2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2014 Intel Corporation
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
24 #include <asm/unaligned.h>
26 #include <net/bluetooth/bluetooth.h>
27 #include <net/bluetooth/hci_core.h>
28 #include <net/bluetooth/mgmt.h>
31 #include "hci_request.h"
33 #define HCI_REQ_DONE 0
34 #define HCI_REQ_PEND 1
35 #define HCI_REQ_CANCELED 2
37 void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
39 skb_queue_head_init(&req->cmd_q);
44 static int req_run(struct hci_request *req, hci_req_complete_t complete,
45 hci_req_complete_skb_t complete_skb)
47 struct hci_dev *hdev = req->hdev;
51 BT_DBG("length %u", skb_queue_len(&req->cmd_q));
53 /* If an error occurred during request building, remove all HCI
54 * commands queued on the HCI request queue.
57 skb_queue_purge(&req->cmd_q);
61 /* Do not allow empty requests */
62 if (skb_queue_empty(&req->cmd_q))
65 skb = skb_peek_tail(&req->cmd_q);
67 bt_cb(skb)->hci.req_complete = complete;
68 } else if (complete_skb) {
69 bt_cb(skb)->hci.req_complete_skb = complete_skb;
70 bt_cb(skb)->hci.req_flags |= HCI_REQ_SKB;
73 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
74 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
75 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
77 queue_work(hdev->workqueue, &hdev->cmd_work);
82 int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
84 return req_run(req, complete, NULL);
87 int hci_req_run_skb(struct hci_request *req, hci_req_complete_skb_t complete)
89 return req_run(req, NULL, complete);
92 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode,
95 BT_DBG("%s result 0x%2.2x", hdev->name, result);
97 if (hdev->req_status == HCI_REQ_PEND) {
98 hdev->req_result = result;
99 hdev->req_status = HCI_REQ_DONE;
101 hdev->req_skb = skb_get(skb);
102 wake_up_interruptible(&hdev->req_wait_q);
106 void hci_req_sync_cancel(struct hci_dev *hdev, int err)
108 BT_DBG("%s err 0x%2.2x", hdev->name, err);
110 if (hdev->req_status == HCI_REQ_PEND) {
111 hdev->req_result = err;
112 hdev->req_status = HCI_REQ_CANCELED;
113 wake_up_interruptible(&hdev->req_wait_q);
117 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
118 const void *param, u8 event, u32 timeout)
120 DECLARE_WAITQUEUE(wait, current);
121 struct hci_request req;
125 BT_DBG("%s", hdev->name);
127 hci_req_init(&req, hdev);
129 hci_req_add_ev(&req, opcode, plen, param, event);
131 hdev->req_status = HCI_REQ_PEND;
133 add_wait_queue(&hdev->req_wait_q, &wait);
134 set_current_state(TASK_INTERRUPTIBLE);
136 err = hci_req_run_skb(&req, hci_req_sync_complete);
138 remove_wait_queue(&hdev->req_wait_q, &wait);
139 set_current_state(TASK_RUNNING);
143 schedule_timeout(timeout);
145 remove_wait_queue(&hdev->req_wait_q, &wait);
147 if (signal_pending(current))
148 return ERR_PTR(-EINTR);
150 switch (hdev->req_status) {
152 err = -bt_to_errno(hdev->req_result);
155 case HCI_REQ_CANCELED:
156 err = -hdev->req_result;
164 hdev->req_status = hdev->req_result = 0;
166 hdev->req_skb = NULL;
168 BT_DBG("%s end: err %d", hdev->name, err);
176 return ERR_PTR(-ENODATA);
180 EXPORT_SYMBOL(__hci_cmd_sync_ev);
182 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
183 const void *param, u32 timeout)
185 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
187 EXPORT_SYMBOL(__hci_cmd_sync);
189 /* Execute request and wait for completion. */
190 int __hci_req_sync(struct hci_dev *hdev, int (*func)(struct hci_request *req,
192 unsigned long opt, u32 timeout, u8 *hci_status)
194 struct hci_request req;
195 DECLARE_WAITQUEUE(wait, current);
198 BT_DBG("%s start", hdev->name);
200 hci_req_init(&req, hdev);
202 hdev->req_status = HCI_REQ_PEND;
204 err = func(&req, opt);
207 *hci_status = HCI_ERROR_UNSPECIFIED;
211 add_wait_queue(&hdev->req_wait_q, &wait);
212 set_current_state(TASK_INTERRUPTIBLE);
214 err = hci_req_run_skb(&req, hci_req_sync_complete);
216 hdev->req_status = 0;
218 remove_wait_queue(&hdev->req_wait_q, &wait);
219 set_current_state(TASK_RUNNING);
221 /* ENODATA means the HCI request command queue is empty.
222 * This can happen when a request with conditionals doesn't
223 * trigger any commands to be sent. This is normal behavior
224 * and should not trigger an error return.
226 if (err == -ENODATA) {
233 *hci_status = HCI_ERROR_UNSPECIFIED;
238 schedule_timeout(timeout);
240 remove_wait_queue(&hdev->req_wait_q, &wait);
242 if (signal_pending(current))
245 switch (hdev->req_status) {
247 err = -bt_to_errno(hdev->req_result);
249 *hci_status = hdev->req_result;
252 case HCI_REQ_CANCELED:
253 err = -hdev->req_result;
255 *hci_status = HCI_ERROR_UNSPECIFIED;
261 *hci_status = HCI_ERROR_UNSPECIFIED;
265 kfree_skb(hdev->req_skb);
266 hdev->req_skb = NULL;
267 hdev->req_status = hdev->req_result = 0;
269 BT_DBG("%s end: err %d", hdev->name, err);
274 int hci_req_sync(struct hci_dev *hdev, int (*req)(struct hci_request *req,
276 unsigned long opt, u32 timeout, u8 *hci_status)
280 if (!test_bit(HCI_UP, &hdev->flags))
283 /* Serialize all requests */
284 hci_req_sync_lock(hdev);
285 ret = __hci_req_sync(hdev, req, opt, timeout, hci_status);
286 hci_req_sync_unlock(hdev);
291 struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode, u32 plen,
294 int len = HCI_COMMAND_HDR_SIZE + plen;
295 struct hci_command_hdr *hdr;
298 skb = bt_skb_alloc(len, GFP_ATOMIC);
302 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
303 hdr->opcode = cpu_to_le16(opcode);
307 memcpy(skb_put(skb, plen), param, plen);
309 BT_DBG("skb len %d", skb->len);
311 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
312 hci_skb_opcode(skb) = opcode;
317 /* Queue a command to an asynchronous HCI request */
318 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
319 const void *param, u8 event)
321 struct hci_dev *hdev = req->hdev;
324 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
326 /* If an error occurred during request building, there is no point in
327 * queueing the HCI command. We can simply return.
332 skb = hci_prepare_cmd(hdev, opcode, plen, param);
334 BT_ERR("%s no memory for command (opcode 0x%4.4x)",
340 if (skb_queue_empty(&req->cmd_q))
341 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
343 bt_cb(skb)->hci.req_event = event;
345 skb_queue_tail(&req->cmd_q, skb);
348 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
351 hci_req_add_ev(req, opcode, plen, param, 0);
354 void __hci_req_write_fast_connectable(struct hci_request *req, bool enable)
356 struct hci_dev *hdev = req->hdev;
357 struct hci_cp_write_page_scan_activity acp;
360 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
363 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
367 type = PAGE_SCAN_TYPE_INTERLACED;
369 /* 160 msec page scan interval */
370 acp.interval = cpu_to_le16(0x0100);
372 type = PAGE_SCAN_TYPE_STANDARD; /* default */
374 /* default 1.28 sec page scan */
375 acp.interval = cpu_to_le16(0x0800);
378 acp.window = cpu_to_le16(0x0012);
380 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
381 __cpu_to_le16(hdev->page_scan_window) != acp.window)
382 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
385 if (hdev->page_scan_type != type)
386 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
389 /* This function controls the background scanning based on hdev->pend_le_conns
390 * list. If there are pending LE connection we start the background scanning,
391 * otherwise we stop it.
393 * This function requires the caller holds hdev->lock.
395 static void __hci_update_background_scan(struct hci_request *req)
397 struct hci_dev *hdev = req->hdev;
399 if (!test_bit(HCI_UP, &hdev->flags) ||
400 test_bit(HCI_INIT, &hdev->flags) ||
401 hci_dev_test_flag(hdev, HCI_SETUP) ||
402 hci_dev_test_flag(hdev, HCI_CONFIG) ||
403 hci_dev_test_flag(hdev, HCI_AUTO_OFF) ||
404 hci_dev_test_flag(hdev, HCI_UNREGISTER))
407 /* No point in doing scanning if LE support hasn't been enabled */
408 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
411 /* If discovery is active don't interfere with it */
412 if (hdev->discovery.state != DISCOVERY_STOPPED)
415 /* Reset RSSI and UUID filters when starting background scanning
416 * since these filters are meant for service discovery only.
418 * The Start Discovery and Start Service Discovery operations
419 * ensure to set proper values for RSSI threshold and UUID
420 * filter list. So it is safe to just reset them here.
422 hci_discovery_filter_clear(hdev);
424 if (list_empty(&hdev->pend_le_conns) &&
425 list_empty(&hdev->pend_le_reports)) {
426 /* If there is no pending LE connections or devices
427 * to be scanned for, we should stop the background
431 /* If controller is not scanning we are done. */
432 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
435 hci_req_add_le_scan_disable(req);
437 BT_DBG("%s stopping background scanning", hdev->name);
439 /* If there is at least one pending LE connection, we should
440 * keep the background scan running.
443 /* If controller is connecting, we should not start scanning
444 * since some controllers are not able to scan and connect at
447 if (hci_lookup_le_connect(hdev))
450 /* If controller is currently scanning, we stop it to ensure we
451 * don't miss any advertising (due to duplicates filter).
453 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
454 hci_req_add_le_scan_disable(req);
456 hci_req_add_le_passive_scan(req);
458 BT_DBG("%s starting background scanning", hdev->name);
462 void __hci_req_update_name(struct hci_request *req)
464 struct hci_dev *hdev = req->hdev;
465 struct hci_cp_write_local_name cp;
467 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
469 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
472 #define PNP_INFO_SVCLASS_ID 0x1200
474 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
476 u8 *ptr = data, *uuids_start = NULL;
477 struct bt_uuid *uuid;
482 list_for_each_entry(uuid, &hdev->uuids, list) {
485 if (uuid->size != 16)
488 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
492 if (uuid16 == PNP_INFO_SVCLASS_ID)
498 uuids_start[1] = EIR_UUID16_ALL;
502 /* Stop if not enough space to put next UUID */
503 if ((ptr - data) + sizeof(u16) > len) {
504 uuids_start[1] = EIR_UUID16_SOME;
508 *ptr++ = (uuid16 & 0x00ff);
509 *ptr++ = (uuid16 & 0xff00) >> 8;
510 uuids_start[0] += sizeof(uuid16);
516 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
518 u8 *ptr = data, *uuids_start = NULL;
519 struct bt_uuid *uuid;
524 list_for_each_entry(uuid, &hdev->uuids, list) {
525 if (uuid->size != 32)
531 uuids_start[1] = EIR_UUID32_ALL;
535 /* Stop if not enough space to put next UUID */
536 if ((ptr - data) + sizeof(u32) > len) {
537 uuids_start[1] = EIR_UUID32_SOME;
541 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
543 uuids_start[0] += sizeof(u32);
549 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
551 u8 *ptr = data, *uuids_start = NULL;
552 struct bt_uuid *uuid;
557 list_for_each_entry(uuid, &hdev->uuids, list) {
558 if (uuid->size != 128)
564 uuids_start[1] = EIR_UUID128_ALL;
568 /* Stop if not enough space to put next UUID */
569 if ((ptr - data) + 16 > len) {
570 uuids_start[1] = EIR_UUID128_SOME;
574 memcpy(ptr, uuid->uuid, 16);
576 uuids_start[0] += 16;
582 static void create_eir(struct hci_dev *hdev, u8 *data)
587 name_len = strlen(hdev->dev_name);
593 ptr[1] = EIR_NAME_SHORT;
595 ptr[1] = EIR_NAME_COMPLETE;
597 /* EIR Data length */
598 ptr[0] = name_len + 1;
600 memcpy(ptr + 2, hdev->dev_name, name_len);
602 ptr += (name_len + 2);
605 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
607 ptr[1] = EIR_TX_POWER;
608 ptr[2] = (u8) hdev->inq_tx_power;
613 if (hdev->devid_source > 0) {
615 ptr[1] = EIR_DEVICE_ID;
617 put_unaligned_le16(hdev->devid_source, ptr + 2);
618 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
619 put_unaligned_le16(hdev->devid_product, ptr + 6);
620 put_unaligned_le16(hdev->devid_version, ptr + 8);
625 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
626 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
627 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
630 void __hci_req_update_eir(struct hci_request *req)
632 struct hci_dev *hdev = req->hdev;
633 struct hci_cp_write_eir cp;
635 if (!hdev_is_powered(hdev))
638 if (!lmp_ext_inq_capable(hdev))
641 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
644 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
647 memset(&cp, 0, sizeof(cp));
649 create_eir(hdev, cp.data);
651 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
654 memcpy(hdev->eir, cp.data, sizeof(cp.data));
656 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
659 void hci_req_add_le_scan_disable(struct hci_request *req)
661 struct hci_cp_le_set_scan_enable cp;
663 memset(&cp, 0, sizeof(cp));
664 cp.enable = LE_SCAN_DISABLE;
665 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
668 static void add_to_white_list(struct hci_request *req,
669 struct hci_conn_params *params)
671 struct hci_cp_le_add_to_white_list cp;
673 cp.bdaddr_type = params->addr_type;
674 bacpy(&cp.bdaddr, ¶ms->addr);
676 hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp);
679 static u8 update_white_list(struct hci_request *req)
681 struct hci_dev *hdev = req->hdev;
682 struct hci_conn_params *params;
683 struct bdaddr_list *b;
684 uint8_t white_list_entries = 0;
686 /* Go through the current white list programmed into the
687 * controller one by one and check if that address is still
688 * in the list of pending connections or list of devices to
689 * report. If not present in either list, then queue the
690 * command to remove it from the controller.
692 list_for_each_entry(b, &hdev->le_white_list, list) {
693 /* If the device is neither in pend_le_conns nor
694 * pend_le_reports then remove it from the whitelist.
696 if (!hci_pend_le_action_lookup(&hdev->pend_le_conns,
697 &b->bdaddr, b->bdaddr_type) &&
698 !hci_pend_le_action_lookup(&hdev->pend_le_reports,
699 &b->bdaddr, b->bdaddr_type)) {
700 struct hci_cp_le_del_from_white_list cp;
702 cp.bdaddr_type = b->bdaddr_type;
703 bacpy(&cp.bdaddr, &b->bdaddr);
705 hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST,
710 if (hci_find_irk_by_addr(hdev, &b->bdaddr, b->bdaddr_type)) {
711 /* White list can not be used with RPAs */
715 white_list_entries++;
718 /* Since all no longer valid white list entries have been
719 * removed, walk through the list of pending connections
720 * and ensure that any new device gets programmed into
723 * If the list of the devices is larger than the list of
724 * available white list entries in the controller, then
725 * just abort and return filer policy value to not use the
728 list_for_each_entry(params, &hdev->pend_le_conns, action) {
729 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
730 ¶ms->addr, params->addr_type))
733 if (white_list_entries >= hdev->le_white_list_size) {
734 /* Select filter policy to accept all advertising */
738 if (hci_find_irk_by_addr(hdev, ¶ms->addr,
739 params->addr_type)) {
740 /* White list can not be used with RPAs */
744 white_list_entries++;
745 add_to_white_list(req, params);
748 /* After adding all new pending connections, walk through
749 * the list of pending reports and also add these to the
750 * white list if there is still space.
752 list_for_each_entry(params, &hdev->pend_le_reports, action) {
753 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
754 ¶ms->addr, params->addr_type))
757 if (white_list_entries >= hdev->le_white_list_size) {
758 /* Select filter policy to accept all advertising */
762 if (hci_find_irk_by_addr(hdev, ¶ms->addr,
763 params->addr_type)) {
764 /* White list can not be used with RPAs */
768 white_list_entries++;
769 add_to_white_list(req, params);
772 /* Select filter policy to use white list */
776 static bool scan_use_rpa(struct hci_dev *hdev)
778 return hci_dev_test_flag(hdev, HCI_PRIVACY);
781 void hci_req_add_le_passive_scan(struct hci_request *req)
783 struct hci_cp_le_set_scan_param param_cp;
784 struct hci_cp_le_set_scan_enable enable_cp;
785 struct hci_dev *hdev = req->hdev;
789 /* Set require_privacy to false since no SCAN_REQ are send
790 * during passive scanning. Not using an non-resolvable address
791 * here is important so that peer devices using direct
792 * advertising with our address will be correctly reported
795 if (hci_update_random_address(req, false, scan_use_rpa(hdev),
799 /* Adding or removing entries from the white list must
800 * happen before enabling scanning. The controller does
801 * not allow white list modification while scanning.
803 filter_policy = update_white_list(req);
805 /* When the controller is using random resolvable addresses and
806 * with that having LE privacy enabled, then controllers with
807 * Extended Scanner Filter Policies support can now enable support
808 * for handling directed advertising.
810 * So instead of using filter polices 0x00 (no whitelist)
811 * and 0x01 (whitelist enabled) use the new filter policies
812 * 0x02 (no whitelist) and 0x03 (whitelist enabled).
814 if (hci_dev_test_flag(hdev, HCI_PRIVACY) &&
815 (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY))
816 filter_policy |= 0x02;
818 memset(¶m_cp, 0, sizeof(param_cp));
819 param_cp.type = LE_SCAN_PASSIVE;
820 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
821 param_cp.window = cpu_to_le16(hdev->le_scan_window);
822 param_cp.own_address_type = own_addr_type;
823 param_cp.filter_policy = filter_policy;
824 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
827 memset(&enable_cp, 0, sizeof(enable_cp));
828 enable_cp.enable = LE_SCAN_ENABLE;
829 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
830 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
834 static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev)
836 u8 instance = hdev->cur_adv_instance;
837 struct adv_info *adv_instance;
839 /* Ignore instance 0 */
840 if (instance == 0x00)
843 adv_instance = hci_find_adv_instance(hdev, instance);
847 /* TODO: Take into account the "appearance" and "local-name" flags here.
848 * These are currently being ignored as they are not supported.
850 return adv_instance->scan_rsp_len;
853 void __hci_req_disable_advertising(struct hci_request *req)
857 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
860 static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
863 struct adv_info *adv_instance;
865 if (instance == 0x00) {
866 /* Instance 0 always manages the "Tx Power" and "Flags"
869 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
871 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting
872 * corresponds to the "connectable" instance flag.
874 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
875 flags |= MGMT_ADV_FLAG_CONNECTABLE;
877 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
878 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
879 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
880 flags |= MGMT_ADV_FLAG_DISCOV;
885 adv_instance = hci_find_adv_instance(hdev, instance);
887 /* Return 0 when we got an invalid instance identifier. */
891 return adv_instance->flags;
894 static bool adv_use_rpa(struct hci_dev *hdev, uint32_t flags)
896 /* If privacy is not enabled don't use RPA */
897 if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
900 /* If basic privacy mode is enabled use RPA */
901 if (!hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
904 /* If limited privacy mode is enabled don't use RPA if we're
905 * both discoverable and bondable.
907 if ((flags & MGMT_ADV_FLAG_DISCOV) &&
908 hci_dev_test_flag(hdev, HCI_BONDABLE))
911 /* We're neither bondable nor discoverable in the limited
912 * privacy mode, therefore use RPA.
917 void __hci_req_enable_advertising(struct hci_request *req)
919 struct hci_dev *hdev = req->hdev;
920 struct hci_cp_le_set_adv_param cp;
921 u8 own_addr_type, enable = 0x01;
925 if (hci_conn_num(hdev, LE_LINK) > 0)
928 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
929 __hci_req_disable_advertising(req);
931 /* Clear the HCI_LE_ADV bit temporarily so that the
932 * hci_update_random_address knows that it's safe to go ahead
933 * and write a new random address. The flag will be set back on
934 * as soon as the SET_ADV_ENABLE HCI command completes.
936 hci_dev_clear_flag(hdev, HCI_LE_ADV);
938 flags = get_adv_instance_flags(hdev, hdev->cur_adv_instance);
940 /* If the "connectable" instance flag was not set, then choose between
941 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
943 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
944 mgmt_get_connectable(hdev);
946 /* Set require_privacy to true only when non-connectable
947 * advertising is used. In that case it is fine to use a
948 * non-resolvable private address.
950 if (hci_update_random_address(req, !connectable,
951 adv_use_rpa(hdev, flags),
955 memset(&cp, 0, sizeof(cp));
956 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
957 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
960 cp.type = LE_ADV_IND;
961 else if (get_cur_adv_instance_scan_rsp_len(hdev))
962 cp.type = LE_ADV_SCAN_IND;
964 cp.type = LE_ADV_NONCONN_IND;
966 cp.own_address_type = own_addr_type;
967 cp.channel_map = hdev->le_adv_channel_map;
969 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
971 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
974 static u8 append_local_name(struct hci_dev *hdev, u8 *ptr, u8 ad_len)
980 max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
981 complete_len = strlen(hdev->dev_name);
982 short_len = strlen(hdev->short_name);
984 /* no space left for name */
992 /* complete name fits and is eq to max short name len or smaller */
993 if (complete_len <= max_len &&
994 complete_len <= HCI_MAX_SHORT_NAME_LENGTH) {
995 ptr[0] = complete_len + 1;
996 ptr[1] = EIR_NAME_COMPLETE;
997 memcpy(ptr + 2, hdev->dev_name, complete_len);
999 return ad_len + complete_len + 2;
1002 /* short name set and fits */
1003 if (short_len && short_len <= max_len) {
1004 ptr[0] = short_len + 1;
1005 ptr[1] = EIR_NAME_SHORT;
1006 memcpy(ptr + 2, hdev->short_name, short_len);
1008 return ad_len + short_len + 2;
1011 /* no short name set so shorten complete name */
1013 ptr[0] = max_len + 1;
1014 ptr[1] = EIR_NAME_SHORT;
1015 memcpy(ptr + 2, hdev->dev_name, max_len);
1017 return ad_len + max_len + 2;
1023 static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
1025 return append_local_name(hdev, ptr, 0);
1028 static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance,
1031 struct adv_info *adv_instance;
1033 u8 scan_rsp_len = 0;
1035 adv_instance = hci_find_adv_instance(hdev, instance);
1039 instance_flags = adv_instance->flags;
1041 if ((instance_flags & MGMT_ADV_FLAG_APPEARANCE) && hdev->appearance) {
1043 ptr[1] = EIR_APPEARANCE;
1044 put_unaligned_le16(hdev->appearance, ptr + 2);
1049 memcpy(ptr, adv_instance->scan_rsp_data,
1050 adv_instance->scan_rsp_len);
1052 scan_rsp_len += adv_instance->scan_rsp_len;
1053 ptr += adv_instance->scan_rsp_len;
1055 if (instance_flags & MGMT_ADV_FLAG_LOCAL_NAME)
1056 scan_rsp_len = append_local_name(hdev, ptr, scan_rsp_len);
1058 return scan_rsp_len;
1061 void __hci_req_update_scan_rsp_data(struct hci_request *req, u8 instance)
1063 struct hci_dev *hdev = req->hdev;
1064 struct hci_cp_le_set_scan_rsp_data cp;
1067 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1070 memset(&cp, 0, sizeof(cp));
1073 len = create_instance_scan_rsp_data(hdev, instance, cp.data);
1075 len = create_default_scan_rsp_data(hdev, cp.data);
1077 if (hdev->scan_rsp_data_len == len &&
1078 !memcmp(cp.data, hdev->scan_rsp_data, len))
1081 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
1082 hdev->scan_rsp_data_len = len;
1086 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
1089 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
1091 struct adv_info *adv_instance = NULL;
1092 u8 ad_len = 0, flags = 0;
1095 /* Return 0 when the current instance identifier is invalid. */
1097 adv_instance = hci_find_adv_instance(hdev, instance);
1102 instance_flags = get_adv_instance_flags(hdev, instance);
1104 /* The Add Advertising command allows userspace to set both the general
1105 * and limited discoverable flags.
1107 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
1108 flags |= LE_AD_GENERAL;
1110 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
1111 flags |= LE_AD_LIMITED;
1113 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1114 flags |= LE_AD_NO_BREDR;
1116 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
1117 /* If a discovery flag wasn't provided, simply use the global
1121 flags |= mgmt_get_adv_discov_flags(hdev);
1123 /* If flags would still be empty, then there is no need to
1124 * include the "Flags" AD field".
1137 memcpy(ptr, adv_instance->adv_data,
1138 adv_instance->adv_data_len);
1139 ad_len += adv_instance->adv_data_len;
1140 ptr += adv_instance->adv_data_len;
1143 /* Provide Tx Power only if we can provide a valid value for it */
1144 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
1145 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
1147 ptr[1] = EIR_TX_POWER;
1148 ptr[2] = (u8)hdev->adv_tx_power;
1157 void __hci_req_update_adv_data(struct hci_request *req, u8 instance)
1159 struct hci_dev *hdev = req->hdev;
1160 struct hci_cp_le_set_adv_data cp;
1163 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1166 memset(&cp, 0, sizeof(cp));
1168 len = create_instance_adv_data(hdev, instance, cp.data);
1170 /* There's nothing to do if the data hasn't changed */
1171 if (hdev->adv_data_len == len &&
1172 memcmp(cp.data, hdev->adv_data, len) == 0)
1175 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1176 hdev->adv_data_len = len;
1180 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1183 int hci_req_update_adv_data(struct hci_dev *hdev, u8 instance)
1185 struct hci_request req;
1187 hci_req_init(&req, hdev);
1188 __hci_req_update_adv_data(&req, instance);
1190 return hci_req_run(&req, NULL);
1193 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1195 BT_DBG("%s status %u", hdev->name, status);
1198 void hci_req_reenable_advertising(struct hci_dev *hdev)
1200 struct hci_request req;
1202 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1203 list_empty(&hdev->adv_instances))
1206 hci_req_init(&req, hdev);
1208 if (hdev->cur_adv_instance) {
1209 __hci_req_schedule_adv_instance(&req, hdev->cur_adv_instance,
1212 __hci_req_update_adv_data(&req, 0x00);
1213 __hci_req_update_scan_rsp_data(&req, 0x00);
1214 __hci_req_enable_advertising(&req);
1217 hci_req_run(&req, adv_enable_complete);
1220 static void adv_timeout_expire(struct work_struct *work)
1222 struct hci_dev *hdev = container_of(work, struct hci_dev,
1223 adv_instance_expire.work);
1225 struct hci_request req;
1228 BT_DBG("%s", hdev->name);
1232 hdev->adv_instance_timeout = 0;
1234 instance = hdev->cur_adv_instance;
1235 if (instance == 0x00)
1238 hci_req_init(&req, hdev);
1240 hci_req_clear_adv_instance(hdev, NULL, &req, instance, false);
1242 if (list_empty(&hdev->adv_instances))
1243 __hci_req_disable_advertising(&req);
1245 hci_req_run(&req, NULL);
1248 hci_dev_unlock(hdev);
1251 int __hci_req_schedule_adv_instance(struct hci_request *req, u8 instance,
1254 struct hci_dev *hdev = req->hdev;
1255 struct adv_info *adv_instance = NULL;
1258 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1259 list_empty(&hdev->adv_instances))
1262 if (hdev->adv_instance_timeout)
1265 adv_instance = hci_find_adv_instance(hdev, instance);
1269 /* A zero timeout means unlimited advertising. As long as there is
1270 * only one instance, duration should be ignored. We still set a timeout
1271 * in case further instances are being added later on.
1273 * If the remaining lifetime of the instance is more than the duration
1274 * then the timeout corresponds to the duration, otherwise it will be
1275 * reduced to the remaining instance lifetime.
1277 if (adv_instance->timeout == 0 ||
1278 adv_instance->duration <= adv_instance->remaining_time)
1279 timeout = adv_instance->duration;
1281 timeout = adv_instance->remaining_time;
1283 /* The remaining time is being reduced unless the instance is being
1284 * advertised without time limit.
1286 if (adv_instance->timeout)
1287 adv_instance->remaining_time =
1288 adv_instance->remaining_time - timeout;
1290 hdev->adv_instance_timeout = timeout;
1291 queue_delayed_work(hdev->req_workqueue,
1292 &hdev->adv_instance_expire,
1293 msecs_to_jiffies(timeout * 1000));
1295 /* If we're just re-scheduling the same instance again then do not
1296 * execute any HCI commands. This happens when a single instance is
1299 if (!force && hdev->cur_adv_instance == instance &&
1300 hci_dev_test_flag(hdev, HCI_LE_ADV))
1303 hdev->cur_adv_instance = instance;
1304 __hci_req_update_adv_data(req, instance);
1305 __hci_req_update_scan_rsp_data(req, instance);
1306 __hci_req_enable_advertising(req);
1311 static void cancel_adv_timeout(struct hci_dev *hdev)
1313 if (hdev->adv_instance_timeout) {
1314 hdev->adv_instance_timeout = 0;
1315 cancel_delayed_work(&hdev->adv_instance_expire);
1319 /* For a single instance:
1320 * - force == true: The instance will be removed even when its remaining
1321 * lifetime is not zero.
1322 * - force == false: the instance will be deactivated but kept stored unless
1323 * the remaining lifetime is zero.
1325 * For instance == 0x00:
1326 * - force == true: All instances will be removed regardless of their timeout
1328 * - force == false: Only instances that have a timeout will be removed.
1330 void hci_req_clear_adv_instance(struct hci_dev *hdev, struct sock *sk,
1331 struct hci_request *req, u8 instance,
1334 struct adv_info *adv_instance, *n, *next_instance = NULL;
1338 /* Cancel any timeout concerning the removed instance(s). */
1339 if (!instance || hdev->cur_adv_instance == instance)
1340 cancel_adv_timeout(hdev);
1342 /* Get the next instance to advertise BEFORE we remove
1343 * the current one. This can be the same instance again
1344 * if there is only one instance.
1346 if (instance && hdev->cur_adv_instance == instance)
1347 next_instance = hci_get_next_instance(hdev, instance);
1349 if (instance == 0x00) {
1350 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances,
1352 if (!(force || adv_instance->timeout))
1355 rem_inst = adv_instance->instance;
1356 err = hci_remove_adv_instance(hdev, rem_inst);
1358 mgmt_advertising_removed(sk, hdev, rem_inst);
1361 adv_instance = hci_find_adv_instance(hdev, instance);
1363 if (force || (adv_instance && adv_instance->timeout &&
1364 !adv_instance->remaining_time)) {
1365 /* Don't advertise a removed instance. */
1366 if (next_instance &&
1367 next_instance->instance == instance)
1368 next_instance = NULL;
1370 err = hci_remove_adv_instance(hdev, instance);
1372 mgmt_advertising_removed(sk, hdev, instance);
1376 if (!req || !hdev_is_powered(hdev) ||
1377 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1381 __hci_req_schedule_adv_instance(req, next_instance->instance,
1385 static void set_random_addr(struct hci_request *req, bdaddr_t *rpa)
1387 struct hci_dev *hdev = req->hdev;
1389 /* If we're advertising or initiating an LE connection we can't
1390 * go ahead and change the random address at this time. This is
1391 * because the eventual initiator address used for the
1392 * subsequently created connection will be undefined (some
1393 * controllers use the new address and others the one we had
1394 * when the operation started).
1396 * In this kind of scenario skip the update and let the random
1397 * address be updated at the next cycle.
1399 if (hci_dev_test_flag(hdev, HCI_LE_ADV) ||
1400 hci_lookup_le_connect(hdev)) {
1401 BT_DBG("Deferring random address update");
1402 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1406 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa);
1409 int hci_update_random_address(struct hci_request *req, bool require_privacy,
1410 bool use_rpa, u8 *own_addr_type)
1412 struct hci_dev *hdev = req->hdev;
1415 /* If privacy is enabled use a resolvable private address. If
1416 * current RPA has expired or there is something else than
1417 * the current RPA in use, then generate a new one.
1422 *own_addr_type = ADDR_LE_DEV_RANDOM;
1424 if (!hci_dev_test_and_clear_flag(hdev, HCI_RPA_EXPIRED) &&
1425 !bacmp(&hdev->random_addr, &hdev->rpa))
1428 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
1430 BT_ERR("%s failed to generate new RPA", hdev->name);
1434 set_random_addr(req, &hdev->rpa);
1436 to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
1437 queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to);
1442 /* In case of required privacy without resolvable private address,
1443 * use an non-resolvable private address. This is useful for active
1444 * scanning and non-connectable advertising.
1446 if (require_privacy) {
1450 /* The non-resolvable private address is generated
1451 * from random six bytes with the two most significant
1454 get_random_bytes(&nrpa, 6);
1457 /* The non-resolvable private address shall not be
1458 * equal to the public address.
1460 if (bacmp(&hdev->bdaddr, &nrpa))
1464 *own_addr_type = ADDR_LE_DEV_RANDOM;
1465 set_random_addr(req, &nrpa);
1469 /* If forcing static address is in use or there is no public
1470 * address use the static address as random address (but skip
1471 * the HCI command if the current random address is already the
1474 * In case BR/EDR has been disabled on a dual-mode controller
1475 * and a static address has been configured, then use that
1476 * address instead of the public BR/EDR address.
1478 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
1479 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
1480 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
1481 bacmp(&hdev->static_addr, BDADDR_ANY))) {
1482 *own_addr_type = ADDR_LE_DEV_RANDOM;
1483 if (bacmp(&hdev->static_addr, &hdev->random_addr))
1484 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
1485 &hdev->static_addr);
1489 /* Neither privacy nor static address is being used so use a
1492 *own_addr_type = ADDR_LE_DEV_PUBLIC;
1497 static bool disconnected_whitelist_entries(struct hci_dev *hdev)
1499 struct bdaddr_list *b;
1501 list_for_each_entry(b, &hdev->whitelist, list) {
1502 struct hci_conn *conn;
1504 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr);
1508 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
1515 void __hci_req_update_scan(struct hci_request *req)
1517 struct hci_dev *hdev = req->hdev;
1520 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1523 if (!hdev_is_powered(hdev))
1526 if (mgmt_powering_down(hdev))
1529 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE) ||
1530 disconnected_whitelist_entries(hdev))
1533 scan = SCAN_DISABLED;
1535 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
1536 scan |= SCAN_INQUIRY;
1538 if (test_bit(HCI_PSCAN, &hdev->flags) == !!(scan & SCAN_PAGE) &&
1539 test_bit(HCI_ISCAN, &hdev->flags) == !!(scan & SCAN_INQUIRY))
1542 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1545 static int update_scan(struct hci_request *req, unsigned long opt)
1547 hci_dev_lock(req->hdev);
1548 __hci_req_update_scan(req);
1549 hci_dev_unlock(req->hdev);
1553 static void scan_update_work(struct work_struct *work)
1555 struct hci_dev *hdev = container_of(work, struct hci_dev, scan_update);
1557 hci_req_sync(hdev, update_scan, 0, HCI_CMD_TIMEOUT, NULL);
1560 static int connectable_update(struct hci_request *req, unsigned long opt)
1562 struct hci_dev *hdev = req->hdev;
1566 __hci_req_update_scan(req);
1568 /* If BR/EDR is not enabled and we disable advertising as a
1569 * by-product of disabling connectable, we need to update the
1570 * advertising flags.
1572 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1573 __hci_req_update_adv_data(req, hdev->cur_adv_instance);
1575 /* Update the advertising parameters if necessary */
1576 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1577 !list_empty(&hdev->adv_instances))
1578 __hci_req_enable_advertising(req);
1580 __hci_update_background_scan(req);
1582 hci_dev_unlock(hdev);
1587 static void connectable_update_work(struct work_struct *work)
1589 struct hci_dev *hdev = container_of(work, struct hci_dev,
1590 connectable_update);
1593 hci_req_sync(hdev, connectable_update, 0, HCI_CMD_TIMEOUT, &status);
1594 mgmt_set_connectable_complete(hdev, status);
1597 static u8 get_service_classes(struct hci_dev *hdev)
1599 struct bt_uuid *uuid;
1602 list_for_each_entry(uuid, &hdev->uuids, list)
1603 val |= uuid->svc_hint;
1608 void __hci_req_update_class(struct hci_request *req)
1610 struct hci_dev *hdev = req->hdev;
1613 BT_DBG("%s", hdev->name);
1615 if (!hdev_is_powered(hdev))
1618 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1621 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1624 cod[0] = hdev->minor_class;
1625 cod[1] = hdev->major_class;
1626 cod[2] = get_service_classes(hdev);
1628 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1631 if (memcmp(cod, hdev->dev_class, 3) == 0)
1634 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1637 static void write_iac(struct hci_request *req)
1639 struct hci_dev *hdev = req->hdev;
1640 struct hci_cp_write_current_iac_lap cp;
1642 if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
1645 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) {
1646 /* Limited discoverable mode */
1647 cp.num_iac = min_t(u8, hdev->num_iac, 2);
1648 cp.iac_lap[0] = 0x00; /* LIAC */
1649 cp.iac_lap[1] = 0x8b;
1650 cp.iac_lap[2] = 0x9e;
1651 cp.iac_lap[3] = 0x33; /* GIAC */
1652 cp.iac_lap[4] = 0x8b;
1653 cp.iac_lap[5] = 0x9e;
1655 /* General discoverable mode */
1657 cp.iac_lap[0] = 0x33; /* GIAC */
1658 cp.iac_lap[1] = 0x8b;
1659 cp.iac_lap[2] = 0x9e;
1662 hci_req_add(req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1663 (cp.num_iac * 3) + 1, &cp);
1666 static int discoverable_update(struct hci_request *req, unsigned long opt)
1668 struct hci_dev *hdev = req->hdev;
1672 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1674 __hci_req_update_scan(req);
1675 __hci_req_update_class(req);
1678 /* Advertising instances don't use the global discoverable setting, so
1679 * only update AD if advertising was enabled using Set Advertising.
1681 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1682 __hci_req_update_adv_data(req, 0x00);
1684 /* Discoverable mode affects the local advertising
1685 * address in limited privacy mode.
1687 if (hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1688 __hci_req_enable_advertising(req);
1691 hci_dev_unlock(hdev);
1696 static void discoverable_update_work(struct work_struct *work)
1698 struct hci_dev *hdev = container_of(work, struct hci_dev,
1699 discoverable_update);
1702 hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, &status);
1703 mgmt_set_discoverable_complete(hdev, status);
1706 void __hci_abort_conn(struct hci_request *req, struct hci_conn *conn,
1709 switch (conn->state) {
1712 if (conn->type == AMP_LINK) {
1713 struct hci_cp_disconn_phy_link cp;
1715 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
1717 hci_req_add(req, HCI_OP_DISCONN_PHY_LINK, sizeof(cp),
1720 struct hci_cp_disconnect dc;
1722 dc.handle = cpu_to_le16(conn->handle);
1724 hci_req_add(req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1727 conn->state = BT_DISCONN;
1731 if (conn->type == LE_LINK) {
1732 if (test_bit(HCI_CONN_SCANNING, &conn->flags))
1734 hci_req_add(req, HCI_OP_LE_CREATE_CONN_CANCEL,
1736 } else if (conn->type == ACL_LINK) {
1737 if (req->hdev->hci_ver < BLUETOOTH_VER_1_2)
1739 hci_req_add(req, HCI_OP_CREATE_CONN_CANCEL,
1744 if (conn->type == ACL_LINK) {
1745 struct hci_cp_reject_conn_req rej;
1747 bacpy(&rej.bdaddr, &conn->dst);
1748 rej.reason = reason;
1750 hci_req_add(req, HCI_OP_REJECT_CONN_REQ,
1752 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
1753 struct hci_cp_reject_sync_conn_req rej;
1755 bacpy(&rej.bdaddr, &conn->dst);
1757 /* SCO rejection has its own limited set of
1758 * allowed error values (0x0D-0x0F) which isn't
1759 * compatible with most values passed to this
1760 * function. To be safe hard-code one of the
1761 * values that's suitable for SCO.
1763 rej.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
1765 hci_req_add(req, HCI_OP_REJECT_SYNC_CONN_REQ,
1770 conn->state = BT_CLOSED;
1775 static void abort_conn_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1778 BT_DBG("Failed to abort connection: status 0x%2.2x", status);
1781 int hci_abort_conn(struct hci_conn *conn, u8 reason)
1783 struct hci_request req;
1786 hci_req_init(&req, conn->hdev);
1788 __hci_abort_conn(&req, conn, reason);
1790 err = hci_req_run(&req, abort_conn_complete);
1791 if (err && err != -ENODATA) {
1792 BT_ERR("Failed to run HCI request: err %d", err);
1799 static int update_bg_scan(struct hci_request *req, unsigned long opt)
1801 hci_dev_lock(req->hdev);
1802 __hci_update_background_scan(req);
1803 hci_dev_unlock(req->hdev);
1807 static void bg_scan_update(struct work_struct *work)
1809 struct hci_dev *hdev = container_of(work, struct hci_dev,
1811 struct hci_conn *conn;
1815 err = hci_req_sync(hdev, update_bg_scan, 0, HCI_CMD_TIMEOUT, &status);
1821 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1823 hci_le_conn_failed(conn, status);
1825 hci_dev_unlock(hdev);
1828 static int le_scan_disable(struct hci_request *req, unsigned long opt)
1830 hci_req_add_le_scan_disable(req);
1834 static int bredr_inquiry(struct hci_request *req, unsigned long opt)
1837 const u8 giac[3] = { 0x33, 0x8b, 0x9e };
1838 const u8 liac[3] = { 0x00, 0x8b, 0x9e };
1839 struct hci_cp_inquiry cp;
1841 BT_DBG("%s", req->hdev->name);
1843 hci_dev_lock(req->hdev);
1844 hci_inquiry_cache_flush(req->hdev);
1845 hci_dev_unlock(req->hdev);
1847 memset(&cp, 0, sizeof(cp));
1849 if (req->hdev->discovery.limited)
1850 memcpy(&cp.lap, liac, sizeof(cp.lap));
1852 memcpy(&cp.lap, giac, sizeof(cp.lap));
1856 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
1861 static void le_scan_disable_work(struct work_struct *work)
1863 struct hci_dev *hdev = container_of(work, struct hci_dev,
1864 le_scan_disable.work);
1867 BT_DBG("%s", hdev->name);
1869 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
1872 cancel_delayed_work(&hdev->le_scan_restart);
1874 hci_req_sync(hdev, le_scan_disable, 0, HCI_CMD_TIMEOUT, &status);
1876 BT_ERR("Failed to disable LE scan: status 0x%02x", status);
1880 hdev->discovery.scan_start = 0;
1882 /* If we were running LE only scan, change discovery state. If
1883 * we were running both LE and BR/EDR inquiry simultaneously,
1884 * and BR/EDR inquiry is already finished, stop discovery,
1885 * otherwise BR/EDR inquiry will stop discovery when finished.
1886 * If we will resolve remote device name, do not change
1890 if (hdev->discovery.type == DISCOV_TYPE_LE)
1891 goto discov_stopped;
1893 if (hdev->discovery.type != DISCOV_TYPE_INTERLEAVED)
1896 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks)) {
1897 if (!test_bit(HCI_INQUIRY, &hdev->flags) &&
1898 hdev->discovery.state != DISCOVERY_RESOLVING)
1899 goto discov_stopped;
1904 hci_req_sync(hdev, bredr_inquiry, DISCOV_INTERLEAVED_INQUIRY_LEN,
1905 HCI_CMD_TIMEOUT, &status);
1907 BT_ERR("Inquiry failed: status 0x%02x", status);
1908 goto discov_stopped;
1915 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1916 hci_dev_unlock(hdev);
1919 static int le_scan_restart(struct hci_request *req, unsigned long opt)
1921 struct hci_dev *hdev = req->hdev;
1922 struct hci_cp_le_set_scan_enable cp;
1924 /* If controller is not scanning we are done. */
1925 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
1928 hci_req_add_le_scan_disable(req);
1930 memset(&cp, 0, sizeof(cp));
1931 cp.enable = LE_SCAN_ENABLE;
1932 cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
1933 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1938 static void le_scan_restart_work(struct work_struct *work)
1940 struct hci_dev *hdev = container_of(work, struct hci_dev,
1941 le_scan_restart.work);
1942 unsigned long timeout, duration, scan_start, now;
1945 BT_DBG("%s", hdev->name);
1947 hci_req_sync(hdev, le_scan_restart, 0, HCI_CMD_TIMEOUT, &status);
1949 BT_ERR("Failed to restart LE scan: status %d", status);
1955 if (!test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) ||
1956 !hdev->discovery.scan_start)
1959 /* When the scan was started, hdev->le_scan_disable has been queued
1960 * after duration from scan_start. During scan restart this job
1961 * has been canceled, and we need to queue it again after proper
1962 * timeout, to make sure that scan does not run indefinitely.
1964 duration = hdev->discovery.scan_duration;
1965 scan_start = hdev->discovery.scan_start;
1967 if (now - scan_start <= duration) {
1970 if (now >= scan_start)
1971 elapsed = now - scan_start;
1973 elapsed = ULONG_MAX - scan_start + now;
1975 timeout = duration - elapsed;
1980 queue_delayed_work(hdev->req_workqueue,
1981 &hdev->le_scan_disable, timeout);
1984 hci_dev_unlock(hdev);
1987 static void disable_advertising(struct hci_request *req)
1991 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1994 static int active_scan(struct hci_request *req, unsigned long opt)
1996 uint16_t interval = opt;
1997 struct hci_dev *hdev = req->hdev;
1998 struct hci_cp_le_set_scan_param param_cp;
1999 struct hci_cp_le_set_scan_enable enable_cp;
2003 BT_DBG("%s", hdev->name);
2005 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
2008 /* Don't let discovery abort an outgoing connection attempt
2009 * that's using directed advertising.
2011 if (hci_lookup_le_connect(hdev)) {
2012 hci_dev_unlock(hdev);
2016 cancel_adv_timeout(hdev);
2017 hci_dev_unlock(hdev);
2019 disable_advertising(req);
2022 /* If controller is scanning, it means the background scanning is
2023 * running. Thus, we should temporarily stop it in order to set the
2024 * discovery scanning parameters.
2026 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
2027 hci_req_add_le_scan_disable(req);
2029 /* All active scans will be done with either a resolvable private
2030 * address (when privacy feature has been enabled) or non-resolvable
2033 err = hci_update_random_address(req, true, scan_use_rpa(hdev),
2036 own_addr_type = ADDR_LE_DEV_PUBLIC;
2038 memset(¶m_cp, 0, sizeof(param_cp));
2039 param_cp.type = LE_SCAN_ACTIVE;
2040 param_cp.interval = cpu_to_le16(interval);
2041 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
2042 param_cp.own_address_type = own_addr_type;
2044 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2047 memset(&enable_cp, 0, sizeof(enable_cp));
2048 enable_cp.enable = LE_SCAN_ENABLE;
2049 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2051 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2057 static int interleaved_discov(struct hci_request *req, unsigned long opt)
2061 BT_DBG("%s", req->hdev->name);
2063 err = active_scan(req, opt);
2067 return bredr_inquiry(req, DISCOV_BREDR_INQUIRY_LEN);
2070 static void start_discovery(struct hci_dev *hdev, u8 *status)
2072 unsigned long timeout;
2074 BT_DBG("%s type %u", hdev->name, hdev->discovery.type);
2076 switch (hdev->discovery.type) {
2077 case DISCOV_TYPE_BREDR:
2078 if (!hci_dev_test_flag(hdev, HCI_INQUIRY))
2079 hci_req_sync(hdev, bredr_inquiry,
2080 DISCOV_BREDR_INQUIRY_LEN, HCI_CMD_TIMEOUT,
2083 case DISCOV_TYPE_INTERLEAVED:
2084 /* When running simultaneous discovery, the LE scanning time
2085 * should occupy the whole discovery time sine BR/EDR inquiry
2086 * and LE scanning are scheduled by the controller.
2088 * For interleaving discovery in comparison, BR/EDR inquiry
2089 * and LE scanning are done sequentially with separate
2092 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
2094 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
2095 /* During simultaneous discovery, we double LE scan
2096 * interval. We must leave some time for the controller
2097 * to do BR/EDR inquiry.
2099 hci_req_sync(hdev, interleaved_discov,
2100 DISCOV_LE_SCAN_INT * 2, HCI_CMD_TIMEOUT,
2105 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
2106 hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT,
2107 HCI_CMD_TIMEOUT, status);
2109 case DISCOV_TYPE_LE:
2110 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
2111 hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT,
2112 HCI_CMD_TIMEOUT, status);
2115 *status = HCI_ERROR_UNSPECIFIED;
2122 BT_DBG("%s timeout %u ms", hdev->name, jiffies_to_msecs(timeout));
2124 /* When service discovery is used and the controller has a
2125 * strict duplicate filter, it is important to remember the
2126 * start and duration of the scan. This is required for
2127 * restarting scanning during the discovery phase.
2129 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) &&
2130 hdev->discovery.result_filtering) {
2131 hdev->discovery.scan_start = jiffies;
2132 hdev->discovery.scan_duration = timeout;
2135 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_disable,
2139 bool hci_req_stop_discovery(struct hci_request *req)
2141 struct hci_dev *hdev = req->hdev;
2142 struct discovery_state *d = &hdev->discovery;
2143 struct hci_cp_remote_name_req_cancel cp;
2144 struct inquiry_entry *e;
2147 BT_DBG("%s state %u", hdev->name, hdev->discovery.state);
2149 if (d->state == DISCOVERY_FINDING || d->state == DISCOVERY_STOPPING) {
2150 if (test_bit(HCI_INQUIRY, &hdev->flags))
2151 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2153 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
2154 cancel_delayed_work(&hdev->le_scan_disable);
2155 hci_req_add_le_scan_disable(req);
2160 /* Passive scanning */
2161 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
2162 hci_req_add_le_scan_disable(req);
2167 /* No further actions needed for LE-only discovery */
2168 if (d->type == DISCOV_TYPE_LE)
2171 if (d->state == DISCOVERY_RESOLVING || d->state == DISCOVERY_STOPPING) {
2172 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2177 bacpy(&cp.bdaddr, &e->data.bdaddr);
2178 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2186 static int stop_discovery(struct hci_request *req, unsigned long opt)
2188 hci_dev_lock(req->hdev);
2189 hci_req_stop_discovery(req);
2190 hci_dev_unlock(req->hdev);
2195 static void discov_update(struct work_struct *work)
2197 struct hci_dev *hdev = container_of(work, struct hci_dev,
2201 switch (hdev->discovery.state) {
2202 case DISCOVERY_STARTING:
2203 start_discovery(hdev, &status);
2204 mgmt_start_discovery_complete(hdev, status);
2206 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2208 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2210 case DISCOVERY_STOPPING:
2211 hci_req_sync(hdev, stop_discovery, 0, HCI_CMD_TIMEOUT, &status);
2212 mgmt_stop_discovery_complete(hdev, status);
2214 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2216 case DISCOVERY_STOPPED:
2222 static void discov_off(struct work_struct *work)
2224 struct hci_dev *hdev = container_of(work, struct hci_dev,
2227 BT_DBG("%s", hdev->name);
2231 /* When discoverable timeout triggers, then just make sure
2232 * the limited discoverable flag is cleared. Even in the case
2233 * of a timeout triggered from general discoverable, it is
2234 * safe to unconditionally clear the flag.
2236 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2237 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2238 hdev->discov_timeout = 0;
2240 hci_dev_unlock(hdev);
2242 hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, NULL);
2243 mgmt_new_settings(hdev);
2246 static int powered_update_hci(struct hci_request *req, unsigned long opt)
2248 struct hci_dev *hdev = req->hdev;
2253 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
2254 !lmp_host_ssp_capable(hdev)) {
2257 hci_req_add(req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
2259 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
2262 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
2263 sizeof(support), &support);
2267 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2268 lmp_bredr_capable(hdev)) {
2269 struct hci_cp_write_le_host_supported cp;
2274 /* Check first if we already have the right
2275 * host state (host features set)
2277 if (cp.le != lmp_host_le_capable(hdev) ||
2278 cp.simul != lmp_host_le_br_capable(hdev))
2279 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
2283 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2284 /* Make sure the controller has a good default for
2285 * advertising data. This also applies to the case
2286 * where BR/EDR was toggled during the AUTO_OFF phase.
2288 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2289 list_empty(&hdev->adv_instances)) {
2290 __hci_req_update_adv_data(req, 0x00);
2291 __hci_req_update_scan_rsp_data(req, 0x00);
2293 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
2294 __hci_req_enable_advertising(req);
2295 } else if (!list_empty(&hdev->adv_instances)) {
2296 struct adv_info *adv_instance;
2298 adv_instance = list_first_entry(&hdev->adv_instances,
2299 struct adv_info, list);
2300 __hci_req_schedule_adv_instance(req,
2301 adv_instance->instance,
2306 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
2307 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
2308 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE,
2309 sizeof(link_sec), &link_sec);
2311 if (lmp_bredr_capable(hdev)) {
2312 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
2313 __hci_req_write_fast_connectable(req, true);
2315 __hci_req_write_fast_connectable(req, false);
2316 __hci_req_update_scan(req);
2317 __hci_req_update_class(req);
2318 __hci_req_update_name(req);
2319 __hci_req_update_eir(req);
2322 hci_dev_unlock(hdev);
2326 int __hci_req_hci_power_on(struct hci_dev *hdev)
2328 /* Register the available SMP channels (BR/EDR and LE) only when
2329 * successfully powering on the controller. This late
2330 * registration is required so that LE SMP can clearly decide if
2331 * the public address or static address is used.
2335 return __hci_req_sync(hdev, powered_update_hci, 0, HCI_CMD_TIMEOUT,
2339 void hci_request_setup(struct hci_dev *hdev)
2341 INIT_WORK(&hdev->discov_update, discov_update);
2342 INIT_WORK(&hdev->bg_scan_update, bg_scan_update);
2343 INIT_WORK(&hdev->scan_update, scan_update_work);
2344 INIT_WORK(&hdev->connectable_update, connectable_update_work);
2345 INIT_WORK(&hdev->discoverable_update, discoverable_update_work);
2346 INIT_DELAYED_WORK(&hdev->discov_off, discov_off);
2347 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
2348 INIT_DELAYED_WORK(&hdev->le_scan_restart, le_scan_restart_work);
2349 INIT_DELAYED_WORK(&hdev->adv_instance_expire, adv_timeout_expire);
2352 void hci_request_cancel_all(struct hci_dev *hdev)
2354 hci_req_sync_cancel(hdev, ENODEV);
2356 cancel_work_sync(&hdev->discov_update);
2357 cancel_work_sync(&hdev->bg_scan_update);
2358 cancel_work_sync(&hdev->scan_update);
2359 cancel_work_sync(&hdev->connectable_update);
2360 cancel_work_sync(&hdev->discoverable_update);
2361 cancel_delayed_work_sync(&hdev->discov_off);
2362 cancel_delayed_work_sync(&hdev->le_scan_disable);
2363 cancel_delayed_work_sync(&hdev->le_scan_restart);
2365 if (hdev->adv_instance_timeout) {
2366 cancel_delayed_work_sync(&hdev->adv_instance_expire);
2367 hdev->adv_instance_timeout = 0;