2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2014 Intel Corporation
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
24 #include <linux/sched/signal.h>
26 #include <net/bluetooth/bluetooth.h>
27 #include <net/bluetooth/hci_core.h>
28 #include <net/bluetooth/mgmt.h>
31 #include "hci_request.h"
33 #define HCI_REQ_DONE 0
34 #define HCI_REQ_PEND 1
35 #define HCI_REQ_CANCELED 2
37 #define LE_SUSPEND_SCAN_WINDOW 0x0012
38 #define LE_SUSPEND_SCAN_INTERVAL 0x0060
40 void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
42 skb_queue_head_init(&req->cmd_q);
47 void hci_req_purge(struct hci_request *req)
49 skb_queue_purge(&req->cmd_q);
52 bool hci_req_status_pend(struct hci_dev *hdev)
54 return hdev->req_status == HCI_REQ_PEND;
57 static int req_run(struct hci_request *req, hci_req_complete_t complete,
58 hci_req_complete_skb_t complete_skb)
60 struct hci_dev *hdev = req->hdev;
64 BT_DBG("length %u", skb_queue_len(&req->cmd_q));
66 /* If an error occurred during request building, remove all HCI
67 * commands queued on the HCI request queue.
70 skb_queue_purge(&req->cmd_q);
74 /* Do not allow empty requests */
75 if (skb_queue_empty(&req->cmd_q))
78 skb = skb_peek_tail(&req->cmd_q);
80 bt_cb(skb)->hci.req_complete = complete;
81 } else if (complete_skb) {
82 bt_cb(skb)->hci.req_complete_skb = complete_skb;
83 bt_cb(skb)->hci.req_flags |= HCI_REQ_SKB;
86 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
87 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
88 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
90 queue_work(hdev->workqueue, &hdev->cmd_work);
95 int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
97 return req_run(req, complete, NULL);
100 int hci_req_run_skb(struct hci_request *req, hci_req_complete_skb_t complete)
102 return req_run(req, NULL, complete);
105 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode,
108 BT_DBG("%s result 0x%2.2x", hdev->name, result);
110 if (hdev->req_status == HCI_REQ_PEND) {
111 hdev->req_result = result;
112 hdev->req_status = HCI_REQ_DONE;
114 hdev->req_skb = skb_get(skb);
115 wake_up_interruptible(&hdev->req_wait_q);
119 void hci_req_sync_cancel(struct hci_dev *hdev, int err)
121 BT_DBG("%s err 0x%2.2x", hdev->name, err);
123 if (hdev->req_status == HCI_REQ_PEND) {
124 hdev->req_result = err;
125 hdev->req_status = HCI_REQ_CANCELED;
126 wake_up_interruptible(&hdev->req_wait_q);
130 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
131 const void *param, u8 event, u32 timeout)
133 struct hci_request req;
137 BT_DBG("%s", hdev->name);
139 hci_req_init(&req, hdev);
141 hci_req_add_ev(&req, opcode, plen, param, event);
143 hdev->req_status = HCI_REQ_PEND;
145 err = hci_req_run_skb(&req, hci_req_sync_complete);
149 err = wait_event_interruptible_timeout(hdev->req_wait_q,
150 hdev->req_status != HCI_REQ_PEND, timeout);
152 if (err == -ERESTARTSYS)
153 return ERR_PTR(-EINTR);
155 switch (hdev->req_status) {
157 err = -bt_to_errno(hdev->req_result);
160 case HCI_REQ_CANCELED:
161 err = -hdev->req_result;
169 hdev->req_status = hdev->req_result = 0;
171 hdev->req_skb = NULL;
173 BT_DBG("%s end: err %d", hdev->name, err);
181 return ERR_PTR(-ENODATA);
185 EXPORT_SYMBOL(__hci_cmd_sync_ev);
187 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
188 const void *param, u32 timeout)
190 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
192 EXPORT_SYMBOL(__hci_cmd_sync);
194 /* Execute request and wait for completion. */
195 int __hci_req_sync(struct hci_dev *hdev, int (*func)(struct hci_request *req,
197 unsigned long opt, u32 timeout, u8 *hci_status)
199 struct hci_request req;
202 BT_DBG("%s start", hdev->name);
204 hci_req_init(&req, hdev);
206 hdev->req_status = HCI_REQ_PEND;
208 err = func(&req, opt);
211 *hci_status = HCI_ERROR_UNSPECIFIED;
215 err = hci_req_run_skb(&req, hci_req_sync_complete);
217 hdev->req_status = 0;
219 /* ENODATA means the HCI request command queue is empty.
220 * This can happen when a request with conditionals doesn't
221 * trigger any commands to be sent. This is normal behavior
222 * and should not trigger an error return.
224 if (err == -ENODATA) {
231 *hci_status = HCI_ERROR_UNSPECIFIED;
236 err = wait_event_interruptible_timeout(hdev->req_wait_q,
237 hdev->req_status != HCI_REQ_PEND, timeout);
239 if (err == -ERESTARTSYS)
242 switch (hdev->req_status) {
244 err = -bt_to_errno(hdev->req_result);
246 *hci_status = hdev->req_result;
249 case HCI_REQ_CANCELED:
250 err = -hdev->req_result;
252 *hci_status = HCI_ERROR_UNSPECIFIED;
258 *hci_status = HCI_ERROR_UNSPECIFIED;
262 kfree_skb(hdev->req_skb);
263 hdev->req_skb = NULL;
264 hdev->req_status = hdev->req_result = 0;
266 BT_DBG("%s end: err %d", hdev->name, err);
271 int hci_req_sync(struct hci_dev *hdev, int (*req)(struct hci_request *req,
273 unsigned long opt, u32 timeout, u8 *hci_status)
277 if (!test_bit(HCI_UP, &hdev->flags))
280 /* Serialize all requests */
281 hci_req_sync_lock(hdev);
282 ret = __hci_req_sync(hdev, req, opt, timeout, hci_status);
283 hci_req_sync_unlock(hdev);
288 struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode, u32 plen,
291 int len = HCI_COMMAND_HDR_SIZE + plen;
292 struct hci_command_hdr *hdr;
295 skb = bt_skb_alloc(len, GFP_ATOMIC);
299 hdr = skb_put(skb, HCI_COMMAND_HDR_SIZE);
300 hdr->opcode = cpu_to_le16(opcode);
304 skb_put_data(skb, param, plen);
306 BT_DBG("skb len %d", skb->len);
308 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
309 hci_skb_opcode(skb) = opcode;
314 /* Queue a command to an asynchronous HCI request */
315 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
316 const void *param, u8 event)
318 struct hci_dev *hdev = req->hdev;
321 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
323 /* If an error occurred during request building, there is no point in
324 * queueing the HCI command. We can simply return.
329 skb = hci_prepare_cmd(hdev, opcode, plen, param);
331 bt_dev_err(hdev, "no memory for command (opcode 0x%4.4x)",
337 if (skb_queue_empty(&req->cmd_q))
338 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
340 bt_cb(skb)->hci.req_event = event;
342 skb_queue_tail(&req->cmd_q, skb);
345 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
348 hci_req_add_ev(req, opcode, plen, param, 0);
351 void __hci_req_write_fast_connectable(struct hci_request *req, bool enable)
353 struct hci_dev *hdev = req->hdev;
354 struct hci_cp_write_page_scan_activity acp;
357 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
360 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
364 type = PAGE_SCAN_TYPE_INTERLACED;
366 /* 160 msec page scan interval */
367 acp.interval = cpu_to_le16(0x0100);
369 type = PAGE_SCAN_TYPE_STANDARD; /* default */
371 /* default 1.28 sec page scan */
372 acp.interval = cpu_to_le16(0x0800);
375 acp.window = cpu_to_le16(0x0012);
377 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
378 __cpu_to_le16(hdev->page_scan_window) != acp.window)
379 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
382 if (hdev->page_scan_type != type)
383 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
386 /* This function controls the background scanning based on hdev->pend_le_conns
387 * list. If there are pending LE connection we start the background scanning,
388 * otherwise we stop it.
390 * This function requires the caller holds hdev->lock.
392 static void __hci_update_background_scan(struct hci_request *req)
394 struct hci_dev *hdev = req->hdev;
396 if (!test_bit(HCI_UP, &hdev->flags) ||
397 test_bit(HCI_INIT, &hdev->flags) ||
398 hci_dev_test_flag(hdev, HCI_SETUP) ||
399 hci_dev_test_flag(hdev, HCI_CONFIG) ||
400 hci_dev_test_flag(hdev, HCI_AUTO_OFF) ||
401 hci_dev_test_flag(hdev, HCI_UNREGISTER))
404 /* No point in doing scanning if LE support hasn't been enabled */
405 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
408 /* If discovery is active don't interfere with it */
409 if (hdev->discovery.state != DISCOVERY_STOPPED)
412 /* Reset RSSI and UUID filters when starting background scanning
413 * since these filters are meant for service discovery only.
415 * The Start Discovery and Start Service Discovery operations
416 * ensure to set proper values for RSSI threshold and UUID
417 * filter list. So it is safe to just reset them here.
419 hci_discovery_filter_clear(hdev);
421 if (list_empty(&hdev->pend_le_conns) &&
422 list_empty(&hdev->pend_le_reports)) {
423 /* If there is no pending LE connections or devices
424 * to be scanned for, we should stop the background
428 /* If controller is not scanning we are done. */
429 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
432 hci_req_add_le_scan_disable(req);
434 BT_DBG("%s stopping background scanning", hdev->name);
436 /* If there is at least one pending LE connection, we should
437 * keep the background scan running.
440 /* If controller is connecting, we should not start scanning
441 * since some controllers are not able to scan and connect at
444 if (hci_lookup_le_connect(hdev))
447 /* If controller is currently scanning, we stop it to ensure we
448 * don't miss any advertising (due to duplicates filter).
450 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
451 hci_req_add_le_scan_disable(req);
453 hci_req_add_le_passive_scan(req);
455 BT_DBG("%s starting background scanning", hdev->name);
459 void __hci_req_update_name(struct hci_request *req)
461 struct hci_dev *hdev = req->hdev;
462 struct hci_cp_write_local_name cp;
464 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
466 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
469 #define PNP_INFO_SVCLASS_ID 0x1200
471 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
473 u8 *ptr = data, *uuids_start = NULL;
474 struct bt_uuid *uuid;
479 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 16)
485 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
489 if (uuid16 == PNP_INFO_SVCLASS_ID)
495 uuids_start[1] = EIR_UUID16_ALL;
499 /* Stop if not enough space to put next UUID */
500 if ((ptr - data) + sizeof(u16) > len) {
501 uuids_start[1] = EIR_UUID16_SOME;
505 *ptr++ = (uuid16 & 0x00ff);
506 *ptr++ = (uuid16 & 0xff00) >> 8;
507 uuids_start[0] += sizeof(uuid16);
513 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
515 u8 *ptr = data, *uuids_start = NULL;
516 struct bt_uuid *uuid;
521 list_for_each_entry(uuid, &hdev->uuids, list) {
522 if (uuid->size != 32)
528 uuids_start[1] = EIR_UUID32_ALL;
532 /* Stop if not enough space to put next UUID */
533 if ((ptr - data) + sizeof(u32) > len) {
534 uuids_start[1] = EIR_UUID32_SOME;
538 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
540 uuids_start[0] += sizeof(u32);
546 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
548 u8 *ptr = data, *uuids_start = NULL;
549 struct bt_uuid *uuid;
554 list_for_each_entry(uuid, &hdev->uuids, list) {
555 if (uuid->size != 128)
561 uuids_start[1] = EIR_UUID128_ALL;
565 /* Stop if not enough space to put next UUID */
566 if ((ptr - data) + 16 > len) {
567 uuids_start[1] = EIR_UUID128_SOME;
571 memcpy(ptr, uuid->uuid, 16);
573 uuids_start[0] += 16;
579 static void create_eir(struct hci_dev *hdev, u8 *data)
584 name_len = strlen(hdev->dev_name);
590 ptr[1] = EIR_NAME_SHORT;
592 ptr[1] = EIR_NAME_COMPLETE;
594 /* EIR Data length */
595 ptr[0] = name_len + 1;
597 memcpy(ptr + 2, hdev->dev_name, name_len);
599 ptr += (name_len + 2);
602 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
604 ptr[1] = EIR_TX_POWER;
605 ptr[2] = (u8) hdev->inq_tx_power;
610 if (hdev->devid_source > 0) {
612 ptr[1] = EIR_DEVICE_ID;
614 put_unaligned_le16(hdev->devid_source, ptr + 2);
615 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
616 put_unaligned_le16(hdev->devid_product, ptr + 6);
617 put_unaligned_le16(hdev->devid_version, ptr + 8);
622 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
623 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
624 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
627 void __hci_req_update_eir(struct hci_request *req)
629 struct hci_dev *hdev = req->hdev;
630 struct hci_cp_write_eir cp;
632 if (!hdev_is_powered(hdev))
635 if (!lmp_ext_inq_capable(hdev))
638 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
641 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
644 memset(&cp, 0, sizeof(cp));
646 create_eir(hdev, cp.data);
648 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
651 memcpy(hdev->eir, cp.data, sizeof(cp.data));
653 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
656 void hci_req_add_le_scan_disable(struct hci_request *req)
658 struct hci_dev *hdev = req->hdev;
660 if (hdev->scanning_paused) {
661 bt_dev_dbg(hdev, "Scanning is paused for suspend");
665 if (use_ext_scan(hdev)) {
666 struct hci_cp_le_set_ext_scan_enable cp;
668 memset(&cp, 0, sizeof(cp));
669 cp.enable = LE_SCAN_DISABLE;
670 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE, sizeof(cp),
673 struct hci_cp_le_set_scan_enable cp;
675 memset(&cp, 0, sizeof(cp));
676 cp.enable = LE_SCAN_DISABLE;
677 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
681 static void del_from_white_list(struct hci_request *req, bdaddr_t *bdaddr,
684 struct hci_cp_le_del_from_white_list cp;
686 cp.bdaddr_type = bdaddr_type;
687 bacpy(&cp.bdaddr, bdaddr);
689 bt_dev_dbg(req->hdev, "Remove %pMR (0x%x) from whitelist", &cp.bdaddr,
691 hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST, sizeof(cp), &cp);
694 /* Adds connection to white list if needed. On error, returns -1. */
695 static int add_to_white_list(struct hci_request *req,
696 struct hci_conn_params *params, u8 *num_entries,
699 struct hci_cp_le_add_to_white_list cp;
700 struct hci_dev *hdev = req->hdev;
702 /* Already in white list */
703 if (hci_bdaddr_list_lookup(&hdev->le_white_list, ¶ms->addr,
707 /* Select filter policy to accept all advertising */
708 if (*num_entries >= hdev->le_white_list_size)
711 /* White list can not be used with RPAs */
713 hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type)) {
717 /* During suspend, only wakeable devices can be in whitelist */
718 if (hdev->suspended && !params->wakeable)
722 cp.bdaddr_type = params->addr_type;
723 bacpy(&cp.bdaddr, ¶ms->addr);
725 bt_dev_dbg(hdev, "Add %pMR (0x%x) to whitelist", &cp.bdaddr,
727 hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp);
732 static u8 update_white_list(struct hci_request *req)
734 struct hci_dev *hdev = req->hdev;
735 struct hci_conn_params *params;
736 struct bdaddr_list *b;
738 bool pend_conn, pend_report;
739 /* We allow whitelisting even with RPAs in suspend. In the worst case,
740 * we won't be able to wake from devices that use the privacy1.2
741 * features. Additionally, once we support privacy1.2 and IRK
742 * offloading, we can update this to also check for those conditions.
744 bool allow_rpa = hdev->suspended;
746 /* Go through the current white list programmed into the
747 * controller one by one and check if that address is still
748 * in the list of pending connections or list of devices to
749 * report. If not present in either list, then queue the
750 * command to remove it from the controller.
752 list_for_each_entry(b, &hdev->le_white_list, list) {
753 pend_conn = hci_pend_le_action_lookup(&hdev->pend_le_conns,
756 pend_report = hci_pend_le_action_lookup(&hdev->pend_le_reports,
760 /* If the device is not likely to connect or report,
761 * remove it from the whitelist.
763 if (!pend_conn && !pend_report) {
764 del_from_white_list(req, &b->bdaddr, b->bdaddr_type);
768 /* White list can not be used with RPAs */
770 hci_find_irk_by_addr(hdev, &b->bdaddr, b->bdaddr_type)) {
777 /* Since all no longer valid white list entries have been
778 * removed, walk through the list of pending connections
779 * and ensure that any new device gets programmed into
782 * If the list of the devices is larger than the list of
783 * available white list entries in the controller, then
784 * just abort and return filer policy value to not use the
787 list_for_each_entry(params, &hdev->pend_le_conns, action) {
788 if (add_to_white_list(req, params, &num_entries, allow_rpa))
792 /* After adding all new pending connections, walk through
793 * the list of pending reports and also add these to the
794 * white list if there is still space. Abort if space runs out.
796 list_for_each_entry(params, &hdev->pend_le_reports, action) {
797 if (add_to_white_list(req, params, &num_entries, allow_rpa))
801 /* Select filter policy to use white list */
805 static bool scan_use_rpa(struct hci_dev *hdev)
807 return hci_dev_test_flag(hdev, HCI_PRIVACY);
810 static void hci_req_start_scan(struct hci_request *req, u8 type, u16 interval,
811 u16 window, u8 own_addr_type, u8 filter_policy)
813 struct hci_dev *hdev = req->hdev;
815 /* Use ext scanning if set ext scan param and ext scan enable is
818 if (use_ext_scan(hdev)) {
819 struct hci_cp_le_set_ext_scan_params *ext_param_cp;
820 struct hci_cp_le_set_ext_scan_enable ext_enable_cp;
821 struct hci_cp_le_scan_phy_params *phy_params;
822 u8 data[sizeof(*ext_param_cp) + sizeof(*phy_params) * 2];
825 ext_param_cp = (void *)data;
826 phy_params = (void *)ext_param_cp->data;
828 memset(ext_param_cp, 0, sizeof(*ext_param_cp));
829 ext_param_cp->own_addr_type = own_addr_type;
830 ext_param_cp->filter_policy = filter_policy;
832 plen = sizeof(*ext_param_cp);
834 if (scan_1m(hdev) || scan_2m(hdev)) {
835 ext_param_cp->scanning_phys |= LE_SCAN_PHY_1M;
837 memset(phy_params, 0, sizeof(*phy_params));
838 phy_params->type = type;
839 phy_params->interval = cpu_to_le16(interval);
840 phy_params->window = cpu_to_le16(window);
842 plen += sizeof(*phy_params);
846 if (scan_coded(hdev)) {
847 ext_param_cp->scanning_phys |= LE_SCAN_PHY_CODED;
849 memset(phy_params, 0, sizeof(*phy_params));
850 phy_params->type = type;
851 phy_params->interval = cpu_to_le16(interval);
852 phy_params->window = cpu_to_le16(window);
854 plen += sizeof(*phy_params);
858 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_PARAMS,
861 memset(&ext_enable_cp, 0, sizeof(ext_enable_cp));
862 ext_enable_cp.enable = LE_SCAN_ENABLE;
863 ext_enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
865 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE,
866 sizeof(ext_enable_cp), &ext_enable_cp);
868 struct hci_cp_le_set_scan_param param_cp;
869 struct hci_cp_le_set_scan_enable enable_cp;
871 memset(¶m_cp, 0, sizeof(param_cp));
872 param_cp.type = type;
873 param_cp.interval = cpu_to_le16(interval);
874 param_cp.window = cpu_to_le16(window);
875 param_cp.own_address_type = own_addr_type;
876 param_cp.filter_policy = filter_policy;
877 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
880 memset(&enable_cp, 0, sizeof(enable_cp));
881 enable_cp.enable = LE_SCAN_ENABLE;
882 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
883 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
888 void hci_req_add_le_passive_scan(struct hci_request *req)
890 struct hci_dev *hdev = req->hdev;
895 if (hdev->scanning_paused) {
896 bt_dev_dbg(hdev, "Scanning is paused for suspend");
900 /* Set require_privacy to false since no SCAN_REQ are send
901 * during passive scanning. Not using an non-resolvable address
902 * here is important so that peer devices using direct
903 * advertising with our address will be correctly reported
906 if (hci_update_random_address(req, false, scan_use_rpa(hdev),
910 /* Adding or removing entries from the white list must
911 * happen before enabling scanning. The controller does
912 * not allow white list modification while scanning.
914 filter_policy = update_white_list(req);
916 /* When the controller is using random resolvable addresses and
917 * with that having LE privacy enabled, then controllers with
918 * Extended Scanner Filter Policies support can now enable support
919 * for handling directed advertising.
921 * So instead of using filter polices 0x00 (no whitelist)
922 * and 0x01 (whitelist enabled) use the new filter policies
923 * 0x02 (no whitelist) and 0x03 (whitelist enabled).
925 if (hci_dev_test_flag(hdev, HCI_PRIVACY) &&
926 (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY))
927 filter_policy |= 0x02;
929 if (hdev->suspended) {
930 window = LE_SUSPEND_SCAN_WINDOW;
931 interval = LE_SUSPEND_SCAN_INTERVAL;
933 window = hdev->le_scan_window;
934 interval = hdev->le_scan_interval;
937 bt_dev_dbg(hdev, "LE passive scan with whitelist = %d", filter_policy);
938 hci_req_start_scan(req, LE_SCAN_PASSIVE, interval, window,
939 own_addr_type, filter_policy);
942 static u8 get_adv_instance_scan_rsp_len(struct hci_dev *hdev, u8 instance)
944 struct adv_info *adv_instance;
946 /* Instance 0x00 always set local name */
947 if (instance == 0x00)
950 adv_instance = hci_find_adv_instance(hdev, instance);
954 /* TODO: Take into account the "appearance" and "local-name" flags here.
955 * These are currently being ignored as they are not supported.
957 return adv_instance->scan_rsp_len;
960 static void hci_req_clear_event_filter(struct hci_request *req)
962 struct hci_cp_set_event_filter f;
964 memset(&f, 0, sizeof(f));
965 f.flt_type = HCI_FLT_CLEAR_ALL;
966 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &f);
968 /* Update page scan state (since we may have modified it when setting
971 __hci_req_update_scan(req);
974 static void hci_req_set_event_filter(struct hci_request *req)
976 struct bdaddr_list *b;
977 struct hci_cp_set_event_filter f;
978 struct hci_dev *hdev = req->hdev;
981 /* Always clear event filter when starting */
982 hci_req_clear_event_filter(req);
984 list_for_each_entry(b, &hdev->wakeable, list) {
985 memset(&f, 0, sizeof(f));
986 bacpy(&f.addr_conn_flt.bdaddr, &b->bdaddr);
987 f.flt_type = HCI_FLT_CONN_SETUP;
988 f.cond_type = HCI_CONN_SETUP_ALLOW_BDADDR;
989 f.addr_conn_flt.auto_accept = HCI_CONN_SETUP_AUTO_ON;
991 bt_dev_dbg(hdev, "Adding event filters for %pMR", &b->bdaddr);
992 hci_req_add(req, HCI_OP_SET_EVENT_FLT, sizeof(f), &f);
995 scan = !list_empty(&hdev->wakeable) ? SCAN_PAGE : SCAN_DISABLED;
996 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
999 static void hci_req_config_le_suspend_scan(struct hci_request *req)
1001 /* Can't change params without disabling first */
1002 hci_req_add_le_scan_disable(req);
1004 /* Configure params and enable scanning */
1005 hci_req_add_le_passive_scan(req);
1007 /* Block suspend notifier on response */
1008 set_bit(SUSPEND_SCAN_ENABLE, req->hdev->suspend_tasks);
1011 static void suspend_req_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1013 bt_dev_dbg(hdev, "Request complete opcode=0x%x, status=0x%x", opcode,
1015 if (test_and_clear_bit(SUSPEND_SCAN_ENABLE, hdev->suspend_tasks) ||
1016 test_and_clear_bit(SUSPEND_SCAN_DISABLE, hdev->suspend_tasks)) {
1017 wake_up(&hdev->suspend_wait_q);
1021 /* Call with hci_dev_lock */
1022 void hci_req_prepare_suspend(struct hci_dev *hdev, enum suspended_state next)
1024 struct hci_conn *conn;
1025 struct hci_request req;
1027 int disconnect_counter;
1029 if (next == hdev->suspend_state) {
1030 bt_dev_dbg(hdev, "Same state before and after: %d", next);
1034 hdev->suspend_state = next;
1035 hci_req_init(&req, hdev);
1037 if (next == BT_SUSPEND_DISCONNECT) {
1038 /* Mark device as suspended */
1039 hdev->suspended = true;
1041 /* Disable page scan */
1042 page_scan = SCAN_DISABLED;
1043 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &page_scan);
1045 /* Disable LE passive scan */
1046 hci_req_add_le_scan_disable(&req);
1048 /* Mark task needing completion */
1049 set_bit(SUSPEND_SCAN_DISABLE, hdev->suspend_tasks);
1051 /* Prevent disconnects from causing scanning to be re-enabled */
1052 hdev->scanning_paused = true;
1054 /* Run commands before disconnecting */
1055 hci_req_run(&req, suspend_req_complete);
1057 disconnect_counter = 0;
1058 /* Soft disconnect everything (power off) */
1059 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1060 hci_disconnect(conn, HCI_ERROR_REMOTE_POWER_OFF);
1061 disconnect_counter++;
1064 if (disconnect_counter > 0) {
1066 "Had %d disconnects. Will wait on them",
1067 disconnect_counter);
1068 set_bit(SUSPEND_DISCONNECTING, hdev->suspend_tasks);
1070 } else if (next == BT_SUSPEND_COMPLETE) {
1071 /* Unpause to take care of updating scanning params */
1072 hdev->scanning_paused = false;
1073 /* Enable event filter for paired devices */
1074 hci_req_set_event_filter(&req);
1075 /* Enable passive scan at lower duty cycle */
1076 hci_req_config_le_suspend_scan(&req);
1077 /* Pause scan changes again. */
1078 hdev->scanning_paused = true;
1079 hci_req_run(&req, suspend_req_complete);
1081 hdev->suspended = false;
1082 hdev->scanning_paused = false;
1084 hci_req_clear_event_filter(&req);
1085 /* Reset passive/background scanning to normal */
1086 hci_req_config_le_suspend_scan(&req);
1087 hci_req_run(&req, suspend_req_complete);
1090 hdev->suspend_state = next;
1093 clear_bit(SUSPEND_PREPARE_NOTIFIER, hdev->suspend_tasks);
1094 wake_up(&hdev->suspend_wait_q);
1097 static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev)
1099 u8 instance = hdev->cur_adv_instance;
1100 struct adv_info *adv_instance;
1102 /* Instance 0x00 always set local name */
1103 if (instance == 0x00)
1106 adv_instance = hci_find_adv_instance(hdev, instance);
1110 /* TODO: Take into account the "appearance" and "local-name" flags here.
1111 * These are currently being ignored as they are not supported.
1113 return adv_instance->scan_rsp_len;
1116 void __hci_req_disable_advertising(struct hci_request *req)
1118 if (ext_adv_capable(req->hdev)) {
1119 struct hci_cp_le_set_ext_adv_enable cp;
1122 /* Disable all sets since we only support one set at the moment */
1123 cp.num_of_sets = 0x00;
1125 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp), &cp);
1129 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1133 static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
1136 struct adv_info *adv_instance;
1138 if (instance == 0x00) {
1139 /* Instance 0 always manages the "Tx Power" and "Flags"
1142 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
1144 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting
1145 * corresponds to the "connectable" instance flag.
1147 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
1148 flags |= MGMT_ADV_FLAG_CONNECTABLE;
1150 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1151 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
1152 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
1153 flags |= MGMT_ADV_FLAG_DISCOV;
1158 adv_instance = hci_find_adv_instance(hdev, instance);
1160 /* Return 0 when we got an invalid instance identifier. */
1164 return adv_instance->flags;
1167 static bool adv_use_rpa(struct hci_dev *hdev, uint32_t flags)
1169 /* If privacy is not enabled don't use RPA */
1170 if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
1173 /* If basic privacy mode is enabled use RPA */
1174 if (!hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1177 /* If limited privacy mode is enabled don't use RPA if we're
1178 * both discoverable and bondable.
1180 if ((flags & MGMT_ADV_FLAG_DISCOV) &&
1181 hci_dev_test_flag(hdev, HCI_BONDABLE))
1184 /* We're neither bondable nor discoverable in the limited
1185 * privacy mode, therefore use RPA.
1190 static bool is_advertising_allowed(struct hci_dev *hdev, bool connectable)
1192 /* If there is no connection we are OK to advertise. */
1193 if (hci_conn_num(hdev, LE_LINK) == 0)
1196 /* Check le_states if there is any connection in slave role. */
1197 if (hdev->conn_hash.le_num_slave > 0) {
1198 /* Slave connection state and non connectable mode bit 20. */
1199 if (!connectable && !(hdev->le_states[2] & 0x10))
1202 /* Slave connection state and connectable mode bit 38
1203 * and scannable bit 21.
1205 if (connectable && (!(hdev->le_states[4] & 0x40) ||
1206 !(hdev->le_states[2] & 0x20)))
1210 /* Check le_states if there is any connection in master role. */
1211 if (hci_conn_num(hdev, LE_LINK) != hdev->conn_hash.le_num_slave) {
1212 /* Master connection state and non connectable mode bit 18. */
1213 if (!connectable && !(hdev->le_states[2] & 0x02))
1216 /* Master connection state and connectable mode bit 35 and
1219 if (connectable && (!(hdev->le_states[4] & 0x08) ||
1220 !(hdev->le_states[2] & 0x08)))
1227 void __hci_req_enable_advertising(struct hci_request *req)
1229 struct hci_dev *hdev = req->hdev;
1230 struct hci_cp_le_set_adv_param cp;
1231 u8 own_addr_type, enable = 0x01;
1233 u16 adv_min_interval, adv_max_interval;
1236 flags = get_adv_instance_flags(hdev, hdev->cur_adv_instance);
1238 /* If the "connectable" instance flag was not set, then choose between
1239 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1241 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1242 mgmt_get_connectable(hdev);
1244 if (!is_advertising_allowed(hdev, connectable))
1247 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1248 __hci_req_disable_advertising(req);
1250 /* Clear the HCI_LE_ADV bit temporarily so that the
1251 * hci_update_random_address knows that it's safe to go ahead
1252 * and write a new random address. The flag will be set back on
1253 * as soon as the SET_ADV_ENABLE HCI command completes.
1255 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1257 /* Set require_privacy to true only when non-connectable
1258 * advertising is used. In that case it is fine to use a
1259 * non-resolvable private address.
1261 if (hci_update_random_address(req, !connectable,
1262 adv_use_rpa(hdev, flags),
1263 &own_addr_type) < 0)
1266 memset(&cp, 0, sizeof(cp));
1269 cp.type = LE_ADV_IND;
1271 adv_min_interval = hdev->le_adv_min_interval;
1272 adv_max_interval = hdev->le_adv_max_interval;
1274 if (get_cur_adv_instance_scan_rsp_len(hdev))
1275 cp.type = LE_ADV_SCAN_IND;
1277 cp.type = LE_ADV_NONCONN_IND;
1279 if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE) ||
1280 hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) {
1281 adv_min_interval = DISCOV_LE_FAST_ADV_INT_MIN;
1282 adv_max_interval = DISCOV_LE_FAST_ADV_INT_MAX;
1284 adv_min_interval = hdev->le_adv_min_interval;
1285 adv_max_interval = hdev->le_adv_max_interval;
1289 cp.min_interval = cpu_to_le16(adv_min_interval);
1290 cp.max_interval = cpu_to_le16(adv_max_interval);
1291 cp.own_address_type = own_addr_type;
1292 cp.channel_map = hdev->le_adv_channel_map;
1294 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1296 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1299 u8 append_local_name(struct hci_dev *hdev, u8 *ptr, u8 ad_len)
1302 size_t complete_len;
1304 /* no space left for name (+ NULL + type + len) */
1305 if ((HCI_MAX_AD_LENGTH - ad_len) < HCI_MAX_SHORT_NAME_LENGTH + 3)
1308 /* use complete name if present and fits */
1309 complete_len = strlen(hdev->dev_name);
1310 if (complete_len && complete_len <= HCI_MAX_SHORT_NAME_LENGTH)
1311 return eir_append_data(ptr, ad_len, EIR_NAME_COMPLETE,
1312 hdev->dev_name, complete_len + 1);
1314 /* use short name if present */
1315 short_len = strlen(hdev->short_name);
1317 return eir_append_data(ptr, ad_len, EIR_NAME_SHORT,
1318 hdev->short_name, short_len + 1);
1320 /* use shortened full name if present, we already know that name
1321 * is longer then HCI_MAX_SHORT_NAME_LENGTH
1324 u8 name[HCI_MAX_SHORT_NAME_LENGTH + 1];
1326 memcpy(name, hdev->dev_name, HCI_MAX_SHORT_NAME_LENGTH);
1327 name[HCI_MAX_SHORT_NAME_LENGTH] = '\0';
1329 return eir_append_data(ptr, ad_len, EIR_NAME_SHORT, name,
1336 static u8 append_appearance(struct hci_dev *hdev, u8 *ptr, u8 ad_len)
1338 return eir_append_le16(ptr, ad_len, EIR_APPEARANCE, hdev->appearance);
1341 static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
1343 u8 scan_rsp_len = 0;
1345 if (hdev->appearance) {
1346 scan_rsp_len = append_appearance(hdev, ptr, scan_rsp_len);
1349 return append_local_name(hdev, ptr, scan_rsp_len);
1352 static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance,
1355 struct adv_info *adv_instance;
1357 u8 scan_rsp_len = 0;
1359 adv_instance = hci_find_adv_instance(hdev, instance);
1363 instance_flags = adv_instance->flags;
1365 if ((instance_flags & MGMT_ADV_FLAG_APPEARANCE) && hdev->appearance) {
1366 scan_rsp_len = append_appearance(hdev, ptr, scan_rsp_len);
1369 memcpy(&ptr[scan_rsp_len], adv_instance->scan_rsp_data,
1370 adv_instance->scan_rsp_len);
1372 scan_rsp_len += adv_instance->scan_rsp_len;
1374 if (instance_flags & MGMT_ADV_FLAG_LOCAL_NAME)
1375 scan_rsp_len = append_local_name(hdev, ptr, scan_rsp_len);
1377 return scan_rsp_len;
1380 void __hci_req_update_scan_rsp_data(struct hci_request *req, u8 instance)
1382 struct hci_dev *hdev = req->hdev;
1385 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1388 if (ext_adv_capable(hdev)) {
1389 struct hci_cp_le_set_ext_scan_rsp_data cp;
1391 memset(&cp, 0, sizeof(cp));
1394 len = create_instance_scan_rsp_data(hdev, instance,
1397 len = create_default_scan_rsp_data(hdev, cp.data);
1399 if (hdev->scan_rsp_data_len == len &&
1400 !memcmp(cp.data, hdev->scan_rsp_data, len))
1403 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
1404 hdev->scan_rsp_data_len = len;
1408 cp.operation = LE_SET_ADV_DATA_OP_COMPLETE;
1409 cp.frag_pref = LE_SET_ADV_DATA_NO_FRAG;
1411 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_RSP_DATA, sizeof(cp),
1414 struct hci_cp_le_set_scan_rsp_data cp;
1416 memset(&cp, 0, sizeof(cp));
1419 len = create_instance_scan_rsp_data(hdev, instance,
1422 len = create_default_scan_rsp_data(hdev, cp.data);
1424 if (hdev->scan_rsp_data_len == len &&
1425 !memcmp(cp.data, hdev->scan_rsp_data, len))
1428 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
1429 hdev->scan_rsp_data_len = len;
1433 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
1437 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
1439 struct adv_info *adv_instance = NULL;
1440 u8 ad_len = 0, flags = 0;
1443 /* Return 0 when the current instance identifier is invalid. */
1445 adv_instance = hci_find_adv_instance(hdev, instance);
1450 instance_flags = get_adv_instance_flags(hdev, instance);
1452 /* If instance already has the flags set skip adding it once
1455 if (adv_instance && eir_get_data(adv_instance->adv_data,
1456 adv_instance->adv_data_len, EIR_FLAGS,
1460 /* The Add Advertising command allows userspace to set both the general
1461 * and limited discoverable flags.
1463 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
1464 flags |= LE_AD_GENERAL;
1466 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
1467 flags |= LE_AD_LIMITED;
1469 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1470 flags |= LE_AD_NO_BREDR;
1472 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
1473 /* If a discovery flag wasn't provided, simply use the global
1477 flags |= mgmt_get_adv_discov_flags(hdev);
1479 /* If flags would still be empty, then there is no need to
1480 * include the "Flags" AD field".
1494 memcpy(ptr, adv_instance->adv_data,
1495 adv_instance->adv_data_len);
1496 ad_len += adv_instance->adv_data_len;
1497 ptr += adv_instance->adv_data_len;
1500 if (instance_flags & MGMT_ADV_FLAG_TX_POWER) {
1503 if (ext_adv_capable(hdev)) {
1505 adv_tx_power = adv_instance->tx_power;
1507 adv_tx_power = hdev->adv_tx_power;
1509 adv_tx_power = hdev->adv_tx_power;
1512 /* Provide Tx Power only if we can provide a valid value for it */
1513 if (adv_tx_power != HCI_TX_POWER_INVALID) {
1515 ptr[1] = EIR_TX_POWER;
1516 ptr[2] = (u8)adv_tx_power;
1526 void __hci_req_update_adv_data(struct hci_request *req, u8 instance)
1528 struct hci_dev *hdev = req->hdev;
1531 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1534 if (ext_adv_capable(hdev)) {
1535 struct hci_cp_le_set_ext_adv_data cp;
1537 memset(&cp, 0, sizeof(cp));
1539 len = create_instance_adv_data(hdev, instance, cp.data);
1541 /* There's nothing to do if the data hasn't changed */
1542 if (hdev->adv_data_len == len &&
1543 memcmp(cp.data, hdev->adv_data, len) == 0)
1546 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1547 hdev->adv_data_len = len;
1551 cp.operation = LE_SET_ADV_DATA_OP_COMPLETE;
1552 cp.frag_pref = LE_SET_ADV_DATA_NO_FRAG;
1554 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_DATA, sizeof(cp), &cp);
1556 struct hci_cp_le_set_adv_data cp;
1558 memset(&cp, 0, sizeof(cp));
1560 len = create_instance_adv_data(hdev, instance, cp.data);
1562 /* There's nothing to do if the data hasn't changed */
1563 if (hdev->adv_data_len == len &&
1564 memcmp(cp.data, hdev->adv_data, len) == 0)
1567 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1568 hdev->adv_data_len = len;
1572 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1576 int hci_req_update_adv_data(struct hci_dev *hdev, u8 instance)
1578 struct hci_request req;
1580 hci_req_init(&req, hdev);
1581 __hci_req_update_adv_data(&req, instance);
1583 return hci_req_run(&req, NULL);
1586 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1588 BT_DBG("%s status %u", hdev->name, status);
1591 void hci_req_reenable_advertising(struct hci_dev *hdev)
1593 struct hci_request req;
1595 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1596 list_empty(&hdev->adv_instances))
1599 hci_req_init(&req, hdev);
1601 if (hdev->cur_adv_instance) {
1602 __hci_req_schedule_adv_instance(&req, hdev->cur_adv_instance,
1605 if (ext_adv_capable(hdev)) {
1606 __hci_req_start_ext_adv(&req, 0x00);
1608 __hci_req_update_adv_data(&req, 0x00);
1609 __hci_req_update_scan_rsp_data(&req, 0x00);
1610 __hci_req_enable_advertising(&req);
1614 hci_req_run(&req, adv_enable_complete);
1617 static void adv_timeout_expire(struct work_struct *work)
1619 struct hci_dev *hdev = container_of(work, struct hci_dev,
1620 adv_instance_expire.work);
1622 struct hci_request req;
1625 BT_DBG("%s", hdev->name);
1629 hdev->adv_instance_timeout = 0;
1631 instance = hdev->cur_adv_instance;
1632 if (instance == 0x00)
1635 hci_req_init(&req, hdev);
1637 hci_req_clear_adv_instance(hdev, NULL, &req, instance, false);
1639 if (list_empty(&hdev->adv_instances))
1640 __hci_req_disable_advertising(&req);
1642 hci_req_run(&req, NULL);
1645 hci_dev_unlock(hdev);
1648 int hci_get_random_address(struct hci_dev *hdev, bool require_privacy,
1649 bool use_rpa, struct adv_info *adv_instance,
1650 u8 *own_addr_type, bdaddr_t *rand_addr)
1654 bacpy(rand_addr, BDADDR_ANY);
1656 /* If privacy is enabled use a resolvable private address. If
1657 * current RPA has expired then generate a new one.
1662 *own_addr_type = ADDR_LE_DEV_RANDOM;
1665 if (!adv_instance->rpa_expired &&
1666 !bacmp(&adv_instance->random_addr, &hdev->rpa))
1669 adv_instance->rpa_expired = false;
1671 if (!hci_dev_test_and_clear_flag(hdev, HCI_RPA_EXPIRED) &&
1672 !bacmp(&hdev->random_addr, &hdev->rpa))
1676 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
1678 bt_dev_err(hdev, "failed to generate new RPA");
1682 bacpy(rand_addr, &hdev->rpa);
1684 to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
1686 queue_delayed_work(hdev->workqueue,
1687 &adv_instance->rpa_expired_cb, to);
1689 queue_delayed_work(hdev->workqueue,
1690 &hdev->rpa_expired, to);
1695 /* In case of required privacy without resolvable private address,
1696 * use an non-resolvable private address. This is useful for
1697 * non-connectable advertising.
1699 if (require_privacy) {
1703 /* The non-resolvable private address is generated
1704 * from random six bytes with the two most significant
1707 get_random_bytes(&nrpa, 6);
1710 /* The non-resolvable private address shall not be
1711 * equal to the public address.
1713 if (bacmp(&hdev->bdaddr, &nrpa))
1717 *own_addr_type = ADDR_LE_DEV_RANDOM;
1718 bacpy(rand_addr, &nrpa);
1723 /* No privacy so use a public address. */
1724 *own_addr_type = ADDR_LE_DEV_PUBLIC;
1729 void __hci_req_clear_ext_adv_sets(struct hci_request *req)
1731 hci_req_add(req, HCI_OP_LE_CLEAR_ADV_SETS, 0, NULL);
1734 int __hci_req_setup_ext_adv_instance(struct hci_request *req, u8 instance)
1736 struct hci_cp_le_set_ext_adv_params cp;
1737 struct hci_dev *hdev = req->hdev;
1740 bdaddr_t random_addr;
1743 struct adv_info *adv_instance;
1745 /* In ext adv set param interval is 3 octets */
1746 const u8 adv_interval[3] = { 0x00, 0x08, 0x00 };
1749 adv_instance = hci_find_adv_instance(hdev, instance);
1753 adv_instance = NULL;
1756 flags = get_adv_instance_flags(hdev, instance);
1758 /* If the "connectable" instance flag was not set, then choose between
1759 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1761 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1762 mgmt_get_connectable(hdev);
1764 if (!is_advertising_allowed(hdev, connectable))
1767 /* Set require_privacy to true only when non-connectable
1768 * advertising is used. In that case it is fine to use a
1769 * non-resolvable private address.
1771 err = hci_get_random_address(hdev, !connectable,
1772 adv_use_rpa(hdev, flags), adv_instance,
1773 &own_addr_type, &random_addr);
1777 memset(&cp, 0, sizeof(cp));
1779 memcpy(cp.min_interval, adv_interval, sizeof(cp.min_interval));
1780 memcpy(cp.max_interval, adv_interval, sizeof(cp.max_interval));
1782 secondary_adv = (flags & MGMT_ADV_FLAG_SEC_MASK);
1786 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_CONN_IND);
1788 cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_IND);
1789 } else if (get_adv_instance_scan_rsp_len(hdev, instance)) {
1791 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_SCAN_IND);
1793 cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_SCAN_IND);
1796 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_NON_CONN_IND);
1798 cp.evt_properties = cpu_to_le16(LE_LEGACY_NONCONN_IND);
1801 cp.own_addr_type = own_addr_type;
1802 cp.channel_map = hdev->le_adv_channel_map;
1804 cp.handle = instance;
1806 if (flags & MGMT_ADV_FLAG_SEC_2M) {
1807 cp.primary_phy = HCI_ADV_PHY_1M;
1808 cp.secondary_phy = HCI_ADV_PHY_2M;
1809 } else if (flags & MGMT_ADV_FLAG_SEC_CODED) {
1810 cp.primary_phy = HCI_ADV_PHY_CODED;
1811 cp.secondary_phy = HCI_ADV_PHY_CODED;
1813 /* In all other cases use 1M */
1814 cp.primary_phy = HCI_ADV_PHY_1M;
1815 cp.secondary_phy = HCI_ADV_PHY_1M;
1818 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_PARAMS, sizeof(cp), &cp);
1820 if (own_addr_type == ADDR_LE_DEV_RANDOM &&
1821 bacmp(&random_addr, BDADDR_ANY)) {
1822 struct hci_cp_le_set_adv_set_rand_addr cp;
1824 /* Check if random address need to be updated */
1826 if (!bacmp(&random_addr, &adv_instance->random_addr))
1829 if (!bacmp(&random_addr, &hdev->random_addr))
1833 memset(&cp, 0, sizeof(cp));
1836 bacpy(&cp.bdaddr, &random_addr);
1839 HCI_OP_LE_SET_ADV_SET_RAND_ADDR,
1846 int __hci_req_enable_ext_advertising(struct hci_request *req, u8 instance)
1848 struct hci_dev *hdev = req->hdev;
1849 struct hci_cp_le_set_ext_adv_enable *cp;
1850 struct hci_cp_ext_adv_set *adv_set;
1851 u8 data[sizeof(*cp) + sizeof(*adv_set) * 1];
1852 struct adv_info *adv_instance;
1855 adv_instance = hci_find_adv_instance(hdev, instance);
1859 adv_instance = NULL;
1863 adv_set = (void *) cp->data;
1865 memset(cp, 0, sizeof(*cp));
1868 cp->num_of_sets = 0x01;
1870 memset(adv_set, 0, sizeof(*adv_set));
1872 adv_set->handle = instance;
1874 /* Set duration per instance since controller is responsible for
1877 if (adv_instance && adv_instance->duration) {
1878 u16 duration = adv_instance->timeout * MSEC_PER_SEC;
1880 /* Time = N * 10 ms */
1881 adv_set->duration = cpu_to_le16(duration / 10);
1884 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_ENABLE,
1885 sizeof(*cp) + sizeof(*adv_set) * cp->num_of_sets,
1891 int __hci_req_start_ext_adv(struct hci_request *req, u8 instance)
1893 struct hci_dev *hdev = req->hdev;
1896 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1897 __hci_req_disable_advertising(req);
1899 err = __hci_req_setup_ext_adv_instance(req, instance);
1903 __hci_req_update_scan_rsp_data(req, instance);
1904 __hci_req_enable_ext_advertising(req, instance);
1909 int __hci_req_schedule_adv_instance(struct hci_request *req, u8 instance,
1912 struct hci_dev *hdev = req->hdev;
1913 struct adv_info *adv_instance = NULL;
1916 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1917 list_empty(&hdev->adv_instances))
1920 if (hdev->adv_instance_timeout)
1923 adv_instance = hci_find_adv_instance(hdev, instance);
1927 /* A zero timeout means unlimited advertising. As long as there is
1928 * only one instance, duration should be ignored. We still set a timeout
1929 * in case further instances are being added later on.
1931 * If the remaining lifetime of the instance is more than the duration
1932 * then the timeout corresponds to the duration, otherwise it will be
1933 * reduced to the remaining instance lifetime.
1935 if (adv_instance->timeout == 0 ||
1936 adv_instance->duration <= adv_instance->remaining_time)
1937 timeout = adv_instance->duration;
1939 timeout = adv_instance->remaining_time;
1941 /* The remaining time is being reduced unless the instance is being
1942 * advertised without time limit.
1944 if (adv_instance->timeout)
1945 adv_instance->remaining_time =
1946 adv_instance->remaining_time - timeout;
1948 /* Only use work for scheduling instances with legacy advertising */
1949 if (!ext_adv_capable(hdev)) {
1950 hdev->adv_instance_timeout = timeout;
1951 queue_delayed_work(hdev->req_workqueue,
1952 &hdev->adv_instance_expire,
1953 msecs_to_jiffies(timeout * 1000));
1956 /* If we're just re-scheduling the same instance again then do not
1957 * execute any HCI commands. This happens when a single instance is
1960 if (!force && hdev->cur_adv_instance == instance &&
1961 hci_dev_test_flag(hdev, HCI_LE_ADV))
1964 hdev->cur_adv_instance = instance;
1965 if (ext_adv_capable(hdev)) {
1966 __hci_req_start_ext_adv(req, instance);
1968 __hci_req_update_adv_data(req, instance);
1969 __hci_req_update_scan_rsp_data(req, instance);
1970 __hci_req_enable_advertising(req);
1976 static void cancel_adv_timeout(struct hci_dev *hdev)
1978 if (hdev->adv_instance_timeout) {
1979 hdev->adv_instance_timeout = 0;
1980 cancel_delayed_work(&hdev->adv_instance_expire);
1984 /* For a single instance:
1985 * - force == true: The instance will be removed even when its remaining
1986 * lifetime is not zero.
1987 * - force == false: the instance will be deactivated but kept stored unless
1988 * the remaining lifetime is zero.
1990 * For instance == 0x00:
1991 * - force == true: All instances will be removed regardless of their timeout
1993 * - force == false: Only instances that have a timeout will be removed.
1995 void hci_req_clear_adv_instance(struct hci_dev *hdev, struct sock *sk,
1996 struct hci_request *req, u8 instance,
1999 struct adv_info *adv_instance, *n, *next_instance = NULL;
2003 /* Cancel any timeout concerning the removed instance(s). */
2004 if (!instance || hdev->cur_adv_instance == instance)
2005 cancel_adv_timeout(hdev);
2007 /* Get the next instance to advertise BEFORE we remove
2008 * the current one. This can be the same instance again
2009 * if there is only one instance.
2011 if (instance && hdev->cur_adv_instance == instance)
2012 next_instance = hci_get_next_instance(hdev, instance);
2014 if (instance == 0x00) {
2015 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances,
2017 if (!(force || adv_instance->timeout))
2020 rem_inst = adv_instance->instance;
2021 err = hci_remove_adv_instance(hdev, rem_inst);
2023 mgmt_advertising_removed(sk, hdev, rem_inst);
2026 adv_instance = hci_find_adv_instance(hdev, instance);
2028 if (force || (adv_instance && adv_instance->timeout &&
2029 !adv_instance->remaining_time)) {
2030 /* Don't advertise a removed instance. */
2031 if (next_instance &&
2032 next_instance->instance == instance)
2033 next_instance = NULL;
2035 err = hci_remove_adv_instance(hdev, instance);
2037 mgmt_advertising_removed(sk, hdev, instance);
2041 if (!req || !hdev_is_powered(hdev) ||
2042 hci_dev_test_flag(hdev, HCI_ADVERTISING))
2046 __hci_req_schedule_adv_instance(req, next_instance->instance,
2050 static void set_random_addr(struct hci_request *req, bdaddr_t *rpa)
2052 struct hci_dev *hdev = req->hdev;
2054 /* If we're advertising or initiating an LE connection we can't
2055 * go ahead and change the random address at this time. This is
2056 * because the eventual initiator address used for the
2057 * subsequently created connection will be undefined (some
2058 * controllers use the new address and others the one we had
2059 * when the operation started).
2061 * In this kind of scenario skip the update and let the random
2062 * address be updated at the next cycle.
2064 if (hci_dev_test_flag(hdev, HCI_LE_ADV) ||
2065 hci_lookup_le_connect(hdev)) {
2066 BT_DBG("Deferring random address update");
2067 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
2071 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa);
2074 int hci_update_random_address(struct hci_request *req, bool require_privacy,
2075 bool use_rpa, u8 *own_addr_type)
2077 struct hci_dev *hdev = req->hdev;
2080 /* If privacy is enabled use a resolvable private address. If
2081 * current RPA has expired or there is something else than
2082 * the current RPA in use, then generate a new one.
2087 *own_addr_type = ADDR_LE_DEV_RANDOM;
2089 if (!hci_dev_test_and_clear_flag(hdev, HCI_RPA_EXPIRED) &&
2090 !bacmp(&hdev->random_addr, &hdev->rpa))
2093 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
2095 bt_dev_err(hdev, "failed to generate new RPA");
2099 set_random_addr(req, &hdev->rpa);
2101 to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
2102 queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to);
2107 /* In case of required privacy without resolvable private address,
2108 * use an non-resolvable private address. This is useful for active
2109 * scanning and non-connectable advertising.
2111 if (require_privacy) {
2115 /* The non-resolvable private address is generated
2116 * from random six bytes with the two most significant
2119 get_random_bytes(&nrpa, 6);
2122 /* The non-resolvable private address shall not be
2123 * equal to the public address.
2125 if (bacmp(&hdev->bdaddr, &nrpa))
2129 *own_addr_type = ADDR_LE_DEV_RANDOM;
2130 set_random_addr(req, &nrpa);
2134 /* If forcing static address is in use or there is no public
2135 * address use the static address as random address (but skip
2136 * the HCI command if the current random address is already the
2139 * In case BR/EDR has been disabled on a dual-mode controller
2140 * and a static address has been configured, then use that
2141 * address instead of the public BR/EDR address.
2143 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
2144 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
2145 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
2146 bacmp(&hdev->static_addr, BDADDR_ANY))) {
2147 *own_addr_type = ADDR_LE_DEV_RANDOM;
2148 if (bacmp(&hdev->static_addr, &hdev->random_addr))
2149 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
2150 &hdev->static_addr);
2154 /* Neither privacy nor static address is being used so use a
2157 *own_addr_type = ADDR_LE_DEV_PUBLIC;
2162 static bool disconnected_whitelist_entries(struct hci_dev *hdev)
2164 struct bdaddr_list *b;
2166 list_for_each_entry(b, &hdev->whitelist, list) {
2167 struct hci_conn *conn;
2169 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr);
2173 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2180 void __hci_req_update_scan(struct hci_request *req)
2182 struct hci_dev *hdev = req->hdev;
2185 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2188 if (!hdev_is_powered(hdev))
2191 if (mgmt_powering_down(hdev))
2194 if (hdev->scanning_paused)
2197 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE) ||
2198 disconnected_whitelist_entries(hdev))
2201 scan = SCAN_DISABLED;
2203 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
2204 scan |= SCAN_INQUIRY;
2206 if (test_bit(HCI_PSCAN, &hdev->flags) == !!(scan & SCAN_PAGE) &&
2207 test_bit(HCI_ISCAN, &hdev->flags) == !!(scan & SCAN_INQUIRY))
2210 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2213 static int update_scan(struct hci_request *req, unsigned long opt)
2215 hci_dev_lock(req->hdev);
2216 __hci_req_update_scan(req);
2217 hci_dev_unlock(req->hdev);
2221 static void scan_update_work(struct work_struct *work)
2223 struct hci_dev *hdev = container_of(work, struct hci_dev, scan_update);
2225 hci_req_sync(hdev, update_scan, 0, HCI_CMD_TIMEOUT, NULL);
2228 static int connectable_update(struct hci_request *req, unsigned long opt)
2230 struct hci_dev *hdev = req->hdev;
2234 __hci_req_update_scan(req);
2236 /* If BR/EDR is not enabled and we disable advertising as a
2237 * by-product of disabling connectable, we need to update the
2238 * advertising flags.
2240 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2241 __hci_req_update_adv_data(req, hdev->cur_adv_instance);
2243 /* Update the advertising parameters if necessary */
2244 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2245 !list_empty(&hdev->adv_instances)) {
2246 if (ext_adv_capable(hdev))
2247 __hci_req_start_ext_adv(req, hdev->cur_adv_instance);
2249 __hci_req_enable_advertising(req);
2252 __hci_update_background_scan(req);
2254 hci_dev_unlock(hdev);
2259 static void connectable_update_work(struct work_struct *work)
2261 struct hci_dev *hdev = container_of(work, struct hci_dev,
2262 connectable_update);
2265 hci_req_sync(hdev, connectable_update, 0, HCI_CMD_TIMEOUT, &status);
2266 mgmt_set_connectable_complete(hdev, status);
2269 static u8 get_service_classes(struct hci_dev *hdev)
2271 struct bt_uuid *uuid;
2274 list_for_each_entry(uuid, &hdev->uuids, list)
2275 val |= uuid->svc_hint;
2280 void __hci_req_update_class(struct hci_request *req)
2282 struct hci_dev *hdev = req->hdev;
2285 BT_DBG("%s", hdev->name);
2287 if (!hdev_is_powered(hdev))
2290 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2293 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
2296 cod[0] = hdev->minor_class;
2297 cod[1] = hdev->major_class;
2298 cod[2] = get_service_classes(hdev);
2300 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
2303 if (memcmp(cod, hdev->dev_class, 3) == 0)
2306 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
2309 static void write_iac(struct hci_request *req)
2311 struct hci_dev *hdev = req->hdev;
2312 struct hci_cp_write_current_iac_lap cp;
2314 if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
2317 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) {
2318 /* Limited discoverable mode */
2319 cp.num_iac = min_t(u8, hdev->num_iac, 2);
2320 cp.iac_lap[0] = 0x00; /* LIAC */
2321 cp.iac_lap[1] = 0x8b;
2322 cp.iac_lap[2] = 0x9e;
2323 cp.iac_lap[3] = 0x33; /* GIAC */
2324 cp.iac_lap[4] = 0x8b;
2325 cp.iac_lap[5] = 0x9e;
2327 /* General discoverable mode */
2329 cp.iac_lap[0] = 0x33; /* GIAC */
2330 cp.iac_lap[1] = 0x8b;
2331 cp.iac_lap[2] = 0x9e;
2334 hci_req_add(req, HCI_OP_WRITE_CURRENT_IAC_LAP,
2335 (cp.num_iac * 3) + 1, &cp);
2338 static int discoverable_update(struct hci_request *req, unsigned long opt)
2340 struct hci_dev *hdev = req->hdev;
2344 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2346 __hci_req_update_scan(req);
2347 __hci_req_update_class(req);
2350 /* Advertising instances don't use the global discoverable setting, so
2351 * only update AD if advertising was enabled using Set Advertising.
2353 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2354 __hci_req_update_adv_data(req, 0x00);
2356 /* Discoverable mode affects the local advertising
2357 * address in limited privacy mode.
2359 if (hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) {
2360 if (ext_adv_capable(hdev))
2361 __hci_req_start_ext_adv(req, 0x00);
2363 __hci_req_enable_advertising(req);
2367 hci_dev_unlock(hdev);
2372 static void discoverable_update_work(struct work_struct *work)
2374 struct hci_dev *hdev = container_of(work, struct hci_dev,
2375 discoverable_update);
2378 hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, &status);
2379 mgmt_set_discoverable_complete(hdev, status);
2382 void __hci_abort_conn(struct hci_request *req, struct hci_conn *conn,
2385 switch (conn->state) {
2388 if (conn->type == AMP_LINK) {
2389 struct hci_cp_disconn_phy_link cp;
2391 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
2393 hci_req_add(req, HCI_OP_DISCONN_PHY_LINK, sizeof(cp),
2396 struct hci_cp_disconnect dc;
2398 dc.handle = cpu_to_le16(conn->handle);
2400 hci_req_add(req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2403 conn->state = BT_DISCONN;
2407 if (conn->type == LE_LINK) {
2408 if (test_bit(HCI_CONN_SCANNING, &conn->flags))
2410 hci_req_add(req, HCI_OP_LE_CREATE_CONN_CANCEL,
2412 } else if (conn->type == ACL_LINK) {
2413 if (req->hdev->hci_ver < BLUETOOTH_VER_1_2)
2415 hci_req_add(req, HCI_OP_CREATE_CONN_CANCEL,
2420 if (conn->type == ACL_LINK) {
2421 struct hci_cp_reject_conn_req rej;
2423 bacpy(&rej.bdaddr, &conn->dst);
2424 rej.reason = reason;
2426 hci_req_add(req, HCI_OP_REJECT_CONN_REQ,
2428 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
2429 struct hci_cp_reject_sync_conn_req rej;
2431 bacpy(&rej.bdaddr, &conn->dst);
2433 /* SCO rejection has its own limited set of
2434 * allowed error values (0x0D-0x0F) which isn't
2435 * compatible with most values passed to this
2436 * function. To be safe hard-code one of the
2437 * values that's suitable for SCO.
2439 rej.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
2441 hci_req_add(req, HCI_OP_REJECT_SYNC_CONN_REQ,
2446 conn->state = BT_CLOSED;
2451 static void abort_conn_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2454 BT_DBG("Failed to abort connection: status 0x%2.2x", status);
2457 int hci_abort_conn(struct hci_conn *conn, u8 reason)
2459 struct hci_request req;
2462 hci_req_init(&req, conn->hdev);
2464 __hci_abort_conn(&req, conn, reason);
2466 err = hci_req_run(&req, abort_conn_complete);
2467 if (err && err != -ENODATA) {
2468 bt_dev_err(conn->hdev, "failed to run HCI request: err %d", err);
2475 static int update_bg_scan(struct hci_request *req, unsigned long opt)
2477 hci_dev_lock(req->hdev);
2478 __hci_update_background_scan(req);
2479 hci_dev_unlock(req->hdev);
2483 static void bg_scan_update(struct work_struct *work)
2485 struct hci_dev *hdev = container_of(work, struct hci_dev,
2487 struct hci_conn *conn;
2491 err = hci_req_sync(hdev, update_bg_scan, 0, HCI_CMD_TIMEOUT, &status);
2497 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
2499 hci_le_conn_failed(conn, status);
2501 hci_dev_unlock(hdev);
2504 static int le_scan_disable(struct hci_request *req, unsigned long opt)
2506 hci_req_add_le_scan_disable(req);
2510 static int bredr_inquiry(struct hci_request *req, unsigned long opt)
2513 const u8 giac[3] = { 0x33, 0x8b, 0x9e };
2514 const u8 liac[3] = { 0x00, 0x8b, 0x9e };
2515 struct hci_cp_inquiry cp;
2517 BT_DBG("%s", req->hdev->name);
2519 hci_dev_lock(req->hdev);
2520 hci_inquiry_cache_flush(req->hdev);
2521 hci_dev_unlock(req->hdev);
2523 memset(&cp, 0, sizeof(cp));
2525 if (req->hdev->discovery.limited)
2526 memcpy(&cp.lap, liac, sizeof(cp.lap));
2528 memcpy(&cp.lap, giac, sizeof(cp.lap));
2532 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
2537 static void le_scan_disable_work(struct work_struct *work)
2539 struct hci_dev *hdev = container_of(work, struct hci_dev,
2540 le_scan_disable.work);
2543 BT_DBG("%s", hdev->name);
2545 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
2548 cancel_delayed_work(&hdev->le_scan_restart);
2550 hci_req_sync(hdev, le_scan_disable, 0, HCI_CMD_TIMEOUT, &status);
2552 bt_dev_err(hdev, "failed to disable LE scan: status 0x%02x",
2557 hdev->discovery.scan_start = 0;
2559 /* If we were running LE only scan, change discovery state. If
2560 * we were running both LE and BR/EDR inquiry simultaneously,
2561 * and BR/EDR inquiry is already finished, stop discovery,
2562 * otherwise BR/EDR inquiry will stop discovery when finished.
2563 * If we will resolve remote device name, do not change
2567 if (hdev->discovery.type == DISCOV_TYPE_LE)
2568 goto discov_stopped;
2570 if (hdev->discovery.type != DISCOV_TYPE_INTERLEAVED)
2573 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks)) {
2574 if (!test_bit(HCI_INQUIRY, &hdev->flags) &&
2575 hdev->discovery.state != DISCOVERY_RESOLVING)
2576 goto discov_stopped;
2581 hci_req_sync(hdev, bredr_inquiry, DISCOV_INTERLEAVED_INQUIRY_LEN,
2582 HCI_CMD_TIMEOUT, &status);
2584 bt_dev_err(hdev, "inquiry failed: status 0x%02x", status);
2585 goto discov_stopped;
2592 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2593 hci_dev_unlock(hdev);
2596 static int le_scan_restart(struct hci_request *req, unsigned long opt)
2598 struct hci_dev *hdev = req->hdev;
2600 /* If controller is not scanning we are done. */
2601 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
2604 hci_req_add_le_scan_disable(req);
2606 if (use_ext_scan(hdev)) {
2607 struct hci_cp_le_set_ext_scan_enable ext_enable_cp;
2609 memset(&ext_enable_cp, 0, sizeof(ext_enable_cp));
2610 ext_enable_cp.enable = LE_SCAN_ENABLE;
2611 ext_enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2613 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE,
2614 sizeof(ext_enable_cp), &ext_enable_cp);
2616 struct hci_cp_le_set_scan_enable cp;
2618 memset(&cp, 0, sizeof(cp));
2619 cp.enable = LE_SCAN_ENABLE;
2620 cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2621 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
2627 static void le_scan_restart_work(struct work_struct *work)
2629 struct hci_dev *hdev = container_of(work, struct hci_dev,
2630 le_scan_restart.work);
2631 unsigned long timeout, duration, scan_start, now;
2634 BT_DBG("%s", hdev->name);
2636 hci_req_sync(hdev, le_scan_restart, 0, HCI_CMD_TIMEOUT, &status);
2638 bt_dev_err(hdev, "failed to restart LE scan: status %d",
2645 if (!test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) ||
2646 !hdev->discovery.scan_start)
2649 /* When the scan was started, hdev->le_scan_disable has been queued
2650 * after duration from scan_start. During scan restart this job
2651 * has been canceled, and we need to queue it again after proper
2652 * timeout, to make sure that scan does not run indefinitely.
2654 duration = hdev->discovery.scan_duration;
2655 scan_start = hdev->discovery.scan_start;
2657 if (now - scan_start <= duration) {
2660 if (now >= scan_start)
2661 elapsed = now - scan_start;
2663 elapsed = ULONG_MAX - scan_start + now;
2665 timeout = duration - elapsed;
2670 queue_delayed_work(hdev->req_workqueue,
2671 &hdev->le_scan_disable, timeout);
2674 hci_dev_unlock(hdev);
2677 static int active_scan(struct hci_request *req, unsigned long opt)
2679 uint16_t interval = opt;
2680 struct hci_dev *hdev = req->hdev;
2684 BT_DBG("%s", hdev->name);
2686 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
2689 /* Don't let discovery abort an outgoing connection attempt
2690 * that's using directed advertising.
2692 if (hci_lookup_le_connect(hdev)) {
2693 hci_dev_unlock(hdev);
2697 cancel_adv_timeout(hdev);
2698 hci_dev_unlock(hdev);
2700 __hci_req_disable_advertising(req);
2703 /* If controller is scanning, it means the background scanning is
2704 * running. Thus, we should temporarily stop it in order to set the
2705 * discovery scanning parameters.
2707 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
2708 hci_req_add_le_scan_disable(req);
2710 /* All active scans will be done with either a resolvable private
2711 * address (when privacy feature has been enabled) or non-resolvable
2714 err = hci_update_random_address(req, true, scan_use_rpa(hdev),
2717 own_addr_type = ADDR_LE_DEV_PUBLIC;
2719 hci_req_start_scan(req, LE_SCAN_ACTIVE, interval, DISCOV_LE_SCAN_WIN,
2724 static int interleaved_discov(struct hci_request *req, unsigned long opt)
2728 BT_DBG("%s", req->hdev->name);
2730 err = active_scan(req, opt);
2734 return bredr_inquiry(req, DISCOV_BREDR_INQUIRY_LEN);
2737 static void start_discovery(struct hci_dev *hdev, u8 *status)
2739 unsigned long timeout;
2741 BT_DBG("%s type %u", hdev->name, hdev->discovery.type);
2743 switch (hdev->discovery.type) {
2744 case DISCOV_TYPE_BREDR:
2745 if (!hci_dev_test_flag(hdev, HCI_INQUIRY))
2746 hci_req_sync(hdev, bredr_inquiry,
2747 DISCOV_BREDR_INQUIRY_LEN, HCI_CMD_TIMEOUT,
2750 case DISCOV_TYPE_INTERLEAVED:
2751 /* When running simultaneous discovery, the LE scanning time
2752 * should occupy the whole discovery time sine BR/EDR inquiry
2753 * and LE scanning are scheduled by the controller.
2755 * For interleaving discovery in comparison, BR/EDR inquiry
2756 * and LE scanning are done sequentially with separate
2759 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
2761 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
2762 /* During simultaneous discovery, we double LE scan
2763 * interval. We must leave some time for the controller
2764 * to do BR/EDR inquiry.
2766 hci_req_sync(hdev, interleaved_discov,
2767 DISCOV_LE_SCAN_INT * 2, HCI_CMD_TIMEOUT,
2772 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
2773 hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT,
2774 HCI_CMD_TIMEOUT, status);
2776 case DISCOV_TYPE_LE:
2777 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
2778 hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT,
2779 HCI_CMD_TIMEOUT, status);
2782 *status = HCI_ERROR_UNSPECIFIED;
2789 BT_DBG("%s timeout %u ms", hdev->name, jiffies_to_msecs(timeout));
2791 /* When service discovery is used and the controller has a
2792 * strict duplicate filter, it is important to remember the
2793 * start and duration of the scan. This is required for
2794 * restarting scanning during the discovery phase.
2796 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) &&
2797 hdev->discovery.result_filtering) {
2798 hdev->discovery.scan_start = jiffies;
2799 hdev->discovery.scan_duration = timeout;
2802 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_disable,
2806 bool hci_req_stop_discovery(struct hci_request *req)
2808 struct hci_dev *hdev = req->hdev;
2809 struct discovery_state *d = &hdev->discovery;
2810 struct hci_cp_remote_name_req_cancel cp;
2811 struct inquiry_entry *e;
2814 BT_DBG("%s state %u", hdev->name, hdev->discovery.state);
2816 if (d->state == DISCOVERY_FINDING || d->state == DISCOVERY_STOPPING) {
2817 if (test_bit(HCI_INQUIRY, &hdev->flags))
2818 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2820 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
2821 cancel_delayed_work(&hdev->le_scan_disable);
2822 hci_req_add_le_scan_disable(req);
2827 /* Passive scanning */
2828 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
2829 hci_req_add_le_scan_disable(req);
2834 /* No further actions needed for LE-only discovery */
2835 if (d->type == DISCOV_TYPE_LE)
2838 if (d->state == DISCOVERY_RESOLVING || d->state == DISCOVERY_STOPPING) {
2839 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2844 bacpy(&cp.bdaddr, &e->data.bdaddr);
2845 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2853 static int stop_discovery(struct hci_request *req, unsigned long opt)
2855 hci_dev_lock(req->hdev);
2856 hci_req_stop_discovery(req);
2857 hci_dev_unlock(req->hdev);
2862 static void discov_update(struct work_struct *work)
2864 struct hci_dev *hdev = container_of(work, struct hci_dev,
2868 switch (hdev->discovery.state) {
2869 case DISCOVERY_STARTING:
2870 start_discovery(hdev, &status);
2871 mgmt_start_discovery_complete(hdev, status);
2873 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2875 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2877 case DISCOVERY_STOPPING:
2878 hci_req_sync(hdev, stop_discovery, 0, HCI_CMD_TIMEOUT, &status);
2879 mgmt_stop_discovery_complete(hdev, status);
2881 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2883 case DISCOVERY_STOPPED:
2889 static void discov_off(struct work_struct *work)
2891 struct hci_dev *hdev = container_of(work, struct hci_dev,
2894 BT_DBG("%s", hdev->name);
2898 /* When discoverable timeout triggers, then just make sure
2899 * the limited discoverable flag is cleared. Even in the case
2900 * of a timeout triggered from general discoverable, it is
2901 * safe to unconditionally clear the flag.
2903 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2904 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2905 hdev->discov_timeout = 0;
2907 hci_dev_unlock(hdev);
2909 hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, NULL);
2910 mgmt_new_settings(hdev);
2913 static int powered_update_hci(struct hci_request *req, unsigned long opt)
2915 struct hci_dev *hdev = req->hdev;
2920 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
2921 !lmp_host_ssp_capable(hdev)) {
2924 hci_req_add(req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
2926 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
2929 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
2930 sizeof(support), &support);
2934 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2935 lmp_bredr_capable(hdev)) {
2936 struct hci_cp_write_le_host_supported cp;
2941 /* Check first if we already have the right
2942 * host state (host features set)
2944 if (cp.le != lmp_host_le_capable(hdev) ||
2945 cp.simul != lmp_host_le_br_capable(hdev))
2946 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
2950 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2951 /* Make sure the controller has a good default for
2952 * advertising data. This also applies to the case
2953 * where BR/EDR was toggled during the AUTO_OFF phase.
2955 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2956 list_empty(&hdev->adv_instances)) {
2959 if (ext_adv_capable(hdev)) {
2960 err = __hci_req_setup_ext_adv_instance(req,
2963 __hci_req_update_scan_rsp_data(req,
2967 __hci_req_update_adv_data(req, 0x00);
2968 __hci_req_update_scan_rsp_data(req, 0x00);
2971 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2972 if (!ext_adv_capable(hdev))
2973 __hci_req_enable_advertising(req);
2975 __hci_req_enable_ext_advertising(req,
2978 } else if (!list_empty(&hdev->adv_instances)) {
2979 struct adv_info *adv_instance;
2981 adv_instance = list_first_entry(&hdev->adv_instances,
2982 struct adv_info, list);
2983 __hci_req_schedule_adv_instance(req,
2984 adv_instance->instance,
2989 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
2990 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
2991 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE,
2992 sizeof(link_sec), &link_sec);
2994 if (lmp_bredr_capable(hdev)) {
2995 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
2996 __hci_req_write_fast_connectable(req, true);
2998 __hci_req_write_fast_connectable(req, false);
2999 __hci_req_update_scan(req);
3000 __hci_req_update_class(req);
3001 __hci_req_update_name(req);
3002 __hci_req_update_eir(req);
3005 hci_dev_unlock(hdev);
3009 int __hci_req_hci_power_on(struct hci_dev *hdev)
3011 /* Register the available SMP channels (BR/EDR and LE) only when
3012 * successfully powering on the controller. This late
3013 * registration is required so that LE SMP can clearly decide if
3014 * the public address or static address is used.
3018 return __hci_req_sync(hdev, powered_update_hci, 0, HCI_CMD_TIMEOUT,
3022 void hci_request_setup(struct hci_dev *hdev)
3024 INIT_WORK(&hdev->discov_update, discov_update);
3025 INIT_WORK(&hdev->bg_scan_update, bg_scan_update);
3026 INIT_WORK(&hdev->scan_update, scan_update_work);
3027 INIT_WORK(&hdev->connectable_update, connectable_update_work);
3028 INIT_WORK(&hdev->discoverable_update, discoverable_update_work);
3029 INIT_DELAYED_WORK(&hdev->discov_off, discov_off);
3030 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
3031 INIT_DELAYED_WORK(&hdev->le_scan_restart, le_scan_restart_work);
3032 INIT_DELAYED_WORK(&hdev->adv_instance_expire, adv_timeout_expire);
3035 void hci_request_cancel_all(struct hci_dev *hdev)
3037 hci_req_sync_cancel(hdev, ENODEV);
3039 cancel_work_sync(&hdev->discov_update);
3040 cancel_work_sync(&hdev->bg_scan_update);
3041 cancel_work_sync(&hdev->scan_update);
3042 cancel_work_sync(&hdev->connectable_update);
3043 cancel_work_sync(&hdev->discoverable_update);
3044 cancel_delayed_work_sync(&hdev->discov_off);
3045 cancel_delayed_work_sync(&hdev->le_scan_disable);
3046 cancel_delayed_work_sync(&hdev->le_scan_restart);
3048 if (hdev->adv_instance_timeout) {
3049 cancel_delayed_work_sync(&hdev->adv_instance_expire);
3050 hdev->adv_instance_timeout = 0;
projects / linux-2.6-block.git / blob