2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2014 Intel Corporation
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
24 #include <asm/unaligned.h>
26 #include <net/bluetooth/bluetooth.h>
27 #include <net/bluetooth/hci_core.h>
28 #include <net/bluetooth/mgmt.h>
31 #include "hci_request.h"
33 #define HCI_REQ_DONE 0
34 #define HCI_REQ_PEND 1
35 #define HCI_REQ_CANCELED 2
37 void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
39 skb_queue_head_init(&req->cmd_q);
44 static int req_run(struct hci_request *req, hci_req_complete_t complete,
45 hci_req_complete_skb_t complete_skb)
47 struct hci_dev *hdev = req->hdev;
51 BT_DBG("length %u", skb_queue_len(&req->cmd_q));
53 /* If an error occurred during request building, remove all HCI
54 * commands queued on the HCI request queue.
57 skb_queue_purge(&req->cmd_q);
61 /* Do not allow empty requests */
62 if (skb_queue_empty(&req->cmd_q))
65 skb = skb_peek_tail(&req->cmd_q);
67 bt_cb(skb)->hci.req_complete = complete;
68 } else if (complete_skb) {
69 bt_cb(skb)->hci.req_complete_skb = complete_skb;
70 bt_cb(skb)->hci.req_flags |= HCI_REQ_SKB;
73 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
74 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
75 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
77 queue_work(hdev->workqueue, &hdev->cmd_work);
82 int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
84 return req_run(req, complete, NULL);
87 int hci_req_run_skb(struct hci_request *req, hci_req_complete_skb_t complete)
89 return req_run(req, NULL, complete);
92 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode,
95 BT_DBG("%s result 0x%2.2x", hdev->name, result);
97 if (hdev->req_status == HCI_REQ_PEND) {
98 hdev->req_result = result;
99 hdev->req_status = HCI_REQ_DONE;
101 hdev->req_skb = skb_get(skb);
102 wake_up_interruptible(&hdev->req_wait_q);
106 void hci_req_sync_cancel(struct hci_dev *hdev, int err)
108 BT_DBG("%s err 0x%2.2x", hdev->name, err);
110 if (hdev->req_status == HCI_REQ_PEND) {
111 hdev->req_result = err;
112 hdev->req_status = HCI_REQ_CANCELED;
113 wake_up_interruptible(&hdev->req_wait_q);
117 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
118 const void *param, u8 event, u32 timeout)
120 DECLARE_WAITQUEUE(wait, current);
121 struct hci_request req;
125 BT_DBG("%s", hdev->name);
127 hci_req_init(&req, hdev);
129 hci_req_add_ev(&req, opcode, plen, param, event);
131 hdev->req_status = HCI_REQ_PEND;
133 add_wait_queue(&hdev->req_wait_q, &wait);
134 set_current_state(TASK_INTERRUPTIBLE);
136 err = hci_req_run_skb(&req, hci_req_sync_complete);
138 remove_wait_queue(&hdev->req_wait_q, &wait);
139 set_current_state(TASK_RUNNING);
143 schedule_timeout(timeout);
145 remove_wait_queue(&hdev->req_wait_q, &wait);
147 if (signal_pending(current))
148 return ERR_PTR(-EINTR);
150 switch (hdev->req_status) {
152 err = -bt_to_errno(hdev->req_result);
155 case HCI_REQ_CANCELED:
156 err = -hdev->req_result;
164 hdev->req_status = hdev->req_result = 0;
166 hdev->req_skb = NULL;
168 BT_DBG("%s end: err %d", hdev->name, err);
176 return ERR_PTR(-ENODATA);
180 EXPORT_SYMBOL(__hci_cmd_sync_ev);
182 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
183 const void *param, u32 timeout)
185 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
187 EXPORT_SYMBOL(__hci_cmd_sync);
189 /* Execute request and wait for completion. */
190 int __hci_req_sync(struct hci_dev *hdev, int (*func)(struct hci_request *req,
192 unsigned long opt, u32 timeout, u8 *hci_status)
194 struct hci_request req;
195 DECLARE_WAITQUEUE(wait, current);
198 BT_DBG("%s start", hdev->name);
200 hci_req_init(&req, hdev);
202 hdev->req_status = HCI_REQ_PEND;
204 err = func(&req, opt);
207 *hci_status = HCI_ERROR_UNSPECIFIED;
211 add_wait_queue(&hdev->req_wait_q, &wait);
212 set_current_state(TASK_INTERRUPTIBLE);
214 err = hci_req_run_skb(&req, hci_req_sync_complete);
216 hdev->req_status = 0;
218 remove_wait_queue(&hdev->req_wait_q, &wait);
219 set_current_state(TASK_RUNNING);
221 /* ENODATA means the HCI request command queue is empty.
222 * This can happen when a request with conditionals doesn't
223 * trigger any commands to be sent. This is normal behavior
224 * and should not trigger an error return.
226 if (err == -ENODATA) {
233 *hci_status = HCI_ERROR_UNSPECIFIED;
238 schedule_timeout(timeout);
240 remove_wait_queue(&hdev->req_wait_q, &wait);
242 if (signal_pending(current))
245 switch (hdev->req_status) {
247 err = -bt_to_errno(hdev->req_result);
249 *hci_status = hdev->req_result;
252 case HCI_REQ_CANCELED:
253 err = -hdev->req_result;
255 *hci_status = HCI_ERROR_UNSPECIFIED;
261 *hci_status = HCI_ERROR_UNSPECIFIED;
265 hdev->req_status = hdev->req_result = 0;
267 BT_DBG("%s end: err %d", hdev->name, err);
272 int hci_req_sync(struct hci_dev *hdev, int (*req)(struct hci_request *req,
274 unsigned long opt, u32 timeout, u8 *hci_status)
278 if (!test_bit(HCI_UP, &hdev->flags))
281 /* Serialize all requests */
282 hci_req_sync_lock(hdev);
283 ret = __hci_req_sync(hdev, req, opt, timeout, hci_status);
284 hci_req_sync_unlock(hdev);
289 struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode, u32 plen,
292 int len = HCI_COMMAND_HDR_SIZE + plen;
293 struct hci_command_hdr *hdr;
296 skb = bt_skb_alloc(len, GFP_ATOMIC);
300 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
301 hdr->opcode = cpu_to_le16(opcode);
305 memcpy(skb_put(skb, plen), param, plen);
307 BT_DBG("skb len %d", skb->len);
309 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
310 hci_skb_opcode(skb) = opcode;
315 /* Queue a command to an asynchronous HCI request */
316 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
317 const void *param, u8 event)
319 struct hci_dev *hdev = req->hdev;
322 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
324 /* If an error occurred during request building, there is no point in
325 * queueing the HCI command. We can simply return.
330 skb = hci_prepare_cmd(hdev, opcode, plen, param);
332 BT_ERR("%s no memory for command (opcode 0x%4.4x)",
338 if (skb_queue_empty(&req->cmd_q))
339 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
341 bt_cb(skb)->hci.req_event = event;
343 skb_queue_tail(&req->cmd_q, skb);
346 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
349 hci_req_add_ev(req, opcode, plen, param, 0);
352 void __hci_req_write_fast_connectable(struct hci_request *req, bool enable)
354 struct hci_dev *hdev = req->hdev;
355 struct hci_cp_write_page_scan_activity acp;
358 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
361 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
365 type = PAGE_SCAN_TYPE_INTERLACED;
367 /* 160 msec page scan interval */
368 acp.interval = cpu_to_le16(0x0100);
370 type = PAGE_SCAN_TYPE_STANDARD; /* default */
372 /* default 1.28 sec page scan */
373 acp.interval = cpu_to_le16(0x0800);
376 acp.window = cpu_to_le16(0x0012);
378 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
379 __cpu_to_le16(hdev->page_scan_window) != acp.window)
380 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
383 if (hdev->page_scan_type != type)
384 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
387 /* This function controls the background scanning based on hdev->pend_le_conns
388 * list. If there are pending LE connection we start the background scanning,
389 * otherwise we stop it.
391 * This function requires the caller holds hdev->lock.
393 static void __hci_update_background_scan(struct hci_request *req)
395 struct hci_dev *hdev = req->hdev;
397 if (!test_bit(HCI_UP, &hdev->flags) ||
398 test_bit(HCI_INIT, &hdev->flags) ||
399 hci_dev_test_flag(hdev, HCI_SETUP) ||
400 hci_dev_test_flag(hdev, HCI_CONFIG) ||
401 hci_dev_test_flag(hdev, HCI_AUTO_OFF) ||
402 hci_dev_test_flag(hdev, HCI_UNREGISTER))
405 /* No point in doing scanning if LE support hasn't been enabled */
406 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
409 /* If discovery is active don't interfere with it */
410 if (hdev->discovery.state != DISCOVERY_STOPPED)
413 /* Reset RSSI and UUID filters when starting background scanning
414 * since these filters are meant for service discovery only.
416 * The Start Discovery and Start Service Discovery operations
417 * ensure to set proper values for RSSI threshold and UUID
418 * filter list. So it is safe to just reset them here.
420 hci_discovery_filter_clear(hdev);
422 if (list_empty(&hdev->pend_le_conns) &&
423 list_empty(&hdev->pend_le_reports)) {
424 /* If there is no pending LE connections or devices
425 * to be scanned for, we should stop the background
429 /* If controller is not scanning we are done. */
430 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
433 hci_req_add_le_scan_disable(req);
435 BT_DBG("%s stopping background scanning", hdev->name);
437 /* If there is at least one pending LE connection, we should
438 * keep the background scan running.
441 /* If controller is connecting, we should not start scanning
442 * since some controllers are not able to scan and connect at
445 if (hci_lookup_le_connect(hdev))
448 /* If controller is currently scanning, we stop it to ensure we
449 * don't miss any advertising (due to duplicates filter).
451 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
452 hci_req_add_le_scan_disable(req);
454 hci_req_add_le_passive_scan(req);
456 BT_DBG("%s starting background scanning", hdev->name);
460 void __hci_req_update_name(struct hci_request *req)
462 struct hci_dev *hdev = req->hdev;
463 struct hci_cp_write_local_name cp;
465 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
467 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
470 #define PNP_INFO_SVCLASS_ID 0x1200
472 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
474 u8 *ptr = data, *uuids_start = NULL;
475 struct bt_uuid *uuid;
480 list_for_each_entry(uuid, &hdev->uuids, list) {
483 if (uuid->size != 16)
486 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
490 if (uuid16 == PNP_INFO_SVCLASS_ID)
496 uuids_start[1] = EIR_UUID16_ALL;
500 /* Stop if not enough space to put next UUID */
501 if ((ptr - data) + sizeof(u16) > len) {
502 uuids_start[1] = EIR_UUID16_SOME;
506 *ptr++ = (uuid16 & 0x00ff);
507 *ptr++ = (uuid16 & 0xff00) >> 8;
508 uuids_start[0] += sizeof(uuid16);
514 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
516 u8 *ptr = data, *uuids_start = NULL;
517 struct bt_uuid *uuid;
522 list_for_each_entry(uuid, &hdev->uuids, list) {
523 if (uuid->size != 32)
529 uuids_start[1] = EIR_UUID32_ALL;
533 /* Stop if not enough space to put next UUID */
534 if ((ptr - data) + sizeof(u32) > len) {
535 uuids_start[1] = EIR_UUID32_SOME;
539 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
541 uuids_start[0] += sizeof(u32);
547 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
549 u8 *ptr = data, *uuids_start = NULL;
550 struct bt_uuid *uuid;
555 list_for_each_entry(uuid, &hdev->uuids, list) {
556 if (uuid->size != 128)
562 uuids_start[1] = EIR_UUID128_ALL;
566 /* Stop if not enough space to put next UUID */
567 if ((ptr - data) + 16 > len) {
568 uuids_start[1] = EIR_UUID128_SOME;
572 memcpy(ptr, uuid->uuid, 16);
574 uuids_start[0] += 16;
580 static void create_eir(struct hci_dev *hdev, u8 *data)
585 name_len = strlen(hdev->dev_name);
591 ptr[1] = EIR_NAME_SHORT;
593 ptr[1] = EIR_NAME_COMPLETE;
595 /* EIR Data length */
596 ptr[0] = name_len + 1;
598 memcpy(ptr + 2, hdev->dev_name, name_len);
600 ptr += (name_len + 2);
603 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
605 ptr[1] = EIR_TX_POWER;
606 ptr[2] = (u8) hdev->inq_tx_power;
611 if (hdev->devid_source > 0) {
613 ptr[1] = EIR_DEVICE_ID;
615 put_unaligned_le16(hdev->devid_source, ptr + 2);
616 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
617 put_unaligned_le16(hdev->devid_product, ptr + 6);
618 put_unaligned_le16(hdev->devid_version, ptr + 8);
623 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
624 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
625 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
628 void __hci_req_update_eir(struct hci_request *req)
630 struct hci_dev *hdev = req->hdev;
631 struct hci_cp_write_eir cp;
633 if (!hdev_is_powered(hdev))
636 if (!lmp_ext_inq_capable(hdev))
639 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
642 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
645 memset(&cp, 0, sizeof(cp));
647 create_eir(hdev, cp.data);
649 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
652 memcpy(hdev->eir, cp.data, sizeof(cp.data));
654 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
657 void hci_req_add_le_scan_disable(struct hci_request *req)
659 struct hci_cp_le_set_scan_enable cp;
661 memset(&cp, 0, sizeof(cp));
662 cp.enable = LE_SCAN_DISABLE;
663 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
666 static void add_to_white_list(struct hci_request *req,
667 struct hci_conn_params *params)
669 struct hci_cp_le_add_to_white_list cp;
671 cp.bdaddr_type = params->addr_type;
672 bacpy(&cp.bdaddr, ¶ms->addr);
674 hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp);
677 static u8 update_white_list(struct hci_request *req)
679 struct hci_dev *hdev = req->hdev;
680 struct hci_conn_params *params;
681 struct bdaddr_list *b;
682 uint8_t white_list_entries = 0;
684 /* Go through the current white list programmed into the
685 * controller one by one and check if that address is still
686 * in the list of pending connections or list of devices to
687 * report. If not present in either list, then queue the
688 * command to remove it from the controller.
690 list_for_each_entry(b, &hdev->le_white_list, list) {
691 /* If the device is neither in pend_le_conns nor
692 * pend_le_reports then remove it from the whitelist.
694 if (!hci_pend_le_action_lookup(&hdev->pend_le_conns,
695 &b->bdaddr, b->bdaddr_type) &&
696 !hci_pend_le_action_lookup(&hdev->pend_le_reports,
697 &b->bdaddr, b->bdaddr_type)) {
698 struct hci_cp_le_del_from_white_list cp;
700 cp.bdaddr_type = b->bdaddr_type;
701 bacpy(&cp.bdaddr, &b->bdaddr);
703 hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST,
708 if (hci_find_irk_by_addr(hdev, &b->bdaddr, b->bdaddr_type)) {
709 /* White list can not be used with RPAs */
713 white_list_entries++;
716 /* Since all no longer valid white list entries have been
717 * removed, walk through the list of pending connections
718 * and ensure that any new device gets programmed into
721 * If the list of the devices is larger than the list of
722 * available white list entries in the controller, then
723 * just abort and return filer policy value to not use the
726 list_for_each_entry(params, &hdev->pend_le_conns, action) {
727 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
728 ¶ms->addr, params->addr_type))
731 if (white_list_entries >= hdev->le_white_list_size) {
732 /* Select filter policy to accept all advertising */
736 if (hci_find_irk_by_addr(hdev, ¶ms->addr,
737 params->addr_type)) {
738 /* White list can not be used with RPAs */
742 white_list_entries++;
743 add_to_white_list(req, params);
746 /* After adding all new pending connections, walk through
747 * the list of pending reports and also add these to the
748 * white list if there is still space.
750 list_for_each_entry(params, &hdev->pend_le_reports, action) {
751 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
752 ¶ms->addr, params->addr_type))
755 if (white_list_entries >= hdev->le_white_list_size) {
756 /* Select filter policy to accept all advertising */
760 if (hci_find_irk_by_addr(hdev, ¶ms->addr,
761 params->addr_type)) {
762 /* White list can not be used with RPAs */
766 white_list_entries++;
767 add_to_white_list(req, params);
770 /* Select filter policy to use white list */
774 void hci_req_add_le_passive_scan(struct hci_request *req)
776 struct hci_cp_le_set_scan_param param_cp;
777 struct hci_cp_le_set_scan_enable enable_cp;
778 struct hci_dev *hdev = req->hdev;
782 /* Set require_privacy to false since no SCAN_REQ are send
783 * during passive scanning. Not using an non-resolvable address
784 * here is important so that peer devices using direct
785 * advertising with our address will be correctly reported
788 if (hci_update_random_address(req, false, &own_addr_type))
791 /* Adding or removing entries from the white list must
792 * happen before enabling scanning. The controller does
793 * not allow white list modification while scanning.
795 filter_policy = update_white_list(req);
797 /* When the controller is using random resolvable addresses and
798 * with that having LE privacy enabled, then controllers with
799 * Extended Scanner Filter Policies support can now enable support
800 * for handling directed advertising.
802 * So instead of using filter polices 0x00 (no whitelist)
803 * and 0x01 (whitelist enabled) use the new filter policies
804 * 0x02 (no whitelist) and 0x03 (whitelist enabled).
806 if (hci_dev_test_flag(hdev, HCI_PRIVACY) &&
807 (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY))
808 filter_policy |= 0x02;
810 memset(¶m_cp, 0, sizeof(param_cp));
811 param_cp.type = LE_SCAN_PASSIVE;
812 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
813 param_cp.window = cpu_to_le16(hdev->le_scan_window);
814 param_cp.own_address_type = own_addr_type;
815 param_cp.filter_policy = filter_policy;
816 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
819 memset(&enable_cp, 0, sizeof(enable_cp));
820 enable_cp.enable = LE_SCAN_ENABLE;
821 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
822 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
826 static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev)
828 u8 instance = hdev->cur_adv_instance;
829 struct adv_info *adv_instance;
831 /* Ignore instance 0 */
832 if (instance == 0x00)
835 adv_instance = hci_find_adv_instance(hdev, instance);
839 /* TODO: Take into account the "appearance" and "local-name" flags here.
840 * These are currently being ignored as they are not supported.
842 return adv_instance->scan_rsp_len;
845 void __hci_req_disable_advertising(struct hci_request *req)
849 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
852 static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
855 struct adv_info *adv_instance;
857 if (instance == 0x00) {
858 /* Instance 0 always manages the "Tx Power" and "Flags"
861 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
863 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting
864 * corresponds to the "connectable" instance flag.
866 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
867 flags |= MGMT_ADV_FLAG_CONNECTABLE;
872 adv_instance = hci_find_adv_instance(hdev, instance);
874 /* Return 0 when we got an invalid instance identifier. */
878 return adv_instance->flags;
881 void __hci_req_enable_advertising(struct hci_request *req)
883 struct hci_dev *hdev = req->hdev;
884 struct hci_cp_le_set_adv_param cp;
885 u8 own_addr_type, enable = 0x01;
889 if (hci_conn_num(hdev, LE_LINK) > 0)
892 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
893 __hci_req_disable_advertising(req);
895 /* Clear the HCI_LE_ADV bit temporarily so that the
896 * hci_update_random_address knows that it's safe to go ahead
897 * and write a new random address. The flag will be set back on
898 * as soon as the SET_ADV_ENABLE HCI command completes.
900 hci_dev_clear_flag(hdev, HCI_LE_ADV);
902 flags = get_adv_instance_flags(hdev, hdev->cur_adv_instance);
904 /* If the "connectable" instance flag was not set, then choose between
905 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
907 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
908 mgmt_get_connectable(hdev);
910 /* Set require_privacy to true only when non-connectable
911 * advertising is used. In that case it is fine to use a
912 * non-resolvable private address.
914 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
917 memset(&cp, 0, sizeof(cp));
918 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
919 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
922 cp.type = LE_ADV_IND;
923 else if (get_cur_adv_instance_scan_rsp_len(hdev))
924 cp.type = LE_ADV_SCAN_IND;
926 cp.type = LE_ADV_NONCONN_IND;
928 cp.own_address_type = own_addr_type;
929 cp.channel_map = hdev->le_adv_channel_map;
931 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
933 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
936 static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
941 name_len = strlen(hdev->dev_name);
943 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
945 if (name_len > max_len) {
947 ptr[1] = EIR_NAME_SHORT;
949 ptr[1] = EIR_NAME_COMPLETE;
951 ptr[0] = name_len + 1;
953 memcpy(ptr + 2, hdev->dev_name, name_len);
955 ad_len += (name_len + 2);
956 ptr += (name_len + 2);
962 static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance,
965 struct adv_info *adv_instance;
967 adv_instance = hci_find_adv_instance(hdev, instance);
971 /* TODO: Set the appropriate entries based on advertising instance flags
972 * here once flags other than 0 are supported.
974 memcpy(ptr, adv_instance->scan_rsp_data,
975 adv_instance->scan_rsp_len);
977 return adv_instance->scan_rsp_len;
980 void __hci_req_update_scan_rsp_data(struct hci_request *req, u8 instance)
982 struct hci_dev *hdev = req->hdev;
983 struct hci_cp_le_set_scan_rsp_data cp;
986 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
989 memset(&cp, 0, sizeof(cp));
992 len = create_instance_scan_rsp_data(hdev, instance, cp.data);
994 len = create_default_scan_rsp_data(hdev, cp.data);
996 if (hdev->scan_rsp_data_len == len &&
997 !memcmp(cp.data, hdev->scan_rsp_data, len))
1000 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
1001 hdev->scan_rsp_data_len = len;
1005 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
1008 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
1010 struct adv_info *adv_instance = NULL;
1011 u8 ad_len = 0, flags = 0;
1014 /* Return 0 when the current instance identifier is invalid. */
1016 adv_instance = hci_find_adv_instance(hdev, instance);
1021 instance_flags = get_adv_instance_flags(hdev, instance);
1023 /* The Add Advertising command allows userspace to set both the general
1024 * and limited discoverable flags.
1026 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
1027 flags |= LE_AD_GENERAL;
1029 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
1030 flags |= LE_AD_LIMITED;
1032 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
1033 /* If a discovery flag wasn't provided, simply use the global
1037 flags |= mgmt_get_adv_discov_flags(hdev);
1039 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1040 flags |= LE_AD_NO_BREDR;
1042 /* If flags would still be empty, then there is no need to
1043 * include the "Flags" AD field".
1056 memcpy(ptr, adv_instance->adv_data,
1057 adv_instance->adv_data_len);
1058 ad_len += adv_instance->adv_data_len;
1059 ptr += adv_instance->adv_data_len;
1062 /* Provide Tx Power only if we can provide a valid value for it */
1063 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
1064 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
1066 ptr[1] = EIR_TX_POWER;
1067 ptr[2] = (u8)hdev->adv_tx_power;
1076 void __hci_req_update_adv_data(struct hci_request *req, u8 instance)
1078 struct hci_dev *hdev = req->hdev;
1079 struct hci_cp_le_set_adv_data cp;
1082 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1085 memset(&cp, 0, sizeof(cp));
1087 len = create_instance_adv_data(hdev, instance, cp.data);
1089 /* There's nothing to do if the data hasn't changed */
1090 if (hdev->adv_data_len == len &&
1091 memcmp(cp.data, hdev->adv_data, len) == 0)
1094 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1095 hdev->adv_data_len = len;
1099 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1102 int hci_req_update_adv_data(struct hci_dev *hdev, u8 instance)
1104 struct hci_request req;
1106 hci_req_init(&req, hdev);
1107 __hci_req_update_adv_data(&req, instance);
1109 return hci_req_run(&req, NULL);
1112 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1114 BT_DBG("%s status %u", hdev->name, status);
1117 void hci_req_reenable_advertising(struct hci_dev *hdev)
1119 struct hci_request req;
1121 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1122 list_empty(&hdev->adv_instances))
1125 hci_req_init(&req, hdev);
1127 if (hdev->cur_adv_instance) {
1128 __hci_req_schedule_adv_instance(&req, hdev->cur_adv_instance,
1131 __hci_req_update_adv_data(&req, 0x00);
1132 __hci_req_update_scan_rsp_data(&req, 0x00);
1133 __hci_req_enable_advertising(&req);
1136 hci_req_run(&req, adv_enable_complete);
1139 static void adv_timeout_expire(struct work_struct *work)
1141 struct hci_dev *hdev = container_of(work, struct hci_dev,
1142 adv_instance_expire.work);
1144 struct hci_request req;
1147 BT_DBG("%s", hdev->name);
1151 hdev->adv_instance_timeout = 0;
1153 instance = hdev->cur_adv_instance;
1154 if (instance == 0x00)
1157 hci_req_init(&req, hdev);
1159 hci_req_clear_adv_instance(hdev, &req, instance, false);
1161 if (list_empty(&hdev->adv_instances))
1162 __hci_req_disable_advertising(&req);
1164 hci_req_run(&req, NULL);
1167 hci_dev_unlock(hdev);
1170 int __hci_req_schedule_adv_instance(struct hci_request *req, u8 instance,
1173 struct hci_dev *hdev = req->hdev;
1174 struct adv_info *adv_instance = NULL;
1177 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1178 list_empty(&hdev->adv_instances))
1181 if (hdev->adv_instance_timeout)
1184 adv_instance = hci_find_adv_instance(hdev, instance);
1188 /* A zero timeout means unlimited advertising. As long as there is
1189 * only one instance, duration should be ignored. We still set a timeout
1190 * in case further instances are being added later on.
1192 * If the remaining lifetime of the instance is more than the duration
1193 * then the timeout corresponds to the duration, otherwise it will be
1194 * reduced to the remaining instance lifetime.
1196 if (adv_instance->timeout == 0 ||
1197 adv_instance->duration <= adv_instance->remaining_time)
1198 timeout = adv_instance->duration;
1200 timeout = adv_instance->remaining_time;
1202 /* The remaining time is being reduced unless the instance is being
1203 * advertised without time limit.
1205 if (adv_instance->timeout)
1206 adv_instance->remaining_time =
1207 adv_instance->remaining_time - timeout;
1209 hdev->adv_instance_timeout = timeout;
1210 queue_delayed_work(hdev->req_workqueue,
1211 &hdev->adv_instance_expire,
1212 msecs_to_jiffies(timeout * 1000));
1214 /* If we're just re-scheduling the same instance again then do not
1215 * execute any HCI commands. This happens when a single instance is
1218 if (!force && hdev->cur_adv_instance == instance &&
1219 hci_dev_test_flag(hdev, HCI_LE_ADV))
1222 hdev->cur_adv_instance = instance;
1223 __hci_req_update_adv_data(req, instance);
1224 __hci_req_update_scan_rsp_data(req, instance);
1225 __hci_req_enable_advertising(req);
1230 static void cancel_adv_timeout(struct hci_dev *hdev)
1232 if (hdev->adv_instance_timeout) {
1233 hdev->adv_instance_timeout = 0;
1234 cancel_delayed_work(&hdev->adv_instance_expire);
1238 /* For a single instance:
1239 * - force == true: The instance will be removed even when its remaining
1240 * lifetime is not zero.
1241 * - force == false: the instance will be deactivated but kept stored unless
1242 * the remaining lifetime is zero.
1244 * For instance == 0x00:
1245 * - force == true: All instances will be removed regardless of their timeout
1247 * - force == false: Only instances that have a timeout will be removed.
1249 void hci_req_clear_adv_instance(struct hci_dev *hdev, struct hci_request *req,
1250 u8 instance, bool force)
1252 struct adv_info *adv_instance, *n, *next_instance = NULL;
1256 /* Cancel any timeout concerning the removed instance(s). */
1257 if (!instance || hdev->cur_adv_instance == instance)
1258 cancel_adv_timeout(hdev);
1260 /* Get the next instance to advertise BEFORE we remove
1261 * the current one. This can be the same instance again
1262 * if there is only one instance.
1264 if (instance && hdev->cur_adv_instance == instance)
1265 next_instance = hci_get_next_instance(hdev, instance);
1267 if (instance == 0x00) {
1268 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances,
1270 if (!(force || adv_instance->timeout))
1273 rem_inst = adv_instance->instance;
1274 err = hci_remove_adv_instance(hdev, rem_inst);
1276 mgmt_advertising_removed(NULL, hdev, rem_inst);
1279 adv_instance = hci_find_adv_instance(hdev, instance);
1281 if (force || (adv_instance && adv_instance->timeout &&
1282 !adv_instance->remaining_time)) {
1283 /* Don't advertise a removed instance. */
1284 if (next_instance &&
1285 next_instance->instance == instance)
1286 next_instance = NULL;
1288 err = hci_remove_adv_instance(hdev, instance);
1290 mgmt_advertising_removed(NULL, hdev, instance);
1294 if (!req || !hdev_is_powered(hdev) ||
1295 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1299 __hci_req_schedule_adv_instance(req, next_instance->instance,
1303 static void set_random_addr(struct hci_request *req, bdaddr_t *rpa)
1305 struct hci_dev *hdev = req->hdev;
1307 /* If we're advertising or initiating an LE connection we can't
1308 * go ahead and change the random address at this time. This is
1309 * because the eventual initiator address used for the
1310 * subsequently created connection will be undefined (some
1311 * controllers use the new address and others the one we had
1312 * when the operation started).
1314 * In this kind of scenario skip the update and let the random
1315 * address be updated at the next cycle.
1317 if (hci_dev_test_flag(hdev, HCI_LE_ADV) ||
1318 hci_lookup_le_connect(hdev)) {
1319 BT_DBG("Deferring random address update");
1320 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1324 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa);
1327 int hci_update_random_address(struct hci_request *req, bool require_privacy,
1330 struct hci_dev *hdev = req->hdev;
1333 /* If privacy is enabled use a resolvable private address. If
1334 * current RPA has expired or there is something else than
1335 * the current RPA in use, then generate a new one.
1337 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
1340 *own_addr_type = ADDR_LE_DEV_RANDOM;
1342 if (!hci_dev_test_and_clear_flag(hdev, HCI_RPA_EXPIRED) &&
1343 !bacmp(&hdev->random_addr, &hdev->rpa))
1346 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
1348 BT_ERR("%s failed to generate new RPA", hdev->name);
1352 set_random_addr(req, &hdev->rpa);
1354 to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
1355 queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to);
1360 /* In case of required privacy without resolvable private address,
1361 * use an non-resolvable private address. This is useful for active
1362 * scanning and non-connectable advertising.
1364 if (require_privacy) {
1368 /* The non-resolvable private address is generated
1369 * from random six bytes with the two most significant
1372 get_random_bytes(&nrpa, 6);
1375 /* The non-resolvable private address shall not be
1376 * equal to the public address.
1378 if (bacmp(&hdev->bdaddr, &nrpa))
1382 *own_addr_type = ADDR_LE_DEV_RANDOM;
1383 set_random_addr(req, &nrpa);
1387 /* If forcing static address is in use or there is no public
1388 * address use the static address as random address (but skip
1389 * the HCI command if the current random address is already the
1392 * In case BR/EDR has been disabled on a dual-mode controller
1393 * and a static address has been configured, then use that
1394 * address instead of the public BR/EDR address.
1396 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
1397 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
1398 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
1399 bacmp(&hdev->static_addr, BDADDR_ANY))) {
1400 *own_addr_type = ADDR_LE_DEV_RANDOM;
1401 if (bacmp(&hdev->static_addr, &hdev->random_addr))
1402 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
1403 &hdev->static_addr);
1407 /* Neither privacy nor static address is being used so use a
1410 *own_addr_type = ADDR_LE_DEV_PUBLIC;
1415 static bool disconnected_whitelist_entries(struct hci_dev *hdev)
1417 struct bdaddr_list *b;
1419 list_for_each_entry(b, &hdev->whitelist, list) {
1420 struct hci_conn *conn;
1422 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr);
1426 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
1433 void __hci_req_update_scan(struct hci_request *req)
1435 struct hci_dev *hdev = req->hdev;
1438 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1441 if (!hdev_is_powered(hdev))
1444 if (mgmt_powering_down(hdev))
1447 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE) ||
1448 disconnected_whitelist_entries(hdev))
1451 scan = SCAN_DISABLED;
1453 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
1454 scan |= SCAN_INQUIRY;
1456 if (test_bit(HCI_PSCAN, &hdev->flags) == !!(scan & SCAN_PAGE) &&
1457 test_bit(HCI_ISCAN, &hdev->flags) == !!(scan & SCAN_INQUIRY))
1460 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1463 static int update_scan(struct hci_request *req, unsigned long opt)
1465 hci_dev_lock(req->hdev);
1466 __hci_req_update_scan(req);
1467 hci_dev_unlock(req->hdev);
1471 static void scan_update_work(struct work_struct *work)
1473 struct hci_dev *hdev = container_of(work, struct hci_dev, scan_update);
1475 hci_req_sync(hdev, update_scan, 0, HCI_CMD_TIMEOUT, NULL);
1478 static int connectable_update(struct hci_request *req, unsigned long opt)
1480 struct hci_dev *hdev = req->hdev;
1484 __hci_req_update_scan(req);
1486 /* If BR/EDR is not enabled and we disable advertising as a
1487 * by-product of disabling connectable, we need to update the
1488 * advertising flags.
1490 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1491 __hci_req_update_adv_data(req, hdev->cur_adv_instance);
1493 /* Update the advertising parameters if necessary */
1494 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1495 !list_empty(&hdev->adv_instances))
1496 __hci_req_enable_advertising(req);
1498 __hci_update_background_scan(req);
1500 hci_dev_unlock(hdev);
1505 static void connectable_update_work(struct work_struct *work)
1507 struct hci_dev *hdev = container_of(work, struct hci_dev,
1508 connectable_update);
1511 hci_req_sync(hdev, connectable_update, 0, HCI_CMD_TIMEOUT, &status);
1512 mgmt_set_connectable_complete(hdev, status);
1515 static u8 get_service_classes(struct hci_dev *hdev)
1517 struct bt_uuid *uuid;
1520 list_for_each_entry(uuid, &hdev->uuids, list)
1521 val |= uuid->svc_hint;
1526 void __hci_req_update_class(struct hci_request *req)
1528 struct hci_dev *hdev = req->hdev;
1531 BT_DBG("%s", hdev->name);
1533 if (!hdev_is_powered(hdev))
1536 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1539 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1542 cod[0] = hdev->minor_class;
1543 cod[1] = hdev->major_class;
1544 cod[2] = get_service_classes(hdev);
1546 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1549 if (memcmp(cod, hdev->dev_class, 3) == 0)
1552 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1555 static void write_iac(struct hci_request *req)
1557 struct hci_dev *hdev = req->hdev;
1558 struct hci_cp_write_current_iac_lap cp;
1560 if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
1563 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) {
1564 /* Limited discoverable mode */
1565 cp.num_iac = min_t(u8, hdev->num_iac, 2);
1566 cp.iac_lap[0] = 0x00; /* LIAC */
1567 cp.iac_lap[1] = 0x8b;
1568 cp.iac_lap[2] = 0x9e;
1569 cp.iac_lap[3] = 0x33; /* GIAC */
1570 cp.iac_lap[4] = 0x8b;
1571 cp.iac_lap[5] = 0x9e;
1573 /* General discoverable mode */
1575 cp.iac_lap[0] = 0x33; /* GIAC */
1576 cp.iac_lap[1] = 0x8b;
1577 cp.iac_lap[2] = 0x9e;
1580 hci_req_add(req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1581 (cp.num_iac * 3) + 1, &cp);
1584 static int discoverable_update(struct hci_request *req, unsigned long opt)
1586 struct hci_dev *hdev = req->hdev;
1590 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1592 __hci_req_update_scan(req);
1593 __hci_req_update_class(req);
1596 /* Advertising instances don't use the global discoverable setting, so
1597 * only update AD if advertising was enabled using Set Advertising.
1599 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
1600 __hci_req_update_adv_data(req, 0x00);
1602 hci_dev_unlock(hdev);
1607 static void discoverable_update_work(struct work_struct *work)
1609 struct hci_dev *hdev = container_of(work, struct hci_dev,
1610 discoverable_update);
1613 hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, &status);
1614 mgmt_set_discoverable_complete(hdev, status);
1617 void __hci_abort_conn(struct hci_request *req, struct hci_conn *conn,
1620 switch (conn->state) {
1623 if (conn->type == AMP_LINK) {
1624 struct hci_cp_disconn_phy_link cp;
1626 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
1628 hci_req_add(req, HCI_OP_DISCONN_PHY_LINK, sizeof(cp),
1631 struct hci_cp_disconnect dc;
1633 dc.handle = cpu_to_le16(conn->handle);
1635 hci_req_add(req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1638 conn->state = BT_DISCONN;
1642 if (conn->type == LE_LINK) {
1643 if (test_bit(HCI_CONN_SCANNING, &conn->flags))
1645 hci_req_add(req, HCI_OP_LE_CREATE_CONN_CANCEL,
1647 } else if (conn->type == ACL_LINK) {
1648 if (req->hdev->hci_ver < BLUETOOTH_VER_1_2)
1650 hci_req_add(req, HCI_OP_CREATE_CONN_CANCEL,
1655 if (conn->type == ACL_LINK) {
1656 struct hci_cp_reject_conn_req rej;
1658 bacpy(&rej.bdaddr, &conn->dst);
1659 rej.reason = reason;
1661 hci_req_add(req, HCI_OP_REJECT_CONN_REQ,
1663 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
1664 struct hci_cp_reject_sync_conn_req rej;
1666 bacpy(&rej.bdaddr, &conn->dst);
1668 /* SCO rejection has its own limited set of
1669 * allowed error values (0x0D-0x0F) which isn't
1670 * compatible with most values passed to this
1671 * function. To be safe hard-code one of the
1672 * values that's suitable for SCO.
1674 rej.reason = HCI_ERROR_REMOTE_LOW_RESOURCES;
1676 hci_req_add(req, HCI_OP_REJECT_SYNC_CONN_REQ,
1681 conn->state = BT_CLOSED;
1686 static void abort_conn_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1689 BT_DBG("Failed to abort connection: status 0x%2.2x", status);
1692 int hci_abort_conn(struct hci_conn *conn, u8 reason)
1694 struct hci_request req;
1697 hci_req_init(&req, conn->hdev);
1699 __hci_abort_conn(&req, conn, reason);
1701 err = hci_req_run(&req, abort_conn_complete);
1702 if (err && err != -ENODATA) {
1703 BT_ERR("Failed to run HCI request: err %d", err);
1710 static int update_bg_scan(struct hci_request *req, unsigned long opt)
1712 hci_dev_lock(req->hdev);
1713 __hci_update_background_scan(req);
1714 hci_dev_unlock(req->hdev);
1718 static void bg_scan_update(struct work_struct *work)
1720 struct hci_dev *hdev = container_of(work, struct hci_dev,
1722 struct hci_conn *conn;
1726 err = hci_req_sync(hdev, update_bg_scan, 0, HCI_CMD_TIMEOUT, &status);
1732 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1734 hci_le_conn_failed(conn, status);
1736 hci_dev_unlock(hdev);
1739 static int le_scan_disable(struct hci_request *req, unsigned long opt)
1741 hci_req_add_le_scan_disable(req);
1745 static int bredr_inquiry(struct hci_request *req, unsigned long opt)
1748 const u8 giac[3] = { 0x33, 0x8b, 0x9e };
1749 const u8 liac[3] = { 0x00, 0x8b, 0x9e };
1750 struct hci_cp_inquiry cp;
1752 BT_DBG("%s", req->hdev->name);
1754 hci_dev_lock(req->hdev);
1755 hci_inquiry_cache_flush(req->hdev);
1756 hci_dev_unlock(req->hdev);
1758 memset(&cp, 0, sizeof(cp));
1760 if (req->hdev->discovery.limited)
1761 memcpy(&cp.lap, liac, sizeof(cp.lap));
1763 memcpy(&cp.lap, giac, sizeof(cp.lap));
1767 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
1772 static void le_scan_disable_work(struct work_struct *work)
1774 struct hci_dev *hdev = container_of(work, struct hci_dev,
1775 le_scan_disable.work);
1778 BT_DBG("%s", hdev->name);
1780 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
1783 cancel_delayed_work(&hdev->le_scan_restart);
1785 hci_req_sync(hdev, le_scan_disable, 0, HCI_CMD_TIMEOUT, &status);
1787 BT_ERR("Failed to disable LE scan: status 0x%02x", status);
1791 hdev->discovery.scan_start = 0;
1793 /* If we were running LE only scan, change discovery state. If
1794 * we were running both LE and BR/EDR inquiry simultaneously,
1795 * and BR/EDR inquiry is already finished, stop discovery,
1796 * otherwise BR/EDR inquiry will stop discovery when finished.
1797 * If we will resolve remote device name, do not change
1801 if (hdev->discovery.type == DISCOV_TYPE_LE)
1802 goto discov_stopped;
1804 if (hdev->discovery.type != DISCOV_TYPE_INTERLEAVED)
1807 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks)) {
1808 if (!test_bit(HCI_INQUIRY, &hdev->flags) &&
1809 hdev->discovery.state != DISCOVERY_RESOLVING)
1810 goto discov_stopped;
1815 hci_req_sync(hdev, bredr_inquiry, DISCOV_INTERLEAVED_INQUIRY_LEN,
1816 HCI_CMD_TIMEOUT, &status);
1818 BT_ERR("Inquiry failed: status 0x%02x", status);
1819 goto discov_stopped;
1826 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1827 hci_dev_unlock(hdev);
1830 static int le_scan_restart(struct hci_request *req, unsigned long opt)
1832 struct hci_dev *hdev = req->hdev;
1833 struct hci_cp_le_set_scan_enable cp;
1835 /* If controller is not scanning we are done. */
1836 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
1839 hci_req_add_le_scan_disable(req);
1841 memset(&cp, 0, sizeof(cp));
1842 cp.enable = LE_SCAN_ENABLE;
1843 cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
1844 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1849 static void le_scan_restart_work(struct work_struct *work)
1851 struct hci_dev *hdev = container_of(work, struct hci_dev,
1852 le_scan_restart.work);
1853 unsigned long timeout, duration, scan_start, now;
1856 BT_DBG("%s", hdev->name);
1858 hci_req_sync(hdev, le_scan_restart, 0, HCI_CMD_TIMEOUT, &status);
1860 BT_ERR("Failed to restart LE scan: status %d", status);
1866 if (!test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) ||
1867 !hdev->discovery.scan_start)
1870 /* When the scan was started, hdev->le_scan_disable has been queued
1871 * after duration from scan_start. During scan restart this job
1872 * has been canceled, and we need to queue it again after proper
1873 * timeout, to make sure that scan does not run indefinitely.
1875 duration = hdev->discovery.scan_duration;
1876 scan_start = hdev->discovery.scan_start;
1878 if (now - scan_start <= duration) {
1881 if (now >= scan_start)
1882 elapsed = now - scan_start;
1884 elapsed = ULONG_MAX - scan_start + now;
1886 timeout = duration - elapsed;
1891 queue_delayed_work(hdev->req_workqueue,
1892 &hdev->le_scan_disable, timeout);
1895 hci_dev_unlock(hdev);
1898 static void disable_advertising(struct hci_request *req)
1902 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1905 static int active_scan(struct hci_request *req, unsigned long opt)
1907 uint16_t interval = opt;
1908 struct hci_dev *hdev = req->hdev;
1909 struct hci_cp_le_set_scan_param param_cp;
1910 struct hci_cp_le_set_scan_enable enable_cp;
1914 BT_DBG("%s", hdev->name);
1916 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
1919 /* Don't let discovery abort an outgoing connection attempt
1920 * that's using directed advertising.
1922 if (hci_lookup_le_connect(hdev)) {
1923 hci_dev_unlock(hdev);
1927 cancel_adv_timeout(hdev);
1928 hci_dev_unlock(hdev);
1930 disable_advertising(req);
1933 /* If controller is scanning, it means the background scanning is
1934 * running. Thus, we should temporarily stop it in order to set the
1935 * discovery scanning parameters.
1937 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
1938 hci_req_add_le_scan_disable(req);
1940 /* All active scans will be done with either a resolvable private
1941 * address (when privacy feature has been enabled) or non-resolvable
1944 err = hci_update_random_address(req, true, &own_addr_type);
1946 own_addr_type = ADDR_LE_DEV_PUBLIC;
1948 memset(¶m_cp, 0, sizeof(param_cp));
1949 param_cp.type = LE_SCAN_ACTIVE;
1950 param_cp.interval = cpu_to_le16(interval);
1951 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
1952 param_cp.own_address_type = own_addr_type;
1954 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
1957 memset(&enable_cp, 0, sizeof(enable_cp));
1958 enable_cp.enable = LE_SCAN_ENABLE;
1959 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
1961 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
1967 static int interleaved_discov(struct hci_request *req, unsigned long opt)
1971 BT_DBG("%s", req->hdev->name);
1973 err = active_scan(req, opt);
1977 return bredr_inquiry(req, DISCOV_BREDR_INQUIRY_LEN);
1980 static void start_discovery(struct hci_dev *hdev, u8 *status)
1982 unsigned long timeout;
1984 BT_DBG("%s type %u", hdev->name, hdev->discovery.type);
1986 switch (hdev->discovery.type) {
1987 case DISCOV_TYPE_BREDR:
1988 if (!hci_dev_test_flag(hdev, HCI_INQUIRY))
1989 hci_req_sync(hdev, bredr_inquiry,
1990 DISCOV_BREDR_INQUIRY_LEN, HCI_CMD_TIMEOUT,
1993 case DISCOV_TYPE_INTERLEAVED:
1994 /* When running simultaneous discovery, the LE scanning time
1995 * should occupy the whole discovery time sine BR/EDR inquiry
1996 * and LE scanning are scheduled by the controller.
1998 * For interleaving discovery in comparison, BR/EDR inquiry
1999 * and LE scanning are done sequentially with separate
2002 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
2004 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
2005 /* During simultaneous discovery, we double LE scan
2006 * interval. We must leave some time for the controller
2007 * to do BR/EDR inquiry.
2009 hci_req_sync(hdev, interleaved_discov,
2010 DISCOV_LE_SCAN_INT * 2, HCI_CMD_TIMEOUT,
2015 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
2016 hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT,
2017 HCI_CMD_TIMEOUT, status);
2019 case DISCOV_TYPE_LE:
2020 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
2021 hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT,
2022 HCI_CMD_TIMEOUT, status);
2025 *status = HCI_ERROR_UNSPECIFIED;
2032 BT_DBG("%s timeout %u ms", hdev->name, jiffies_to_msecs(timeout));
2034 /* When service discovery is used and the controller has a
2035 * strict duplicate filter, it is important to remember the
2036 * start and duration of the scan. This is required for
2037 * restarting scanning during the discovery phase.
2039 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) &&
2040 hdev->discovery.result_filtering) {
2041 hdev->discovery.scan_start = jiffies;
2042 hdev->discovery.scan_duration = timeout;
2045 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_disable,
2049 bool hci_req_stop_discovery(struct hci_request *req)
2051 struct hci_dev *hdev = req->hdev;
2052 struct discovery_state *d = &hdev->discovery;
2053 struct hci_cp_remote_name_req_cancel cp;
2054 struct inquiry_entry *e;
2057 BT_DBG("%s state %u", hdev->name, hdev->discovery.state);
2059 if (d->state == DISCOVERY_FINDING || d->state == DISCOVERY_STOPPING) {
2060 if (test_bit(HCI_INQUIRY, &hdev->flags))
2061 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2063 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
2064 cancel_delayed_work(&hdev->le_scan_disable);
2065 hci_req_add_le_scan_disable(req);
2070 /* Passive scanning */
2071 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
2072 hci_req_add_le_scan_disable(req);
2077 /* No further actions needed for LE-only discovery */
2078 if (d->type == DISCOV_TYPE_LE)
2081 if (d->state == DISCOVERY_RESOLVING || d->state == DISCOVERY_STOPPING) {
2082 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2087 bacpy(&cp.bdaddr, &e->data.bdaddr);
2088 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2096 static int stop_discovery(struct hci_request *req, unsigned long opt)
2098 hci_dev_lock(req->hdev);
2099 hci_req_stop_discovery(req);
2100 hci_dev_unlock(req->hdev);
2105 static void discov_update(struct work_struct *work)
2107 struct hci_dev *hdev = container_of(work, struct hci_dev,
2111 switch (hdev->discovery.state) {
2112 case DISCOVERY_STARTING:
2113 start_discovery(hdev, &status);
2114 mgmt_start_discovery_complete(hdev, status);
2116 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2118 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2120 case DISCOVERY_STOPPING:
2121 hci_req_sync(hdev, stop_discovery, 0, HCI_CMD_TIMEOUT, &status);
2122 mgmt_stop_discovery_complete(hdev, status);
2124 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2126 case DISCOVERY_STOPPED:
2132 static void discov_off(struct work_struct *work)
2134 struct hci_dev *hdev = container_of(work, struct hci_dev,
2137 BT_DBG("%s", hdev->name);
2141 /* When discoverable timeout triggers, then just make sure
2142 * the limited discoverable flag is cleared. Even in the case
2143 * of a timeout triggered from general discoverable, it is
2144 * safe to unconditionally clear the flag.
2146 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2147 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2148 hdev->discov_timeout = 0;
2150 hci_dev_unlock(hdev);
2152 hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, NULL);
2153 mgmt_new_settings(hdev);
2156 static int powered_update_hci(struct hci_request *req, unsigned long opt)
2158 struct hci_dev *hdev = req->hdev;
2163 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
2164 !lmp_host_ssp_capable(hdev)) {
2167 hci_req_add(req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
2169 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
2172 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
2173 sizeof(support), &support);
2177 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2178 lmp_bredr_capable(hdev)) {
2179 struct hci_cp_write_le_host_supported cp;
2184 /* Check first if we already have the right
2185 * host state (host features set)
2187 if (cp.le != lmp_host_le_capable(hdev) ||
2188 cp.simul != lmp_host_le_br_capable(hdev))
2189 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
2193 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2194 /* Make sure the controller has a good default for
2195 * advertising data. This also applies to the case
2196 * where BR/EDR was toggled during the AUTO_OFF phase.
2198 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2199 list_empty(&hdev->adv_instances)) {
2200 __hci_req_update_adv_data(req, 0x00);
2201 __hci_req_update_scan_rsp_data(req, 0x00);
2203 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
2204 __hci_req_enable_advertising(req);
2205 } else if (!list_empty(&hdev->adv_instances)) {
2206 struct adv_info *adv_instance;
2208 adv_instance = list_first_entry(&hdev->adv_instances,
2209 struct adv_info, list);
2210 __hci_req_schedule_adv_instance(req,
2211 adv_instance->instance,
2216 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
2217 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
2218 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE,
2219 sizeof(link_sec), &link_sec);
2221 if (lmp_bredr_capable(hdev)) {
2222 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
2223 __hci_req_write_fast_connectable(req, true);
2225 __hci_req_write_fast_connectable(req, false);
2226 __hci_req_update_scan(req);
2227 __hci_req_update_class(req);
2228 __hci_req_update_name(req);
2229 __hci_req_update_eir(req);
2232 hci_dev_unlock(hdev);
2236 int __hci_req_hci_power_on(struct hci_dev *hdev)
2238 /* Register the available SMP channels (BR/EDR and LE) only when
2239 * successfully powering on the controller. This late
2240 * registration is required so that LE SMP can clearly decide if
2241 * the public address or static address is used.
2245 return __hci_req_sync(hdev, powered_update_hci, 0, HCI_CMD_TIMEOUT,
2249 void hci_request_setup(struct hci_dev *hdev)
2251 INIT_WORK(&hdev->discov_update, discov_update);
2252 INIT_WORK(&hdev->bg_scan_update, bg_scan_update);
2253 INIT_WORK(&hdev->scan_update, scan_update_work);
2254 INIT_WORK(&hdev->connectable_update, connectable_update_work);
2255 INIT_WORK(&hdev->discoverable_update, discoverable_update_work);
2256 INIT_DELAYED_WORK(&hdev->discov_off, discov_off);
2257 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
2258 INIT_DELAYED_WORK(&hdev->le_scan_restart, le_scan_restart_work);
2259 INIT_DELAYED_WORK(&hdev->adv_instance_expire, adv_timeout_expire);
2262 void hci_request_cancel_all(struct hci_dev *hdev)
2264 hci_req_sync_cancel(hdev, ENODEV);
2266 cancel_work_sync(&hdev->discov_update);
2267 cancel_work_sync(&hdev->bg_scan_update);
2268 cancel_work_sync(&hdev->scan_update);
2269 cancel_work_sync(&hdev->connectable_update);
2270 cancel_work_sync(&hdev->discoverable_update);
2271 cancel_delayed_work_sync(&hdev->discov_off);
2272 cancel_delayed_work_sync(&hdev->le_scan_disable);
2273 cancel_delayed_work_sync(&hdev->le_scan_restart);
2275 if (hdev->adv_instance_timeout) {
2276 cancel_delayed_work_sync(&hdev->adv_instance_expire);
2277 hdev->adv_instance_timeout = 0;
projects / cascardo / linux.git / blob