2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2014 Intel Corporation
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
24 #include <net/bluetooth/bluetooth.h>
25 #include <net/bluetooth/hci_core.h>
26 #include <net/bluetooth/mgmt.h>
29 #include "hci_request.h"
31 #define HCI_REQ_DONE 0
32 #define HCI_REQ_PEND 1
33 #define HCI_REQ_CANCELED 2
35 void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
37 skb_queue_head_init(&req->cmd_q);
42 static int req_run(struct hci_request *req, hci_req_complete_t complete,
43 hci_req_complete_skb_t complete_skb)
45 struct hci_dev *hdev = req->hdev;
49 BT_DBG("length %u", skb_queue_len(&req->cmd_q));
51 /* If an error occurred during request building, remove all HCI
52 * commands queued on the HCI request queue.
55 skb_queue_purge(&req->cmd_q);
59 /* Do not allow empty requests */
60 if (skb_queue_empty(&req->cmd_q))
63 skb = skb_peek_tail(&req->cmd_q);
65 bt_cb(skb)->hci.req_complete = complete;
66 } else if (complete_skb) {
67 bt_cb(skb)->hci.req_complete_skb = complete_skb;
68 bt_cb(skb)->hci.req_flags |= HCI_REQ_SKB;
71 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
72 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
73 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
75 queue_work(hdev->workqueue, &hdev->cmd_work);
80 int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
82 return req_run(req, complete, NULL);
85 int hci_req_run_skb(struct hci_request *req, hci_req_complete_skb_t complete)
87 return req_run(req, NULL, complete);
90 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode,
93 BT_DBG("%s result 0x%2.2x", hdev->name, result);
95 if (hdev->req_status == HCI_REQ_PEND) {
96 hdev->req_result = result;
97 hdev->req_status = HCI_REQ_DONE;
99 hdev->req_skb = skb_get(skb);
100 wake_up_interruptible(&hdev->req_wait_q);
104 void hci_req_sync_cancel(struct hci_dev *hdev, int err)
106 BT_DBG("%s err 0x%2.2x", hdev->name, err);
108 if (hdev->req_status == HCI_REQ_PEND) {
109 hdev->req_result = err;
110 hdev->req_status = HCI_REQ_CANCELED;
111 wake_up_interruptible(&hdev->req_wait_q);
115 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
116 const void *param, u8 event, u32 timeout)
118 DECLARE_WAITQUEUE(wait, current);
119 struct hci_request req;
123 BT_DBG("%s", hdev->name);
125 hci_req_init(&req, hdev);
127 hci_req_add_ev(&req, opcode, plen, param, event);
129 hdev->req_status = HCI_REQ_PEND;
131 add_wait_queue(&hdev->req_wait_q, &wait);
132 set_current_state(TASK_INTERRUPTIBLE);
134 err = hci_req_run_skb(&req, hci_req_sync_complete);
136 remove_wait_queue(&hdev->req_wait_q, &wait);
137 set_current_state(TASK_RUNNING);
141 schedule_timeout(timeout);
143 remove_wait_queue(&hdev->req_wait_q, &wait);
145 if (signal_pending(current))
146 return ERR_PTR(-EINTR);
148 switch (hdev->req_status) {
150 err = -bt_to_errno(hdev->req_result);
153 case HCI_REQ_CANCELED:
154 err = -hdev->req_result;
162 hdev->req_status = hdev->req_result = 0;
164 hdev->req_skb = NULL;
166 BT_DBG("%s end: err %d", hdev->name, err);
174 return ERR_PTR(-ENODATA);
178 EXPORT_SYMBOL(__hci_cmd_sync_ev);
180 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
181 const void *param, u32 timeout)
183 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
185 EXPORT_SYMBOL(__hci_cmd_sync);
187 /* Execute request and wait for completion. */
188 int __hci_req_sync(struct hci_dev *hdev, int (*func)(struct hci_request *req,
190 unsigned long opt, u32 timeout, u8 *hci_status)
192 struct hci_request req;
193 DECLARE_WAITQUEUE(wait, current);
196 BT_DBG("%s start", hdev->name);
198 hci_req_init(&req, hdev);
200 hdev->req_status = HCI_REQ_PEND;
202 err = func(&req, opt);
205 *hci_status = HCI_ERROR_UNSPECIFIED;
209 add_wait_queue(&hdev->req_wait_q, &wait);
210 set_current_state(TASK_INTERRUPTIBLE);
212 err = hci_req_run_skb(&req, hci_req_sync_complete);
214 hdev->req_status = 0;
216 remove_wait_queue(&hdev->req_wait_q, &wait);
217 set_current_state(TASK_RUNNING);
219 /* ENODATA means the HCI request command queue is empty.
220 * This can happen when a request with conditionals doesn't
221 * trigger any commands to be sent. This is normal behavior
222 * and should not trigger an error return.
224 if (err == -ENODATA) {
231 *hci_status = HCI_ERROR_UNSPECIFIED;
236 schedule_timeout(timeout);
238 remove_wait_queue(&hdev->req_wait_q, &wait);
240 if (signal_pending(current))
243 switch (hdev->req_status) {
245 err = -bt_to_errno(hdev->req_result);
247 *hci_status = hdev->req_result;
250 case HCI_REQ_CANCELED:
251 err = -hdev->req_result;
253 *hci_status = HCI_ERROR_UNSPECIFIED;
259 *hci_status = HCI_ERROR_UNSPECIFIED;
263 kfree_skb(hdev->req_skb);
264 hdev->req_skb = NULL;
265 hdev->req_status = hdev->req_result = 0;
267 BT_DBG("%s end: err %d", hdev->name, err);
272 int hci_req_sync(struct hci_dev *hdev, int (*req)(struct hci_request *req,
274 unsigned long opt, u32 timeout, u8 *hci_status)
278 if (!test_bit(HCI_UP, &hdev->flags))
281 /* Serialize all requests */
282 hci_req_sync_lock(hdev);
283 ret = __hci_req_sync(hdev, req, opt, timeout, hci_status);
284 hci_req_sync_unlock(hdev);
289 struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode, u32 plen,
292 int len = HCI_COMMAND_HDR_SIZE + plen;
293 struct hci_command_hdr *hdr;
296 skb = bt_skb_alloc(len, GFP_ATOMIC);
300 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
301 hdr->opcode = cpu_to_le16(opcode);
305 memcpy(skb_put(skb, plen), param, plen);
307 BT_DBG("skb len %d", skb->len);
309 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
310 hci_skb_opcode(skb) = opcode;
315 /* Queue a command to an asynchronous HCI request */
316 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
317 const void *param, u8 event)
319 struct hci_dev *hdev = req->hdev;
322 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
324 /* If an error occurred during request building, there is no point in
325 * queueing the HCI command. We can simply return.
330 skb = hci_prepare_cmd(hdev, opcode, plen, param);
332 BT_ERR("%s no memory for command (opcode 0x%4.4x)",
338 if (skb_queue_empty(&req->cmd_q))
339 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
341 bt_cb(skb)->hci.req_event = event;
343 skb_queue_tail(&req->cmd_q, skb);
346 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
349 hci_req_add_ev(req, opcode, plen, param, 0);
352 void __hci_req_write_fast_connectable(struct hci_request *req, bool enable)
354 struct hci_dev *hdev = req->hdev;
355 struct hci_cp_write_page_scan_activity acp;
358 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
361 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
365 type = PAGE_SCAN_TYPE_INTERLACED;
367 /* 160 msec page scan interval */
368 acp.interval = cpu_to_le16(0x0100);
370 type = PAGE_SCAN_TYPE_STANDARD; /* default */
372 /* default 1.28 sec page scan */
373 acp.interval = cpu_to_le16(0x0800);
376 acp.window = cpu_to_le16(0x0012);
378 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
379 __cpu_to_le16(hdev->page_scan_window) != acp.window)
380 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
383 if (hdev->page_scan_type != type)
384 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
387 /* This function controls the background scanning based on hdev->pend_le_conns
388 * list. If there are pending LE connection we start the background scanning,
389 * otherwise we stop it.
391 * This function requires the caller holds hdev->lock.
393 static void __hci_update_background_scan(struct hci_request *req)
395 struct hci_dev *hdev = req->hdev;
397 if (!test_bit(HCI_UP, &hdev->flags) ||
398 test_bit(HCI_INIT, &hdev->flags) ||
399 hci_dev_test_flag(hdev, HCI_SETUP) ||
400 hci_dev_test_flag(hdev, HCI_CONFIG) ||
401 hci_dev_test_flag(hdev, HCI_AUTO_OFF) ||
402 hci_dev_test_flag(hdev, HCI_UNREGISTER))
405 /* No point in doing scanning if LE support hasn't been enabled */
406 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
409 /* If discovery is active don't interfere with it */
410 if (hdev->discovery.state != DISCOVERY_STOPPED)
413 /* Reset RSSI and UUID filters when starting background scanning
414 * since these filters are meant for service discovery only.
416 * The Start Discovery and Start Service Discovery operations
417 * ensure to set proper values for RSSI threshold and UUID
418 * filter list. So it is safe to just reset them here.
420 hci_discovery_filter_clear(hdev);
422 if (list_empty(&hdev->pend_le_conns) &&
423 list_empty(&hdev->pend_le_reports)) {
424 /* If there is no pending LE connections or devices
425 * to be scanned for, we should stop the background
429 /* If controller is not scanning we are done. */
430 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
433 hci_req_add_le_scan_disable(req);
435 BT_DBG("%s stopping background scanning", hdev->name);
437 /* If there is at least one pending LE connection, we should
438 * keep the background scan running.
441 /* If controller is connecting, we should not start scanning
442 * since some controllers are not able to scan and connect at
445 if (hci_lookup_le_connect(hdev))
448 /* If controller is currently scanning, we stop it to ensure we
449 * don't miss any advertising (due to duplicates filter).
451 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
452 hci_req_add_le_scan_disable(req);
454 hci_req_add_le_passive_scan(req);
456 BT_DBG("%s starting background scanning", hdev->name);
460 void __hci_req_update_name(struct hci_request *req)
462 struct hci_dev *hdev = req->hdev;
463 struct hci_cp_write_local_name cp;
465 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
467 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
470 #define PNP_INFO_SVCLASS_ID 0x1200
472 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
474 u8 *ptr = data, *uuids_start = NULL;
475 struct bt_uuid *uuid;
480 list_for_each_entry(uuid, &hdev->uuids, list) {
483 if (uuid->size != 16)
486 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
490 if (uuid16 == PNP_INFO_SVCLASS_ID)
496 uuids_start[1] = EIR_UUID16_ALL;
500 /* Stop if not enough space to put next UUID */
501 if ((ptr - data) + sizeof(u16) > len) {
502 uuids_start[1] = EIR_UUID16_SOME;
506 *ptr++ = (uuid16 & 0x00ff);
507 *ptr++ = (uuid16 & 0xff00) >> 8;
508 uuids_start[0] += sizeof(uuid16);
514 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
516 u8 *ptr = data, *uuids_start = NULL;
517 struct bt_uuid *uuid;
522 list_for_each_entry(uuid, &hdev->uuids, list) {
523 if (uuid->size != 32)
529 uuids_start[1] = EIR_UUID32_ALL;
533 /* Stop if not enough space to put next UUID */
534 if ((ptr - data) + sizeof(u32) > len) {
535 uuids_start[1] = EIR_UUID32_SOME;
539 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
541 uuids_start[0] += sizeof(u32);
547 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
549 u8 *ptr = data, *uuids_start = NULL;
550 struct bt_uuid *uuid;
555 list_for_each_entry(uuid, &hdev->uuids, list) {
556 if (uuid->size != 128)
562 uuids_start[1] = EIR_UUID128_ALL;
566 /* Stop if not enough space to put next UUID */
567 if ((ptr - data) + 16 > len) {
568 uuids_start[1] = EIR_UUID128_SOME;
572 memcpy(ptr, uuid->uuid, 16);
574 uuids_start[0] += 16;
580 static void create_eir(struct hci_dev *hdev, u8 *data)
585 name_len = strlen(hdev->dev_name);
591 ptr[1] = EIR_NAME_SHORT;
593 ptr[1] = EIR_NAME_COMPLETE;
595 /* EIR Data length */
596 ptr[0] = name_len + 1;
598 memcpy(ptr + 2, hdev->dev_name, name_len);
600 ptr += (name_len + 2);
603 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
605 ptr[1] = EIR_TX_POWER;
606 ptr[2] = (u8) hdev->inq_tx_power;
611 if (hdev->devid_source > 0) {
613 ptr[1] = EIR_DEVICE_ID;
615 put_unaligned_le16(hdev->devid_source, ptr + 2);
616 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
617 put_unaligned_le16(hdev->devid_product, ptr + 6);
618 put_unaligned_le16(hdev->devid_version, ptr + 8);
623 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
624 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
625 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
628 void __hci_req_update_eir(struct hci_request *req)
630 struct hci_dev *hdev = req->hdev;
631 struct hci_cp_write_eir cp;
633 if (!hdev_is_powered(hdev))
636 if (!lmp_ext_inq_capable(hdev))
639 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
642 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
645 memset(&cp, 0, sizeof(cp));
647 create_eir(hdev, cp.data);
649 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
652 memcpy(hdev->eir, cp.data, sizeof(cp.data));
654 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
657 void hci_req_add_le_scan_disable(struct hci_request *req)
659 struct hci_cp_le_set_scan_enable cp;
661 memset(&cp, 0, sizeof(cp));
662 cp.enable = LE_SCAN_DISABLE;
663 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
666 static void add_to_white_list(struct hci_request *req,
667 struct hci_conn_params *params)
669 struct hci_cp_le_add_to_white_list cp;
671 cp.bdaddr_type = params->addr_type;
672 bacpy(&cp.bdaddr, ¶ms->addr);
674 hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp);
677 static u8 update_white_list(struct hci_request *req)
679 struct hci_dev *hdev = req->hdev;
680 struct hci_conn_params *params;
681 struct bdaddr_list *b;
682 uint8_t white_list_entries = 0;
684 /* Go through the current white list programmed into the
685 * controller one by one and check if that address is still
686 * in the list of pending connections or list of devices to
687 * report. If not present in either list, then queue the
688 * command to remove it from the controller.
690 list_for_each_entry(b, &hdev->le_white_list, list) {
691 /* If the device is neither in pend_le_conns nor
692 * pend_le_reports then remove it from the whitelist.
694 if (!hci_pend_le_action_lookup(&hdev->pend_le_conns,
695 &b->bdaddr, b->bdaddr_type) &&
696 !hci_pend_le_action_lookup(&hdev->pend_le_reports,
697 &b->bdaddr, b->bdaddr_type)) {
698 struct hci_cp_le_del_from_white_list cp;
700 cp.bdaddr_type = b->bdaddr_type;
701 bacpy(&cp.bdaddr, &b->bdaddr);
703 hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST,
708 if (hci_find_irk_by_addr(hdev, &b->bdaddr, b->bdaddr_type)) {
709 /* White list can not be used with RPAs */
713 white_list_entries++;
716 /* Since all no longer valid white list entries have been
717 * removed, walk through the list of pending connections
718 * and ensure that any new device gets programmed into
721 * If the list of the devices is larger than the list of
722 * available white list entries in the controller, then
723 * just abort and return filer policy value to not use the
726 list_for_each_entry(params, &hdev->pend_le_conns, action) {
727 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
728 ¶ms->addr, params->addr_type))
731 if (white_list_entries >= hdev->le_white_list_size) {
732 /* Select filter policy to accept all advertising */
736 if (hci_find_irk_by_addr(hdev, ¶ms->addr,
737 params->addr_type)) {
738 /* White list can not be used with RPAs */
742 white_list_entries++;
743 add_to_white_list(req, params);
746 /* After adding all new pending connections, walk through
747 * the list of pending reports and also add these to the
748 * white list if there is still space.
750 list_for_each_entry(params, &hdev->pend_le_reports, action) {
751 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
752 ¶ms->addr, params->addr_type))
755 if (white_list_entries >= hdev->le_white_list_size) {
756 /* Select filter policy to accept all advertising */
760 if (hci_find_irk_by_addr(hdev, ¶ms->addr,
761 params->addr_type)) {
762 /* White list can not be used with RPAs */
766 white_list_entries++;
767 add_to_white_list(req, params);
770 /* Select filter policy to use white list */
774 static bool scan_use_rpa(struct hci_dev *hdev)
776 return hci_dev_test_flag(hdev, HCI_PRIVACY);
779 void hci_req_add_le_passive_scan(struct hci_request *req)
781 struct hci_cp_le_set_scan_param param_cp;
782 struct hci_cp_le_set_scan_enable enable_cp;
783 struct hci_dev *hdev = req->hdev;
787 /* Set require_privacy to false since no SCAN_REQ are send
788 * during passive scanning. Not using an non-resolvable address
789 * here is important so that peer devices using direct
790 * advertising with our address will be correctly reported
793 if (hci_update_random_address(req, false, scan_use_rpa(hdev),
797 /* Adding or removing entries from the white list must
798 * happen before enabling scanning. The controller does
799 * not allow white list modification while scanning.
801 filter_policy = update_white_list(req);
803 /* When the controller is using random resolvable addresses and
804 * with that having LE privacy enabled, then controllers with
805 * Extended Scanner Filter Policies support can now enable support
806 * for handling directed advertising.
808 * So instead of using filter polices 0x00 (no whitelist)
809 * and 0x01 (whitelist enabled) use the new filter policies
810 * 0x02 (no whitelist) and 0x03 (whitelist enabled).
812 if (hci_dev_test_flag(hdev, HCI_PRIVACY) &&
813 (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY))
814 filter_policy |= 0x02;
816 memset(¶m_cp, 0, sizeof(param_cp));
817 param_cp.type = LE_SCAN_PASSIVE;
818 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
819 param_cp.window = cpu_to_le16(hdev->le_scan_window);
820 param_cp.own_address_type = own_addr_type;
821 param_cp.filter_policy = filter_policy;
822 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
825 memset(&enable_cp, 0, sizeof(enable_cp));
826 enable_cp.enable = LE_SCAN_ENABLE;
827 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
828 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
832 static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev)
834 u8 instance = hdev->cur_adv_instance;
835 struct adv_info *adv_instance;
837 /* Ignore instance 0 */
838 if (instance == 0x00)
841 adv_instance = hci_find_adv_instance(hdev, instance);
845 /* TODO: Take into account the "appearance" and "local-name" flags here.
846 * These are currently being ignored as they are not supported.
848 return adv_instance->scan_rsp_len;
851 void __hci_req_disable_advertising(struct hci_request *req)
855 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
858 static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
861 struct adv_info *adv_instance;
863 if (instance == 0x00) {
864 /* Instance 0 always manages the "Tx Power" and "Flags"
867 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
869 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting
870 * corresponds to the "connectable" instance flag.
872 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
873 flags |= MGMT_ADV_FLAG_CONNECTABLE;
875 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
876 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
877 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
878 flags |= MGMT_ADV_FLAG_DISCOV;
883 adv_instance = hci_find_adv_instance(hdev, instance);
885 /* Return 0 when we got an invalid instance identifier. */
889 return adv_instance->flags;
892 static bool adv_use_rpa(struct hci_dev *hdev, uint32_t flags)
894 /* If privacy is not enabled don't use RPA */
895 if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
898 /* If basic privacy mode is enabled use RPA */
899 if (!hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
902 /* If limited privacy mode is enabled don't use RPA if we're
903 * both discoverable and bondable.
905 if ((flags & MGMT_ADV_FLAG_DISCOV) &&
906 hci_dev_test_flag(hdev, HCI_BONDABLE))
909 /* We're neither bondable nor discoverable in the limited
910 * privacy mode, therefore use RPA.
915 void __hci_req_enable_advertising(struct hci_request *req)
917 struct hci_dev *hdev = req->hdev;
918 struct hci_cp_le_set_adv_param cp;
919 u8 own_addr_type, enable = 0x01;
923 if (hci_conn_num(hdev, LE_LINK) > 0)
926 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
927 __hci_req_disable_advertising(req);
929 /* Clear the HCI_LE_ADV bit temporarily so that the
930 * hci_update_random_address knows that it's safe to go ahead
931 * and write a new random address. The flag will be set back on
932 * as soon as the SET_ADV_ENABLE HCI command completes.
934 hci_dev_clear_flag(hdev, HCI_LE_ADV);
936 flags = get_adv_instance_flags(hdev, hdev->cur_adv_instance);
938 /* If the "connectable" instance flag was not set, then choose between
939 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
941 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
942 mgmt_get_connectable(hdev);
944 /* Set require_privacy to true only when non-connectable
945 * advertising is used. In that case it is fine to use a
946 * non-resolvable private address.
948 if (hci_update_random_address(req, !connectable,
949 adv_use_rpa(hdev, flags),
953 memset(&cp, 0, sizeof(cp));
954 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
955 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
958 cp.type = LE_ADV_IND;
959 else if (get_cur_adv_instance_scan_rsp_len(hdev))
960 cp.type = LE_ADV_SCAN_IND;
962 cp.type = LE_ADV_NONCONN_IND;
964 cp.own_address_type = own_addr_type;
965 cp.channel_map = hdev->le_adv_channel_map;
967 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
969 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
972 u8 append_local_name(struct hci_dev *hdev, u8 *ptr, u8 ad_len)
977 /* no space left for name (+ NULL + type + len) */
978 if ((HCI_MAX_AD_LENGTH - ad_len) < HCI_MAX_SHORT_NAME_LENGTH + 3)
981 /* use complete name if present and fits */
982 complete_len = strlen(hdev->dev_name);
983 if (complete_len && complete_len <= HCI_MAX_SHORT_NAME_LENGTH)
984 return eir_append_data(ptr, ad_len, EIR_NAME_COMPLETE,
985 hdev->dev_name, complete_len + 1);
987 /* use short name if present */
988 short_len = strlen(hdev->short_name);
990 return eir_append_data(ptr, ad_len, EIR_NAME_SHORT,
991 hdev->short_name, short_len + 1);
993 /* use shortened full name if present, we already know that name
994 * is longer then HCI_MAX_SHORT_NAME_LENGTH
997 u8 name[HCI_MAX_SHORT_NAME_LENGTH + 1];
999 memcpy(name, hdev->dev_name, HCI_MAX_SHORT_NAME_LENGTH);
1000 name[HCI_MAX_SHORT_NAME_LENGTH] = '\0';
1002 return eir_append_data(ptr, ad_len, EIR_NAME_SHORT, name,
1009 static u8 append_appearance(struct hci_dev *hdev, u8 *ptr, u8 ad_len)
1011 return eir_append_le16(ptr, ad_len, EIR_APPEARANCE, hdev->appearance);
1014 static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
1016 u8 scan_rsp_len = 0;
1018 if (hdev->appearance) {
1019 scan_rsp_len = append_appearance(hdev, ptr, scan_rsp_len);
1022 return append_local_name(hdev, ptr, scan_rsp_len);
1025 static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance,
1028 struct adv_info *adv_instance;
1030 u8 scan_rsp_len = 0;
1032 adv_instance = hci_find_adv_instance(hdev, instance);
1036 instance_flags = adv_instance->flags;
1038 if ((instance_flags & MGMT_ADV_FLAG_APPEARANCE) && hdev->appearance) {
1039 scan_rsp_len = append_appearance(hdev, ptr, scan_rsp_len);
1042 memcpy(&ptr[scan_rsp_len], adv_instance->scan_rsp_data,
1043 adv_instance->scan_rsp_len);
1045 scan_rsp_len += adv_instance->scan_rsp_len;
1047 if (instance_flags & MGMT_ADV_FLAG_LOCAL_NAME)
1048 scan_rsp_len = append_local_name(hdev, ptr, scan_rsp_len);
1050 return scan_rsp_len;
1053 void __hci_req_update_scan_rsp_data(struct hci_request *req, u8 instance)
1055 struct hci_dev *hdev = req->hdev;
1056 struct hci_cp_le_set_scan_rsp_data cp;
1059 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1062 memset(&cp, 0, sizeof(cp));
1065 len = create_instance_scan_rsp_data(hdev, instance, cp.data);
1067 len = create_default_scan_rsp_data(hdev, cp.data);
1069 if (hdev->scan_rsp_data_len == len &&
1070 !memcmp(cp.data, hdev->scan_rsp_data, len))
1073 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
1074 hdev->scan_rsp_data_len = len;
1078 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
1081 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
1083 struct adv_info *adv_instance = NULL;
1084 u8 ad_len = 0, flags = 0;
1087 /* Return 0 when the current instance identifier is invalid. */
1089 adv_instance = hci_find_adv_instance(hdev, instance);
1094 instance_flags = get_adv_instance_flags(hdev, instance);
1096 /* The Add Advertising command allows userspace to set both the general
1097 * and limited discoverable flags.
1099 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
1100 flags |= LE_AD_GENERAL;
1102 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
1103 flags |= LE_AD_LIMITED;
1105 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1106 flags |= LE_AD_NO_BREDR;
1108 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
1109 /* If a discovery flag wasn't provided, simply use the global
1113 flags |= mgmt_get_adv_discov_flags(hdev);
1115 /* If flags would still be empty, then there is no need to
1116 * include the "Flags" AD field".
1129 memcpy(ptr, adv_instance->adv_data,
1130 adv_instance->adv_data_len);
1131 ad_len += adv_instance->adv_data_len;
1132 ptr += adv_instance->adv_data_len;
1135 /* Provide Tx Power only if we can provide a valid value for it */
1136 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
1137 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
1139 ptr[1] = EIR_TX_POWER;
1140 ptr[2] = (u8)hdev->adv_tx_power;
1149 void __hci_req_update_adv_data(struct hci_request *req, u8 instance)
1151 struct hci_dev *hdev = req->hdev;
1152 struct hci_cp_le_set_adv_data cp;
1155 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1158 memset(&cp, 0, sizeof(cp));
1160 len = create_instance_adv_data(hdev, instance, cp.data);
1162 /* There's nothing to do if the data hasn't changed */
1163 if (hdev->adv_data_len == len &&
1164 memcmp(cp.data, hdev->adv_data, len) == 0)
1167 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1168 hdev->adv_data_len = len;
1172 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1175 int hci_req_update_adv_data(struct hci_dev *hdev, u8 instance)
1177 struct hci_request req;
1179 hci_req_init(&req, hdev);
1180 __hci_req_update_adv_data(&req, instance);
1182 return hci_req_run(&req, NULL);
1185 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1187 BT_DBG("%s status %u", hdev->name, status);
1190 void hci_req_reenable_advertising(struct hci_dev *hdev)
1192 struct hci_request req;
1194 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1195 list_empty(&hdev->adv_instances))
1198 hci_req_init(&req, hdev);
1200 if (hdev->cur_adv_instance) {
1201 __hci_req_schedule_adv_instance(&req, hdev->cur_adv_instance,
1204 __hci_req_update_adv_data(&req, 0x00);
1205 __hci_req_update_scan_rsp_data(&req, 0x00);
1206 __hci_req_enable_advertising(&req);
1209 hci_req_run(&req, adv_enable_complete);
1212 static void adv_timeout_expire(struct work_struct *work)
1214 struct hci_dev *hdev = container_of(work, struct hci_dev,
1215 adv_instance_expire.work);
1217 struct hci_request req;
1220 BT_DBG("%s", hdev->name);
1224 hdev->adv_instance_timeout = 0;
1226 instance = hdev->cur_adv_instance;
1227 if (instance == 0x00)
1230 hci_req_init(&req, hdev);
1232 hci_req_clear_adv_instance(hdev, NULL, &req, instance, false);
1234 if (list_empty(&hdev->adv_instances))
1235 __hci_req_disable_advertising(&req);
1237 hci_req_run(&req, NULL);
1240 hci_dev_unlock(hdev);
1243 int __hci_req_schedule_adv_instance(struct hci_request *req, u8 instance,
1246 struct hci_dev *hdev = req->hdev;
1247 struct adv_info *adv_instance = NULL;
1250 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1251 list_empty(&hdev->adv_instances))
1254 if (hdev->adv_instance_timeout)
1257 adv_instance = hci_find_adv_instance(hdev, instance);
1261 /* A zero timeout means unlimited advertising. As long as there is
1262 * only one instance, duration should be ignored. We still set a timeout
1263 * in case further instances are being added later on.
1265 * If the remaining lifetime of the instance is more than the duration
1266 * then the timeout corresponds to the duration, otherwise it will be
1267 * reduced to the remaining instance lifetime.
1269 if (adv_instance->timeout == 0 ||
1270 adv_instance->duration <= adv_instance->remaining_time)
1271 timeout = adv_instance->duration;
1273 timeout = adv_instance->remaining_time;
1275 /* The remaining time is being reduced unless the instance is being
1276 * advertised without time limit.
1278 if (adv_instance->timeout)
1279 adv_instance->remaining_time =
1280 adv_instance->remaining_time - timeout;
1282 hdev->adv_instance_timeout = timeout;
1283 queue_delayed_work(hdev->req_workqueue,
1284 &hdev->adv_instance_expire,
1285 msecs_to_jiffies(timeout * 1000));
1287 /* If we're just re-scheduling the same instance again then do not
1288 * execute any HCI commands. This happens when a single instance is
1291 if (!force && hdev->cur_adv_instance == instance &&
1292 hci_dev_test_flag(hdev, HCI_LE_ADV))
1295 hdev->cur_adv_instance = instance;
1296 __hci_req_update_adv_data(req, instance);
1297 __hci_req_update_scan_rsp_data(req, instance);
1298 __hci_req_enable_advertising(req);
1303 static void cancel_adv_timeout(struct hci_dev *hdev)
1305 if (hdev->adv_instance_timeout) {
1306 hdev->adv_instance_timeout = 0;
1307 cancel_delayed_work(&hdev->adv_instance_expire);
1311 /* For a single instance:
1312 * - force == true: The instance will be removed even when its remaining
1313 * lifetime is not zero.
1314 * - force == false: the instance will be deactivated but kept stored unless
1315 * the remaining lifetime is zero.
1317 * For instance == 0x00:
1318 * - force == true: All instances will be removed regardless of their timeout
1320 * - force == false: Only instances that have a timeout will be removed.
1322 void hci_req_clear_adv_instance(struct hci_dev *hdev, struct sock *sk,
1323 struct hci_request *req, u8 instance,
1326 struct adv_info *adv_instance, *n, *next_instance = NULL;
1330 /* Cancel any timeout concerning the removed instance(s). */
1331 if (!instance || hdev->cur_adv_instance == instance)
1332 cancel_adv_timeout(hdev);
1334 /* Get the next instance to advertise BEFORE we remove
1335 * the current one. This can be the same instance again
1336 * if there is only one instance.
1338 if (instance && hdev->cur_adv_instance == instance)
1339 next_instance = hci_get_next_instance(hdev, instance);
1341 if (instance == 0x00) {
1342 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances,
1344 if (!(force || adv_instance->timeout))
1347 rem_inst = adv_instance->instance;
1348 err = hci_remove_adv_instance(hdev, rem_inst);
1350 mgmt_advertising_removed(sk, hdev, rem_inst);
1353 adv_instance = hci_find_adv_instance(hdev, instance);
1355 if (force || (adv_instance && adv_instance->timeout &&
1356 !adv_instance->remaining_time)) {
1357 /* Don't advertise a removed instance. */
1358 if (next_instance &&
1359 next_instance->instance == instance)
1360 next_instance = NULL;
1362 err = hci_remove_adv_instance(hdev, instance);
1364 mgmt_advertising_removed(sk, hdev, instance);
1368 if (!req || !hdev_is_powered(hdev) ||
1369 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1373 __hci_req_schedule_adv_instance(req, next_instance->instance,
1377 static void set_random_addr(struct hci_request *req, bdaddr_t *rpa)
1379 struct hci_dev *hdev = req->hdev;
1381 /* If we're advertising or initiating an LE connection we can't
1382 * go ahead and change the random address at this time. This is
1383 * because the eventual initiator address used for the
1384 * subsequently created connection will be undefined (some
1385 * controllers use the new address and others the one we had
1386 * when the operation started).
1388 * In this kind of scenario skip the update and let the random
1389 * address be updated at the next cycle.
1391 if (hci_dev_test_flag(hdev, HCI_LE_ADV) ||
1392 hci_lookup_le_connect(hdev)) {
1393 BT_DBG("Deferring random address update");
1394 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1398 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa);
1401 int hci_update_random_address(struct hci_request *req, bool require_privacy,
1402 bool use_rpa, u8 *own_addr_type)
1404 struct hci_dev *hdev = req->hdev;
1407 /* If privacy is enabled use a resolvable private address. If
1408 * current RPA has expired or there is something else than
1409 * the current RPA in use, then generate a new one.
1414 *own_addr_type = ADDR_LE_DEV_RANDOM;
1416 if (!hci_dev_test_and_clear_flag(hdev, HCI_RPA_EXPIRED) &&
1417 !bacmp(&hdev->random_addr, &hdev->rpa))
1420 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
1422 BT_ERR("%s failed to generate new RPA", hdev->name);
1426 set_random_addr(req, &hdev->rpa);
1428 to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
1429 queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to);
1434 /* In case of required privacy without resolvable private address,
1435 * use an non-resolvable private address. This is useful for active
1436 * scanning and non-connectable advertising.
1438 if (require_privacy) {
1442 /* The non-resolvable private address is generated
1443 * from random six bytes with the two most significant
1446 get_random_bytes(&nrpa, 6);
1449 /* The non-resolvable private address shall not be
1450 * equal to the public address.
1452 if (bacmp(&hdev->bdaddr, &nrpa))
1456 *own_addr_type = ADDR_LE_DEV_RANDOM;
1457 set_random_addr(req, &nrpa);
1461 /* If forcing static address is in use or there is no public
1462 * address use the static address as random address (but skip
1463 * the HCI command if the current random address is already the
1466 * In case BR/EDR has been disabled on a dual-mode controller
1467 * and a static address has been configured, then use that
1468 * address instead of the public BR/EDR address.
1470 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
1471 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
1472 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
1473 bacmp(&hdev->static_addr, BDADDR_ANY))) {
1474 *own_addr_type = ADDR_LE_DEV_RANDOM;
1475 if (bacmp(&hdev->static_addr, &hdev->random_addr))
1476 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
1477 &hdev->static_addr);
1481 /* Neither privacy nor static address is being used so use a
1484 *own_addr_type = ADDR_LE_DEV_PUBLIC;
1489 static bool disconnected_whitelist_entries(struct hci_dev *hdev)
1491 struct bdaddr_list *b;
1493 list_for_each_entry(b, &hdev->whitelist, list) {
1494 struct hci_conn *conn;
1496 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr);
1500 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
1507 void __hci_req_update_scan(struct hci_request *req)
1509 struct hci_dev *hdev = req->hdev;
1512 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1515 if (!hdev_is_powered(hdev))
1518 if (mgmt_powering_down(hdev))
1521 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE) ||
1522 disconnected_whitelist_entries(hdev))
1525 scan = SCAN_DISABLED;
1527 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
1528 scan |= SCAN_INQUIRY;
1530 if (test_bit(HCI_PSCAN, &hdev->flags) == !!(scan & SCAN_PAGE) &&
1531 test_bit(HCI_ISCAN, &hdev->flags) == !!(scan & SCAN_INQUIRY))
1534 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1537 static int update_scan(struct hci_request *req, unsigned long opt)
1539 hci_dev_lock(req->hdev);
1540 __hci_req_update_scan(req);
1541 hci_dev_unlock(req->hdev);
1545 static void scan_update_work(struct work_struct *work)
1547 struct hci_dev *hdev = container_of(work, struct hci_dev, scan_update);
1549 hci_req_sync(hdev, update_scan, 0, HCI_CMD_TIMEOUT, NULL);
1552 static int connectable_update(struct hci_request *req, unsigned long opt)
1554 struct hci_dev *hdev = req->hdev;
1558 __hci_req_update_scan(req);
1560 /* If BR/EDR is not enabled and we disable advertising as a
1561 * by-product of disabling connectable, we need to update the
1562 * advertising flags.
1564 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1565 __hci_req_update_adv_data(req, hdev->cur_adv_instance);
1567 /* Update the advertising parameters if necessary */
1568 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1569 !list_empty(&hdev->adv_instances))
1570 __hci_req_enable_advertising(req);
1572 __hci_update_background_scan(req);
1574 hci_dev_unlock(hdev);
1579 static void connectable_update_work(struct work_struct *work)
1581 struct hci_dev *hdev = container_of(work, struct hci_dev,
1582 connectable_update);
1585 hci_req_sync(hdev, connectable_update, 0, HCI_CMD_TIMEOUT, &status);
1586 mgmt_set_connectable_complete(hdev, status);
1589 static u8 get_service_classes(struct hci_dev *hdev)
1591 struct bt_uuid *uuid;
1594 list_for_each_entry(uuid, &hdev->uuids, list)
1595 val |= uuid->svc_hint;
1600 void __hci_req_update_class(struct hci_request *req)
1602 struct hci_dev *hdev = req->hdev;
1605 BT_DBG("%s", hdev->name);
1607 if (!hdev_is_powered(hdev))
1610 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1613 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1616 cod[0] = hdev->minor_class;
1617 cod[1] = hdev->major_class;
1618 cod[2] = get_service_classes(hdev);
1620 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1623 if (memcmp(cod, hdev->dev_class, 3) == 0)
1626 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1629 static void write_iac(struct hci_request *req)
1631 struct hci_dev *hdev = req->hdev;
1632 struct hci_cp_write_current_iac_lap cp;
1634 if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
1637 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) {
1638 /* Limited discoverable mode */
1639 cp.num_iac = min_t(u8, hdev->num_iac, 2);
1640 cp.iac_lap[0] = 0x00; /* LIAC */
1641 cp.iac_lap[1] = 0x8b;
1642 cp.iac_lap[2] = 0x9e;
1643 cp.iac_lap[3] = 0x33; /* GIAC */
1644 cp.iac_lap[4] = 0x8b;
1645 cp.iac_lap[5] = 0x9e;
1647 /* General discoverable mode */
1649 cp.iac_lap[0] = 0x33; /* GIAC */
1650 cp.iac_lap[1] = 0x8b;
1651 cp.iac_lap[2] = 0x9e;
1654 hci_req_add(req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1655 (cp.num_iac * 3) + 1, &cp);
1658 static int discoverable_update(struct hci_request *req, unsigned long opt)
1660 struct hci_dev *hdev = req->hdev;
1664 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1666 __hci_req_update_scan(req);
1667 __hci_req_update_class(req);
1670 /* Advertising instances don't use the global discoverable setting, so
1671 * only update AD if advertising was enabled using Set Advertising.
1673 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1674 __hci_req_update_adv_data(req, 0x00);
1676 /* Discoverable mode affects the local advertising
1677 * address in limited privacy mode.
1679 if (hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1680 __hci_req_enable_advertising(req);
1683 hci_dev_unlock(hdev);
1688 static void discoverable_update_work(struct work_struct *work)
1690 struct hci_dev *hdev = container_of(work, struct hci_dev,
1691 discoverable_update);
1694 hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, &status);
1695 mgmt_set_discoverable_complete(hdev, status);
1698 void __hci_abort_conn(struct hci_request *req, struct hci_conn *conn,
1701 switch (conn->state) {
1704 if (conn->type == AMP_LINK) {
1705 struct hci_cp_disconn_phy_link cp;
1707 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
1709 hci_req_add(req, HCI_OP_DISCONN_PHY_LINK, sizeof(cp),
1712 struct hci_cp_disconnect dc;
1714 dc.handle = cpu_to_le16(conn->handle);
1716 hci_req_add(req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1719 conn->state = BT_DISCONN;
1723 if (conn->type == LE_LINK) {
1724 if (test_bit(HCI_CONN_SCANNING, &conn->flags))
1726 hci_req_add(req, HCI_OP_LE_CREATE_CONN_CANCEL,
1728 } else if (conn->type == ACL_LINK) {
1729 if (req->hdev->hci_ver < BLUETOOTH_VER_1_2)
1731 hci_req_add(req, HCI_OP_CREATE_CONN_CANCEL,
1736 if (conn->type == ACL_LINK) {
1737 struct hci_cp_reject_conn_req rej;
1739 bacpy(&rej.bdaddr, &conn->dst);
1740 rej.reason = reason;
1742 hci_req_add(req, HCI_OP_REJECT_CONN_REQ,
1744 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
1745 struct hci_cp_reject_sync_conn_req rej;
1747 bacpy(&rej.bdaddr, &conn->dst);
1749 /* SCO rejection has its own limited set of
1750 * allowed error values (0x0D-0x0F) which isn't
1751 * compatible with most values passed to this
1752 * function. To be safe hard-code one of the
1753 * values that's suitable for SCO.
1755 rej.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
1757 hci_req_add(req, HCI_OP_REJECT_SYNC_CONN_REQ,
1762 conn->state = BT_CLOSED;
1767 static void abort_conn_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1770 BT_DBG("Failed to abort connection: status 0x%2.2x", status);
1773 int hci_abort_conn(struct hci_conn *conn, u8 reason)
1775 struct hci_request req;
1778 hci_req_init(&req, conn->hdev);
1780 __hci_abort_conn(&req, conn, reason);
1782 err = hci_req_run(&req, abort_conn_complete);
1783 if (err && err != -ENODATA) {
1784 BT_ERR("Failed to run HCI request: err %d", err);
1791 static int update_bg_scan(struct hci_request *req, unsigned long opt)
1793 hci_dev_lock(req->hdev);
1794 __hci_update_background_scan(req);
1795 hci_dev_unlock(req->hdev);
1799 static void bg_scan_update(struct work_struct *work)
1801 struct hci_dev *hdev = container_of(work, struct hci_dev,
1803 struct hci_conn *conn;
1807 err = hci_req_sync(hdev, update_bg_scan, 0, HCI_CMD_TIMEOUT, &status);
1813 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1815 hci_le_conn_failed(conn, status);
1817 hci_dev_unlock(hdev);
1820 static int le_scan_disable(struct hci_request *req, unsigned long opt)
1822 hci_req_add_le_scan_disable(req);
1826 static int bredr_inquiry(struct hci_request *req, unsigned long opt)
1829 const u8 giac[3] = { 0x33, 0x8b, 0x9e };
1830 const u8 liac[3] = { 0x00, 0x8b, 0x9e };
1831 struct hci_cp_inquiry cp;
1833 BT_DBG("%s", req->hdev->name);
1835 hci_dev_lock(req->hdev);
1836 hci_inquiry_cache_flush(req->hdev);
1837 hci_dev_unlock(req->hdev);
1839 memset(&cp, 0, sizeof(cp));
1841 if (req->hdev->discovery.limited)
1842 memcpy(&cp.lap, liac, sizeof(cp.lap));
1844 memcpy(&cp.lap, giac, sizeof(cp.lap));
1848 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
1853 static void le_scan_disable_work(struct work_struct *work)
1855 struct hci_dev *hdev = container_of(work, struct hci_dev,
1856 le_scan_disable.work);
1859 BT_DBG("%s", hdev->name);
1861 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
1864 cancel_delayed_work(&hdev->le_scan_restart);
1866 hci_req_sync(hdev, le_scan_disable, 0, HCI_CMD_TIMEOUT, &status);
1868 BT_ERR("Failed to disable LE scan: status 0x%02x", status);
1872 hdev->discovery.scan_start = 0;
1874 /* If we were running LE only scan, change discovery state. If
1875 * we were running both LE and BR/EDR inquiry simultaneously,
1876 * and BR/EDR inquiry is already finished, stop discovery,
1877 * otherwise BR/EDR inquiry will stop discovery when finished.
1878 * If we will resolve remote device name, do not change
1882 if (hdev->discovery.type == DISCOV_TYPE_LE)
1883 goto discov_stopped;
1885 if (hdev->discovery.type != DISCOV_TYPE_INTERLEAVED)
1888 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks)) {
1889 if (!test_bit(HCI_INQUIRY, &hdev->flags) &&
1890 hdev->discovery.state != DISCOVERY_RESOLVING)
1891 goto discov_stopped;
1896 hci_req_sync(hdev, bredr_inquiry, DISCOV_INTERLEAVED_INQUIRY_LEN,
1897 HCI_CMD_TIMEOUT, &status);
1899 BT_ERR("Inquiry failed: status 0x%02x", status);
1900 goto discov_stopped;
1907 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1908 hci_dev_unlock(hdev);
1911 static int le_scan_restart(struct hci_request *req, unsigned long opt)
1913 struct hci_dev *hdev = req->hdev;
1914 struct hci_cp_le_set_scan_enable cp;
1916 /* If controller is not scanning we are done. */
1917 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
1920 hci_req_add_le_scan_disable(req);
1922 memset(&cp, 0, sizeof(cp));
1923 cp.enable = LE_SCAN_ENABLE;
1924 cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
1925 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1930 static void le_scan_restart_work(struct work_struct *work)
1932 struct hci_dev *hdev = container_of(work, struct hci_dev,
1933 le_scan_restart.work);
1934 unsigned long timeout, duration, scan_start, now;
1937 BT_DBG("%s", hdev->name);
1939 hci_req_sync(hdev, le_scan_restart, 0, HCI_CMD_TIMEOUT, &status);
1941 BT_ERR("Failed to restart LE scan: status %d", status);
1947 if (!test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) ||
1948 !hdev->discovery.scan_start)
1951 /* When the scan was started, hdev->le_scan_disable has been queued
1952 * after duration from scan_start. During scan restart this job
1953 * has been canceled, and we need to queue it again after proper
1954 * timeout, to make sure that scan does not run indefinitely.
1956 duration = hdev->discovery.scan_duration;
1957 scan_start = hdev->discovery.scan_start;
1959 if (now - scan_start <= duration) {
1962 if (now >= scan_start)
1963 elapsed = now - scan_start;
1965 elapsed = ULONG_MAX - scan_start + now;
1967 timeout = duration - elapsed;
1972 queue_delayed_work(hdev->req_workqueue,
1973 &hdev->le_scan_disable, timeout);
1976 hci_dev_unlock(hdev);
1979 static void disable_advertising(struct hci_request *req)
1983 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1986 static int active_scan(struct hci_request *req, unsigned long opt)
1988 uint16_t interval = opt;
1989 struct hci_dev *hdev = req->hdev;
1990 struct hci_cp_le_set_scan_param param_cp;
1991 struct hci_cp_le_set_scan_enable enable_cp;
1995 BT_DBG("%s", hdev->name);
1997 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
2000 /* Don't let discovery abort an outgoing connection attempt
2001 * that's using directed advertising.
2003 if (hci_lookup_le_connect(hdev)) {
2004 hci_dev_unlock(hdev);
2008 cancel_adv_timeout(hdev);
2009 hci_dev_unlock(hdev);
2011 disable_advertising(req);
2014 /* If controller is scanning, it means the background scanning is
2015 * running. Thus, we should temporarily stop it in order to set the
2016 * discovery scanning parameters.
2018 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
2019 hci_req_add_le_scan_disable(req);
2021 /* All active scans will be done with either a resolvable private
2022 * address (when privacy feature has been enabled) or non-resolvable
2025 err = hci_update_random_address(req, true, scan_use_rpa(hdev),
2028 own_addr_type = ADDR_LE_DEV_PUBLIC;
2030 memset(¶m_cp, 0, sizeof(param_cp));
2031 param_cp.type = LE_SCAN_ACTIVE;
2032 param_cp.interval = cpu_to_le16(interval);
2033 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
2034 param_cp.own_address_type = own_addr_type;
2036 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2039 memset(&enable_cp, 0, sizeof(enable_cp));
2040 enable_cp.enable = LE_SCAN_ENABLE;
2041 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2043 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2049 static int interleaved_discov(struct hci_request *req, unsigned long opt)
2053 BT_DBG("%s", req->hdev->name);
2055 err = active_scan(req, opt);
2059 return bredr_inquiry(req, DISCOV_BREDR_INQUIRY_LEN);
2062 static void start_discovery(struct hci_dev *hdev, u8 *status)
2064 unsigned long timeout;
2066 BT_DBG("%s type %u", hdev->name, hdev->discovery.type);
2068 switch (hdev->discovery.type) {
2069 case DISCOV_TYPE_BREDR:
2070 if (!hci_dev_test_flag(hdev, HCI_INQUIRY))
2071 hci_req_sync(hdev, bredr_inquiry,
2072 DISCOV_BREDR_INQUIRY_LEN, HCI_CMD_TIMEOUT,
2075 case DISCOV_TYPE_INTERLEAVED:
2076 /* When running simultaneous discovery, the LE scanning time
2077 * should occupy the whole discovery time sine BR/EDR inquiry
2078 * and LE scanning are scheduled by the controller.
2080 * For interleaving discovery in comparison, BR/EDR inquiry
2081 * and LE scanning are done sequentially with separate
2084 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
2086 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
2087 /* During simultaneous discovery, we double LE scan
2088 * interval. We must leave some time for the controller
2089 * to do BR/EDR inquiry.
2091 hci_req_sync(hdev, interleaved_discov,
2092 DISCOV_LE_SCAN_INT * 2, HCI_CMD_TIMEOUT,
2097 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
2098 hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT,
2099 HCI_CMD_TIMEOUT, status);
2101 case DISCOV_TYPE_LE:
2102 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
2103 hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT,
2104 HCI_CMD_TIMEOUT, status);
2107 *status = HCI_ERROR_UNSPECIFIED;
2114 BT_DBG("%s timeout %u ms", hdev->name, jiffies_to_msecs(timeout));
2116 /* When service discovery is used and the controller has a
2117 * strict duplicate filter, it is important to remember the
2118 * start and duration of the scan. This is required for
2119 * restarting scanning during the discovery phase.
2121 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) &&
2122 hdev->discovery.result_filtering) {
2123 hdev->discovery.scan_start = jiffies;
2124 hdev->discovery.scan_duration = timeout;
2127 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_disable,
2131 bool hci_req_stop_discovery(struct hci_request *req)
2133 struct hci_dev *hdev = req->hdev;
2134 struct discovery_state *d = &hdev->discovery;
2135 struct hci_cp_remote_name_req_cancel cp;
2136 struct inquiry_entry *e;
2139 BT_DBG("%s state %u", hdev->name, hdev->discovery.state);
2141 if (d->state == DISCOVERY_FINDING || d->state == DISCOVERY_STOPPING) {
2142 if (test_bit(HCI_INQUIRY, &hdev->flags))
2143 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2145 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
2146 cancel_delayed_work(&hdev->le_scan_disable);
2147 hci_req_add_le_scan_disable(req);
2152 /* Passive scanning */
2153 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
2154 hci_req_add_le_scan_disable(req);
2159 /* No further actions needed for LE-only discovery */
2160 if (d->type == DISCOV_TYPE_LE)
2163 if (d->state == DISCOVERY_RESOLVING || d->state == DISCOVERY_STOPPING) {
2164 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2169 bacpy(&cp.bdaddr, &e->data.bdaddr);
2170 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2178 static int stop_discovery(struct hci_request *req, unsigned long opt)
2180 hci_dev_lock(req->hdev);
2181 hci_req_stop_discovery(req);
2182 hci_dev_unlock(req->hdev);
2187 static void discov_update(struct work_struct *work)
2189 struct hci_dev *hdev = container_of(work, struct hci_dev,
2193 switch (hdev->discovery.state) {
2194 case DISCOVERY_STARTING:
2195 start_discovery(hdev, &status);
2196 mgmt_start_discovery_complete(hdev, status);
2198 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2200 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2202 case DISCOVERY_STOPPING:
2203 hci_req_sync(hdev, stop_discovery, 0, HCI_CMD_TIMEOUT, &status);
2204 mgmt_stop_discovery_complete(hdev, status);
2206 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2208 case DISCOVERY_STOPPED:
2214 static void discov_off(struct work_struct *work)
2216 struct hci_dev *hdev = container_of(work, struct hci_dev,
2219 BT_DBG("%s", hdev->name);
2223 /* When discoverable timeout triggers, then just make sure
2224 * the limited discoverable flag is cleared. Even in the case
2225 * of a timeout triggered from general discoverable, it is
2226 * safe to unconditionally clear the flag.
2228 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2229 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2230 hdev->discov_timeout = 0;
2232 hci_dev_unlock(hdev);
2234 hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, NULL);
2235 mgmt_new_settings(hdev);
2238 static int powered_update_hci(struct hci_request *req, unsigned long opt)
2240 struct hci_dev *hdev = req->hdev;
2245 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
2246 !lmp_host_ssp_capable(hdev)) {
2249 hci_req_add(req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
2251 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
2254 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
2255 sizeof(support), &support);
2259 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2260 lmp_bredr_capable(hdev)) {
2261 struct hci_cp_write_le_host_supported cp;
2266 /* Check first if we already have the right
2267 * host state (host features set)
2269 if (cp.le != lmp_host_le_capable(hdev) ||
2270 cp.simul != lmp_host_le_br_capable(hdev))
2271 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
2275 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2276 /* Make sure the controller has a good default for
2277 * advertising data. This also applies to the case
2278 * where BR/EDR was toggled during the AUTO_OFF phase.
2280 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2281 list_empty(&hdev->adv_instances)) {
2282 __hci_req_update_adv_data(req, 0x00);
2283 __hci_req_update_scan_rsp_data(req, 0x00);
2285 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
2286 __hci_req_enable_advertising(req);
2287 } else if (!list_empty(&hdev->adv_instances)) {
2288 struct adv_info *adv_instance;
2290 adv_instance = list_first_entry(&hdev->adv_instances,
2291 struct adv_info, list);
2292 __hci_req_schedule_adv_instance(req,
2293 adv_instance->instance,
2298 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
2299 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
2300 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE,
2301 sizeof(link_sec), &link_sec);
2303 if (lmp_bredr_capable(hdev)) {
2304 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
2305 __hci_req_write_fast_connectable(req, true);
2307 __hci_req_write_fast_connectable(req, false);
2308 __hci_req_update_scan(req);
2309 __hci_req_update_class(req);
2310 __hci_req_update_name(req);
2311 __hci_req_update_eir(req);
2314 hci_dev_unlock(hdev);
2318 int __hci_req_hci_power_on(struct hci_dev *hdev)
2320 /* Register the available SMP channels (BR/EDR and LE) only when
2321 * successfully powering on the controller. This late
2322 * registration is required so that LE SMP can clearly decide if
2323 * the public address or static address is used.
2327 return __hci_req_sync(hdev, powered_update_hci, 0, HCI_CMD_TIMEOUT,
2331 void hci_request_setup(struct hci_dev *hdev)
2333 INIT_WORK(&hdev->discov_update, discov_update);
2334 INIT_WORK(&hdev->bg_scan_update, bg_scan_update);
2335 INIT_WORK(&hdev->scan_update, scan_update_work);
2336 INIT_WORK(&hdev->connectable_update, connectable_update_work);
2337 INIT_WORK(&hdev->discoverable_update, discoverable_update_work);
2338 INIT_DELAYED_WORK(&hdev->discov_off, discov_off);
2339 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
2340 INIT_DELAYED_WORK(&hdev->le_scan_restart, le_scan_restart_work);
2341 INIT_DELAYED_WORK(&hdev->adv_instance_expire, adv_timeout_expire);
2344 void hci_request_cancel_all(struct hci_dev *hdev)
2346 hci_req_sync_cancel(hdev, ENODEV);
2348 cancel_work_sync(&hdev->discov_update);
2349 cancel_work_sync(&hdev->bg_scan_update);
2350 cancel_work_sync(&hdev->scan_update);
2351 cancel_work_sync(&hdev->connectable_update);
2352 cancel_work_sync(&hdev->discoverable_update);
2353 cancel_delayed_work_sync(&hdev->discov_off);
2354 cancel_delayed_work_sync(&hdev->le_scan_disable);
2355 cancel_delayed_work_sync(&hdev->le_scan_restart);
2357 if (hdev->adv_instance_timeout) {
2358 cancel_delayed_work_sync(&hdev->adv_instance_expire);
2359 hdev->adv_instance_timeout = 0;
projects / cascardo / linux.git / blob