projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'v6.6-p5' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
[linux-block.git] / net / bluetooth / hci_request.c
CommitLineData
0857dd3b
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2014 Intel Corporation
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
174cd4b1
IM		 24#include <linux/sched/signal.h>
25
0857dd3b
JH		 26#include <net/bluetooth/bluetooth.h>
27#include <net/bluetooth/hci_core.h>
f2252570 28#include <net/bluetooth/mgmt.h>
0857dd3b
JH		 29
30#include "smp.h"
31#include "hci_request.h"
bf6a4e30 32#include "msft.h"
01ce70b0 33#include "eir.h"
0857dd3b
JH		 34
35void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
36{
37 skb_queue_head_init(&req->cmd_q);
38 req->hdev = hdev;
39 req->err = 0;
40}
41
f17d858e
JK		 42void hci_req_purge(struct hci_request *req)
43{
44 skb_queue_purge(&req->cmd_q);
45}
46
f80c5dad
JPRV		 47bool hci_req_status_pend(struct hci_dev *hdev)
48{
49 return hdev->req_status == HCI_REQ_PEND;
50}
51
e6214487
JH		 52static int req_run(struct hci_request *req, hci_req_complete_t complete,
53 hci_req_complete_skb_t complete_skb)
0857dd3b
JH		 54{
55 struct hci_dev *hdev = req->hdev;
56 struct sk_buff *skb;
57 unsigned long flags;
58
22fbcfc5 59 bt_dev_dbg(hdev, "length %u", skb_queue_len(&req->cmd_q));
0857dd3b
JH		 60
61 /* If an error occurred during request building, remove all HCI
62 * commands queued on the HCI request queue.
63 */
64 if (req->err) {
65 skb_queue_purge(&req->cmd_q);
66 return req->err;
67 }
68
69 /* Do not allow empty requests */
70 if (skb_queue_empty(&req->cmd_q))
71 return -ENODATA;
72
73 skb = skb_peek_tail(&req->cmd_q);
44d27137
JH		 74 if (complete) {
75 bt_cb(skb)->hci.req_complete = complete;
76 } else if (complete_skb) {
77 bt_cb(skb)->hci.req_complete_skb = complete_skb;
78 bt_cb(skb)->hci.req_flags |= HCI_REQ_SKB;
79 }
0857dd3b
JH		 80
81 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
82 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
83 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
84
85 queue_work(hdev->workqueue, &hdev->cmd_work);
86
87 return 0;
88}
89
e6214487
JH		 90int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
91{
92 return req_run(req, complete, NULL);
93}
94
95int hci_req_run_skb(struct hci_request *req, hci_req_complete_skb_t complete)
96{
97 return req_run(req, NULL, complete);
98}
99
161510cc
LAD		 100void hci_req_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode,
101 struct sk_buff *skb)
be91cd05 102{
22fbcfc5 103 bt_dev_dbg(hdev, "result 0x%2.2x", result);
be91cd05
JH		 104
105 if (hdev->req_status == HCI_REQ_PEND) {
106 hdev->req_result = result;
107 hdev->req_status = HCI_REQ_DONE;
108 if (skb)
109 hdev->req_skb = skb_get(skb);
110 wake_up_interruptible(&hdev->req_wait_q);
111 }
112}
113
be91cd05 114/* Execute request and wait for completion. */
a1d01db1
JH		 115int __hci_req_sync(struct hci_dev *hdev, int (*func)(struct hci_request *req,
116 unsigned long opt),
4ebeee2d 117 unsigned long opt, u32 timeout, u8 *hci_status)
be91cd05
JH		 118{
119 struct hci_request req;
be91cd05
JH		 120 int err = 0;
121
22fbcfc5 122 bt_dev_dbg(hdev, "start");
be91cd05
JH		 123
124 hci_req_init(&req, hdev);
125
126 hdev->req_status = HCI_REQ_PEND;
127
a1d01db1
JH		 128 err = func(&req, opt);
129 if (err) {
130 if (hci_status)
131 *hci_status = HCI_ERROR_UNSPECIFIED;
132 return err;
133 }
be91cd05 134
be91cd05
JH		 135 err = hci_req_run_skb(&req, hci_req_sync_complete);
136 if (err < 0) {
137 hdev->req_status = 0;
138
be91cd05
JH		 139 /* ENODATA means the HCI request command queue is empty.
140 * This can happen when a request with conditionals doesn't
141 * trigger any commands to be sent. This is normal behavior
142 * and should not trigger an error return.
143 */
568f44f6
JH		 144 if (err == -ENODATA) {
145 if (hci_status)
146 *hci_status = 0;
be91cd05 147 return 0;
568f44f6
JH		 148 }
149
150 if (hci_status)
151 *hci_status = HCI_ERROR_UNSPECIFIED;
be91cd05
JH		 152
153 return err;
154 }
155
67d8cee4
JK		 156 err = wait_event_interruptible_timeout(hdev->req_wait_q,
157 hdev->req_status != HCI_REQ_PEND, timeout);
be91cd05 158
67d8cee4 159 if (err == -ERESTARTSYS)
be91cd05
JH		 160 return -EINTR;
161
162 switch (hdev->req_status) {
163 case HCI_REQ_DONE:
164 err = -bt_to_errno(hdev->req_result);
4ebeee2d
JH		 165 if (hci_status)
166 *hci_status = hdev->req_result;
be91cd05
JH		 167 break;
168
169 case HCI_REQ_CANCELED:
170 err = -hdev->req_result;
4ebeee2d
JH		 171 if (hci_status)
172 *hci_status = HCI_ERROR_UNSPECIFIED;
be91cd05
JH		 173 break;
174
175 default:
176 err = -ETIMEDOUT;
4ebeee2d
JH		 177 if (hci_status)
178 *hci_status = HCI_ERROR_UNSPECIFIED;
be91cd05
JH		 179 break;
180 }
181
9afee949
FD		 182 kfree_skb(hdev->req_skb);
183 hdev->req_skb = NULL;
be91cd05
JH		 184 hdev->req_status = hdev->req_result = 0;
185
22fbcfc5 186 bt_dev_dbg(hdev, "end: err %d", err);
be91cd05
JH		 187
188 return err;
189}
190
a1d01db1
JH		 191int hci_req_sync(struct hci_dev *hdev, int (*req)(struct hci_request *req,
192 unsigned long opt),
4ebeee2d 193 unsigned long opt, u32 timeout, u8 *hci_status)
be91cd05
JH		 194{
195 int ret;
196
be91cd05 197 /* Serialize all requests */
b504430c 198 hci_req_sync_lock(hdev);
e2cb6b89
LM		 199 /* check the state after obtaing the lock to protect the HCI_UP
200 * against any races from hci_dev_do_close when the controller
201 * gets removed.
202 */
203 if (test_bit(HCI_UP, &hdev->flags))
204 ret = __hci_req_sync(hdev, req, opt, timeout, hci_status);
205 else
206 ret = -ENETDOWN;
b504430c 207 hci_req_sync_unlock(hdev);
be91cd05
JH		 208
209 return ret;
210}
211
0857dd3b
JH		 212struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode, u32 plen,
213 const void *param)
214{
215 int len = HCI_COMMAND_HDR_SIZE + plen;
216 struct hci_command_hdr *hdr;
217 struct sk_buff *skb;
218
219 skb = bt_skb_alloc(len, GFP_ATOMIC);
220 if (!skb)
221 return NULL;
222
4df864c1 223 hdr = skb_put(skb, HCI_COMMAND_HDR_SIZE);
0857dd3b
JH		 224 hdr->opcode = cpu_to_le16(opcode);
225 hdr->plen = plen;
226
227 if (plen)
59ae1d12 228 skb_put_data(skb, param, plen);
0857dd3b 229
22fbcfc5 230 bt_dev_dbg(hdev, "skb len %d", skb->len);
0857dd3b 231
d79f34e3
MH		 232 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
233 hci_skb_opcode(skb) = opcode;
0857dd3b
JH		 234
235 return skb;
236}
237
238/* Queue a command to an asynchronous HCI request */
239void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
240 const void *param, u8 event)
241{
242 struct hci_dev *hdev = req->hdev;
243 struct sk_buff *skb;
244
22fbcfc5 245 bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen);
0857dd3b
JH		 246
247 /* If an error occurred during request building, there is no point in
248 * queueing the HCI command. We can simply return.
249 */
250 if (req->err)
251 return;
252
253 skb = hci_prepare_cmd(hdev, opcode, plen, param);
254 if (!skb) {
2064ee33
MH		 255 bt_dev_err(hdev, "no memory for command (opcode 0x%4.4x)",
256 opcode);
0857dd3b
JH		 257 req->err = -ENOMEM;
258 return;
259 }
260
261 if (skb_queue_empty(&req->cmd_q))
44d27137 262 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
0857dd3b 263
edcb185f 264 hci_skb_event(skb) = event;
0857dd3b
JH		 265
266 skb_queue_tail(&req->cmd_q, skb);
267}
268
269void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
270 const void *param)
271{
696bd362 272 bt_dev_dbg(req->hdev, "HCI_REQ-0x%4.4x", opcode);
0857dd3b
JH		 273 hci_req_add_ev(req, opcode, plen, param, 0);
274}
275
c4f1f408
HC		 276static void start_interleave_scan(struct hci_dev *hdev)
277{
278 hdev->interleave_scan_state = INTERLEAVE_SCAN_NO_FILTER;
279 queue_delayed_work(hdev->req_workqueue,
280 &hdev->interleave_scan, 0);
281}
282
283static bool is_interleave_scanning(struct hci_dev *hdev)
284{
285 return hdev->interleave_scan_state != INTERLEAVE_SCAN_NONE;
286}
287
288static void cancel_interleave_scan(struct hci_dev *hdev)
289{
290 bt_dev_dbg(hdev, "cancelling interleave scan");
291
292 cancel_delayed_work_sync(&hdev->interleave_scan);
293
294 hdev->interleave_scan_state = INTERLEAVE_SCAN_NONE;
295}
296
297/* Return true if interleave_scan wasn't started until exiting this function,
298 * otherwise, return false
299 */
300static bool __hci_update_interleaved_scan(struct hci_dev *hdev)
301{
58ceb1e6
AP		 302 /* Do interleaved scan only if all of the following are true:
303 * - There is at least one ADV monitor
304 * - At least one pending LE connection or one device to be scanned for
305 * - Monitor offloading is not supported
306 * If so, we should alternate between allowlist scan and one without
307 * any filters to save power.
c4f1f408
HC		 308 */
309 bool use_interleaving = hci_is_adv_monitoring(hdev) &&
310 !(list_empty(&hdev->pend_le_conns) &&
58ceb1e6
AP		 311 list_empty(&hdev->pend_le_reports)) &&
312 hci_get_adv_monitor_offload_ext(hdev) ==
313 HCI_ADV_MONITOR_EXT_NONE;
c4f1f408
HC		 314 bool is_interleaving = is_interleave_scanning(hdev);
315
316 if (use_interleaving && !is_interleaving) {
317 start_interleave_scan(hdev);
318 bt_dev_dbg(hdev, "starting interleave scan");
319 return true;
320 }
321
322 if (!use_interleaving && is_interleaving)
323 cancel_interleave_scan(hdev);
324
325 return false;
326}
327
5c49bcce 328void hci_req_add_le_scan_disable(struct hci_request *req, bool rpa_le_conn)
0857dd3b 329{
a2344b9e 330 struct hci_dev *hdev = req->hdev;
0857dd3b 331
dd522a74
APS		 332 if (hdev->scanning_paused) {
333 bt_dev_dbg(hdev, "Scanning is paused for suspend");
334 return;
335 }
336
a2344b9e
JK		 337 if (use_ext_scan(hdev)) {
338 struct hci_cp_le_set_ext_scan_enable cp;
339
340 memset(&cp, 0, sizeof(cp));
341 cp.enable = LE_SCAN_DISABLE;
342 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE, sizeof(cp),
343 &cp);
344 } else {
345 struct hci_cp_le_set_scan_enable cp;
346
347 memset(&cp, 0, sizeof(cp));
348 cp.enable = LE_SCAN_DISABLE;
349 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
350 }
e1d57235 351
5c49bcce 352 /* Disable address resolution */
ad383c2c 353 if (hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION) && !rpa_le_conn) {
e1d57235 354 __u8 enable = 0x00;
cbbdfa6f 355
e1d57235
MH		 356 hci_req_add(req, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE, 1, &enable);
357 }
0857dd3b
JH		 358}
359
3d4f9c00
AP		 360static void del_from_accept_list(struct hci_request *req, bdaddr_t *bdaddr,
361 u8 bdaddr_type)
dd522a74 362{
3d4f9c00 363 struct hci_cp_le_del_from_accept_list cp;
dd522a74
APS		 364
365 cp.bdaddr_type = bdaddr_type;
366 bacpy(&cp.bdaddr, bdaddr);
367
3d4f9c00 368 bt_dev_dbg(req->hdev, "Remove %pMR (0x%x) from accept list", &cp.bdaddr,
dd522a74 369 cp.bdaddr_type);
3d4f9c00 370 hci_req_add(req, HCI_OP_LE_DEL_FROM_ACCEPT_LIST, sizeof(cp), &cp);
0eee35bd 371
ad383c2c 372 if (use_ll_privacy(req->hdev)) {
0eee35bd
MH		 373 struct smp_irk *irk;
374
375 irk = hci_find_irk_by_addr(req->hdev, bdaddr, bdaddr_type);
376 if (irk) {
377 struct hci_cp_le_del_from_resolv_list cp;
378
379 cp.bdaddr_type = bdaddr_type;
380 bacpy(&cp.bdaddr, bdaddr);
381
382 hci_req_add(req, HCI_OP_LE_DEL_FROM_RESOLV_LIST,
383 sizeof(cp), &cp);
384 }
385 }
dd522a74
APS		 386}
387
3d4f9c00
AP		 388/* Adds connection to accept list if needed. On error, returns -1. */
389static int add_to_accept_list(struct hci_request *req,
390 struct hci_conn_params *params, u8 *num_entries,
391 bool allow_rpa)
0857dd3b 392{
3d4f9c00 393 struct hci_cp_le_add_to_accept_list cp;
dd522a74
APS		 394 struct hci_dev *hdev = req->hdev;
395
3d4f9c00
AP		 396 /* Already in accept list */
397 if (hci_bdaddr_list_lookup(&hdev->le_accept_list, &params->addr,
dd522a74
APS		 398 params->addr_type))
399 return 0;
0857dd3b 400
dd522a74 401 /* Select filter policy to accept all advertising */
3d4f9c00 402 if (*num_entries >= hdev->le_accept_list_size)
dd522a74
APS		 403 return -1;
404
3d4f9c00 405 /* Accept list can not be used with RPAs */
1fb17dfc
SN		 406 if (!allow_rpa &&
407 !hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) &&
dd522a74
APS		 408 hci_find_irk_by_addr(hdev, &params->addr, params->addr_type)) {
409 return -1;
410 }
411
3d4f9c00 412 /* During suspend, only wakeable devices can be in accept list */
fe92ee64 413 if (hdev->suspended &&
e1cff700 414 !(params->flags & HCI_CONN_FLAG_REMOTE_WAKEUP))
dd522a74
APS		 415 return 0;
416
417 *num_entries += 1;
0857dd3b
JH		 418 cp.bdaddr_type = params->addr_type;
419 bacpy(&cp.bdaddr, &params->addr);
420
3d4f9c00 421 bt_dev_dbg(hdev, "Add %pMR (0x%x) to accept list", &cp.bdaddr,
dd522a74 422 cp.bdaddr_type);
3d4f9c00 423 hci_req_add(req, HCI_OP_LE_ADD_TO_ACCEPT_LIST, sizeof(cp), &cp);
dd522a74 424
ad383c2c 425 if (use_ll_privacy(hdev)) {
0eee35bd
MH		 426 struct smp_irk *irk;
427
428 irk = hci_find_irk_by_addr(hdev, &params->addr,
429 params->addr_type);
430 if (irk) {
431 struct hci_cp_le_add_to_resolv_list cp;
432
433 cp.bdaddr_type = params->addr_type;
434 bacpy(&cp.bdaddr, &params->addr);
435 memcpy(cp.peer_irk, irk->val, 16);
436
437 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
438 memcpy(cp.local_irk, hdev->irk, 16);
439 else
440 memset(cp.local_irk, 0, 16);
441
442 hci_req_add(req, HCI_OP_LE_ADD_TO_RESOLV_LIST,
443 sizeof(cp), &cp);
444 }
445 }
446
dd522a74 447 return 0;
0857dd3b
JH		 448}
449
3d4f9c00 450static u8 update_accept_list(struct hci_request *req)
0857dd3b
JH		 451{
452 struct hci_dev *hdev = req->hdev;
453 struct hci_conn_params *params;
454 struct bdaddr_list *b;
dd522a74
APS		 455 u8 num_entries = 0;
456 bool pend_conn, pend_report;
3d4f9c00
AP		 457 /* We allow usage of accept list even with RPAs in suspend. In the worst
458 * case, we won't be able to wake from devices that use the privacy1.2
dd522a74
APS		 459 * features. Additionally, once we support privacy1.2 and IRK
460 * offloading, we can update this to also check for those conditions.
461 */
462 bool allow_rpa = hdev->suspended;
0857dd3b 463
ad383c2c 464 if (use_ll_privacy(hdev))
8ce85ada
SN		 465 allow_rpa = true;
466
3d4f9c00 467 /* Go through the current accept list programmed into the
0857dd3b
JH		 468 * controller one by one and check if that address is still
469 * in the list of pending connections or list of devices to
470 * report. If not present in either list, then queue the
471 * command to remove it from the controller.
472 */
3d4f9c00 473 list_for_each_entry(b, &hdev->le_accept_list, list) {
dd522a74
APS		 474 pend_conn = hci_pend_le_action_lookup(&hdev->pend_le_conns,
475 &b->bdaddr,
476 b->bdaddr_type);
477 pend_report = hci_pend_le_action_lookup(&hdev->pend_le_reports,
478 &b->bdaddr,
479 b->bdaddr_type);
480
481 /* If the device is not likely to connect or report,
3d4f9c00 482 * remove it from the accept list.
cff10ce7 483 */
dd522a74 484 if (!pend_conn && !pend_report) {
3d4f9c00 485 del_from_accept_list(req, &b->bdaddr, b->bdaddr_type);
0857dd3b
JH		 486 continue;
487 }
488
3d4f9c00 489 /* Accept list can not be used with RPAs */
1fb17dfc
SN		 490 if (!allow_rpa &&
491 !hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) &&
dd522a74 492 hci_find_irk_by_addr(hdev, &b->bdaddr, b->bdaddr_type)) {
cff10ce7
JH		 493 return 0x00;
494 }
0857dd3b 495
dd522a74 496 num_entries++;
0857dd3b
JH		 497 }
498
3d4f9c00 499 /* Since all no longer valid accept list entries have been
0857dd3b
JH		 500 * removed, walk through the list of pending connections
501 * and ensure that any new device gets programmed into
502 * the controller.
503 *
504 * If the list of the devices is larger than the list of
3d4f9c00 505 * available accept list entries in the controller, then
0857dd3b 506 * just abort and return filer policy value to not use the
3d4f9c00 507 * accept list.
0857dd3b
JH		 508 */
509 list_for_each_entry(params, &hdev->pend_le_conns, action) {
3d4f9c00 510 if (add_to_accept_list(req, params, &num_entries, allow_rpa))
0857dd3b 511 return 0x00;
0857dd3b
JH		 512 }
513
514 /* After adding all new pending connections, walk through
515 * the list of pending reports and also add these to the
3d4f9c00 516 * accept list if there is still space. Abort if space runs out.
0857dd3b
JH		 517 */
518 list_for_each_entry(params, &hdev->pend_le_reports, action) {
3d4f9c00 519 if (add_to_accept_list(req, params, &num_entries, allow_rpa))
0857dd3b 520 return 0x00;
0857dd3b
JH		 521 }
522
c4f1f408
HC		 523 /* Use the allowlist unless the following conditions are all true:
524 * - We are not currently suspending
58ceb1e6 525 * - There are 1 or more ADV monitors registered and it's not offloaded
c4f1f408 526 * - Interleaved scanning is not currently using the allowlist
8208f5a9 527 */
c4f1f408 528 if (!idr_is_empty(&hdev->adv_monitors_idr) && !hdev->suspended &&
58ceb1e6 529 hci_get_adv_monitor_offload_ext(hdev) == HCI_ADV_MONITOR_EXT_NONE &&
c4f1f408 530 hdev->interleave_scan_state != INTERLEAVE_SCAN_ALLOWLIST)
8208f5a9
MC		 531 return 0x00;
532
3d4f9c00 533 /* Select filter policy to use accept list */
0857dd3b
JH		 534 return 0x01;
535}
536
82a37ade
JH		 537static bool scan_use_rpa(struct hci_dev *hdev)
538{
539 return hci_dev_test_flag(hdev, HCI_PRIVACY);
540}
541
3baef810 542static void hci_req_start_scan(struct hci_request *req, u8 type, u16 interval,
e1d57235 543 u16 window, u8 own_addr_type, u8 filter_policy,
c32d6246 544 bool filter_dup, bool addr_resolv)
0857dd3b 545{
a2344b9e 546 struct hci_dev *hdev = req->hdev;
3baef810 547
3a0377d9
APS		 548 if (hdev->scanning_paused) {
549 bt_dev_dbg(hdev, "Scanning is paused for suspend");
550 return;
551 }
552
ad383c2c 553 if (use_ll_privacy(hdev) && addr_resolv) {
e1d57235 554 u8 enable = 0x01;
cbbdfa6f 555
e1d57235
MH		 556 hci_req_add(req, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE, 1, &enable);
557 }
558
a2344b9e
JK		 559 /* Use ext scanning if set ext scan param and ext scan enable is
560 * supported
561 */
562 if (use_ext_scan(hdev)) {
563 struct hci_cp_le_set_ext_scan_params *ext_param_cp;
564 struct hci_cp_le_set_ext_scan_enable ext_enable_cp;
565 struct hci_cp_le_scan_phy_params *phy_params;
45bdd86e
JK		 566 u8 data[sizeof(*ext_param_cp) + sizeof(*phy_params) * 2];
567 u32 plen;
a2344b9e
JK		 568
569 ext_param_cp = (void *)data;
570 phy_params = (void *)ext_param_cp->data;
571
572 memset(ext_param_cp, 0, sizeof(*ext_param_cp));
573 ext_param_cp->own_addr_type = own_addr_type;
574 ext_param_cp->filter_policy = filter_policy;
a2344b9e 575
45bdd86e
JK		 576 plen = sizeof(*ext_param_cp);
577
578 if (scan_1m(hdev) || scan_2m(hdev)) {
579 ext_param_cp->scanning_phys |= LE_SCAN_PHY_1M;
580
581 memset(phy_params, 0, sizeof(*phy_params));
582 phy_params->type = type;
583 phy_params->interval = cpu_to_le16(interval);
584 phy_params->window = cpu_to_le16(window);
585
586 plen += sizeof(*phy_params);
587 phy_params++;
588 }
589
590 if (scan_coded(hdev)) {
591 ext_param_cp->scanning_phys |= LE_SCAN_PHY_CODED;
592
593 memset(phy_params, 0, sizeof(*phy_params));
594 phy_params->type = type;
595 phy_params->interval = cpu_to_le16(interval);
596 phy_params->window = cpu_to_le16(window);
597
598 plen += sizeof(*phy_params);
599 phy_params++;
600 }
a2344b9e
JK		 601
602 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_PARAMS,
45bdd86e 603 plen, ext_param_cp);
a2344b9e
JK		 604
605 memset(&ext_enable_cp, 0, sizeof(ext_enable_cp));
606 ext_enable_cp.enable = LE_SCAN_ENABLE;
c32d6246 607 ext_enable_cp.filter_dup = filter_dup;
a2344b9e
JK		 608
609 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE,
610 sizeof(ext_enable_cp), &ext_enable_cp);
611 } else {
612 struct hci_cp_le_set_scan_param param_cp;
613 struct hci_cp_le_set_scan_enable enable_cp;
614
615 memset(&param_cp, 0, sizeof(param_cp));
616 param_cp.type = type;
617 param_cp.interval = cpu_to_le16(interval);
618 param_cp.window = cpu_to_le16(window);
619 param_cp.own_address_type = own_addr_type;
620 param_cp.filter_policy = filter_policy;
621 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
622 &param_cp);
623
624 memset(&enable_cp, 0, sizeof(enable_cp));
625 enable_cp.enable = LE_SCAN_ENABLE;
c32d6246 626 enable_cp.filter_dup = filter_dup;
a2344b9e
JK		 627 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
628 &enable_cp);
629 }
3baef810
JK		 630}
631
3fe318ee
BG		 632static void set_random_addr(struct hci_request *req, bdaddr_t *rpa);
633static int hci_update_random_address(struct hci_request *req,
634 bool require_privacy, bool use_rpa,
635 u8 *own_addr_type)
636{
637 struct hci_dev *hdev = req->hdev;
638 int err;
639
640 /* If privacy is enabled use a resolvable private address. If
641 * current RPA has expired or there is something else than
642 * the current RPA in use, then generate a new one.
643 */
644 if (use_rpa) {
645 /* If Controller supports LL Privacy use own address type is
646 * 0x03
647 */
648 if (use_ll_privacy(hdev))
649 *own_addr_type = ADDR_LE_DEV_RANDOM_RESOLVED;
650 else
651 *own_addr_type = ADDR_LE_DEV_RANDOM;
652
653 if (rpa_valid(hdev))
654 return 0;
655
656 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
657 if (err < 0) {
658 bt_dev_err(hdev, "failed to generate new RPA");
659 return err;
660 }
661
662 set_random_addr(req, &hdev->rpa);
663
664 return 0;
665 }
666
667 /* In case of required privacy without resolvable private address,
668 * use an non-resolvable private address. This is useful for active
669 * scanning and non-connectable advertising.
670 */
671 if (require_privacy) {
672 bdaddr_t nrpa;
673
674 while (true) {
675 /* The non-resolvable private address is generated
676 * from random six bytes with the two most significant
677 * bits cleared.
678 */
679 get_random_bytes(&nrpa, 6);
680 nrpa.b[5] &= 0x3f;
681
682 /* The non-resolvable private address shall not be
683 * equal to the public address.
684 */
685 if (bacmp(&hdev->bdaddr, &nrpa))
686 break;
687 }
688
689 *own_addr_type = ADDR_LE_DEV_RANDOM;
690 set_random_addr(req, &nrpa);
691 return 0;
692 }
693
694 /* If forcing static address is in use or there is no public
695 * address use the static address as random address (but skip
696 * the HCI command if the current random address is already the
697 * static one.
698 *
699 * In case BR/EDR has been disabled on a dual-mode controller
700 * and a static address has been configured, then use that
701 * address instead of the public BR/EDR address.
702 */
703 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
704 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
705 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
706 bacmp(&hdev->static_addr, BDADDR_ANY))) {
707 *own_addr_type = ADDR_LE_DEV_RANDOM;
708 if (bacmp(&hdev->static_addr, &hdev->random_addr))
709 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
710 &hdev->static_addr);
711 return 0;
712 }
713
714 /* Neither privacy nor static address is being used so use a
715 * public address.
716 */
717 *own_addr_type = ADDR_LE_DEV_PUBLIC;
718
719 return 0;
720}
721
e1d57235
MH		 722/* Ensure to call hci_req_add_le_scan_disable() first to disable the
723 * controller based address resolution to be able to reconfigure
724 * resolving list.
725 */
3baef810
JK		 726void hci_req_add_le_passive_scan(struct hci_request *req)
727{
0857dd3b
JH		 728 struct hci_dev *hdev = req->hdev;
729 u8 own_addr_type;
730 u8 filter_policy;
aaebf8e6 731 u16 window, interval;
c32d6246
YHC		 732 /* Default is to enable duplicates filter */
733 u8 filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
e1d57235
MH		 734 /* Background scanning should run with address resolution */
735 bool addr_resolv = true;
dd522a74
APS		 736
737 if (hdev->scanning_paused) {
738 bt_dev_dbg(hdev, "Scanning is paused for suspend");
739 return;
740 }
0857dd3b
JH		 741
742 /* Set require_privacy to false since no SCAN_REQ are send
743 * during passive scanning. Not using an non-resolvable address
744 * here is important so that peer devices using direct
745 * advertising with our address will be correctly reported
746 * by the controller.
747 */
82a37ade
JH		 748 if (hci_update_random_address(req, false, scan_use_rpa(hdev),
749 &own_addr_type))
0857dd3b
JH		 750 return;
751
80af16a3
HC		 752 if (hdev->enable_advmon_interleave_scan &&
753 __hci_update_interleaved_scan(hdev))
c4f1f408
HC		 754 return;
755
756 bt_dev_dbg(hdev, "interleave state %d", hdev->interleave_scan_state);
3d4f9c00 757 /* Adding or removing entries from the accept list must
0857dd3b 758 * happen before enabling scanning. The controller does
3d4f9c00 759 * not allow accept list modification while scanning.
0857dd3b 760 */
3d4f9c00 761 filter_policy = update_accept_list(req);
0857dd3b
JH		 762
763 /* When the controller is using random resolvable addresses and
764 * with that having LE privacy enabled, then controllers with
765 * Extended Scanner Filter Policies support can now enable support
766 * for handling directed advertising.
767 *
3d4f9c00
AP		 768 * So instead of using filter polices 0x00 (no accept list)
769 * and 0x01 (accept list enabled) use the new filter policies
770 * 0x02 (no accept list) and 0x03 (accept list enabled).
0857dd3b 771 */
d7a5a11d 772 if (hci_dev_test_flag(hdev, HCI_PRIVACY) &&
0857dd3b
JH		 773 (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY))
774 filter_policy |= 0x02;
775
dd522a74 776 if (hdev->suspended) {
10873f99
AM		 777 window = hdev->le_scan_window_suspend;
778 interval = hdev->le_scan_int_suspend;
9a9373ff
AM		 779 } else if (hci_is_le_conn_scanning(hdev)) {
780 window = hdev->le_scan_window_connect;
781 interval = hdev->le_scan_int_connect;
291f0c55
HC		 782 } else if (hci_is_adv_monitoring(hdev)) {
783 window = hdev->le_scan_window_adv_monitor;
784 interval = hdev->le_scan_int_adv_monitor;
c32d6246
YHC		 785
786 /* Disable duplicates filter when scanning for advertisement
787 * monitor for the following reasons.
788 *
789 * For HW pattern filtering (ex. MSFT), Realtek and Qualcomm
790 * controllers ignore RSSI_Sampling_Period when the duplicates
791 * filter is enabled.
792 *
793 * For SW pattern filtering, when we're not doing interleaved
794 * scanning, it is necessary to disable duplicates filter,
795 * otherwise hosts can only receive one advertisement and it's
796 * impossible to know if a peer is still in range.
797 */
798 filter_dup = LE_SCAN_FILTER_DUP_DISABLE;
dd522a74
APS		 799 } else {
800 window = hdev->le_scan_window;
801 interval = hdev->le_scan_interval;
802 }
803
3d4f9c00
AP		 804 bt_dev_dbg(hdev, "LE passive scan with accept list = %d",
805 filter_policy);
dd522a74 806 hci_req_start_scan(req, LE_SCAN_PASSIVE, interval, window,
c32d6246
YHC		 807 own_addr_type, filter_policy, filter_dup,
808 addr_resolv);
0857dd3b
JH		 809}
810
c4f1f408
HC		 811static int hci_req_add_le_interleaved_scan(struct hci_request *req,
812 unsigned long opt)
813{
814 struct hci_dev *hdev = req->hdev;
815 int ret = 0;
816
817 hci_dev_lock(hdev);
818
819 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
820 hci_req_add_le_scan_disable(req, false);
821 hci_req_add_le_passive_scan(req);
822
823 switch (hdev->interleave_scan_state) {
824 case INTERLEAVE_SCAN_ALLOWLIST:
825 bt_dev_dbg(hdev, "next state: allowlist");
826 hdev->interleave_scan_state = INTERLEAVE_SCAN_NO_FILTER;
827 break;
828 case INTERLEAVE_SCAN_NO_FILTER:
829 bt_dev_dbg(hdev, "next state: no filter");
830 hdev->interleave_scan_state = INTERLEAVE_SCAN_ALLOWLIST;
831 break;
832 case INTERLEAVE_SCAN_NONE:
833 BT_ERR("unexpected error");
834 ret = -1;
835 }
836
837 hci_dev_unlock(hdev);
838
839 return ret;
840}
841
842static void interleave_scan_work(struct work_struct *work)
843{
844 struct hci_dev *hdev = container_of(work, struct hci_dev,
845 interleave_scan.work);
846 u8 status;
847 unsigned long timeout;
848
849 if (hdev->interleave_scan_state == INTERLEAVE_SCAN_ALLOWLIST) {
850 timeout = msecs_to_jiffies(hdev->advmon_allowlist_duration);
851 } else if (hdev->interleave_scan_state == INTERLEAVE_SCAN_NO_FILTER) {
852 timeout = msecs_to_jiffies(hdev->advmon_no_filter_duration);
853 } else {
854 bt_dev_err(hdev, "unexpected error");
855 return;
856 }
857
858 hci_req_sync(hdev, hci_req_add_le_interleaved_scan, 0,
859 HCI_CMD_TIMEOUT, &status);
860
861 /* Don't continue interleaving if it was canceled */
862 if (is_interleave_scanning(hdev))
863 queue_delayed_work(hdev->req_workqueue,
864 &hdev->interleave_scan, timeout);
865}
866
c45074d6
LAD		 867static void set_random_addr(struct hci_request *req, bdaddr_t *rpa)
868{
869 struct hci_dev *hdev = req->hdev;
870
871 /* If we're advertising or initiating an LE connection we can't
872 * go ahead and change the random address at this time. This is
873 * because the eventual initiator address used for the
874 * subsequently created connection will be undefined (some
875 * controllers use the new address and others the one we had
876 * when the operation started).
877 *
878 * In this kind of scenario skip the update and let the random
879 * address be updated at the next cycle.
880 */
881 if (hci_dev_test_flag(hdev, HCI_LE_ADV) ||
882 hci_lookup_le_connect(hdev)) {
883 bt_dev_dbg(hdev, "Deferring random address update");
884 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
885 return;
886 }
887
888 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa);
889}
890
5fc16cc4
JH		 891void hci_request_setup(struct hci_dev *hdev)
892{
c4f1f408 893 INIT_DELAYED_WORK(&hdev->interleave_scan, interleave_scan_work);
5fc16cc4
JH		 894}
895
896void hci_request_cancel_all(struct hci_dev *hdev)
897{
744451c1 898 __hci_cmd_sync_cancel(hdev, ENODEV);
7df0f73e 899
c4f1f408 900 cancel_interleave_scan(hdev);
5fc16cc4 901}
Linux 6.x block layer and io_uring tree(s)