1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2014 Intel Corporation 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 #include <linux/sched/signal.h> 25 26 #include <net/bluetooth/bluetooth.h> 27 #include <net/bluetooth/hci_core.h> 28 #include <net/bluetooth/mgmt.h> 29 30 #include "smp.h" 31 #include "hci_request.h" 32 33 #define HCI_REQ_DONE 0 34 #define HCI_REQ_PEND 1 35 #define HCI_REQ_CANCELED 2 36 37 void hci_req_init(struct hci_request *req, struct hci_dev *hdev) 38 { 39 skb_queue_head_init(&req->cmd_q); 40 req->hdev = hdev; 41 req->err = 0; 42 } 43 44 void hci_req_purge(struct hci_request *req) 45 { 46 skb_queue_purge(&req->cmd_q); 47 } 48 49 static int req_run(struct hci_request *req, hci_req_complete_t complete, 50 hci_req_complete_skb_t complete_skb) 51 { 52 struct hci_dev *hdev = req->hdev; 53 struct sk_buff *skb; 54 unsigned long flags; 55 56 BT_DBG("length %u", skb_queue_len(&req->cmd_q)); 57 58 /* If an error occurred during request building, remove all HCI 59 * commands queued on the HCI request queue. 60 */ 61 if (req->err) { 62 skb_queue_purge(&req->cmd_q); 63 return req->err; 64 } 65 66 /* Do not allow empty requests */ 67 if (skb_queue_empty(&req->cmd_q)) 68 return -ENODATA; 69 70 skb = skb_peek_tail(&req->cmd_q); 71 if (complete) { 72 bt_cb(skb)->hci.req_complete = complete; 73 } else if (complete_skb) { 74 bt_cb(skb)->hci.req_complete_skb = complete_skb; 75 bt_cb(skb)->hci.req_flags |= HCI_REQ_SKB; 76 } 77 78 spin_lock_irqsave(&hdev->cmd_q.lock, flags); 79 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q); 80 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags); 81 82 queue_work(hdev->workqueue, &hdev->cmd_work); 83 84 return 0; 85 } 86 87 int hci_req_run(struct hci_request *req, hci_req_complete_t complete) 88 { 89 return req_run(req, complete, NULL); 90 } 91 92 int hci_req_run_skb(struct hci_request *req, hci_req_complete_skb_t complete) 93 { 94 return req_run(req, NULL, complete); 95 } 96 97 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode, 98 struct sk_buff *skb) 99 { 100 BT_DBG("%s result 0x%2.2x", hdev->name, result); 101 102 if (hdev->req_status == HCI_REQ_PEND) { 103 hdev->req_result = result; 104 hdev->req_status = HCI_REQ_DONE; 105 if (skb) 106 hdev->req_skb = skb_get(skb); 107 wake_up_interruptible(&hdev->req_wait_q); 108 } 109 } 110 111 void hci_req_sync_cancel(struct hci_dev *hdev, int err) 112 { 113 BT_DBG("%s err 0x%2.2x", hdev->name, err); 114 115 if (hdev->req_status == HCI_REQ_PEND) { 116 hdev->req_result = err; 117 hdev->req_status = HCI_REQ_CANCELED; 118 wake_up_interruptible(&hdev->req_wait_q); 119 } 120 } 121 122 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen, 123 const void *param, u8 event, u32 timeout) 124 { 125 DECLARE_WAITQUEUE(wait, current); 126 struct hci_request req; 127 struct sk_buff *skb; 128 int err = 0; 129 130 BT_DBG("%s", hdev->name); 131 132 hci_req_init(&req, hdev); 133 134 hci_req_add_ev(&req, opcode, plen, param, event); 135 136 hdev->req_status = HCI_REQ_PEND; 137 138 add_wait_queue(&hdev->req_wait_q, &wait); 139 set_current_state(TASK_INTERRUPTIBLE); 140 141 err = hci_req_run_skb(&req, hci_req_sync_complete); 142 if (err < 0) { 143 remove_wait_queue(&hdev->req_wait_q, &wait); 144 set_current_state(TASK_RUNNING); 145 return ERR_PTR(err); 146 } 147 148 schedule_timeout(timeout); 149 150 remove_wait_queue(&hdev->req_wait_q, &wait); 151 152 if (signal_pending(current)) 153 return ERR_PTR(-EINTR); 154 155 switch (hdev->req_status) { 156 case HCI_REQ_DONE: 157 err = -bt_to_errno(hdev->req_result); 158 break; 159 160 case HCI_REQ_CANCELED: 161 err = -hdev->req_result; 162 break; 163 164 default: 165 err = -ETIMEDOUT; 166 break; 167 } 168 169 hdev->req_status = hdev->req_result = 0; 170 skb = hdev->req_skb; 171 hdev->req_skb = NULL; 172 173 BT_DBG("%s end: err %d", hdev->name, err); 174 175 if (err < 0) { 176 kfree_skb(skb); 177 return ERR_PTR(err); 178 } 179 180 if (!skb) 181 return ERR_PTR(-ENODATA); 182 183 return skb; 184 } 185 EXPORT_SYMBOL(__hci_cmd_sync_ev); 186 187 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen, 188 const void *param, u32 timeout) 189 { 190 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout); 191 } 192 EXPORT_SYMBOL(__hci_cmd_sync); 193 194 /* Execute request and wait for completion. */ 195 int __hci_req_sync(struct hci_dev *hdev, int (*func)(struct hci_request *req, 196 unsigned long opt), 197 unsigned long opt, u32 timeout, u8 *hci_status) 198 { 199 struct hci_request req; 200 DECLARE_WAITQUEUE(wait, current); 201 int err = 0; 202 203 BT_DBG("%s start", hdev->name); 204 205 hci_req_init(&req, hdev); 206 207 hdev->req_status = HCI_REQ_PEND; 208 209 err = func(&req, opt); 210 if (err) { 211 if (hci_status) 212 *hci_status = HCI_ERROR_UNSPECIFIED; 213 return err; 214 } 215 216 add_wait_queue(&hdev->req_wait_q, &wait); 217 set_current_state(TASK_INTERRUPTIBLE); 218 219 err = hci_req_run_skb(&req, hci_req_sync_complete); 220 if (err < 0) { 221 hdev->req_status = 0; 222 223 remove_wait_queue(&hdev->req_wait_q, &wait); 224 set_current_state(TASK_RUNNING); 225 226 /* ENODATA means the HCI request command queue is empty. 227 * This can happen when a request with conditionals doesn't 228 * trigger any commands to be sent. This is normal behavior 229 * and should not trigger an error return. 230 */ 231 if (err == -ENODATA) { 232 if (hci_status) 233 *hci_status = 0; 234 return 0; 235 } 236 237 if (hci_status) 238 *hci_status = HCI_ERROR_UNSPECIFIED; 239 240 return err; 241 } 242 243 schedule_timeout(timeout); 244 245 remove_wait_queue(&hdev->req_wait_q, &wait); 246 247 if (signal_pending(current)) 248 return -EINTR; 249 250 switch (hdev->req_status) { 251 case HCI_REQ_DONE: 252 err = -bt_to_errno(hdev->req_result); 253 if (hci_status) 254 *hci_status = hdev->req_result; 255 break; 256 257 case HCI_REQ_CANCELED: 258 err = -hdev->req_result; 259 if (hci_status) 260 *hci_status = HCI_ERROR_UNSPECIFIED; 261 break; 262 263 default: 264 err = -ETIMEDOUT; 265 if (hci_status) 266 *hci_status = HCI_ERROR_UNSPECIFIED; 267 break; 268 } 269 270 kfree_skb(hdev->req_skb); 271 hdev->req_skb = NULL; 272 hdev->req_status = hdev->req_result = 0; 273 274 BT_DBG("%s end: err %d", hdev->name, err); 275 276 return err; 277 } 278 279 int hci_req_sync(struct hci_dev *hdev, int (*req)(struct hci_request *req, 280 unsigned long opt), 281 unsigned long opt, u32 timeout, u8 *hci_status) 282 { 283 int ret; 284 285 if (!test_bit(HCI_UP, &hdev->flags)) 286 return -ENETDOWN; 287 288 /* Serialize all requests */ 289 hci_req_sync_lock(hdev); 290 ret = __hci_req_sync(hdev, req, opt, timeout, hci_status); 291 hci_req_sync_unlock(hdev); 292 293 return ret; 294 } 295 296 struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode, u32 plen, 297 const void *param) 298 { 299 int len = HCI_COMMAND_HDR_SIZE + plen; 300 struct hci_command_hdr *hdr; 301 struct sk_buff *skb; 302 303 skb = bt_skb_alloc(len, GFP_ATOMIC); 304 if (!skb) 305 return NULL; 306 307 hdr = skb_put(skb, HCI_COMMAND_HDR_SIZE); 308 hdr->opcode = cpu_to_le16(opcode); 309 hdr->plen = plen; 310 311 if (plen) 312 skb_put_data(skb, param, plen); 313 314 BT_DBG("skb len %d", skb->len); 315 316 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 317 hci_skb_opcode(skb) = opcode; 318 319 return skb; 320 } 321 322 /* Queue a command to an asynchronous HCI request */ 323 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen, 324 const void *param, u8 event) 325 { 326 struct hci_dev *hdev = req->hdev; 327 struct sk_buff *skb; 328 329 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen); 330 331 /* If an error occurred during request building, there is no point in 332 * queueing the HCI command. We can simply return. 333 */ 334 if (req->err) 335 return; 336 337 skb = hci_prepare_cmd(hdev, opcode, plen, param); 338 if (!skb) { 339 bt_dev_err(hdev, "no memory for command (opcode 0x%4.4x)", 340 opcode); 341 req->err = -ENOMEM; 342 return; 343 } 344 345 if (skb_queue_empty(&req->cmd_q)) 346 bt_cb(skb)->hci.req_flags |= HCI_REQ_START; 347 348 bt_cb(skb)->hci.req_event = event; 349 350 skb_queue_tail(&req->cmd_q, skb); 351 } 352 353 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, 354 const void *param) 355 { 356 hci_req_add_ev(req, opcode, plen, param, 0); 357 } 358 359 void __hci_req_write_fast_connectable(struct hci_request *req, bool enable) 360 { 361 struct hci_dev *hdev = req->hdev; 362 struct hci_cp_write_page_scan_activity acp; 363 u8 type; 364 365 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 366 return; 367 368 if (hdev->hci_ver < BLUETOOTH_VER_1_2) 369 return; 370 371 if (enable) { 372 type = PAGE_SCAN_TYPE_INTERLACED; 373 374 /* 160 msec page scan interval */ 375 acp.interval = cpu_to_le16(0x0100); 376 } else { 377 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 378 379 /* default 1.28 sec page scan */ 380 acp.interval = cpu_to_le16(0x0800); 381 } 382 383 acp.window = cpu_to_le16(0x0012); 384 385 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval || 386 __cpu_to_le16(hdev->page_scan_window) != acp.window) 387 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, 388 sizeof(acp), &acp); 389 390 if (hdev->page_scan_type != type) 391 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); 392 } 393 394 /* This function controls the background scanning based on hdev->pend_le_conns 395 * list. If there are pending LE connection we start the background scanning, 396 * otherwise we stop it. 397 * 398 * This function requires the caller holds hdev->lock. 399 */ 400 static void __hci_update_background_scan(struct hci_request *req) 401 { 402 struct hci_dev *hdev = req->hdev; 403 404 if (!test_bit(HCI_UP, &hdev->flags) || 405 test_bit(HCI_INIT, &hdev->flags) || 406 hci_dev_test_flag(hdev, HCI_SETUP) || 407 hci_dev_test_flag(hdev, HCI_CONFIG) || 408 hci_dev_test_flag(hdev, HCI_AUTO_OFF) || 409 hci_dev_test_flag(hdev, HCI_UNREGISTER)) 410 return; 411 412 /* No point in doing scanning if LE support hasn't been enabled */ 413 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 414 return; 415 416 /* If discovery is active don't interfere with it */ 417 if (hdev->discovery.state != DISCOVERY_STOPPED) 418 return; 419 420 /* Reset RSSI and UUID filters when starting background scanning 421 * since these filters are meant for service discovery only. 422 * 423 * The Start Discovery and Start Service Discovery operations 424 * ensure to set proper values for RSSI threshold and UUID 425 * filter list. So it is safe to just reset them here. 426 */ 427 hci_discovery_filter_clear(hdev); 428 429 if (list_empty(&hdev->pend_le_conns) && 430 list_empty(&hdev->pend_le_reports)) { 431 /* If there is no pending LE connections or devices 432 * to be scanned for, we should stop the background 433 * scanning. 434 */ 435 436 /* If controller is not scanning we are done. */ 437 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 438 return; 439 440 hci_req_add_le_scan_disable(req); 441 442 BT_DBG("%s stopping background scanning", hdev->name); 443 } else { 444 /* If there is at least one pending LE connection, we should 445 * keep the background scan running. 446 */ 447 448 /* If controller is connecting, we should not start scanning 449 * since some controllers are not able to scan and connect at 450 * the same time. 451 */ 452 if (hci_lookup_le_connect(hdev)) 453 return; 454 455 /* If controller is currently scanning, we stop it to ensure we 456 * don't miss any advertising (due to duplicates filter). 457 */ 458 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) 459 hci_req_add_le_scan_disable(req); 460 461 hci_req_add_le_passive_scan(req); 462 463 BT_DBG("%s starting background scanning", hdev->name); 464 } 465 } 466 467 void __hci_req_update_name(struct hci_request *req) 468 { 469 struct hci_dev *hdev = req->hdev; 470 struct hci_cp_write_local_name cp; 471 472 memcpy(cp.name, hdev->dev_name, sizeof(cp.name)); 473 474 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp); 475 } 476 477 #define PNP_INFO_SVCLASS_ID 0x1200 478 479 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len) 480 { 481 u8 *ptr = data, *uuids_start = NULL; 482 struct bt_uuid *uuid; 483 484 if (len < 4) 485 return ptr; 486 487 list_for_each_entry(uuid, &hdev->uuids, list) { 488 u16 uuid16; 489 490 if (uuid->size != 16) 491 continue; 492 493 uuid16 = get_unaligned_le16(&uuid->uuid[12]); 494 if (uuid16 < 0x1100) 495 continue; 496 497 if (uuid16 == PNP_INFO_SVCLASS_ID) 498 continue; 499 500 if (!uuids_start) { 501 uuids_start = ptr; 502 uuids_start[0] = 1; 503 uuids_start[1] = EIR_UUID16_ALL; 504 ptr += 2; 505 } 506 507 /* Stop if not enough space to put next UUID */ 508 if ((ptr - data) + sizeof(u16) > len) { 509 uuids_start[1] = EIR_UUID16_SOME; 510 break; 511 } 512 513 *ptr++ = (uuid16 & 0x00ff); 514 *ptr++ = (uuid16 & 0xff00) >> 8; 515 uuids_start[0] += sizeof(uuid16); 516 } 517 518 return ptr; 519 } 520 521 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len) 522 { 523 u8 *ptr = data, *uuids_start = NULL; 524 struct bt_uuid *uuid; 525 526 if (len < 6) 527 return ptr; 528 529 list_for_each_entry(uuid, &hdev->uuids, list) { 530 if (uuid->size != 32) 531 continue; 532 533 if (!uuids_start) { 534 uuids_start = ptr; 535 uuids_start[0] = 1; 536 uuids_start[1] = EIR_UUID32_ALL; 537 ptr += 2; 538 } 539 540 /* Stop if not enough space to put next UUID */ 541 if ((ptr - data) + sizeof(u32) > len) { 542 uuids_start[1] = EIR_UUID32_SOME; 543 break; 544 } 545 546 memcpy(ptr, &uuid->uuid[12], sizeof(u32)); 547 ptr += sizeof(u32); 548 uuids_start[0] += sizeof(u32); 549 } 550 551 return ptr; 552 } 553 554 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len) 555 { 556 u8 *ptr = data, *uuids_start = NULL; 557 struct bt_uuid *uuid; 558 559 if (len < 18) 560 return ptr; 561 562 list_for_each_entry(uuid, &hdev->uuids, list) { 563 if (uuid->size != 128) 564 continue; 565 566 if (!uuids_start) { 567 uuids_start = ptr; 568 uuids_start[0] = 1; 569 uuids_start[1] = EIR_UUID128_ALL; 570 ptr += 2; 571 } 572 573 /* Stop if not enough space to put next UUID */ 574 if ((ptr - data) + 16 > len) { 575 uuids_start[1] = EIR_UUID128_SOME; 576 break; 577 } 578 579 memcpy(ptr, uuid->uuid, 16); 580 ptr += 16; 581 uuids_start[0] += 16; 582 } 583 584 return ptr; 585 } 586 587 static void create_eir(struct hci_dev *hdev, u8 *data) 588 { 589 u8 *ptr = data; 590 size_t name_len; 591 592 name_len = strlen(hdev->dev_name); 593 594 if (name_len > 0) { 595 /* EIR Data type */ 596 if (name_len > 48) { 597 name_len = 48; 598 ptr[1] = EIR_NAME_SHORT; 599 } else 600 ptr[1] = EIR_NAME_COMPLETE; 601 602 /* EIR Data length */ 603 ptr[0] = name_len + 1; 604 605 memcpy(ptr + 2, hdev->dev_name, name_len); 606 607 ptr += (name_len + 2); 608 } 609 610 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) { 611 ptr[0] = 2; 612 ptr[1] = EIR_TX_POWER; 613 ptr[2] = (u8) hdev->inq_tx_power; 614 615 ptr += 3; 616 } 617 618 if (hdev->devid_source > 0) { 619 ptr[0] = 9; 620 ptr[1] = EIR_DEVICE_ID; 621 622 put_unaligned_le16(hdev->devid_source, ptr + 2); 623 put_unaligned_le16(hdev->devid_vendor, ptr + 4); 624 put_unaligned_le16(hdev->devid_product, ptr + 6); 625 put_unaligned_le16(hdev->devid_version, ptr + 8); 626 627 ptr += 10; 628 } 629 630 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data)); 631 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data)); 632 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data)); 633 } 634 635 void __hci_req_update_eir(struct hci_request *req) 636 { 637 struct hci_dev *hdev = req->hdev; 638 struct hci_cp_write_eir cp; 639 640 if (!hdev_is_powered(hdev)) 641 return; 642 643 if (!lmp_ext_inq_capable(hdev)) 644 return; 645 646 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 647 return; 648 649 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE)) 650 return; 651 652 memset(&cp, 0, sizeof(cp)); 653 654 create_eir(hdev, cp.data); 655 656 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0) 657 return; 658 659 memcpy(hdev->eir, cp.data, sizeof(cp.data)); 660 661 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 662 } 663 664 void hci_req_add_le_scan_disable(struct hci_request *req) 665 { 666 struct hci_cp_le_set_scan_enable cp; 667 668 memset(&cp, 0, sizeof(cp)); 669 cp.enable = LE_SCAN_DISABLE; 670 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 671 } 672 673 static void add_to_white_list(struct hci_request *req, 674 struct hci_conn_params *params) 675 { 676 struct hci_cp_le_add_to_white_list cp; 677 678 cp.bdaddr_type = params->addr_type; 679 bacpy(&cp.bdaddr, ¶ms->addr); 680 681 hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp); 682 } 683 684 static u8 update_white_list(struct hci_request *req) 685 { 686 struct hci_dev *hdev = req->hdev; 687 struct hci_conn_params *params; 688 struct bdaddr_list *b; 689 uint8_t white_list_entries = 0; 690 691 /* Go through the current white list programmed into the 692 * controller one by one and check if that address is still 693 * in the list of pending connections or list of devices to 694 * report. If not present in either list, then queue the 695 * command to remove it from the controller. 696 */ 697 list_for_each_entry(b, &hdev->le_white_list, list) { 698 /* If the device is neither in pend_le_conns nor 699 * pend_le_reports then remove it from the whitelist. 700 */ 701 if (!hci_pend_le_action_lookup(&hdev->pend_le_conns, 702 &b->bdaddr, b->bdaddr_type) && 703 !hci_pend_le_action_lookup(&hdev->pend_le_reports, 704 &b->bdaddr, b->bdaddr_type)) { 705 struct hci_cp_le_del_from_white_list cp; 706 707 cp.bdaddr_type = b->bdaddr_type; 708 bacpy(&cp.bdaddr, &b->bdaddr); 709 710 hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST, 711 sizeof(cp), &cp); 712 continue; 713 } 714 715 if (hci_find_irk_by_addr(hdev, &b->bdaddr, b->bdaddr_type)) { 716 /* White list can not be used with RPAs */ 717 return 0x00; 718 } 719 720 white_list_entries++; 721 } 722 723 /* Since all no longer valid white list entries have been 724 * removed, walk through the list of pending connections 725 * and ensure that any new device gets programmed into 726 * the controller. 727 * 728 * If the list of the devices is larger than the list of 729 * available white list entries in the controller, then 730 * just abort and return filer policy value to not use the 731 * white list. 732 */ 733 list_for_each_entry(params, &hdev->pend_le_conns, action) { 734 if (hci_bdaddr_list_lookup(&hdev->le_white_list, 735 ¶ms->addr, params->addr_type)) 736 continue; 737 738 if (white_list_entries >= hdev->le_white_list_size) { 739 /* Select filter policy to accept all advertising */ 740 return 0x00; 741 } 742 743 if (hci_find_irk_by_addr(hdev, ¶ms->addr, 744 params->addr_type)) { 745 /* White list can not be used with RPAs */ 746 return 0x00; 747 } 748 749 white_list_entries++; 750 add_to_white_list(req, params); 751 } 752 753 /* After adding all new pending connections, walk through 754 * the list of pending reports and also add these to the 755 * white list if there is still space. 756 */ 757 list_for_each_entry(params, &hdev->pend_le_reports, action) { 758 if (hci_bdaddr_list_lookup(&hdev->le_white_list, 759 ¶ms->addr, params->addr_type)) 760 continue; 761 762 if (white_list_entries >= hdev->le_white_list_size) { 763 /* Select filter policy to accept all advertising */ 764 return 0x00; 765 } 766 767 if (hci_find_irk_by_addr(hdev, ¶ms->addr, 768 params->addr_type)) { 769 /* White list can not be used with RPAs */ 770 return 0x00; 771 } 772 773 white_list_entries++; 774 add_to_white_list(req, params); 775 } 776 777 /* Select filter policy to use white list */ 778 return 0x01; 779 } 780 781 static bool scan_use_rpa(struct hci_dev *hdev) 782 { 783 return hci_dev_test_flag(hdev, HCI_PRIVACY); 784 } 785 786 void hci_req_add_le_passive_scan(struct hci_request *req) 787 { 788 struct hci_cp_le_set_scan_param param_cp; 789 struct hci_cp_le_set_scan_enable enable_cp; 790 struct hci_dev *hdev = req->hdev; 791 u8 own_addr_type; 792 u8 filter_policy; 793 794 /* Set require_privacy to false since no SCAN_REQ are send 795 * during passive scanning. Not using an non-resolvable address 796 * here is important so that peer devices using direct 797 * advertising with our address will be correctly reported 798 * by the controller. 799 */ 800 if (hci_update_random_address(req, false, scan_use_rpa(hdev), 801 &own_addr_type)) 802 return; 803 804 /* Adding or removing entries from the white list must 805 * happen before enabling scanning. The controller does 806 * not allow white list modification while scanning. 807 */ 808 filter_policy = update_white_list(req); 809 810 /* When the controller is using random resolvable addresses and 811 * with that having LE privacy enabled, then controllers with 812 * Extended Scanner Filter Policies support can now enable support 813 * for handling directed advertising. 814 * 815 * So instead of using filter polices 0x00 (no whitelist) 816 * and 0x01 (whitelist enabled) use the new filter policies 817 * 0x02 (no whitelist) and 0x03 (whitelist enabled). 818 */ 819 if (hci_dev_test_flag(hdev, HCI_PRIVACY) && 820 (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)) 821 filter_policy |= 0x02; 822 823 memset(¶m_cp, 0, sizeof(param_cp)); 824 param_cp.type = LE_SCAN_PASSIVE; 825 param_cp.interval = cpu_to_le16(hdev->le_scan_interval); 826 param_cp.window = cpu_to_le16(hdev->le_scan_window); 827 param_cp.own_address_type = own_addr_type; 828 param_cp.filter_policy = filter_policy; 829 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp), 830 ¶m_cp); 831 832 memset(&enable_cp, 0, sizeof(enable_cp)); 833 enable_cp.enable = LE_SCAN_ENABLE; 834 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE; 835 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp), 836 &enable_cp); 837 } 838 839 static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev) 840 { 841 u8 instance = hdev->cur_adv_instance; 842 struct adv_info *adv_instance; 843 844 /* Ignore instance 0 */ 845 if (instance == 0x00) 846 return 0; 847 848 adv_instance = hci_find_adv_instance(hdev, instance); 849 if (!adv_instance) 850 return 0; 851 852 /* TODO: Take into account the "appearance" and "local-name" flags here. 853 * These are currently being ignored as they are not supported. 854 */ 855 return adv_instance->scan_rsp_len; 856 } 857 858 void __hci_req_disable_advertising(struct hci_request *req) 859 { 860 u8 enable = 0x00; 861 862 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable); 863 } 864 865 static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance) 866 { 867 u32 flags; 868 struct adv_info *adv_instance; 869 870 if (instance == 0x00) { 871 /* Instance 0 always manages the "Tx Power" and "Flags" 872 * fields 873 */ 874 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS; 875 876 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting 877 * corresponds to the "connectable" instance flag. 878 */ 879 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) 880 flags |= MGMT_ADV_FLAG_CONNECTABLE; 881 882 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 883 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV; 884 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 885 flags |= MGMT_ADV_FLAG_DISCOV; 886 887 return flags; 888 } 889 890 adv_instance = hci_find_adv_instance(hdev, instance); 891 892 /* Return 0 when we got an invalid instance identifier. */ 893 if (!adv_instance) 894 return 0; 895 896 return adv_instance->flags; 897 } 898 899 static bool adv_use_rpa(struct hci_dev *hdev, uint32_t flags) 900 { 901 /* If privacy is not enabled don't use RPA */ 902 if (!hci_dev_test_flag(hdev, HCI_PRIVACY)) 903 return false; 904 905 /* If basic privacy mode is enabled use RPA */ 906 if (!hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) 907 return true; 908 909 /* If limited privacy mode is enabled don't use RPA if we're 910 * both discoverable and bondable. 911 */ 912 if ((flags & MGMT_ADV_FLAG_DISCOV) && 913 hci_dev_test_flag(hdev, HCI_BONDABLE)) 914 return false; 915 916 /* We're neither bondable nor discoverable in the limited 917 * privacy mode, therefore use RPA. 918 */ 919 return true; 920 } 921 922 static bool is_advertising_allowed(struct hci_dev *hdev, bool connectable) 923 { 924 /* If there is no connection we are OK to advertise. */ 925 if (hci_conn_num(hdev, LE_LINK) == 0) 926 return true; 927 928 /* Check le_states if there is any connection in slave role. */ 929 if (hdev->conn_hash.le_num_slave > 0) { 930 /* Slave connection state and non connectable mode bit 20. */ 931 if (!connectable && !(hdev->le_states[2] & 0x10)) 932 return false; 933 934 /* Slave connection state and connectable mode bit 38 935 * and scannable bit 21. 936 */ 937 if (connectable && (!(hdev->le_states[4] & 0x40) || 938 !(hdev->le_states[2] & 0x20))) 939 return false; 940 } 941 942 /* Check le_states if there is any connection in master role. */ 943 if (hci_conn_num(hdev, LE_LINK) != hdev->conn_hash.le_num_slave) { 944 /* Master connection state and non connectable mode bit 18. */ 945 if (!connectable && !(hdev->le_states[2] & 0x02)) 946 return false; 947 948 /* Master connection state and connectable mode bit 35 and 949 * scannable 19. 950 */ 951 if (connectable && (!(hdev->le_states[4] & 0x08) || 952 !(hdev->le_states[2] & 0x08))) 953 return false; 954 } 955 956 return true; 957 } 958 959 void __hci_req_enable_advertising(struct hci_request *req) 960 { 961 struct hci_dev *hdev = req->hdev; 962 struct hci_cp_le_set_adv_param cp; 963 u8 own_addr_type, enable = 0x01; 964 bool connectable; 965 u32 flags; 966 967 flags = get_adv_instance_flags(hdev, hdev->cur_adv_instance); 968 969 /* If the "connectable" instance flag was not set, then choose between 970 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting. 971 */ 972 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) || 973 mgmt_get_connectable(hdev); 974 975 if (!is_advertising_allowed(hdev, connectable)) 976 return; 977 978 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 979 __hci_req_disable_advertising(req); 980 981 /* Clear the HCI_LE_ADV bit temporarily so that the 982 * hci_update_random_address knows that it's safe to go ahead 983 * and write a new random address. The flag will be set back on 984 * as soon as the SET_ADV_ENABLE HCI command completes. 985 */ 986 hci_dev_clear_flag(hdev, HCI_LE_ADV); 987 988 /* Set require_privacy to true only when non-connectable 989 * advertising is used. In that case it is fine to use a 990 * non-resolvable private address. 991 */ 992 if (hci_update_random_address(req, !connectable, 993 adv_use_rpa(hdev, flags), 994 &own_addr_type) < 0) 995 return; 996 997 memset(&cp, 0, sizeof(cp)); 998 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval); 999 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval); 1000 1001 if (connectable) 1002 cp.type = LE_ADV_IND; 1003 else if (get_cur_adv_instance_scan_rsp_len(hdev)) 1004 cp.type = LE_ADV_SCAN_IND; 1005 else 1006 cp.type = LE_ADV_NONCONN_IND; 1007 1008 cp.own_address_type = own_addr_type; 1009 cp.channel_map = hdev->le_adv_channel_map; 1010 1011 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp); 1012 1013 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable); 1014 } 1015 1016 u8 append_local_name(struct hci_dev *hdev, u8 *ptr, u8 ad_len) 1017 { 1018 size_t short_len; 1019 size_t complete_len; 1020 1021 /* no space left for name (+ NULL + type + len) */ 1022 if ((HCI_MAX_AD_LENGTH - ad_len) < HCI_MAX_SHORT_NAME_LENGTH + 3) 1023 return ad_len; 1024 1025 /* use complete name if present and fits */ 1026 complete_len = strlen(hdev->dev_name); 1027 if (complete_len && complete_len <= HCI_MAX_SHORT_NAME_LENGTH) 1028 return eir_append_data(ptr, ad_len, EIR_NAME_COMPLETE, 1029 hdev->dev_name, complete_len + 1); 1030 1031 /* use short name if present */ 1032 short_len = strlen(hdev->short_name); 1033 if (short_len) 1034 return eir_append_data(ptr, ad_len, EIR_NAME_SHORT, 1035 hdev->short_name, short_len + 1); 1036 1037 /* use shortened full name if present, we already know that name 1038 * is longer then HCI_MAX_SHORT_NAME_LENGTH 1039 */ 1040 if (complete_len) { 1041 u8 name[HCI_MAX_SHORT_NAME_LENGTH + 1]; 1042 1043 memcpy(name, hdev->dev_name, HCI_MAX_SHORT_NAME_LENGTH); 1044 name[HCI_MAX_SHORT_NAME_LENGTH] = '\0'; 1045 1046 return eir_append_data(ptr, ad_len, EIR_NAME_SHORT, name, 1047 sizeof(name)); 1048 } 1049 1050 return ad_len; 1051 } 1052 1053 static u8 append_appearance(struct hci_dev *hdev, u8 *ptr, u8 ad_len) 1054 { 1055 return eir_append_le16(ptr, ad_len, EIR_APPEARANCE, hdev->appearance); 1056 } 1057 1058 static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr) 1059 { 1060 u8 scan_rsp_len = 0; 1061 1062 if (hdev->appearance) { 1063 scan_rsp_len = append_appearance(hdev, ptr, scan_rsp_len); 1064 } 1065 1066 return append_local_name(hdev, ptr, scan_rsp_len); 1067 } 1068 1069 static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance, 1070 u8 *ptr) 1071 { 1072 struct adv_info *adv_instance; 1073 u32 instance_flags; 1074 u8 scan_rsp_len = 0; 1075 1076 adv_instance = hci_find_adv_instance(hdev, instance); 1077 if (!adv_instance) 1078 return 0; 1079 1080 instance_flags = adv_instance->flags; 1081 1082 if ((instance_flags & MGMT_ADV_FLAG_APPEARANCE) && hdev->appearance) { 1083 scan_rsp_len = append_appearance(hdev, ptr, scan_rsp_len); 1084 } 1085 1086 memcpy(&ptr[scan_rsp_len], adv_instance->scan_rsp_data, 1087 adv_instance->scan_rsp_len); 1088 1089 scan_rsp_len += adv_instance->scan_rsp_len; 1090 1091 if (instance_flags & MGMT_ADV_FLAG_LOCAL_NAME) 1092 scan_rsp_len = append_local_name(hdev, ptr, scan_rsp_len); 1093 1094 return scan_rsp_len; 1095 } 1096 1097 void __hci_req_update_scan_rsp_data(struct hci_request *req, u8 instance) 1098 { 1099 struct hci_dev *hdev = req->hdev; 1100 struct hci_cp_le_set_scan_rsp_data cp; 1101 u8 len; 1102 1103 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1104 return; 1105 1106 memset(&cp, 0, sizeof(cp)); 1107 1108 if (instance) 1109 len = create_instance_scan_rsp_data(hdev, instance, cp.data); 1110 else 1111 len = create_default_scan_rsp_data(hdev, cp.data); 1112 1113 if (hdev->scan_rsp_data_len == len && 1114 !memcmp(cp.data, hdev->scan_rsp_data, len)) 1115 return; 1116 1117 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data)); 1118 hdev->scan_rsp_data_len = len; 1119 1120 cp.length = len; 1121 1122 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp); 1123 } 1124 1125 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr) 1126 { 1127 struct adv_info *adv_instance = NULL; 1128 u8 ad_len = 0, flags = 0; 1129 u32 instance_flags; 1130 1131 /* Return 0 when the current instance identifier is invalid. */ 1132 if (instance) { 1133 adv_instance = hci_find_adv_instance(hdev, instance); 1134 if (!adv_instance) 1135 return 0; 1136 } 1137 1138 instance_flags = get_adv_instance_flags(hdev, instance); 1139 1140 /* The Add Advertising command allows userspace to set both the general 1141 * and limited discoverable flags. 1142 */ 1143 if (instance_flags & MGMT_ADV_FLAG_DISCOV) 1144 flags |= LE_AD_GENERAL; 1145 1146 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV) 1147 flags |= LE_AD_LIMITED; 1148 1149 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1150 flags |= LE_AD_NO_BREDR; 1151 1152 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) { 1153 /* If a discovery flag wasn't provided, simply use the global 1154 * settings. 1155 */ 1156 if (!flags) 1157 flags |= mgmt_get_adv_discov_flags(hdev); 1158 1159 /* If flags would still be empty, then there is no need to 1160 * include the "Flags" AD field". 1161 */ 1162 if (flags) { 1163 ptr[0] = 0x02; 1164 ptr[1] = EIR_FLAGS; 1165 ptr[2] = flags; 1166 1167 ad_len += 3; 1168 ptr += 3; 1169 } 1170 } 1171 1172 if (adv_instance) { 1173 memcpy(ptr, adv_instance->adv_data, 1174 adv_instance->adv_data_len); 1175 ad_len += adv_instance->adv_data_len; 1176 ptr += adv_instance->adv_data_len; 1177 } 1178 1179 /* Provide Tx Power only if we can provide a valid value for it */ 1180 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID && 1181 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) { 1182 ptr[0] = 0x02; 1183 ptr[1] = EIR_TX_POWER; 1184 ptr[2] = (u8)hdev->adv_tx_power; 1185 1186 ad_len += 3; 1187 ptr += 3; 1188 } 1189 1190 return ad_len; 1191 } 1192 1193 void __hci_req_update_adv_data(struct hci_request *req, u8 instance) 1194 { 1195 struct hci_dev *hdev = req->hdev; 1196 struct hci_cp_le_set_adv_data cp; 1197 u8 len; 1198 1199 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1200 return; 1201 1202 memset(&cp, 0, sizeof(cp)); 1203 1204 len = create_instance_adv_data(hdev, instance, cp.data); 1205 1206 /* There's nothing to do if the data hasn't changed */ 1207 if (hdev->adv_data_len == len && 1208 memcmp(cp.data, hdev->adv_data, len) == 0) 1209 return; 1210 1211 memcpy(hdev->adv_data, cp.data, sizeof(cp.data)); 1212 hdev->adv_data_len = len; 1213 1214 cp.length = len; 1215 1216 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp); 1217 } 1218 1219 int hci_req_update_adv_data(struct hci_dev *hdev, u8 instance) 1220 { 1221 struct hci_request req; 1222 1223 hci_req_init(&req, hdev); 1224 __hci_req_update_adv_data(&req, instance); 1225 1226 return hci_req_run(&req, NULL); 1227 } 1228 1229 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1230 { 1231 BT_DBG("%s status %u", hdev->name, status); 1232 } 1233 1234 void hci_req_reenable_advertising(struct hci_dev *hdev) 1235 { 1236 struct hci_request req; 1237 1238 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) && 1239 list_empty(&hdev->adv_instances)) 1240 return; 1241 1242 hci_req_init(&req, hdev); 1243 1244 if (hdev->cur_adv_instance) { 1245 __hci_req_schedule_adv_instance(&req, hdev->cur_adv_instance, 1246 true); 1247 } else { 1248 __hci_req_update_adv_data(&req, 0x00); 1249 __hci_req_update_scan_rsp_data(&req, 0x00); 1250 __hci_req_enable_advertising(&req); 1251 } 1252 1253 hci_req_run(&req, adv_enable_complete); 1254 } 1255 1256 static void adv_timeout_expire(struct work_struct *work) 1257 { 1258 struct hci_dev *hdev = container_of(work, struct hci_dev, 1259 adv_instance_expire.work); 1260 1261 struct hci_request req; 1262 u8 instance; 1263 1264 BT_DBG("%s", hdev->name); 1265 1266 hci_dev_lock(hdev); 1267 1268 hdev->adv_instance_timeout = 0; 1269 1270 instance = hdev->cur_adv_instance; 1271 if (instance == 0x00) 1272 goto unlock; 1273 1274 hci_req_init(&req, hdev); 1275 1276 hci_req_clear_adv_instance(hdev, NULL, &req, instance, false); 1277 1278 if (list_empty(&hdev->adv_instances)) 1279 __hci_req_disable_advertising(&req); 1280 1281 hci_req_run(&req, NULL); 1282 1283 unlock: 1284 hci_dev_unlock(hdev); 1285 } 1286 1287 int __hci_req_schedule_adv_instance(struct hci_request *req, u8 instance, 1288 bool force) 1289 { 1290 struct hci_dev *hdev = req->hdev; 1291 struct adv_info *adv_instance = NULL; 1292 u16 timeout; 1293 1294 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 1295 list_empty(&hdev->adv_instances)) 1296 return -EPERM; 1297 1298 if (hdev->adv_instance_timeout) 1299 return -EBUSY; 1300 1301 adv_instance = hci_find_adv_instance(hdev, instance); 1302 if (!adv_instance) 1303 return -ENOENT; 1304 1305 /* A zero timeout means unlimited advertising. As long as there is 1306 * only one instance, duration should be ignored. We still set a timeout 1307 * in case further instances are being added later on. 1308 * 1309 * If the remaining lifetime of the instance is more than the duration 1310 * then the timeout corresponds to the duration, otherwise it will be 1311 * reduced to the remaining instance lifetime. 1312 */ 1313 if (adv_instance->timeout == 0 || 1314 adv_instance->duration <= adv_instance->remaining_time) 1315 timeout = adv_instance->duration; 1316 else 1317 timeout = adv_instance->remaining_time; 1318 1319 /* The remaining time is being reduced unless the instance is being 1320 * advertised without time limit. 1321 */ 1322 if (adv_instance->timeout) 1323 adv_instance->remaining_time = 1324 adv_instance->remaining_time - timeout; 1325 1326 hdev->adv_instance_timeout = timeout; 1327 queue_delayed_work(hdev->req_workqueue, 1328 &hdev->adv_instance_expire, 1329 msecs_to_jiffies(timeout * 1000)); 1330 1331 /* If we're just re-scheduling the same instance again then do not 1332 * execute any HCI commands. This happens when a single instance is 1333 * being advertised. 1334 */ 1335 if (!force && hdev->cur_adv_instance == instance && 1336 hci_dev_test_flag(hdev, HCI_LE_ADV)) 1337 return 0; 1338 1339 hdev->cur_adv_instance = instance; 1340 __hci_req_update_adv_data(req, instance); 1341 __hci_req_update_scan_rsp_data(req, instance); 1342 __hci_req_enable_advertising(req); 1343 1344 return 0; 1345 } 1346 1347 static void cancel_adv_timeout(struct hci_dev *hdev) 1348 { 1349 if (hdev->adv_instance_timeout) { 1350 hdev->adv_instance_timeout = 0; 1351 cancel_delayed_work(&hdev->adv_instance_expire); 1352 } 1353 } 1354 1355 /* For a single instance: 1356 * - force == true: The instance will be removed even when its remaining 1357 * lifetime is not zero. 1358 * - force == false: the instance will be deactivated but kept stored unless 1359 * the remaining lifetime is zero. 1360 * 1361 * For instance == 0x00: 1362 * - force == true: All instances will be removed regardless of their timeout 1363 * setting. 1364 * - force == false: Only instances that have a timeout will be removed. 1365 */ 1366 void hci_req_clear_adv_instance(struct hci_dev *hdev, struct sock *sk, 1367 struct hci_request *req, u8 instance, 1368 bool force) 1369 { 1370 struct adv_info *adv_instance, *n, *next_instance = NULL; 1371 int err; 1372 u8 rem_inst; 1373 1374 /* Cancel any timeout concerning the removed instance(s). */ 1375 if (!instance || hdev->cur_adv_instance == instance) 1376 cancel_adv_timeout(hdev); 1377 1378 /* Get the next instance to advertise BEFORE we remove 1379 * the current one. This can be the same instance again 1380 * if there is only one instance. 1381 */ 1382 if (instance && hdev->cur_adv_instance == instance) 1383 next_instance = hci_get_next_instance(hdev, instance); 1384 1385 if (instance == 0x00) { 1386 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, 1387 list) { 1388 if (!(force || adv_instance->timeout)) 1389 continue; 1390 1391 rem_inst = adv_instance->instance; 1392 err = hci_remove_adv_instance(hdev, rem_inst); 1393 if (!err) 1394 mgmt_advertising_removed(sk, hdev, rem_inst); 1395 } 1396 } else { 1397 adv_instance = hci_find_adv_instance(hdev, instance); 1398 1399 if (force || (adv_instance && adv_instance->timeout && 1400 !adv_instance->remaining_time)) { 1401 /* Don't advertise a removed instance. */ 1402 if (next_instance && 1403 next_instance->instance == instance) 1404 next_instance = NULL; 1405 1406 err = hci_remove_adv_instance(hdev, instance); 1407 if (!err) 1408 mgmt_advertising_removed(sk, hdev, instance); 1409 } 1410 } 1411 1412 if (!req || !hdev_is_powered(hdev) || 1413 hci_dev_test_flag(hdev, HCI_ADVERTISING)) 1414 return; 1415 1416 if (next_instance) 1417 __hci_req_schedule_adv_instance(req, next_instance->instance, 1418 false); 1419 } 1420 1421 static void set_random_addr(struct hci_request *req, bdaddr_t *rpa) 1422 { 1423 struct hci_dev *hdev = req->hdev; 1424 1425 /* If we're advertising or initiating an LE connection we can't 1426 * go ahead and change the random address at this time. This is 1427 * because the eventual initiator address used for the 1428 * subsequently created connection will be undefined (some 1429 * controllers use the new address and others the one we had 1430 * when the operation started). 1431 * 1432 * In this kind of scenario skip the update and let the random 1433 * address be updated at the next cycle. 1434 */ 1435 if (hci_dev_test_flag(hdev, HCI_LE_ADV) || 1436 hci_lookup_le_connect(hdev)) { 1437 BT_DBG("Deferring random address update"); 1438 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 1439 return; 1440 } 1441 1442 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa); 1443 } 1444 1445 int hci_update_random_address(struct hci_request *req, bool require_privacy, 1446 bool use_rpa, u8 *own_addr_type) 1447 { 1448 struct hci_dev *hdev = req->hdev; 1449 int err; 1450 1451 /* If privacy is enabled use a resolvable private address. If 1452 * current RPA has expired or there is something else than 1453 * the current RPA in use, then generate a new one. 1454 */ 1455 if (use_rpa) { 1456 int to; 1457 1458 *own_addr_type = ADDR_LE_DEV_RANDOM; 1459 1460 if (!hci_dev_test_and_clear_flag(hdev, HCI_RPA_EXPIRED) && 1461 !bacmp(&hdev->random_addr, &hdev->rpa)) 1462 return 0; 1463 1464 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa); 1465 if (err < 0) { 1466 bt_dev_err(hdev, "failed to generate new RPA"); 1467 return err; 1468 } 1469 1470 set_random_addr(req, &hdev->rpa); 1471 1472 to = msecs_to_jiffies(hdev->rpa_timeout * 1000); 1473 queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to); 1474 1475 return 0; 1476 } 1477 1478 /* In case of required privacy without resolvable private address, 1479 * use an non-resolvable private address. This is useful for active 1480 * scanning and non-connectable advertising. 1481 */ 1482 if (require_privacy) { 1483 bdaddr_t nrpa; 1484 1485 while (true) { 1486 /* The non-resolvable private address is generated 1487 * from random six bytes with the two most significant 1488 * bits cleared. 1489 */ 1490 get_random_bytes(&nrpa, 6); 1491 nrpa.b[5] &= 0x3f; 1492 1493 /* The non-resolvable private address shall not be 1494 * equal to the public address. 1495 */ 1496 if (bacmp(&hdev->bdaddr, &nrpa)) 1497 break; 1498 } 1499 1500 *own_addr_type = ADDR_LE_DEV_RANDOM; 1501 set_random_addr(req, &nrpa); 1502 return 0; 1503 } 1504 1505 /* If forcing static address is in use or there is no public 1506 * address use the static address as random address (but skip 1507 * the HCI command if the current random address is already the 1508 * static one. 1509 * 1510 * In case BR/EDR has been disabled on a dual-mode controller 1511 * and a static address has been configured, then use that 1512 * address instead of the public BR/EDR address. 1513 */ 1514 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 1515 !bacmp(&hdev->bdaddr, BDADDR_ANY) || 1516 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 1517 bacmp(&hdev->static_addr, BDADDR_ANY))) { 1518 *own_addr_type = ADDR_LE_DEV_RANDOM; 1519 if (bacmp(&hdev->static_addr, &hdev->random_addr)) 1520 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, 1521 &hdev->static_addr); 1522 return 0; 1523 } 1524 1525 /* Neither privacy nor static address is being used so use a 1526 * public address. 1527 */ 1528 *own_addr_type = ADDR_LE_DEV_PUBLIC; 1529 1530 return 0; 1531 } 1532 1533 static bool disconnected_whitelist_entries(struct hci_dev *hdev) 1534 { 1535 struct bdaddr_list *b; 1536 1537 list_for_each_entry(b, &hdev->whitelist, list) { 1538 struct hci_conn *conn; 1539 1540 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr); 1541 if (!conn) 1542 return true; 1543 1544 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG) 1545 return true; 1546 } 1547 1548 return false; 1549 } 1550 1551 void __hci_req_update_scan(struct hci_request *req) 1552 { 1553 struct hci_dev *hdev = req->hdev; 1554 u8 scan; 1555 1556 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1557 return; 1558 1559 if (!hdev_is_powered(hdev)) 1560 return; 1561 1562 if (mgmt_powering_down(hdev)) 1563 return; 1564 1565 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE) || 1566 disconnected_whitelist_entries(hdev)) 1567 scan = SCAN_PAGE; 1568 else 1569 scan = SCAN_DISABLED; 1570 1571 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 1572 scan |= SCAN_INQUIRY; 1573 1574 if (test_bit(HCI_PSCAN, &hdev->flags) == !!(scan & SCAN_PAGE) && 1575 test_bit(HCI_ISCAN, &hdev->flags) == !!(scan & SCAN_INQUIRY)) 1576 return; 1577 1578 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1579 } 1580 1581 static int update_scan(struct hci_request *req, unsigned long opt) 1582 { 1583 hci_dev_lock(req->hdev); 1584 __hci_req_update_scan(req); 1585 hci_dev_unlock(req->hdev); 1586 return 0; 1587 } 1588 1589 static void scan_update_work(struct work_struct *work) 1590 { 1591 struct hci_dev *hdev = container_of(work, struct hci_dev, scan_update); 1592 1593 hci_req_sync(hdev, update_scan, 0, HCI_CMD_TIMEOUT, NULL); 1594 } 1595 1596 static int connectable_update(struct hci_request *req, unsigned long opt) 1597 { 1598 struct hci_dev *hdev = req->hdev; 1599 1600 hci_dev_lock(hdev); 1601 1602 __hci_req_update_scan(req); 1603 1604 /* If BR/EDR is not enabled and we disable advertising as a 1605 * by-product of disabling connectable, we need to update the 1606 * advertising flags. 1607 */ 1608 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1609 __hci_req_update_adv_data(req, hdev->cur_adv_instance); 1610 1611 /* Update the advertising parameters if necessary */ 1612 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 1613 !list_empty(&hdev->adv_instances)) 1614 __hci_req_enable_advertising(req); 1615 1616 __hci_update_background_scan(req); 1617 1618 hci_dev_unlock(hdev); 1619 1620 return 0; 1621 } 1622 1623 static void connectable_update_work(struct work_struct *work) 1624 { 1625 struct hci_dev *hdev = container_of(work, struct hci_dev, 1626 connectable_update); 1627 u8 status; 1628 1629 hci_req_sync(hdev, connectable_update, 0, HCI_CMD_TIMEOUT, &status); 1630 mgmt_set_connectable_complete(hdev, status); 1631 } 1632 1633 static u8 get_service_classes(struct hci_dev *hdev) 1634 { 1635 struct bt_uuid *uuid; 1636 u8 val = 0; 1637 1638 list_for_each_entry(uuid, &hdev->uuids, list) 1639 val |= uuid->svc_hint; 1640 1641 return val; 1642 } 1643 1644 void __hci_req_update_class(struct hci_request *req) 1645 { 1646 struct hci_dev *hdev = req->hdev; 1647 u8 cod[3]; 1648 1649 BT_DBG("%s", hdev->name); 1650 1651 if (!hdev_is_powered(hdev)) 1652 return; 1653 1654 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1655 return; 1656 1657 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE)) 1658 return; 1659 1660 cod[0] = hdev->minor_class; 1661 cod[1] = hdev->major_class; 1662 cod[2] = get_service_classes(hdev); 1663 1664 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 1665 cod[1] |= 0x20; 1666 1667 if (memcmp(cod, hdev->dev_class, 3) == 0) 1668 return; 1669 1670 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); 1671 } 1672 1673 static void write_iac(struct hci_request *req) 1674 { 1675 struct hci_dev *hdev = req->hdev; 1676 struct hci_cp_write_current_iac_lap cp; 1677 1678 if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 1679 return; 1680 1681 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) { 1682 /* Limited discoverable mode */ 1683 cp.num_iac = min_t(u8, hdev->num_iac, 2); 1684 cp.iac_lap[0] = 0x00; /* LIAC */ 1685 cp.iac_lap[1] = 0x8b; 1686 cp.iac_lap[2] = 0x9e; 1687 cp.iac_lap[3] = 0x33; /* GIAC */ 1688 cp.iac_lap[4] = 0x8b; 1689 cp.iac_lap[5] = 0x9e; 1690 } else { 1691 /* General discoverable mode */ 1692 cp.num_iac = 1; 1693 cp.iac_lap[0] = 0x33; /* GIAC */ 1694 cp.iac_lap[1] = 0x8b; 1695 cp.iac_lap[2] = 0x9e; 1696 } 1697 1698 hci_req_add(req, HCI_OP_WRITE_CURRENT_IAC_LAP, 1699 (cp.num_iac * 3) + 1, &cp); 1700 } 1701 1702 static int discoverable_update(struct hci_request *req, unsigned long opt) 1703 { 1704 struct hci_dev *hdev = req->hdev; 1705 1706 hci_dev_lock(hdev); 1707 1708 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 1709 write_iac(req); 1710 __hci_req_update_scan(req); 1711 __hci_req_update_class(req); 1712 } 1713 1714 /* Advertising instances don't use the global discoverable setting, so 1715 * only update AD if advertising was enabled using Set Advertising. 1716 */ 1717 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 1718 __hci_req_update_adv_data(req, 0x00); 1719 1720 /* Discoverable mode affects the local advertising 1721 * address in limited privacy mode. 1722 */ 1723 if (hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) 1724 __hci_req_enable_advertising(req); 1725 } 1726 1727 hci_dev_unlock(hdev); 1728 1729 return 0; 1730 } 1731 1732 static void discoverable_update_work(struct work_struct *work) 1733 { 1734 struct hci_dev *hdev = container_of(work, struct hci_dev, 1735 discoverable_update); 1736 u8 status; 1737 1738 hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, &status); 1739 mgmt_set_discoverable_complete(hdev, status); 1740 } 1741 1742 void __hci_abort_conn(struct hci_request *req, struct hci_conn *conn, 1743 u8 reason) 1744 { 1745 switch (conn->state) { 1746 case BT_CONNECTED: 1747 case BT_CONFIG: 1748 if (conn->type == AMP_LINK) { 1749 struct hci_cp_disconn_phy_link cp; 1750 1751 cp.phy_handle = HCI_PHY_HANDLE(conn->handle); 1752 cp.reason = reason; 1753 hci_req_add(req, HCI_OP_DISCONN_PHY_LINK, sizeof(cp), 1754 &cp); 1755 } else { 1756 struct hci_cp_disconnect dc; 1757 1758 dc.handle = cpu_to_le16(conn->handle); 1759 dc.reason = reason; 1760 hci_req_add(req, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1761 } 1762 1763 conn->state = BT_DISCONN; 1764 1765 break; 1766 case BT_CONNECT: 1767 if (conn->type == LE_LINK) { 1768 if (test_bit(HCI_CONN_SCANNING, &conn->flags)) 1769 break; 1770 hci_req_add(req, HCI_OP_LE_CREATE_CONN_CANCEL, 1771 0, NULL); 1772 } else if (conn->type == ACL_LINK) { 1773 if (req->hdev->hci_ver < BLUETOOTH_VER_1_2) 1774 break; 1775 hci_req_add(req, HCI_OP_CREATE_CONN_CANCEL, 1776 6, &conn->dst); 1777 } 1778 break; 1779 case BT_CONNECT2: 1780 if (conn->type == ACL_LINK) { 1781 struct hci_cp_reject_conn_req rej; 1782 1783 bacpy(&rej.bdaddr, &conn->dst); 1784 rej.reason = reason; 1785 1786 hci_req_add(req, HCI_OP_REJECT_CONN_REQ, 1787 sizeof(rej), &rej); 1788 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) { 1789 struct hci_cp_reject_sync_conn_req rej; 1790 1791 bacpy(&rej.bdaddr, &conn->dst); 1792 1793 /* SCO rejection has its own limited set of 1794 * allowed error values (0x0D-0x0F) which isn't 1795 * compatible with most values passed to this 1796 * function. To be safe hard-code one of the 1797 * values that's suitable for SCO. 1798 */ 1799 rej.reason = HCI_ERROR_REJ_LIMITED_RESOURCES; 1800 1801 hci_req_add(req, HCI_OP_REJECT_SYNC_CONN_REQ, 1802 sizeof(rej), &rej); 1803 } 1804 break; 1805 default: 1806 conn->state = BT_CLOSED; 1807 break; 1808 } 1809 } 1810 1811 static void abort_conn_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1812 { 1813 if (status) 1814 BT_DBG("Failed to abort connection: status 0x%2.2x", status); 1815 } 1816 1817 int hci_abort_conn(struct hci_conn *conn, u8 reason) 1818 { 1819 struct hci_request req; 1820 int err; 1821 1822 hci_req_init(&req, conn->hdev); 1823 1824 __hci_abort_conn(&req, conn, reason); 1825 1826 err = hci_req_run(&req, abort_conn_complete); 1827 if (err && err != -ENODATA) { 1828 bt_dev_err(conn->hdev, "failed to run HCI request: err %d", err); 1829 return err; 1830 } 1831 1832 return 0; 1833 } 1834 1835 static int update_bg_scan(struct hci_request *req, unsigned long opt) 1836 { 1837 hci_dev_lock(req->hdev); 1838 __hci_update_background_scan(req); 1839 hci_dev_unlock(req->hdev); 1840 return 0; 1841 } 1842 1843 static void bg_scan_update(struct work_struct *work) 1844 { 1845 struct hci_dev *hdev = container_of(work, struct hci_dev, 1846 bg_scan_update); 1847 struct hci_conn *conn; 1848 u8 status; 1849 int err; 1850 1851 err = hci_req_sync(hdev, update_bg_scan, 0, HCI_CMD_TIMEOUT, &status); 1852 if (!err) 1853 return; 1854 1855 hci_dev_lock(hdev); 1856 1857 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT); 1858 if (conn) 1859 hci_le_conn_failed(conn, status); 1860 1861 hci_dev_unlock(hdev); 1862 } 1863 1864 static int le_scan_disable(struct hci_request *req, unsigned long opt) 1865 { 1866 hci_req_add_le_scan_disable(req); 1867 return 0; 1868 } 1869 1870 static int bredr_inquiry(struct hci_request *req, unsigned long opt) 1871 { 1872 u8 length = opt; 1873 const u8 giac[3] = { 0x33, 0x8b, 0x9e }; 1874 const u8 liac[3] = { 0x00, 0x8b, 0x9e }; 1875 struct hci_cp_inquiry cp; 1876 1877 BT_DBG("%s", req->hdev->name); 1878 1879 hci_dev_lock(req->hdev); 1880 hci_inquiry_cache_flush(req->hdev); 1881 hci_dev_unlock(req->hdev); 1882 1883 memset(&cp, 0, sizeof(cp)); 1884 1885 if (req->hdev->discovery.limited) 1886 memcpy(&cp.lap, liac, sizeof(cp.lap)); 1887 else 1888 memcpy(&cp.lap, giac, sizeof(cp.lap)); 1889 1890 cp.length = length; 1891 1892 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp); 1893 1894 return 0; 1895 } 1896 1897 static void le_scan_disable_work(struct work_struct *work) 1898 { 1899 struct hci_dev *hdev = container_of(work, struct hci_dev, 1900 le_scan_disable.work); 1901 u8 status; 1902 1903 BT_DBG("%s", hdev->name); 1904 1905 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 1906 return; 1907 1908 cancel_delayed_work(&hdev->le_scan_restart); 1909 1910 hci_req_sync(hdev, le_scan_disable, 0, HCI_CMD_TIMEOUT, &status); 1911 if (status) { 1912 bt_dev_err(hdev, "failed to disable LE scan: status 0x%02x", 1913 status); 1914 return; 1915 } 1916 1917 hdev->discovery.scan_start = 0; 1918 1919 /* If we were running LE only scan, change discovery state. If 1920 * we were running both LE and BR/EDR inquiry simultaneously, 1921 * and BR/EDR inquiry is already finished, stop discovery, 1922 * otherwise BR/EDR inquiry will stop discovery when finished. 1923 * If we will resolve remote device name, do not change 1924 * discovery state. 1925 */ 1926 1927 if (hdev->discovery.type == DISCOV_TYPE_LE) 1928 goto discov_stopped; 1929 1930 if (hdev->discovery.type != DISCOV_TYPE_INTERLEAVED) 1931 return; 1932 1933 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks)) { 1934 if (!test_bit(HCI_INQUIRY, &hdev->flags) && 1935 hdev->discovery.state != DISCOVERY_RESOLVING) 1936 goto discov_stopped; 1937 1938 return; 1939 } 1940 1941 hci_req_sync(hdev, bredr_inquiry, DISCOV_INTERLEAVED_INQUIRY_LEN, 1942 HCI_CMD_TIMEOUT, &status); 1943 if (status) { 1944 bt_dev_err(hdev, "inquiry failed: status 0x%02x", status); 1945 goto discov_stopped; 1946 } 1947 1948 return; 1949 1950 discov_stopped: 1951 hci_dev_lock(hdev); 1952 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 1953 hci_dev_unlock(hdev); 1954 } 1955 1956 static int le_scan_restart(struct hci_request *req, unsigned long opt) 1957 { 1958 struct hci_dev *hdev = req->hdev; 1959 struct hci_cp_le_set_scan_enable cp; 1960 1961 /* If controller is not scanning we are done. */ 1962 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 1963 return 0; 1964 1965 hci_req_add_le_scan_disable(req); 1966 1967 memset(&cp, 0, sizeof(cp)); 1968 cp.enable = LE_SCAN_ENABLE; 1969 cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE; 1970 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 1971 1972 return 0; 1973 } 1974 1975 static void le_scan_restart_work(struct work_struct *work) 1976 { 1977 struct hci_dev *hdev = container_of(work, struct hci_dev, 1978 le_scan_restart.work); 1979 unsigned long timeout, duration, scan_start, now; 1980 u8 status; 1981 1982 BT_DBG("%s", hdev->name); 1983 1984 hci_req_sync(hdev, le_scan_restart, 0, HCI_CMD_TIMEOUT, &status); 1985 if (status) { 1986 bt_dev_err(hdev, "failed to restart LE scan: status %d", 1987 status); 1988 return; 1989 } 1990 1991 hci_dev_lock(hdev); 1992 1993 if (!test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) || 1994 !hdev->discovery.scan_start) 1995 goto unlock; 1996 1997 /* When the scan was started, hdev->le_scan_disable has been queued 1998 * after duration from scan_start. During scan restart this job 1999 * has been canceled, and we need to queue it again after proper 2000 * timeout, to make sure that scan does not run indefinitely. 2001 */ 2002 duration = hdev->discovery.scan_duration; 2003 scan_start = hdev->discovery.scan_start; 2004 now = jiffies; 2005 if (now - scan_start <= duration) { 2006 int elapsed; 2007 2008 if (now >= scan_start) 2009 elapsed = now - scan_start; 2010 else 2011 elapsed = ULONG_MAX - scan_start + now; 2012 2013 timeout = duration - elapsed; 2014 } else { 2015 timeout = 0; 2016 } 2017 2018 queue_delayed_work(hdev->req_workqueue, 2019 &hdev->le_scan_disable, timeout); 2020 2021 unlock: 2022 hci_dev_unlock(hdev); 2023 } 2024 2025 static int active_scan(struct hci_request *req, unsigned long opt) 2026 { 2027 uint16_t interval = opt; 2028 struct hci_dev *hdev = req->hdev; 2029 struct hci_cp_le_set_scan_param param_cp; 2030 struct hci_cp_le_set_scan_enable enable_cp; 2031 u8 own_addr_type; 2032 int err; 2033 2034 BT_DBG("%s", hdev->name); 2035 2036 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) { 2037 hci_dev_lock(hdev); 2038 2039 /* Don't let discovery abort an outgoing connection attempt 2040 * that's using directed advertising. 2041 */ 2042 if (hci_lookup_le_connect(hdev)) { 2043 hci_dev_unlock(hdev); 2044 return -EBUSY; 2045 } 2046 2047 cancel_adv_timeout(hdev); 2048 hci_dev_unlock(hdev); 2049 2050 __hci_req_disable_advertising(req); 2051 } 2052 2053 /* If controller is scanning, it means the background scanning is 2054 * running. Thus, we should temporarily stop it in order to set the 2055 * discovery scanning parameters. 2056 */ 2057 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) 2058 hci_req_add_le_scan_disable(req); 2059 2060 /* All active scans will be done with either a resolvable private 2061 * address (when privacy feature has been enabled) or non-resolvable 2062 * private address. 2063 */ 2064 err = hci_update_random_address(req, true, scan_use_rpa(hdev), 2065 &own_addr_type); 2066 if (err < 0) 2067 own_addr_type = ADDR_LE_DEV_PUBLIC; 2068 2069 memset(¶m_cp, 0, sizeof(param_cp)); 2070 param_cp.type = LE_SCAN_ACTIVE; 2071 param_cp.interval = cpu_to_le16(interval); 2072 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN); 2073 param_cp.own_address_type = own_addr_type; 2074 2075 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp), 2076 ¶m_cp); 2077 2078 memset(&enable_cp, 0, sizeof(enable_cp)); 2079 enable_cp.enable = LE_SCAN_ENABLE; 2080 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE; 2081 2082 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp), 2083 &enable_cp); 2084 2085 return 0; 2086 } 2087 2088 static int interleaved_discov(struct hci_request *req, unsigned long opt) 2089 { 2090 int err; 2091 2092 BT_DBG("%s", req->hdev->name); 2093 2094 err = active_scan(req, opt); 2095 if (err) 2096 return err; 2097 2098 return bredr_inquiry(req, DISCOV_BREDR_INQUIRY_LEN); 2099 } 2100 2101 static void start_discovery(struct hci_dev *hdev, u8 *status) 2102 { 2103 unsigned long timeout; 2104 2105 BT_DBG("%s type %u", hdev->name, hdev->discovery.type); 2106 2107 switch (hdev->discovery.type) { 2108 case DISCOV_TYPE_BREDR: 2109 if (!hci_dev_test_flag(hdev, HCI_INQUIRY)) 2110 hci_req_sync(hdev, bredr_inquiry, 2111 DISCOV_BREDR_INQUIRY_LEN, HCI_CMD_TIMEOUT, 2112 status); 2113 return; 2114 case DISCOV_TYPE_INTERLEAVED: 2115 /* When running simultaneous discovery, the LE scanning time 2116 * should occupy the whole discovery time sine BR/EDR inquiry 2117 * and LE scanning are scheduled by the controller. 2118 * 2119 * For interleaving discovery in comparison, BR/EDR inquiry 2120 * and LE scanning are done sequentially with separate 2121 * timeouts. 2122 */ 2123 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, 2124 &hdev->quirks)) { 2125 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT); 2126 /* During simultaneous discovery, we double LE scan 2127 * interval. We must leave some time for the controller 2128 * to do BR/EDR inquiry. 2129 */ 2130 hci_req_sync(hdev, interleaved_discov, 2131 DISCOV_LE_SCAN_INT * 2, HCI_CMD_TIMEOUT, 2132 status); 2133 break; 2134 } 2135 2136 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout); 2137 hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT, 2138 HCI_CMD_TIMEOUT, status); 2139 break; 2140 case DISCOV_TYPE_LE: 2141 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT); 2142 hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT, 2143 HCI_CMD_TIMEOUT, status); 2144 break; 2145 default: 2146 *status = HCI_ERROR_UNSPECIFIED; 2147 return; 2148 } 2149 2150 if (*status) 2151 return; 2152 2153 BT_DBG("%s timeout %u ms", hdev->name, jiffies_to_msecs(timeout)); 2154 2155 /* When service discovery is used and the controller has a 2156 * strict duplicate filter, it is important to remember the 2157 * start and duration of the scan. This is required for 2158 * restarting scanning during the discovery phase. 2159 */ 2160 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) && 2161 hdev->discovery.result_filtering) { 2162 hdev->discovery.scan_start = jiffies; 2163 hdev->discovery.scan_duration = timeout; 2164 } 2165 2166 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_disable, 2167 timeout); 2168 } 2169 2170 bool hci_req_stop_discovery(struct hci_request *req) 2171 { 2172 struct hci_dev *hdev = req->hdev; 2173 struct discovery_state *d = &hdev->discovery; 2174 struct hci_cp_remote_name_req_cancel cp; 2175 struct inquiry_entry *e; 2176 bool ret = false; 2177 2178 BT_DBG("%s state %u", hdev->name, hdev->discovery.state); 2179 2180 if (d->state == DISCOVERY_FINDING || d->state == DISCOVERY_STOPPING) { 2181 if (test_bit(HCI_INQUIRY, &hdev->flags)) 2182 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL); 2183 2184 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) { 2185 cancel_delayed_work(&hdev->le_scan_disable); 2186 hci_req_add_le_scan_disable(req); 2187 } 2188 2189 ret = true; 2190 } else { 2191 /* Passive scanning */ 2192 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) { 2193 hci_req_add_le_scan_disable(req); 2194 ret = true; 2195 } 2196 } 2197 2198 /* No further actions needed for LE-only discovery */ 2199 if (d->type == DISCOV_TYPE_LE) 2200 return ret; 2201 2202 if (d->state == DISCOVERY_RESOLVING || d->state == DISCOVERY_STOPPING) { 2203 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, 2204 NAME_PENDING); 2205 if (!e) 2206 return ret; 2207 2208 bacpy(&cp.bdaddr, &e->data.bdaddr); 2209 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp), 2210 &cp); 2211 ret = true; 2212 } 2213 2214 return ret; 2215 } 2216 2217 static int stop_discovery(struct hci_request *req, unsigned long opt) 2218 { 2219 hci_dev_lock(req->hdev); 2220 hci_req_stop_discovery(req); 2221 hci_dev_unlock(req->hdev); 2222 2223 return 0; 2224 } 2225 2226 static void discov_update(struct work_struct *work) 2227 { 2228 struct hci_dev *hdev = container_of(work, struct hci_dev, 2229 discov_update); 2230 u8 status = 0; 2231 2232 switch (hdev->discovery.state) { 2233 case DISCOVERY_STARTING: 2234 start_discovery(hdev, &status); 2235 mgmt_start_discovery_complete(hdev, status); 2236 if (status) 2237 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 2238 else 2239 hci_discovery_set_state(hdev, DISCOVERY_FINDING); 2240 break; 2241 case DISCOVERY_STOPPING: 2242 hci_req_sync(hdev, stop_discovery, 0, HCI_CMD_TIMEOUT, &status); 2243 mgmt_stop_discovery_complete(hdev, status); 2244 if (!status) 2245 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 2246 break; 2247 case DISCOVERY_STOPPED: 2248 default: 2249 return; 2250 } 2251 } 2252 2253 static void discov_off(struct work_struct *work) 2254 { 2255 struct hci_dev *hdev = container_of(work, struct hci_dev, 2256 discov_off.work); 2257 2258 BT_DBG("%s", hdev->name); 2259 2260 hci_dev_lock(hdev); 2261 2262 /* When discoverable timeout triggers, then just make sure 2263 * the limited discoverable flag is cleared. Even in the case 2264 * of a timeout triggered from general discoverable, it is 2265 * safe to unconditionally clear the flag. 2266 */ 2267 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 2268 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 2269 hdev->discov_timeout = 0; 2270 2271 hci_dev_unlock(hdev); 2272 2273 hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, NULL); 2274 mgmt_new_settings(hdev); 2275 } 2276 2277 static int powered_update_hci(struct hci_request *req, unsigned long opt) 2278 { 2279 struct hci_dev *hdev = req->hdev; 2280 u8 link_sec; 2281 2282 hci_dev_lock(hdev); 2283 2284 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) && 2285 !lmp_host_ssp_capable(hdev)) { 2286 u8 mode = 0x01; 2287 2288 hci_req_add(req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode); 2289 2290 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) { 2291 u8 support = 0x01; 2292 2293 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT, 2294 sizeof(support), &support); 2295 } 2296 } 2297 2298 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 2299 lmp_bredr_capable(hdev)) { 2300 struct hci_cp_write_le_host_supported cp; 2301 2302 cp.le = 0x01; 2303 cp.simul = 0x00; 2304 2305 /* Check first if we already have the right 2306 * host state (host features set) 2307 */ 2308 if (cp.le != lmp_host_le_capable(hdev) || 2309 cp.simul != lmp_host_le_br_capable(hdev)) 2310 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, 2311 sizeof(cp), &cp); 2312 } 2313 2314 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 2315 /* Make sure the controller has a good default for 2316 * advertising data. This also applies to the case 2317 * where BR/EDR was toggled during the AUTO_OFF phase. 2318 */ 2319 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 2320 list_empty(&hdev->adv_instances)) { 2321 __hci_req_update_adv_data(req, 0x00); 2322 __hci_req_update_scan_rsp_data(req, 0x00); 2323 2324 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 2325 __hci_req_enable_advertising(req); 2326 } else if (!list_empty(&hdev->adv_instances)) { 2327 struct adv_info *adv_instance; 2328 2329 adv_instance = list_first_entry(&hdev->adv_instances, 2330 struct adv_info, list); 2331 __hci_req_schedule_adv_instance(req, 2332 adv_instance->instance, 2333 true); 2334 } 2335 } 2336 2337 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY); 2338 if (link_sec != test_bit(HCI_AUTH, &hdev->flags)) 2339 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 2340 sizeof(link_sec), &link_sec); 2341 2342 if (lmp_bredr_capable(hdev)) { 2343 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) 2344 __hci_req_write_fast_connectable(req, true); 2345 else 2346 __hci_req_write_fast_connectable(req, false); 2347 __hci_req_update_scan(req); 2348 __hci_req_update_class(req); 2349 __hci_req_update_name(req); 2350 __hci_req_update_eir(req); 2351 } 2352 2353 hci_dev_unlock(hdev); 2354 return 0; 2355 } 2356 2357 int __hci_req_hci_power_on(struct hci_dev *hdev) 2358 { 2359 /* Register the available SMP channels (BR/EDR and LE) only when 2360 * successfully powering on the controller. This late 2361 * registration is required so that LE SMP can clearly decide if 2362 * the public address or static address is used. 2363 */ 2364 smp_register(hdev); 2365 2366 return __hci_req_sync(hdev, powered_update_hci, 0, HCI_CMD_TIMEOUT, 2367 NULL); 2368 } 2369 2370 void hci_request_setup(struct hci_dev *hdev) 2371 { 2372 INIT_WORK(&hdev->discov_update, discov_update); 2373 INIT_WORK(&hdev->bg_scan_update, bg_scan_update); 2374 INIT_WORK(&hdev->scan_update, scan_update_work); 2375 INIT_WORK(&hdev->connectable_update, connectable_update_work); 2376 INIT_WORK(&hdev->discoverable_update, discoverable_update_work); 2377 INIT_DELAYED_WORK(&hdev->discov_off, discov_off); 2378 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work); 2379 INIT_DELAYED_WORK(&hdev->le_scan_restart, le_scan_restart_work); 2380 INIT_DELAYED_WORK(&hdev->adv_instance_expire, adv_timeout_expire); 2381 } 2382 2383 void hci_request_cancel_all(struct hci_dev *hdev) 2384 { 2385 hci_req_sync_cancel(hdev, ENODEV); 2386 2387 cancel_work_sync(&hdev->discov_update); 2388 cancel_work_sync(&hdev->bg_scan_update); 2389 cancel_work_sync(&hdev->scan_update); 2390 cancel_work_sync(&hdev->connectable_update); 2391 cancel_work_sync(&hdev->discoverable_update); 2392 cancel_delayed_work_sync(&hdev->discov_off); 2393 cancel_delayed_work_sync(&hdev->le_scan_disable); 2394 cancel_delayed_work_sync(&hdev->le_scan_restart); 2395 2396 if (hdev->adv_instance_timeout) { 2397 cancel_delayed_work_sync(&hdev->adv_instance_expire); 2398 hdev->adv_instance_timeout = 0; 2399 } 2400 } 2401