hci_sync.c (144239B)
1// SPDX-License-Identifier: GPL-2.0 2/* 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2021 Intel Corporation 6 */ 7 8#include <linux/property.h> 9 10#include <net/bluetooth/bluetooth.h> 11#include <net/bluetooth/hci_core.h> 12#include <net/bluetooth/mgmt.h> 13 14#include "hci_request.h" 15#include "hci_debugfs.h" 16#include "smp.h" 17#include "eir.h" 18#include "msft.h" 19#include "aosp.h" 20#include "leds.h" 21 22static void hci_cmd_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode, 23 struct sk_buff *skb) 24{ 25 bt_dev_dbg(hdev, "result 0x%2.2x", result); 26 27 if (hdev->req_status != HCI_REQ_PEND) 28 return; 29 30 hdev->req_result = result; 31 hdev->req_status = HCI_REQ_DONE; 32 33 if (skb) { 34 struct sock *sk = hci_skb_sk(skb); 35 36 /* Drop sk reference if set */ 37 if (sk) 38 sock_put(sk); 39 40 hdev->req_skb = skb_get(skb); 41 } 42 43 wake_up_interruptible(&hdev->req_wait_q); 44} 45 46static struct sk_buff *hci_cmd_sync_alloc(struct hci_dev *hdev, u16 opcode, 47 u32 plen, const void *param, 48 struct sock *sk) 49{ 50 int len = HCI_COMMAND_HDR_SIZE + plen; 51 struct hci_command_hdr *hdr; 52 struct sk_buff *skb; 53 54 skb = bt_skb_alloc(len, GFP_ATOMIC); 55 if (!skb) 56 return NULL; 57 58 hdr = skb_put(skb, HCI_COMMAND_HDR_SIZE); 59 hdr->opcode = cpu_to_le16(opcode); 60 hdr->plen = plen; 61 62 if (plen) 63 skb_put_data(skb, param, plen); 64 65 bt_dev_dbg(hdev, "skb len %d", skb->len); 66 67 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 68 hci_skb_opcode(skb) = opcode; 69 70 /* Grab a reference if command needs to be associated with a sock (e.g. 71 * likely mgmt socket that initiated the command). 72 */ 73 if (sk) { 74 hci_skb_sk(skb) = sk; 75 sock_hold(sk); 76 } 77 78 return skb; 79} 80 81static void hci_cmd_sync_add(struct hci_request *req, u16 opcode, u32 plen, 82 const void *param, u8 event, struct sock *sk) 83{ 84 struct hci_dev *hdev = req->hdev; 85 struct sk_buff *skb; 86 87 bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen); 88 89 /* If an error occurred during request building, there is no point in 90 * queueing the HCI command. We can simply return. 91 */ 92 if (req->err) 93 return; 94 95 skb = hci_cmd_sync_alloc(hdev, opcode, plen, param, sk); 96 if (!skb) { 97 bt_dev_err(hdev, "no memory for command (opcode 0x%4.4x)", 98 opcode); 99 req->err = -ENOMEM; 100 return; 101 } 102 103 if (skb_queue_empty(&req->cmd_q)) 104 bt_cb(skb)->hci.req_flags |= HCI_REQ_START; 105 106 hci_skb_event(skb) = event; 107 108 skb_queue_tail(&req->cmd_q, skb); 109} 110 111static int hci_cmd_sync_run(struct hci_request *req) 112{ 113 struct hci_dev *hdev = req->hdev; 114 struct sk_buff *skb; 115 unsigned long flags; 116 117 bt_dev_dbg(hdev, "length %u", skb_queue_len(&req->cmd_q)); 118 119 /* If an error occurred during request building, remove all HCI 120 * commands queued on the HCI request queue. 121 */ 122 if (req->err) { 123 skb_queue_purge(&req->cmd_q); 124 return req->err; 125 } 126 127 /* Do not allow empty requests */ 128 if (skb_queue_empty(&req->cmd_q)) 129 return -ENODATA; 130 131 skb = skb_peek_tail(&req->cmd_q); 132 bt_cb(skb)->hci.req_complete_skb = hci_cmd_sync_complete; 133 bt_cb(skb)->hci.req_flags |= HCI_REQ_SKB; 134 135 spin_lock_irqsave(&hdev->cmd_q.lock, flags); 136 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q); 137 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags); 138 139 queue_work(hdev->workqueue, &hdev->cmd_work); 140 141 return 0; 142} 143 144/* This function requires the caller holds hdev->req_lock. */ 145struct sk_buff *__hci_cmd_sync_sk(struct hci_dev *hdev, u16 opcode, u32 plen, 146 const void *param, u8 event, u32 timeout, 147 struct sock *sk) 148{ 149 struct hci_request req; 150 struct sk_buff *skb; 151 int err = 0; 152 153 bt_dev_dbg(hdev, "Opcode 0x%4x", opcode); 154 155 hci_req_init(&req, hdev); 156 157 hci_cmd_sync_add(&req, opcode, plen, param, event, sk); 158 159 hdev->req_status = HCI_REQ_PEND; 160 161 err = hci_cmd_sync_run(&req); 162 if (err < 0) 163 return ERR_PTR(err); 164 165 err = wait_event_interruptible_timeout(hdev->req_wait_q, 166 hdev->req_status != HCI_REQ_PEND, 167 timeout); 168 169 if (err == -ERESTARTSYS) 170 return ERR_PTR(-EINTR); 171 172 switch (hdev->req_status) { 173 case HCI_REQ_DONE: 174 err = -bt_to_errno(hdev->req_result); 175 break; 176 177 case HCI_REQ_CANCELED: 178 err = -hdev->req_result; 179 break; 180 181 default: 182 err = -ETIMEDOUT; 183 break; 184 } 185 186 hdev->req_status = 0; 187 hdev->req_result = 0; 188 skb = hdev->req_skb; 189 hdev->req_skb = NULL; 190 191 bt_dev_dbg(hdev, "end: err %d", err); 192 193 if (err < 0) { 194 kfree_skb(skb); 195 return ERR_PTR(err); 196 } 197 198 return skb; 199} 200EXPORT_SYMBOL(__hci_cmd_sync_sk); 201 202/* This function requires the caller holds hdev->req_lock. */ 203struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen, 204 const void *param, u32 timeout) 205{ 206 return __hci_cmd_sync_sk(hdev, opcode, plen, param, 0, timeout, NULL); 207} 208EXPORT_SYMBOL(__hci_cmd_sync); 209 210/* Send HCI command and wait for command complete event */ 211struct sk_buff *hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen, 212 const void *param, u32 timeout) 213{ 214 struct sk_buff *skb; 215 216 if (!test_bit(HCI_UP, &hdev->flags)) 217 return ERR_PTR(-ENETDOWN); 218 219 bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen); 220 221 hci_req_sync_lock(hdev); 222 skb = __hci_cmd_sync(hdev, opcode, plen, param, timeout); 223 hci_req_sync_unlock(hdev); 224 225 return skb; 226} 227EXPORT_SYMBOL(hci_cmd_sync); 228 229/* This function requires the caller holds hdev->req_lock. */ 230struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen, 231 const void *param, u8 event, u32 timeout) 232{ 233 return __hci_cmd_sync_sk(hdev, opcode, plen, param, event, timeout, 234 NULL); 235} 236EXPORT_SYMBOL(__hci_cmd_sync_ev); 237 238/* This function requires the caller holds hdev->req_lock. */ 239int __hci_cmd_sync_status_sk(struct hci_dev *hdev, u16 opcode, u32 plen, 240 const void *param, u8 event, u32 timeout, 241 struct sock *sk) 242{ 243 struct sk_buff *skb; 244 u8 status; 245 246 skb = __hci_cmd_sync_sk(hdev, opcode, plen, param, event, timeout, sk); 247 if (IS_ERR(skb)) { 248 bt_dev_err(hdev, "Opcode 0x%4x failed: %ld", opcode, 249 PTR_ERR(skb)); 250 return PTR_ERR(skb); 251 } 252 253 /* If command return a status event skb will be set to NULL as there are 254 * no parameters, in case of failure IS_ERR(skb) would have be set to 255 * the actual error would be found with PTR_ERR(skb). 256 */ 257 if (!skb) 258 return 0; 259 260 status = skb->data[0]; 261 262 kfree_skb(skb); 263 264 return status; 265} 266EXPORT_SYMBOL(__hci_cmd_sync_status_sk); 267 268int __hci_cmd_sync_status(struct hci_dev *hdev, u16 opcode, u32 plen, 269 const void *param, u32 timeout) 270{ 271 return __hci_cmd_sync_status_sk(hdev, opcode, plen, param, 0, timeout, 272 NULL); 273} 274EXPORT_SYMBOL(__hci_cmd_sync_status); 275 276static void hci_cmd_sync_work(struct work_struct *work) 277{ 278 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_sync_work); 279 280 bt_dev_dbg(hdev, ""); 281 282 /* Dequeue all entries and run them */ 283 while (1) { 284 struct hci_cmd_sync_work_entry *entry; 285 286 mutex_lock(&hdev->cmd_sync_work_lock); 287 entry = list_first_entry_or_null(&hdev->cmd_sync_work_list, 288 struct hci_cmd_sync_work_entry, 289 list); 290 if (entry) 291 list_del(&entry->list); 292 mutex_unlock(&hdev->cmd_sync_work_lock); 293 294 if (!entry) 295 break; 296 297 bt_dev_dbg(hdev, "entry %p", entry); 298 299 if (entry->func) { 300 int err; 301 302 hci_req_sync_lock(hdev); 303 err = entry->func(hdev, entry->data); 304 if (entry->destroy) 305 entry->destroy(hdev, entry->data, err); 306 hci_req_sync_unlock(hdev); 307 } 308 309 kfree(entry); 310 } 311} 312 313static void hci_cmd_sync_cancel_work(struct work_struct *work) 314{ 315 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_sync_cancel_work); 316 317 cancel_delayed_work_sync(&hdev->cmd_timer); 318 cancel_delayed_work_sync(&hdev->ncmd_timer); 319 atomic_set(&hdev->cmd_cnt, 1); 320 321 wake_up_interruptible(&hdev->req_wait_q); 322} 323 324void hci_cmd_sync_init(struct hci_dev *hdev) 325{ 326 INIT_WORK(&hdev->cmd_sync_work, hci_cmd_sync_work); 327 INIT_LIST_HEAD(&hdev->cmd_sync_work_list); 328 mutex_init(&hdev->cmd_sync_work_lock); 329 330 INIT_WORK(&hdev->cmd_sync_cancel_work, hci_cmd_sync_cancel_work); 331} 332 333void hci_cmd_sync_clear(struct hci_dev *hdev) 334{ 335 struct hci_cmd_sync_work_entry *entry, *tmp; 336 337 cancel_work_sync(&hdev->cmd_sync_work); 338 339 list_for_each_entry_safe(entry, tmp, &hdev->cmd_sync_work_list, list) { 340 if (entry->destroy) 341 entry->destroy(hdev, entry->data, -ECANCELED); 342 343 list_del(&entry->list); 344 kfree(entry); 345 } 346} 347 348void __hci_cmd_sync_cancel(struct hci_dev *hdev, int err) 349{ 350 bt_dev_dbg(hdev, "err 0x%2.2x", err); 351 352 if (hdev->req_status == HCI_REQ_PEND) { 353 hdev->req_result = err; 354 hdev->req_status = HCI_REQ_CANCELED; 355 356 cancel_delayed_work_sync(&hdev->cmd_timer); 357 cancel_delayed_work_sync(&hdev->ncmd_timer); 358 atomic_set(&hdev->cmd_cnt, 1); 359 360 wake_up_interruptible(&hdev->req_wait_q); 361 } 362} 363 364void hci_cmd_sync_cancel(struct hci_dev *hdev, int err) 365{ 366 bt_dev_dbg(hdev, "err 0x%2.2x", err); 367 368 if (hdev->req_status == HCI_REQ_PEND) { 369 hdev->req_result = err; 370 hdev->req_status = HCI_REQ_CANCELED; 371 372 queue_work(hdev->workqueue, &hdev->cmd_sync_cancel_work); 373 } 374} 375EXPORT_SYMBOL(hci_cmd_sync_cancel); 376 377int hci_cmd_sync_queue(struct hci_dev *hdev, hci_cmd_sync_work_func_t func, 378 void *data, hci_cmd_sync_work_destroy_t destroy) 379{ 380 struct hci_cmd_sync_work_entry *entry; 381 382 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) 383 return -ENODEV; 384 385 entry = kmalloc(sizeof(*entry), GFP_KERNEL); 386 if (!entry) 387 return -ENOMEM; 388 389 entry->func = func; 390 entry->data = data; 391 entry->destroy = destroy; 392 393 mutex_lock(&hdev->cmd_sync_work_lock); 394 list_add_tail(&entry->list, &hdev->cmd_sync_work_list); 395 mutex_unlock(&hdev->cmd_sync_work_lock); 396 397 queue_work(hdev->req_workqueue, &hdev->cmd_sync_work); 398 399 return 0; 400} 401EXPORT_SYMBOL(hci_cmd_sync_queue); 402 403int hci_update_eir_sync(struct hci_dev *hdev) 404{ 405 struct hci_cp_write_eir cp; 406 407 bt_dev_dbg(hdev, ""); 408 409 if (!hdev_is_powered(hdev)) 410 return 0; 411 412 if (!lmp_ext_inq_capable(hdev)) 413 return 0; 414 415 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 416 return 0; 417 418 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE)) 419 return 0; 420 421 memset(&cp, 0, sizeof(cp)); 422 423 eir_create(hdev, cp.data); 424 425 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0) 426 return 0; 427 428 memcpy(hdev->eir, cp.data, sizeof(cp.data)); 429 430 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp, 431 HCI_CMD_TIMEOUT); 432} 433 434static u8 get_service_classes(struct hci_dev *hdev) 435{ 436 struct bt_uuid *uuid; 437 u8 val = 0; 438 439 list_for_each_entry(uuid, &hdev->uuids, list) 440 val |= uuid->svc_hint; 441 442 return val; 443} 444 445int hci_update_class_sync(struct hci_dev *hdev) 446{ 447 u8 cod[3]; 448 449 bt_dev_dbg(hdev, ""); 450 451 if (!hdev_is_powered(hdev)) 452 return 0; 453 454 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 455 return 0; 456 457 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE)) 458 return 0; 459 460 cod[0] = hdev->minor_class; 461 cod[1] = hdev->major_class; 462 cod[2] = get_service_classes(hdev); 463 464 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 465 cod[1] |= 0x20; 466 467 if (memcmp(cod, hdev->dev_class, 3) == 0) 468 return 0; 469 470 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_CLASS_OF_DEV, 471 sizeof(cod), cod, HCI_CMD_TIMEOUT); 472} 473 474static bool is_advertising_allowed(struct hci_dev *hdev, bool connectable) 475{ 476 /* If there is no connection we are OK to advertise. */ 477 if (hci_conn_num(hdev, LE_LINK) == 0) 478 return true; 479 480 /* Check le_states if there is any connection in peripheral role. */ 481 if (hdev->conn_hash.le_num_peripheral > 0) { 482 /* Peripheral connection state and non connectable mode 483 * bit 20. 484 */ 485 if (!connectable && !(hdev->le_states[2] & 0x10)) 486 return false; 487 488 /* Peripheral connection state and connectable mode bit 38 489 * and scannable bit 21. 490 */ 491 if (connectable && (!(hdev->le_states[4] & 0x40) || 492 !(hdev->le_states[2] & 0x20))) 493 return false; 494 } 495 496 /* Check le_states if there is any connection in central role. */ 497 if (hci_conn_num(hdev, LE_LINK) != hdev->conn_hash.le_num_peripheral) { 498 /* Central connection state and non connectable mode bit 18. */ 499 if (!connectable && !(hdev->le_states[2] & 0x02)) 500 return false; 501 502 /* Central connection state and connectable mode bit 35 and 503 * scannable 19. 504 */ 505 if (connectable && (!(hdev->le_states[4] & 0x08) || 506 !(hdev->le_states[2] & 0x08))) 507 return false; 508 } 509 510 return true; 511} 512 513static bool adv_use_rpa(struct hci_dev *hdev, uint32_t flags) 514{ 515 /* If privacy is not enabled don't use RPA */ 516 if (!hci_dev_test_flag(hdev, HCI_PRIVACY)) 517 return false; 518 519 /* If basic privacy mode is enabled use RPA */ 520 if (!hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) 521 return true; 522 523 /* If limited privacy mode is enabled don't use RPA if we're 524 * both discoverable and bondable. 525 */ 526 if ((flags & MGMT_ADV_FLAG_DISCOV) && 527 hci_dev_test_flag(hdev, HCI_BONDABLE)) 528 return false; 529 530 /* We're neither bondable nor discoverable in the limited 531 * privacy mode, therefore use RPA. 532 */ 533 return true; 534} 535 536static int hci_set_random_addr_sync(struct hci_dev *hdev, bdaddr_t *rpa) 537{ 538 /* If we're advertising or initiating an LE connection we can't 539 * go ahead and change the random address at this time. This is 540 * because the eventual initiator address used for the 541 * subsequently created connection will be undefined (some 542 * controllers use the new address and others the one we had 543 * when the operation started). 544 * 545 * In this kind of scenario skip the update and let the random 546 * address be updated at the next cycle. 547 */ 548 if (hci_dev_test_flag(hdev, HCI_LE_ADV) || 549 hci_lookup_le_connect(hdev)) { 550 bt_dev_dbg(hdev, "Deferring random address update"); 551 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 552 return 0; 553 } 554 555 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_RANDOM_ADDR, 556 6, rpa, HCI_CMD_TIMEOUT); 557} 558 559int hci_update_random_address_sync(struct hci_dev *hdev, bool require_privacy, 560 bool rpa, u8 *own_addr_type) 561{ 562 int err; 563 564 /* If privacy is enabled use a resolvable private address. If 565 * current RPA has expired or there is something else than 566 * the current RPA in use, then generate a new one. 567 */ 568 if (rpa) { 569 /* If Controller supports LL Privacy use own address type is 570 * 0x03 571 */ 572 if (use_ll_privacy(hdev)) 573 *own_addr_type = ADDR_LE_DEV_RANDOM_RESOLVED; 574 else 575 *own_addr_type = ADDR_LE_DEV_RANDOM; 576 577 /* Check if RPA is valid */ 578 if (rpa_valid(hdev)) 579 return 0; 580 581 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa); 582 if (err < 0) { 583 bt_dev_err(hdev, "failed to generate new RPA"); 584 return err; 585 } 586 587 err = hci_set_random_addr_sync(hdev, &hdev->rpa); 588 if (err) 589 return err; 590 591 return 0; 592 } 593 594 /* In case of required privacy without resolvable private address, 595 * use an non-resolvable private address. This is useful for active 596 * scanning and non-connectable advertising. 597 */ 598 if (require_privacy) { 599 bdaddr_t nrpa; 600 601 while (true) { 602 /* The non-resolvable private address is generated 603 * from random six bytes with the two most significant 604 * bits cleared. 605 */ 606 get_random_bytes(&nrpa, 6); 607 nrpa.b[5] &= 0x3f; 608 609 /* The non-resolvable private address shall not be 610 * equal to the public address. 611 */ 612 if (bacmp(&hdev->bdaddr, &nrpa)) 613 break; 614 } 615 616 *own_addr_type = ADDR_LE_DEV_RANDOM; 617 618 return hci_set_random_addr_sync(hdev, &nrpa); 619 } 620 621 /* If forcing static address is in use or there is no public 622 * address use the static address as random address (but skip 623 * the HCI command if the current random address is already the 624 * static one. 625 * 626 * In case BR/EDR has been disabled on a dual-mode controller 627 * and a static address has been configured, then use that 628 * address instead of the public BR/EDR address. 629 */ 630 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 631 !bacmp(&hdev->bdaddr, BDADDR_ANY) || 632 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 633 bacmp(&hdev->static_addr, BDADDR_ANY))) { 634 *own_addr_type = ADDR_LE_DEV_RANDOM; 635 if (bacmp(&hdev->static_addr, &hdev->random_addr)) 636 return hci_set_random_addr_sync(hdev, 637 &hdev->static_addr); 638 return 0; 639 } 640 641 /* Neither privacy nor static address is being used so use a 642 * public address. 643 */ 644 *own_addr_type = ADDR_LE_DEV_PUBLIC; 645 646 return 0; 647} 648 649static int hci_disable_ext_adv_instance_sync(struct hci_dev *hdev, u8 instance) 650{ 651 struct hci_cp_le_set_ext_adv_enable *cp; 652 struct hci_cp_ext_adv_set *set; 653 u8 data[sizeof(*cp) + sizeof(*set) * 1]; 654 u8 size; 655 656 /* If request specifies an instance that doesn't exist, fail */ 657 if (instance > 0) { 658 struct adv_info *adv; 659 660 adv = hci_find_adv_instance(hdev, instance); 661 if (!adv) 662 return -EINVAL; 663 664 /* If not enabled there is nothing to do */ 665 if (!adv->enabled) 666 return 0; 667 } 668 669 memset(data, 0, sizeof(data)); 670 671 cp = (void *)data; 672 set = (void *)cp->data; 673 674 /* Instance 0x00 indicates all advertising instances will be disabled */ 675 cp->num_of_sets = !!instance; 676 cp->enable = 0x00; 677 678 set->handle = instance; 679 680 size = sizeof(*cp) + sizeof(*set) * cp->num_of_sets; 681 682 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, 683 size, data, HCI_CMD_TIMEOUT); 684} 685 686static int hci_set_adv_set_random_addr_sync(struct hci_dev *hdev, u8 instance, 687 bdaddr_t *random_addr) 688{ 689 struct hci_cp_le_set_adv_set_rand_addr cp; 690 int err; 691 692 if (!instance) { 693 /* Instance 0x00 doesn't have an adv_info, instead it uses 694 * hdev->random_addr to track its address so whenever it needs 695 * to be updated this also set the random address since 696 * hdev->random_addr is shared with scan state machine. 697 */ 698 err = hci_set_random_addr_sync(hdev, random_addr); 699 if (err) 700 return err; 701 } 702 703 memset(&cp, 0, sizeof(cp)); 704 705 cp.handle = instance; 706 bacpy(&cp.bdaddr, random_addr); 707 708 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_SET_RAND_ADDR, 709 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 710} 711 712int hci_setup_ext_adv_instance_sync(struct hci_dev *hdev, u8 instance) 713{ 714 struct hci_cp_le_set_ext_adv_params cp; 715 bool connectable; 716 u32 flags; 717 bdaddr_t random_addr; 718 u8 own_addr_type; 719 int err; 720 struct adv_info *adv; 721 bool secondary_adv; 722 723 if (instance > 0) { 724 adv = hci_find_adv_instance(hdev, instance); 725 if (!adv) 726 return -EINVAL; 727 } else { 728 adv = NULL; 729 } 730 731 /* Updating parameters of an active instance will return a 732 * Command Disallowed error, so we must first disable the 733 * instance if it is active. 734 */ 735 if (adv && !adv->pending) { 736 err = hci_disable_ext_adv_instance_sync(hdev, instance); 737 if (err) 738 return err; 739 } 740 741 flags = hci_adv_instance_flags(hdev, instance); 742 743 /* If the "connectable" instance flag was not set, then choose between 744 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting. 745 */ 746 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) || 747 mgmt_get_connectable(hdev); 748 749 if (!is_advertising_allowed(hdev, connectable)) 750 return -EPERM; 751 752 /* Set require_privacy to true only when non-connectable 753 * advertising is used. In that case it is fine to use a 754 * non-resolvable private address. 755 */ 756 err = hci_get_random_address(hdev, !connectable, 757 adv_use_rpa(hdev, flags), adv, 758 &own_addr_type, &random_addr); 759 if (err < 0) 760 return err; 761 762 memset(&cp, 0, sizeof(cp)); 763 764 if (adv) { 765 hci_cpu_to_le24(adv->min_interval, cp.min_interval); 766 hci_cpu_to_le24(adv->max_interval, cp.max_interval); 767 cp.tx_power = adv->tx_power; 768 } else { 769 hci_cpu_to_le24(hdev->le_adv_min_interval, cp.min_interval); 770 hci_cpu_to_le24(hdev->le_adv_max_interval, cp.max_interval); 771 cp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE; 772 } 773 774 secondary_adv = (flags & MGMT_ADV_FLAG_SEC_MASK); 775 776 if (connectable) { 777 if (secondary_adv) 778 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_CONN_IND); 779 else 780 cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_IND); 781 } else if (hci_adv_instance_is_scannable(hdev, instance) || 782 (flags & MGMT_ADV_PARAM_SCAN_RSP)) { 783 if (secondary_adv) 784 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_SCAN_IND); 785 else 786 cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_SCAN_IND); 787 } else { 788 if (secondary_adv) 789 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_NON_CONN_IND); 790 else 791 cp.evt_properties = cpu_to_le16(LE_LEGACY_NONCONN_IND); 792 } 793 794 /* If Own_Address_Type equals 0x02 or 0x03, the Peer_Address parameter 795 * contains the peer’s Identity Address and the Peer_Address_Type 796 * parameter contains the peer’s Identity Type (i.e., 0x00 or 0x01). 797 * These parameters are used to locate the corresponding local IRK in 798 * the resolving list; this IRK is used to generate their own address 799 * used in the advertisement. 800 */ 801 if (own_addr_type == ADDR_LE_DEV_RANDOM_RESOLVED) 802 hci_copy_identity_address(hdev, &cp.peer_addr, 803 &cp.peer_addr_type); 804 805 cp.own_addr_type = own_addr_type; 806 cp.channel_map = hdev->le_adv_channel_map; 807 cp.handle = instance; 808 809 if (flags & MGMT_ADV_FLAG_SEC_2M) { 810 cp.primary_phy = HCI_ADV_PHY_1M; 811 cp.secondary_phy = HCI_ADV_PHY_2M; 812 } else if (flags & MGMT_ADV_FLAG_SEC_CODED) { 813 cp.primary_phy = HCI_ADV_PHY_CODED; 814 cp.secondary_phy = HCI_ADV_PHY_CODED; 815 } else { 816 /* In all other cases use 1M */ 817 cp.primary_phy = HCI_ADV_PHY_1M; 818 cp.secondary_phy = HCI_ADV_PHY_1M; 819 } 820 821 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS, 822 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 823 if (err) 824 return err; 825 826 if ((own_addr_type == ADDR_LE_DEV_RANDOM || 827 own_addr_type == ADDR_LE_DEV_RANDOM_RESOLVED) && 828 bacmp(&random_addr, BDADDR_ANY)) { 829 /* Check if random address need to be updated */ 830 if (adv) { 831 if (!bacmp(&random_addr, &adv->random_addr)) 832 return 0; 833 } else { 834 if (!bacmp(&random_addr, &hdev->random_addr)) 835 return 0; 836 } 837 838 return hci_set_adv_set_random_addr_sync(hdev, instance, 839 &random_addr); 840 } 841 842 return 0; 843} 844 845static int hci_set_ext_scan_rsp_data_sync(struct hci_dev *hdev, u8 instance) 846{ 847 struct { 848 struct hci_cp_le_set_ext_scan_rsp_data cp; 849 u8 data[HCI_MAX_EXT_AD_LENGTH]; 850 } pdu; 851 u8 len; 852 853 memset(&pdu, 0, sizeof(pdu)); 854 855 len = eir_create_scan_rsp(hdev, instance, pdu.data); 856 857 if (hdev->scan_rsp_data_len == len && 858 !memcmp(pdu.data, hdev->scan_rsp_data, len)) 859 return 0; 860 861 memcpy(hdev->scan_rsp_data, pdu.data, len); 862 hdev->scan_rsp_data_len = len; 863 864 pdu.cp.handle = instance; 865 pdu.cp.length = len; 866 pdu.cp.operation = LE_SET_ADV_DATA_OP_COMPLETE; 867 pdu.cp.frag_pref = LE_SET_ADV_DATA_NO_FRAG; 868 869 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_SCAN_RSP_DATA, 870 sizeof(pdu.cp) + len, &pdu.cp, 871 HCI_CMD_TIMEOUT); 872} 873 874static int __hci_set_scan_rsp_data_sync(struct hci_dev *hdev, u8 instance) 875{ 876 struct hci_cp_le_set_scan_rsp_data cp; 877 u8 len; 878 879 memset(&cp, 0, sizeof(cp)); 880 881 len = eir_create_scan_rsp(hdev, instance, cp.data); 882 883 if (hdev->scan_rsp_data_len == len && 884 !memcmp(cp.data, hdev->scan_rsp_data, len)) 885 return 0; 886 887 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data)); 888 hdev->scan_rsp_data_len = len; 889 890 cp.length = len; 891 892 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_SCAN_RSP_DATA, 893 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 894} 895 896int hci_update_scan_rsp_data_sync(struct hci_dev *hdev, u8 instance) 897{ 898 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 899 return 0; 900 901 if (ext_adv_capable(hdev)) 902 return hci_set_ext_scan_rsp_data_sync(hdev, instance); 903 904 return __hci_set_scan_rsp_data_sync(hdev, instance); 905} 906 907int hci_enable_ext_advertising_sync(struct hci_dev *hdev, u8 instance) 908{ 909 struct hci_cp_le_set_ext_adv_enable *cp; 910 struct hci_cp_ext_adv_set *set; 911 u8 data[sizeof(*cp) + sizeof(*set) * 1]; 912 struct adv_info *adv; 913 914 if (instance > 0) { 915 adv = hci_find_adv_instance(hdev, instance); 916 if (!adv) 917 return -EINVAL; 918 /* If already enabled there is nothing to do */ 919 if (adv->enabled) 920 return 0; 921 } else { 922 adv = NULL; 923 } 924 925 cp = (void *)data; 926 set = (void *)cp->data; 927 928 memset(cp, 0, sizeof(*cp)); 929 930 cp->enable = 0x01; 931 cp->num_of_sets = 0x01; 932 933 memset(set, 0, sizeof(*set)); 934 935 set->handle = instance; 936 937 /* Set duration per instance since controller is responsible for 938 * scheduling it. 939 */ 940 if (adv && adv->timeout) { 941 u16 duration = adv->timeout * MSEC_PER_SEC; 942 943 /* Time = N * 10 ms */ 944 set->duration = cpu_to_le16(duration / 10); 945 } 946 947 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, 948 sizeof(*cp) + 949 sizeof(*set) * cp->num_of_sets, 950 data, HCI_CMD_TIMEOUT); 951} 952 953int hci_start_ext_adv_sync(struct hci_dev *hdev, u8 instance) 954{ 955 int err; 956 957 err = hci_setup_ext_adv_instance_sync(hdev, instance); 958 if (err) 959 return err; 960 961 err = hci_set_ext_scan_rsp_data_sync(hdev, instance); 962 if (err) 963 return err; 964 965 return hci_enable_ext_advertising_sync(hdev, instance); 966} 967 968static int hci_start_adv_sync(struct hci_dev *hdev, u8 instance) 969{ 970 int err; 971 972 if (ext_adv_capable(hdev)) 973 return hci_start_ext_adv_sync(hdev, instance); 974 975 err = hci_update_adv_data_sync(hdev, instance); 976 if (err) 977 return err; 978 979 err = hci_update_scan_rsp_data_sync(hdev, instance); 980 if (err) 981 return err; 982 983 return hci_enable_advertising_sync(hdev); 984} 985 986int hci_enable_advertising_sync(struct hci_dev *hdev) 987{ 988 struct adv_info *adv_instance; 989 struct hci_cp_le_set_adv_param cp; 990 u8 own_addr_type, enable = 0x01; 991 bool connectable; 992 u16 adv_min_interval, adv_max_interval; 993 u32 flags; 994 u8 status; 995 996 if (ext_adv_capable(hdev)) 997 return hci_enable_ext_advertising_sync(hdev, 998 hdev->cur_adv_instance); 999 1000 flags = hci_adv_instance_flags(hdev, hdev->cur_adv_instance); 1001 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance); 1002 1003 /* If the "connectable" instance flag was not set, then choose between 1004 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting. 1005 */ 1006 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) || 1007 mgmt_get_connectable(hdev); 1008 1009 if (!is_advertising_allowed(hdev, connectable)) 1010 return -EINVAL; 1011 1012 status = hci_disable_advertising_sync(hdev); 1013 if (status) 1014 return status; 1015 1016 /* Clear the HCI_LE_ADV bit temporarily so that the 1017 * hci_update_random_address knows that it's safe to go ahead 1018 * and write a new random address. The flag will be set back on 1019 * as soon as the SET_ADV_ENABLE HCI command completes. 1020 */ 1021 hci_dev_clear_flag(hdev, HCI_LE_ADV); 1022 1023 /* Set require_privacy to true only when non-connectable 1024 * advertising is used. In that case it is fine to use a 1025 * non-resolvable private address. 1026 */ 1027 status = hci_update_random_address_sync(hdev, !connectable, 1028 adv_use_rpa(hdev, flags), 1029 &own_addr_type); 1030 if (status) 1031 return status; 1032 1033 memset(&cp, 0, sizeof(cp)); 1034 1035 if (adv_instance) { 1036 adv_min_interval = adv_instance->min_interval; 1037 adv_max_interval = adv_instance->max_interval; 1038 } else { 1039 adv_min_interval = hdev->le_adv_min_interval; 1040 adv_max_interval = hdev->le_adv_max_interval; 1041 } 1042 1043 if (connectable) { 1044 cp.type = LE_ADV_IND; 1045 } else { 1046 if (hci_adv_instance_is_scannable(hdev, hdev->cur_adv_instance)) 1047 cp.type = LE_ADV_SCAN_IND; 1048 else 1049 cp.type = LE_ADV_NONCONN_IND; 1050 1051 if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE) || 1052 hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) { 1053 adv_min_interval = DISCOV_LE_FAST_ADV_INT_MIN; 1054 adv_max_interval = DISCOV_LE_FAST_ADV_INT_MAX; 1055 } 1056 } 1057 1058 cp.min_interval = cpu_to_le16(adv_min_interval); 1059 cp.max_interval = cpu_to_le16(adv_max_interval); 1060 cp.own_address_type = own_addr_type; 1061 cp.channel_map = hdev->le_adv_channel_map; 1062 1063 status = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_PARAM, 1064 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 1065 if (status) 1066 return status; 1067 1068 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_ENABLE, 1069 sizeof(enable), &enable, HCI_CMD_TIMEOUT); 1070} 1071 1072static int enable_advertising_sync(struct hci_dev *hdev, void *data) 1073{ 1074 return hci_enable_advertising_sync(hdev); 1075} 1076 1077int hci_enable_advertising(struct hci_dev *hdev) 1078{ 1079 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) && 1080 list_empty(&hdev->adv_instances)) 1081 return 0; 1082 1083 return hci_cmd_sync_queue(hdev, enable_advertising_sync, NULL, NULL); 1084} 1085 1086int hci_remove_ext_adv_instance_sync(struct hci_dev *hdev, u8 instance, 1087 struct sock *sk) 1088{ 1089 int err; 1090 1091 if (!ext_adv_capable(hdev)) 1092 return 0; 1093 1094 err = hci_disable_ext_adv_instance_sync(hdev, instance); 1095 if (err) 1096 return err; 1097 1098 /* If request specifies an instance that doesn't exist, fail */ 1099 if (instance > 0 && !hci_find_adv_instance(hdev, instance)) 1100 return -EINVAL; 1101 1102 return __hci_cmd_sync_status_sk(hdev, HCI_OP_LE_REMOVE_ADV_SET, 1103 sizeof(instance), &instance, 0, 1104 HCI_CMD_TIMEOUT, sk); 1105} 1106 1107static void cancel_adv_timeout(struct hci_dev *hdev) 1108{ 1109 if (hdev->adv_instance_timeout) { 1110 hdev->adv_instance_timeout = 0; 1111 cancel_delayed_work(&hdev->adv_instance_expire); 1112 } 1113} 1114 1115static int hci_set_ext_adv_data_sync(struct hci_dev *hdev, u8 instance) 1116{ 1117 struct { 1118 struct hci_cp_le_set_ext_adv_data cp; 1119 u8 data[HCI_MAX_EXT_AD_LENGTH]; 1120 } pdu; 1121 u8 len; 1122 1123 memset(&pdu, 0, sizeof(pdu)); 1124 1125 len = eir_create_adv_data(hdev, instance, pdu.data); 1126 1127 /* There's nothing to do if the data hasn't changed */ 1128 if (hdev->adv_data_len == len && 1129 memcmp(pdu.data, hdev->adv_data, len) == 0) 1130 return 0; 1131 1132 memcpy(hdev->adv_data, pdu.data, len); 1133 hdev->adv_data_len = len; 1134 1135 pdu.cp.length = len; 1136 pdu.cp.handle = instance; 1137 pdu.cp.operation = LE_SET_ADV_DATA_OP_COMPLETE; 1138 pdu.cp.frag_pref = LE_SET_ADV_DATA_NO_FRAG; 1139 1140 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_DATA, 1141 sizeof(pdu.cp) + len, &pdu.cp, 1142 HCI_CMD_TIMEOUT); 1143} 1144 1145static int hci_set_adv_data_sync(struct hci_dev *hdev, u8 instance) 1146{ 1147 struct hci_cp_le_set_adv_data cp; 1148 u8 len; 1149 1150 memset(&cp, 0, sizeof(cp)); 1151 1152 len = eir_create_adv_data(hdev, instance, cp.data); 1153 1154 /* There's nothing to do if the data hasn't changed */ 1155 if (hdev->adv_data_len == len && 1156 memcmp(cp.data, hdev->adv_data, len) == 0) 1157 return 0; 1158 1159 memcpy(hdev->adv_data, cp.data, sizeof(cp.data)); 1160 hdev->adv_data_len = len; 1161 1162 cp.length = len; 1163 1164 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_DATA, 1165 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 1166} 1167 1168int hci_update_adv_data_sync(struct hci_dev *hdev, u8 instance) 1169{ 1170 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1171 return 0; 1172 1173 if (ext_adv_capable(hdev)) 1174 return hci_set_ext_adv_data_sync(hdev, instance); 1175 1176 return hci_set_adv_data_sync(hdev, instance); 1177} 1178 1179int hci_schedule_adv_instance_sync(struct hci_dev *hdev, u8 instance, 1180 bool force) 1181{ 1182 struct adv_info *adv = NULL; 1183 u16 timeout; 1184 1185 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) && !ext_adv_capable(hdev)) 1186 return -EPERM; 1187 1188 if (hdev->adv_instance_timeout) 1189 return -EBUSY; 1190 1191 adv = hci_find_adv_instance(hdev, instance); 1192 if (!adv) 1193 return -ENOENT; 1194 1195 /* A zero timeout means unlimited advertising. As long as there is 1196 * only one instance, duration should be ignored. We still set a timeout 1197 * in case further instances are being added later on. 1198 * 1199 * If the remaining lifetime of the instance is more than the duration 1200 * then the timeout corresponds to the duration, otherwise it will be 1201 * reduced to the remaining instance lifetime. 1202 */ 1203 if (adv->timeout == 0 || adv->duration <= adv->remaining_time) 1204 timeout = adv->duration; 1205 else 1206 timeout = adv->remaining_time; 1207 1208 /* The remaining time is being reduced unless the instance is being 1209 * advertised without time limit. 1210 */ 1211 if (adv->timeout) 1212 adv->remaining_time = adv->remaining_time - timeout; 1213 1214 /* Only use work for scheduling instances with legacy advertising */ 1215 if (!ext_adv_capable(hdev)) { 1216 hdev->adv_instance_timeout = timeout; 1217 queue_delayed_work(hdev->req_workqueue, 1218 &hdev->adv_instance_expire, 1219 msecs_to_jiffies(timeout * 1000)); 1220 } 1221 1222 /* If we're just re-scheduling the same instance again then do not 1223 * execute any HCI commands. This happens when a single instance is 1224 * being advertised. 1225 */ 1226 if (!force && hdev->cur_adv_instance == instance && 1227 hci_dev_test_flag(hdev, HCI_LE_ADV)) 1228 return 0; 1229 1230 hdev->cur_adv_instance = instance; 1231 1232 return hci_start_adv_sync(hdev, instance); 1233} 1234 1235static int hci_clear_adv_sets_sync(struct hci_dev *hdev, struct sock *sk) 1236{ 1237 int err; 1238 1239 if (!ext_adv_capable(hdev)) 1240 return 0; 1241 1242 /* Disable instance 0x00 to disable all instances */ 1243 err = hci_disable_ext_adv_instance_sync(hdev, 0x00); 1244 if (err) 1245 return err; 1246 1247 return __hci_cmd_sync_status_sk(hdev, HCI_OP_LE_CLEAR_ADV_SETS, 1248 0, NULL, 0, HCI_CMD_TIMEOUT, sk); 1249} 1250 1251static int hci_clear_adv_sync(struct hci_dev *hdev, struct sock *sk, bool force) 1252{ 1253 struct adv_info *adv, *n; 1254 1255 if (ext_adv_capable(hdev)) 1256 /* Remove all existing sets */ 1257 return hci_clear_adv_sets_sync(hdev, sk); 1258 1259 /* This is safe as long as there is no command send while the lock is 1260 * held. 1261 */ 1262 hci_dev_lock(hdev); 1263 1264 /* Cleanup non-ext instances */ 1265 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) { 1266 u8 instance = adv->instance; 1267 int err; 1268 1269 if (!(force || adv->timeout)) 1270 continue; 1271 1272 err = hci_remove_adv_instance(hdev, instance); 1273 if (!err) 1274 mgmt_advertising_removed(sk, hdev, instance); 1275 } 1276 1277 hci_dev_unlock(hdev); 1278 1279 return 0; 1280} 1281 1282static int hci_remove_adv_sync(struct hci_dev *hdev, u8 instance, 1283 struct sock *sk) 1284{ 1285 int err; 1286 1287 /* If we use extended advertising, instance has to be removed first. */ 1288 if (ext_adv_capable(hdev)) 1289 return hci_remove_ext_adv_instance_sync(hdev, instance, sk); 1290 1291 /* This is safe as long as there is no command send while the lock is 1292 * held. 1293 */ 1294 hci_dev_lock(hdev); 1295 1296 err = hci_remove_adv_instance(hdev, instance); 1297 if (!err) 1298 mgmt_advertising_removed(sk, hdev, instance); 1299 1300 hci_dev_unlock(hdev); 1301 1302 return err; 1303} 1304 1305/* For a single instance: 1306 * - force == true: The instance will be removed even when its remaining 1307 * lifetime is not zero. 1308 * - force == false: the instance will be deactivated but kept stored unless 1309 * the remaining lifetime is zero. 1310 * 1311 * For instance == 0x00: 1312 * - force == true: All instances will be removed regardless of their timeout 1313 * setting. 1314 * - force == false: Only instances that have a timeout will be removed. 1315 */ 1316int hci_remove_advertising_sync(struct hci_dev *hdev, struct sock *sk, 1317 u8 instance, bool force) 1318{ 1319 struct adv_info *next = NULL; 1320 int err; 1321 1322 /* Cancel any timeout concerning the removed instance(s). */ 1323 if (!instance || hdev->cur_adv_instance == instance) 1324 cancel_adv_timeout(hdev); 1325 1326 /* Get the next instance to advertise BEFORE we remove 1327 * the current one. This can be the same instance again 1328 * if there is only one instance. 1329 */ 1330 if (hdev->cur_adv_instance == instance) 1331 next = hci_get_next_instance(hdev, instance); 1332 1333 if (!instance) { 1334 err = hci_clear_adv_sync(hdev, sk, force); 1335 if (err) 1336 return err; 1337 } else { 1338 struct adv_info *adv = hci_find_adv_instance(hdev, instance); 1339 1340 if (force || (adv && adv->timeout && !adv->remaining_time)) { 1341 /* Don't advertise a removed instance. */ 1342 if (next && next->instance == instance) 1343 next = NULL; 1344 1345 err = hci_remove_adv_sync(hdev, instance, sk); 1346 if (err) 1347 return err; 1348 } 1349 } 1350 1351 if (!hdev_is_powered(hdev) || hci_dev_test_flag(hdev, HCI_ADVERTISING)) 1352 return 0; 1353 1354 if (next && !ext_adv_capable(hdev)) 1355 hci_schedule_adv_instance_sync(hdev, next->instance, false); 1356 1357 return 0; 1358} 1359 1360int hci_read_rssi_sync(struct hci_dev *hdev, __le16 handle) 1361{ 1362 struct hci_cp_read_rssi cp; 1363 1364 cp.handle = handle; 1365 return __hci_cmd_sync_status(hdev, HCI_OP_READ_RSSI, 1366 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 1367} 1368 1369int hci_read_clock_sync(struct hci_dev *hdev, struct hci_cp_read_clock *cp) 1370{ 1371 return __hci_cmd_sync_status(hdev, HCI_OP_READ_CLOCK, 1372 sizeof(*cp), cp, HCI_CMD_TIMEOUT); 1373} 1374 1375int hci_read_tx_power_sync(struct hci_dev *hdev, __le16 handle, u8 type) 1376{ 1377 struct hci_cp_read_tx_power cp; 1378 1379 cp.handle = handle; 1380 cp.type = type; 1381 return __hci_cmd_sync_status(hdev, HCI_OP_READ_TX_POWER, 1382 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 1383} 1384 1385int hci_disable_advertising_sync(struct hci_dev *hdev) 1386{ 1387 u8 enable = 0x00; 1388 1389 /* If controller is not advertising we are done. */ 1390 if (!hci_dev_test_flag(hdev, HCI_LE_ADV)) 1391 return 0; 1392 1393 if (ext_adv_capable(hdev)) 1394 return hci_disable_ext_adv_instance_sync(hdev, 0x00); 1395 1396 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_ENABLE, 1397 sizeof(enable), &enable, HCI_CMD_TIMEOUT); 1398} 1399 1400static int hci_le_set_ext_scan_enable_sync(struct hci_dev *hdev, u8 val, 1401 u8 filter_dup) 1402{ 1403 struct hci_cp_le_set_ext_scan_enable cp; 1404 1405 memset(&cp, 0, sizeof(cp)); 1406 cp.enable = val; 1407 cp.filter_dup = filter_dup; 1408 1409 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_SCAN_ENABLE, 1410 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 1411} 1412 1413static int hci_le_set_scan_enable_sync(struct hci_dev *hdev, u8 val, 1414 u8 filter_dup) 1415{ 1416 struct hci_cp_le_set_scan_enable cp; 1417 1418 if (use_ext_scan(hdev)) 1419 return hci_le_set_ext_scan_enable_sync(hdev, val, filter_dup); 1420 1421 memset(&cp, 0, sizeof(cp)); 1422 cp.enable = val; 1423 cp.filter_dup = filter_dup; 1424 1425 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_SCAN_ENABLE, 1426 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 1427} 1428 1429static int hci_le_set_addr_resolution_enable_sync(struct hci_dev *hdev, u8 val) 1430{ 1431 if (!use_ll_privacy(hdev)) 1432 return 0; 1433 1434 /* If controller is not/already resolving we are done. */ 1435 if (val == hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION)) 1436 return 0; 1437 1438 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE, 1439 sizeof(val), &val, HCI_CMD_TIMEOUT); 1440} 1441 1442static int hci_scan_disable_sync(struct hci_dev *hdev) 1443{ 1444 int err; 1445 1446 /* If controller is not scanning we are done. */ 1447 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 1448 return 0; 1449 1450 if (hdev->scanning_paused) { 1451 bt_dev_dbg(hdev, "Scanning is paused for suspend"); 1452 return 0; 1453 } 1454 1455 err = hci_le_set_scan_enable_sync(hdev, LE_SCAN_DISABLE, 0x00); 1456 if (err) { 1457 bt_dev_err(hdev, "Unable to disable scanning: %d", err); 1458 return err; 1459 } 1460 1461 return err; 1462} 1463 1464static bool scan_use_rpa(struct hci_dev *hdev) 1465{ 1466 return hci_dev_test_flag(hdev, HCI_PRIVACY); 1467} 1468 1469static void hci_start_interleave_scan(struct hci_dev *hdev) 1470{ 1471 hdev->interleave_scan_state = INTERLEAVE_SCAN_NO_FILTER; 1472 queue_delayed_work(hdev->req_workqueue, 1473 &hdev->interleave_scan, 0); 1474} 1475 1476static bool is_interleave_scanning(struct hci_dev *hdev) 1477{ 1478 return hdev->interleave_scan_state != INTERLEAVE_SCAN_NONE; 1479} 1480 1481static void cancel_interleave_scan(struct hci_dev *hdev) 1482{ 1483 bt_dev_dbg(hdev, "cancelling interleave scan"); 1484 1485 cancel_delayed_work_sync(&hdev->interleave_scan); 1486 1487 hdev->interleave_scan_state = INTERLEAVE_SCAN_NONE; 1488} 1489 1490/* Return true if interleave_scan wasn't started until exiting this function, 1491 * otherwise, return false 1492 */ 1493static bool hci_update_interleaved_scan_sync(struct hci_dev *hdev) 1494{ 1495 /* Do interleaved scan only if all of the following are true: 1496 * - There is at least one ADV monitor 1497 * - At least one pending LE connection or one device to be scanned for 1498 * - Monitor offloading is not supported 1499 * If so, we should alternate between allowlist scan and one without 1500 * any filters to save power. 1501 */ 1502 bool use_interleaving = hci_is_adv_monitoring(hdev) && 1503 !(list_empty(&hdev->pend_le_conns) && 1504 list_empty(&hdev->pend_le_reports)) && 1505 hci_get_adv_monitor_offload_ext(hdev) == 1506 HCI_ADV_MONITOR_EXT_NONE; 1507 bool is_interleaving = is_interleave_scanning(hdev); 1508 1509 if (use_interleaving && !is_interleaving) { 1510 hci_start_interleave_scan(hdev); 1511 bt_dev_dbg(hdev, "starting interleave scan"); 1512 return true; 1513 } 1514 1515 if (!use_interleaving && is_interleaving) 1516 cancel_interleave_scan(hdev); 1517 1518 return false; 1519} 1520 1521/* Removes connection to resolve list if needed.*/ 1522static int hci_le_del_resolve_list_sync(struct hci_dev *hdev, 1523 bdaddr_t *bdaddr, u8 bdaddr_type) 1524{ 1525 struct hci_cp_le_del_from_resolv_list cp; 1526 struct bdaddr_list_with_irk *entry; 1527 1528 if (!use_ll_privacy(hdev)) 1529 return 0; 1530 1531 /* Check if the IRK has been programmed */ 1532 entry = hci_bdaddr_list_lookup_with_irk(&hdev->le_resolv_list, bdaddr, 1533 bdaddr_type); 1534 if (!entry) 1535 return 0; 1536 1537 cp.bdaddr_type = bdaddr_type; 1538 bacpy(&cp.bdaddr, bdaddr); 1539 1540 return __hci_cmd_sync_status(hdev, HCI_OP_LE_DEL_FROM_RESOLV_LIST, 1541 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 1542} 1543 1544static int hci_le_del_accept_list_sync(struct hci_dev *hdev, 1545 bdaddr_t *bdaddr, u8 bdaddr_type) 1546{ 1547 struct hci_cp_le_del_from_accept_list cp; 1548 int err; 1549 1550 /* Check if device is on accept list before removing it */ 1551 if (!hci_bdaddr_list_lookup(&hdev->le_accept_list, bdaddr, bdaddr_type)) 1552 return 0; 1553 1554 cp.bdaddr_type = bdaddr_type; 1555 bacpy(&cp.bdaddr, bdaddr); 1556 1557 /* Ignore errors when removing from resolving list as that is likely 1558 * that the device was never added. 1559 */ 1560 hci_le_del_resolve_list_sync(hdev, &cp.bdaddr, cp.bdaddr_type); 1561 1562 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_DEL_FROM_ACCEPT_LIST, 1563 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 1564 if (err) { 1565 bt_dev_err(hdev, "Unable to remove from allow list: %d", err); 1566 return err; 1567 } 1568 1569 bt_dev_dbg(hdev, "Remove %pMR (0x%x) from allow list", &cp.bdaddr, 1570 cp.bdaddr_type); 1571 1572 return 0; 1573} 1574 1575/* Adds connection to resolve list if needed. 1576 * Setting params to NULL programs local hdev->irk 1577 */ 1578static int hci_le_add_resolve_list_sync(struct hci_dev *hdev, 1579 struct hci_conn_params *params) 1580{ 1581 struct hci_cp_le_add_to_resolv_list cp; 1582 struct smp_irk *irk; 1583 struct bdaddr_list_with_irk *entry; 1584 1585 if (!use_ll_privacy(hdev)) 1586 return 0; 1587 1588 /* Attempt to program local identity address, type and irk if params is 1589 * NULL. 1590 */ 1591 if (!params) { 1592 if (!hci_dev_test_flag(hdev, HCI_PRIVACY)) 1593 return 0; 1594 1595 hci_copy_identity_address(hdev, &cp.bdaddr, &cp.bdaddr_type); 1596 memcpy(cp.peer_irk, hdev->irk, 16); 1597 goto done; 1598 } 1599 1600 irk = hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type); 1601 if (!irk) 1602 return 0; 1603 1604 /* Check if the IK has _not_ been programmed yet. */ 1605 entry = hci_bdaddr_list_lookup_with_irk(&hdev->le_resolv_list, 1606 ¶ms->addr, 1607 params->addr_type); 1608 if (entry) 1609 return 0; 1610 1611 cp.bdaddr_type = params->addr_type; 1612 bacpy(&cp.bdaddr, ¶ms->addr); 1613 memcpy(cp.peer_irk, irk->val, 16); 1614 1615done: 1616 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) 1617 memcpy(cp.local_irk, hdev->irk, 16); 1618 else 1619 memset(cp.local_irk, 0, 16); 1620 1621 return __hci_cmd_sync_status(hdev, HCI_OP_LE_ADD_TO_RESOLV_LIST, 1622 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 1623} 1624 1625/* Set Device Privacy Mode. */ 1626static int hci_le_set_privacy_mode_sync(struct hci_dev *hdev, 1627 struct hci_conn_params *params) 1628{ 1629 struct hci_cp_le_set_privacy_mode cp; 1630 struct smp_irk *irk; 1631 1632 /* If device privacy mode has already been set there is nothing to do */ 1633 if (params->privacy_mode == HCI_DEVICE_PRIVACY) 1634 return 0; 1635 1636 /* Check if HCI_CONN_FLAG_DEVICE_PRIVACY has been set as it also 1637 * indicates that LL Privacy has been enabled and 1638 * HCI_OP_LE_SET_PRIVACY_MODE is supported. 1639 */ 1640 if (!(params->flags & HCI_CONN_FLAG_DEVICE_PRIVACY)) 1641 return 0; 1642 1643 irk = hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type); 1644 if (!irk) 1645 return 0; 1646 1647 memset(&cp, 0, sizeof(cp)); 1648 cp.bdaddr_type = irk->addr_type; 1649 bacpy(&cp.bdaddr, &irk->bdaddr); 1650 cp.mode = HCI_DEVICE_PRIVACY; 1651 1652 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_PRIVACY_MODE, 1653 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 1654} 1655 1656/* Adds connection to allow list if needed, if the device uses RPA (has IRK) 1657 * this attempts to program the device in the resolving list as well and 1658 * properly set the privacy mode. 1659 */ 1660static int hci_le_add_accept_list_sync(struct hci_dev *hdev, 1661 struct hci_conn_params *params, 1662 u8 *num_entries) 1663{ 1664 struct hci_cp_le_add_to_accept_list cp; 1665 int err; 1666 1667 /* During suspend, only wakeable devices can be in acceptlist */ 1668 if (hdev->suspended && 1669 !(params->flags & HCI_CONN_FLAG_REMOTE_WAKEUP)) 1670 return 0; 1671 1672 /* Select filter policy to accept all advertising */ 1673 if (*num_entries >= hdev->le_accept_list_size) 1674 return -ENOSPC; 1675 1676 /* Accept list can not be used with RPAs */ 1677 if (!use_ll_privacy(hdev) && 1678 hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type)) 1679 return -EINVAL; 1680 1681 /* Attempt to program the device in the resolving list first to avoid 1682 * having to rollback in case it fails since the resolving list is 1683 * dynamic it can probably be smaller than the accept list. 1684 */ 1685 err = hci_le_add_resolve_list_sync(hdev, params); 1686 if (err) { 1687 bt_dev_err(hdev, "Unable to add to resolve list: %d", err); 1688 return err; 1689 } 1690 1691 /* Set Privacy Mode */ 1692 err = hci_le_set_privacy_mode_sync(hdev, params); 1693 if (err) { 1694 bt_dev_err(hdev, "Unable to set privacy mode: %d", err); 1695 return err; 1696 } 1697 1698 /* Check if already in accept list */ 1699 if (hci_bdaddr_list_lookup(&hdev->le_accept_list, ¶ms->addr, 1700 params->addr_type)) 1701 return 0; 1702 1703 *num_entries += 1; 1704 cp.bdaddr_type = params->addr_type; 1705 bacpy(&cp.bdaddr, ¶ms->addr); 1706 1707 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_ADD_TO_ACCEPT_LIST, 1708 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 1709 if (err) { 1710 bt_dev_err(hdev, "Unable to add to allow list: %d", err); 1711 /* Rollback the device from the resolving list */ 1712 hci_le_del_resolve_list_sync(hdev, &cp.bdaddr, cp.bdaddr_type); 1713 return err; 1714 } 1715 1716 bt_dev_dbg(hdev, "Add %pMR (0x%x) to allow list", &cp.bdaddr, 1717 cp.bdaddr_type); 1718 1719 return 0; 1720} 1721 1722/* This function disables/pause all advertising instances */ 1723static int hci_pause_advertising_sync(struct hci_dev *hdev) 1724{ 1725 int err; 1726 int old_state; 1727 1728 /* If already been paused there is nothing to do. */ 1729 if (hdev->advertising_paused) 1730 return 0; 1731 1732 bt_dev_dbg(hdev, "Pausing directed advertising"); 1733 1734 /* Stop directed advertising */ 1735 old_state = hci_dev_test_flag(hdev, HCI_ADVERTISING); 1736 if (old_state) { 1737 /* When discoverable timeout triggers, then just make sure 1738 * the limited discoverable flag is cleared. Even in the case 1739 * of a timeout triggered from general discoverable, it is 1740 * safe to unconditionally clear the flag. 1741 */ 1742 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1743 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1744 hdev->discov_timeout = 0; 1745 } 1746 1747 bt_dev_dbg(hdev, "Pausing advertising instances"); 1748 1749 /* Call to disable any advertisements active on the controller. 1750 * This will succeed even if no advertisements are configured. 1751 */ 1752 err = hci_disable_advertising_sync(hdev); 1753 if (err) 1754 return err; 1755 1756 /* If we are using software rotation, pause the loop */ 1757 if (!ext_adv_capable(hdev)) 1758 cancel_adv_timeout(hdev); 1759 1760 hdev->advertising_paused = true; 1761 hdev->advertising_old_state = old_state; 1762 1763 return 0; 1764} 1765 1766/* This function enables all user advertising instances */ 1767static int hci_resume_advertising_sync(struct hci_dev *hdev) 1768{ 1769 struct adv_info *adv, *tmp; 1770 int err; 1771 1772 /* If advertising has not been paused there is nothing to do. */ 1773 if (!hdev->advertising_paused) 1774 return 0; 1775 1776 /* Resume directed advertising */ 1777 hdev->advertising_paused = false; 1778 if (hdev->advertising_old_state) { 1779 hci_dev_set_flag(hdev, HCI_ADVERTISING); 1780 hdev->advertising_old_state = 0; 1781 } 1782 1783 bt_dev_dbg(hdev, "Resuming advertising instances"); 1784 1785 if (ext_adv_capable(hdev)) { 1786 /* Call for each tracked instance to be re-enabled */ 1787 list_for_each_entry_safe(adv, tmp, &hdev->adv_instances, list) { 1788 err = hci_enable_ext_advertising_sync(hdev, 1789 adv->instance); 1790 if (!err) 1791 continue; 1792 1793 /* If the instance cannot be resumed remove it */ 1794 hci_remove_ext_adv_instance_sync(hdev, adv->instance, 1795 NULL); 1796 } 1797 } else { 1798 /* Schedule for most recent instance to be restarted and begin 1799 * the software rotation loop 1800 */ 1801 err = hci_schedule_adv_instance_sync(hdev, 1802 hdev->cur_adv_instance, 1803 true); 1804 } 1805 1806 hdev->advertising_paused = false; 1807 1808 return err; 1809} 1810 1811struct sk_buff *hci_read_local_oob_data_sync(struct hci_dev *hdev, 1812 bool extended, struct sock *sk) 1813{ 1814 u16 opcode = extended ? HCI_OP_READ_LOCAL_OOB_EXT_DATA : 1815 HCI_OP_READ_LOCAL_OOB_DATA; 1816 1817 return __hci_cmd_sync_sk(hdev, opcode, 0, NULL, 0, HCI_CMD_TIMEOUT, sk); 1818} 1819 1820/* Device must not be scanning when updating the accept list. 1821 * 1822 * Update is done using the following sequence: 1823 * 1824 * use_ll_privacy((Disable Advertising) -> Disable Resolving List) -> 1825 * Remove Devices From Accept List -> 1826 * (has IRK && use_ll_privacy(Remove Devices From Resolving List))-> 1827 * Add Devices to Accept List -> 1828 * (has IRK && use_ll_privacy(Remove Devices From Resolving List)) -> 1829 * use_ll_privacy(Enable Resolving List -> (Enable Advertising)) -> 1830 * Enable Scanning 1831 * 1832 * In case of failure advertising shall be restored to its original state and 1833 * return would disable accept list since either accept or resolving list could 1834 * not be programmed. 1835 * 1836 */ 1837static u8 hci_update_accept_list_sync(struct hci_dev *hdev) 1838{ 1839 struct hci_conn_params *params; 1840 struct bdaddr_list *b, *t; 1841 u8 num_entries = 0; 1842 bool pend_conn, pend_report; 1843 u8 filter_policy; 1844 int err; 1845 1846 /* Pause advertising if resolving list can be used as controllers are 1847 * cannot accept resolving list modifications while advertising. 1848 */ 1849 if (use_ll_privacy(hdev)) { 1850 err = hci_pause_advertising_sync(hdev); 1851 if (err) { 1852 bt_dev_err(hdev, "pause advertising failed: %d", err); 1853 return 0x00; 1854 } 1855 } 1856 1857 /* Disable address resolution while reprogramming accept list since 1858 * devices that do have an IRK will be programmed in the resolving list 1859 * when LL Privacy is enabled. 1860 */ 1861 err = hci_le_set_addr_resolution_enable_sync(hdev, 0x00); 1862 if (err) { 1863 bt_dev_err(hdev, "Unable to disable LL privacy: %d", err); 1864 goto done; 1865 } 1866 1867 /* Go through the current accept list programmed into the 1868 * controller one by one and check if that address is still 1869 * in the list of pending connections or list of devices to 1870 * report. If not present in either list, then remove it from 1871 * the controller. 1872 */ 1873 list_for_each_entry_safe(b, t, &hdev->le_accept_list, list) { 1874 pend_conn = hci_pend_le_action_lookup(&hdev->pend_le_conns, 1875 &b->bdaddr, 1876 b->bdaddr_type); 1877 pend_report = hci_pend_le_action_lookup(&hdev->pend_le_reports, 1878 &b->bdaddr, 1879 b->bdaddr_type); 1880 1881 /* If the device is not likely to connect or report, 1882 * remove it from the acceptlist. 1883 */ 1884 if (!pend_conn && !pend_report) { 1885 hci_le_del_accept_list_sync(hdev, &b->bdaddr, 1886 b->bdaddr_type); 1887 continue; 1888 } 1889 1890 num_entries++; 1891 } 1892 1893 /* Since all no longer valid accept list entries have been 1894 * removed, walk through the list of pending connections 1895 * and ensure that any new device gets programmed into 1896 * the controller. 1897 * 1898 * If the list of the devices is larger than the list of 1899 * available accept list entries in the controller, then 1900 * just abort and return filer policy value to not use the 1901 * accept list. 1902 */ 1903 list_for_each_entry(params, &hdev->pend_le_conns, action) { 1904 err = hci_le_add_accept_list_sync(hdev, params, &num_entries); 1905 if (err) 1906 goto done; 1907 } 1908 1909 /* After adding all new pending connections, walk through 1910 * the list of pending reports and also add these to the 1911 * accept list if there is still space. Abort if space runs out. 1912 */ 1913 list_for_each_entry(params, &hdev->pend_le_reports, action) { 1914 err = hci_le_add_accept_list_sync(hdev, params, &num_entries); 1915 if (err) 1916 goto done; 1917 } 1918 1919 /* Use the allowlist unless the following conditions are all true: 1920 * - We are not currently suspending 1921 * - There are 1 or more ADV monitors registered and it's not offloaded 1922 * - Interleaved scanning is not currently using the allowlist 1923 */ 1924 if (!idr_is_empty(&hdev->adv_monitors_idr) && !hdev->suspended && 1925 hci_get_adv_monitor_offload_ext(hdev) == HCI_ADV_MONITOR_EXT_NONE && 1926 hdev->interleave_scan_state != INTERLEAVE_SCAN_ALLOWLIST) 1927 err = -EINVAL; 1928 1929done: 1930 filter_policy = err ? 0x00 : 0x01; 1931 1932 /* Enable address resolution when LL Privacy is enabled. */ 1933 err = hci_le_set_addr_resolution_enable_sync(hdev, 0x01); 1934 if (err) 1935 bt_dev_err(hdev, "Unable to enable LL privacy: %d", err); 1936 1937 /* Resume advertising if it was paused */ 1938 if (use_ll_privacy(hdev)) 1939 hci_resume_advertising_sync(hdev); 1940 1941 /* Select filter policy to use accept list */ 1942 return filter_policy; 1943} 1944 1945/* Returns true if an le connection is in the scanning state */ 1946static inline bool hci_is_le_conn_scanning(struct hci_dev *hdev) 1947{ 1948 struct hci_conn_hash *h = &hdev->conn_hash; 1949 struct hci_conn *c; 1950 1951 rcu_read_lock(); 1952 1953 list_for_each_entry_rcu(c, &h->list, list) { 1954 if (c->type == LE_LINK && c->state == BT_CONNECT && 1955 test_bit(HCI_CONN_SCANNING, &c->flags)) { 1956 rcu_read_unlock(); 1957 return true; 1958 } 1959 } 1960 1961 rcu_read_unlock(); 1962 1963 return false; 1964} 1965 1966static int hci_le_set_ext_scan_param_sync(struct hci_dev *hdev, u8 type, 1967 u16 interval, u16 window, 1968 u8 own_addr_type, u8 filter_policy) 1969{ 1970 struct hci_cp_le_set_ext_scan_params *cp; 1971 struct hci_cp_le_scan_phy_params *phy; 1972 u8 data[sizeof(*cp) + sizeof(*phy) * 2]; 1973 u8 num_phy = 0; 1974 1975 cp = (void *)data; 1976 phy = (void *)cp->data; 1977 1978 memset(data, 0, sizeof(data)); 1979 1980 cp->own_addr_type = own_addr_type; 1981 cp->filter_policy = filter_policy; 1982 1983 if (scan_1m(hdev) || scan_2m(hdev)) { 1984 cp->scanning_phys |= LE_SCAN_PHY_1M; 1985 1986 phy->type = type; 1987 phy->interval = cpu_to_le16(interval); 1988 phy->window = cpu_to_le16(window); 1989 1990 num_phy++; 1991 phy++; 1992 } 1993 1994 if (scan_coded(hdev)) { 1995 cp->scanning_phys |= LE_SCAN_PHY_CODED; 1996 1997 phy->type = type; 1998 phy->interval = cpu_to_le16(interval); 1999 phy->window = cpu_to_le16(window); 2000 2001 num_phy++; 2002 phy++; 2003 } 2004 2005 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_SCAN_PARAMS, 2006 sizeof(*cp) + sizeof(*phy) * num_phy, 2007 data, HCI_CMD_TIMEOUT); 2008} 2009 2010static int hci_le_set_scan_param_sync(struct hci_dev *hdev, u8 type, 2011 u16 interval, u16 window, 2012 u8 own_addr_type, u8 filter_policy) 2013{ 2014 struct hci_cp_le_set_scan_param cp; 2015 2016 if (use_ext_scan(hdev)) 2017 return hci_le_set_ext_scan_param_sync(hdev, type, interval, 2018 window, own_addr_type, 2019 filter_policy); 2020 2021 memset(&cp, 0, sizeof(cp)); 2022 cp.type = type; 2023 cp.interval = cpu_to_le16(interval); 2024 cp.window = cpu_to_le16(window); 2025 cp.own_address_type = own_addr_type; 2026 cp.filter_policy = filter_policy; 2027 2028 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_SCAN_PARAM, 2029 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 2030} 2031 2032static int hci_start_scan_sync(struct hci_dev *hdev, u8 type, u16 interval, 2033 u16 window, u8 own_addr_type, u8 filter_policy, 2034 u8 filter_dup) 2035{ 2036 int err; 2037 2038 if (hdev->scanning_paused) { 2039 bt_dev_dbg(hdev, "Scanning is paused for suspend"); 2040 return 0; 2041 } 2042 2043 err = hci_le_set_scan_param_sync(hdev, type, interval, window, 2044 own_addr_type, filter_policy); 2045 if (err) 2046 return err; 2047 2048 return hci_le_set_scan_enable_sync(hdev, LE_SCAN_ENABLE, filter_dup); 2049} 2050 2051static int hci_passive_scan_sync(struct hci_dev *hdev) 2052{ 2053 u8 own_addr_type; 2054 u8 filter_policy; 2055 u16 window, interval; 2056 int err; 2057 2058 if (hdev->scanning_paused) { 2059 bt_dev_dbg(hdev, "Scanning is paused for suspend"); 2060 return 0; 2061 } 2062 2063 err = hci_scan_disable_sync(hdev); 2064 if (err) { 2065 bt_dev_err(hdev, "disable scanning failed: %d", err); 2066 return err; 2067 } 2068 2069 /* Set require_privacy to false since no SCAN_REQ are send 2070 * during passive scanning. Not using an non-resolvable address 2071 * here is important so that peer devices using direct 2072 * advertising with our address will be correctly reported 2073 * by the controller. 2074 */ 2075 if (hci_update_random_address_sync(hdev, false, scan_use_rpa(hdev), 2076 &own_addr_type)) 2077 return 0; 2078 2079 if (hdev->enable_advmon_interleave_scan && 2080 hci_update_interleaved_scan_sync(hdev)) 2081 return 0; 2082 2083 bt_dev_dbg(hdev, "interleave state %d", hdev->interleave_scan_state); 2084 2085 /* Adding or removing entries from the accept list must 2086 * happen before enabling scanning. The controller does 2087 * not allow accept list modification while scanning. 2088 */ 2089 filter_policy = hci_update_accept_list_sync(hdev); 2090 2091 /* When the controller is using random resolvable addresses and 2092 * with that having LE privacy enabled, then controllers with 2093 * Extended Scanner Filter Policies support can now enable support 2094 * for handling directed advertising. 2095 * 2096 * So instead of using filter polices 0x00 (no acceptlist) 2097 * and 0x01 (acceptlist enabled) use the new filter policies 2098 * 0x02 (no acceptlist) and 0x03 (acceptlist enabled). 2099 */ 2100 if (hci_dev_test_flag(hdev, HCI_PRIVACY) && 2101 (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)) 2102 filter_policy |= 0x02; 2103 2104 if (hdev->suspended) { 2105 window = hdev->le_scan_window_suspend; 2106 interval = hdev->le_scan_int_suspend; 2107 } else if (hci_is_le_conn_scanning(hdev)) { 2108 window = hdev->le_scan_window_connect; 2109 interval = hdev->le_scan_int_connect; 2110 } else if (hci_is_adv_monitoring(hdev)) { 2111 window = hdev->le_scan_window_adv_monitor; 2112 interval = hdev->le_scan_int_adv_monitor; 2113 } else { 2114 window = hdev->le_scan_window; 2115 interval = hdev->le_scan_interval; 2116 } 2117 2118 bt_dev_dbg(hdev, "LE passive scan with acceptlist = %d", filter_policy); 2119 2120 return hci_start_scan_sync(hdev, LE_SCAN_PASSIVE, interval, window, 2121 own_addr_type, filter_policy, 2122 LE_SCAN_FILTER_DUP_ENABLE); 2123} 2124 2125/* This function controls the passive scanning based on hdev->pend_le_conns 2126 * list. If there are pending LE connection we start the background scanning, 2127 * otherwise we stop it in the following sequence: 2128 * 2129 * If there are devices to scan: 2130 * 2131 * Disable Scanning -> Update Accept List -> 2132 * use_ll_privacy((Disable Advertising) -> Disable Resolving List -> 2133 * Update Resolving List -> Enable Resolving List -> (Enable Advertising)) -> 2134 * Enable Scanning 2135 * 2136 * Otherwise: 2137 * 2138 * Disable Scanning 2139 */ 2140int hci_update_passive_scan_sync(struct hci_dev *hdev) 2141{ 2142 int err; 2143 2144 if (!test_bit(HCI_UP, &hdev->flags) || 2145 test_bit(HCI_INIT, &hdev->flags) || 2146 hci_dev_test_flag(hdev, HCI_SETUP) || 2147 hci_dev_test_flag(hdev, HCI_CONFIG) || 2148 hci_dev_test_flag(hdev, HCI_AUTO_OFF) || 2149 hci_dev_test_flag(hdev, HCI_UNREGISTER)) 2150 return 0; 2151 2152 /* No point in doing scanning if LE support hasn't been enabled */ 2153 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 2154 return 0; 2155 2156 /* If discovery is active don't interfere with it */ 2157 if (hdev->discovery.state != DISCOVERY_STOPPED) 2158 return 0; 2159 2160 /* Reset RSSI and UUID filters when starting background scanning 2161 * since these filters are meant for service discovery only. 2162 * 2163 * The Start Discovery and Start Service Discovery operations 2164 * ensure to set proper values for RSSI threshold and UUID 2165 * filter list. So it is safe to just reset them here. 2166 */ 2167 hci_discovery_filter_clear(hdev); 2168 2169 bt_dev_dbg(hdev, "ADV monitoring is %s", 2170 hci_is_adv_monitoring(hdev) ? "on" : "off"); 2171 2172 if (list_empty(&hdev->pend_le_conns) && 2173 list_empty(&hdev->pend_le_reports) && 2174 !hci_is_adv_monitoring(hdev)) { 2175 /* If there is no pending LE connections or devices 2176 * to be scanned for or no ADV monitors, we should stop the 2177 * background scanning. 2178 */ 2179 2180 bt_dev_dbg(hdev, "stopping background scanning"); 2181 2182 err = hci_scan_disable_sync(hdev); 2183 if (err) 2184 bt_dev_err(hdev, "stop background scanning failed: %d", 2185 err); 2186 } else { 2187 /* If there is at least one pending LE connection, we should 2188 * keep the background scan running. 2189 */ 2190 2191 /* If controller is connecting, we should not start scanning 2192 * since some controllers are not able to scan and connect at 2193 * the same time. 2194 */ 2195 if (hci_lookup_le_connect(hdev)) 2196 return 0; 2197 2198 bt_dev_dbg(hdev, "start background scanning"); 2199 2200 err = hci_passive_scan_sync(hdev); 2201 if (err) 2202 bt_dev_err(hdev, "start background scanning failed: %d", 2203 err); 2204 } 2205 2206 return err; 2207} 2208 2209static int update_passive_scan_sync(struct hci_dev *hdev, void *data) 2210{ 2211 return hci_update_passive_scan_sync(hdev); 2212} 2213 2214int hci_update_passive_scan(struct hci_dev *hdev) 2215{ 2216 /* Only queue if it would have any effect */ 2217 if (!test_bit(HCI_UP, &hdev->flags) || 2218 test_bit(HCI_INIT, &hdev->flags) || 2219 hci_dev_test_flag(hdev, HCI_SETUP) || 2220 hci_dev_test_flag(hdev, HCI_CONFIG) || 2221 hci_dev_test_flag(hdev, HCI_AUTO_OFF) || 2222 hci_dev_test_flag(hdev, HCI_UNREGISTER)) 2223 return 0; 2224 2225 return hci_cmd_sync_queue(hdev, update_passive_scan_sync, NULL, NULL); 2226} 2227 2228int hci_write_sc_support_sync(struct hci_dev *hdev, u8 val) 2229{ 2230 int err; 2231 2232 if (!bredr_sc_enabled(hdev) || lmp_host_sc_capable(hdev)) 2233 return 0; 2234 2235 err = __hci_cmd_sync_status(hdev, HCI_OP_WRITE_SC_SUPPORT, 2236 sizeof(val), &val, HCI_CMD_TIMEOUT); 2237 2238 if (!err) { 2239 if (val) { 2240 hdev->features[1][0] |= LMP_HOST_SC; 2241 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 2242 } else { 2243 hdev->features[1][0] &= ~LMP_HOST_SC; 2244 hci_dev_clear_flag(hdev, HCI_SC_ENABLED); 2245 } 2246 } 2247 2248 return err; 2249} 2250 2251int hci_write_ssp_mode_sync(struct hci_dev *hdev, u8 mode) 2252{ 2253 int err; 2254 2255 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED) || 2256 lmp_host_ssp_capable(hdev)) 2257 return 0; 2258 2259 if (!mode && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) { 2260 __hci_cmd_sync_status(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 2261 sizeof(mode), &mode, HCI_CMD_TIMEOUT); 2262 } 2263 2264 err = __hci_cmd_sync_status(hdev, HCI_OP_WRITE_SSP_MODE, 2265 sizeof(mode), &mode, HCI_CMD_TIMEOUT); 2266 if (err) 2267 return err; 2268 2269 return hci_write_sc_support_sync(hdev, 0x01); 2270} 2271 2272int hci_write_le_host_supported_sync(struct hci_dev *hdev, u8 le, u8 simul) 2273{ 2274 struct hci_cp_write_le_host_supported cp; 2275 2276 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) || 2277 !lmp_bredr_capable(hdev)) 2278 return 0; 2279 2280 /* Check first if we already have the right host state 2281 * (host features set) 2282 */ 2283 if (le == lmp_host_le_capable(hdev) && 2284 simul == lmp_host_le_br_capable(hdev)) 2285 return 0; 2286 2287 memset(&cp, 0, sizeof(cp)); 2288 2289 cp.le = le; 2290 cp.simul = simul; 2291 2292 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, 2293 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 2294} 2295 2296static int hci_powered_update_adv_sync(struct hci_dev *hdev) 2297{ 2298 struct adv_info *adv, *tmp; 2299 int err; 2300 2301 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 2302 return 0; 2303 2304 /* If RPA Resolution has not been enable yet it means the 2305 * resolving list is empty and we should attempt to program the 2306 * local IRK in order to support using own_addr_type 2307 * ADDR_LE_DEV_RANDOM_RESOLVED (0x03). 2308 */ 2309 if (!hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION)) { 2310 hci_le_add_resolve_list_sync(hdev, NULL); 2311 hci_le_set_addr_resolution_enable_sync(hdev, 0x01); 2312 } 2313 2314 /* Make sure the controller has a good default for 2315 * advertising data. This also applies to the case 2316 * where BR/EDR was toggled during the AUTO_OFF phase. 2317 */ 2318 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 2319 list_empty(&hdev->adv_instances)) { 2320 if (ext_adv_capable(hdev)) { 2321 err = hci_setup_ext_adv_instance_sync(hdev, 0x00); 2322 if (!err) 2323 hci_update_scan_rsp_data_sync(hdev, 0x00); 2324 } else { 2325 err = hci_update_adv_data_sync(hdev, 0x00); 2326 if (!err) 2327 hci_update_scan_rsp_data_sync(hdev, 0x00); 2328 } 2329 2330 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 2331 hci_enable_advertising_sync(hdev); 2332 } 2333 2334 /* Call for each tracked instance to be scheduled */ 2335 list_for_each_entry_safe(adv, tmp, &hdev->adv_instances, list) 2336 hci_schedule_adv_instance_sync(hdev, adv->instance, true); 2337 2338 return 0; 2339} 2340 2341static int hci_write_auth_enable_sync(struct hci_dev *hdev) 2342{ 2343 u8 link_sec; 2344 2345 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY); 2346 if (link_sec == test_bit(HCI_AUTH, &hdev->flags)) 2347 return 0; 2348 2349 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_AUTH_ENABLE, 2350 sizeof(link_sec), &link_sec, 2351 HCI_CMD_TIMEOUT); 2352} 2353 2354int hci_write_fast_connectable_sync(struct hci_dev *hdev, bool enable) 2355{ 2356 struct hci_cp_write_page_scan_activity cp; 2357 u8 type; 2358 int err = 0; 2359 2360 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 2361 return 0; 2362 2363 if (hdev->hci_ver < BLUETOOTH_VER_1_2) 2364 return 0; 2365 2366 memset(&cp, 0, sizeof(cp)); 2367 2368 if (enable) { 2369 type = PAGE_SCAN_TYPE_INTERLACED; 2370 2371 /* 160 msec page scan interval */ 2372 cp.interval = cpu_to_le16(0x0100); 2373 } else { 2374 type = hdev->def_page_scan_type; 2375 cp.interval = cpu_to_le16(hdev->def_page_scan_int); 2376 } 2377 2378 cp.window = cpu_to_le16(hdev->def_page_scan_window); 2379 2380 if (__cpu_to_le16(hdev->page_scan_interval) != cp.interval || 2381 __cpu_to_le16(hdev->page_scan_window) != cp.window) { 2382 err = __hci_cmd_sync_status(hdev, 2383 HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, 2384 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 2385 if (err) 2386 return err; 2387 } 2388 2389 if (hdev->page_scan_type != type) 2390 err = __hci_cmd_sync_status(hdev, 2391 HCI_OP_WRITE_PAGE_SCAN_TYPE, 2392 sizeof(type), &type, 2393 HCI_CMD_TIMEOUT); 2394 2395 return err; 2396} 2397 2398static bool disconnected_accept_list_entries(struct hci_dev *hdev) 2399{ 2400 struct bdaddr_list *b; 2401 2402 list_for_each_entry(b, &hdev->accept_list, list) { 2403 struct hci_conn *conn; 2404 2405 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr); 2406 if (!conn) 2407 return true; 2408 2409 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG) 2410 return true; 2411 } 2412 2413 return false; 2414} 2415 2416static int hci_write_scan_enable_sync(struct hci_dev *hdev, u8 val) 2417{ 2418 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_SCAN_ENABLE, 2419 sizeof(val), &val, 2420 HCI_CMD_TIMEOUT); 2421} 2422 2423int hci_update_scan_sync(struct hci_dev *hdev) 2424{ 2425 u8 scan; 2426 2427 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 2428 return 0; 2429 2430 if (!hdev_is_powered(hdev)) 2431 return 0; 2432 2433 if (mgmt_powering_down(hdev)) 2434 return 0; 2435 2436 if (hdev->scanning_paused) 2437 return 0; 2438 2439 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE) || 2440 disconnected_accept_list_entries(hdev)) 2441 scan = SCAN_PAGE; 2442 else 2443 scan = SCAN_DISABLED; 2444 2445 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 2446 scan |= SCAN_INQUIRY; 2447 2448 if (test_bit(HCI_PSCAN, &hdev->flags) == !!(scan & SCAN_PAGE) && 2449 test_bit(HCI_ISCAN, &hdev->flags) == !!(scan & SCAN_INQUIRY)) 2450 return 0; 2451 2452 return hci_write_scan_enable_sync(hdev, scan); 2453} 2454 2455int hci_update_name_sync(struct hci_dev *hdev) 2456{ 2457 struct hci_cp_write_local_name cp; 2458 2459 memset(&cp, 0, sizeof(cp)); 2460 2461 memcpy(cp.name, hdev->dev_name, sizeof(cp.name)); 2462 2463 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_LOCAL_NAME, 2464 sizeof(cp), &cp, 2465 HCI_CMD_TIMEOUT); 2466} 2467 2468/* This function perform powered update HCI command sequence after the HCI init 2469 * sequence which end up resetting all states, the sequence is as follows: 2470 * 2471 * HCI_SSP_ENABLED(Enable SSP) 2472 * HCI_LE_ENABLED(Enable LE) 2473 * HCI_LE_ENABLED(use_ll_privacy(Add local IRK to Resolving List) -> 2474 * Update adv data) 2475 * Enable Authentication 2476 * lmp_bredr_capable(Set Fast Connectable -> Set Scan Type -> Set Class -> 2477 * Set Name -> Set EIR) 2478 */ 2479int hci_powered_update_sync(struct hci_dev *hdev) 2480{ 2481 int err; 2482 2483 /* Register the available SMP channels (BR/EDR and LE) only when 2484 * successfully powering on the controller. This late 2485 * registration is required so that LE SMP can clearly decide if 2486 * the public address or static address is used. 2487 */ 2488 smp_register(hdev); 2489 2490 err = hci_write_ssp_mode_sync(hdev, 0x01); 2491 if (err) 2492 return err; 2493 2494 err = hci_write_le_host_supported_sync(hdev, 0x01, 0x00); 2495 if (err) 2496 return err; 2497 2498 err = hci_powered_update_adv_sync(hdev); 2499 if (err) 2500 return err; 2501 2502 err = hci_write_auth_enable_sync(hdev); 2503 if (err) 2504 return err; 2505 2506 if (lmp_bredr_capable(hdev)) { 2507 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) 2508 hci_write_fast_connectable_sync(hdev, true); 2509 else 2510 hci_write_fast_connectable_sync(hdev, false); 2511 hci_update_scan_sync(hdev); 2512 hci_update_class_sync(hdev); 2513 hci_update_name_sync(hdev); 2514 hci_update_eir_sync(hdev); 2515 } 2516 2517 return 0; 2518} 2519 2520/** 2521 * hci_dev_get_bd_addr_from_property - Get the Bluetooth Device Address 2522 * (BD_ADDR) for a HCI device from 2523 * a firmware node property. 2524 * @hdev: The HCI device 2525 * 2526 * Search the firmware node for 'local-bd-address'. 2527 * 2528 * All-zero BD addresses are rejected, because those could be properties 2529 * that exist in the firmware tables, but were not updated by the firmware. For 2530 * example, the DTS could define 'local-bd-address', with zero BD addresses. 2531 */ 2532static void hci_dev_get_bd_addr_from_property(struct hci_dev *hdev) 2533{ 2534 struct fwnode_handle *fwnode = dev_fwnode(hdev->dev.parent); 2535 bdaddr_t ba; 2536 int ret; 2537 2538 ret = fwnode_property_read_u8_array(fwnode, "local-bd-address", 2539 (u8 *)&ba, sizeof(ba)); 2540 if (ret < 0 || !bacmp(&ba, BDADDR_ANY)) 2541 return; 2542 2543 bacpy(&hdev->public_addr, &ba); 2544} 2545 2546struct hci_init_stage { 2547 int (*func)(struct hci_dev *hdev); 2548}; 2549 2550/* Run init stage NULL terminated function table */ 2551static int hci_init_stage_sync(struct hci_dev *hdev, 2552 const struct hci_init_stage *stage) 2553{ 2554 size_t i; 2555 2556 for (i = 0; stage[i].func; i++) { 2557 int err; 2558 2559 err = stage[i].func(hdev); 2560 if (err) 2561 return err; 2562 } 2563 2564 return 0; 2565} 2566 2567/* Read Local Version */ 2568static int hci_read_local_version_sync(struct hci_dev *hdev) 2569{ 2570 return __hci_cmd_sync_status(hdev, HCI_OP_READ_LOCAL_VERSION, 2571 0, NULL, HCI_CMD_TIMEOUT); 2572} 2573 2574/* Read BD Address */ 2575static int hci_read_bd_addr_sync(struct hci_dev *hdev) 2576{ 2577 return __hci_cmd_sync_status(hdev, HCI_OP_READ_BD_ADDR, 2578 0, NULL, HCI_CMD_TIMEOUT); 2579} 2580 2581#define HCI_INIT(_func) \ 2582{ \ 2583 .func = _func, \ 2584} 2585 2586static const struct hci_init_stage hci_init0[] = { 2587 /* HCI_OP_READ_LOCAL_VERSION */ 2588 HCI_INIT(hci_read_local_version_sync), 2589 /* HCI_OP_READ_BD_ADDR */ 2590 HCI_INIT(hci_read_bd_addr_sync), 2591 {} 2592}; 2593 2594int hci_reset_sync(struct hci_dev *hdev) 2595{ 2596 int err; 2597 2598 set_bit(HCI_RESET, &hdev->flags); 2599 2600 err = __hci_cmd_sync_status(hdev, HCI_OP_RESET, 0, NULL, 2601 HCI_CMD_TIMEOUT); 2602 if (err) 2603 return err; 2604 2605 return 0; 2606} 2607 2608static int hci_init0_sync(struct hci_dev *hdev) 2609{ 2610 int err; 2611 2612 bt_dev_dbg(hdev, ""); 2613 2614 /* Reset */ 2615 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) { 2616 err = hci_reset_sync(hdev); 2617 if (err) 2618 return err; 2619 } 2620 2621 return hci_init_stage_sync(hdev, hci_init0); 2622} 2623 2624static int hci_unconf_init_sync(struct hci_dev *hdev) 2625{ 2626 int err; 2627 2628 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 2629 return 0; 2630 2631 err = hci_init0_sync(hdev); 2632 if (err < 0) 2633 return err; 2634 2635 if (hci_dev_test_flag(hdev, HCI_SETUP)) 2636 hci_debugfs_create_basic(hdev); 2637 2638 return 0; 2639} 2640 2641/* Read Local Supported Features. */ 2642static int hci_read_local_features_sync(struct hci_dev *hdev) 2643{ 2644 /* Not all AMP controllers support this command */ 2645 if (hdev->dev_type == HCI_AMP && !(hdev->commands[14] & 0x20)) 2646 return 0; 2647 2648 return __hci_cmd_sync_status(hdev, HCI_OP_READ_LOCAL_FEATURES, 2649 0, NULL, HCI_CMD_TIMEOUT); 2650} 2651 2652/* BR Controller init stage 1 command sequence */ 2653static const struct hci_init_stage br_init1[] = { 2654 /* HCI_OP_READ_LOCAL_FEATURES */ 2655 HCI_INIT(hci_read_local_features_sync), 2656 /* HCI_OP_READ_LOCAL_VERSION */ 2657 HCI_INIT(hci_read_local_version_sync), 2658 /* HCI_OP_READ_BD_ADDR */ 2659 HCI_INIT(hci_read_bd_addr_sync), 2660 {} 2661}; 2662 2663/* Read Local Commands */ 2664static int hci_read_local_cmds_sync(struct hci_dev *hdev) 2665{ 2666 /* All Bluetooth 1.2 and later controllers should support the 2667 * HCI command for reading the local supported commands. 2668 * 2669 * Unfortunately some controllers indicate Bluetooth 1.2 support, 2670 * but do not have support for this command. If that is the case, 2671 * the driver can quirk the behavior and skip reading the local 2672 * supported commands. 2673 */ 2674 if (hdev->hci_ver > BLUETOOTH_VER_1_1 && 2675 !test_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks)) 2676 return __hci_cmd_sync_status(hdev, HCI_OP_READ_LOCAL_COMMANDS, 2677 0, NULL, HCI_CMD_TIMEOUT); 2678 2679 return 0; 2680} 2681 2682/* Read Local AMP Info */ 2683static int hci_read_local_amp_info_sync(struct hci_dev *hdev) 2684{ 2685 return __hci_cmd_sync_status(hdev, HCI_OP_READ_LOCAL_AMP_INFO, 2686 0, NULL, HCI_CMD_TIMEOUT); 2687} 2688 2689/* Read Data Blk size */ 2690static int hci_read_data_block_size_sync(struct hci_dev *hdev) 2691{ 2692 return __hci_cmd_sync_status(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, 2693 0, NULL, HCI_CMD_TIMEOUT); 2694} 2695 2696/* Read Flow Control Mode */ 2697static int hci_read_flow_control_mode_sync(struct hci_dev *hdev) 2698{ 2699 return __hci_cmd_sync_status(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, 2700 0, NULL, HCI_CMD_TIMEOUT); 2701} 2702 2703/* Read Location Data */ 2704static int hci_read_location_data_sync(struct hci_dev *hdev) 2705{ 2706 return __hci_cmd_sync_status(hdev, HCI_OP_READ_LOCATION_DATA, 2707 0, NULL, HCI_CMD_TIMEOUT); 2708} 2709 2710/* AMP Controller init stage 1 command sequence */ 2711static const struct hci_init_stage amp_init1[] = { 2712 /* HCI_OP_READ_LOCAL_VERSION */ 2713 HCI_INIT(hci_read_local_version_sync), 2714 /* HCI_OP_READ_LOCAL_COMMANDS */ 2715 HCI_INIT(hci_read_local_cmds_sync), 2716 /* HCI_OP_READ_LOCAL_AMP_INFO */ 2717 HCI_INIT(hci_read_local_amp_info_sync), 2718 /* HCI_OP_READ_DATA_BLOCK_SIZE */ 2719 HCI_INIT(hci_read_data_block_size_sync), 2720 /* HCI_OP_READ_FLOW_CONTROL_MODE */ 2721 HCI_INIT(hci_read_flow_control_mode_sync), 2722 /* HCI_OP_READ_LOCATION_DATA */ 2723 HCI_INIT(hci_read_location_data_sync), 2724}; 2725 2726static int hci_init1_sync(struct hci_dev *hdev) 2727{ 2728 int err; 2729 2730 bt_dev_dbg(hdev, ""); 2731 2732 /* Reset */ 2733 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) { 2734 err = hci_reset_sync(hdev); 2735 if (err) 2736 return err; 2737 } 2738 2739 switch (hdev->dev_type) { 2740 case HCI_PRIMARY: 2741 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED; 2742 return hci_init_stage_sync(hdev, br_init1); 2743 case HCI_AMP: 2744 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED; 2745 return hci_init_stage_sync(hdev, amp_init1); 2746 default: 2747 bt_dev_err(hdev, "Unknown device type %d", hdev->dev_type); 2748 break; 2749 } 2750 2751 return 0; 2752} 2753 2754/* AMP Controller init stage 2 command sequence */ 2755static const struct hci_init_stage amp_init2[] = { 2756 /* HCI_OP_READ_LOCAL_FEATURES */ 2757 HCI_INIT(hci_read_local_features_sync), 2758}; 2759 2760/* Read Buffer Size (ACL mtu, max pkt, etc.) */ 2761static int hci_read_buffer_size_sync(struct hci_dev *hdev) 2762{ 2763 return __hci_cmd_sync_status(hdev, HCI_OP_READ_BUFFER_SIZE, 2764 0, NULL, HCI_CMD_TIMEOUT); 2765} 2766 2767/* Read Class of Device */ 2768static int hci_read_dev_class_sync(struct hci_dev *hdev) 2769{ 2770 return __hci_cmd_sync_status(hdev, HCI_OP_READ_CLASS_OF_DEV, 2771 0, NULL, HCI_CMD_TIMEOUT); 2772} 2773 2774/* Read Local Name */ 2775static int hci_read_local_name_sync(struct hci_dev *hdev) 2776{ 2777 return __hci_cmd_sync_status(hdev, HCI_OP_READ_LOCAL_NAME, 2778 0, NULL, HCI_CMD_TIMEOUT); 2779} 2780 2781/* Read Voice Setting */ 2782static int hci_read_voice_setting_sync(struct hci_dev *hdev) 2783{ 2784 return __hci_cmd_sync_status(hdev, HCI_OP_READ_VOICE_SETTING, 2785 0, NULL, HCI_CMD_TIMEOUT); 2786} 2787 2788/* Read Number of Supported IAC */ 2789static int hci_read_num_supported_iac_sync(struct hci_dev *hdev) 2790{ 2791 return __hci_cmd_sync_status(hdev, HCI_OP_READ_NUM_SUPPORTED_IAC, 2792 0, NULL, HCI_CMD_TIMEOUT); 2793} 2794 2795/* Read Current IAC LAP */ 2796static int hci_read_current_iac_lap_sync(struct hci_dev *hdev) 2797{ 2798 return __hci_cmd_sync_status(hdev, HCI_OP_READ_CURRENT_IAC_LAP, 2799 0, NULL, HCI_CMD_TIMEOUT); 2800} 2801 2802static int hci_set_event_filter_sync(struct hci_dev *hdev, u8 flt_type, 2803 u8 cond_type, bdaddr_t *bdaddr, 2804 u8 auto_accept) 2805{ 2806 struct hci_cp_set_event_filter cp; 2807 2808 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 2809 return 0; 2810 2811 if (test_bit(HCI_QUIRK_BROKEN_FILTER_CLEAR_ALL, &hdev->quirks)) 2812 return 0; 2813 2814 memset(&cp, 0, sizeof(cp)); 2815 cp.flt_type = flt_type; 2816 2817 if (flt_type != HCI_FLT_CLEAR_ALL) { 2818 cp.cond_type = cond_type; 2819 bacpy(&cp.addr_conn_flt.bdaddr, bdaddr); 2820 cp.addr_conn_flt.auto_accept = auto_accept; 2821 } 2822 2823 return __hci_cmd_sync_status(hdev, HCI_OP_SET_EVENT_FLT, 2824 flt_type == HCI_FLT_CLEAR_ALL ? 2825 sizeof(cp.flt_type) : sizeof(cp), &cp, 2826 HCI_CMD_TIMEOUT); 2827} 2828 2829static int hci_clear_event_filter_sync(struct hci_dev *hdev) 2830{ 2831 if (!hci_dev_test_flag(hdev, HCI_EVENT_FILTER_CONFIGURED)) 2832 return 0; 2833 2834 /* In theory the state machine should not reach here unless 2835 * a hci_set_event_filter_sync() call succeeds, but we do 2836 * the check both for parity and as a future reminder. 2837 */ 2838 if (test_bit(HCI_QUIRK_BROKEN_FILTER_CLEAR_ALL, &hdev->quirks)) 2839 return 0; 2840 2841 return hci_set_event_filter_sync(hdev, HCI_FLT_CLEAR_ALL, 0x00, 2842 BDADDR_ANY, 0x00); 2843} 2844 2845/* Connection accept timeout ~20 secs */ 2846static int hci_write_ca_timeout_sync(struct hci_dev *hdev) 2847{ 2848 __le16 param = cpu_to_le16(0x7d00); 2849 2850 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2851 sizeof(param), ¶m, HCI_CMD_TIMEOUT); 2852} 2853 2854/* BR Controller init stage 2 command sequence */ 2855static const struct hci_init_stage br_init2[] = { 2856 /* HCI_OP_READ_BUFFER_SIZE */ 2857 HCI_INIT(hci_read_buffer_size_sync), 2858 /* HCI_OP_READ_CLASS_OF_DEV */ 2859 HCI_INIT(hci_read_dev_class_sync), 2860 /* HCI_OP_READ_LOCAL_NAME */ 2861 HCI_INIT(hci_read_local_name_sync), 2862 /* HCI_OP_READ_VOICE_SETTING */ 2863 HCI_INIT(hci_read_voice_setting_sync), 2864 /* HCI_OP_READ_NUM_SUPPORTED_IAC */ 2865 HCI_INIT(hci_read_num_supported_iac_sync), 2866 /* HCI_OP_READ_CURRENT_IAC_LAP */ 2867 HCI_INIT(hci_read_current_iac_lap_sync), 2868 /* HCI_OP_SET_EVENT_FLT */ 2869 HCI_INIT(hci_clear_event_filter_sync), 2870 /* HCI_OP_WRITE_CA_TIMEOUT */ 2871 HCI_INIT(hci_write_ca_timeout_sync), 2872 {} 2873}; 2874 2875static int hci_write_ssp_mode_1_sync(struct hci_dev *hdev) 2876{ 2877 u8 mode = 0x01; 2878 2879 if (!lmp_ssp_capable(hdev) || !hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 2880 return 0; 2881 2882 /* When SSP is available, then the host features page 2883 * should also be available as well. However some 2884 * controllers list the max_page as 0 as long as SSP 2885 * has not been enabled. To achieve proper debugging 2886 * output, force the minimum max_page to 1 at least. 2887 */ 2888 hdev->max_page = 0x01; 2889 2890 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_SSP_MODE, 2891 sizeof(mode), &mode, HCI_CMD_TIMEOUT); 2892} 2893 2894static int hci_write_eir_sync(struct hci_dev *hdev) 2895{ 2896 struct hci_cp_write_eir cp; 2897 2898 if (!lmp_ssp_capable(hdev) || hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 2899 return 0; 2900 2901 memset(hdev->eir, 0, sizeof(hdev->eir)); 2902 memset(&cp, 0, sizeof(cp)); 2903 2904 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp, 2905 HCI_CMD_TIMEOUT); 2906} 2907 2908static int hci_write_inquiry_mode_sync(struct hci_dev *hdev) 2909{ 2910 u8 mode; 2911 2912 if (!lmp_inq_rssi_capable(hdev) && 2913 !test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks)) 2914 return 0; 2915 2916 /* If Extended Inquiry Result events are supported, then 2917 * they are clearly preferred over Inquiry Result with RSSI 2918 * events. 2919 */ 2920 mode = lmp_ext_inq_capable(hdev) ? 0x02 : 0x01; 2921 2922 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_INQUIRY_MODE, 2923 sizeof(mode), &mode, HCI_CMD_TIMEOUT); 2924} 2925 2926static int hci_read_inq_rsp_tx_power_sync(struct hci_dev *hdev) 2927{ 2928 if (!lmp_inq_tx_pwr_capable(hdev)) 2929 return 0; 2930 2931 return __hci_cmd_sync_status(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 2932 0, NULL, HCI_CMD_TIMEOUT); 2933} 2934 2935static int hci_read_local_ext_features_sync(struct hci_dev *hdev, u8 page) 2936{ 2937 struct hci_cp_read_local_ext_features cp; 2938 2939 if (!lmp_ext_feat_capable(hdev)) 2940 return 0; 2941 2942 memset(&cp, 0, sizeof(cp)); 2943 cp.page = page; 2944 2945 return __hci_cmd_sync_status(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, 2946 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 2947} 2948 2949static int hci_read_local_ext_features_1_sync(struct hci_dev *hdev) 2950{ 2951 return hci_read_local_ext_features_sync(hdev, 0x01); 2952} 2953 2954/* HCI Controller init stage 2 command sequence */ 2955static const struct hci_init_stage hci_init2[] = { 2956 /* HCI_OP_READ_LOCAL_COMMANDS */ 2957 HCI_INIT(hci_read_local_cmds_sync), 2958 /* HCI_OP_WRITE_SSP_MODE */ 2959 HCI_INIT(hci_write_ssp_mode_1_sync), 2960 /* HCI_OP_WRITE_EIR */ 2961 HCI_INIT(hci_write_eir_sync), 2962 /* HCI_OP_WRITE_INQUIRY_MODE */ 2963 HCI_INIT(hci_write_inquiry_mode_sync), 2964 /* HCI_OP_READ_INQ_RSP_TX_POWER */ 2965 HCI_INIT(hci_read_inq_rsp_tx_power_sync), 2966 /* HCI_OP_READ_LOCAL_EXT_FEATURES */ 2967 HCI_INIT(hci_read_local_ext_features_1_sync), 2968 /* HCI_OP_WRITE_AUTH_ENABLE */ 2969 HCI_INIT(hci_write_auth_enable_sync), 2970 {} 2971}; 2972 2973/* Read LE Buffer Size */ 2974static int hci_le_read_buffer_size_sync(struct hci_dev *hdev) 2975{ 2976 return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 2977 0, NULL, HCI_CMD_TIMEOUT); 2978} 2979 2980/* Read LE Local Supported Features */ 2981static int hci_le_read_local_features_sync(struct hci_dev *hdev) 2982{ 2983 return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_LOCAL_FEATURES, 2984 0, NULL, HCI_CMD_TIMEOUT); 2985} 2986 2987/* Read LE Supported States */ 2988static int hci_le_read_supported_states_sync(struct hci_dev *hdev) 2989{ 2990 return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_SUPPORTED_STATES, 2991 0, NULL, HCI_CMD_TIMEOUT); 2992} 2993 2994/* LE Controller init stage 2 command sequence */ 2995static const struct hci_init_stage le_init2[] = { 2996 /* HCI_OP_LE_READ_BUFFER_SIZE */ 2997 HCI_INIT(hci_le_read_buffer_size_sync), 2998 /* HCI_OP_LE_READ_LOCAL_FEATURES */ 2999 HCI_INIT(hci_le_read_local_features_sync), 3000 /* HCI_OP_LE_READ_SUPPORTED_STATES */ 3001 HCI_INIT(hci_le_read_supported_states_sync), 3002 {} 3003}; 3004 3005static int hci_init2_sync(struct hci_dev *hdev) 3006{ 3007 int err; 3008 3009 bt_dev_dbg(hdev, ""); 3010 3011 if (hdev->dev_type == HCI_AMP) 3012 return hci_init_stage_sync(hdev, amp_init2); 3013 3014 if (lmp_bredr_capable(hdev)) { 3015 err = hci_init_stage_sync(hdev, br_init2); 3016 if (err) 3017 return err; 3018 } else { 3019 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED); 3020 } 3021 3022 if (lmp_le_capable(hdev)) { 3023 err = hci_init_stage_sync(hdev, le_init2); 3024 if (err) 3025 return err; 3026 /* LE-only controllers have LE implicitly enabled */ 3027 if (!lmp_bredr_capable(hdev)) 3028 hci_dev_set_flag(hdev, HCI_LE_ENABLED); 3029 } 3030 3031 return hci_init_stage_sync(hdev, hci_init2); 3032} 3033 3034static int hci_set_event_mask_sync(struct hci_dev *hdev) 3035{ 3036 /* The second byte is 0xff instead of 0x9f (two reserved bits 3037 * disabled) since a Broadcom 1.2 dongle doesn't respond to the 3038 * command otherwise. 3039 */ 3040 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 }; 3041 3042 /* CSR 1.1 dongles does not accept any bitfield so don't try to set 3043 * any event mask for pre 1.2 devices. 3044 */ 3045 if (hdev->hci_ver < BLUETOOTH_VER_1_2) 3046 return 0; 3047 3048 if (lmp_bredr_capable(hdev)) { 3049 events[4] |= 0x01; /* Flow Specification Complete */ 3050 3051 /* Don't set Disconnect Complete when suspended as that 3052 * would wakeup the host when disconnecting due to 3053 * suspend. 3054 */ 3055 if (hdev->suspended) 3056 events[0] &= 0xef; 3057 } else { 3058 /* Use a different default for LE-only devices */ 3059 memset(events, 0, sizeof(events)); 3060 events[1] |= 0x20; /* Command Complete */ 3061 events[1] |= 0x40; /* Command Status */ 3062 events[1] |= 0x80; /* Hardware Error */ 3063 3064 /* If the controller supports the Disconnect command, enable 3065 * the corresponding event. In addition enable packet flow 3066 * control related events. 3067 */ 3068 if (hdev->commands[0] & 0x20) { 3069 /* Don't set Disconnect Complete when suspended as that 3070 * would wakeup the host when disconnecting due to 3071 * suspend. 3072 */ 3073 if (!hdev->suspended) 3074 events[0] |= 0x10; /* Disconnection Complete */ 3075 events[2] |= 0x04; /* Number of Completed Packets */ 3076 events[3] |= 0x02; /* Data Buffer Overflow */ 3077 } 3078 3079 /* If the controller supports the Read Remote Version 3080 * Information command, enable the corresponding event. 3081 */ 3082 if (hdev->commands[2] & 0x80) 3083 events[1] |= 0x08; /* Read Remote Version Information 3084 * Complete 3085 */ 3086 3087 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) { 3088 events[0] |= 0x80; /* Encryption Change */ 3089 events[5] |= 0x80; /* Encryption Key Refresh Complete */ 3090 } 3091 } 3092 3093 if (lmp_inq_rssi_capable(hdev) || 3094 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks)) 3095 events[4] |= 0x02; /* Inquiry Result with RSSI */ 3096 3097 if (lmp_ext_feat_capable(hdev)) 3098 events[4] |= 0x04; /* Read Remote Extended Features Complete */ 3099 3100 if (lmp_esco_capable(hdev)) { 3101 events[5] |= 0x08; /* Synchronous Connection Complete */ 3102 events[5] |= 0x10; /* Synchronous Connection Changed */ 3103 } 3104 3105 if (lmp_sniffsubr_capable(hdev)) 3106 events[5] |= 0x20; /* Sniff Subrating */ 3107 3108 if (lmp_pause_enc_capable(hdev)) 3109 events[5] |= 0x80; /* Encryption Key Refresh Complete */ 3110 3111 if (lmp_ext_inq_capable(hdev)) 3112 events[5] |= 0x40; /* Extended Inquiry Result */ 3113 3114 if (lmp_no_flush_capable(hdev)) 3115 events[7] |= 0x01; /* Enhanced Flush Complete */ 3116 3117 if (lmp_lsto_capable(hdev)) 3118 events[6] |= 0x80; /* Link Supervision Timeout Changed */ 3119 3120 if (lmp_ssp_capable(hdev)) { 3121 events[6] |= 0x01; /* IO Capability Request */ 3122 events[6] |= 0x02; /* IO Capability Response */ 3123 events[6] |= 0x04; /* User Confirmation Request */ 3124 events[6] |= 0x08; /* User Passkey Request */ 3125 events[6] |= 0x10; /* Remote OOB Data Request */ 3126 events[6] |= 0x20; /* Simple Pairing Complete */ 3127 events[7] |= 0x04; /* User Passkey Notification */ 3128 events[7] |= 0x08; /* Keypress Notification */ 3129 events[7] |= 0x10; /* Remote Host Supported 3130 * Features Notification 3131 */ 3132 } 3133 3134 if (lmp_le_capable(hdev)) 3135 events[7] |= 0x20; /* LE Meta-Event */ 3136 3137 return __hci_cmd_sync_status(hdev, HCI_OP_SET_EVENT_MASK, 3138 sizeof(events), events, HCI_CMD_TIMEOUT); 3139} 3140 3141static int hci_read_stored_link_key_sync(struct hci_dev *hdev) 3142{ 3143 struct hci_cp_read_stored_link_key cp; 3144 3145 if (!(hdev->commands[6] & 0x20) || 3146 test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) 3147 return 0; 3148 3149 memset(&cp, 0, sizeof(cp)); 3150 bacpy(&cp.bdaddr, BDADDR_ANY); 3151 cp.read_all = 0x01; 3152 3153 return __hci_cmd_sync_status(hdev, HCI_OP_READ_STORED_LINK_KEY, 3154 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 3155} 3156 3157static int hci_setup_link_policy_sync(struct hci_dev *hdev) 3158{ 3159 struct hci_cp_write_def_link_policy cp; 3160 u16 link_policy = 0; 3161 3162 if (!(hdev->commands[5] & 0x10)) 3163 return 0; 3164 3165 memset(&cp, 0, sizeof(cp)); 3166 3167 if (lmp_rswitch_capable(hdev)) 3168 link_policy |= HCI_LP_RSWITCH; 3169 if (lmp_hold_capable(hdev)) 3170 link_policy |= HCI_LP_HOLD; 3171 if (lmp_sniff_capable(hdev)) 3172 link_policy |= HCI_LP_SNIFF; 3173 if (lmp_park_capable(hdev)) 3174 link_policy |= HCI_LP_PARK; 3175 3176 cp.policy = cpu_to_le16(link_policy); 3177 3178 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 3179 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 3180} 3181 3182static int hci_read_page_scan_activity_sync(struct hci_dev *hdev) 3183{ 3184 if (!(hdev->commands[8] & 0x01)) 3185 return 0; 3186 3187 return __hci_cmd_sync_status(hdev, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 3188 0, NULL, HCI_CMD_TIMEOUT); 3189} 3190 3191static int hci_read_def_err_data_reporting_sync(struct hci_dev *hdev) 3192{ 3193 if (!(hdev->commands[18] & 0x04) || 3194 test_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks)) 3195 return 0; 3196 3197 return __hci_cmd_sync_status(hdev, HCI_OP_READ_DEF_ERR_DATA_REPORTING, 3198 0, NULL, HCI_CMD_TIMEOUT); 3199} 3200 3201static int hci_read_page_scan_type_sync(struct hci_dev *hdev) 3202{ 3203 /* Some older Broadcom based Bluetooth 1.2 controllers do not 3204 * support the Read Page Scan Type command. Check support for 3205 * this command in the bit mask of supported commands. 3206 */ 3207 if (!(hdev->commands[13] & 0x01)) 3208 return 0; 3209 3210 return __hci_cmd_sync_status(hdev, HCI_OP_READ_PAGE_SCAN_TYPE, 3211 0, NULL, HCI_CMD_TIMEOUT); 3212} 3213 3214/* Read features beyond page 1 if available */ 3215static int hci_read_local_ext_features_all_sync(struct hci_dev *hdev) 3216{ 3217 u8 page; 3218 int err; 3219 3220 if (!lmp_ext_feat_capable(hdev)) 3221 return 0; 3222 3223 for (page = 2; page < HCI_MAX_PAGES && page <= hdev->max_page; 3224 page++) { 3225 err = hci_read_local_ext_features_sync(hdev, page); 3226 if (err) 3227 return err; 3228 } 3229 3230 return 0; 3231} 3232 3233/* HCI Controller init stage 3 command sequence */ 3234static const struct hci_init_stage hci_init3[] = { 3235 /* HCI_OP_SET_EVENT_MASK */ 3236 HCI_INIT(hci_set_event_mask_sync), 3237 /* HCI_OP_READ_STORED_LINK_KEY */ 3238 HCI_INIT(hci_read_stored_link_key_sync), 3239 /* HCI_OP_WRITE_DEF_LINK_POLICY */ 3240 HCI_INIT(hci_setup_link_policy_sync), 3241 /* HCI_OP_READ_PAGE_SCAN_ACTIVITY */ 3242 HCI_INIT(hci_read_page_scan_activity_sync), 3243 /* HCI_OP_READ_DEF_ERR_DATA_REPORTING */ 3244 HCI_INIT(hci_read_def_err_data_reporting_sync), 3245 /* HCI_OP_READ_PAGE_SCAN_TYPE */ 3246 HCI_INIT(hci_read_page_scan_type_sync), 3247 /* HCI_OP_READ_LOCAL_EXT_FEATURES */ 3248 HCI_INIT(hci_read_local_ext_features_all_sync), 3249 {} 3250}; 3251 3252static int hci_le_set_event_mask_sync(struct hci_dev *hdev) 3253{ 3254 u8 events[8]; 3255 3256 if (!lmp_le_capable(hdev)) 3257 return 0; 3258 3259 memset(events, 0, sizeof(events)); 3260 3261 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) 3262 events[0] |= 0x10; /* LE Long Term Key Request */ 3263 3264 /* If controller supports the Connection Parameters Request 3265 * Link Layer Procedure, enable the corresponding event. 3266 */ 3267 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC) 3268 /* LE Remote Connection Parameter Request */ 3269 events[0] |= 0x20; 3270 3271 /* If the controller supports the Data Length Extension 3272 * feature, enable the corresponding event. 3273 */ 3274 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) 3275 events[0] |= 0x40; /* LE Data Length Change */ 3276 3277 /* If the controller supports LL Privacy feature or LE Extended Adv, 3278 * enable the corresponding event. 3279 */ 3280 if (use_enhanced_conn_complete(hdev)) 3281 events[1] |= 0x02; /* LE Enhanced Connection Complete */ 3282 3283 /* If the controller supports Extended Scanner Filter 3284 * Policies, enable the corresponding event. 3285 */ 3286 if (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY) 3287 events[1] |= 0x04; /* LE Direct Advertising Report */ 3288 3289 /* If the controller supports Channel Selection Algorithm #2 3290 * feature, enable the corresponding event. 3291 */ 3292 if (hdev->le_features[1] & HCI_LE_CHAN_SEL_ALG2) 3293 events[2] |= 0x08; /* LE Channel Selection Algorithm */ 3294 3295 /* If the controller supports the LE Set Scan Enable command, 3296 * enable the corresponding advertising report event. 3297 */ 3298 if (hdev->commands[26] & 0x08) 3299 events[0] |= 0x02; /* LE Advertising Report */ 3300 3301 /* If the controller supports the LE Create Connection 3302 * command, enable the corresponding event. 3303 */ 3304 if (hdev->commands[26] & 0x10) 3305 events[0] |= 0x01; /* LE Connection Complete */ 3306 3307 /* If the controller supports the LE Connection Update 3308 * command, enable the corresponding event. 3309 */ 3310 if (hdev->commands[27] & 0x04) 3311 events[0] |= 0x04; /* LE Connection Update Complete */ 3312 3313 /* If the controller supports the LE Read Remote Used Features 3314 * command, enable the corresponding event. 3315 */ 3316 if (hdev->commands[27] & 0x20) 3317 /* LE Read Remote Used Features Complete */ 3318 events[0] |= 0x08; 3319 3320 /* If the controller supports the LE Read Local P-256 3321 * Public Key command, enable the corresponding event. 3322 */ 3323 if (hdev->commands[34] & 0x02) 3324 /* LE Read Local P-256 Public Key Complete */ 3325 events[0] |= 0x80; 3326 3327 /* If the controller supports the LE Generate DHKey 3328 * command, enable the corresponding event. 3329 */ 3330 if (hdev->commands[34] & 0x04) 3331 events[1] |= 0x01; /* LE Generate DHKey Complete */ 3332 3333 /* If the controller supports the LE Set Default PHY or 3334 * LE Set PHY commands, enable the corresponding event. 3335 */ 3336 if (hdev->commands[35] & (0x20 | 0x40)) 3337 events[1] |= 0x08; /* LE PHY Update Complete */ 3338 3339 /* If the controller supports LE Set Extended Scan Parameters 3340 * and LE Set Extended Scan Enable commands, enable the 3341 * corresponding event. 3342 */ 3343 if (use_ext_scan(hdev)) 3344 events[1] |= 0x10; /* LE Extended Advertising Report */ 3345 3346 /* If the controller supports the LE Extended Advertising 3347 * command, enable the corresponding event. 3348 */ 3349 if (ext_adv_capable(hdev)) 3350 events[2] |= 0x02; /* LE Advertising Set Terminated */ 3351 3352 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EVENT_MASK, 3353 sizeof(events), events, HCI_CMD_TIMEOUT); 3354} 3355 3356/* Read LE Advertising Channel TX Power */ 3357static int hci_le_read_adv_tx_power_sync(struct hci_dev *hdev) 3358{ 3359 if ((hdev->commands[25] & 0x40) && !ext_adv_capable(hdev)) { 3360 /* HCI TS spec forbids mixing of legacy and extended 3361 * advertising commands wherein READ_ADV_TX_POWER is 3362 * also included. So do not call it if extended adv 3363 * is supported otherwise controller will return 3364 * COMMAND_DISALLOWED for extended commands. 3365 */ 3366 return __hci_cmd_sync_status(hdev, 3367 HCI_OP_LE_READ_ADV_TX_POWER, 3368 0, NULL, HCI_CMD_TIMEOUT); 3369 } 3370 3371 return 0; 3372} 3373 3374/* Read LE Min/Max Tx Power*/ 3375static int hci_le_read_tx_power_sync(struct hci_dev *hdev) 3376{ 3377 if (!(hdev->commands[38] & 0x80) || 3378 test_bit(HCI_QUIRK_BROKEN_READ_TRANSMIT_POWER, &hdev->quirks)) 3379 return 0; 3380 3381 return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_TRANSMIT_POWER, 3382 0, NULL, HCI_CMD_TIMEOUT); 3383} 3384 3385/* Read LE Accept List Size */ 3386static int hci_le_read_accept_list_size_sync(struct hci_dev *hdev) 3387{ 3388 if (!(hdev->commands[26] & 0x40)) 3389 return 0; 3390 3391 return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_ACCEPT_LIST_SIZE, 3392 0, NULL, HCI_CMD_TIMEOUT); 3393} 3394 3395/* Clear LE Accept List */ 3396static int hci_le_clear_accept_list_sync(struct hci_dev *hdev) 3397{ 3398 if (!(hdev->commands[26] & 0x80)) 3399 return 0; 3400 3401 return __hci_cmd_sync_status(hdev, HCI_OP_LE_CLEAR_ACCEPT_LIST, 0, NULL, 3402 HCI_CMD_TIMEOUT); 3403} 3404 3405/* Read LE Resolving List Size */ 3406static int hci_le_read_resolv_list_size_sync(struct hci_dev *hdev) 3407{ 3408 if (!(hdev->commands[34] & 0x40)) 3409 return 0; 3410 3411 return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_RESOLV_LIST_SIZE, 3412 0, NULL, HCI_CMD_TIMEOUT); 3413} 3414 3415/* Clear LE Resolving List */ 3416static int hci_le_clear_resolv_list_sync(struct hci_dev *hdev) 3417{ 3418 if (!(hdev->commands[34] & 0x20)) 3419 return 0; 3420 3421 return __hci_cmd_sync_status(hdev, HCI_OP_LE_CLEAR_RESOLV_LIST, 0, NULL, 3422 HCI_CMD_TIMEOUT); 3423} 3424 3425/* Set RPA timeout */ 3426static int hci_le_set_rpa_timeout_sync(struct hci_dev *hdev) 3427{ 3428 __le16 timeout = cpu_to_le16(hdev->rpa_timeout); 3429 3430 if (!(hdev->commands[35] & 0x04)) 3431 return 0; 3432 3433 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_RPA_TIMEOUT, 3434 sizeof(timeout), &timeout, 3435 HCI_CMD_TIMEOUT); 3436} 3437 3438/* Read LE Maximum Data Length */ 3439static int hci_le_read_max_data_len_sync(struct hci_dev *hdev) 3440{ 3441 if (!(hdev->le_features[0] & HCI_LE_DATA_LEN_EXT)) 3442 return 0; 3443 3444 return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_MAX_DATA_LEN, 0, NULL, 3445 HCI_CMD_TIMEOUT); 3446} 3447 3448/* Read LE Suggested Default Data Length */ 3449static int hci_le_read_def_data_len_sync(struct hci_dev *hdev) 3450{ 3451 if (!(hdev->le_features[0] & HCI_LE_DATA_LEN_EXT)) 3452 return 0; 3453 3454 return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_DEF_DATA_LEN, 0, NULL, 3455 HCI_CMD_TIMEOUT); 3456} 3457 3458/* Read LE Number of Supported Advertising Sets */ 3459static int hci_le_read_num_support_adv_sets_sync(struct hci_dev *hdev) 3460{ 3461 if (!ext_adv_capable(hdev)) 3462 return 0; 3463 3464 return __hci_cmd_sync_status(hdev, 3465 HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS, 3466 0, NULL, HCI_CMD_TIMEOUT); 3467} 3468 3469/* Write LE Host Supported */ 3470static int hci_set_le_support_sync(struct hci_dev *hdev) 3471{ 3472 struct hci_cp_write_le_host_supported cp; 3473 3474 /* LE-only devices do not support explicit enablement */ 3475 if (!lmp_bredr_capable(hdev)) 3476 return 0; 3477 3478 memset(&cp, 0, sizeof(cp)); 3479 3480 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 3481 cp.le = 0x01; 3482 cp.simul = 0x00; 3483 } 3484 3485 if (cp.le == lmp_host_le_capable(hdev)) 3486 return 0; 3487 3488 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, 3489 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 3490} 3491 3492/* LE Controller init stage 3 command sequence */ 3493static const struct hci_init_stage le_init3[] = { 3494 /* HCI_OP_LE_SET_EVENT_MASK */ 3495 HCI_INIT(hci_le_set_event_mask_sync), 3496 /* HCI_OP_LE_READ_ADV_TX_POWER */ 3497 HCI_INIT(hci_le_read_adv_tx_power_sync), 3498 /* HCI_OP_LE_READ_TRANSMIT_POWER */ 3499 HCI_INIT(hci_le_read_tx_power_sync), 3500 /* HCI_OP_LE_READ_ACCEPT_LIST_SIZE */ 3501 HCI_INIT(hci_le_read_accept_list_size_sync), 3502 /* HCI_OP_LE_CLEAR_ACCEPT_LIST */ 3503 HCI_INIT(hci_le_clear_accept_list_sync), 3504 /* HCI_OP_LE_READ_RESOLV_LIST_SIZE */ 3505 HCI_INIT(hci_le_read_resolv_list_size_sync), 3506 /* HCI_OP_LE_CLEAR_RESOLV_LIST */ 3507 HCI_INIT(hci_le_clear_resolv_list_sync), 3508 /* HCI_OP_LE_SET_RPA_TIMEOUT */ 3509 HCI_INIT(hci_le_set_rpa_timeout_sync), 3510 /* HCI_OP_LE_READ_MAX_DATA_LEN */ 3511 HCI_INIT(hci_le_read_max_data_len_sync), 3512 /* HCI_OP_LE_READ_DEF_DATA_LEN */ 3513 HCI_INIT(hci_le_read_def_data_len_sync), 3514 /* HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS */ 3515 HCI_INIT(hci_le_read_num_support_adv_sets_sync), 3516 /* HCI_OP_WRITE_LE_HOST_SUPPORTED */ 3517 HCI_INIT(hci_set_le_support_sync), 3518 {} 3519}; 3520 3521static int hci_init3_sync(struct hci_dev *hdev) 3522{ 3523 int err; 3524 3525 bt_dev_dbg(hdev, ""); 3526 3527 err = hci_init_stage_sync(hdev, hci_init3); 3528 if (err) 3529 return err; 3530 3531 if (lmp_le_capable(hdev)) 3532 return hci_init_stage_sync(hdev, le_init3); 3533 3534 return 0; 3535} 3536 3537static int hci_delete_stored_link_key_sync(struct hci_dev *hdev) 3538{ 3539 struct hci_cp_delete_stored_link_key cp; 3540 3541 /* Some Broadcom based Bluetooth controllers do not support the 3542 * Delete Stored Link Key command. They are clearly indicating its 3543 * absence in the bit mask of supported commands. 3544 * 3545 * Check the supported commands and only if the command is marked 3546 * as supported send it. If not supported assume that the controller 3547 * does not have actual support for stored link keys which makes this 3548 * command redundant anyway. 3549 * 3550 * Some controllers indicate that they support handling deleting 3551 * stored link keys, but they don't. The quirk lets a driver 3552 * just disable this command. 3553 */ 3554 if (!(hdev->commands[6] & 0x80) || 3555 test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) 3556 return 0; 3557 3558 memset(&cp, 0, sizeof(cp)); 3559 bacpy(&cp.bdaddr, BDADDR_ANY); 3560 cp.delete_all = 0x01; 3561 3562 return __hci_cmd_sync_status(hdev, HCI_OP_DELETE_STORED_LINK_KEY, 3563 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 3564} 3565 3566static int hci_set_event_mask_page_2_sync(struct hci_dev *hdev) 3567{ 3568 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 3569 bool changed = false; 3570 3571 /* Set event mask page 2 if the HCI command for it is supported */ 3572 if (!(hdev->commands[22] & 0x04)) 3573 return 0; 3574 3575 /* If Connectionless Peripheral Broadcast central role is supported 3576 * enable all necessary events for it. 3577 */ 3578 if (lmp_cpb_central_capable(hdev)) { 3579 events[1] |= 0x40; /* Triggered Clock Capture */ 3580 events[1] |= 0x80; /* Synchronization Train Complete */ 3581 events[2] |= 0x10; /* Peripheral Page Response Timeout */ 3582 events[2] |= 0x20; /* CPB Channel Map Change */ 3583 changed = true; 3584 } 3585 3586 /* If Connectionless Peripheral Broadcast peripheral role is supported 3587 * enable all necessary events for it. 3588 */ 3589 if (lmp_cpb_peripheral_capable(hdev)) { 3590 events[2] |= 0x01; /* Synchronization Train Received */ 3591 events[2] |= 0x02; /* CPB Receive */ 3592 events[2] |= 0x04; /* CPB Timeout */ 3593 events[2] |= 0x08; /* Truncated Page Complete */ 3594 changed = true; 3595 } 3596 3597 /* Enable Authenticated Payload Timeout Expired event if supported */ 3598 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING) { 3599 events[2] |= 0x80; 3600 changed = true; 3601 } 3602 3603 /* Some Broadcom based controllers indicate support for Set Event 3604 * Mask Page 2 command, but then actually do not support it. Since 3605 * the default value is all bits set to zero, the command is only 3606 * required if the event mask has to be changed. In case no change 3607 * to the event mask is needed, skip this command. 3608 */ 3609 if (!changed) 3610 return 0; 3611 3612 return __hci_cmd_sync_status(hdev, HCI_OP_SET_EVENT_MASK_PAGE_2, 3613 sizeof(events), events, HCI_CMD_TIMEOUT); 3614} 3615 3616/* Read local codec list if the HCI command is supported */ 3617static int hci_read_local_codecs_sync(struct hci_dev *hdev) 3618{ 3619 if (!(hdev->commands[29] & 0x20)) 3620 return 0; 3621 3622 return __hci_cmd_sync_status(hdev, HCI_OP_READ_LOCAL_CODECS, 0, NULL, 3623 HCI_CMD_TIMEOUT); 3624} 3625 3626/* Read local pairing options if the HCI command is supported */ 3627static int hci_read_local_pairing_opts_sync(struct hci_dev *hdev) 3628{ 3629 if (!(hdev->commands[41] & 0x08)) 3630 return 0; 3631 3632 return __hci_cmd_sync_status(hdev, HCI_OP_READ_LOCAL_PAIRING_OPTS, 3633 0, NULL, HCI_CMD_TIMEOUT); 3634} 3635 3636/* Get MWS transport configuration if the HCI command is supported */ 3637static int hci_get_mws_transport_config_sync(struct hci_dev *hdev) 3638{ 3639 if (!(hdev->commands[30] & 0x08)) 3640 return 0; 3641 3642 return __hci_cmd_sync_status(hdev, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 3643 0, NULL, HCI_CMD_TIMEOUT); 3644} 3645 3646/* Check for Synchronization Train support */ 3647static int hci_read_sync_train_params_sync(struct hci_dev *hdev) 3648{ 3649 if (!lmp_sync_train_capable(hdev)) 3650 return 0; 3651 3652 return __hci_cmd_sync_status(hdev, HCI_OP_READ_SYNC_TRAIN_PARAMS, 3653 0, NULL, HCI_CMD_TIMEOUT); 3654} 3655 3656/* Enable Secure Connections if supported and configured */ 3657static int hci_write_sc_support_1_sync(struct hci_dev *hdev) 3658{ 3659 u8 support = 0x01; 3660 3661 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED) || 3662 !bredr_sc_enabled(hdev)) 3663 return 0; 3664 3665 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_SC_SUPPORT, 3666 sizeof(support), &support, 3667 HCI_CMD_TIMEOUT); 3668} 3669 3670/* Set erroneous data reporting if supported to the wideband speech 3671 * setting value 3672 */ 3673static int hci_set_err_data_report_sync(struct hci_dev *hdev) 3674{ 3675 struct hci_cp_write_def_err_data_reporting cp; 3676 bool enabled = hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED); 3677 3678 if (!(hdev->commands[18] & 0x08) || 3679 test_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks)) 3680 return 0; 3681 3682 if (enabled == hdev->err_data_reporting) 3683 return 0; 3684 3685 memset(&cp, 0, sizeof(cp)); 3686 cp.err_data_reporting = enabled ? ERR_DATA_REPORTING_ENABLED : 3687 ERR_DATA_REPORTING_DISABLED; 3688 3689 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_DEF_ERR_DATA_REPORTING, 3690 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 3691} 3692 3693static const struct hci_init_stage hci_init4[] = { 3694 /* HCI_OP_DELETE_STORED_LINK_KEY */ 3695 HCI_INIT(hci_delete_stored_link_key_sync), 3696 /* HCI_OP_SET_EVENT_MASK_PAGE_2 */ 3697 HCI_INIT(hci_set_event_mask_page_2_sync), 3698 /* HCI_OP_READ_LOCAL_CODECS */ 3699 HCI_INIT(hci_read_local_codecs_sync), 3700 /* HCI_OP_READ_LOCAL_PAIRING_OPTS */ 3701 HCI_INIT(hci_read_local_pairing_opts_sync), 3702 /* HCI_OP_GET_MWS_TRANSPORT_CONFIG */ 3703 HCI_INIT(hci_get_mws_transport_config_sync), 3704 /* HCI_OP_READ_SYNC_TRAIN_PARAMS */ 3705 HCI_INIT(hci_read_sync_train_params_sync), 3706 /* HCI_OP_WRITE_SC_SUPPORT */ 3707 HCI_INIT(hci_write_sc_support_1_sync), 3708 /* HCI_OP_WRITE_DEF_ERR_DATA_REPORTING */ 3709 HCI_INIT(hci_set_err_data_report_sync), 3710 {} 3711}; 3712 3713/* Set Suggested Default Data Length to maximum if supported */ 3714static int hci_le_set_write_def_data_len_sync(struct hci_dev *hdev) 3715{ 3716 struct hci_cp_le_write_def_data_len cp; 3717 3718 if (!(hdev->le_features[0] & HCI_LE_DATA_LEN_EXT)) 3719 return 0; 3720 3721 memset(&cp, 0, sizeof(cp)); 3722 cp.tx_len = cpu_to_le16(hdev->le_max_tx_len); 3723 cp.tx_time = cpu_to_le16(hdev->le_max_tx_time); 3724 3725 return __hci_cmd_sync_status(hdev, HCI_OP_LE_WRITE_DEF_DATA_LEN, 3726 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 3727} 3728 3729/* Set Default PHY parameters if command is supported */ 3730static int hci_le_set_default_phy_sync(struct hci_dev *hdev) 3731{ 3732 struct hci_cp_le_set_default_phy cp; 3733 3734 if (!(hdev->commands[35] & 0x20)) 3735 return 0; 3736 3737 memset(&cp, 0, sizeof(cp)); 3738 cp.all_phys = 0x00; 3739 cp.tx_phys = hdev->le_tx_def_phys; 3740 cp.rx_phys = hdev->le_rx_def_phys; 3741 3742 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_DEFAULT_PHY, 3743 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 3744} 3745 3746static const struct hci_init_stage le_init4[] = { 3747 /* HCI_OP_LE_WRITE_DEF_DATA_LEN */ 3748 HCI_INIT(hci_le_set_write_def_data_len_sync), 3749 /* HCI_OP_LE_SET_DEFAULT_PHY */ 3750 HCI_INIT(hci_le_set_default_phy_sync), 3751 {} 3752}; 3753 3754static int hci_init4_sync(struct hci_dev *hdev) 3755{ 3756 int err; 3757 3758 bt_dev_dbg(hdev, ""); 3759 3760 err = hci_init_stage_sync(hdev, hci_init4); 3761 if (err) 3762 return err; 3763 3764 if (lmp_le_capable(hdev)) 3765 return hci_init_stage_sync(hdev, le_init4); 3766 3767 return 0; 3768} 3769 3770static int hci_init_sync(struct hci_dev *hdev) 3771{ 3772 int err; 3773 3774 err = hci_init1_sync(hdev); 3775 if (err < 0) 3776 return err; 3777 3778 if (hci_dev_test_flag(hdev, HCI_SETUP)) 3779 hci_debugfs_create_basic(hdev); 3780 3781 err = hci_init2_sync(hdev); 3782 if (err < 0) 3783 return err; 3784 3785 /* HCI_PRIMARY covers both single-mode LE, BR/EDR and dual-mode 3786 * BR/EDR/LE type controllers. AMP controllers only need the 3787 * first two stages of init. 3788 */ 3789 if (hdev->dev_type != HCI_PRIMARY) 3790 return 0; 3791 3792 err = hci_init3_sync(hdev); 3793 if (err < 0) 3794 return err; 3795 3796 err = hci_init4_sync(hdev); 3797 if (err < 0) 3798 return err; 3799 3800 /* This function is only called when the controller is actually in 3801 * configured state. When the controller is marked as unconfigured, 3802 * this initialization procedure is not run. 3803 * 3804 * It means that it is possible that a controller runs through its 3805 * setup phase and then discovers missing settings. If that is the 3806 * case, then this function will not be called. It then will only 3807 * be called during the config phase. 3808 * 3809 * So only when in setup phase or config phase, create the debugfs 3810 * entries and register the SMP channels. 3811 */ 3812 if (!hci_dev_test_flag(hdev, HCI_SETUP) && 3813 !hci_dev_test_flag(hdev, HCI_CONFIG)) 3814 return 0; 3815 3816 hci_debugfs_create_common(hdev); 3817 3818 if (lmp_bredr_capable(hdev)) 3819 hci_debugfs_create_bredr(hdev); 3820 3821 if (lmp_le_capable(hdev)) 3822 hci_debugfs_create_le(hdev); 3823 3824 return 0; 3825} 3826 3827#define HCI_QUIRK_BROKEN(_quirk, _desc) { HCI_QUIRK_BROKEN_##_quirk, _desc } 3828 3829static const struct { 3830 unsigned long quirk; 3831 const char *desc; 3832} hci_broken_table[] = { 3833 HCI_QUIRK_BROKEN(LOCAL_COMMANDS, 3834 "HCI Read Local Supported Commands not supported"), 3835 HCI_QUIRK_BROKEN(STORED_LINK_KEY, 3836 "HCI Delete Stored Link Key command is advertised, " 3837 "but not supported."), 3838 HCI_QUIRK_BROKEN(ERR_DATA_REPORTING, 3839 "HCI Read Default Erroneous Data Reporting command is " 3840 "advertised, but not supported."), 3841 HCI_QUIRK_BROKEN(READ_TRANSMIT_POWER, 3842 "HCI Read Transmit Power Level command is advertised, " 3843 "but not supported."), 3844 HCI_QUIRK_BROKEN(FILTER_CLEAR_ALL, 3845 "HCI Set Event Filter command not supported."), 3846 HCI_QUIRK_BROKEN(ENHANCED_SETUP_SYNC_CONN, 3847 "HCI Enhanced Setup Synchronous Connection command is " 3848 "advertised, but not supported.") 3849}; 3850 3851int hci_dev_open_sync(struct hci_dev *hdev) 3852{ 3853 int ret = 0; 3854 3855 bt_dev_dbg(hdev, ""); 3856 3857 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) { 3858 ret = -ENODEV; 3859 goto done; 3860 } 3861 3862 if (!hci_dev_test_flag(hdev, HCI_SETUP) && 3863 !hci_dev_test_flag(hdev, HCI_CONFIG)) { 3864 /* Check for rfkill but allow the HCI setup stage to 3865 * proceed (which in itself doesn't cause any RF activity). 3866 */ 3867 if (hci_dev_test_flag(hdev, HCI_RFKILLED)) { 3868 ret = -ERFKILL; 3869 goto done; 3870 } 3871 3872 /* Check for valid public address or a configured static 3873 * random address, but let the HCI setup proceed to 3874 * be able to determine if there is a public address 3875 * or not. 3876 * 3877 * In case of user channel usage, it is not important 3878 * if a public address or static random address is 3879 * available. 3880 * 3881 * This check is only valid for BR/EDR controllers 3882 * since AMP controllers do not have an address. 3883 */ 3884 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) && 3885 hdev->dev_type == HCI_PRIMARY && 3886 !bacmp(&hdev->bdaddr, BDADDR_ANY) && 3887 !bacmp(&hdev->static_addr, BDADDR_ANY)) { 3888 ret = -EADDRNOTAVAIL; 3889 goto done; 3890 } 3891 } 3892 3893 if (test_bit(HCI_UP, &hdev->flags)) { 3894 ret = -EALREADY; 3895 goto done; 3896 } 3897 3898 if (hdev->open(hdev)) { 3899 ret = -EIO; 3900 goto done; 3901 } 3902 3903 set_bit(HCI_RUNNING, &hdev->flags); 3904 hci_sock_dev_event(hdev, HCI_DEV_OPEN); 3905 3906 atomic_set(&hdev->cmd_cnt, 1); 3907 set_bit(HCI_INIT, &hdev->flags); 3908 3909 if (hci_dev_test_flag(hdev, HCI_SETUP) || 3910 test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks)) { 3911 bool invalid_bdaddr; 3912 size_t i; 3913 3914 hci_sock_dev_event(hdev, HCI_DEV_SETUP); 3915 3916 if (hdev->setup) 3917 ret = hdev->setup(hdev); 3918 3919 for (i = 0; i < ARRAY_SIZE(hci_broken_table); i++) { 3920 if (test_bit(hci_broken_table[i].quirk, &hdev->quirks)) 3921 bt_dev_warn(hdev, "%s", 3922 hci_broken_table[i].desc); 3923 } 3924 3925 /* The transport driver can set the quirk to mark the 3926 * BD_ADDR invalid before creating the HCI device or in 3927 * its setup callback. 3928 */ 3929 invalid_bdaddr = test_bit(HCI_QUIRK_INVALID_BDADDR, 3930 &hdev->quirks); 3931 3932 if (ret) 3933 goto setup_failed; 3934 3935 if (test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) { 3936 if (!bacmp(&hdev->public_addr, BDADDR_ANY)) 3937 hci_dev_get_bd_addr_from_property(hdev); 3938 3939 if (bacmp(&hdev->public_addr, BDADDR_ANY) && 3940 hdev->set_bdaddr) { 3941 ret = hdev->set_bdaddr(hdev, 3942 &hdev->public_addr); 3943 3944 /* If setting of the BD_ADDR from the device 3945 * property succeeds, then treat the address 3946 * as valid even if the invalid BD_ADDR 3947 * quirk indicates otherwise. 3948 */ 3949 if (!ret) 3950 invalid_bdaddr = false; 3951 } 3952 } 3953 3954setup_failed: 3955 /* The transport driver can set these quirks before 3956 * creating the HCI device or in its setup callback. 3957 * 3958 * For the invalid BD_ADDR quirk it is possible that 3959 * it becomes a valid address if the bootloader does 3960 * provide it (see above). 3961 * 3962 * In case any of them is set, the controller has to 3963 * start up as unconfigured. 3964 */ 3965 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) || 3966 invalid_bdaddr) 3967 hci_dev_set_flag(hdev, HCI_UNCONFIGURED); 3968 3969 /* For an unconfigured controller it is required to 3970 * read at least the version information provided by 3971 * the Read Local Version Information command. 3972 * 3973 * If the set_bdaddr driver callback is provided, then 3974 * also the original Bluetooth public device address 3975 * will be read using the Read BD Address command. 3976 */ 3977 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) 3978 ret = hci_unconf_init_sync(hdev); 3979 } 3980 3981 if (hci_dev_test_flag(hdev, HCI_CONFIG)) { 3982 /* If public address change is configured, ensure that 3983 * the address gets programmed. If the driver does not 3984 * support changing the public address, fail the power 3985 * on procedure. 3986 */ 3987 if (bacmp(&hdev->public_addr, BDADDR_ANY) && 3988 hdev->set_bdaddr) 3989 ret = hdev->set_bdaddr(hdev, &hdev->public_addr); 3990 else 3991 ret = -EADDRNOTAVAIL; 3992 } 3993 3994 if (!ret) { 3995 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED) && 3996 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) { 3997 ret = hci_init_sync(hdev); 3998 if (!ret && hdev->post_init) 3999 ret = hdev->post_init(hdev); 4000 } 4001 } 4002 4003 /* If the HCI Reset command is clearing all diagnostic settings, 4004 * then they need to be reprogrammed after the init procedure 4005 * completed. 4006 */ 4007 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) && 4008 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) && 4009 hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) && hdev->set_diag) 4010 ret = hdev->set_diag(hdev, true); 4011 4012 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) { 4013 msft_do_open(hdev); 4014 aosp_do_open(hdev); 4015 } 4016 4017 clear_bit(HCI_INIT, &hdev->flags); 4018 4019 if (!ret) { 4020 hci_dev_hold(hdev); 4021 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 4022 hci_adv_instances_set_rpa_expired(hdev, true); 4023 set_bit(HCI_UP, &hdev->flags); 4024 hci_sock_dev_event(hdev, HCI_DEV_UP); 4025 hci_leds_update_powered(hdev, true); 4026 if (!hci_dev_test_flag(hdev, HCI_SETUP) && 4027 !hci_dev_test_flag(hdev, HCI_CONFIG) && 4028 !hci_dev_test_flag(hdev, HCI_UNCONFIGURED) && 4029 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) && 4030 hci_dev_test_flag(hdev, HCI_MGMT) && 4031 hdev->dev_type == HCI_PRIMARY) { 4032 ret = hci_powered_update_sync(hdev); 4033 } 4034 } else { 4035 /* Init failed, cleanup */ 4036 flush_work(&hdev->tx_work); 4037 4038 /* Since hci_rx_work() is possible to awake new cmd_work 4039 * it should be flushed first to avoid unexpected call of 4040 * hci_cmd_work() 4041 */ 4042 flush_work(&hdev->rx_work); 4043 flush_work(&hdev->cmd_work); 4044 4045 skb_queue_purge(&hdev->cmd_q); 4046 skb_queue_purge(&hdev->rx_q); 4047 4048 if (hdev->flush) 4049 hdev->flush(hdev); 4050 4051 if (hdev->sent_cmd) { 4052 kfree_skb(hdev->sent_cmd); 4053 hdev->sent_cmd = NULL; 4054 } 4055 4056 clear_bit(HCI_RUNNING, &hdev->flags); 4057 hci_sock_dev_event(hdev, HCI_DEV_CLOSE); 4058 4059 hdev->close(hdev); 4060 hdev->flags &= BIT(HCI_RAW); 4061 } 4062 4063done: 4064 return ret; 4065} 4066 4067/* This function requires the caller holds hdev->lock */ 4068static void hci_pend_le_actions_clear(struct hci_dev *hdev) 4069{ 4070 struct hci_conn_params *p; 4071 4072 list_for_each_entry(p, &hdev->le_conn_params, list) { 4073 if (p->conn) { 4074 hci_conn_drop(p->conn); 4075 hci_conn_put(p->conn); 4076 p->conn = NULL; 4077 } 4078 list_del_init(&p->action); 4079 } 4080 4081 BT_DBG("All LE pending actions cleared"); 4082} 4083 4084int hci_dev_close_sync(struct hci_dev *hdev) 4085{ 4086 bool auto_off; 4087 int err = 0; 4088 4089 bt_dev_dbg(hdev, ""); 4090 4091 cancel_delayed_work(&hdev->power_off); 4092 cancel_delayed_work(&hdev->ncmd_timer); 4093 4094 hci_request_cancel_all(hdev); 4095 4096 if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) && 4097 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) && 4098 test_bit(HCI_UP, &hdev->flags)) { 4099 /* Execute vendor specific shutdown routine */ 4100 if (hdev->shutdown) 4101 err = hdev->shutdown(hdev); 4102 } 4103 4104 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) { 4105 cancel_delayed_work_sync(&hdev->cmd_timer); 4106 return err; 4107 } 4108 4109 hci_leds_update_powered(hdev, false); 4110 4111 /* Flush RX and TX works */ 4112 flush_work(&hdev->tx_work); 4113 flush_work(&hdev->rx_work); 4114 4115 if (hdev->discov_timeout > 0) { 4116 hdev->discov_timeout = 0; 4117 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 4118 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 4119 } 4120 4121 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) 4122 cancel_delayed_work(&hdev->service_cache); 4123 4124 if (hci_dev_test_flag(hdev, HCI_MGMT)) { 4125 struct adv_info *adv_instance; 4126 4127 cancel_delayed_work_sync(&hdev->rpa_expired); 4128 4129 list_for_each_entry(adv_instance, &hdev->adv_instances, list) 4130 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb); 4131 } 4132 4133 /* Avoid potential lockdep warnings from the *_flush() calls by 4134 * ensuring the workqueue is empty up front. 4135 */ 4136 drain_workqueue(hdev->workqueue); 4137 4138 hci_dev_lock(hdev); 4139 4140 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 4141 4142 auto_off = hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF); 4143 4144 if (!auto_off && hdev->dev_type == HCI_PRIMARY && 4145 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) && 4146 hci_dev_test_flag(hdev, HCI_MGMT)) 4147 __mgmt_power_off(hdev); 4148 4149 hci_inquiry_cache_flush(hdev); 4150 hci_pend_le_actions_clear(hdev); 4151 hci_conn_hash_flush(hdev); 4152 /* Prevent data races on hdev->smp_data or hdev->smp_bredr_data */ 4153 smp_unregister(hdev); 4154 hci_dev_unlock(hdev); 4155 4156 hci_sock_dev_event(hdev, HCI_DEV_DOWN); 4157 4158 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) { 4159 aosp_do_close(hdev); 4160 msft_do_close(hdev); 4161 } 4162 4163 if (hdev->flush) 4164 hdev->flush(hdev); 4165 4166 /* Reset device */ 4167 skb_queue_purge(&hdev->cmd_q); 4168 atomic_set(&hdev->cmd_cnt, 1); 4169 if (test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks) && 4170 !auto_off && !hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 4171 set_bit(HCI_INIT, &hdev->flags); 4172 hci_reset_sync(hdev); 4173 clear_bit(HCI_INIT, &hdev->flags); 4174 } 4175 4176 /* flush cmd work */ 4177 flush_work(&hdev->cmd_work); 4178 4179 /* Drop queues */ 4180 skb_queue_purge(&hdev->rx_q); 4181 skb_queue_purge(&hdev->cmd_q); 4182 skb_queue_purge(&hdev->raw_q); 4183 4184 /* Drop last sent command */ 4185 if (hdev->sent_cmd) { 4186 cancel_delayed_work_sync(&hdev->cmd_timer); 4187 kfree_skb(hdev->sent_cmd); 4188 hdev->sent_cmd = NULL; 4189 } 4190 4191 clear_bit(HCI_RUNNING, &hdev->flags); 4192 hci_sock_dev_event(hdev, HCI_DEV_CLOSE); 4193 4194 /* After this point our queues are empty and no tasks are scheduled. */ 4195 hdev->close(hdev); 4196 4197 /* Clear flags */ 4198 hdev->flags &= BIT(HCI_RAW); 4199 hci_dev_clear_volatile_flags(hdev); 4200 4201 /* Controller radio is available but is currently powered down */ 4202 hdev->amp_status = AMP_STATUS_POWERED_DOWN; 4203 4204 memset(hdev->eir, 0, sizeof(hdev->eir)); 4205 memset(hdev->dev_class, 0, sizeof(hdev->dev_class)); 4206 bacpy(&hdev->random_addr, BDADDR_ANY); 4207 4208 hci_dev_put(hdev); 4209 return err; 4210} 4211 4212/* This function perform power on HCI command sequence as follows: 4213 * 4214 * If controller is already up (HCI_UP) performs hci_powered_update_sync 4215 * sequence otherwise run hci_dev_open_sync which will follow with 4216 * hci_powered_update_sync after the init sequence is completed. 4217 */ 4218static int hci_power_on_sync(struct hci_dev *hdev) 4219{ 4220 int err; 4221 4222 if (test_bit(HCI_UP, &hdev->flags) && 4223 hci_dev_test_flag(hdev, HCI_MGMT) && 4224 hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) { 4225 cancel_delayed_work(&hdev->power_off); 4226 return hci_powered_update_sync(hdev); 4227 } 4228 4229 err = hci_dev_open_sync(hdev); 4230 if (err < 0) 4231 return err; 4232 4233 /* During the HCI setup phase, a few error conditions are 4234 * ignored and they need to be checked now. If they are still 4235 * valid, it is important to return the device back off. 4236 */ 4237 if (hci_dev_test_flag(hdev, HCI_RFKILLED) || 4238 hci_dev_test_flag(hdev, HCI_UNCONFIGURED) || 4239 (hdev->dev_type == HCI_PRIMARY && 4240 !bacmp(&hdev->bdaddr, BDADDR_ANY) && 4241 !bacmp(&hdev->static_addr, BDADDR_ANY))) { 4242 hci_dev_clear_flag(hdev, HCI_AUTO_OFF); 4243 hci_dev_close_sync(hdev); 4244 } else if (hci_dev_test_flag(hdev, HCI_AUTO_OFF)) { 4245 queue_delayed_work(hdev->req_workqueue, &hdev->power_off, 4246 HCI_AUTO_OFF_TIMEOUT); 4247 } 4248 4249 if (hci_dev_test_and_clear_flag(hdev, HCI_SETUP)) { 4250 /* For unconfigured devices, set the HCI_RAW flag 4251 * so that userspace can easily identify them. 4252 */ 4253 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) 4254 set_bit(HCI_RAW, &hdev->flags); 4255 4256 /* For fully configured devices, this will send 4257 * the Index Added event. For unconfigured devices, 4258 * it will send Unconfigued Index Added event. 4259 * 4260 * Devices with HCI_QUIRK_RAW_DEVICE are ignored 4261 * and no event will be send. 4262 */ 4263 mgmt_index_added(hdev); 4264 } else if (hci_dev_test_and_clear_flag(hdev, HCI_CONFIG)) { 4265 /* When the controller is now configured, then it 4266 * is important to clear the HCI_RAW flag. 4267 */ 4268 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) 4269 clear_bit(HCI_RAW, &hdev->flags); 4270 4271 /* Powering on the controller with HCI_CONFIG set only 4272 * happens with the transition from unconfigured to 4273 * configured. This will send the Index Added event. 4274 */ 4275 mgmt_index_added(hdev); 4276 } 4277 4278 return 0; 4279} 4280 4281static int hci_remote_name_cancel_sync(struct hci_dev *hdev, bdaddr_t *addr) 4282{ 4283 struct hci_cp_remote_name_req_cancel cp; 4284 4285 memset(&cp, 0, sizeof(cp)); 4286 bacpy(&cp.bdaddr, addr); 4287 4288 return __hci_cmd_sync_status(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL, 4289 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 4290} 4291 4292int hci_stop_discovery_sync(struct hci_dev *hdev) 4293{ 4294 struct discovery_state *d = &hdev->discovery; 4295 struct inquiry_entry *e; 4296 int err; 4297 4298 bt_dev_dbg(hdev, "state %u", hdev->discovery.state); 4299 4300 if (d->state == DISCOVERY_FINDING || d->state == DISCOVERY_STOPPING) { 4301 if (test_bit(HCI_INQUIRY, &hdev->flags)) { 4302 err = __hci_cmd_sync_status(hdev, HCI_OP_INQUIRY_CANCEL, 4303 0, NULL, HCI_CMD_TIMEOUT); 4304 if (err) 4305 return err; 4306 } 4307 4308 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) { 4309 cancel_delayed_work(&hdev->le_scan_disable); 4310 cancel_delayed_work(&hdev->le_scan_restart); 4311 4312 err = hci_scan_disable_sync(hdev); 4313 if (err) 4314 return err; 4315 } 4316 4317 } else { 4318 err = hci_scan_disable_sync(hdev); 4319 if (err) 4320 return err; 4321 } 4322 4323 /* Resume advertising if it was paused */ 4324 if (use_ll_privacy(hdev)) 4325 hci_resume_advertising_sync(hdev); 4326 4327 /* No further actions needed for LE-only discovery */ 4328 if (d->type == DISCOV_TYPE_LE) 4329 return 0; 4330 4331 if (d->state == DISCOVERY_RESOLVING || d->state == DISCOVERY_STOPPING) { 4332 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, 4333 NAME_PENDING); 4334 if (!e) 4335 return 0; 4336 4337 return hci_remote_name_cancel_sync(hdev, &e->data.bdaddr); 4338 } 4339 4340 return 0; 4341} 4342 4343static int hci_disconnect_phy_link_sync(struct hci_dev *hdev, u16 handle, 4344 u8 reason) 4345{ 4346 struct hci_cp_disconn_phy_link cp; 4347 4348 memset(&cp, 0, sizeof(cp)); 4349 cp.phy_handle = HCI_PHY_HANDLE(handle); 4350 cp.reason = reason; 4351 4352 return __hci_cmd_sync_status(hdev, HCI_OP_DISCONN_PHY_LINK, 4353 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 4354} 4355 4356static int hci_disconnect_sync(struct hci_dev *hdev, struct hci_conn *conn, 4357 u8 reason) 4358{ 4359 struct hci_cp_disconnect cp; 4360 4361 if (conn->type == AMP_LINK) 4362 return hci_disconnect_phy_link_sync(hdev, conn->handle, reason); 4363 4364 memset(&cp, 0, sizeof(cp)); 4365 cp.handle = cpu_to_le16(conn->handle); 4366 cp.reason = reason; 4367 4368 /* Wait for HCI_EV_DISCONN_COMPLETE not HCI_EV_CMD_STATUS when not 4369 * suspending. 4370 */ 4371 if (!hdev->suspended) 4372 return __hci_cmd_sync_status_sk(hdev, HCI_OP_DISCONNECT, 4373 sizeof(cp), &cp, 4374 HCI_EV_DISCONN_COMPLETE, 4375 HCI_CMD_TIMEOUT, NULL); 4376 4377 return __hci_cmd_sync_status(hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp, 4378 HCI_CMD_TIMEOUT); 4379} 4380 4381static int hci_le_connect_cancel_sync(struct hci_dev *hdev, 4382 struct hci_conn *conn) 4383{ 4384 if (test_bit(HCI_CONN_SCANNING, &conn->flags)) 4385 return 0; 4386 4387 return __hci_cmd_sync_status(hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 4388 6, &conn->dst, HCI_CMD_TIMEOUT); 4389} 4390 4391static int hci_connect_cancel_sync(struct hci_dev *hdev, struct hci_conn *conn) 4392{ 4393 if (conn->type == LE_LINK) 4394 return hci_le_connect_cancel_sync(hdev, conn); 4395 4396 if (hdev->hci_ver < BLUETOOTH_VER_1_2) 4397 return 0; 4398 4399 return __hci_cmd_sync_status(hdev, HCI_OP_CREATE_CONN_CANCEL, 4400 6, &conn->dst, HCI_CMD_TIMEOUT); 4401} 4402 4403static int hci_reject_sco_sync(struct hci_dev *hdev, struct hci_conn *conn, 4404 u8 reason) 4405{ 4406 struct hci_cp_reject_sync_conn_req cp; 4407 4408 memset(&cp, 0, sizeof(cp)); 4409 bacpy(&cp.bdaddr, &conn->dst); 4410 cp.reason = reason; 4411 4412 /* SCO rejection has its own limited set of 4413 * allowed error values (0x0D-0x0F). 4414 */ 4415 if (reason < 0x0d || reason > 0x0f) 4416 cp.reason = HCI_ERROR_REJ_LIMITED_RESOURCES; 4417 4418 return __hci_cmd_sync_status(hdev, HCI_OP_REJECT_SYNC_CONN_REQ, 4419 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 4420} 4421 4422static int hci_reject_conn_sync(struct hci_dev *hdev, struct hci_conn *conn, 4423 u8 reason) 4424{ 4425 struct hci_cp_reject_conn_req cp; 4426 4427 if (conn->type == SCO_LINK || conn->type == ESCO_LINK) 4428 return hci_reject_sco_sync(hdev, conn, reason); 4429 4430 memset(&cp, 0, sizeof(cp)); 4431 bacpy(&cp.bdaddr, &conn->dst); 4432 cp.reason = reason; 4433 4434 return __hci_cmd_sync_status(hdev, HCI_OP_REJECT_CONN_REQ, 4435 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 4436} 4437 4438static int hci_abort_conn_sync(struct hci_dev *hdev, struct hci_conn *conn, 4439 u8 reason) 4440{ 4441 int err; 4442 4443 switch (conn->state) { 4444 case BT_CONNECTED: 4445 case BT_CONFIG: 4446 return hci_disconnect_sync(hdev, conn, reason); 4447 case BT_CONNECT: 4448 err = hci_connect_cancel_sync(hdev, conn); 4449 /* Cleanup hci_conn object if it cannot be cancelled as it 4450 * likelly means the controller and host stack are out of sync. 4451 */ 4452 if (err) 4453 hci_conn_failed(conn, err); 4454 4455 return err; 4456 case BT_CONNECT2: 4457 return hci_reject_conn_sync(hdev, conn, reason); 4458 default: 4459 conn->state = BT_CLOSED; 4460 break; 4461 } 4462 4463 return 0; 4464} 4465 4466static int hci_disconnect_all_sync(struct hci_dev *hdev, u8 reason) 4467{ 4468 struct hci_conn *conn, *tmp; 4469 int err; 4470 4471 list_for_each_entry_safe(conn, tmp, &hdev->conn_hash.list, list) { 4472 err = hci_abort_conn_sync(hdev, conn, reason); 4473 if (err) 4474 return err; 4475 } 4476 4477 return 0; 4478} 4479 4480/* This function perform power off HCI command sequence as follows: 4481 * 4482 * Clear Advertising 4483 * Stop Discovery 4484 * Disconnect all connections 4485 * hci_dev_close_sync 4486 */ 4487static int hci_power_off_sync(struct hci_dev *hdev) 4488{ 4489 int err; 4490 4491 /* If controller is already down there is nothing to do */ 4492 if (!test_bit(HCI_UP, &hdev->flags)) 4493 return 0; 4494 4495 if (test_bit(HCI_ISCAN, &hdev->flags) || 4496 test_bit(HCI_PSCAN, &hdev->flags)) { 4497 err = hci_write_scan_enable_sync(hdev, 0x00); 4498 if (err) 4499 return err; 4500 } 4501 4502 err = hci_clear_adv_sync(hdev, NULL, false); 4503 if (err) 4504 return err; 4505 4506 err = hci_stop_discovery_sync(hdev); 4507 if (err) 4508 return err; 4509 4510 /* Terminated due to Power Off */ 4511 err = hci_disconnect_all_sync(hdev, HCI_ERROR_REMOTE_POWER_OFF); 4512 if (err) 4513 return err; 4514 4515 return hci_dev_close_sync(hdev); 4516} 4517 4518int hci_set_powered_sync(struct hci_dev *hdev, u8 val) 4519{ 4520 if (val) 4521 return hci_power_on_sync(hdev); 4522 4523 return hci_power_off_sync(hdev); 4524} 4525 4526static int hci_write_iac_sync(struct hci_dev *hdev) 4527{ 4528 struct hci_cp_write_current_iac_lap cp; 4529 4530 if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 4531 return 0; 4532 4533 memset(&cp, 0, sizeof(cp)); 4534 4535 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) { 4536 /* Limited discoverable mode */ 4537 cp.num_iac = min_t(u8, hdev->num_iac, 2); 4538 cp.iac_lap[0] = 0x00; /* LIAC */ 4539 cp.iac_lap[1] = 0x8b; 4540 cp.iac_lap[2] = 0x9e; 4541 cp.iac_lap[3] = 0x33; /* GIAC */ 4542 cp.iac_lap[4] = 0x8b; 4543 cp.iac_lap[5] = 0x9e; 4544 } else { 4545 /* General discoverable mode */ 4546 cp.num_iac = 1; 4547 cp.iac_lap[0] = 0x33; /* GIAC */ 4548 cp.iac_lap[1] = 0x8b; 4549 cp.iac_lap[2] = 0x9e; 4550 } 4551 4552 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_CURRENT_IAC_LAP, 4553 (cp.num_iac * 3) + 1, &cp, 4554 HCI_CMD_TIMEOUT); 4555} 4556 4557int hci_update_discoverable_sync(struct hci_dev *hdev) 4558{ 4559 int err = 0; 4560 4561 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 4562 err = hci_write_iac_sync(hdev); 4563 if (err) 4564 return err; 4565 4566 err = hci_update_scan_sync(hdev); 4567 if (err) 4568 return err; 4569 4570 err = hci_update_class_sync(hdev); 4571 if (err) 4572 return err; 4573 } 4574 4575 /* Advertising instances don't use the global discoverable setting, so 4576 * only update AD if advertising was enabled using Set Advertising. 4577 */ 4578 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 4579 err = hci_update_adv_data_sync(hdev, 0x00); 4580 if (err) 4581 return err; 4582 4583 /* Discoverable mode affects the local advertising 4584 * address in limited privacy mode. 4585 */ 4586 if (hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) { 4587 if (ext_adv_capable(hdev)) 4588 err = hci_start_ext_adv_sync(hdev, 0x00); 4589 else 4590 err = hci_enable_advertising_sync(hdev); 4591 } 4592 } 4593 4594 return err; 4595} 4596 4597static int update_discoverable_sync(struct hci_dev *hdev, void *data) 4598{ 4599 return hci_update_discoverable_sync(hdev); 4600} 4601 4602int hci_update_discoverable(struct hci_dev *hdev) 4603{ 4604 /* Only queue if it would have any effect */ 4605 if (hdev_is_powered(hdev) && 4606 hci_dev_test_flag(hdev, HCI_ADVERTISING) && 4607 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 4608 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) 4609 return hci_cmd_sync_queue(hdev, update_discoverable_sync, NULL, 4610 NULL); 4611 4612 return 0; 4613} 4614 4615int hci_update_connectable_sync(struct hci_dev *hdev) 4616{ 4617 int err; 4618 4619 err = hci_update_scan_sync(hdev); 4620 if (err) 4621 return err; 4622 4623 /* If BR/EDR is not enabled and we disable advertising as a 4624 * by-product of disabling connectable, we need to update the 4625 * advertising flags. 4626 */ 4627 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 4628 err = hci_update_adv_data_sync(hdev, hdev->cur_adv_instance); 4629 4630 /* Update the advertising parameters if necessary */ 4631 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 4632 !list_empty(&hdev->adv_instances)) { 4633 if (ext_adv_capable(hdev)) 4634 err = hci_start_ext_adv_sync(hdev, 4635 hdev->cur_adv_instance); 4636 else 4637 err = hci_enable_advertising_sync(hdev); 4638 4639 if (err) 4640 return err; 4641 } 4642 4643 return hci_update_passive_scan_sync(hdev); 4644} 4645 4646static int hci_inquiry_sync(struct hci_dev *hdev, u8 length) 4647{ 4648 const u8 giac[3] = { 0x33, 0x8b, 0x9e }; 4649 const u8 liac[3] = { 0x00, 0x8b, 0x9e }; 4650 struct hci_cp_inquiry cp; 4651 4652 bt_dev_dbg(hdev, ""); 4653 4654 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) 4655 return 0; 4656 4657 hci_dev_lock(hdev); 4658 hci_inquiry_cache_flush(hdev); 4659 hci_dev_unlock(hdev); 4660 4661 memset(&cp, 0, sizeof(cp)); 4662 4663 if (hdev->discovery.limited) 4664 memcpy(&cp.lap, liac, sizeof(cp.lap)); 4665 else 4666 memcpy(&cp.lap, giac, sizeof(cp.lap)); 4667 4668 cp.length = length; 4669 4670 return __hci_cmd_sync_status(hdev, HCI_OP_INQUIRY, 4671 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 4672} 4673 4674static int hci_active_scan_sync(struct hci_dev *hdev, uint16_t interval) 4675{ 4676 u8 own_addr_type; 4677 /* Accept list is not used for discovery */ 4678 u8 filter_policy = 0x00; 4679 /* Default is to enable duplicates filter */ 4680 u8 filter_dup = LE_SCAN_FILTER_DUP_ENABLE; 4681 int err; 4682 4683 bt_dev_dbg(hdev, ""); 4684 4685 /* If controller is scanning, it means the passive scanning is 4686 * running. Thus, we should temporarily stop it in order to set the 4687 * discovery scanning parameters. 4688 */ 4689 err = hci_scan_disable_sync(hdev); 4690 if (err) { 4691 bt_dev_err(hdev, "Unable to disable scanning: %d", err); 4692 return err; 4693 } 4694 4695 cancel_interleave_scan(hdev); 4696 4697 /* Pause advertising since active scanning disables address resolution 4698 * which advertising depend on in order to generate its RPAs. 4699 */ 4700 if (use_ll_privacy(hdev)) { 4701 err = hci_pause_advertising_sync(hdev); 4702 if (err) { 4703 bt_dev_err(hdev, "pause advertising failed: %d", err); 4704 goto failed; 4705 } 4706 } 4707 4708 /* Disable address resolution while doing active scanning since the 4709 * accept list shall not be used and all reports shall reach the host 4710 * anyway. 4711 */ 4712 err = hci_le_set_addr_resolution_enable_sync(hdev, 0x00); 4713 if (err) { 4714 bt_dev_err(hdev, "Unable to disable Address Resolution: %d", 4715 err); 4716 goto failed; 4717 } 4718 4719 /* All active scans will be done with either a resolvable private 4720 * address (when privacy feature has been enabled) or non-resolvable 4721 * private address. 4722 */ 4723 err = hci_update_random_address_sync(hdev, true, scan_use_rpa(hdev), 4724 &own_addr_type); 4725 if (err < 0) 4726 own_addr_type = ADDR_LE_DEV_PUBLIC; 4727 4728 if (hci_is_adv_monitoring(hdev)) { 4729 /* Duplicate filter should be disabled when some advertisement 4730 * monitor is activated, otherwise AdvMon can only receive one 4731 * advertisement for one peer(*) during active scanning, and 4732 * might report loss to these peers. 4733 * 4734 * Note that different controllers have different meanings of 4735 * |duplicate|. Some of them consider packets with the same 4736 * address as duplicate, and others consider packets with the 4737 * same address and the same RSSI as duplicate. Although in the 4738 * latter case we don't need to disable duplicate filter, but 4739 * it is common to have active scanning for a short period of 4740 * time, the power impact should be neglectable. 4741 */ 4742 filter_dup = LE_SCAN_FILTER_DUP_DISABLE; 4743 } 4744 4745 err = hci_start_scan_sync(hdev, LE_SCAN_ACTIVE, interval, 4746 hdev->le_scan_window_discovery, 4747 own_addr_type, filter_policy, filter_dup); 4748 if (!err) 4749 return err; 4750 4751failed: 4752 /* Resume advertising if it was paused */ 4753 if (use_ll_privacy(hdev)) 4754 hci_resume_advertising_sync(hdev); 4755 4756 /* Resume passive scanning */ 4757 hci_update_passive_scan_sync(hdev); 4758 return err; 4759} 4760 4761static int hci_start_interleaved_discovery_sync(struct hci_dev *hdev) 4762{ 4763 int err; 4764 4765 bt_dev_dbg(hdev, ""); 4766 4767 err = hci_active_scan_sync(hdev, hdev->le_scan_int_discovery * 2); 4768 if (err) 4769 return err; 4770 4771 return hci_inquiry_sync(hdev, DISCOV_BREDR_INQUIRY_LEN); 4772} 4773 4774int hci_start_discovery_sync(struct hci_dev *hdev) 4775{ 4776 unsigned long timeout; 4777 int err; 4778 4779 bt_dev_dbg(hdev, "type %u", hdev->discovery.type); 4780 4781 switch (hdev->discovery.type) { 4782 case DISCOV_TYPE_BREDR: 4783 return hci_inquiry_sync(hdev, DISCOV_BREDR_INQUIRY_LEN); 4784 case DISCOV_TYPE_INTERLEAVED: 4785 /* When running simultaneous discovery, the LE scanning time 4786 * should occupy the whole discovery time sine BR/EDR inquiry 4787 * and LE scanning are scheduled by the controller. 4788 * 4789 * For interleaving discovery in comparison, BR/EDR inquiry 4790 * and LE scanning are done sequentially with separate 4791 * timeouts. 4792 */ 4793 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, 4794 &hdev->quirks)) { 4795 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT); 4796 /* During simultaneous discovery, we double LE scan 4797 * interval. We must leave some time for the controller 4798 * to do BR/EDR inquiry. 4799 */ 4800 err = hci_start_interleaved_discovery_sync(hdev); 4801 break; 4802 } 4803 4804 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout); 4805 err = hci_active_scan_sync(hdev, hdev->le_scan_int_discovery); 4806 break; 4807 case DISCOV_TYPE_LE: 4808 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT); 4809 err = hci_active_scan_sync(hdev, hdev->le_scan_int_discovery); 4810 break; 4811 default: 4812 return -EINVAL; 4813 } 4814 4815 if (err) 4816 return err; 4817 4818 bt_dev_dbg(hdev, "timeout %u ms", jiffies_to_msecs(timeout)); 4819 4820 /* When service discovery is used and the controller has a 4821 * strict duplicate filter, it is important to remember the 4822 * start and duration of the scan. This is required for 4823 * restarting scanning during the discovery phase. 4824 */ 4825 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) && 4826 hdev->discovery.result_filtering) { 4827 hdev->discovery.scan_start = jiffies; 4828 hdev->discovery.scan_duration = timeout; 4829 } 4830 4831 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_disable, 4832 timeout); 4833 return 0; 4834} 4835 4836static void hci_suspend_monitor_sync(struct hci_dev *hdev) 4837{ 4838 switch (hci_get_adv_monitor_offload_ext(hdev)) { 4839 case HCI_ADV_MONITOR_EXT_MSFT: 4840 msft_suspend_sync(hdev); 4841 break; 4842 default: 4843 return; 4844 } 4845} 4846 4847/* This function disables discovery and mark it as paused */ 4848static int hci_pause_discovery_sync(struct hci_dev *hdev) 4849{ 4850 int old_state = hdev->discovery.state; 4851 int err; 4852 4853 /* If discovery already stopped/stopping/paused there nothing to do */ 4854 if (old_state == DISCOVERY_STOPPED || old_state == DISCOVERY_STOPPING || 4855 hdev->discovery_paused) 4856 return 0; 4857 4858 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 4859 err = hci_stop_discovery_sync(hdev); 4860 if (err) 4861 return err; 4862 4863 hdev->discovery_paused = true; 4864 hdev->discovery_old_state = old_state; 4865 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 4866 4867 return 0; 4868} 4869 4870static int hci_update_event_filter_sync(struct hci_dev *hdev) 4871{ 4872 struct bdaddr_list_with_flags *b; 4873 u8 scan = SCAN_DISABLED; 4874 bool scanning = test_bit(HCI_PSCAN, &hdev->flags); 4875 int err; 4876 4877 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 4878 return 0; 4879 4880 /* Some fake CSR controllers lock up after setting this type of 4881 * filter, so avoid sending the request altogether. 4882 */ 4883 if (test_bit(HCI_QUIRK_BROKEN_FILTER_CLEAR_ALL, &hdev->quirks)) 4884 return 0; 4885 4886 /* Always clear event filter when starting */ 4887 hci_clear_event_filter_sync(hdev); 4888 4889 list_for_each_entry(b, &hdev->accept_list, list) { 4890 if (!(b->flags & HCI_CONN_FLAG_REMOTE_WAKEUP)) 4891 continue; 4892 4893 bt_dev_dbg(hdev, "Adding event filters for %pMR", &b->bdaddr); 4894 4895 err = hci_set_event_filter_sync(hdev, HCI_FLT_CONN_SETUP, 4896 HCI_CONN_SETUP_ALLOW_BDADDR, 4897 &b->bdaddr, 4898 HCI_CONN_SETUP_AUTO_ON); 4899 if (err) 4900 bt_dev_dbg(hdev, "Failed to set event filter for %pMR", 4901 &b->bdaddr); 4902 else 4903 scan = SCAN_PAGE; 4904 } 4905 4906 if (scan && !scanning) 4907 hci_write_scan_enable_sync(hdev, scan); 4908 else if (!scan && scanning) 4909 hci_write_scan_enable_sync(hdev, scan); 4910 4911 return 0; 4912} 4913 4914/* This function disables scan (BR and LE) and mark it as paused */ 4915static int hci_pause_scan_sync(struct hci_dev *hdev) 4916{ 4917 if (hdev->scanning_paused) 4918 return 0; 4919 4920 /* Disable page scan if enabled */ 4921 if (test_bit(HCI_PSCAN, &hdev->flags)) 4922 hci_write_scan_enable_sync(hdev, SCAN_DISABLED); 4923 4924 hci_scan_disable_sync(hdev); 4925 4926 hdev->scanning_paused = true; 4927 4928 return 0; 4929} 4930 4931/* This function performs the HCI suspend procedures in the follow order: 4932 * 4933 * Pause discovery (active scanning/inquiry) 4934 * Pause Directed Advertising/Advertising 4935 * Pause Scanning (passive scanning in case discovery was not active) 4936 * Disconnect all connections 4937 * Set suspend_status to BT_SUSPEND_DISCONNECT if hdev cannot wakeup 4938 * otherwise: 4939 * Update event mask (only set events that are allowed to wake up the host) 4940 * Update event filter (with devices marked with HCI_CONN_FLAG_REMOTE_WAKEUP) 4941 * Update passive scanning (lower duty cycle) 4942 * Set suspend_status to BT_SUSPEND_CONFIGURE_WAKE 4943 */ 4944int hci_suspend_sync(struct hci_dev *hdev) 4945{ 4946 int err; 4947 4948 /* If marked as suspended there nothing to do */ 4949 if (hdev->suspended) 4950 return 0; 4951 4952 /* Mark device as suspended */ 4953 hdev->suspended = true; 4954 4955 /* Pause discovery if not already stopped */ 4956 hci_pause_discovery_sync(hdev); 4957 4958 /* Pause other advertisements */ 4959 hci_pause_advertising_sync(hdev); 4960 4961 /* Suspend monitor filters */ 4962 hci_suspend_monitor_sync(hdev); 4963 4964 /* Prevent disconnects from causing scanning to be re-enabled */ 4965 hci_pause_scan_sync(hdev); 4966 4967 /* Soft disconnect everything (power off) */ 4968 err = hci_disconnect_all_sync(hdev, HCI_ERROR_REMOTE_POWER_OFF); 4969 if (err) { 4970 /* Set state to BT_RUNNING so resume doesn't notify */ 4971 hdev->suspend_state = BT_RUNNING; 4972 hci_resume_sync(hdev); 4973 return err; 4974 } 4975 4976 /* Only configure accept list if disconnect succeeded and wake 4977 * isn't being prevented. 4978 */ 4979 if (!hdev->wakeup || !hdev->wakeup(hdev)) { 4980 hdev->suspend_state = BT_SUSPEND_DISCONNECT; 4981 return 0; 4982 } 4983 4984 /* Unpause to take care of updating scanning params */ 4985 hdev->scanning_paused = false; 4986 4987 /* Update event mask so only the allowed event can wakeup the host */ 4988 hci_set_event_mask_sync(hdev); 4989 4990 /* Enable event filter for paired devices */ 4991 hci_update_event_filter_sync(hdev); 4992 4993 /* Update LE passive scan if enabled */ 4994 hci_update_passive_scan_sync(hdev); 4995 4996 /* Pause scan changes again. */ 4997 hdev->scanning_paused = true; 4998 4999 hdev->suspend_state = BT_SUSPEND_CONFIGURE_WAKE; 5000 5001 return 0; 5002} 5003 5004/* This function resumes discovery */ 5005static int hci_resume_discovery_sync(struct hci_dev *hdev) 5006{ 5007 int err; 5008 5009 /* If discovery not paused there nothing to do */ 5010 if (!hdev->discovery_paused) 5011 return 0; 5012 5013 hdev->discovery_paused = false; 5014 5015 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 5016 5017 err = hci_start_discovery_sync(hdev); 5018 5019 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED : 5020 DISCOVERY_FINDING); 5021 5022 return err; 5023} 5024 5025static void hci_resume_monitor_sync(struct hci_dev *hdev) 5026{ 5027 switch (hci_get_adv_monitor_offload_ext(hdev)) { 5028 case HCI_ADV_MONITOR_EXT_MSFT: 5029 msft_resume_sync(hdev); 5030 break; 5031 default: 5032 return; 5033 } 5034} 5035 5036/* This function resume scan and reset paused flag */ 5037static int hci_resume_scan_sync(struct hci_dev *hdev) 5038{ 5039 if (!hdev->scanning_paused) 5040 return 0; 5041 5042 hci_update_scan_sync(hdev); 5043 5044 /* Reset passive scanning to normal */ 5045 hci_update_passive_scan_sync(hdev); 5046 5047 hdev->scanning_paused = false; 5048 5049 return 0; 5050} 5051 5052/* This function performs the HCI suspend procedures in the follow order: 5053 * 5054 * Restore event mask 5055 * Clear event filter 5056 * Update passive scanning (normal duty cycle) 5057 * Resume Directed Advertising/Advertising 5058 * Resume discovery (active scanning/inquiry) 5059 */ 5060int hci_resume_sync(struct hci_dev *hdev) 5061{ 5062 /* If not marked as suspended there nothing to do */ 5063 if (!hdev->suspended) 5064 return 0; 5065 5066 hdev->suspended = false; 5067 hdev->scanning_paused = false; 5068 5069 /* Restore event mask */ 5070 hci_set_event_mask_sync(hdev); 5071 5072 /* Clear any event filters and restore scan state */ 5073 hci_clear_event_filter_sync(hdev); 5074 5075 /* Resume scanning */ 5076 hci_resume_scan_sync(hdev); 5077 5078 /* Resume monitor filters */ 5079 hci_resume_monitor_sync(hdev); 5080 5081 /* Resume other advertisements */ 5082 hci_resume_advertising_sync(hdev); 5083 5084 /* Resume discovery */ 5085 hci_resume_discovery_sync(hdev); 5086 5087 return 0; 5088} 5089 5090static bool conn_use_rpa(struct hci_conn *conn) 5091{ 5092 struct hci_dev *hdev = conn->hdev; 5093 5094 return hci_dev_test_flag(hdev, HCI_PRIVACY); 5095} 5096 5097static int hci_le_ext_directed_advertising_sync(struct hci_dev *hdev, 5098 struct hci_conn *conn) 5099{ 5100 struct hci_cp_le_set_ext_adv_params cp; 5101 int err; 5102 bdaddr_t random_addr; 5103 u8 own_addr_type; 5104 5105 err = hci_update_random_address_sync(hdev, false, conn_use_rpa(conn), 5106 &own_addr_type); 5107 if (err) 5108 return err; 5109 5110 /* Set require_privacy to false so that the remote device has a 5111 * chance of identifying us. 5112 */ 5113 err = hci_get_random_address(hdev, false, conn_use_rpa(conn), NULL, 5114 &own_addr_type, &random_addr); 5115 if (err) 5116 return err; 5117 5118 memset(&cp, 0, sizeof(cp)); 5119 5120 cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_DIRECT_IND); 5121 cp.own_addr_type = own_addr_type; 5122 cp.channel_map = hdev->le_adv_channel_map; 5123 cp.tx_power = HCI_TX_POWER_INVALID; 5124 cp.primary_phy = HCI_ADV_PHY_1M; 5125 cp.secondary_phy = HCI_ADV_PHY_1M; 5126 cp.handle = 0x00; /* Use instance 0 for directed adv */ 5127 cp.own_addr_type = own_addr_type; 5128 cp.peer_addr_type = conn->dst_type; 5129 bacpy(&cp.peer_addr, &conn->dst); 5130 5131 /* As per Core Spec 5.2 Vol 2, PART E, Sec 7.8.53, for 5132 * advertising_event_property LE_LEGACY_ADV_DIRECT_IND 5133 * does not supports advertising data when the advertising set already 5134 * contains some, the controller shall return erroc code 'Invalid 5135 * HCI Command Parameters(0x12). 5136 * So it is required to remove adv set for handle 0x00. since we use 5137 * instance 0 for directed adv. 5138 */ 5139 err = hci_remove_ext_adv_instance_sync(hdev, cp.handle, NULL); 5140 if (err) 5141 return err; 5142 5143 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS, 5144 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 5145 if (err) 5146 return err; 5147 5148 /* Check if random address need to be updated */ 5149 if (own_addr_type == ADDR_LE_DEV_RANDOM && 5150 bacmp(&random_addr, BDADDR_ANY) && 5151 bacmp(&random_addr, &hdev->random_addr)) { 5152 err = hci_set_adv_set_random_addr_sync(hdev, 0x00, 5153 &random_addr); 5154 if (err) 5155 return err; 5156 } 5157 5158 return hci_enable_ext_advertising_sync(hdev, 0x00); 5159} 5160 5161static int hci_le_directed_advertising_sync(struct hci_dev *hdev, 5162 struct hci_conn *conn) 5163{ 5164 struct hci_cp_le_set_adv_param cp; 5165 u8 status; 5166 u8 own_addr_type; 5167 u8 enable; 5168 5169 if (ext_adv_capable(hdev)) 5170 return hci_le_ext_directed_advertising_sync(hdev, conn); 5171 5172 /* Clear the HCI_LE_ADV bit temporarily so that the 5173 * hci_update_random_address knows that it's safe to go ahead 5174 * and write a new random address. The flag will be set back on 5175 * as soon as the SET_ADV_ENABLE HCI command completes. 5176 */ 5177 hci_dev_clear_flag(hdev, HCI_LE_ADV); 5178 5179 /* Set require_privacy to false so that the remote device has a 5180 * chance of identifying us. 5181 */ 5182 status = hci_update_random_address_sync(hdev, false, conn_use_rpa(conn), 5183 &own_addr_type); 5184 if (status) 5185 return status; 5186 5187 memset(&cp, 0, sizeof(cp)); 5188 5189 /* Some controllers might reject command if intervals are not 5190 * within range for undirected advertising. 5191 * BCM20702A0 is known to be affected by this. 5192 */ 5193 cp.min_interval = cpu_to_le16(0x0020); 5194 cp.max_interval = cpu_to_le16(0x0020); 5195 5196 cp.type = LE_ADV_DIRECT_IND; 5197 cp.own_address_type = own_addr_type; 5198 cp.direct_addr_type = conn->dst_type; 5199 bacpy(&cp.direct_addr, &conn->dst); 5200 cp.channel_map = hdev->le_adv_channel_map; 5201 5202 status = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_PARAM, 5203 sizeof(cp), &cp, HCI_CMD_TIMEOUT); 5204 if (status) 5205 return status; 5206 5207 enable = 0x01; 5208 5209 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_ENABLE, 5210 sizeof(enable), &enable, HCI_CMD_TIMEOUT); 5211} 5212 5213static void set_ext_conn_params(struct hci_conn *conn, 5214 struct hci_cp_le_ext_conn_param *p) 5215{ 5216 struct hci_dev *hdev = conn->hdev; 5217 5218 memset(p, 0, sizeof(*p)); 5219 5220 p->scan_interval = cpu_to_le16(hdev->le_scan_int_connect); 5221 p->scan_window = cpu_to_le16(hdev->le_scan_window_connect); 5222 p->conn_interval_min = cpu_to_le16(conn->le_conn_min_interval); 5223 p->conn_interval_max = cpu_to_le16(conn->le_conn_max_interval); 5224 p->conn_latency = cpu_to_le16(conn->le_conn_latency); 5225 p->supervision_timeout = cpu_to_le16(conn->le_supv_timeout); 5226 p->min_ce_len = cpu_to_le16(0x0000); 5227 p->max_ce_len = cpu_to_le16(0x0000); 5228} 5229 5230static int hci_le_ext_create_conn_sync(struct hci_dev *hdev, 5231 struct hci_conn *conn, u8 own_addr_type) 5232{ 5233 struct hci_cp_le_ext_create_conn *cp; 5234 struct hci_cp_le_ext_conn_param *p; 5235 u8 data[sizeof(*cp) + sizeof(*p) * 3]; 5236 u32 plen; 5237 5238 cp = (void *)data; 5239 p = (void *)cp->data; 5240 5241 memset(cp, 0, sizeof(*cp)); 5242 5243 bacpy(&cp->peer_addr, &conn->dst); 5244 cp->peer_addr_type = conn->dst_type; 5245 cp->own_addr_type = own_addr_type; 5246 5247 plen = sizeof(*cp); 5248 5249 if (scan_1m(hdev)) { 5250 cp->phys |= LE_SCAN_PHY_1M; 5251 set_ext_conn_params(conn, p); 5252 5253 p++; 5254 plen += sizeof(*p); 5255 } 5256 5257 if (scan_2m(hdev)) { 5258 cp->phys |= LE_SCAN_PHY_2M; 5259 set_ext_conn_params(conn, p); 5260 5261 p++; 5262 plen += sizeof(*p); 5263 } 5264 5265 if (scan_coded(hdev)) { 5266 cp->phys |= LE_SCAN_PHY_CODED; 5267 set_ext_conn_params(conn, p); 5268 5269 plen += sizeof(*p); 5270 } 5271 5272 return __hci_cmd_sync_status_sk(hdev, HCI_OP_LE_EXT_CREATE_CONN, 5273 plen, data, 5274 HCI_EV_LE_ENHANCED_CONN_COMPLETE, 5275 conn->conn_timeout, NULL); 5276} 5277 5278int hci_le_create_conn_sync(struct hci_dev *hdev, struct hci_conn *conn) 5279{ 5280 struct hci_cp_le_create_conn cp; 5281 struct hci_conn_params *params; 5282 u8 own_addr_type; 5283 int err; 5284 5285 /* If requested to connect as peripheral use directed advertising */ 5286 if (conn->role == HCI_ROLE_SLAVE) { 5287 /* If we're active scanning and simultaneous roles is not 5288 * enabled simply reject the attempt. 5289 */ 5290 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 5291 hdev->le_scan_type == LE_SCAN_ACTIVE && 5292 !hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES)) { 5293 hci_conn_del(conn); 5294 return -EBUSY; 5295 } 5296 5297 /* Pause advertising while doing directed advertising. */ 5298 hci_pause_advertising_sync(hdev); 5299 5300 err = hci_le_directed_advertising_sync(hdev, conn); 5301 goto done; 5302 } 5303 5304 /* Disable advertising if simultaneous roles is not in use. */ 5305 if (!hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES)) 5306 hci_pause_advertising_sync(hdev); 5307 5308 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type); 5309 if (params) { 5310 conn->le_conn_min_interval = params->conn_min_interval; 5311 conn->le_conn_max_interval = params->conn_max_interval; 5312 conn->le_conn_latency = params->conn_latency; 5313 conn->le_supv_timeout = params->supervision_timeout; 5314 } else { 5315 conn->le_conn_min_interval = hdev->le_conn_min_interval; 5316 conn->le_conn_max_interval = hdev->le_conn_max_interval; 5317 conn->le_conn_latency = hdev->le_conn_latency; 5318 conn->le_supv_timeout = hdev->le_supv_timeout; 5319 } 5320 5321 /* If controller is scanning, we stop it since some controllers are 5322 * not able to scan and connect at the same time. Also set the 5323 * HCI_LE_SCAN_INTERRUPTED flag so that the command complete 5324 * handler for scan disabling knows to set the correct discovery 5325 * state. 5326 */ 5327 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) { 5328 hci_scan_disable_sync(hdev); 5329 hci_dev_set_flag(hdev, HCI_LE_SCAN_INTERRUPTED); 5330 } 5331 5332 /* Update random address, but set require_privacy to false so 5333 * that we never connect with an non-resolvable address. 5334 */ 5335 err = hci_update_random_address_sync(hdev, false, conn_use_rpa(conn), 5336 &own_addr_type); 5337 if (err) 5338 goto done; 5339 5340 if (use_ext_conn(hdev)) { 5341 err = hci_le_ext_create_conn_sync(hdev, conn, own_addr_type); 5342 goto done; 5343 } 5344 5345 memset(&cp, 0, sizeof(cp)); 5346 5347 cp.scan_interval = cpu_to_le16(hdev->le_scan_int_connect); 5348 cp.scan_window = cpu_to_le16(hdev->le_scan_window_connect); 5349 5350 bacpy(&cp.peer_addr, &conn->dst); 5351 cp.peer_addr_type = conn->dst_type; 5352 cp.own_address_type = own_addr_type; 5353 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval); 5354 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval); 5355 cp.conn_latency = cpu_to_le16(conn->le_conn_latency); 5356 cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout); 5357 cp.min_ce_len = cpu_to_le16(0x0000); 5358 cp.max_ce_len = cpu_to_le16(0x0000); 5359 5360 /* BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E page 2261: 5361 * 5362 * If this event is unmasked and the HCI_LE_Connection_Complete event 5363 * is unmasked, only the HCI_LE_Enhanced_Connection_Complete event is 5364 * sent when a new connection has been created. 5365 */ 5366 err = __hci_cmd_sync_status_sk(hdev, HCI_OP_LE_CREATE_CONN, 5367 sizeof(cp), &cp, 5368 use_enhanced_conn_complete(hdev) ? 5369 HCI_EV_LE_ENHANCED_CONN_COMPLETE : 5370 HCI_EV_LE_CONN_COMPLETE, 5371 conn->conn_timeout, NULL); 5372 5373done: 5374 /* Re-enable advertising after the connection attempt is finished. */ 5375 hci_resume_advertising_sync(hdev); 5376 return err; 5377}