Merge tag 'm68k-for-v4.9-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert...
[platform/kernel/linux-exynos.git] / net / bluetooth / hci_request.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3
4    Copyright (C) 2014 Intel Corporation
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 #include <asm/unaligned.h>
25
26 #include <net/bluetooth/bluetooth.h>
27 #include <net/bluetooth/hci_core.h>
28 #include <net/bluetooth/mgmt.h>
29
30 #include "smp.h"
31 #include "hci_request.h"
32
33 #define HCI_REQ_DONE      0
34 #define HCI_REQ_PEND      1
35 #define HCI_REQ_CANCELED  2
36
37 void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
38 {
39         skb_queue_head_init(&req->cmd_q);
40         req->hdev = hdev;
41         req->err = 0;
42 }
43
44 static int req_run(struct hci_request *req, hci_req_complete_t complete,
45                    hci_req_complete_skb_t complete_skb)
46 {
47         struct hci_dev *hdev = req->hdev;
48         struct sk_buff *skb;
49         unsigned long flags;
50
51         BT_DBG("length %u", skb_queue_len(&req->cmd_q));
52
53         /* If an error occurred during request building, remove all HCI
54          * commands queued on the HCI request queue.
55          */
56         if (req->err) {
57                 skb_queue_purge(&req->cmd_q);
58                 return req->err;
59         }
60
61         /* Do not allow empty requests */
62         if (skb_queue_empty(&req->cmd_q))
63                 return -ENODATA;
64
65         skb = skb_peek_tail(&req->cmd_q);
66         if (complete) {
67                 bt_cb(skb)->hci.req_complete = complete;
68         } else if (complete_skb) {
69                 bt_cb(skb)->hci.req_complete_skb = complete_skb;
70                 bt_cb(skb)->hci.req_flags |= HCI_REQ_SKB;
71         }
72
73         spin_lock_irqsave(&hdev->cmd_q.lock, flags);
74         skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
75         spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
76
77         queue_work(hdev->workqueue, &hdev->cmd_work);
78
79         return 0;
80 }
81
82 int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
83 {
84         return req_run(req, complete, NULL);
85 }
86
87 int hci_req_run_skb(struct hci_request *req, hci_req_complete_skb_t complete)
88 {
89         return req_run(req, NULL, complete);
90 }
91
92 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode,
93                                   struct sk_buff *skb)
94 {
95         BT_DBG("%s result 0x%2.2x", hdev->name, result);
96
97         if (hdev->req_status == HCI_REQ_PEND) {
98                 hdev->req_result = result;
99                 hdev->req_status = HCI_REQ_DONE;
100                 if (skb)
101                         hdev->req_skb = skb_get(skb);
102                 wake_up_interruptible(&hdev->req_wait_q);
103         }
104 }
105
106 void hci_req_sync_cancel(struct hci_dev *hdev, int err)
107 {
108         BT_DBG("%s err 0x%2.2x", hdev->name, err);
109
110         if (hdev->req_status == HCI_REQ_PEND) {
111                 hdev->req_result = err;
112                 hdev->req_status = HCI_REQ_CANCELED;
113                 wake_up_interruptible(&hdev->req_wait_q);
114         }
115 }
116
117 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
118                                   const void *param, u8 event, u32 timeout)
119 {
120         DECLARE_WAITQUEUE(wait, current);
121         struct hci_request req;
122         struct sk_buff *skb;
123         int err = 0;
124
125         BT_DBG("%s", hdev->name);
126
127         hci_req_init(&req, hdev);
128
129         hci_req_add_ev(&req, opcode, plen, param, event);
130
131         hdev->req_status = HCI_REQ_PEND;
132
133         add_wait_queue(&hdev->req_wait_q, &wait);
134         set_current_state(TASK_INTERRUPTIBLE);
135
136         err = hci_req_run_skb(&req, hci_req_sync_complete);
137         if (err < 0) {
138                 remove_wait_queue(&hdev->req_wait_q, &wait);
139                 set_current_state(TASK_RUNNING);
140                 return ERR_PTR(err);
141         }
142
143         schedule_timeout(timeout);
144
145         remove_wait_queue(&hdev->req_wait_q, &wait);
146
147         if (signal_pending(current))
148                 return ERR_PTR(-EINTR);
149
150         switch (hdev->req_status) {
151         case HCI_REQ_DONE:
152                 err = -bt_to_errno(hdev->req_result);
153                 break;
154
155         case HCI_REQ_CANCELED:
156                 err = -hdev->req_result;
157                 break;
158
159         default:
160                 err = -ETIMEDOUT;
161                 break;
162         }
163
164         hdev->req_status = hdev->req_result = 0;
165         skb = hdev->req_skb;
166         hdev->req_skb = NULL;
167
168         BT_DBG("%s end: err %d", hdev->name, err);
169
170         if (err < 0) {
171                 kfree_skb(skb);
172                 return ERR_PTR(err);
173         }
174
175         if (!skb)
176                 return ERR_PTR(-ENODATA);
177
178         return skb;
179 }
180 EXPORT_SYMBOL(__hci_cmd_sync_ev);
181
182 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
183                                const void *param, u32 timeout)
184 {
185         return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
186 }
187 EXPORT_SYMBOL(__hci_cmd_sync);
188
189 /* Execute request and wait for completion. */
190 int __hci_req_sync(struct hci_dev *hdev, int (*func)(struct hci_request *req,
191                                                      unsigned long opt),
192                    unsigned long opt, u32 timeout, u8 *hci_status)
193 {
194         struct hci_request req;
195         DECLARE_WAITQUEUE(wait, current);
196         int err = 0;
197
198         BT_DBG("%s start", hdev->name);
199
200         hci_req_init(&req, hdev);
201
202         hdev->req_status = HCI_REQ_PEND;
203
204         err = func(&req, opt);
205         if (err) {
206                 if (hci_status)
207                         *hci_status = HCI_ERROR_UNSPECIFIED;
208                 return err;
209         }
210
211         add_wait_queue(&hdev->req_wait_q, &wait);
212         set_current_state(TASK_INTERRUPTIBLE);
213
214         err = hci_req_run_skb(&req, hci_req_sync_complete);
215         if (err < 0) {
216                 hdev->req_status = 0;
217
218                 remove_wait_queue(&hdev->req_wait_q, &wait);
219                 set_current_state(TASK_RUNNING);
220
221                 /* ENODATA means the HCI request command queue is empty.
222                  * This can happen when a request with conditionals doesn't
223                  * trigger any commands to be sent. This is normal behavior
224                  * and should not trigger an error return.
225                  */
226                 if (err == -ENODATA) {
227                         if (hci_status)
228                                 *hci_status = 0;
229                         return 0;
230                 }
231
232                 if (hci_status)
233                         *hci_status = HCI_ERROR_UNSPECIFIED;
234
235                 return err;
236         }
237
238         schedule_timeout(timeout);
239
240         remove_wait_queue(&hdev->req_wait_q, &wait);
241
242         if (signal_pending(current))
243                 return -EINTR;
244
245         switch (hdev->req_status) {
246         case HCI_REQ_DONE:
247                 err = -bt_to_errno(hdev->req_result);
248                 if (hci_status)
249                         *hci_status = hdev->req_result;
250                 break;
251
252         case HCI_REQ_CANCELED:
253                 err = -hdev->req_result;
254                 if (hci_status)
255                         *hci_status = HCI_ERROR_UNSPECIFIED;
256                 break;
257
258         default:
259                 err = -ETIMEDOUT;
260                 if (hci_status)
261                         *hci_status = HCI_ERROR_UNSPECIFIED;
262                 break;
263         }
264
265         kfree_skb(hdev->req_skb);
266         hdev->req_skb = NULL;
267         hdev->req_status = hdev->req_result = 0;
268
269         BT_DBG("%s end: err %d", hdev->name, err);
270
271         return err;
272 }
273
274 int hci_req_sync(struct hci_dev *hdev, int (*req)(struct hci_request *req,
275                                                   unsigned long opt),
276                  unsigned long opt, u32 timeout, u8 *hci_status)
277 {
278         int ret;
279
280         if (!test_bit(HCI_UP, &hdev->flags))
281                 return -ENETDOWN;
282
283         /* Serialize all requests */
284         hci_req_sync_lock(hdev);
285         ret = __hci_req_sync(hdev, req, opt, timeout, hci_status);
286         hci_req_sync_unlock(hdev);
287
288         return ret;
289 }
290
291 struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode, u32 plen,
292                                 const void *param)
293 {
294         int len = HCI_COMMAND_HDR_SIZE + plen;
295         struct hci_command_hdr *hdr;
296         struct sk_buff *skb;
297
298         skb = bt_skb_alloc(len, GFP_ATOMIC);
299         if (!skb)
300                 return NULL;
301
302         hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
303         hdr->opcode = cpu_to_le16(opcode);
304         hdr->plen   = plen;
305
306         if (plen)
307                 memcpy(skb_put(skb, plen), param, plen);
308
309         BT_DBG("skb len %d", skb->len);
310
311         hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
312         hci_skb_opcode(skb) = opcode;
313
314         return skb;
315 }
316
317 /* Queue a command to an asynchronous HCI request */
318 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
319                     const void *param, u8 event)
320 {
321         struct hci_dev *hdev = req->hdev;
322         struct sk_buff *skb;
323
324         BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
325
326         /* If an error occurred during request building, there is no point in
327          * queueing the HCI command. We can simply return.
328          */
329         if (req->err)
330                 return;
331
332         skb = hci_prepare_cmd(hdev, opcode, plen, param);
333         if (!skb) {
334                 BT_ERR("%s no memory for command (opcode 0x%4.4x)",
335                        hdev->name, opcode);
336                 req->err = -ENOMEM;
337                 return;
338         }
339
340         if (skb_queue_empty(&req->cmd_q))
341                 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
342
343         bt_cb(skb)->hci.req_event = event;
344
345         skb_queue_tail(&req->cmd_q, skb);
346 }
347
348 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
349                  const void *param)
350 {
351         hci_req_add_ev(req, opcode, plen, param, 0);
352 }
353
354 void __hci_req_write_fast_connectable(struct hci_request *req, bool enable)
355 {
356         struct hci_dev *hdev = req->hdev;
357         struct hci_cp_write_page_scan_activity acp;
358         u8 type;
359
360         if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
361                 return;
362
363         if (hdev->hci_ver < BLUETOOTH_VER_1_2)
364                 return;
365
366         if (enable) {
367                 type = PAGE_SCAN_TYPE_INTERLACED;
368
369                 /* 160 msec page scan interval */
370                 acp.interval = cpu_to_le16(0x0100);
371         } else {
372                 type = PAGE_SCAN_TYPE_STANDARD; /* default */
373
374                 /* default 1.28 sec page scan */
375                 acp.interval = cpu_to_le16(0x0800);
376         }
377
378         acp.window = cpu_to_le16(0x0012);
379
380         if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
381             __cpu_to_le16(hdev->page_scan_window) != acp.window)
382                 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
383                             sizeof(acp), &acp);
384
385         if (hdev->page_scan_type != type)
386                 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
387 }
388
389 /* This function controls the background scanning based on hdev->pend_le_conns
390  * list. If there are pending LE connection we start the background scanning,
391  * otherwise we stop it.
392  *
393  * This function requires the caller holds hdev->lock.
394  */
395 static void __hci_update_background_scan(struct hci_request *req)
396 {
397         struct hci_dev *hdev = req->hdev;
398
399         if (!test_bit(HCI_UP, &hdev->flags) ||
400             test_bit(HCI_INIT, &hdev->flags) ||
401             hci_dev_test_flag(hdev, HCI_SETUP) ||
402             hci_dev_test_flag(hdev, HCI_CONFIG) ||
403             hci_dev_test_flag(hdev, HCI_AUTO_OFF) ||
404             hci_dev_test_flag(hdev, HCI_UNREGISTER))
405                 return;
406
407         /* No point in doing scanning if LE support hasn't been enabled */
408         if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
409                 return;
410
411         /* If discovery is active don't interfere with it */
412         if (hdev->discovery.state != DISCOVERY_STOPPED)
413                 return;
414
415         /* Reset RSSI and UUID filters when starting background scanning
416          * since these filters are meant for service discovery only.
417          *
418          * The Start Discovery and Start Service Discovery operations
419          * ensure to set proper values for RSSI threshold and UUID
420          * filter list. So it is safe to just reset them here.
421          */
422         hci_discovery_filter_clear(hdev);
423
424         if (list_empty(&hdev->pend_le_conns) &&
425             list_empty(&hdev->pend_le_reports)) {
426                 /* If there is no pending LE connections or devices
427                  * to be scanned for, we should stop the background
428                  * scanning.
429                  */
430
431                 /* If controller is not scanning we are done. */
432                 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
433                         return;
434
435                 hci_req_add_le_scan_disable(req);
436
437                 BT_DBG("%s stopping background scanning", hdev->name);
438         } else {
439                 /* If there is at least one pending LE connection, we should
440                  * keep the background scan running.
441                  */
442
443                 /* If controller is connecting, we should not start scanning
444                  * since some controllers are not able to scan and connect at
445                  * the same time.
446                  */
447                 if (hci_lookup_le_connect(hdev))
448                         return;
449
450                 /* If controller is currently scanning, we stop it to ensure we
451                  * don't miss any advertising (due to duplicates filter).
452                  */
453                 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
454                         hci_req_add_le_scan_disable(req);
455
456                 hci_req_add_le_passive_scan(req);
457
458                 BT_DBG("%s starting background scanning", hdev->name);
459         }
460 }
461
462 void __hci_req_update_name(struct hci_request *req)
463 {
464         struct hci_dev *hdev = req->hdev;
465         struct hci_cp_write_local_name cp;
466
467         memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
468
469         hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
470 }
471
472 #define PNP_INFO_SVCLASS_ID             0x1200
473
474 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
475 {
476         u8 *ptr = data, *uuids_start = NULL;
477         struct bt_uuid *uuid;
478
479         if (len < 4)
480                 return ptr;
481
482         list_for_each_entry(uuid, &hdev->uuids, list) {
483                 u16 uuid16;
484
485                 if (uuid->size != 16)
486                         continue;
487
488                 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
489                 if (uuid16 < 0x1100)
490                         continue;
491
492                 if (uuid16 == PNP_INFO_SVCLASS_ID)
493                         continue;
494
495                 if (!uuids_start) {
496                         uuids_start = ptr;
497                         uuids_start[0] = 1;
498                         uuids_start[1] = EIR_UUID16_ALL;
499                         ptr += 2;
500                 }
501
502                 /* Stop if not enough space to put next UUID */
503                 if ((ptr - data) + sizeof(u16) > len) {
504                         uuids_start[1] = EIR_UUID16_SOME;
505                         break;
506                 }
507
508                 *ptr++ = (uuid16 & 0x00ff);
509                 *ptr++ = (uuid16 & 0xff00) >> 8;
510                 uuids_start[0] += sizeof(uuid16);
511         }
512
513         return ptr;
514 }
515
516 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
517 {
518         u8 *ptr = data, *uuids_start = NULL;
519         struct bt_uuid *uuid;
520
521         if (len < 6)
522                 return ptr;
523
524         list_for_each_entry(uuid, &hdev->uuids, list) {
525                 if (uuid->size != 32)
526                         continue;
527
528                 if (!uuids_start) {
529                         uuids_start = ptr;
530                         uuids_start[0] = 1;
531                         uuids_start[1] = EIR_UUID32_ALL;
532                         ptr += 2;
533                 }
534
535                 /* Stop if not enough space to put next UUID */
536                 if ((ptr - data) + sizeof(u32) > len) {
537                         uuids_start[1] = EIR_UUID32_SOME;
538                         break;
539                 }
540
541                 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
542                 ptr += sizeof(u32);
543                 uuids_start[0] += sizeof(u32);
544         }
545
546         return ptr;
547 }
548
549 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
550 {
551         u8 *ptr = data, *uuids_start = NULL;
552         struct bt_uuid *uuid;
553
554         if (len < 18)
555                 return ptr;
556
557         list_for_each_entry(uuid, &hdev->uuids, list) {
558                 if (uuid->size != 128)
559                         continue;
560
561                 if (!uuids_start) {
562                         uuids_start = ptr;
563                         uuids_start[0] = 1;
564                         uuids_start[1] = EIR_UUID128_ALL;
565                         ptr += 2;
566                 }
567
568                 /* Stop if not enough space to put next UUID */
569                 if ((ptr - data) + 16 > len) {
570                         uuids_start[1] = EIR_UUID128_SOME;
571                         break;
572                 }
573
574                 memcpy(ptr, uuid->uuid, 16);
575                 ptr += 16;
576                 uuids_start[0] += 16;
577         }
578
579         return ptr;
580 }
581
582 static void create_eir(struct hci_dev *hdev, u8 *data)
583 {
584         u8 *ptr = data;
585         size_t name_len;
586
587         name_len = strlen(hdev->dev_name);
588
589         if (name_len > 0) {
590                 /* EIR Data type */
591                 if (name_len > 48) {
592                         name_len = 48;
593                         ptr[1] = EIR_NAME_SHORT;
594                 } else
595                         ptr[1] = EIR_NAME_COMPLETE;
596
597                 /* EIR Data length */
598                 ptr[0] = name_len + 1;
599
600                 memcpy(ptr + 2, hdev->dev_name, name_len);
601
602                 ptr += (name_len + 2);
603         }
604
605         if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
606                 ptr[0] = 2;
607                 ptr[1] = EIR_TX_POWER;
608                 ptr[2] = (u8) hdev->inq_tx_power;
609
610                 ptr += 3;
611         }
612
613         if (hdev->devid_source > 0) {
614                 ptr[0] = 9;
615                 ptr[1] = EIR_DEVICE_ID;
616
617                 put_unaligned_le16(hdev->devid_source, ptr + 2);
618                 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
619                 put_unaligned_le16(hdev->devid_product, ptr + 6);
620                 put_unaligned_le16(hdev->devid_version, ptr + 8);
621
622                 ptr += 10;
623         }
624
625         ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
626         ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
627         ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
628 }
629
630 void __hci_req_update_eir(struct hci_request *req)
631 {
632         struct hci_dev *hdev = req->hdev;
633         struct hci_cp_write_eir cp;
634
635         if (!hdev_is_powered(hdev))
636                 return;
637
638         if (!lmp_ext_inq_capable(hdev))
639                 return;
640
641         if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
642                 return;
643
644         if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
645                 return;
646
647         memset(&cp, 0, sizeof(cp));
648
649         create_eir(hdev, cp.data);
650
651         if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
652                 return;
653
654         memcpy(hdev->eir, cp.data, sizeof(cp.data));
655
656         hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
657 }
658
659 void hci_req_add_le_scan_disable(struct hci_request *req)
660 {
661         struct hci_cp_le_set_scan_enable cp;
662
663         memset(&cp, 0, sizeof(cp));
664         cp.enable = LE_SCAN_DISABLE;
665         hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
666 }
667
668 static void add_to_white_list(struct hci_request *req,
669                               struct hci_conn_params *params)
670 {
671         struct hci_cp_le_add_to_white_list cp;
672
673         cp.bdaddr_type = params->addr_type;
674         bacpy(&cp.bdaddr, &params->addr);
675
676         hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp);
677 }
678
679 static u8 update_white_list(struct hci_request *req)
680 {
681         struct hci_dev *hdev = req->hdev;
682         struct hci_conn_params *params;
683         struct bdaddr_list *b;
684         uint8_t white_list_entries = 0;
685
686         /* Go through the current white list programmed into the
687          * controller one by one and check if that address is still
688          * in the list of pending connections or list of devices to
689          * report. If not present in either list, then queue the
690          * command to remove it from the controller.
691          */
692         list_for_each_entry(b, &hdev->le_white_list, list) {
693                 /* If the device is neither in pend_le_conns nor
694                  * pend_le_reports then remove it from the whitelist.
695                  */
696                 if (!hci_pend_le_action_lookup(&hdev->pend_le_conns,
697                                                &b->bdaddr, b->bdaddr_type) &&
698                     !hci_pend_le_action_lookup(&hdev->pend_le_reports,
699                                                &b->bdaddr, b->bdaddr_type)) {
700                         struct hci_cp_le_del_from_white_list cp;
701
702                         cp.bdaddr_type = b->bdaddr_type;
703                         bacpy(&cp.bdaddr, &b->bdaddr);
704
705                         hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST,
706                                     sizeof(cp), &cp);
707                         continue;
708                 }
709
710                 if (hci_find_irk_by_addr(hdev, &b->bdaddr, b->bdaddr_type)) {
711                         /* White list can not be used with RPAs */
712                         return 0x00;
713                 }
714
715                 white_list_entries++;
716         }
717
718         /* Since all no longer valid white list entries have been
719          * removed, walk through the list of pending connections
720          * and ensure that any new device gets programmed into
721          * the controller.
722          *
723          * If the list of the devices is larger than the list of
724          * available white list entries in the controller, then
725          * just abort and return filer policy value to not use the
726          * white list.
727          */
728         list_for_each_entry(params, &hdev->pend_le_conns, action) {
729                 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
730                                            &params->addr, params->addr_type))
731                         continue;
732
733                 if (white_list_entries >= hdev->le_white_list_size) {
734                         /* Select filter policy to accept all advertising */
735                         return 0x00;
736                 }
737
738                 if (hci_find_irk_by_addr(hdev, &params->addr,
739                                          params->addr_type)) {
740                         /* White list can not be used with RPAs */
741                         return 0x00;
742                 }
743
744                 white_list_entries++;
745                 add_to_white_list(req, params);
746         }
747
748         /* After adding all new pending connections, walk through
749          * the list of pending reports and also add these to the
750          * white list if there is still space.
751          */
752         list_for_each_entry(params, &hdev->pend_le_reports, action) {
753                 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
754                                            &params->addr, params->addr_type))
755                         continue;
756
757                 if (white_list_entries >= hdev->le_white_list_size) {
758                         /* Select filter policy to accept all advertising */
759                         return 0x00;
760                 }
761
762                 if (hci_find_irk_by_addr(hdev, &params->addr,
763                                          params->addr_type)) {
764                         /* White list can not be used with RPAs */
765                         return 0x00;
766                 }
767
768                 white_list_entries++;
769                 add_to_white_list(req, params);
770         }
771
772         /* Select filter policy to use white list */
773         return 0x01;
774 }
775
776 static bool scan_use_rpa(struct hci_dev *hdev)
777 {
778         return hci_dev_test_flag(hdev, HCI_PRIVACY);
779 }
780
781 void hci_req_add_le_passive_scan(struct hci_request *req)
782 {
783         struct hci_cp_le_set_scan_param param_cp;
784         struct hci_cp_le_set_scan_enable enable_cp;
785         struct hci_dev *hdev = req->hdev;
786         u8 own_addr_type;
787         u8 filter_policy;
788
789         /* Set require_privacy to false since no SCAN_REQ are send
790          * during passive scanning. Not using an non-resolvable address
791          * here is important so that peer devices using direct
792          * advertising with our address will be correctly reported
793          * by the controller.
794          */
795         if (hci_update_random_address(req, false, scan_use_rpa(hdev),
796                                       &own_addr_type))
797                 return;
798
799         /* Adding or removing entries from the white list must
800          * happen before enabling scanning. The controller does
801          * not allow white list modification while scanning.
802          */
803         filter_policy = update_white_list(req);
804
805         /* When the controller is using random resolvable addresses and
806          * with that having LE privacy enabled, then controllers with
807          * Extended Scanner Filter Policies support can now enable support
808          * for handling directed advertising.
809          *
810          * So instead of using filter polices 0x00 (no whitelist)
811          * and 0x01 (whitelist enabled) use the new filter policies
812          * 0x02 (no whitelist) and 0x03 (whitelist enabled).
813          */
814         if (hci_dev_test_flag(hdev, HCI_PRIVACY) &&
815             (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY))
816                 filter_policy |= 0x02;
817
818         memset(&param_cp, 0, sizeof(param_cp));
819         param_cp.type = LE_SCAN_PASSIVE;
820         param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
821         param_cp.window = cpu_to_le16(hdev->le_scan_window);
822         param_cp.own_address_type = own_addr_type;
823         param_cp.filter_policy = filter_policy;
824         hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
825                     &param_cp);
826
827         memset(&enable_cp, 0, sizeof(enable_cp));
828         enable_cp.enable = LE_SCAN_ENABLE;
829         enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
830         hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
831                     &enable_cp);
832 }
833
834 static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev)
835 {
836         u8 instance = hdev->cur_adv_instance;
837         struct adv_info *adv_instance;
838
839         /* Ignore instance 0 */
840         if (instance == 0x00)
841                 return 0;
842
843         adv_instance = hci_find_adv_instance(hdev, instance);
844         if (!adv_instance)
845                 return 0;
846
847         /* TODO: Take into account the "appearance" and "local-name" flags here.
848          * These are currently being ignored as they are not supported.
849          */
850         return adv_instance->scan_rsp_len;
851 }
852
853 void __hci_req_disable_advertising(struct hci_request *req)
854 {
855         u8 enable = 0x00;
856
857         hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
858 }
859
860 static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
861 {
862         u32 flags;
863         struct adv_info *adv_instance;
864
865         if (instance == 0x00) {
866                 /* Instance 0 always manages the "Tx Power" and "Flags"
867                  * fields
868                  */
869                 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
870
871                 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting
872                  * corresponds to the "connectable" instance flag.
873                  */
874                 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
875                         flags |= MGMT_ADV_FLAG_CONNECTABLE;
876
877                 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
878                         flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
879                 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
880                         flags |= MGMT_ADV_FLAG_DISCOV;
881
882                 return flags;
883         }
884
885         adv_instance = hci_find_adv_instance(hdev, instance);
886
887         /* Return 0 when we got an invalid instance identifier. */
888         if (!adv_instance)
889                 return 0;
890
891         return adv_instance->flags;
892 }
893
894 static bool adv_use_rpa(struct hci_dev *hdev, uint32_t flags)
895 {
896         /* If privacy is not enabled don't use RPA */
897         if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
898                 return false;
899
900         /* If basic privacy mode is enabled use RPA */
901         if (!hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
902                 return true;
903
904         /* If limited privacy mode is enabled don't use RPA if we're
905          * both discoverable and bondable.
906          */
907         if ((flags & MGMT_ADV_FLAG_DISCOV) &&
908             hci_dev_test_flag(hdev, HCI_BONDABLE))
909                 return false;
910
911         /* We're neither bondable nor discoverable in the limited
912          * privacy mode, therefore use RPA.
913          */
914         return true;
915 }
916
917 void __hci_req_enable_advertising(struct hci_request *req)
918 {
919         struct hci_dev *hdev = req->hdev;
920         struct hci_cp_le_set_adv_param cp;
921         u8 own_addr_type, enable = 0x01;
922         bool connectable;
923         u32 flags;
924
925         if (hci_conn_num(hdev, LE_LINK) > 0)
926                 return;
927
928         if (hci_dev_test_flag(hdev, HCI_LE_ADV))
929                 __hci_req_disable_advertising(req);
930
931         /* Clear the HCI_LE_ADV bit temporarily so that the
932          * hci_update_random_address knows that it's safe to go ahead
933          * and write a new random address. The flag will be set back on
934          * as soon as the SET_ADV_ENABLE HCI command completes.
935          */
936         hci_dev_clear_flag(hdev, HCI_LE_ADV);
937
938         flags = get_adv_instance_flags(hdev, hdev->cur_adv_instance);
939
940         /* If the "connectable" instance flag was not set, then choose between
941          * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
942          */
943         connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
944                       mgmt_get_connectable(hdev);
945
946         /* Set require_privacy to true only when non-connectable
947          * advertising is used. In that case it is fine to use a
948          * non-resolvable private address.
949          */
950         if (hci_update_random_address(req, !connectable,
951                                       adv_use_rpa(hdev, flags),
952                                       &own_addr_type) < 0)
953                 return;
954
955         memset(&cp, 0, sizeof(cp));
956         cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
957         cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
958
959         if (connectable)
960                 cp.type = LE_ADV_IND;
961         else if (get_cur_adv_instance_scan_rsp_len(hdev))
962                 cp.type = LE_ADV_SCAN_IND;
963         else
964                 cp.type = LE_ADV_NONCONN_IND;
965
966         cp.own_address_type = own_addr_type;
967         cp.channel_map = hdev->le_adv_channel_map;
968
969         hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
970
971         hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
972 }
973
974 static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
975 {
976         u8 ad_len = 0;
977         size_t name_len;
978
979         name_len = strlen(hdev->dev_name);
980         if (name_len > 0) {
981                 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
982
983                 if (name_len > max_len) {
984                         name_len = max_len;
985                         ptr[1] = EIR_NAME_SHORT;
986                 } else
987                         ptr[1] = EIR_NAME_COMPLETE;
988
989                 ptr[0] = name_len + 1;
990
991                 memcpy(ptr + 2, hdev->dev_name, name_len);
992
993                 ad_len += (name_len + 2);
994                 ptr += (name_len + 2);
995         }
996
997         return ad_len;
998 }
999
1000 static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance,
1001                                         u8 *ptr)
1002 {
1003         struct adv_info *adv_instance;
1004
1005         adv_instance = hci_find_adv_instance(hdev, instance);
1006         if (!adv_instance)
1007                 return 0;
1008
1009         /* TODO: Set the appropriate entries based on advertising instance flags
1010          * here once flags other than 0 are supported.
1011          */
1012         memcpy(ptr, adv_instance->scan_rsp_data,
1013                adv_instance->scan_rsp_len);
1014
1015         return adv_instance->scan_rsp_len;
1016 }
1017
1018 void __hci_req_update_scan_rsp_data(struct hci_request *req, u8 instance)
1019 {
1020         struct hci_dev *hdev = req->hdev;
1021         struct hci_cp_le_set_scan_rsp_data cp;
1022         u8 len;
1023
1024         if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1025                 return;
1026
1027         memset(&cp, 0, sizeof(cp));
1028
1029         if (instance)
1030                 len = create_instance_scan_rsp_data(hdev, instance, cp.data);
1031         else
1032                 len = create_default_scan_rsp_data(hdev, cp.data);
1033
1034         if (hdev->scan_rsp_data_len == len &&
1035             !memcmp(cp.data, hdev->scan_rsp_data, len))
1036                 return;
1037
1038         memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
1039         hdev->scan_rsp_data_len = len;
1040
1041         cp.length = len;
1042
1043         hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
1044 }
1045
1046 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
1047 {
1048         struct adv_info *adv_instance = NULL;
1049         u8 ad_len = 0, flags = 0;
1050         u32 instance_flags;
1051
1052         /* Return 0 when the current instance identifier is invalid. */
1053         if (instance) {
1054                 adv_instance = hci_find_adv_instance(hdev, instance);
1055                 if (!adv_instance)
1056                         return 0;
1057         }
1058
1059         instance_flags = get_adv_instance_flags(hdev, instance);
1060
1061         /* The Add Advertising command allows userspace to set both the general
1062          * and limited discoverable flags.
1063          */
1064         if (instance_flags & MGMT_ADV_FLAG_DISCOV)
1065                 flags |= LE_AD_GENERAL;
1066
1067         if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
1068                 flags |= LE_AD_LIMITED;
1069
1070         if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1071                 flags |= LE_AD_NO_BREDR;
1072
1073         if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
1074                 /* If a discovery flag wasn't provided, simply use the global
1075                  * settings.
1076                  */
1077                 if (!flags)
1078                         flags |= mgmt_get_adv_discov_flags(hdev);
1079
1080                 /* If flags would still be empty, then there is no need to
1081                  * include the "Flags" AD field".
1082                  */
1083                 if (flags) {
1084                         ptr[0] = 0x02;
1085                         ptr[1] = EIR_FLAGS;
1086                         ptr[2] = flags;
1087
1088                         ad_len += 3;
1089                         ptr += 3;
1090                 }
1091         }
1092
1093         if (adv_instance) {
1094                 memcpy(ptr, adv_instance->adv_data,
1095                        adv_instance->adv_data_len);
1096                 ad_len += adv_instance->adv_data_len;
1097                 ptr += adv_instance->adv_data_len;
1098         }
1099
1100         /* Provide Tx Power only if we can provide a valid value for it */
1101         if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
1102             (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
1103                 ptr[0] = 0x02;
1104                 ptr[1] = EIR_TX_POWER;
1105                 ptr[2] = (u8)hdev->adv_tx_power;
1106
1107                 ad_len += 3;
1108                 ptr += 3;
1109         }
1110
1111         return ad_len;
1112 }
1113
1114 void __hci_req_update_adv_data(struct hci_request *req, u8 instance)
1115 {
1116         struct hci_dev *hdev = req->hdev;
1117         struct hci_cp_le_set_adv_data cp;
1118         u8 len;
1119
1120         if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1121                 return;
1122
1123         memset(&cp, 0, sizeof(cp));
1124
1125         len = create_instance_adv_data(hdev, instance, cp.data);
1126
1127         /* There's nothing to do if the data hasn't changed */
1128         if (hdev->adv_data_len == len &&
1129             memcmp(cp.data, hdev->adv_data, len) == 0)
1130                 return;
1131
1132         memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1133         hdev->adv_data_len = len;
1134
1135         cp.length = len;
1136
1137         hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1138 }
1139
1140 int hci_req_update_adv_data(struct hci_dev *hdev, u8 instance)
1141 {
1142         struct hci_request req;
1143
1144         hci_req_init(&req, hdev);
1145         __hci_req_update_adv_data(&req, instance);
1146
1147         return hci_req_run(&req, NULL);
1148 }
1149
1150 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1151 {
1152         BT_DBG("%s status %u", hdev->name, status);
1153 }
1154
1155 void hci_req_reenable_advertising(struct hci_dev *hdev)
1156 {
1157         struct hci_request req;
1158
1159         if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1160             list_empty(&hdev->adv_instances))
1161                 return;
1162
1163         hci_req_init(&req, hdev);
1164
1165         if (hdev->cur_adv_instance) {
1166                 __hci_req_schedule_adv_instance(&req, hdev->cur_adv_instance,
1167                                                 true);
1168         } else {
1169                 __hci_req_update_adv_data(&req, 0x00);
1170                 __hci_req_update_scan_rsp_data(&req, 0x00);
1171                 __hci_req_enable_advertising(&req);
1172         }
1173
1174         hci_req_run(&req, adv_enable_complete);
1175 }
1176
1177 static void adv_timeout_expire(struct work_struct *work)
1178 {
1179         struct hci_dev *hdev = container_of(work, struct hci_dev,
1180                                             adv_instance_expire.work);
1181
1182         struct hci_request req;
1183         u8 instance;
1184
1185         BT_DBG("%s", hdev->name);
1186
1187         hci_dev_lock(hdev);
1188
1189         hdev->adv_instance_timeout = 0;
1190
1191         instance = hdev->cur_adv_instance;
1192         if (instance == 0x00)
1193                 goto unlock;
1194
1195         hci_req_init(&req, hdev);
1196
1197         hci_req_clear_adv_instance(hdev, &req, instance, false);
1198
1199         if (list_empty(&hdev->adv_instances))
1200                 __hci_req_disable_advertising(&req);
1201
1202         hci_req_run(&req, NULL);
1203
1204 unlock:
1205         hci_dev_unlock(hdev);
1206 }
1207
1208 int __hci_req_schedule_adv_instance(struct hci_request *req, u8 instance,
1209                                     bool force)
1210 {
1211         struct hci_dev *hdev = req->hdev;
1212         struct adv_info *adv_instance = NULL;
1213         u16 timeout;
1214
1215         if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1216             list_empty(&hdev->adv_instances))
1217                 return -EPERM;
1218
1219         if (hdev->adv_instance_timeout)
1220                 return -EBUSY;
1221
1222         adv_instance = hci_find_adv_instance(hdev, instance);
1223         if (!adv_instance)
1224                 return -ENOENT;
1225
1226         /* A zero timeout means unlimited advertising. As long as there is
1227          * only one instance, duration should be ignored. We still set a timeout
1228          * in case further instances are being added later on.
1229          *
1230          * If the remaining lifetime of the instance is more than the duration
1231          * then the timeout corresponds to the duration, otherwise it will be
1232          * reduced to the remaining instance lifetime.
1233          */
1234         if (adv_instance->timeout == 0 ||
1235             adv_instance->duration <= adv_instance->remaining_time)
1236                 timeout = adv_instance->duration;
1237         else
1238                 timeout = adv_instance->remaining_time;
1239
1240         /* The remaining time is being reduced unless the instance is being
1241          * advertised without time limit.
1242          */
1243         if (adv_instance->timeout)
1244                 adv_instance->remaining_time =
1245                                 adv_instance->remaining_time - timeout;
1246
1247         hdev->adv_instance_timeout = timeout;
1248         queue_delayed_work(hdev->req_workqueue,
1249                            &hdev->adv_instance_expire,
1250                            msecs_to_jiffies(timeout * 1000));
1251
1252         /* If we're just re-scheduling the same instance again then do not
1253          * execute any HCI commands. This happens when a single instance is
1254          * being advertised.
1255          */
1256         if (!force && hdev->cur_adv_instance == instance &&
1257             hci_dev_test_flag(hdev, HCI_LE_ADV))
1258                 return 0;
1259
1260         hdev->cur_adv_instance = instance;
1261         __hci_req_update_adv_data(req, instance);
1262         __hci_req_update_scan_rsp_data(req, instance);
1263         __hci_req_enable_advertising(req);
1264
1265         return 0;
1266 }
1267
1268 static void cancel_adv_timeout(struct hci_dev *hdev)
1269 {
1270         if (hdev->adv_instance_timeout) {
1271                 hdev->adv_instance_timeout = 0;
1272                 cancel_delayed_work(&hdev->adv_instance_expire);
1273         }
1274 }
1275
1276 /* For a single instance:
1277  * - force == true: The instance will be removed even when its remaining
1278  *   lifetime is not zero.
1279  * - force == false: the instance will be deactivated but kept stored unless
1280  *   the remaining lifetime is zero.
1281  *
1282  * For instance == 0x00:
1283  * - force == true: All instances will be removed regardless of their timeout
1284  *   setting.
1285  * - force == false: Only instances that have a timeout will be removed.
1286  */
1287 void hci_req_clear_adv_instance(struct hci_dev *hdev, struct hci_request *req,
1288                                 u8 instance, bool force)
1289 {
1290         struct adv_info *adv_instance, *n, *next_instance = NULL;
1291         int err;
1292         u8 rem_inst;
1293
1294         /* Cancel any timeout concerning the removed instance(s). */
1295         if (!instance || hdev->cur_adv_instance == instance)
1296                 cancel_adv_timeout(hdev);
1297
1298         /* Get the next instance to advertise BEFORE we remove
1299          * the current one. This can be the same instance again
1300          * if there is only one instance.
1301          */
1302         if (instance && hdev->cur_adv_instance == instance)
1303                 next_instance = hci_get_next_instance(hdev, instance);
1304
1305         if (instance == 0x00) {
1306                 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances,
1307                                          list) {
1308                         if (!(force || adv_instance->timeout))
1309                                 continue;
1310
1311                         rem_inst = adv_instance->instance;
1312                         err = hci_remove_adv_instance(hdev, rem_inst);
1313                         if (!err)
1314                                 mgmt_advertising_removed(NULL, hdev, rem_inst);
1315                 }
1316         } else {
1317                 adv_instance = hci_find_adv_instance(hdev, instance);
1318
1319                 if (force || (adv_instance && adv_instance->timeout &&
1320                               !adv_instance->remaining_time)) {
1321                         /* Don't advertise a removed instance. */
1322                         if (next_instance &&
1323                             next_instance->instance == instance)
1324                                 next_instance = NULL;
1325
1326                         err = hci_remove_adv_instance(hdev, instance);
1327                         if (!err)
1328                                 mgmt_advertising_removed(NULL, hdev, instance);
1329                 }
1330         }
1331
1332         if (!req || !hdev_is_powered(hdev) ||
1333             hci_dev_test_flag(hdev, HCI_ADVERTISING))
1334                 return;
1335
1336         if (next_instance)
1337                 __hci_req_schedule_adv_instance(req, next_instance->instance,
1338                                                 false);
1339 }
1340
1341 static void set_random_addr(struct hci_request *req, bdaddr_t *rpa)
1342 {
1343         struct hci_dev *hdev = req->hdev;
1344
1345         /* If we're advertising or initiating an LE connection we can't
1346          * go ahead and change the random address at this time. This is
1347          * because the eventual initiator address used for the
1348          * subsequently created connection will be undefined (some
1349          * controllers use the new address and others the one we had
1350          * when the operation started).
1351          *
1352          * In this kind of scenario skip the update and let the random
1353          * address be updated at the next cycle.
1354          */
1355         if (hci_dev_test_flag(hdev, HCI_LE_ADV) ||
1356             hci_lookup_le_connect(hdev)) {
1357                 BT_DBG("Deferring random address update");
1358                 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1359                 return;
1360         }
1361
1362         hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa);
1363 }
1364
1365 int hci_update_random_address(struct hci_request *req, bool require_privacy,
1366                               bool use_rpa, u8 *own_addr_type)
1367 {
1368         struct hci_dev *hdev = req->hdev;
1369         int err;
1370
1371         /* If privacy is enabled use a resolvable private address. If
1372          * current RPA has expired or there is something else than
1373          * the current RPA in use, then generate a new one.
1374          */
1375         if (use_rpa) {
1376                 int to;
1377
1378                 *own_addr_type = ADDR_LE_DEV_RANDOM;
1379
1380                 if (!hci_dev_test_and_clear_flag(hdev, HCI_RPA_EXPIRED) &&
1381                     !bacmp(&hdev->random_addr, &hdev->rpa))
1382                         return 0;
1383
1384                 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
1385                 if (err < 0) {
1386                         BT_ERR("%s failed to generate new RPA", hdev->name);
1387                         return err;
1388                 }
1389
1390                 set_random_addr(req, &hdev->rpa);
1391
1392                 to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
1393                 queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to);
1394
1395                 return 0;
1396         }
1397
1398         /* In case of required privacy without resolvable private address,
1399          * use an non-resolvable private address. This is useful for active
1400          * scanning and non-connectable advertising.
1401          */
1402         if (require_privacy) {
1403                 bdaddr_t nrpa;
1404
1405                 while (true) {
1406                         /* The non-resolvable private address is generated
1407                          * from random six bytes with the two most significant
1408                          * bits cleared.
1409                          */
1410                         get_random_bytes(&nrpa, 6);
1411                         nrpa.b[5] &= 0x3f;
1412
1413                         /* The non-resolvable private address shall not be
1414                          * equal to the public address.
1415                          */
1416                         if (bacmp(&hdev->bdaddr, &nrpa))
1417                                 break;
1418                 }
1419
1420                 *own_addr_type = ADDR_LE_DEV_RANDOM;
1421                 set_random_addr(req, &nrpa);
1422                 return 0;
1423         }
1424
1425         /* If forcing static address is in use or there is no public
1426          * address use the static address as random address (but skip
1427          * the HCI command if the current random address is already the
1428          * static one.
1429          *
1430          * In case BR/EDR has been disabled on a dual-mode controller
1431          * and a static address has been configured, then use that
1432          * address instead of the public BR/EDR address.
1433          */
1434         if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
1435             !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
1436             (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
1437              bacmp(&hdev->static_addr, BDADDR_ANY))) {
1438                 *own_addr_type = ADDR_LE_DEV_RANDOM;
1439                 if (bacmp(&hdev->static_addr, &hdev->random_addr))
1440                         hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
1441                                     &hdev->static_addr);
1442                 return 0;
1443         }
1444
1445         /* Neither privacy nor static address is being used so use a
1446          * public address.
1447          */
1448         *own_addr_type = ADDR_LE_DEV_PUBLIC;
1449
1450         return 0;
1451 }
1452
1453 static bool disconnected_whitelist_entries(struct hci_dev *hdev)
1454 {
1455         struct bdaddr_list *b;
1456
1457         list_for_each_entry(b, &hdev->whitelist, list) {
1458                 struct hci_conn *conn;
1459
1460                 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr);
1461                 if (!conn)
1462                         return true;
1463
1464                 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
1465                         return true;
1466         }
1467
1468         return false;
1469 }
1470
1471 void __hci_req_update_scan(struct hci_request *req)
1472 {
1473         struct hci_dev *hdev = req->hdev;
1474         u8 scan;
1475
1476         if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1477                 return;
1478
1479         if (!hdev_is_powered(hdev))
1480                 return;
1481
1482         if (mgmt_powering_down(hdev))
1483                 return;
1484
1485         if (hci_dev_test_flag(hdev, HCI_CONNECTABLE) ||
1486             disconnected_whitelist_entries(hdev))
1487                 scan = SCAN_PAGE;
1488         else
1489                 scan = SCAN_DISABLED;
1490
1491         if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
1492                 scan |= SCAN_INQUIRY;
1493
1494         if (test_bit(HCI_PSCAN, &hdev->flags) == !!(scan & SCAN_PAGE) &&
1495             test_bit(HCI_ISCAN, &hdev->flags) == !!(scan & SCAN_INQUIRY))
1496                 return;
1497
1498         hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1499 }
1500
1501 static int update_scan(struct hci_request *req, unsigned long opt)
1502 {
1503         hci_dev_lock(req->hdev);
1504         __hci_req_update_scan(req);
1505         hci_dev_unlock(req->hdev);
1506         return 0;
1507 }
1508
1509 static void scan_update_work(struct work_struct *work)
1510 {
1511         struct hci_dev *hdev = container_of(work, struct hci_dev, scan_update);
1512
1513         hci_req_sync(hdev, update_scan, 0, HCI_CMD_TIMEOUT, NULL);
1514 }
1515
1516 static int connectable_update(struct hci_request *req, unsigned long opt)
1517 {
1518         struct hci_dev *hdev = req->hdev;
1519
1520         hci_dev_lock(hdev);
1521
1522         __hci_req_update_scan(req);
1523
1524         /* If BR/EDR is not enabled and we disable advertising as a
1525          * by-product of disabling connectable, we need to update the
1526          * advertising flags.
1527          */
1528         if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1529                 __hci_req_update_adv_data(req, hdev->cur_adv_instance);
1530
1531         /* Update the advertising parameters if necessary */
1532         if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1533             !list_empty(&hdev->adv_instances))
1534                 __hci_req_enable_advertising(req);
1535
1536         __hci_update_background_scan(req);
1537
1538         hci_dev_unlock(hdev);
1539
1540         return 0;
1541 }
1542
1543 static void connectable_update_work(struct work_struct *work)
1544 {
1545         struct hci_dev *hdev = container_of(work, struct hci_dev,
1546                                             connectable_update);
1547         u8 status;
1548
1549         hci_req_sync(hdev, connectable_update, 0, HCI_CMD_TIMEOUT, &status);
1550         mgmt_set_connectable_complete(hdev, status);
1551 }
1552
1553 static u8 get_service_classes(struct hci_dev *hdev)
1554 {
1555         struct bt_uuid *uuid;
1556         u8 val = 0;
1557
1558         list_for_each_entry(uuid, &hdev->uuids, list)
1559                 val |= uuid->svc_hint;
1560
1561         return val;
1562 }
1563
1564 void __hci_req_update_class(struct hci_request *req)
1565 {
1566         struct hci_dev *hdev = req->hdev;
1567         u8 cod[3];
1568
1569         BT_DBG("%s", hdev->name);
1570
1571         if (!hdev_is_powered(hdev))
1572                 return;
1573
1574         if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1575                 return;
1576
1577         if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1578                 return;
1579
1580         cod[0] = hdev->minor_class;
1581         cod[1] = hdev->major_class;
1582         cod[2] = get_service_classes(hdev);
1583
1584         if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1585                 cod[1] |= 0x20;
1586
1587         if (memcmp(cod, hdev->dev_class, 3) == 0)
1588                 return;
1589
1590         hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1591 }
1592
1593 static void write_iac(struct hci_request *req)
1594 {
1595         struct hci_dev *hdev = req->hdev;
1596         struct hci_cp_write_current_iac_lap cp;
1597
1598         if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
1599                 return;
1600
1601         if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) {
1602                 /* Limited discoverable mode */
1603                 cp.num_iac = min_t(u8, hdev->num_iac, 2);
1604                 cp.iac_lap[0] = 0x00;   /* LIAC */
1605                 cp.iac_lap[1] = 0x8b;
1606                 cp.iac_lap[2] = 0x9e;
1607                 cp.iac_lap[3] = 0x33;   /* GIAC */
1608                 cp.iac_lap[4] = 0x8b;
1609                 cp.iac_lap[5] = 0x9e;
1610         } else {
1611                 /* General discoverable mode */
1612                 cp.num_iac = 1;
1613                 cp.iac_lap[0] = 0x33;   /* GIAC */
1614                 cp.iac_lap[1] = 0x8b;
1615                 cp.iac_lap[2] = 0x9e;
1616         }
1617
1618         hci_req_add(req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1619                     (cp.num_iac * 3) + 1, &cp);
1620 }
1621
1622 static int discoverable_update(struct hci_request *req, unsigned long opt)
1623 {
1624         struct hci_dev *hdev = req->hdev;
1625
1626         hci_dev_lock(hdev);
1627
1628         if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1629                 write_iac(req);
1630                 __hci_req_update_scan(req);
1631                 __hci_req_update_class(req);
1632         }
1633
1634         /* Advertising instances don't use the global discoverable setting, so
1635          * only update AD if advertising was enabled using Set Advertising.
1636          */
1637         if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1638                 __hci_req_update_adv_data(req, 0x00);
1639
1640                 /* Discoverable mode affects the local advertising
1641                  * address in limited privacy mode.
1642                  */
1643                 if (hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1644                         __hci_req_enable_advertising(req);
1645         }
1646
1647         hci_dev_unlock(hdev);
1648
1649         return 0;
1650 }
1651
1652 static void discoverable_update_work(struct work_struct *work)
1653 {
1654         struct hci_dev *hdev = container_of(work, struct hci_dev,
1655                                             discoverable_update);
1656         u8 status;
1657
1658         hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, &status);
1659         mgmt_set_discoverable_complete(hdev, status);
1660 }
1661
1662 void __hci_abort_conn(struct hci_request *req, struct hci_conn *conn,
1663                       u8 reason)
1664 {
1665         switch (conn->state) {
1666         case BT_CONNECTED:
1667         case BT_CONFIG:
1668                 if (conn->type == AMP_LINK) {
1669                         struct hci_cp_disconn_phy_link cp;
1670
1671                         cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
1672                         cp.reason = reason;
1673                         hci_req_add(req, HCI_OP_DISCONN_PHY_LINK, sizeof(cp),
1674                                     &cp);
1675                 } else {
1676                         struct hci_cp_disconnect dc;
1677
1678                         dc.handle = cpu_to_le16(conn->handle);
1679                         dc.reason = reason;
1680                         hci_req_add(req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1681                 }
1682
1683                 conn->state = BT_DISCONN;
1684
1685                 break;
1686         case BT_CONNECT:
1687                 if (conn->type == LE_LINK) {
1688                         if (test_bit(HCI_CONN_SCANNING, &conn->flags))
1689                                 break;
1690                         hci_req_add(req, HCI_OP_LE_CREATE_CONN_CANCEL,
1691                                     0, NULL);
1692                 } else if (conn->type == ACL_LINK) {
1693                         if (req->hdev->hci_ver < BLUETOOTH_VER_1_2)
1694                                 break;
1695                         hci_req_add(req, HCI_OP_CREATE_CONN_CANCEL,
1696                                     6, &conn->dst);
1697                 }
1698                 break;
1699         case BT_CONNECT2:
1700                 if (conn->type == ACL_LINK) {
1701                         struct hci_cp_reject_conn_req rej;
1702
1703                         bacpy(&rej.bdaddr, &conn->dst);
1704                         rej.reason = reason;
1705
1706                         hci_req_add(req, HCI_OP_REJECT_CONN_REQ,
1707                                     sizeof(rej), &rej);
1708                 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
1709                         struct hci_cp_reject_sync_conn_req rej;
1710
1711                         bacpy(&rej.bdaddr, &conn->dst);
1712
1713                         /* SCO rejection has its own limited set of
1714                          * allowed error values (0x0D-0x0F) which isn't
1715                          * compatible with most values passed to this
1716                          * function. To be safe hard-code one of the
1717                          * values that's suitable for SCO.
1718                          */
1719                         rej.reason = HCI_ERROR_REMOTE_LOW_RESOURCES;
1720
1721                         hci_req_add(req, HCI_OP_REJECT_SYNC_CONN_REQ,
1722                                     sizeof(rej), &rej);
1723                 }
1724                 break;
1725         default:
1726                 conn->state = BT_CLOSED;
1727                 break;
1728         }
1729 }
1730
1731 static void abort_conn_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1732 {
1733         if (status)
1734                 BT_DBG("Failed to abort connection: status 0x%2.2x", status);
1735 }
1736
1737 int hci_abort_conn(struct hci_conn *conn, u8 reason)
1738 {
1739         struct hci_request req;
1740         int err;
1741
1742         hci_req_init(&req, conn->hdev);
1743
1744         __hci_abort_conn(&req, conn, reason);
1745
1746         err = hci_req_run(&req, abort_conn_complete);
1747         if (err && err != -ENODATA) {
1748                 BT_ERR("Failed to run HCI request: err %d", err);
1749                 return err;
1750         }
1751
1752         return 0;
1753 }
1754
1755 static int update_bg_scan(struct hci_request *req, unsigned long opt)
1756 {
1757         hci_dev_lock(req->hdev);
1758         __hci_update_background_scan(req);
1759         hci_dev_unlock(req->hdev);
1760         return 0;
1761 }
1762
1763 static void bg_scan_update(struct work_struct *work)
1764 {
1765         struct hci_dev *hdev = container_of(work, struct hci_dev,
1766                                             bg_scan_update);
1767         struct hci_conn *conn;
1768         u8 status;
1769         int err;
1770
1771         err = hci_req_sync(hdev, update_bg_scan, 0, HCI_CMD_TIMEOUT, &status);
1772         if (!err)
1773                 return;
1774
1775         hci_dev_lock(hdev);
1776
1777         conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1778         if (conn)
1779                 hci_le_conn_failed(conn, status);
1780
1781         hci_dev_unlock(hdev);
1782 }
1783
1784 static int le_scan_disable(struct hci_request *req, unsigned long opt)
1785 {
1786         hci_req_add_le_scan_disable(req);
1787         return 0;
1788 }
1789
1790 static int bredr_inquiry(struct hci_request *req, unsigned long opt)
1791 {
1792         u8 length = opt;
1793         const u8 giac[3] = { 0x33, 0x8b, 0x9e };
1794         const u8 liac[3] = { 0x00, 0x8b, 0x9e };
1795         struct hci_cp_inquiry cp;
1796
1797         BT_DBG("%s", req->hdev->name);
1798
1799         hci_dev_lock(req->hdev);
1800         hci_inquiry_cache_flush(req->hdev);
1801         hci_dev_unlock(req->hdev);
1802
1803         memset(&cp, 0, sizeof(cp));
1804
1805         if (req->hdev->discovery.limited)
1806                 memcpy(&cp.lap, liac, sizeof(cp.lap));
1807         else
1808                 memcpy(&cp.lap, giac, sizeof(cp.lap));
1809
1810         cp.length = length;
1811
1812         hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
1813
1814         return 0;
1815 }
1816
1817 static void le_scan_disable_work(struct work_struct *work)
1818 {
1819         struct hci_dev *hdev = container_of(work, struct hci_dev,
1820                                             le_scan_disable.work);
1821         u8 status;
1822
1823         BT_DBG("%s", hdev->name);
1824
1825         if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
1826                 return;
1827
1828         cancel_delayed_work(&hdev->le_scan_restart);
1829
1830         hci_req_sync(hdev, le_scan_disable, 0, HCI_CMD_TIMEOUT, &status);
1831         if (status) {
1832                 BT_ERR("Failed to disable LE scan: status 0x%02x", status);
1833                 return;
1834         }
1835
1836         hdev->discovery.scan_start = 0;
1837
1838         /* If we were running LE only scan, change discovery state. If
1839          * we were running both LE and BR/EDR inquiry simultaneously,
1840          * and BR/EDR inquiry is already finished, stop discovery,
1841          * otherwise BR/EDR inquiry will stop discovery when finished.
1842          * If we will resolve remote device name, do not change
1843          * discovery state.
1844          */
1845
1846         if (hdev->discovery.type == DISCOV_TYPE_LE)
1847                 goto discov_stopped;
1848
1849         if (hdev->discovery.type != DISCOV_TYPE_INTERLEAVED)
1850                 return;
1851
1852         if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks)) {
1853                 if (!test_bit(HCI_INQUIRY, &hdev->flags) &&
1854                     hdev->discovery.state != DISCOVERY_RESOLVING)
1855                         goto discov_stopped;
1856
1857                 return;
1858         }
1859
1860         hci_req_sync(hdev, bredr_inquiry, DISCOV_INTERLEAVED_INQUIRY_LEN,
1861                      HCI_CMD_TIMEOUT, &status);
1862         if (status) {
1863                 BT_ERR("Inquiry failed: status 0x%02x", status);
1864                 goto discov_stopped;
1865         }
1866
1867         return;
1868
1869 discov_stopped:
1870         hci_dev_lock(hdev);
1871         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1872         hci_dev_unlock(hdev);
1873 }
1874
1875 static int le_scan_restart(struct hci_request *req, unsigned long opt)
1876 {
1877         struct hci_dev *hdev = req->hdev;
1878         struct hci_cp_le_set_scan_enable cp;
1879
1880         /* If controller is not scanning we are done. */
1881         if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
1882                 return 0;
1883
1884         hci_req_add_le_scan_disable(req);
1885
1886         memset(&cp, 0, sizeof(cp));
1887         cp.enable = LE_SCAN_ENABLE;
1888         cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
1889         hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1890
1891         return 0;
1892 }
1893
1894 static void le_scan_restart_work(struct work_struct *work)
1895 {
1896         struct hci_dev *hdev = container_of(work, struct hci_dev,
1897                                             le_scan_restart.work);
1898         unsigned long timeout, duration, scan_start, now;
1899         u8 status;
1900
1901         BT_DBG("%s", hdev->name);
1902
1903         hci_req_sync(hdev, le_scan_restart, 0, HCI_CMD_TIMEOUT, &status);
1904         if (status) {
1905                 BT_ERR("Failed to restart LE scan: status %d", status);
1906                 return;
1907         }
1908
1909         hci_dev_lock(hdev);
1910
1911         if (!test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) ||
1912             !hdev->discovery.scan_start)
1913                 goto unlock;
1914
1915         /* When the scan was started, hdev->le_scan_disable has been queued
1916          * after duration from scan_start. During scan restart this job
1917          * has been canceled, and we need to queue it again after proper
1918          * timeout, to make sure that scan does not run indefinitely.
1919          */
1920         duration = hdev->discovery.scan_duration;
1921         scan_start = hdev->discovery.scan_start;
1922         now = jiffies;
1923         if (now - scan_start <= duration) {
1924                 int elapsed;
1925
1926                 if (now >= scan_start)
1927                         elapsed = now - scan_start;
1928                 else
1929                         elapsed = ULONG_MAX - scan_start + now;
1930
1931                 timeout = duration - elapsed;
1932         } else {
1933                 timeout = 0;
1934         }
1935
1936         queue_delayed_work(hdev->req_workqueue,
1937                            &hdev->le_scan_disable, timeout);
1938
1939 unlock:
1940         hci_dev_unlock(hdev);
1941 }
1942
1943 static void disable_advertising(struct hci_request *req)
1944 {
1945         u8 enable = 0x00;
1946
1947         hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1948 }
1949
1950 static int active_scan(struct hci_request *req, unsigned long opt)
1951 {
1952         uint16_t interval = opt;
1953         struct hci_dev *hdev = req->hdev;
1954         struct hci_cp_le_set_scan_param param_cp;
1955         struct hci_cp_le_set_scan_enable enable_cp;
1956         u8 own_addr_type;
1957         int err;
1958
1959         BT_DBG("%s", hdev->name);
1960
1961         if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
1962                 hci_dev_lock(hdev);
1963
1964                 /* Don't let discovery abort an outgoing connection attempt
1965                  * that's using directed advertising.
1966                  */
1967                 if (hci_lookup_le_connect(hdev)) {
1968                         hci_dev_unlock(hdev);
1969                         return -EBUSY;
1970                 }
1971
1972                 cancel_adv_timeout(hdev);
1973                 hci_dev_unlock(hdev);
1974
1975                 disable_advertising(req);
1976         }
1977
1978         /* If controller is scanning, it means the background scanning is
1979          * running. Thus, we should temporarily stop it in order to set the
1980          * discovery scanning parameters.
1981          */
1982         if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
1983                 hci_req_add_le_scan_disable(req);
1984
1985         /* All active scans will be done with either a resolvable private
1986          * address (when privacy feature has been enabled) or non-resolvable
1987          * private address.
1988          */
1989         err = hci_update_random_address(req, true, scan_use_rpa(hdev),
1990                                         &own_addr_type);
1991         if (err < 0)
1992                 own_addr_type = ADDR_LE_DEV_PUBLIC;
1993
1994         memset(&param_cp, 0, sizeof(param_cp));
1995         param_cp.type = LE_SCAN_ACTIVE;
1996         param_cp.interval = cpu_to_le16(interval);
1997         param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
1998         param_cp.own_address_type = own_addr_type;
1999
2000         hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2001                     &param_cp);
2002
2003         memset(&enable_cp, 0, sizeof(enable_cp));
2004         enable_cp.enable = LE_SCAN_ENABLE;
2005         enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2006
2007         hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2008                     &enable_cp);
2009
2010         return 0;
2011 }
2012
2013 static int interleaved_discov(struct hci_request *req, unsigned long opt)
2014 {
2015         int err;
2016
2017         BT_DBG("%s", req->hdev->name);
2018
2019         err = active_scan(req, opt);
2020         if (err)
2021                 return err;
2022
2023         return bredr_inquiry(req, DISCOV_BREDR_INQUIRY_LEN);
2024 }
2025
2026 static void start_discovery(struct hci_dev *hdev, u8 *status)
2027 {
2028         unsigned long timeout;
2029
2030         BT_DBG("%s type %u", hdev->name, hdev->discovery.type);
2031
2032         switch (hdev->discovery.type) {
2033         case DISCOV_TYPE_BREDR:
2034                 if (!hci_dev_test_flag(hdev, HCI_INQUIRY))
2035                         hci_req_sync(hdev, bredr_inquiry,
2036                                      DISCOV_BREDR_INQUIRY_LEN, HCI_CMD_TIMEOUT,
2037                                      status);
2038                 return;
2039         case DISCOV_TYPE_INTERLEAVED:
2040                 /* When running simultaneous discovery, the LE scanning time
2041                  * should occupy the whole discovery time sine BR/EDR inquiry
2042                  * and LE scanning are scheduled by the controller.
2043                  *
2044                  * For interleaving discovery in comparison, BR/EDR inquiry
2045                  * and LE scanning are done sequentially with separate
2046                  * timeouts.
2047                  */
2048                 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
2049                              &hdev->quirks)) {
2050                         timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
2051                         /* During simultaneous discovery, we double LE scan
2052                          * interval. We must leave some time for the controller
2053                          * to do BR/EDR inquiry.
2054                          */
2055                         hci_req_sync(hdev, interleaved_discov,
2056                                      DISCOV_LE_SCAN_INT * 2, HCI_CMD_TIMEOUT,
2057                                      status);
2058                         break;
2059                 }
2060
2061                 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
2062                 hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT,
2063                              HCI_CMD_TIMEOUT, status);
2064                 break;
2065         case DISCOV_TYPE_LE:
2066                 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
2067                 hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT,
2068                              HCI_CMD_TIMEOUT, status);
2069                 break;
2070         default:
2071                 *status = HCI_ERROR_UNSPECIFIED;
2072                 return;
2073         }
2074
2075         if (*status)
2076                 return;
2077
2078         BT_DBG("%s timeout %u ms", hdev->name, jiffies_to_msecs(timeout));
2079
2080         /* When service discovery is used and the controller has a
2081          * strict duplicate filter, it is important to remember the
2082          * start and duration of the scan. This is required for
2083          * restarting scanning during the discovery phase.
2084          */
2085         if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) &&
2086                      hdev->discovery.result_filtering) {
2087                 hdev->discovery.scan_start = jiffies;
2088                 hdev->discovery.scan_duration = timeout;
2089         }
2090
2091         queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_disable,
2092                            timeout);
2093 }
2094
2095 bool hci_req_stop_discovery(struct hci_request *req)
2096 {
2097         struct hci_dev *hdev = req->hdev;
2098         struct discovery_state *d = &hdev->discovery;
2099         struct hci_cp_remote_name_req_cancel cp;
2100         struct inquiry_entry *e;
2101         bool ret = false;
2102
2103         BT_DBG("%s state %u", hdev->name, hdev->discovery.state);
2104
2105         if (d->state == DISCOVERY_FINDING || d->state == DISCOVERY_STOPPING) {
2106                 if (test_bit(HCI_INQUIRY, &hdev->flags))
2107                         hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2108
2109                 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
2110                         cancel_delayed_work(&hdev->le_scan_disable);
2111                         hci_req_add_le_scan_disable(req);
2112                 }
2113
2114                 ret = true;
2115         } else {
2116                 /* Passive scanning */
2117                 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
2118                         hci_req_add_le_scan_disable(req);
2119                         ret = true;
2120                 }
2121         }
2122
2123         /* No further actions needed for LE-only discovery */
2124         if (d->type == DISCOV_TYPE_LE)
2125                 return ret;
2126
2127         if (d->state == DISCOVERY_RESOLVING || d->state == DISCOVERY_STOPPING) {
2128                 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2129                                                      NAME_PENDING);
2130                 if (!e)
2131                         return ret;
2132
2133                 bacpy(&cp.bdaddr, &e->data.bdaddr);
2134                 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2135                             &cp);
2136                 ret = true;
2137         }
2138
2139         return ret;
2140 }
2141
2142 static int stop_discovery(struct hci_request *req, unsigned long opt)
2143 {
2144         hci_dev_lock(req->hdev);
2145         hci_req_stop_discovery(req);
2146         hci_dev_unlock(req->hdev);
2147
2148         return 0;
2149 }
2150
2151 static void discov_update(struct work_struct *work)
2152 {
2153         struct hci_dev *hdev = container_of(work, struct hci_dev,
2154                                             discov_update);
2155         u8 status = 0;
2156
2157         switch (hdev->discovery.state) {
2158         case DISCOVERY_STARTING:
2159                 start_discovery(hdev, &status);
2160                 mgmt_start_discovery_complete(hdev, status);
2161                 if (status)
2162                         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2163                 else
2164                         hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2165                 break;
2166         case DISCOVERY_STOPPING:
2167                 hci_req_sync(hdev, stop_discovery, 0, HCI_CMD_TIMEOUT, &status);
2168                 mgmt_stop_discovery_complete(hdev, status);
2169                 if (!status)
2170                         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2171                 break;
2172         case DISCOVERY_STOPPED:
2173         default:
2174                 return;
2175         }
2176 }
2177
2178 static void discov_off(struct work_struct *work)
2179 {
2180         struct hci_dev *hdev = container_of(work, struct hci_dev,
2181                                             discov_off.work);
2182
2183         BT_DBG("%s", hdev->name);
2184
2185         hci_dev_lock(hdev);
2186
2187         /* When discoverable timeout triggers, then just make sure
2188          * the limited discoverable flag is cleared. Even in the case
2189          * of a timeout triggered from general discoverable, it is
2190          * safe to unconditionally clear the flag.
2191          */
2192         hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2193         hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2194         hdev->discov_timeout = 0;
2195
2196         hci_dev_unlock(hdev);
2197
2198         hci_req_sync(hdev, discoverable_update, 0, HCI_CMD_TIMEOUT, NULL);
2199         mgmt_new_settings(hdev);
2200 }
2201
2202 static int powered_update_hci(struct hci_request *req, unsigned long opt)
2203 {
2204         struct hci_dev *hdev = req->hdev;
2205         u8 link_sec;
2206
2207         hci_dev_lock(hdev);
2208
2209         if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
2210             !lmp_host_ssp_capable(hdev)) {
2211                 u8 mode = 0x01;
2212
2213                 hci_req_add(req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
2214
2215                 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
2216                         u8 support = 0x01;
2217
2218                         hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
2219                                     sizeof(support), &support);
2220                 }
2221         }
2222
2223         if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2224             lmp_bredr_capable(hdev)) {
2225                 struct hci_cp_write_le_host_supported cp;
2226
2227                 cp.le = 0x01;
2228                 cp.simul = 0x00;
2229
2230                 /* Check first if we already have the right
2231                  * host state (host features set)
2232                  */
2233                 if (cp.le != lmp_host_le_capable(hdev) ||
2234                     cp.simul != lmp_host_le_br_capable(hdev))
2235                         hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
2236                                     sizeof(cp), &cp);
2237         }
2238
2239         if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2240                 /* Make sure the controller has a good default for
2241                  * advertising data. This also applies to the case
2242                  * where BR/EDR was toggled during the AUTO_OFF phase.
2243                  */
2244                 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2245                     list_empty(&hdev->adv_instances)) {
2246                         __hci_req_update_adv_data(req, 0x00);
2247                         __hci_req_update_scan_rsp_data(req, 0x00);
2248
2249                         if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
2250                                 __hci_req_enable_advertising(req);
2251                 } else if (!list_empty(&hdev->adv_instances)) {
2252                         struct adv_info *adv_instance;
2253
2254                         adv_instance = list_first_entry(&hdev->adv_instances,
2255                                                         struct adv_info, list);
2256                         __hci_req_schedule_adv_instance(req,
2257                                                         adv_instance->instance,
2258                                                         true);
2259                 }
2260         }
2261
2262         link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
2263         if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
2264                 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE,
2265                             sizeof(link_sec), &link_sec);
2266
2267         if (lmp_bredr_capable(hdev)) {
2268                 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
2269                         __hci_req_write_fast_connectable(req, true);
2270                 else
2271                         __hci_req_write_fast_connectable(req, false);
2272                 __hci_req_update_scan(req);
2273                 __hci_req_update_class(req);
2274                 __hci_req_update_name(req);
2275                 __hci_req_update_eir(req);
2276         }
2277
2278         hci_dev_unlock(hdev);
2279         return 0;
2280 }
2281
2282 int __hci_req_hci_power_on(struct hci_dev *hdev)
2283 {
2284         /* Register the available SMP channels (BR/EDR and LE) only when
2285          * successfully powering on the controller. This late
2286          * registration is required so that LE SMP can clearly decide if
2287          * the public address or static address is used.
2288          */
2289         smp_register(hdev);
2290
2291         return __hci_req_sync(hdev, powered_update_hci, 0, HCI_CMD_TIMEOUT,
2292                               NULL);
2293 }
2294
2295 void hci_request_setup(struct hci_dev *hdev)
2296 {
2297         INIT_WORK(&hdev->discov_update, discov_update);
2298         INIT_WORK(&hdev->bg_scan_update, bg_scan_update);
2299         INIT_WORK(&hdev->scan_update, scan_update_work);
2300         INIT_WORK(&hdev->connectable_update, connectable_update_work);
2301         INIT_WORK(&hdev->discoverable_update, discoverable_update_work);
2302         INIT_DELAYED_WORK(&hdev->discov_off, discov_off);
2303         INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
2304         INIT_DELAYED_WORK(&hdev->le_scan_restart, le_scan_restart_work);
2305         INIT_DELAYED_WORK(&hdev->adv_instance_expire, adv_timeout_expire);
2306 }
2307
2308 void hci_request_cancel_all(struct hci_dev *hdev)
2309 {
2310         hci_req_sync_cancel(hdev, ENODEV);
2311
2312         cancel_work_sync(&hdev->discov_update);
2313         cancel_work_sync(&hdev->bg_scan_update);
2314         cancel_work_sync(&hdev->scan_update);
2315         cancel_work_sync(&hdev->connectable_update);
2316         cancel_work_sync(&hdev->discoverable_update);
2317         cancel_delayed_work_sync(&hdev->discov_off);
2318         cancel_delayed_work_sync(&hdev->le_scan_disable);
2319         cancel_delayed_work_sync(&hdev->le_scan_restart);
2320
2321         if (hdev->adv_instance_timeout) {
2322                 cancel_delayed_work_sync(&hdev->adv_instance_expire);
2323                 hdev->adv_instance_timeout = 0;
2324         }
2325 }