } 271 272 int hci_req_sync(struct hci_dev *hdev, int (*req)(struct hci_request *req, 273 unsigned long opt), 274 unsigned long opt, u32 timeout, u8 *hci_status) 275 { 276 int ret; 277 278 if (!test_bit(HCI_UP, &hdev->flags)) 279 return -ENETDOWN; 280 281 /* Serialize all requests */ 282 hci_req_sync_lock(hdev); 283 ret = __hci_req_sync(hdev, req, opt, timeout, hci_status); 284 hci_req_sync_unlock(hdev); 285 286 return ret; 287 } 288 289 struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode, u32 plen, 290 const void *param) 291 { 292 int len = HCI_COMMAND_HDR_SIZE + plen; 293 struct hci_command_hdr *hdr; 294 struct sk_buff *skb; 295 296 skb = bt_skb_alloc(len, GFP_ATOMIC); 297 if (!skb) 298 return NULL; 299 300 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE); 301 hdr->opcode = cpu_to_le16(opcode); 302 hdr->plen = plen; 303 304 if (plen) 305 memcpy(skb_put(skb, plen), param, plen); 306 307 BT_DBG("skb len %d", skb->len); 308 309 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 310 hci_skb_opcode(skb) = opcode; 311 312 return skb; 313 } 314 315 /* Queue a command to an asynchronous HCI request */ 316 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen, 317 const void *param, u8 event) 318 { 319 struct hci_dev *hdev = req->hdev; 320 struct sk_buff *skb; 321 322 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen); 323 324 /* If an error occurred during request building, there is no point in 325 * queueing the HCI command. We can simply return. 326 */ 327 if (req->err) 328 return; 329 330 skb = hci_prepare_cmd(hdev, opcode, plen, param); 331 if (!skb) { 332 BT_ERR("%s no memory for command (opcode 0x%4.4x)", 333 hdev->name, opcode); 334 req->err = -ENOMEM; 335 return; 336 } 337 338 if (skb_queue_empty(&req->cmd_q)) 339 bt_cb(skb)->hci.req_flags |= HCI_REQ_START; 340 341 bt_cb(skb)->hci.req_event = event; 342 343 skb_queue_tail(&req->cmd_q, skb); 344 } 345 346 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, 347 const void *param) 348 { 349 hci_req_add_ev(req, opcode, plen, param, 0); 350 } 351 352 void __hci_req_write_fast_connectable(struct hci_request *req, bool enable) 353 { 354 struct hci_dev *hdev = req->hdev; 355 struct hci_cp_write_page_scan_activity acp; 356 u8 type; 357 358 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 359 return; 360 361 if (hdev->hci_ver < BLUETOOTH_VER_1_2) 362 return; 363 364 if (enable) { 365 type = PAGE_SCAN_TYPE_INTERLACED; 366 367 /* 160 msec page scan interval */ 368 acp.interval = cpu_to_le16(0x0100); 369 } else { 370 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 371 372 /* default 1.28 sec page scan */ 373 acp.interval = cpu_to_le16(0x0800); 374 } 375 376 acp.window = cpu_to_le16(0x0012); 377 378 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval || 379 __cpu_to_le16(hdev->page_scan_window) != acp.window) 380 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, 381 sizeof(acp), &acp); 382 383 if (hdev->page_scan_type != type) 384 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); 385 } 386 387 /* This function controls the background scanning based on hdev->pend_le_conns 388 * list. If there are pending LE connection we start the background scanning, 389 * otherwise we stop it. 390 * 391 * This function requires the caller holds hdev->lock. 392 */ 393 static void __hci_update_background_scan(struct hci_request *req) 394 { 395 struct hci_dev *hdev = req->hdev; 396 397 if (!test_bit(HCI_UP, &hdev->flags) || 398 test_bit(HCI_INIT, &hdev->flags) || 399 hci_dev_test_flag(hdev, HCI_SETUP) || 400 hci_dev_test_flag(hdev, HCI_CONFIG) || 401 hci_dev_test_flag(hdev, HCI_AUTO_OFF) || 402 hci_dev_test_flag(hdev, HCI_UNREGISTER)) 403 return; 404 405 /* No point in doing scanning if LE support hasn't been enabled */ 406 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 407 return; 408 409 /* If discovery is active don't interfere with it */ 410 if (hdev->discovery.state != DISCOVERY_STOPPED) 411 return; 412 413 /* Reset RSSI and UUID filters when starting background scanning 414 * since these filters are meant for service discovery only. 415 * 416 * The Start Discovery and Start Service Discovery operations 417 * ensure to set proper values for RSSI threshold and UUID 418 * filter list. So it is safe to just reset them here. 419 */ 420 hci_discovery_filter_clear(hdev); 421 422 if (list_empty(&hdev->pend_le_conns) && 423 list_empty(&hdev->pend_le_reports)) { 424 /* If there is no pending LE connections or devices 425 * to be scanned for, we should stop the background 426 * scanning. 427 */ 428 429 /* If controller is not scanning we are done. */ 430 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 431 return; 432 433 hci_req_add_le_scan_disable(req); 434 435 BT_DBG("%s stopping background scanning", hdev->name); 436 } else { 437 /* If there is at least one pending LE connection, we should 438 * keep the background scan running. 439 */ 440 441 /* If controller is connecting, we should not start scanning 442 * since some controllers are not able to scan and connect at 443 * the same time. 444 */ 445 if (hci_lookup_le_connect(hdev)) 446 return; 447 448 /* If controller is currently scanning, we stop it to ensure we 449 * don't miss any advertising (due to duplicates filter). 450 */ 451 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) 452 hci_req_add_le_scan_disable(req); 453 454 hci_req_add_le_passive_scan(req); 455 456 BT_DBG("%s starting background scanning", hdev->name); 457 } 458 } 459 460 void __hci_req_update_name(struct hci_request *req) 461 { 462 struct hci_dev *hdev = req->hdev; 463 struct hci_cp_write_local_name cp; 464 465 memcpy(cp.name, hdev->dev_name, sizeof(cp.name)); 466 467 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp); 468 } 469 470 #define PNP_INFO_SVCLASS_ID 0x1200 471 472 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len) 473 { 474 u8 *ptr = data, *uuids_start = NULL; 475 struct bt_uuid *uuid; 476 477 if (len < 4) 478 return ptr; 479 480 list_for_each_entry(uuid, &hdev->uuids, list) { 481 u16 uuid16; 482 483 if (uuid->size != 16) 484 continue; 485 486 uuid16 = get_unaligned_le16(&uuid->uuid[12]); 487 if (uuid16 < 0x1100) 488 continue; 489 490 if (uuid16 == PNP_INFO_SVCLASS_ID) 491 continue; 492 493 if (!uuids_start) { 494 uuids_start = ptr; 495 uuids_start[0] = 1; 496 uuids_start[1] = EIR_UUID16_ALL; 497 ptr += 2; 498 } 499 500 /* Stop if not enough space to put next UUID */ 501 if ((ptr - data) + sizeof(u16) > len) { 502 uuids_start[1] = EIR_UUID16_SOME; 503 break; 504 } 505 506 *ptr++ = (uuid16 & 0x00ff); 507 *ptr++ = (uuid16 & 0xff00) >> 8; 508 uuids_start[0] += sizeof(uuid16); 509 } 510 511 return ptr; 512 } 513 514 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len) 515 { 516 u8 *ptr = data, *uuids_start = NULL; 517 struct bt_uuid *uuid; 518 519 if (len < 6) 520 return ptr; 521 522 list_for_each_entry(uuid, &hdev->uuids, list) { 523 if (uuid->size != 32) 524 continue; 525 526 if (!uuids_start) { 527 uuids_start = ptr; 528 uuids_start[0] = 1; 529 uuids_start[1] = EIR_UUID32_ALL; 530 ptr += 2; 531 } 532 533 /* Stop if not enough space to put next UUID */ 534 if ((ptr - data) + sizeof(u32) > len) { 535 uuids_start[1] = EIR_UUID32_SOME; 536 break; 537 } 538 539 memcpy(ptr, &uuid->uuid[12], sizeof(u32)); 540 ptr += sizeof(u32); 541 uuids_start[0] += sizeof(u32); 542 } 543 544 return ptr; 545 } 546 547 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len) 548 { 549 u8 *ptr = data, *uuids_start = NULL; 550 struct bt_uuid *uuid; 551 552 if (len < 18) 553 return ptr; 554 555 list_for_each_entry(uuid, &hdev->uuids, list) { 556 if (uuid->size != 128) 557 continue; 558 559 if (!uuids_start) { 560 uuids_start = ptr; 561 uuids_start[0] = 1; 562 uuids_start[1] = EIR_UUID128_ALL; 563 ptr += 2; 564 } 565 566 /* Stop if not enough space to put next UUID */ 567 if ((ptr - data) + 16 > len) { 568 uuids_start[1] = EIR_UUID128_SOME; 569 break; 570 } 571 572 memcpy(ptr, uuid->uuid, 16); 573 ptr += 16; 574 uuids_start[0] += 16; 575 } 576 577 return ptr; 578 } 579 580 static void create_eir(struct hci_dev *hdev, u8 *data) 581 { 582 u8 *ptr = data; 583 size_t name_len; 584 585 name_len = strlen(hdev->dev_name); 586 587 if (name_len > 0) { 588 /* EIR Data type */ 589 if (name_len > 48) { 590 name_len = 48; 591 ptr[1] = EIR_NAME_SHORT; 592 } else 593 ptr[1] = EIR_NAME_COMPLETE; 594 595 /* EIR Data length */ 596 ptr[0] = name_len + 1; 597 598 memcpy(ptr + 2, hdev->dev_name, name_len); 599 600 ptr += (name_len + 2); 601 } 602 603 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) { 604 ptr[0] = 2; 605 ptr[1] = EIR_TX_POWER; 606 ptr[2] = (u8) hdev->inq_tx_power; 607 608 ptr += 3; 609 } 610 611 if (hdev->devid_source > 0) { 612 ptr[0] = 9; 613 ptr[1] = EIR_DEVICE_ID; 614 615 put_unaligned_le16(hdev->devid_source, ptr + 2); 616 put_unaligned_le16(hdev->devid_vendor, ptr + 4); 617 put_unaligned_le16(hdev->devid_product, ptr + 6); 618 put_unaligned_le16(hdev->devid_version, ptr + 8); 619 620 ptr += 10; 621 } 622 623 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data)); 624 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data)); 625 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data)); 626 } 627 628 void __hci_req_update_eir(struct hci_request *req) 629 { 630 struct hci_dev *hdev = req->hdev; 631 struct hci_cp_write_eir cp; 632 633 if (!hdev_is_powered(hdev)) 634 return; 635 636 if (!lmp_ext_inq_capable(hdev)) 637 return; 638 639 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 640 return; 641 642 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE)) 643 return; 644 645 memset(&cp, 0, sizeof(cp)); 646 647 create_eir(hdev, cp.data); 648 649 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0) 650 return; 651 652 memcpy(hdev->eir, cp.data, sizeof(cp.data)); 653 654 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 655 } 656 657 void hci_req_add_le_scan_disable(struct hci_request *req) 658 { 659 struct hci_cp_le_set_scan_enable cp; 660 661 memset(&cp, 0, sizeof(cp)); 662 cp.enable = LE_SCAN_DISABLE; 663 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 664 } 665 666 static void add_to_white_list(struct hci_request *req, 667 struct hci_conn_params *params) 668 { 669 struct hci_cp_le_add_to_white_list cp; 670 671 cp.bdaddr_type = params->addr_type; 672 bacpy(&cp.bdaddr, ¶ms->addr); 673 674 hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp); 675 } 676 677 static u8 update_white_list(struct hci_request *req) 678 { 679 struct hci_dev *hdev = req->hdev; 680 struct hci_conn_params *params; 681 struct bdaddr_list *b; 682 uint8_t white_list_entries = 0; 683 684 /* Go through the current white list programmed into the 685 * controller one by one and check if that address is still 686 * in the list of pending connections or list of devices to 687 * report. If not present in either list, then queue the 688 * command to remove it from the controller. 689 */ 690 list_for_each_entry(b, &hdev->le_white_list, list) { 691 /* If the device is neither in pend_le_conns nor 692 * pend_le_reports then remove it from the whitelist. 693 */ 694 if (!hci_pend_le_action_lookup(&hdev->pend_le_conns, 695 &b->bdaddr, b->bdaddr_type) && 696 !hci_pend_le_action_lookup(&hdev->pend_le_reports, 697 &b->bdaddr, b->bdaddr_type)) { 698 struct hci_cp_le_del_from_white_list cp; 699 700 cp.bdaddr_type = b->bdaddr_type; 701 bacpy(&cp.bdaddr, &b->bdaddr); 702 703 hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST, 704 sizeof(cp), &cp); 705 continue; 706 } 707 708 if (hci_find_irk_by_addr(hdev, &b->bdaddr, b->bdaddr_type)) { 709 /* White list can not be used with RPAs */ 710 return 0x00; 711 } 712 713 white_list_entries++; 714 } 715 716 /* Since all no longer valid white list entries have been 717 * removed, walk through the list of pending connections 718 * and ensure that any new device gets programmed into 719 * the controller. 720 * 721 * If the list of the devices is larger than the list of 722 * available white list entries in the controller, then 723 * just abort and return filer policy value to not use the 724 * white list. 725 */ 726 list_for_each_entry(params, &hdev->pend_le_conns, action) { 727 if (hci_bdaddr_list_lookup(&hdev->le_white_list, 728 ¶ms->addr, params->addr_type)) 729 continue; 730 731 if (white_list_entries >= hdev->le_white_list_size) { 732 /* Select filter policy to accept all advertising */ 733 return 0x00; 734 } 735 736 if (hci_find_irk_by_addr(hdev, ¶ms->addr, 737 params->addr_type)) { 738 /* White list can not be used with RPAs */ 739 return 0x00; 740 } 741 742 white_list_entries++; 743 add_to_white_list(req, params); 744 } 745 746 /* After adding all new pending connections, walk through 747 * the list of pending reports and also add these to the 748 * white list if there is still space. 749 */ 750 list_for_each_entry(params, &hdev->pend_le_reports, action) { 751 if (hci_bdaddr_list_lookup(&hdev->le_white_list, 752 ¶ms->addr, params->addr_type)) 753 continue; 754 755 if (white_list_entries >= hdev->le_white_list_size) { 756 /* Select filter policy to accept all advertising */ 757 return 0x00; 758 } 759 760 if (hci_find_irk_by_addr(hdev, ¶ms->addr, 761 params->addr_type)) { 762 /* White list can not be used with RPAs */ 763 return 0x00; 764 } 765 766 white_list_entries++; 767 add_to_white_list(req, params); 768 } 769 770 /* Select filter policy to use white list */ 771 return 0x01; 772 } 773 774 static bool scan_use_rpa(struct hci_dev *hdev) 775 { 776 return hci_dev_test_flag(hdev, HCI_PRIVACY); 777 } 778 779 void hci_req_add_le_passive_scan(struct hci_request *req) 780 { 781 struct hci_cp_le_set_scan_param param_cp; 782 struct hci_cp_le_set_scan_enable enable_cp; 783 struct hci_dev *hdev = req->hdev; 784 u8 own_addr_type; 785 u8 filter_policy; 786 787 /* Set require_privacy to false since no SCAN_REQ are send 788 * during passive scanning. Not using an non-resolvable address 789 * here is important so that peer devices using direct 790 * advertising with our address will be correctly reported 791 * by the controller. 792 */ 793 if (hci_update_random_address(req, false, scan_use_rpa(hdev), 794 &own_addr_type)) 795 return; 796 797 /* Adding or removing entries from the white list must 798 * happen before enabling scanning. The controller does 799 * not allow white list modification while scanning. 800 */ 801 filter_policy = update_white_list(req); 802 803 /* When the controller is using random resolvable addresses and 804 * with that having LE privacy enabled, then controllers with 805 * Extended Scanner Filter Policies support can now enable support 806 * for handling directed advertising. 807 * 808 * So instead of using filter polices 0x00 (no whitelist) 809 * and 0x01 (whitelist enabled) use the new filter policies 810 * 0x02 (no whitelist) and 0x03 (whitelist enabled). 811 */ 812 if (hci_dev_test_flag(hdev, HCI_PRIVACY) && 813 (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)) 814 filter_policy |= 0x02; 815 816 memset(¶m_cp, 0, sizeof(param_cp)); 817 param_cp.type = LE_SCAN_PASSIVE; 818 param_cp.interval = cpu_to_le16(hdev->le_scan_interval); 819 param_cp.window = cpu_to_le16(hdev->le_scan_window); 820 param_cp.own_address_type = own_addr_type; 821 param_cp.filter_policy = filter_policy; 822 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp), 823 ¶m_cp); 824 825 memset(&enable_cp, 0, sizeof(enable_cp)); 826 enable_cp.enable = LE_SCAN_ENABLE; 827 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE; 828 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp), 829 &enable_cp); 830 } 831 832 static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev) 833 { 834 u8 instance = hdev->cur_adv_instance; 835 struct adv_info *adv_instance; 836 837 /* Ignore instance 0 */ 838 if (instance == 0x00) 839 return 0; 840 841 adv_instance = hci_find_adv_instance(hdev, instance); 842 if (!adv_instance) 843 return 0; 844 845 /* TODO: Take into account the "appearance" and "local-name" flags here. 846 * These are currently being ignored as they are not supported. 847 */ 848 return adv_instance->scan_rsp_len; 849 } 850 851 void __hci_req_disable_advertising(struct hci_request *req) 852 { 853 u8 enable = 0x00; 854 855 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable); 856 } 857 858 static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance) 859 { 860 u32 flags; 861 struct adv_info *adv_instance; 862 863 if (instance == 0x00) { 864 /* Instance 0 always manages the "Tx Power" and "Flags" 865 * fields 866 */ 867 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS; 868 869 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting 870 * corresponds to the "connectable" instance flag. 871 */ 872 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) 873 flags |= MGMT_ADV_FLAG_CONNECTABLE; 874 875 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 876 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV; 877 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 878 flags |= MGMT_ADV_FLAG_DISCOV; 879 880 return flags; 881 } 882 883 adv_instance = hci_find_adv_instance(hdev, instance); 884 885 /* Return 0 when we got an invalid instance identifier. */ 886 if (!adv_instance) 887 return 0; 888 889 return adv_instance->flags; 890 } 891 892 static bool adv_use_rpa(struct hci_dev *hdev, uint32_t flags) 893 { 894 /* If privacy is not enabled don't use RPA */ 895 if (!hci_dev_test_flag(hdev, HCI_PRIVACY)) 896 return false; 897 898 /* If basic privacy mode is enabled use RPA */ 899 if (!hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) 900 return true; 901 902 /* If limited privacy mode is enabled don't use RPA if we're 903 * both discoverable and bondable. 904 */ 905 if ((flags & MGMT_ADV_FLAG_DISCOV) && 906 hci_dev_test_flag(hdev, HCI_BONDABLE)) 907 return false; 908 909 /* We're neither bondable nor discoverable in the limited 910 * privacy mode, therefore use RPA. 911 */ 912 return true; 913 } 914 915 void __hci_req_enable_advertising(struct hci_request *req) 916 { 917 struct hci_dev *hdev = req->hdev; 918 struct hci_cp_le_set_adv_param cp; 919 u8 own_addr_type, enable = 0x01; 920 bool connectable; 921 u32 flags; 922 923 if (hci_conn_num(hdev, LE_LINK) > 0) 924 return; 925 926 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 927 __hci_req_disable_advertising(req); 928 929 /* Clear the HCI_LE_ADV bit temporarily so that the 930 * hci_update_random_address knows that it's safe to go ahead 931 * and write a new random address. The flag will be set back on 932 * as soon as the SET_ADV_ENABLE HCI command completes. 933 */ 934 hci_dev_clear_flag(hdev, HCI_LE_ADV); 935 936 flags = get_adv_instance_flags(hdev, hdev->cur_adv_instance); 937 938 /* If the "connectable" instance flag was not set, then choose between 939 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting. 940 */ 941 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) || 942 mgmt_get_connectable(hdev); 943 944 /* Set require_privacy to true only when non-connectable 945 * advertising is used. In that case it is fine to use a 946 * non-resolvable private address. 947 */ 948 if (hci_update_random_address(req, !connectable, 949 adv_use_rpa(hdev, flags), 950 &own_addr_type) < 0) 951 return; 952 953 memset(&cp, 0, sizeof(cp)); 954 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval); 955 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval); 956 957 if (connectable) 958 cp.type = LE_ADV_IND; 959 else if (get_cur_adv_instance_scan_rsp_len(hdev)) 960 cp.type = LE_ADV_SCAN_IND; 961 else 962 cp.type = LE_ADV_NONCONN_IND; 963 964 cp.own_address_type = own_addr_type; 965 cp.channel_map = hdev->le_adv_channel_map; 966 967 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp); 968 969 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable); 970 } 971 972 u8 append_local_name(struct hci_dev *hdev, u8 *ptr, u8 ad_len) 973 { 974 size_t short_len; 975 size_t complete_len; 976 977 /* no space left for name (+ NULL + type + len) */ 978 if ((HCI_MAX_AD_LENGTH - ad_len) < HCI_MAX_SHORT_NAME_LENGTH + 3) 979 return ad_len; 980 981 /* use complete name if present and fits */ 982 complete_len = strlen(hdev->dev_name); 983 if (complete_len && complete_len <= HCI_MAX_SHORT_NAME_LENGTH) 984 return eir_append_data(ptr, ad_len, EIR_NAME_COMPLETE, 985 hdev->dev_name, complete_len + 1); 986 987 /* use short name if present */ 988 short_len = strlen(hdev->short_name); 989 if (short_len) 990 return eir_append_data(ptr, ad_len, EIR_NAME_SHORT, 991 hdev->short_name, short_len + 1); 992 993 /* use shortened full name if present, we already know that name 994 * is longer then HCI_MAX_SHORT_NAME_LENGTH 995 */ 996 if (complete_len) { 997 u8 name[HCI_MAX_SHORT_NAME_LENGTH + 1]; 998 999 memcpy(name, hdev->dev_name, HCI_MAX_SHORT_NAME_LENGTH); 1000 name[HCI_MAX_SHORT_NAME_LENGTH] = '\0'; 1001 1002 return eir_append_data(ptr, ad_len, EIR_NAME_SHORT, name, 1003 sizeof(name)); 1004 } 1005 1006 return ad_len; 1007 } 1008 1009 static u8 append_appearance(struct hci_dev *hdev, u8 *ptr, u8 ad_len) 1010 { 1011 return eir_append_le16(ptr, ad_len, EIR_APPEARANCE, hdev->appearance); 1012 } 1013 1014 static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr) 1015 { 1016 u8 scan_rsp_len = 0; 1017 1018 if (hdev->appearance) { 1019 scan_rsp_len = append_appearance(hdev, ptr, scan_rsp_len); 1020 } 1021 1022 return append_local_name(hdev, ptr, scan_rsp_len); 1023 } 1024 1025 static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance, 1026 u8 *ptr) 1027 { 1028 struct adv_info *adv_instance; 1029 u32 instance_flags; 1030 u8 scan_rsp_len = 0; 1031 1032 adv_instance = hci_find_adv_instance(hdev, instance); 1033 if (!adv_instance) 1034 return 0; 1035 1036 instance_flags = adv_instance->flags; 1037 1038 if ((instance_flags & MGMT_ADV_FLAG_APPEARANCE) && hdev->appearance) { 1039 scan_rsp_len = append_appearance(hdev, ptr, scan_rsp_len); 1040 } 1041 1042 memcpy(&ptr[scan_rsp_len], adv_instance->scan_rsp_data, 1043 adv_instance->scan_rsp_len); 1044 1045 scan_rsp_len += adv_instance->scan_rsp_len; 1046 1047 if (instance_flags & MGMT_ADV_FLAG_LOCAL_NAME) 1048 scan_rsp_len = append_local_name(hdev, ptr, scan_rsp_len); 1049 1050 return scan_rsp_len; 1051 } 1052 1053 void __hci_req_update_scan_rsp_data(struct hci_request *req, u8 instance) 1054 { 1055 struct hci_dev *hdev = req->hdev; 1056 struct hci_cp_le_set_scan_rsp_data cp; 1057 u8 len; 1058 1059 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1060 return; 1061 1062 memset(&cp, 0, sizeof(cp)); 1063 1064 if (instance) 1065 len = create_instance_scan_rsp_data(hdev, instance, cp.data); 1066 else 1067 len = create_default_scan_rsp_data(hdev, cp.data); 1068 1069 if (hdev->scan_rsp_data_len == len && 1070 !memcmp(cp.data, hdev->scan_rsp_data, len)) 1071 return; 1072 1073 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data)); 1074 hdev->scan_rsp_data_len = len; 1075 1076 cp.length = len; 1077 1078 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp); 1079 } 1080 1081 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr) 1082 { 1083 struct adv_info *adv_instance = NULL; 1084 u8 ad_len = 0, flags = 0; 1085 u32 instance_flags; 1086 1087 /* Return 0 when the current instance identifier is invalid. */ 1088 if (instance) { 1089 adv_instance = hci_find_adv_instance(hdev, instance); 1090 if (!adv_instance) 1091 return 0; 1092 } 1093 1094 instance_flags = get_adv_instance_flags(hdev, instance); 1095 1096 /* The Add Advertising command allows userspace to set both the general 1097 * and limited discoverable flags. 1098 */ 1099 if (instance_flags & MGMT_ADV_FLAG_DISCOV) 1100 flags |= LE_AD_GENERAL; 1101 1102 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV) 1103 flags |= LE_AD_LIMITED; 1104 1105 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1106 flags |= LE_AD_NO_BREDR; 1107 1108 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) { 1109 /* If a discovery flag wasn't provided, simply use the global 1110 * settings. 1111 */ 1112 if (!flags) 1113 flags |= mgmt_get_adv_discov_flags(hdev); 1114 1115 /* If flags would still be empty, then there is no need to 1116 * include the "Flags" AD field". 1117 */ 1118 if (flags) { 1119 ptr[0] = 0x02; 1120 ptr[1] = EIR_FLAGS; 1121 ptr[2] = flags; 1122 1123 ad_len += 3; 1124 ptr += 3; 1125 } 1126 } 1127 1128 if (adv_instance) { 1129 memcpy(ptr, adv_instance->adv_data, 1130 adv_instance->adv_data_len); 1131 ad_len += adv_instance->adv_data_len; 1132 ptr += adv_instance->adv_data_len; 1133 } 1134 1135 /* Provide Tx Power only if we can provide a valid value for it */ 1136 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID && 1137 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) { 1138 ptr[0] = 0x02; 1139 ptr[1] = EIR_TX_POWER; 1140 ptr[2] = (u8)hdev->adv_tx_power; 1141 1142 ad_len += 3; 1143 ptr += 3; 1144 } 1145 1146 return ad_len; 1147 } 1148 1149 void __hci_req_update_adv_data(struct hci_request *req, u8 instance) 1150 { 1151 struct hci_dev *hdev = req->hdev; 1152 struct hci_cp_le_set_adv_data cp; 1153 u8 len; 1154 1155 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1156 return; 1157 1158 memset(&cp, 0, sizeof(cp)); 1159 1160 len = create_instance_adv_data(hdev, instance, cp.data); 1161 1162 /* There's nothing to do if the data hasn't changed */ 1163 if (hdev->adv_data_len == len && 1164 memcmp(cp.data, hdev->adv_data, len) == 0) 1165 return; 1166 1167 memcpy(hdev->adv_data, cp.data, sizeof(cp.data)); 1168 hdev->adv_data_len = len; 1169 1170 cp.length = len; 1171 1172 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp); 1173 } 1174 1175 int hci_req_update_adv_data(struct hci_dev *hdev, u8 instance) 1176 { 1177 struct hci_request req; 1178 1179 hci_req_init(&req, hdev); 1180 __hci_req_update_adv_data(&req, instance); 1181 1182 return hci_req_run(&req, NULL); 1183 } 1184 1185 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1186 { 1187 BT_DBG("%s status %u", hdev->name, status); 1188 } 1189 1190 void hci_req_reenable_advertising(struct hci_dev *hdev) 1191 { 1192 struct hci_request req; 1193 1194 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) && 1195 list_empty(&hdev->adv_instances)) 1196 return; 1197 1198 hci_req_init(&req, hdev); 1199 1200 if (hdev->cur_adv_instance) { 1201 __hci_req_schedule_adv_instance(&req, hdev->cur_adv_instance, 1202 true); 1203 } else { 1204 __hci_req_update_adv_data(&req, 0x00); 1205 __hci_req_update_scan_rsp_data(&req, 0x00); 1206 __hci_req_enable_advertising(&req); 1207 } 1208 1209 hci_req_run(&req, adv_enable_complete); 1210 } 1211 1212 static void adv_timeout_expire(struct work_struct *work) 1213 { 1214 struct hci_dev *hdev = container_of(work, struct hci_dev, 1215 adv_instance_expire.work); 1216 1217 struct hci_request req; 1218 u8 instance; 1219 1220 BT_DBG("%s", hdev->name); 1221 1222 hci_dev_lock(hdev); 1223 1224 hdev->adv_instance_timeout = 0; 1225 1226 instance = hdev->cur_adv_instance; 1227 if (instance == 0x00) 1228 goto unlock; 1229 1230 hci_req_init(&req, hdev); 1231 1232 hci_req_clear_adv_instance(hdev, NULL, &req, instance, false); 1233 1234 if (list_empty(&hdev->adv_instances)) 1235 __hci_req_disable_advertising(&req); 1236 1237 hci_req_run(&req, NULL); 1238 1239 unlock: 1240 hci_dev_unlock(hdev); 1241 } 1242 1243 int __hci_req_schedule_adv_instance(struct hci_request *req, u8 instance, 1244 bool force) 1245 { 1246 struct hci_dev *hdev = req->hdev; 1247 struct adv_info *adv_instance = NULL; 1248 u16 timeout; 1249 1250 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 1251 list_empty(&hdev->adv_instances)) 1252 return -EPERM; 1253 1254 if (hdev->adv_instance_timeout) 1255 return -EBUSY; 1256 1257 adv_instance = hci_find_adv_instance(hdev, instance); 1258 if (!adv_instance) 1259 return -ENOENT; 1260 1261 /* A zero timeout means unlimited advertising. As long as there is 1262 * only one instance, duration should be ignored. We still set a timeout 1263 * in case further instances are being added later on. 1264 * 1265 * If the remaining lifetime of the instance is more than the duration 1266 * then the timeout corresponds to the duration, otherwise it will be 1267 * reduced to the remaining instance lifetime. 1268 */ 1269 if (adv_instance->timeout == 0 || 1270 adv_instance->duration <= adv_instance->remaining_time) 1271 timeout = adv_instance->duration; 1272 else 1273 timeout = adv_instance->remaining_time; 1274 1275 /* The remaining time is being reduced unless the instance is being 1276 * advertised without time limit. 1277 */ 1278 if (adv_instance->timeout) 1279 adv_instance->remaining_time = 1280 adv_instance->remaining_time - timeout; 1281 1282 hdev->adv_instance_timeout = timeout; 1283 queue_delayed_work(hdev->req_workqueue, 1284 &hdev->adv_instance_expire, 1285 msecs_to_jiffies(timeout * 1000)); 1286 1287 /* If we're just re-scheduling the same instance again then do not 1288 * execute any HCI commands. This happens when a single instance is 1289 * being advertised. 1290 */ 1291 if (!force && hdev->cur_adv_instance == instance && 1292 hci_dev_test_flag(hdev, HCI_LE_ADV)) 1293 return 0; 1294 1295 hdev->cur_adv_instance = instance; 1296 __hci_req_update_adv_data(req, instance); 1297 __hci_req_update_scan_rsp_data(req, instance); 1298 __hci_req_enable_advertising(req); 1299 1300 return 0; 1301 } 1302 1303 static void cancel_adv_timeout(struct hci_dev *hdev) 1304 { 1305 if (hdev->adv_instance_timeout) { 1306 hdev->adv_instance_timeout = 0; 1307 cancel_delayed_work(&hdev->adv_instance_expire); 1308 } 1309 } 1310 1311 /* For a single instance: 1312 * - force == true: The instance will be removed even when its remaining 1313 * lifetime is not zero. 1314 * - force == false: the instance will be deactivated but kept stored unless 1315 * the remaining lifetime is zero. 1316 * 1317 * For instance == 0x00: 1318 * - force == true: All instances will be removed regardless of their timeout 1319 * setting. 1320 * - force == false: Only instances that have a timeout will be removed. 1321 */ 1322 void hci_req_clear_adv_instance(struct hci_dev *hdev, struct sock *sk, 1323 struct hci_request *req, u8 instance, 1324 bool force) 1325 { 1326 struct adv_info *adv_instance, *n, *next_instance = NULL; 1327 int err; 1328 u8 rem_inst; 1329 1330 /* Cancel any timeout concerning the removed instance(s). */ 1331 if (!instance || hdev->cur_adv_instance == instance) 1332 cancel_adv_timeout(hdev); 1333 1334 /* Get the next instance to advertise BEFORE we remove 1335 * the current one. This can be the same instance again 1336 * if there is only one instance. 1337 */ 1338 if (instance && hdev->cur_adv_instance == instance) 1339 next_instance = hci_get_next_instance(hdev, instance); 1340 1341 if (instance == 0x00) { 1342 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, 1343 list) { 1344 if (!(force || adv_instance->timeout)) 1345 continue; 1346 1347 rem_inst = adv_instance->instance; 1348 err = hci_remove_adv_instance(hdev, rem_inst); 1349 if (!err) 1350 mgmt_advertising_removed(sk, hdev, rem_inst); 1351 } 1352 } else { 1353 adv_instance = hci_find_adv_instance(hdev, instance); 1354 1355 if (force || (adv_instance && adv_instance->timeout && 1356 !adv_instance->remaining_time)) { 1357 /* Don't advertise a removed instance. */ 1358 if (next_instance && 1359 next_instance->instance == instance) 1360 next_instance = NULL; 1361 1362 err = hci_remove_adv_instance(hdev, instance); 1363 if (!err) 1364 mgmt_advertising_removed(sk, hdev, instance); 1365 } 1366 } 1367 1368 if (!req || !hdev_is_powered(hdev) || 1369 hci_dev_test_flag(hdev, HCI_ADVERTISING)) 1370 return; 1371 1372 if (next_instance) 1373 __hci_req_schedule_adv_instance(req, next_instance->instance, 1374 false); 1375 } 1376 1377 static void set_random_addr(struct hci_request *req, bdaddr_t *rpa) 1378 { 1379 struct hci_dev *hdev = req->hdev; 1380 1381 /* If we're advertising or initiating an LE connection we can't 1382 * go ahead and change the random address at this time. This is 1383 * because the eventual initiator address used for the 1384 * subsequently created connection will be undefined (some 1385 * controllers use the new address and others the one we had 1386 * when the operation started). 1387 * 1388 * In this kind of scenario skip the update and let the random 1389 * address be updated at the next cycle. 1390 */ 1391 if (hci_dev_test_flag(hdev, HCI_LE_ADV) || 1392 hci_lookup_le_connect(hdev)) { 1393 BT_DBG("Deferring random address update"); 1394 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 1395 return; 1396 } 1397 1398 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa); 1399 } 1400 1401 int hci_update_random_address(struct hci_request *req, bool require_privacy, 1402 bool use_rpa, u8 *own_addr_type) 1403 { 1404 struct hci_dev *hdev = req->hdev; 1405 int err; 1406 1407 /* If privacy is enabled use a resolvable private address. If 1408 * current RPA has expired or there is something else than 1409 * the current RPA in use, then generate a new one. 1410 */ 1411 if (use_rpa) { 1412 int to; 1413 1414 *own_addr_type = ADDR_LE_DEV_RANDOM; 1415 1416 if (!hci_dev_test_and_clear_flag(hdev, HCI_RPA_EXPIRED) && 1417 !bacmp(&hdev->random_addr, &hdev->rpa)) 1418 return 0; 1419 1420 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa); 1421 if (err < 0) { 1422 BT_ERR("%s failed to generate new RPA", hdev->name); 1423 return err; 1424 } 1425 1426 set_random_addr(req, &hdev->rpa); 1427 1428 to = msecs_to_jiffies(hdev->rpa_timeout * 1000); 1429 queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to); 1430 1431 return 0; 1432 } 1433 1434 /* In case of required privacy without resolvable private address, 1435 * use an non-resolvable private address. This is useful for active 1436 * scanning and non-connectable advertising. 1437 */ 1438 if (require_privacy) { 1439 bdaddr_t nrpa; 1440 1441 while (true) { 1442 /* The non-resolvable private address is generated 1443 * from random six bytes with the two most significant 1444 * bits cleared. 1445 */ 1446 get_random_bytes(&nrpa, 6); 1447 nrpa.b[5] &= 0x3f; 1448 1449 /* The non-resolvable private address shall not be 1450 * equal to the public address. 1451 */ 1452 if (bacmp(&hdev->bdaddr, &nrpa)) 1453 break; 1454 } 1455 1456 *own_addr_type = ADDR_LE_DEV_RANDOM; 1457 set_random_addr(req, &nrpa); 1458 return 0; 1459 } 1460 1461 /* If forcing static address is in use or there is no public 1462 * address use the static address as random address (but skip 1463 * the HCI command if the current random address is already the 1464 * static one. 1465 * 1466 * In case BR/EDR has been disabled on a dual-mode controller 1467 * and a static address has been configured, then use that 1468 * address instead of the public BR/EDR address. 1469 */ 1470 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 1471 !bacmp(&hdev->bdaddr, BDADDR_ANY) || 1472 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 1473 bacmp(&hdev->static_addr, BDADDR_ANY))) { 1474 *own_addr_type = ADDR_LE_DEV_RANDOM; 1475 if (bacmp(&hdev->static_addr, &hdev->random_addr)) 1476 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, 1477 &hdev->static_addr); 1478 return 0; 1479 } 1480 1481 /* Neither privacy nor static address is being used so use a 1482 * public address. 1483 */ 1484 *own_addr_type = ADDR_LE_DEV_PUBLIC; 1485 1486 return 0; 1487 } 1488 1489 static bool disconnected_whitelist_entries(struct hci_dev *hdev) 1490 { 1491 struct bdaddr_list *b; 1492 1493 list_for_each_entry(b, &hdev->whitelist, list) { 1494 struct hci_conn *conn; 1495 1496 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr); 1497 if (!conn) 1498 return true; 1499 1500 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG) 1501 return true; 1502 } 1503 1504 return false; 1505 } 1506 1507 void __hci_req_update_scan(struct hci_request *req) 1508 { 1509 struct hci_dev *hdev = req->hdev; 1510 u8 scan; 1511 1512 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1513 return; 1514 1515 if (!hdev_is_powered(hdev)) 1516 return; 1517 1518 if (mgmt_powering_down(hdev)) 1519 return; 1520 1521 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE) || 1522 disconnected_whitelist_entries(hdev)) 1523 scan = SCAN_PAGE; 1524 else 1525 scan = SCAN_DISABLED; 1526 1527 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 1528 scan |= SCAN_INQUIRY; 1529 1530 if (test_bit(HCI_PSCAN, &hdev->flags) == !!(scan & SCAN_PAGE) && 1531 test_bit(HCI_ISCAN, &hdev->flags) == !!(scan & SCAN_INQUIRY)) 1532 return; 1533 1534 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1535 } 1536 1537 static int update_scan(struct hci_request *req, unsigned long opt) 1538 { 1539 hci_dev_lock(req->hdev); 1540 __hci_req_update_scan(req); 1541 hci_dev_unlock(req->hdev); 1542 return 0; 1543 } 1544 1545 static void scan_update_work(struct work_struct *work) 1546 { 1547 struct hci_dev *hdev = container_of(work, struct hci_dev, scan_update); 1548 1549 hci_req_sync(hdev, update_scan, 0, HCI_CMD_TIMEOUT, NULL); 1550 } 1551 1552 static int connectable_update(struct hci_request *req, unsigned long opt) 1553 { 1554 struct hci_dev *hdev = req->hdev; 1555 1556 hci_dev_lock(hdev); 1557 1558 __hci_req_update_scan(req); 1559 1560 /* If BR/EDR is not enabled and we disable advertising as a 1561 * by-product of disabling connectable, we need to update the 1562 * advertising flags. 1563 */ 1564 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1565 __hci_req_update_adv_data(req, hdev->cur_adv_instance); 1566 1567 /* Update the advertising parameters if necessary */ 1568 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 1569 !list_empty(&hdev->adv_instances)) 1570 __hci_req_enable_advertising(req); 1571 1572 __hci_update_background_scan(req); 1573 1574 hci_dev_unlock(hdev); 1575 1576 return 0; 1577 } 1578 1579 static void connectable_update_work(struct work_struct *work) 1580 { 1581 struct hci_dev *hdev = container_of(work, struct hci_dev, 1582 connectable_update); 1583 u8 status; 1584 1585 hci_req_sync(hdev, connectable_update, 0, HCI_CMD_TIMEOUT, &status); 1586 mgmt_set_connectable_complete(hdev, status); 1587 } 1588 1589 static u8 get_service_classes(struct hci_dev *hdev) 1590 { 1591 struct bt_uuid *uuid; 1592 u8 val = 0; 1593 1594 list_for_each_entry(uuid, &hdev->uuids, list) 1595 val |= uuid->svc_hint; 1596 1597 return val; 1598 } 1599 1600 void __hci_req_update_class(struct hci_request *req) 1601 { 1602 struct hci_dev *hdev = req->hdev; 1603 u8 cod[3]; 1604 1605 BT_DBG("%s", hdev->name); 1606 1607 if (!hdev_is_powered(hdev)) 1608 return; 1609 1610 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1611 return; 1612 1613 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE)) 1614 return; 1615 1616 cod[0] = hdev->minor_class; 1617 cod[1] = hdev->major_class; 1618 cod[2] = get_service_classes(hdev); 1619 1620 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 1621 cod[1] |= 0x20; 1622 1623 if (memcmp(cod, hdev->dev_class, 3) == 0) 1624 return; 1625 1626 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); 1627 } 1628 1629 static void write_iac(struct hci_request *req) 1630 { 1631 struct hci_dev *hdev = req->hdev; 1632 struct hci_cp_write_current_iac_lap cp; 1633 1634 if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 1635 return; 1636 1637 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) { 1638 /* Limited discoverable mode */ 1639 cp.num_iac = min_t(u8, hdev->num_iac, 2); 1640 cp.iac_lap[0] = 0x00; /* LIAC */ 1641 cp.iac_lap[1] = 0x8b; 1642 cp.iac_lap[2] = 0x9e; 1643 cp.iac_lap[3] = 0x33; /* GIAC */ 1644 cp.iac_lap[4] = 0x8b; 1645 cp.iac_lap[5] = 0x9e; 1646 } else { 1647 /* General discoverable mode */ 1648 cp.num_iac = 1; 1649 cp.iac_lap[0] = 0x33; /* GIAC */ 1650 cp.iac_lap[1] = 0x8b; 1651 cp.iac_lap[2] = 0x9e; 1652 } 1653 1654 hci_req_add(req, HCI_OP_WRITE_CURRENT_IAC_LAP, 1655 (cp.num_iac * 3) + 1, &cp); 1656 } 1657 1658 static int discoverable_update(struct hci_request *req, unsigned long opt) 1659 { 1660 struct hci_dev *hdev = req->hdev; 1661 1662 hci_dev_lock(hdev); 1663 1664 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 1665 write_iac(req); 1666 __hci_req_update_scan(req); 1667 __hci_req_update_class(req); 1668 } 1669 1670 /* Advertising instances don't use the global discoverable setting, so 1671 * only update AD if advertising was enabled using Set Advertising. 1672 */ 1673 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 1674 __hci_req_update_adv_data(req, 0x00); 1675 1676 /* Discoverable mode affects the local advertising 1677 * address in limited privacy mode. 1678 */ 1679 if (hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) 1680 __hci_req_enable_advertising(req); 1681 } 1682 1683 hci_dev_unlock(hdev); 1684 1685 return 0; 1686 } 1687 1688 static void discoverable_update_work(struct work_struct *work) 1689 { 1690 struct hci_dev *hdev = container_of(work, struct hci_dev, 1691 discoverable_update); 1692 u8 status; 1693 1694 hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, &status); 1695 mgmt_set_discoverable_complete(hdev, status); 1696 } 1697 1698 void __hci_abort_conn(struct hci_request *req, struct hci_conn *conn, 1699 u8 reason) 1700 { 1701 switch (conn->state) { 1702 case BT_CONNECTED: 1703 case BT_CONFIG: 1704 if (conn->type == AMP_LINK) { 1705 struct hci_cp_disconn_phy_link cp; 1706 1707 cp.phy_handle = HCI_PHY_HANDLE(conn->handle); 1708 cp.reason = reason; 1709 hci_req_add(req, HCI_OP_DISCONN_PHY_LINK, sizeof(cp), 1710 &cp); 1711 } else { 1712 struct hci_cp_disconnect dc; 1713 1714 dc.handle = cpu_to_le16(conn->handle); 1715 dc.reason = reason; 1716 hci_req_add(req, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1717 } 1718 1719 conn->state = BT_DISCONN; 1720 1721 break; 1722 case BT_CONNECT: 1723 if (conn->type == LE_LINK) { 1724 if (test_bit(HCI_CONN_SCANNING, &conn->flags)) 1725 break; 1726 hci_req_add(req, HCI_OP_LE_CREATE_CONN_CANCEL, 1727 0, NULL); 1728 } else if (conn->type == ACL_LINK) { 1729 if (req->hdev->hci_ver < BLUETOOTH_VER_1_2) 1730 break; 1731 hci_req_add(req, HCI_OP_CREATE_CONN_CANCEL, 1732 6, &conn->dst); 1733 } 1734 break; 1735 case BT_CONNECT2: 1736 if (conn->type == ACL_LINK) { 1737 struct hci_cp_reject_conn_req rej; 1738 1739 bacpy(&rej.bdaddr, &conn->dst); 1740 rej.reason = reason; 1741 1742 hci_req_add(req, HCI_OP_REJECT_CONN_REQ, 1743 sizeof(rej), &rej); 1744 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) { 1745 struct hci_cp_reject_sync_conn_req rej; 1746 1747 bacpy(&rej.bdaddr, &conn->dst); 1748 1749 /* SCO rejection has its own limited set of 1750 * allowed error values (0x0D-0x0F) which isn't 1751 * compatible with most values passed to this 1752 * function. To be safe hard-code one of the 1753 * values that's suitable for SCO. 1754 */ 1755 rej.reason = HCI_ERROR_REJ_LIMITED_RESOURCES; 1756 1757 hci_req_add(req, HCI_OP_REJECT_SYNC_CONN_REQ, 1758 sizeof(rej), &rej); 1759 } 1760 break; 1761 default: 1762 conn->state = BT_CLOSED; 1763 break; 1764 } 1765 } 1766 1767 static void abort_conn_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1768 { 1769 if (status) 1770 BT_DBG("Failed to abort connection: status 0x%2.2x", status); 1771 } 1772 1773 int hci_abort_conn(struct hci_conn *conn, u8 reason) 1774 { 1775 struct hci_request req; 1776 int err; 1777 1778 hci_req_init(&req, conn->hdev); 1779 1780 __hci_abort_conn(&req, conn, reason); 1781 1782 err = hci_req_run(&req, abort_conn_complete); 1783 if (err && err != -ENODATA) { 1784 BT_ERR("Failed to run HCI request: err %d", err); 1785 return err; 1786 } 1787 1788 return 0; 1789 } 1790 1791 static int update_bg_scan(struct hci_request *req, unsigned long opt) 1792 { 1793 hci_dev_lock(req->hdev); 1794 __hci_update_background_scan(req); 1795 hci_dev_unlock(req->hdev); 1796 return 0; 1797 } 1798 1799 static void bg_scan_update(struct work_struct *work) 1800 { 1801 struct hci_dev *hdev = container_of(work, struct hci_dev, 1802 bg_scan_update); 1803 struct hci_conn *conn; 1804 u8 status; 1805 int err; 1806 1807 err = hci_req_sync(hdev, update_bg_scan, 0, HCI_CMD_TIMEOUT, &status); 1808 if (!err) 1809 return; 1810 1811 hci_dev_lock(hdev); 1812 1813 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT); 1814 if (conn) 1815 hci_le_conn_failed(conn, status); 1816 1817 hci_dev_unlock(hdev); 1818 } 1819 1820 static int le_scan_disable(struct hci_request *req, unsigned long opt) 1821 { 1822 hci_req_add_le_scan_disable(req); 1823 return 0; 1824 } 1825 1826 static int bredr_inquiry(struct hci_request *req, unsigned long opt) 1827 { 1828 u8 length = opt; 1829 const u8 giac[3] = { 0x33, 0x8b, 0x9e }; 1830 const u8 liac[3] = { 0x00, 0x8b, 0x9e }; 1831 struct hci_cp_inquiry cp; 1832 1833 BT_DBG("%s", req->hdev->name); 1834 1835 hci_dev_lock(req->hdev); 1836 hci_inquiry_cache_flush(req->hdev); 1837 hci_dev_unlock(req->hdev); 1838 1839 memset(&cp, 0, sizeof(cp)); 1840 1841 if (req->hdev->discovery.limited) 1842 memcpy(&cp.lap, liac, sizeof(cp.lap)); 1843 else 1844 memcpy(&cp.lap, giac, sizeof(cp.lap)); 1845 1846 cp.length = length; 1847 1848 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp); 1849 1850 return 0; 1851 } 1852 1853 static void le_scan_disable_work(struct work_struct *work) 1854 { 1855 struct hci_dev *hdev = container_of(work, struct hci_dev, 1856 le_scan_disable.work); 1857 u8 status; 1858 1859 BT_DBG("%s", hdev->name); 1860 1861 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 1862 return; 1863 1864 cancel_delayed_work(&hdev->le_scan_restart); 1865 1866 hci_req_sync(hdev, le_scan_disable, 0, HCI_CMD_TIMEOUT, &status); 1867 if (status) { 1868 BT_ERR("Failed to disable LE scan: status 0x%02x", status); 1869 return; 1870 } 1871 1872 hdev->discovery.scan_start = 0; 1873 1874 /* If we were running LE only scan, change discovery state. If 1875 * we were running both LE and BR/EDR inquiry simultaneously, 1876 * and BR/EDR inquiry is already finished, stop discovery, 1877 * otherwise BR/EDR inquiry will stop discovery when finished. 1878 * If we will resolve remote device name, do not change 1879 * discovery state. 1880 */ 1881 1882 if (hdev->discovery.type == DISCOV_TYPE_LE) 1883 goto discov_stopped; 1884 1885 if (hdev->discovery.type != DISCOV_TYPE_INTERLEAVED) 1886 return; 1887 1888 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks)) { 1889 if (!test_bit(HCI_INQUIRY, &hdev->flags) && 1890 hdev->discovery.state != DISCOVERY_RESOLVING) 1891 goto discov_stopped; 1892 1893 return; 1894 } 1895 1896 hci_req_sync(hdev, bredr_inquiry, DISCOV_INTERLEAVED_INQUIRY_LEN, 1897 HCI_CMD_TIMEOUT, &status); 1898 if (status) { 1899 BT_ERR("Inquiry failed: status 0x%02x", status); 1900 goto discov_stopped; 1901 } 1902 1903 return; 1904 1905 discov_stopped: 1906 hci_dev_lock(hdev); 1907 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 1908 hci_dev_unlock(hdev); 1909 } 1910 1911 static int le_scan_restart(struct hci_request *req, unsigned long opt) 1912 { 1913 struct hci_dev *hdev = req->hdev; 1914 struct hci_cp_le_set_scan_enable cp; 1915 1916 /* If controller is not scanning we are done. */ 1917 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 1918 return 0; 1919 1920 hci_req_add_le_scan_disable(req); 1921 1922 memset(&cp, 0, sizeof(cp)); 1923 cp.enable = LE_SCAN_ENABLE; 1924 cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE; 1925 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 1926 1927 return 0; 1928 } 1929 1930 static void le_scan_restart_work(struct work_struct *work) 1931 { 1932 struct hci_dev *hdev = container_of(work, struct hci_dev, 1933 le_scan_restart.work); 1934 unsigned long timeout, duration, scan_start, now; 1935 u8 status; 1936 1937 BT_DBG("%s", hdev->name); 1938 1939 hci_req_sync(hdev, le_scan_restart, 0, HCI_CMD_TIMEOUT, &status); 1940 if (status) { 1941 BT_ERR("Failed to restart LE scan: status %d", status); 1942 return; 1943 } 1944 1945 hci_dev_lock(hdev); 1946 1947 if (!test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) || 1948 !hdev->discovery.scan_start) 1949 goto unlock; 1950 1951 /* When the scan was started, hdev->le_scan_disable has been queued 1952 * after duration from scan_start. During scan restart this job 1953 * has been canceled, and we need to queue it again after proper 1954 * timeout, to make sure that scan does not run indefinitely. 1955 */ 1956 duration = hdev->discovery.scan_duration; 1957 scan_start = hdev->discovery.scan_start; 1958 now = jiffies; 1959 if (now - scan_start <= duration) { 1960 int elapsed; 1961 1962 if (now >= scan_start) 1963 elapsed = now - scan_start; 1964 else 1965 elapsed = ULONG_MAX - scan_start + now; 1966 1967 timeout = duration - elapsed; 1968 } else { 1969 timeout = 0; 1970 } 1971 1972 queue_delayed_work(hdev->req_workqueue, 1973 &hdev->le_scan_disable, timeout); 1974 1975 unlock: 1976 hci_dev_unlock(hdev); 1977 } 1978 1979 static void disable_advertising(struct hci_request *req) 1980 { 1981 u8 enable = 0x00; 1982 1983 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable); 1984 } 1985 1986 static int active_scan(struct hci_request *req, unsigned long opt) 1987 { 1988 uint16_t interval = opt; 1989 struct hci_dev *hdev = req->hdev; 1990 struct hci_cp_le_set_scan_param param_cp; 1991 struct hci_cp_le_set_scan_enable enable_cp; 1992 u8 own_addr_type; 1993 int err; 1994 1995 BT_DBG("%s", hdev->name); 1996 1997 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) { 1998 hci_dev_lock(hdev); 1999 2000 /* Don't let discovery abort an outgoing connection attempt 2001 * that's using directed advertising. 2002 */ 2003 if (hci_lookup_le_connect(hdev)) { 2004 hci_dev_unlock(hdev); 2005 return -EBUSY; 2006 } 2007 2008 cancel_adv_timeout(hdev); 2009 hci_dev_unlock(hdev); 2010 2011 disable_advertising(req); 2012 } 2013 2014 /* If controller is scanning, it means the background scanning is 2015 * running. Thus, we should temporarily stop it in order to set the 2016 * discovery scanning parameters. 2017 */ 2018 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) 2019 hci_req_add_le_scan_disable(req); 2020 2021 /* All active scans will be done with either a resolvable private 2022 * address (when privacy feature has been enabled) or non-resolvable 2023 * private address. 2024 */ 2025 err = hci_update_random_address(req, true, scan_use_rpa(hdev), 2026 &own_addr_type); 2027 if (err < 0) 2028 own_addr_type = ADDR_LE_DEV_PUBLIC; 2029 2030 memset(¶m_cp, 0, sizeof(param_cp)); 2031 param_cp.type = LE_SCAN_ACTIVE; 2032 param_cp.interval = cpu_to_le16(interval); 2033 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN); 2034 param_cp.own_address_type = own_addr_type; 2035 2036 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp), 2037 ¶m_cp); 2038 2039 memset(&enable_cp, 0, sizeof(enable_cp)); 2040 enable_cp.enable = LE_SCAN_ENABLE; 2041 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE; 2042 2043 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp), 2044 &enable_cp); 2045 2046 return 0; 2047 } 2048 2049 static int interleaved_discov(struct hci_request *req, unsigned long opt) 2050 { 2051 int err; 2052 2053 BT_DBG("%s", req->hdev->name); 2054 2055 err = active_scan(req, opt); 2056 if (err) 2057 return err; 2058 2059 return bredr_inquiry(req, DISCOV_BREDR_INQUIRY_LEN); 2060 } 2061 2062 static void start_discovery(struct hci_dev *hdev, u8 *status) 2063 { 2064 unsigned long timeout; 2065 2066 BT_DBG("%s type %u", hdev->name, hdev->discovery.type); 2067 2068 switch (hdev->discovery.type) { 2069 case DISCOV_TYPE_BREDR: 2070 if (!hci_dev_test_flag(hdev, HCI_INQUIRY)) 2071 hci_req_sync(hdev, bredr_inquiry, 2072 DISCOV_BREDR_INQUIRY_LEN, HCI_CMD_TIMEOUT, 2073 status); 2074 return; 2075 case DISCOV_TYPE_INTERLEAVED: 2076 /* When running simultaneous discovery, the LE scanning time 2077 * should occupy the whole discovery time sine BR/EDR inquiry 2078 * and LE scanning are scheduled by the controller. 2079 * 2080 * For interleaving discovery in comparison, BR/EDR inquiry 2081 * and LE scanning are done sequentially with separate 2082 * timeouts. 2083 */ 2084 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, 2085 &hdev->quirks)) { 2086 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT); 2087 /* During simultaneous discovery, we double LE scan 2088 * interval. We must leave some time for the controller 2089 * to do BR/EDR inquiry. 2090 */ 2091 hci_req_sync(hdev, interleaved_discov, 2092 DISCOV_LE_SCAN_INT * 2, HCI_CMD_TIMEOUT, 2093 status); 2094 break; 2095 } 2096 2097 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout); 2098 hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT, 2099 HCI_CMD_TIMEOUT, status); 2100 break; 2101 case DISCOV_TYPE_LE: 2102 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT); 2103 hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT, 2104 HCI_CMD_TIMEOUT, status); 2105 break; 2106 default: 2107 *status = HCI_ERROR_UNSPECIFIED; 2108 return; 2109 } 2110 2111 if (*status) 2112 return; 2113 2114 BT_DBG("%s timeout %u ms", hdev->name, jiffies_to_msecs(timeout)); 2115 2116 /* When service discovery is used and the controller has a 2117 * strict duplicate filter, it is important to remember the 2118 * start and duration of the scan. This is required for 2119 * restarting scanning during the discovery phase. 2120 */ 2121 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) && 2122 hdev->discovery.result_filtering) { 2123 hdev->discovery.scan_start = jiffies; 2124 hdev->discovery.scan_duration = timeout; 2125 } 2126 2127 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_disable, 2128 timeout); 2129 } 2130 2131 bool hci_req_stop_discovery(struct hci_request *req) 2132 { 2133 struct hci_dev *hdev = req->hdev; 2134 struct discovery_state *d = &hdev->discovery; 2135 struct hci_cp_remote_name_req_cancel cp; 2136 struct inquiry_entry *e; 2137 bool ret = false; 2138 2139 BT_DBG("%s state %u", hdev->name, hdev->discovery.state); 2140 2141 if (d->state == DISCOVERY_FINDING || d->state == DISCOVERY_STOPPING) { 2142 if (test_bit(HCI_INQUIRY, &hdev->flags)) 2143 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL); 2144 2145 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) { 2146 cancel_delayed_work(&hdev->le_scan_disable); 2147 hci_req_add_le_scan_disable(req); 2148 } 2149 2150 ret = true; 2151 } else { 2152 /* Passive scanning */ 2153 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) { 2154 hci_req_add_le_scan_disable(req); 2155 ret = true; 2156 } 2157 } 2158 2159 /* No further actions needed for LE-only discovery */ 2160 if (d->type == DISCOV_TYPE_LE) 2161 return ret; 2162 2163 if (d->state == DISCOVERY_RESOLVING || d->state == DISCOVERY_STOPPING) { 2164 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, 2165 NAME_PENDING); 2166 if (!e) 2167 return ret; 2168 2169 bacpy(&cp.bdaddr, &e->data.bdaddr); 2170 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp), 2171 &cp); 2172 ret = true; 2173 } 2174 2175 return ret; 2176 } 2177 2178 static int stop_discovery(struct hci_request *req, unsigned long opt) 2179 { 2180 hci_dev_lock(req->hdev); 2181 hci_req_stop_discovery(req); 2182 hci_dev_unlock(req->hdev); 2183 2184 return 0; 2185 } 2186 2187 static void discov_update(struct work_struct *work) 2188 { 2189 struct hci_dev *hdev = container_of(work, struct hci_dev, 2190 discov_update); 2191 u8 status = 0; 2192 2193 switch (hdev->discovery.state) { 2194 case DISCOVERY_STARTING: 2195 start_discovery(hdev, &status); 2196 mgmt_start_discovery_complete(hdev, status); 2197 if (status) 2198 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 2199 else 2200 hci_discovery_set_state(hdev, DISCOVERY_FINDING); 2201 break; 2202 case DISCOVERY_STOPPING: 2203 hci_req_sync(hdev, stop_discovery, 0, HCI_CMD_TIMEOUT, &status); 2204 mgmt_stop_discovery_complete(hdev, status); 2205 if (!status) 2206 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 2207 break; 2208 case DISCOVERY_STOPPED: 2209 default: 2210 return; 2211 } 2212 } 2213 2214 static void discov_off(struct work_struct *work) 2215 { 2216 struct hci_dev *hdev = container_of(work, struct hci_dev, 2217 discov_off.work); 2218 2219 BT_DBG("%s", hdev->name); 2220 2221 hci_dev_lock(hdev); 2222 2223 /* When discoverable timeout triggers, then just make sure 2224 * the limited discoverable flag is cleared. Even in the case 2225 * of a timeout triggered from general discoverable, it is 2226 * safe to unconditionally clear the flag. 2227 */ 2228 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 2229 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 2230 hdev->discov_timeout = 0; 2231 2232 hci_dev_unlock(hdev); 2233 2234 hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, NULL); 2235 mgmt_new_settings(hdev); 2236 } 2237 2238 static int powered_update_hci(struct hci_request *req, unsigned long opt) 2239 { 2240 struct hci_dev *hdev = req->hdev; 2241 u8 link_sec; 2242 2243 hci_dev_lock(hdev); 2244 2245 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) && 2246 !lmp_host_ssp_capable(hdev)) { 2247 u8 mode = 0x01; 2248 2249 hci_req_add(req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode); 2250 2251 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) { 2252 u8 support = 0x01; 2253 2254 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT, 2255 sizeof(support), &support); 2256 } 2257 } 2258 2259 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 2260 lmp_bredr_capable(hdev)) { 2261 struct hci_cp_write_le_host_supported cp; 2262 2263 cp.le = 0x01; 2264 cp.simul = 0x00; 2265 2266 /* Check first if we already have the right 2267 * host state (host features set) 2268 */ 2269 if (cp.le != lmp_host_le_capable(hdev) || 2270 cp.simul != lmp_host_le_br_capable(hdev)) 2271 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, 2272 sizeof(cp), &cp); 2273 } 2274 2275 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 2276 /* Make sure the controller has a good default for 2277 * advertising data. This also applies to the case 2278 * where BR/EDR was toggled during the AUTO_OFF phase. 2279 */ 2280 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 2281 list_empty(&hdev->adv_instances)) { 2282 __hci_req_update_adv_data(req, 0x00); 2283 __hci_req_update_scan_rsp_data(req, 0x00); 2284 2285 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 2286 __hci_req_enable_advertising(req); 2287 } else if (!list_empty(&hdev->adv_instances)) { 2288 struct adv_info *adv_instance; 2289 2290 adv_instance = list_first_entry(&hdev->adv_instances, 2291 struct adv_info, list); 2292 __hci_req_schedule_adv_instance(req, 2293 adv_instance->instance, 2294 true); 2295 } 2296 } 2297 2298 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY); 2299 if (link_sec != test_bit(HCI_AUTH, &hdev->flags)) 2300 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 2301 sizeof(link_sec), &link_sec); 2302 2303 if (lmp_bredr_capable(hdev)) { 2304 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) 2305 __hci_req_write_fast_connectable(req, true); 2306 else 2307 __hci_req_write_fast_connectable(req, false); 2308 __hci_req_update_scan(req); 2309 __hci_req_update_class(req); 2310 __hci_req_update_name(req); 2311 __hci_req_update_eir(req); 2312 } 2313 2314 hci_dev_unlock(hdev); 2315 return 0; 2316 } 2317 2318 int __hci_req_hci_power_on(struct hci_dev *hdev) 2319 { 2320 /* Register the available SMP channels (BR/EDR and LE) only when 2321 * successfully powering on the controller. This late 2322 * registration is required so that LE SMP can clearly decide if 2323 * the public address or static address is used. 2324 */ 2325 smp_register(hdev); 2326 2327 return __hci_req_sync(hdev, powered_update_hci, 0, HCI_CMD_TIMEOUT, 2328 NULL); 2329 } 2330 2331 void hci_request_setup(struct hci_dev *hdev) 2332 { 2333 INIT_WORK(&hdev->discov_update, discov_update); 2334 INIT_WORK(&hdev->bg_scan_update, bg_scan_update); 2335 INIT_WORK(&hdev->scan_update, scan_update_work); 2336 INIT_WORK(&hdev->connectable_update, connectable_update_work); 2337 INIT_WORK(&hdev->discoverable_update, discoverable_update_work); 2338 INIT_DELAYED_WORK(&hdev->discov_off, discov_off); 2339 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work); 2340 INIT_DELAYED_WORK(&hdev->le_scan_restart, le_scan_restart_work); 2341 INIT_DELAYED_WORK(&hdev->adv_instance_expire, adv_timeout_expire); 2342 } 2343 2344 void hci_request_cancel_all(struct hci_dev *hdev) 2345 { 2346 hci_req_sync_cancel(hdev, ENODEV); 2347 2348 cancel_work_sync(&hdev->discov_update); 2349 cancel_work_sync(&hdev->bg_scan_update); 2350 cancel_work_sync(&hdev->scan_update); 2351 cancel_work_sync(&hdev->connectable_update); 2352 cancel_work_sync(&hdev->discoverable_update); 2353 cancel_delayed_work_sync(&hdev->discov_off); 2354 cancel_delayed_work_sync(&hdev->le_scan_disable); 2355 cancel_delayed_work_sync(&hdev->le_scan_restart); 2356 2357 if (hdev->adv_instance_timeout) { 2358 cancel_delayed_work_sync(&hdev->adv_instance_expire); 2359 hdev->adv_instance_timeout = 0; 2360 } 2361 } 2362