1 // SPDX-License-Identifier: GPL-2.0
3 * BlueZ - Bluetooth protocol stack for Linux
5 * Copyright (C) 2021 Intel Corporation
9 #include <linux/property.h>
11 #include <net/bluetooth/bluetooth.h>
12 #include <net/bluetooth/hci_core.h>
13 #include <net/bluetooth/mgmt.h>
15 #include "hci_codec.h"
16 #include "hci_debugfs.h"
23 static void hci_cmd_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode,
26 bt_dev_dbg(hdev, "result 0x%2.2x", result);
28 if (hdev->req_status != HCI_REQ_PEND)
31 hdev->req_result = result;
32 hdev->req_status = HCI_REQ_DONE;
34 /* Free the request command so it is not used as response */
35 kfree_skb(hdev->req_skb);
39 struct sock *sk = hci_skb_sk(skb);
41 /* Drop sk reference if set */
45 hdev->req_rsp = skb_get(skb);
48 wake_up_interruptible(&hdev->req_wait_q);
51 struct sk_buff *hci_cmd_sync_alloc(struct hci_dev *hdev, u16 opcode, u32 plen,
52 const void *param, struct sock *sk)
54 int len = HCI_COMMAND_HDR_SIZE + plen;
55 struct hci_command_hdr *hdr;
58 skb = bt_skb_alloc(len, GFP_ATOMIC);
62 hdr = skb_put(skb, HCI_COMMAND_HDR_SIZE);
63 hdr->opcode = cpu_to_le16(opcode);
67 skb_put_data(skb, param, plen);
69 bt_dev_dbg(hdev, "skb len %d", skb->len);
71 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
72 hci_skb_opcode(skb) = opcode;
74 /* Grab a reference if command needs to be associated with a sock (e.g.
75 * likely mgmt socket that initiated the command).
85 static void hci_cmd_sync_add(struct hci_request *req, u16 opcode, u32 plen,
86 const void *param, u8 event, struct sock *sk)
88 struct hci_dev *hdev = req->hdev;
91 bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen);
93 /* If an error occurred during request building, there is no point in
94 * queueing the HCI command. We can simply return.
99 skb = hci_cmd_sync_alloc(hdev, opcode, plen, param, sk);
101 bt_dev_err(hdev, "no memory for command (opcode 0x%4.4x)",
107 if (skb_queue_empty(&req->cmd_q))
108 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
110 hci_skb_event(skb) = event;
112 skb_queue_tail(&req->cmd_q, skb);
115 static int hci_req_sync_run(struct hci_request *req)
117 struct hci_dev *hdev = req->hdev;
121 bt_dev_dbg(hdev, "length %u", skb_queue_len(&req->cmd_q));
123 /* If an error occurred during request building, remove all HCI
124 * commands queued on the HCI request queue.
127 skb_queue_purge(&req->cmd_q);
131 /* Do not allow empty requests */
132 if (skb_queue_empty(&req->cmd_q))
135 skb = skb_peek_tail(&req->cmd_q);
136 bt_cb(skb)->hci.req_complete_skb = hci_cmd_sync_complete;
137 bt_cb(skb)->hci.req_flags |= HCI_REQ_SKB;
139 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
140 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
141 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
143 queue_work(hdev->workqueue, &hdev->cmd_work);
148 static void hci_request_init(struct hci_request *req, struct hci_dev *hdev)
150 skb_queue_head_init(&req->cmd_q);
155 /* This function requires the caller holds hdev->req_lock. */
156 struct sk_buff *__hci_cmd_sync_sk(struct hci_dev *hdev, u16 opcode, u32 plen,
157 const void *param, u8 event, u32 timeout,
160 struct hci_request req;
164 bt_dev_dbg(hdev, "Opcode 0x%4.4x", opcode);
166 hci_request_init(&req, hdev);
168 hci_cmd_sync_add(&req, opcode, plen, param, event, sk);
170 hdev->req_status = HCI_REQ_PEND;
172 err = hci_req_sync_run(&req);
176 err = wait_event_interruptible_timeout(hdev->req_wait_q,
177 hdev->req_status != HCI_REQ_PEND,
180 if (err == -ERESTARTSYS)
181 return ERR_PTR(-EINTR);
183 switch (hdev->req_status) {
185 err = -bt_to_errno(hdev->req_result);
188 case HCI_REQ_CANCELED:
189 err = -hdev->req_result;
197 hdev->req_status = 0;
198 hdev->req_result = 0;
200 hdev->req_rsp = NULL;
202 bt_dev_dbg(hdev, "end: err %d", err);
211 EXPORT_SYMBOL(__hci_cmd_sync_sk);
213 /* This function requires the caller holds hdev->req_lock. */
214 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
215 const void *param, u32 timeout)
217 return __hci_cmd_sync_sk(hdev, opcode, plen, param, 0, timeout, NULL);
219 EXPORT_SYMBOL(__hci_cmd_sync);
221 /* Send HCI command and wait for command complete event */
222 struct sk_buff *hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
223 const void *param, u32 timeout)
227 if (!test_bit(HCI_UP, &hdev->flags))
228 return ERR_PTR(-ENETDOWN);
230 bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen);
232 hci_req_sync_lock(hdev);
233 skb = __hci_cmd_sync(hdev, opcode, plen, param, timeout);
234 hci_req_sync_unlock(hdev);
238 EXPORT_SYMBOL(hci_cmd_sync);
240 /* This function requires the caller holds hdev->req_lock. */
241 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
242 const void *param, u8 event, u32 timeout)
244 return __hci_cmd_sync_sk(hdev, opcode, plen, param, event, timeout,
247 EXPORT_SYMBOL(__hci_cmd_sync_ev);
249 /* This function requires the caller holds hdev->req_lock. */
250 int __hci_cmd_sync_status_sk(struct hci_dev *hdev, u16 opcode, u32 plen,
251 const void *param, u8 event, u32 timeout,
257 skb = __hci_cmd_sync_sk(hdev, opcode, plen, param, event, timeout, sk);
260 bt_dev_err(hdev, "Opcode 0x%4.4x failed: %ld", opcode,
265 /* If command return a status event skb will be set to NULL as there are
266 * no parameters, in case of failure IS_ERR(skb) would have be set to
267 * the actual error would be found with PTR_ERR(skb).
272 status = skb->data[0];
278 EXPORT_SYMBOL(__hci_cmd_sync_status_sk);
280 int __hci_cmd_sync_status(struct hci_dev *hdev, u16 opcode, u32 plen,
281 const void *param, u32 timeout)
283 return __hci_cmd_sync_status_sk(hdev, opcode, plen, param, 0, timeout,
286 EXPORT_SYMBOL(__hci_cmd_sync_status);
288 int hci_cmd_sync_status(struct hci_dev *hdev, u16 opcode, u32 plen,
289 const void *param, u32 timeout)
293 hci_req_sync_lock(hdev);
294 err = __hci_cmd_sync_status(hdev, opcode, plen, param, timeout);
295 hci_req_sync_unlock(hdev);
299 EXPORT_SYMBOL(hci_cmd_sync_status);
301 static void hci_cmd_sync_work(struct work_struct *work)
303 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_sync_work);
305 bt_dev_dbg(hdev, "");
307 /* Dequeue all entries and run them */
309 struct hci_cmd_sync_work_entry *entry;
311 mutex_lock(&hdev->cmd_sync_work_lock);
312 entry = list_first_entry_or_null(&hdev->cmd_sync_work_list,
313 struct hci_cmd_sync_work_entry,
316 list_del(&entry->list);
317 mutex_unlock(&hdev->cmd_sync_work_lock);
322 bt_dev_dbg(hdev, "entry %p", entry);
327 hci_req_sync_lock(hdev);
328 err = entry->func(hdev, entry->data);
330 entry->destroy(hdev, entry->data, err);
331 hci_req_sync_unlock(hdev);
338 static void hci_cmd_sync_cancel_work(struct work_struct *work)
340 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_sync_cancel_work);
342 cancel_delayed_work_sync(&hdev->cmd_timer);
343 cancel_delayed_work_sync(&hdev->ncmd_timer);
344 atomic_set(&hdev->cmd_cnt, 1);
346 wake_up_interruptible(&hdev->req_wait_q);
349 static int hci_scan_disable_sync(struct hci_dev *hdev);
350 static int scan_disable_sync(struct hci_dev *hdev, void *data)
352 return hci_scan_disable_sync(hdev);
355 static int interleaved_inquiry_sync(struct hci_dev *hdev, void *data)
357 return hci_inquiry_sync(hdev, DISCOV_INTERLEAVED_INQUIRY_LEN, 0);
360 static void le_scan_disable(struct work_struct *work)
362 struct hci_dev *hdev = container_of(work, struct hci_dev,
363 le_scan_disable.work);
366 bt_dev_dbg(hdev, "");
369 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
372 status = hci_cmd_sync_queue(hdev, scan_disable_sync, NULL, NULL);
374 bt_dev_err(hdev, "failed to disable LE scan: %d", status);
378 /* If we were running LE only scan, change discovery state. If
379 * we were running both LE and BR/EDR inquiry simultaneously,
380 * and BR/EDR inquiry is already finished, stop discovery,
381 * otherwise BR/EDR inquiry will stop discovery when finished.
382 * If we will resolve remote device name, do not change
386 if (hdev->discovery.type == DISCOV_TYPE_LE)
389 if (hdev->discovery.type != DISCOV_TYPE_INTERLEAVED)
392 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks)) {
393 if (!test_bit(HCI_INQUIRY, &hdev->flags) &&
394 hdev->discovery.state != DISCOVERY_RESOLVING)
400 status = hci_cmd_sync_queue(hdev, interleaved_inquiry_sync, NULL, NULL);
402 bt_dev_err(hdev, "inquiry failed: status %d", status);
409 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
412 hci_dev_unlock(hdev);
415 static int hci_le_set_scan_enable_sync(struct hci_dev *hdev, u8 val,
418 static int reenable_adv_sync(struct hci_dev *hdev, void *data)
420 bt_dev_dbg(hdev, "");
422 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
423 list_empty(&hdev->adv_instances))
426 if (hdev->cur_adv_instance) {
427 return hci_schedule_adv_instance_sync(hdev,
428 hdev->cur_adv_instance,
431 if (ext_adv_capable(hdev)) {
432 hci_start_ext_adv_sync(hdev, 0x00);
434 hci_update_adv_data_sync(hdev, 0x00);
435 hci_update_scan_rsp_data_sync(hdev, 0x00);
436 hci_enable_advertising_sync(hdev);
443 static void reenable_adv(struct work_struct *work)
445 struct hci_dev *hdev = container_of(work, struct hci_dev,
449 bt_dev_dbg(hdev, "");
453 status = hci_cmd_sync_queue(hdev, reenable_adv_sync, NULL, NULL);
455 bt_dev_err(hdev, "failed to reenable ADV: %d", status);
457 hci_dev_unlock(hdev);
460 static void cancel_adv_timeout(struct hci_dev *hdev)
462 if (hdev->adv_instance_timeout) {
463 hdev->adv_instance_timeout = 0;
464 cancel_delayed_work(&hdev->adv_instance_expire);
468 /* For a single instance:
469 * - force == true: The instance will be removed even when its remaining
470 * lifetime is not zero.
471 * - force == false: the instance will be deactivated but kept stored unless
472 * the remaining lifetime is zero.
474 * For instance == 0x00:
475 * - force == true: All instances will be removed regardless of their timeout
477 * - force == false: Only instances that have a timeout will be removed.
479 int hci_clear_adv_instance_sync(struct hci_dev *hdev, struct sock *sk,
480 u8 instance, bool force)
482 struct adv_info *adv_instance, *n, *next_instance = NULL;
486 /* Cancel any timeout concerning the removed instance(s). */
487 if (!instance || hdev->cur_adv_instance == instance)
488 cancel_adv_timeout(hdev);
490 /* Get the next instance to advertise BEFORE we remove
491 * the current one. This can be the same instance again
492 * if there is only one instance.
494 if (instance && hdev->cur_adv_instance == instance)
495 next_instance = hci_get_next_instance(hdev, instance);
497 if (instance == 0x00) {
498 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances,
500 if (!(force || adv_instance->timeout))
503 rem_inst = adv_instance->instance;
504 err = hci_remove_adv_instance(hdev, rem_inst);
506 mgmt_advertising_removed(sk, hdev, rem_inst);
509 adv_instance = hci_find_adv_instance(hdev, instance);
511 if (force || (adv_instance && adv_instance->timeout &&
512 !adv_instance->remaining_time)) {
513 /* Don't advertise a removed instance. */
515 next_instance->instance == instance)
516 next_instance = NULL;
518 err = hci_remove_adv_instance(hdev, instance);
520 mgmt_advertising_removed(sk, hdev, instance);
524 if (!hdev_is_powered(hdev) || hci_dev_test_flag(hdev, HCI_ADVERTISING))
527 if (next_instance && !ext_adv_capable(hdev))
528 return hci_schedule_adv_instance_sync(hdev,
529 next_instance->instance,
535 static int adv_timeout_expire_sync(struct hci_dev *hdev, void *data)
537 u8 instance = *(u8 *)data;
541 hci_clear_adv_instance_sync(hdev, NULL, instance, false);
543 if (list_empty(&hdev->adv_instances))
544 return hci_disable_advertising_sync(hdev);
549 static void adv_timeout_expire(struct work_struct *work)
552 struct hci_dev *hdev = container_of(work, struct hci_dev,
553 adv_instance_expire.work);
555 bt_dev_dbg(hdev, "");
559 hdev->adv_instance_timeout = 0;
561 if (hdev->cur_adv_instance == 0x00)
564 inst_ptr = kmalloc(1, GFP_KERNEL);
568 *inst_ptr = hdev->cur_adv_instance;
569 hci_cmd_sync_queue(hdev, adv_timeout_expire_sync, inst_ptr, NULL);
572 hci_dev_unlock(hdev);
575 static bool is_interleave_scanning(struct hci_dev *hdev)
577 return hdev->interleave_scan_state != INTERLEAVE_SCAN_NONE;
580 static int hci_passive_scan_sync(struct hci_dev *hdev);
582 static void interleave_scan_work(struct work_struct *work)
584 struct hci_dev *hdev = container_of(work, struct hci_dev,
585 interleave_scan.work);
586 unsigned long timeout;
588 if (hdev->interleave_scan_state == INTERLEAVE_SCAN_ALLOWLIST) {
589 timeout = msecs_to_jiffies(hdev->advmon_allowlist_duration);
590 } else if (hdev->interleave_scan_state == INTERLEAVE_SCAN_NO_FILTER) {
591 timeout = msecs_to_jiffies(hdev->advmon_no_filter_duration);
593 bt_dev_err(hdev, "unexpected error");
597 hci_passive_scan_sync(hdev);
601 switch (hdev->interleave_scan_state) {
602 case INTERLEAVE_SCAN_ALLOWLIST:
603 bt_dev_dbg(hdev, "next state: allowlist");
604 hdev->interleave_scan_state = INTERLEAVE_SCAN_NO_FILTER;
606 case INTERLEAVE_SCAN_NO_FILTER:
607 bt_dev_dbg(hdev, "next state: no filter");
608 hdev->interleave_scan_state = INTERLEAVE_SCAN_ALLOWLIST;
610 case INTERLEAVE_SCAN_NONE:
611 bt_dev_err(hdev, "unexpected error");
614 hci_dev_unlock(hdev);
616 /* Don't continue interleaving if it was canceled */
617 if (is_interleave_scanning(hdev))
618 queue_delayed_work(hdev->req_workqueue,
619 &hdev->interleave_scan, timeout);
622 void hci_cmd_sync_init(struct hci_dev *hdev)
624 INIT_WORK(&hdev->cmd_sync_work, hci_cmd_sync_work);
625 INIT_LIST_HEAD(&hdev->cmd_sync_work_list);
626 mutex_init(&hdev->cmd_sync_work_lock);
627 mutex_init(&hdev->unregister_lock);
629 INIT_WORK(&hdev->cmd_sync_cancel_work, hci_cmd_sync_cancel_work);
630 INIT_WORK(&hdev->reenable_adv_work, reenable_adv);
631 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable);
632 INIT_DELAYED_WORK(&hdev->adv_instance_expire, adv_timeout_expire);
633 INIT_DELAYED_WORK(&hdev->interleave_scan, interleave_scan_work);
636 static void _hci_cmd_sync_cancel_entry(struct hci_dev *hdev,
637 struct hci_cmd_sync_work_entry *entry,
641 entry->destroy(hdev, entry->data, err);
643 list_del(&entry->list);
647 void hci_cmd_sync_clear(struct hci_dev *hdev)
649 struct hci_cmd_sync_work_entry *entry, *tmp;
651 cancel_work_sync(&hdev->cmd_sync_work);
652 cancel_work_sync(&hdev->reenable_adv_work);
654 mutex_lock(&hdev->cmd_sync_work_lock);
655 list_for_each_entry_safe(entry, tmp, &hdev->cmd_sync_work_list, list)
656 _hci_cmd_sync_cancel_entry(hdev, entry, -ECANCELED);
657 mutex_unlock(&hdev->cmd_sync_work_lock);
660 void hci_cmd_sync_cancel(struct hci_dev *hdev, int err)
662 bt_dev_dbg(hdev, "err 0x%2.2x", err);
664 if (hdev->req_status == HCI_REQ_PEND) {
665 hdev->req_result = err;
666 hdev->req_status = HCI_REQ_CANCELED;
668 queue_work(hdev->workqueue, &hdev->cmd_sync_cancel_work);
671 EXPORT_SYMBOL(hci_cmd_sync_cancel);
673 /* Cancel ongoing command request synchronously:
675 * - Set result and mark status to HCI_REQ_CANCELED
676 * - Wakeup command sync thread
678 void hci_cmd_sync_cancel_sync(struct hci_dev *hdev, int err)
680 bt_dev_dbg(hdev, "err 0x%2.2x", err);
682 if (hdev->req_status == HCI_REQ_PEND) {
683 /* req_result is __u32 so error must be positive to be properly
686 hdev->req_result = err < 0 ? -err : err;
687 hdev->req_status = HCI_REQ_CANCELED;
689 wake_up_interruptible(&hdev->req_wait_q);
692 EXPORT_SYMBOL(hci_cmd_sync_cancel_sync);
694 /* Submit HCI command to be run in as cmd_sync_work:
696 * - hdev must _not_ be unregistered
698 int hci_cmd_sync_submit(struct hci_dev *hdev, hci_cmd_sync_work_func_t func,
699 void *data, hci_cmd_sync_work_destroy_t destroy)
701 struct hci_cmd_sync_work_entry *entry;
704 mutex_lock(&hdev->unregister_lock);
705 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) {
710 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
717 entry->destroy = destroy;
719 mutex_lock(&hdev->cmd_sync_work_lock);
720 list_add_tail(&entry->list, &hdev->cmd_sync_work_list);
721 mutex_unlock(&hdev->cmd_sync_work_lock);
723 queue_work(hdev->req_workqueue, &hdev->cmd_sync_work);
726 mutex_unlock(&hdev->unregister_lock);
729 EXPORT_SYMBOL(hci_cmd_sync_submit);
731 /* Queue HCI command:
733 * - hdev must be running
735 int hci_cmd_sync_queue(struct hci_dev *hdev, hci_cmd_sync_work_func_t func,
736 void *data, hci_cmd_sync_work_destroy_t destroy)
738 /* Only queue command if hdev is running which means it had been opened
739 * and is either on init phase or is already up.
741 if (!test_bit(HCI_RUNNING, &hdev->flags))
744 return hci_cmd_sync_submit(hdev, func, data, destroy);
746 EXPORT_SYMBOL(hci_cmd_sync_queue);
748 static struct hci_cmd_sync_work_entry *
749 _hci_cmd_sync_lookup_entry(struct hci_dev *hdev, hci_cmd_sync_work_func_t func,
750 void *data, hci_cmd_sync_work_destroy_t destroy)
752 struct hci_cmd_sync_work_entry *entry, *tmp;
754 list_for_each_entry_safe(entry, tmp, &hdev->cmd_sync_work_list, list) {
755 if (func && entry->func != func)
758 if (data && entry->data != data)
761 if (destroy && entry->destroy != destroy)
770 /* Queue HCI command entry once:
772 * - Lookup if an entry already exist and only if it doesn't creates a new entry
775 int hci_cmd_sync_queue_once(struct hci_dev *hdev, hci_cmd_sync_work_func_t func,
776 void *data, hci_cmd_sync_work_destroy_t destroy)
778 if (hci_cmd_sync_lookup_entry(hdev, func, data, destroy))
781 return hci_cmd_sync_queue(hdev, func, data, destroy);
783 EXPORT_SYMBOL(hci_cmd_sync_queue_once);
787 * - hdev must be running
788 * - if on cmd_sync_work then run immediately otherwise queue
790 int hci_cmd_sync_run(struct hci_dev *hdev, hci_cmd_sync_work_func_t func,
791 void *data, hci_cmd_sync_work_destroy_t destroy)
793 /* Only queue command if hdev is running which means it had been opened
794 * and is either on init phase or is already up.
796 if (!test_bit(HCI_RUNNING, &hdev->flags))
799 /* If on cmd_sync_work then run immediately otherwise queue */
800 if (current_work() == &hdev->cmd_sync_work)
801 return func(hdev, data);
803 return hci_cmd_sync_submit(hdev, func, data, destroy);
805 EXPORT_SYMBOL(hci_cmd_sync_run);
807 /* Run HCI command entry once:
809 * - Lookup if an entry already exist and only if it doesn't creates a new entry
811 * - if on cmd_sync_work then run immediately otherwise queue
813 int hci_cmd_sync_run_once(struct hci_dev *hdev, hci_cmd_sync_work_func_t func,
814 void *data, hci_cmd_sync_work_destroy_t destroy)
816 if (hci_cmd_sync_lookup_entry(hdev, func, data, destroy))
819 return hci_cmd_sync_run(hdev, func, data, destroy);
821 EXPORT_SYMBOL(hci_cmd_sync_run_once);
823 /* Lookup HCI command entry:
825 * - Return first entry that matches by function callback or data or
828 struct hci_cmd_sync_work_entry *
829 hci_cmd_sync_lookup_entry(struct hci_dev *hdev, hci_cmd_sync_work_func_t func,
830 void *data, hci_cmd_sync_work_destroy_t destroy)
832 struct hci_cmd_sync_work_entry *entry;
834 mutex_lock(&hdev->cmd_sync_work_lock);
835 entry = _hci_cmd_sync_lookup_entry(hdev, func, data, destroy);
836 mutex_unlock(&hdev->cmd_sync_work_lock);
840 EXPORT_SYMBOL(hci_cmd_sync_lookup_entry);
842 /* Cancel HCI command entry */
843 void hci_cmd_sync_cancel_entry(struct hci_dev *hdev,
844 struct hci_cmd_sync_work_entry *entry)
846 mutex_lock(&hdev->cmd_sync_work_lock);
847 _hci_cmd_sync_cancel_entry(hdev, entry, -ECANCELED);
848 mutex_unlock(&hdev->cmd_sync_work_lock);
850 EXPORT_SYMBOL(hci_cmd_sync_cancel_entry);
852 /* Dequeue one HCI command entry:
854 * - Lookup and cancel first entry that matches.
856 bool hci_cmd_sync_dequeue_once(struct hci_dev *hdev,
857 hci_cmd_sync_work_func_t func,
858 void *data, hci_cmd_sync_work_destroy_t destroy)
860 struct hci_cmd_sync_work_entry *entry;
862 entry = hci_cmd_sync_lookup_entry(hdev, func, data, destroy);
866 hci_cmd_sync_cancel_entry(hdev, entry);
870 EXPORT_SYMBOL(hci_cmd_sync_dequeue_once);
872 /* Dequeue HCI command entry:
874 * - Lookup and cancel any entry that matches by function callback or data or
877 bool hci_cmd_sync_dequeue(struct hci_dev *hdev, hci_cmd_sync_work_func_t func,
878 void *data, hci_cmd_sync_work_destroy_t destroy)
880 struct hci_cmd_sync_work_entry *entry;
883 mutex_lock(&hdev->cmd_sync_work_lock);
884 while ((entry = _hci_cmd_sync_lookup_entry(hdev, func, data,
886 _hci_cmd_sync_cancel_entry(hdev, entry, -ECANCELED);
889 mutex_unlock(&hdev->cmd_sync_work_lock);
893 EXPORT_SYMBOL(hci_cmd_sync_dequeue);
895 int hci_update_eir_sync(struct hci_dev *hdev)
897 struct hci_cp_write_eir cp;
899 bt_dev_dbg(hdev, "");
901 if (!hdev_is_powered(hdev))
904 if (!lmp_ext_inq_capable(hdev))
907 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
910 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
913 memset(&cp, 0, sizeof(cp));
915 eir_create(hdev, cp.data);
917 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
920 memcpy(hdev->eir, cp.data, sizeof(cp.data));
922 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp,
926 static u8 get_service_classes(struct hci_dev *hdev)
928 struct bt_uuid *uuid;
931 list_for_each_entry(uuid, &hdev->uuids, list)
932 val |= uuid->svc_hint;
937 int hci_update_class_sync(struct hci_dev *hdev)
941 bt_dev_dbg(hdev, "");
943 if (!hdev_is_powered(hdev))
946 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
949 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
952 cod[0] = hdev->minor_class;
953 cod[1] = hdev->major_class;
954 cod[2] = get_service_classes(hdev);
956 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
959 if (memcmp(cod, hdev->dev_class, 3) == 0)
962 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_CLASS_OF_DEV,
963 sizeof(cod), cod, HCI_CMD_TIMEOUT);
966 static bool is_advertising_allowed(struct hci_dev *hdev, bool connectable)
968 /* If there is no connection we are OK to advertise. */
969 if (hci_conn_num(hdev, LE_LINK) == 0)
972 /* Check le_states if there is any connection in peripheral role. */
973 if (hdev->conn_hash.le_num_peripheral > 0) {
974 /* Peripheral connection state and non connectable mode
977 if (!connectable && !(hdev->le_states[2] & 0x10))
980 /* Peripheral connection state and connectable mode bit 38
981 * and scannable bit 21.
983 if (connectable && (!(hdev->le_states[4] & 0x40) ||
984 !(hdev->le_states[2] & 0x20)))
988 /* Check le_states if there is any connection in central role. */
989 if (hci_conn_num(hdev, LE_LINK) != hdev->conn_hash.le_num_peripheral) {
990 /* Central connection state and non connectable mode bit 18. */
991 if (!connectable && !(hdev->le_states[2] & 0x02))
994 /* Central connection state and connectable mode bit 35 and
997 if (connectable && (!(hdev->le_states[4] & 0x08) ||
998 !(hdev->le_states[2] & 0x08)))
1005 static bool adv_use_rpa(struct hci_dev *hdev, uint32_t flags)
1007 /* If privacy is not enabled don't use RPA */
1008 if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
1011 /* If basic privacy mode is enabled use RPA */
1012 if (!hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1015 /* If limited privacy mode is enabled don't use RPA if we're
1016 * both discoverable and bondable.
1018 if ((flags & MGMT_ADV_FLAG_DISCOV) &&
1019 hci_dev_test_flag(hdev, HCI_BONDABLE))
1022 /* We're neither bondable nor discoverable in the limited
1023 * privacy mode, therefore use RPA.
1028 static int hci_set_random_addr_sync(struct hci_dev *hdev, bdaddr_t *rpa)
1030 /* If we're advertising or initiating an LE connection we can't
1031 * go ahead and change the random address at this time. This is
1032 * because the eventual initiator address used for the
1033 * subsequently created connection will be undefined (some
1034 * controllers use the new address and others the one we had
1035 * when the operation started).
1037 * In this kind of scenario skip the update and let the random
1038 * address be updated at the next cycle.
1040 if (hci_dev_test_flag(hdev, HCI_LE_ADV) ||
1041 hci_lookup_le_connect(hdev)) {
1042 bt_dev_dbg(hdev, "Deferring random address update");
1043 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1047 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_RANDOM_ADDR,
1048 6, rpa, HCI_CMD_TIMEOUT);
1051 int hci_update_random_address_sync(struct hci_dev *hdev, bool require_privacy,
1052 bool rpa, u8 *own_addr_type)
1056 /* If privacy is enabled use a resolvable private address. If
1057 * current RPA has expired or there is something else than
1058 * the current RPA in use, then generate a new one.
1061 /* If Controller supports LL Privacy use own address type is
1064 if (use_ll_privacy(hdev))
1065 *own_addr_type = ADDR_LE_DEV_RANDOM_RESOLVED;
1067 *own_addr_type = ADDR_LE_DEV_RANDOM;
1069 /* Check if RPA is valid */
1070 if (rpa_valid(hdev))
1073 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
1075 bt_dev_err(hdev, "failed to generate new RPA");
1079 err = hci_set_random_addr_sync(hdev, &hdev->rpa);
1086 /* In case of required privacy without resolvable private address,
1087 * use an non-resolvable private address. This is useful for active
1088 * scanning and non-connectable advertising.
1090 if (require_privacy) {
1094 /* The non-resolvable private address is generated
1095 * from random six bytes with the two most significant
1098 get_random_bytes(&nrpa, 6);
1101 /* The non-resolvable private address shall not be
1102 * equal to the public address.
1104 if (bacmp(&hdev->bdaddr, &nrpa))
1108 *own_addr_type = ADDR_LE_DEV_RANDOM;
1110 return hci_set_random_addr_sync(hdev, &nrpa);
1113 /* If forcing static address is in use or there is no public
1114 * address use the static address as random address (but skip
1115 * the HCI command if the current random address is already the
1118 * In case BR/EDR has been disabled on a dual-mode controller
1119 * and a static address has been configured, then use that
1120 * address instead of the public BR/EDR address.
1122 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
1123 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
1124 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
1125 bacmp(&hdev->static_addr, BDADDR_ANY))) {
1126 *own_addr_type = ADDR_LE_DEV_RANDOM;
1127 if (bacmp(&hdev->static_addr, &hdev->random_addr))
1128 return hci_set_random_addr_sync(hdev,
1129 &hdev->static_addr);
1133 /* Neither privacy nor static address is being used so use a
1136 *own_addr_type = ADDR_LE_DEV_PUBLIC;
1141 static int hci_disable_ext_adv_instance_sync(struct hci_dev *hdev, u8 instance)
1143 struct hci_cp_le_set_ext_adv_enable *cp;
1144 struct hci_cp_ext_adv_set *set;
1145 u8 data[sizeof(*cp) + sizeof(*set) * 1];
1147 struct adv_info *adv = NULL;
1149 /* If request specifies an instance that doesn't exist, fail */
1151 adv = hci_find_adv_instance(hdev, instance);
1155 /* If not enabled there is nothing to do */
1160 memset(data, 0, sizeof(data));
1163 set = (void *)cp->data;
1165 /* Instance 0x00 indicates all advertising instances will be disabled */
1166 cp->num_of_sets = !!instance;
1169 set->handle = adv ? adv->handle : instance;
1171 size = sizeof(*cp) + sizeof(*set) * cp->num_of_sets;
1173 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE,
1174 size, data, HCI_CMD_TIMEOUT);
1177 static int hci_set_adv_set_random_addr_sync(struct hci_dev *hdev, u8 instance,
1178 bdaddr_t *random_addr)
1180 struct hci_cp_le_set_adv_set_rand_addr cp;
1184 /* Instance 0x00 doesn't have an adv_info, instead it uses
1185 * hdev->random_addr to track its address so whenever it needs
1186 * to be updated this also set the random address since
1187 * hdev->random_addr is shared with scan state machine.
1189 err = hci_set_random_addr_sync(hdev, random_addr);
1194 memset(&cp, 0, sizeof(cp));
1196 cp.handle = instance;
1197 bacpy(&cp.bdaddr, random_addr);
1199 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_SET_RAND_ADDR,
1200 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
1203 int hci_setup_ext_adv_instance_sync(struct hci_dev *hdev, u8 instance)
1205 struct hci_cp_le_set_ext_adv_params cp;
1208 bdaddr_t random_addr;
1211 struct adv_info *adv;
1215 adv = hci_find_adv_instance(hdev, instance);
1222 /* Updating parameters of an active instance will return a
1223 * Command Disallowed error, so we must first disable the
1224 * instance if it is active.
1226 if (adv && !adv->pending) {
1227 err = hci_disable_ext_adv_instance_sync(hdev, instance);
1232 flags = hci_adv_instance_flags(hdev, instance);
1234 /* If the "connectable" instance flag was not set, then choose between
1235 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1237 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1238 mgmt_get_connectable(hdev);
1240 if (!is_advertising_allowed(hdev, connectable))
1243 /* Set require_privacy to true only when non-connectable
1244 * advertising is used. In that case it is fine to use a
1245 * non-resolvable private address.
1247 err = hci_get_random_address(hdev, !connectable,
1248 adv_use_rpa(hdev, flags), adv,
1249 &own_addr_type, &random_addr);
1253 memset(&cp, 0, sizeof(cp));
1256 hci_cpu_to_le24(adv->min_interval, cp.min_interval);
1257 hci_cpu_to_le24(adv->max_interval, cp.max_interval);
1258 cp.tx_power = adv->tx_power;
1260 hci_cpu_to_le24(hdev->le_adv_min_interval, cp.min_interval);
1261 hci_cpu_to_le24(hdev->le_adv_max_interval, cp.max_interval);
1262 cp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE;
1265 secondary_adv = (flags & MGMT_ADV_FLAG_SEC_MASK);
1269 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_CONN_IND);
1271 cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_IND);
1272 } else if (hci_adv_instance_is_scannable(hdev, instance) ||
1273 (flags & MGMT_ADV_PARAM_SCAN_RSP)) {
1275 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_SCAN_IND);
1277 cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_SCAN_IND);
1280 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_NON_CONN_IND);
1282 cp.evt_properties = cpu_to_le16(LE_LEGACY_NONCONN_IND);
1285 /* If Own_Address_Type equals 0x02 or 0x03, the Peer_Address parameter
1286 * contains the peer’s Identity Address and the Peer_Address_Type
1287 * parameter contains the peer’s Identity Type (i.e., 0x00 or 0x01).
1288 * These parameters are used to locate the corresponding local IRK in
1289 * the resolving list; this IRK is used to generate their own address
1290 * used in the advertisement.
1292 if (own_addr_type == ADDR_LE_DEV_RANDOM_RESOLVED)
1293 hci_copy_identity_address(hdev, &cp.peer_addr,
1294 &cp.peer_addr_type);
1296 cp.own_addr_type = own_addr_type;
1297 cp.channel_map = hdev->le_adv_channel_map;
1298 cp.handle = adv ? adv->handle : instance;
1300 if (flags & MGMT_ADV_FLAG_SEC_2M) {
1301 cp.primary_phy = HCI_ADV_PHY_1M;
1302 cp.secondary_phy = HCI_ADV_PHY_2M;
1303 } else if (flags & MGMT_ADV_FLAG_SEC_CODED) {
1304 cp.primary_phy = HCI_ADV_PHY_CODED;
1305 cp.secondary_phy = HCI_ADV_PHY_CODED;
1307 /* In all other cases use 1M */
1308 cp.primary_phy = HCI_ADV_PHY_1M;
1309 cp.secondary_phy = HCI_ADV_PHY_1M;
1312 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS,
1313 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
1317 if ((own_addr_type == ADDR_LE_DEV_RANDOM ||
1318 own_addr_type == ADDR_LE_DEV_RANDOM_RESOLVED) &&
1319 bacmp(&random_addr, BDADDR_ANY)) {
1320 /* Check if random address need to be updated */
1322 if (!bacmp(&random_addr, &adv->random_addr))
1325 if (!bacmp(&random_addr, &hdev->random_addr))
1329 return hci_set_adv_set_random_addr_sync(hdev, instance,
1336 static int hci_set_ext_scan_rsp_data_sync(struct hci_dev *hdev, u8 instance)
1338 DEFINE_FLEX(struct hci_cp_le_set_ext_scan_rsp_data, pdu, data, length,
1339 HCI_MAX_EXT_AD_LENGTH);
1341 struct adv_info *adv = NULL;
1345 adv = hci_find_adv_instance(hdev, instance);
1346 if (!adv || !adv->scan_rsp_changed)
1350 len = eir_create_scan_rsp(hdev, instance, pdu->data);
1352 pdu->handle = adv ? adv->handle : instance;
1354 pdu->operation = LE_SET_ADV_DATA_OP_COMPLETE;
1355 pdu->frag_pref = LE_SET_ADV_DATA_NO_FRAG;
1357 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_SCAN_RSP_DATA,
1358 struct_size(pdu, data, len), pdu,
1364 adv->scan_rsp_changed = false;
1366 memcpy(hdev->scan_rsp_data, pdu->data, len);
1367 hdev->scan_rsp_data_len = len;
1373 static int __hci_set_scan_rsp_data_sync(struct hci_dev *hdev, u8 instance)
1375 struct hci_cp_le_set_scan_rsp_data cp;
1378 memset(&cp, 0, sizeof(cp));
1380 len = eir_create_scan_rsp(hdev, instance, cp.data);
1382 if (hdev->scan_rsp_data_len == len &&
1383 !memcmp(cp.data, hdev->scan_rsp_data, len))
1386 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
1387 hdev->scan_rsp_data_len = len;
1391 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_SCAN_RSP_DATA,
1392 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
1395 int hci_update_scan_rsp_data_sync(struct hci_dev *hdev, u8 instance)
1397 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1400 if (ext_adv_capable(hdev))
1401 return hci_set_ext_scan_rsp_data_sync(hdev, instance);
1403 return __hci_set_scan_rsp_data_sync(hdev, instance);
1406 int hci_enable_ext_advertising_sync(struct hci_dev *hdev, u8 instance)
1408 struct hci_cp_le_set_ext_adv_enable *cp;
1409 struct hci_cp_ext_adv_set *set;
1410 u8 data[sizeof(*cp) + sizeof(*set) * 1];
1411 struct adv_info *adv;
1414 adv = hci_find_adv_instance(hdev, instance);
1417 /* If already enabled there is nothing to do */
1425 set = (void *)cp->data;
1427 memset(cp, 0, sizeof(*cp));
1430 cp->num_of_sets = 0x01;
1432 memset(set, 0, sizeof(*set));
1434 set->handle = adv ? adv->handle : instance;
1436 /* Set duration per instance since controller is responsible for
1439 if (adv && adv->timeout) {
1440 u16 duration = adv->timeout * MSEC_PER_SEC;
1442 /* Time = N * 10 ms */
1443 set->duration = cpu_to_le16(duration / 10);
1446 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE,
1448 sizeof(*set) * cp->num_of_sets,
1449 data, HCI_CMD_TIMEOUT);
1452 int hci_start_ext_adv_sync(struct hci_dev *hdev, u8 instance)
1456 err = hci_setup_ext_adv_instance_sync(hdev, instance);
1460 err = hci_set_ext_scan_rsp_data_sync(hdev, instance);
1464 return hci_enable_ext_advertising_sync(hdev, instance);
1467 int hci_disable_per_advertising_sync(struct hci_dev *hdev, u8 instance)
1469 struct hci_cp_le_set_per_adv_enable cp;
1470 struct adv_info *adv = NULL;
1472 /* If periodic advertising already disabled there is nothing to do. */
1473 adv = hci_find_adv_instance(hdev, instance);
1474 if (!adv || !adv->periodic || !adv->enabled)
1477 memset(&cp, 0, sizeof(cp));
1480 cp.handle = instance;
1482 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_PER_ADV_ENABLE,
1483 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
1486 static int hci_set_per_adv_params_sync(struct hci_dev *hdev, u8 instance,
1487 u16 min_interval, u16 max_interval)
1489 struct hci_cp_le_set_per_adv_params cp;
1491 memset(&cp, 0, sizeof(cp));
1494 min_interval = DISCOV_LE_PER_ADV_INT_MIN;
1497 max_interval = DISCOV_LE_PER_ADV_INT_MAX;
1499 cp.handle = instance;
1500 cp.min_interval = cpu_to_le16(min_interval);
1501 cp.max_interval = cpu_to_le16(max_interval);
1502 cp.periodic_properties = 0x0000;
1504 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_PER_ADV_PARAMS,
1505 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
1508 static int hci_set_per_adv_data_sync(struct hci_dev *hdev, u8 instance)
1510 DEFINE_FLEX(struct hci_cp_le_set_per_adv_data, pdu, data, length,
1511 HCI_MAX_PER_AD_LENGTH);
1513 struct adv_info *adv = NULL;
1516 adv = hci_find_adv_instance(hdev, instance);
1517 if (!adv || !adv->periodic)
1521 len = eir_create_per_adv_data(hdev, instance, pdu->data);
1524 pdu->handle = adv ? adv->handle : instance;
1525 pdu->operation = LE_SET_ADV_DATA_OP_COMPLETE;
1527 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_PER_ADV_DATA,
1528 struct_size(pdu, data, len), pdu,
1532 static int hci_enable_per_advertising_sync(struct hci_dev *hdev, u8 instance)
1534 struct hci_cp_le_set_per_adv_enable cp;
1535 struct adv_info *adv = NULL;
1537 /* If periodic advertising already enabled there is nothing to do. */
1538 adv = hci_find_adv_instance(hdev, instance);
1539 if (adv && adv->periodic && adv->enabled)
1542 memset(&cp, 0, sizeof(cp));
1545 cp.handle = instance;
1547 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_PER_ADV_ENABLE,
1548 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
1551 /* Checks if periodic advertising data contains a Basic Announcement and if it
1552 * does generates a Broadcast ID and add Broadcast Announcement.
1554 static int hci_adv_bcast_annoucement(struct hci_dev *hdev, struct adv_info *adv)
1559 /* Skip if NULL adv as instance 0x00 is used for general purpose
1560 * advertising so it cannot used for the likes of Broadcast Announcement
1561 * as it can be overwritten at any point.
1566 /* Check if PA data doesn't contains a Basic Audio Announcement then
1567 * there is nothing to do.
1569 if (!eir_get_service_data(adv->per_adv_data, adv->per_adv_data_len,
1573 /* Check if advertising data already has a Broadcast Announcement since
1574 * the process may want to control the Broadcast ID directly and in that
1575 * case the kernel shall no interfere.
1577 if (eir_get_service_data(adv->adv_data, adv->adv_data_len, 0x1852,
1581 /* Generate Broadcast ID */
1582 get_random_bytes(bid, sizeof(bid));
1583 eir_append_service_data(ad, 0, 0x1852, bid, sizeof(bid));
1584 hci_set_adv_instance_data(hdev, adv->instance, sizeof(ad), ad, 0, NULL);
1586 return hci_update_adv_data_sync(hdev, adv->instance);
1589 int hci_start_per_adv_sync(struct hci_dev *hdev, u8 instance, u8 data_len,
1590 u8 *data, u32 flags, u16 min_interval,
1591 u16 max_interval, u16 sync_interval)
1593 struct adv_info *adv = NULL;
1597 hci_disable_per_advertising_sync(hdev, instance);
1600 adv = hci_find_adv_instance(hdev, instance);
1601 /* Create an instance if that could not be found */
1603 adv = hci_add_per_instance(hdev, instance, flags,
1608 return PTR_ERR(adv);
1609 adv->pending = false;
1614 /* Start advertising */
1615 err = hci_start_ext_adv_sync(hdev, instance);
1619 err = hci_adv_bcast_annoucement(hdev, adv);
1623 err = hci_set_per_adv_params_sync(hdev, instance, min_interval,
1628 err = hci_set_per_adv_data_sync(hdev, instance);
1632 err = hci_enable_per_advertising_sync(hdev, instance);
1640 hci_remove_adv_instance(hdev, instance);
1645 static int hci_start_adv_sync(struct hci_dev *hdev, u8 instance)
1649 if (ext_adv_capable(hdev))
1650 return hci_start_ext_adv_sync(hdev, instance);
1652 err = hci_update_adv_data_sync(hdev, instance);
1656 err = hci_update_scan_rsp_data_sync(hdev, instance);
1660 return hci_enable_advertising_sync(hdev);
1663 int hci_enable_advertising_sync(struct hci_dev *hdev)
1665 struct adv_info *adv_instance;
1666 struct hci_cp_le_set_adv_param cp;
1667 u8 own_addr_type, enable = 0x01;
1669 u16 adv_min_interval, adv_max_interval;
1673 if (ext_adv_capable(hdev))
1674 return hci_enable_ext_advertising_sync(hdev,
1675 hdev->cur_adv_instance);
1677 flags = hci_adv_instance_flags(hdev, hdev->cur_adv_instance);
1678 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
1680 /* If the "connectable" instance flag was not set, then choose between
1681 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1683 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1684 mgmt_get_connectable(hdev);
1686 if (!is_advertising_allowed(hdev, connectable))
1689 status = hci_disable_advertising_sync(hdev);
1693 /* Clear the HCI_LE_ADV bit temporarily so that the
1694 * hci_update_random_address knows that it's safe to go ahead
1695 * and write a new random address. The flag will be set back on
1696 * as soon as the SET_ADV_ENABLE HCI command completes.
1698 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1700 /* Set require_privacy to true only when non-connectable
1701 * advertising is used. In that case it is fine to use a
1702 * non-resolvable private address.
1704 status = hci_update_random_address_sync(hdev, !connectable,
1705 adv_use_rpa(hdev, flags),
1710 memset(&cp, 0, sizeof(cp));
1713 adv_min_interval = adv_instance->min_interval;
1714 adv_max_interval = adv_instance->max_interval;
1716 adv_min_interval = hdev->le_adv_min_interval;
1717 adv_max_interval = hdev->le_adv_max_interval;
1721 cp.type = LE_ADV_IND;
1723 if (hci_adv_instance_is_scannable(hdev, hdev->cur_adv_instance))
1724 cp.type = LE_ADV_SCAN_IND;
1726 cp.type = LE_ADV_NONCONN_IND;
1728 if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE) ||
1729 hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) {
1730 adv_min_interval = DISCOV_LE_FAST_ADV_INT_MIN;
1731 adv_max_interval = DISCOV_LE_FAST_ADV_INT_MAX;
1735 cp.min_interval = cpu_to_le16(adv_min_interval);
1736 cp.max_interval = cpu_to_le16(adv_max_interval);
1737 cp.own_address_type = own_addr_type;
1738 cp.channel_map = hdev->le_adv_channel_map;
1740 status = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_PARAM,
1741 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
1745 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_ENABLE,
1746 sizeof(enable), &enable, HCI_CMD_TIMEOUT);
1749 static int enable_advertising_sync(struct hci_dev *hdev, void *data)
1751 return hci_enable_advertising_sync(hdev);
1754 int hci_enable_advertising(struct hci_dev *hdev)
1756 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1757 list_empty(&hdev->adv_instances))
1760 return hci_cmd_sync_queue(hdev, enable_advertising_sync, NULL, NULL);
1763 int hci_remove_ext_adv_instance_sync(struct hci_dev *hdev, u8 instance,
1768 if (!ext_adv_capable(hdev))
1771 err = hci_disable_ext_adv_instance_sync(hdev, instance);
1775 /* If request specifies an instance that doesn't exist, fail */
1776 if (instance > 0 && !hci_find_adv_instance(hdev, instance))
1779 return __hci_cmd_sync_status_sk(hdev, HCI_OP_LE_REMOVE_ADV_SET,
1780 sizeof(instance), &instance, 0,
1781 HCI_CMD_TIMEOUT, sk);
1784 static int remove_ext_adv_sync(struct hci_dev *hdev, void *data)
1786 struct adv_info *adv = data;
1790 instance = adv->instance;
1792 return hci_remove_ext_adv_instance_sync(hdev, instance, NULL);
1795 int hci_remove_ext_adv_instance(struct hci_dev *hdev, u8 instance)
1797 struct adv_info *adv = NULL;
1800 adv = hci_find_adv_instance(hdev, instance);
1805 return hci_cmd_sync_queue(hdev, remove_ext_adv_sync, adv, NULL);
1808 int hci_le_terminate_big_sync(struct hci_dev *hdev, u8 handle, u8 reason)
1810 struct hci_cp_le_term_big cp;
1812 memset(&cp, 0, sizeof(cp));
1816 return __hci_cmd_sync_status(hdev, HCI_OP_LE_TERM_BIG,
1817 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
1820 static int hci_set_ext_adv_data_sync(struct hci_dev *hdev, u8 instance)
1822 DEFINE_FLEX(struct hci_cp_le_set_ext_adv_data, pdu, data, length,
1823 HCI_MAX_EXT_AD_LENGTH);
1825 struct adv_info *adv = NULL;
1829 adv = hci_find_adv_instance(hdev, instance);
1830 if (!adv || !adv->adv_data_changed)
1834 len = eir_create_adv_data(hdev, instance, pdu->data);
1837 pdu->handle = adv ? adv->handle : instance;
1838 pdu->operation = LE_SET_ADV_DATA_OP_COMPLETE;
1839 pdu->frag_pref = LE_SET_ADV_DATA_NO_FRAG;
1841 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_DATA,
1842 struct_size(pdu, data, len), pdu,
1847 /* Update data if the command succeed */
1849 adv->adv_data_changed = false;
1851 memcpy(hdev->adv_data, pdu->data, len);
1852 hdev->adv_data_len = len;
1858 static int hci_set_adv_data_sync(struct hci_dev *hdev, u8 instance)
1860 struct hci_cp_le_set_adv_data cp;
1863 memset(&cp, 0, sizeof(cp));
1865 len = eir_create_adv_data(hdev, instance, cp.data);
1867 /* There's nothing to do if the data hasn't changed */
1868 if (hdev->adv_data_len == len &&
1869 memcmp(cp.data, hdev->adv_data, len) == 0)
1872 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1873 hdev->adv_data_len = len;
1877 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_DATA,
1878 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
1881 int hci_update_adv_data_sync(struct hci_dev *hdev, u8 instance)
1883 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1886 if (ext_adv_capable(hdev))
1887 return hci_set_ext_adv_data_sync(hdev, instance);
1889 return hci_set_adv_data_sync(hdev, instance);
1892 int hci_schedule_adv_instance_sync(struct hci_dev *hdev, u8 instance,
1895 struct adv_info *adv = NULL;
1898 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) && !ext_adv_capable(hdev))
1901 if (hdev->adv_instance_timeout)
1904 adv = hci_find_adv_instance(hdev, instance);
1908 /* A zero timeout means unlimited advertising. As long as there is
1909 * only one instance, duration should be ignored. We still set a timeout
1910 * in case further instances are being added later on.
1912 * If the remaining lifetime of the instance is more than the duration
1913 * then the timeout corresponds to the duration, otherwise it will be
1914 * reduced to the remaining instance lifetime.
1916 if (adv->timeout == 0 || adv->duration <= adv->remaining_time)
1917 timeout = adv->duration;
1919 timeout = adv->remaining_time;
1921 /* The remaining time is being reduced unless the instance is being
1922 * advertised without time limit.
1925 adv->remaining_time = adv->remaining_time - timeout;
1927 /* Only use work for scheduling instances with legacy advertising */
1928 if (!ext_adv_capable(hdev)) {
1929 hdev->adv_instance_timeout = timeout;
1930 queue_delayed_work(hdev->req_workqueue,
1931 &hdev->adv_instance_expire,
1932 msecs_to_jiffies(timeout * 1000));
1935 /* If we're just re-scheduling the same instance again then do not
1936 * execute any HCI commands. This happens when a single instance is
1939 if (!force && hdev->cur_adv_instance == instance &&
1940 hci_dev_test_flag(hdev, HCI_LE_ADV))
1943 hdev->cur_adv_instance = instance;
1945 return hci_start_adv_sync(hdev, instance);
1948 static int hci_clear_adv_sets_sync(struct hci_dev *hdev, struct sock *sk)
1952 if (!ext_adv_capable(hdev))
1955 /* Disable instance 0x00 to disable all instances */
1956 err = hci_disable_ext_adv_instance_sync(hdev, 0x00);
1960 return __hci_cmd_sync_status_sk(hdev, HCI_OP_LE_CLEAR_ADV_SETS,
1961 0, NULL, 0, HCI_CMD_TIMEOUT, sk);
1964 static int hci_clear_adv_sync(struct hci_dev *hdev, struct sock *sk, bool force)
1966 struct adv_info *adv, *n;
1969 if (ext_adv_capable(hdev))
1970 /* Remove all existing sets */
1971 err = hci_clear_adv_sets_sync(hdev, sk);
1972 if (ext_adv_capable(hdev))
1975 /* This is safe as long as there is no command send while the lock is
1980 /* Cleanup non-ext instances */
1981 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) {
1982 u8 instance = adv->instance;
1985 if (!(force || adv->timeout))
1988 err = hci_remove_adv_instance(hdev, instance);
1990 mgmt_advertising_removed(sk, hdev, instance);
1993 hci_dev_unlock(hdev);
1998 static int hci_remove_adv_sync(struct hci_dev *hdev, u8 instance,
2003 /* If we use extended advertising, instance has to be removed first. */
2004 if (ext_adv_capable(hdev))
2005 err = hci_remove_ext_adv_instance_sync(hdev, instance, sk);
2006 if (ext_adv_capable(hdev))
2009 /* This is safe as long as there is no command send while the lock is
2014 err = hci_remove_adv_instance(hdev, instance);
2016 mgmt_advertising_removed(sk, hdev, instance);
2018 hci_dev_unlock(hdev);
2023 /* For a single instance:
2024 * - force == true: The instance will be removed even when its remaining
2025 * lifetime is not zero.
2026 * - force == false: the instance will be deactivated but kept stored unless
2027 * the remaining lifetime is zero.
2029 * For instance == 0x00:
2030 * - force == true: All instances will be removed regardless of their timeout
2032 * - force == false: Only instances that have a timeout will be removed.
2034 int hci_remove_advertising_sync(struct hci_dev *hdev, struct sock *sk,
2035 u8 instance, bool force)
2037 struct adv_info *next = NULL;
2040 /* Cancel any timeout concerning the removed instance(s). */
2041 if (!instance || hdev->cur_adv_instance == instance)
2042 cancel_adv_timeout(hdev);
2044 /* Get the next instance to advertise BEFORE we remove
2045 * the current one. This can be the same instance again
2046 * if there is only one instance.
2048 if (hdev->cur_adv_instance == instance)
2049 next = hci_get_next_instance(hdev, instance);
2052 err = hci_clear_adv_sync(hdev, sk, force);
2056 struct adv_info *adv = hci_find_adv_instance(hdev, instance);
2058 if (force || (adv && adv->timeout && !adv->remaining_time)) {
2059 /* Don't advertise a removed instance. */
2060 if (next && next->instance == instance)
2063 err = hci_remove_adv_sync(hdev, instance, sk);
2069 if (!hdev_is_powered(hdev) || hci_dev_test_flag(hdev, HCI_ADVERTISING))
2072 if (next && !ext_adv_capable(hdev))
2073 hci_schedule_adv_instance_sync(hdev, next->instance, false);
2078 int hci_read_rssi_sync(struct hci_dev *hdev, __le16 handle)
2080 struct hci_cp_read_rssi cp;
2083 return __hci_cmd_sync_status(hdev, HCI_OP_READ_RSSI,
2084 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
2087 int hci_read_clock_sync(struct hci_dev *hdev, struct hci_cp_read_clock *cp)
2089 return __hci_cmd_sync_status(hdev, HCI_OP_READ_CLOCK,
2090 sizeof(*cp), cp, HCI_CMD_TIMEOUT);
2093 int hci_read_tx_power_sync(struct hci_dev *hdev, __le16 handle, u8 type)
2095 struct hci_cp_read_tx_power cp;
2099 return __hci_cmd_sync_status(hdev, HCI_OP_READ_TX_POWER,
2100 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
2103 int hci_disable_advertising_sync(struct hci_dev *hdev)
2108 /* If controller is not advertising we are done. */
2109 if (!hci_dev_test_flag(hdev, HCI_LE_ADV))
2112 if (ext_adv_capable(hdev))
2113 err = hci_disable_ext_adv_instance_sync(hdev, 0x00);
2114 if (ext_adv_capable(hdev))
2117 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_ENABLE,
2118 sizeof(enable), &enable, HCI_CMD_TIMEOUT);
2121 static int hci_le_set_ext_scan_enable_sync(struct hci_dev *hdev, u8 val,
2124 struct hci_cp_le_set_ext_scan_enable cp;
2126 memset(&cp, 0, sizeof(cp));
2129 if (hci_dev_test_flag(hdev, HCI_MESH))
2130 cp.filter_dup = LE_SCAN_FILTER_DUP_DISABLE;
2132 cp.filter_dup = filter_dup;
2134 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_SCAN_ENABLE,
2135 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
2138 static int hci_le_set_scan_enable_sync(struct hci_dev *hdev, u8 val,
2141 struct hci_cp_le_set_scan_enable cp;
2143 if (use_ext_scan(hdev))
2144 return hci_le_set_ext_scan_enable_sync(hdev, val, filter_dup);
2146 memset(&cp, 0, sizeof(cp));
2149 if (val && hci_dev_test_flag(hdev, HCI_MESH))
2150 cp.filter_dup = LE_SCAN_FILTER_DUP_DISABLE;
2152 cp.filter_dup = filter_dup;
2154 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_SCAN_ENABLE,
2155 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
2158 static int hci_le_set_addr_resolution_enable_sync(struct hci_dev *hdev, u8 val)
2160 if (!use_ll_privacy(hdev))
2163 /* If controller is not/already resolving we are done. */
2164 if (val == hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION))
2167 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE,
2168 sizeof(val), &val, HCI_CMD_TIMEOUT);
2171 static int hci_scan_disable_sync(struct hci_dev *hdev)
2175 /* If controller is not scanning we are done. */
2176 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
2179 if (hdev->scanning_paused) {
2180 bt_dev_dbg(hdev, "Scanning is paused for suspend");
2184 err = hci_le_set_scan_enable_sync(hdev, LE_SCAN_DISABLE, 0x00);
2186 bt_dev_err(hdev, "Unable to disable scanning: %d", err);
2193 static bool scan_use_rpa(struct hci_dev *hdev)
2195 return hci_dev_test_flag(hdev, HCI_PRIVACY);
2198 static void hci_start_interleave_scan(struct hci_dev *hdev)
2200 hdev->interleave_scan_state = INTERLEAVE_SCAN_NO_FILTER;
2201 queue_delayed_work(hdev->req_workqueue,
2202 &hdev->interleave_scan, 0);
2205 static void cancel_interleave_scan(struct hci_dev *hdev)
2207 bt_dev_dbg(hdev, "cancelling interleave scan");
2209 cancel_delayed_work_sync(&hdev->interleave_scan);
2211 hdev->interleave_scan_state = INTERLEAVE_SCAN_NONE;
2214 /* Return true if interleave_scan wasn't started until exiting this function,
2215 * otherwise, return false
2217 static bool hci_update_interleaved_scan_sync(struct hci_dev *hdev)
2219 /* Do interleaved scan only if all of the following are true:
2220 * - There is at least one ADV monitor
2221 * - At least one pending LE connection or one device to be scanned for
2222 * - Monitor offloading is not supported
2223 * If so, we should alternate between allowlist scan and one without
2224 * any filters to save power.
2226 bool use_interleaving = hci_is_adv_monitoring(hdev) &&
2227 !(list_empty(&hdev->pend_le_conns) &&
2228 list_empty(&hdev->pend_le_reports)) &&
2229 hci_get_adv_monitor_offload_ext(hdev) ==
2230 HCI_ADV_MONITOR_EXT_NONE;
2231 bool is_interleaving = is_interleave_scanning(hdev);
2233 if (use_interleaving && !is_interleaving) {
2234 hci_start_interleave_scan(hdev);
2235 bt_dev_dbg(hdev, "starting interleave scan");
2239 if (!use_interleaving && is_interleaving)
2240 cancel_interleave_scan(hdev);
2245 /* Removes connection to resolve list if needed.*/
2246 static int hci_le_del_resolve_list_sync(struct hci_dev *hdev,
2247 bdaddr_t *bdaddr, u8 bdaddr_type)
2249 struct hci_cp_le_del_from_resolv_list cp;
2250 struct bdaddr_list_with_irk *entry;
2252 if (!use_ll_privacy(hdev))
2255 /* Check if the IRK has been programmed */
2256 entry = hci_bdaddr_list_lookup_with_irk(&hdev->le_resolv_list, bdaddr,
2261 cp.bdaddr_type = bdaddr_type;
2262 bacpy(&cp.bdaddr, bdaddr);
2264 return __hci_cmd_sync_status(hdev, HCI_OP_LE_DEL_FROM_RESOLV_LIST,
2265 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
2268 static int hci_le_del_accept_list_sync(struct hci_dev *hdev,
2269 bdaddr_t *bdaddr, u8 bdaddr_type)
2271 struct hci_cp_le_del_from_accept_list cp;
2274 /* Check if device is on accept list before removing it */
2275 if (!hci_bdaddr_list_lookup(&hdev->le_accept_list, bdaddr, bdaddr_type))
2278 cp.bdaddr_type = bdaddr_type;
2279 bacpy(&cp.bdaddr, bdaddr);
2281 /* Ignore errors when removing from resolving list as that is likely
2282 * that the device was never added.
2284 hci_le_del_resolve_list_sync(hdev, &cp.bdaddr, cp.bdaddr_type);
2286 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_DEL_FROM_ACCEPT_LIST,
2287 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
2289 bt_dev_err(hdev, "Unable to remove from allow list: %d", err);
2293 bt_dev_dbg(hdev, "Remove %pMR (0x%x) from allow list", &cp.bdaddr,
2299 struct conn_params {
2302 hci_conn_flags_t flags;
2306 /* Adds connection to resolve list if needed.
2307 * Setting params to NULL programs local hdev->irk
2309 static int hci_le_add_resolve_list_sync(struct hci_dev *hdev,
2310 struct conn_params *params)
2312 struct hci_cp_le_add_to_resolv_list cp;
2313 struct smp_irk *irk;
2314 struct bdaddr_list_with_irk *entry;
2315 struct hci_conn_params *p;
2317 if (!use_ll_privacy(hdev))
2320 /* Attempt to program local identity address, type and irk if params is
2324 if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
2327 hci_copy_identity_address(hdev, &cp.bdaddr, &cp.bdaddr_type);
2328 memcpy(cp.peer_irk, hdev->irk, 16);
2332 irk = hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type);
2336 /* Check if the IK has _not_ been programmed yet. */
2337 entry = hci_bdaddr_list_lookup_with_irk(&hdev->le_resolv_list,
2343 cp.bdaddr_type = params->addr_type;
2344 bacpy(&cp.bdaddr, ¶ms->addr);
2345 memcpy(cp.peer_irk, irk->val, 16);
2347 /* Default privacy mode is always Network */
2348 params->privacy_mode = HCI_NETWORK_PRIVACY;
2351 p = hci_pend_le_action_lookup(&hdev->pend_le_conns,
2352 ¶ms->addr, params->addr_type);
2354 p = hci_pend_le_action_lookup(&hdev->pend_le_reports,
2355 ¶ms->addr, params->addr_type);
2357 WRITE_ONCE(p->privacy_mode, HCI_NETWORK_PRIVACY);
2361 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
2362 memcpy(cp.local_irk, hdev->irk, 16);
2364 memset(cp.local_irk, 0, 16);
2366 return __hci_cmd_sync_status(hdev, HCI_OP_LE_ADD_TO_RESOLV_LIST,
2367 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
2370 /* Set Device Privacy Mode. */
2371 static int hci_le_set_privacy_mode_sync(struct hci_dev *hdev,
2372 struct conn_params *params)
2374 struct hci_cp_le_set_privacy_mode cp;
2375 struct smp_irk *irk;
2377 /* If device privacy mode has already been set there is nothing to do */
2378 if (params->privacy_mode == HCI_DEVICE_PRIVACY)
2381 /* Check if HCI_CONN_FLAG_DEVICE_PRIVACY has been set as it also
2382 * indicates that LL Privacy has been enabled and
2383 * HCI_OP_LE_SET_PRIVACY_MODE is supported.
2385 if (!(params->flags & HCI_CONN_FLAG_DEVICE_PRIVACY))
2388 irk = hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type);
2392 memset(&cp, 0, sizeof(cp));
2393 cp.bdaddr_type = irk->addr_type;
2394 bacpy(&cp.bdaddr, &irk->bdaddr);
2395 cp.mode = HCI_DEVICE_PRIVACY;
2397 /* Note: params->privacy_mode is not updated since it is a copy */
2399 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_PRIVACY_MODE,
2400 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
2403 /* Adds connection to allow list if needed, if the device uses RPA (has IRK)
2404 * this attempts to program the device in the resolving list as well and
2405 * properly set the privacy mode.
2407 static int hci_le_add_accept_list_sync(struct hci_dev *hdev,
2408 struct conn_params *params,
2411 struct hci_cp_le_add_to_accept_list cp;
2414 /* During suspend, only wakeable devices can be in acceptlist */
2415 if (hdev->suspended &&
2416 !(params->flags & HCI_CONN_FLAG_REMOTE_WAKEUP)) {
2417 hci_le_del_accept_list_sync(hdev, ¶ms->addr,
2422 /* Select filter policy to accept all advertising */
2423 if (*num_entries >= hdev->le_accept_list_size)
2426 /* Accept list can not be used with RPAs */
2427 if (!use_ll_privacy(hdev) &&
2428 hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type))
2431 /* Attempt to program the device in the resolving list first to avoid
2432 * having to rollback in case it fails since the resolving list is
2433 * dynamic it can probably be smaller than the accept list.
2435 err = hci_le_add_resolve_list_sync(hdev, params);
2437 bt_dev_err(hdev, "Unable to add to resolve list: %d", err);
2441 /* Set Privacy Mode */
2442 err = hci_le_set_privacy_mode_sync(hdev, params);
2444 bt_dev_err(hdev, "Unable to set privacy mode: %d", err);
2448 /* Check if already in accept list */
2449 if (hci_bdaddr_list_lookup(&hdev->le_accept_list, ¶ms->addr,
2454 cp.bdaddr_type = params->addr_type;
2455 bacpy(&cp.bdaddr, ¶ms->addr);
2457 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_ADD_TO_ACCEPT_LIST,
2458 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
2460 bt_dev_err(hdev, "Unable to add to allow list: %d", err);
2461 /* Rollback the device from the resolving list */
2462 hci_le_del_resolve_list_sync(hdev, &cp.bdaddr, cp.bdaddr_type);
2466 bt_dev_dbg(hdev, "Add %pMR (0x%x) to allow list", &cp.bdaddr,
2472 /* This function disables/pause all advertising instances */
2473 static int hci_pause_advertising_sync(struct hci_dev *hdev)
2478 /* If already been paused there is nothing to do. */
2479 if (hdev->advertising_paused)
2482 bt_dev_dbg(hdev, "Pausing directed advertising");
2484 /* Stop directed advertising */
2485 old_state = hci_dev_test_flag(hdev, HCI_ADVERTISING);
2487 /* When discoverable timeout triggers, then just make sure
2488 * the limited discoverable flag is cleared. Even in the case
2489 * of a timeout triggered from general discoverable, it is
2490 * safe to unconditionally clear the flag.
2492 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2493 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2494 hdev->discov_timeout = 0;
2497 bt_dev_dbg(hdev, "Pausing advertising instances");
2499 /* Call to disable any advertisements active on the controller.
2500 * This will succeed even if no advertisements are configured.
2502 err = hci_disable_advertising_sync(hdev);
2506 /* If we are using software rotation, pause the loop */
2507 if (!ext_adv_capable(hdev))
2508 cancel_adv_timeout(hdev);
2510 hdev->advertising_paused = true;
2511 hdev->advertising_old_state = old_state;
2516 /* This function enables all user advertising instances */
2517 static int hci_resume_advertising_sync(struct hci_dev *hdev)
2519 struct adv_info *adv, *tmp;
2522 /* If advertising has not been paused there is nothing to do. */
2523 if (!hdev->advertising_paused)
2526 /* Resume directed advertising */
2527 hdev->advertising_paused = false;
2528 if (hdev->advertising_old_state) {
2529 hci_dev_set_flag(hdev, HCI_ADVERTISING);
2530 hdev->advertising_old_state = 0;
2533 bt_dev_dbg(hdev, "Resuming advertising instances");
2535 if (ext_adv_capable(hdev)) {
2536 /* Call for each tracked instance to be re-enabled */
2537 list_for_each_entry_safe(adv, tmp, &hdev->adv_instances, list) {
2538 err = hci_enable_ext_advertising_sync(hdev,
2543 /* If the instance cannot be resumed remove it */
2544 hci_remove_ext_adv_instance_sync(hdev, adv->instance,
2548 /* Schedule for most recent instance to be restarted and begin
2549 * the software rotation loop
2551 err = hci_schedule_adv_instance_sync(hdev,
2552 hdev->cur_adv_instance,
2556 hdev->advertising_paused = false;
2561 static int hci_pause_addr_resolution(struct hci_dev *hdev)
2565 if (!use_ll_privacy(hdev))
2568 if (!hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION))
2571 /* Cannot disable addr resolution if scanning is enabled or
2572 * when initiating an LE connection.
2574 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2575 hci_lookup_le_connect(hdev)) {
2576 bt_dev_err(hdev, "Command not allowed when scan/LE connect");
2580 /* Cannot disable addr resolution if advertising is enabled. */
2581 err = hci_pause_advertising_sync(hdev);
2583 bt_dev_err(hdev, "Pause advertising failed: %d", err);
2587 err = hci_le_set_addr_resolution_enable_sync(hdev, 0x00);
2589 bt_dev_err(hdev, "Unable to disable Address Resolution: %d",
2592 /* Return if address resolution is disabled and RPA is not used. */
2593 if (!err && scan_use_rpa(hdev))
2596 hci_resume_advertising_sync(hdev);
2600 struct sk_buff *hci_read_local_oob_data_sync(struct hci_dev *hdev,
2601 bool extended, struct sock *sk)
2603 u16 opcode = extended ? HCI_OP_READ_LOCAL_OOB_EXT_DATA :
2604 HCI_OP_READ_LOCAL_OOB_DATA;
2606 return __hci_cmd_sync_sk(hdev, opcode, 0, NULL, 0, HCI_CMD_TIMEOUT, sk);
2609 static struct conn_params *conn_params_copy(struct list_head *list, size_t *n)
2611 struct hci_conn_params *params;
2612 struct conn_params *p;
2618 list_for_each_entry_rcu(params, list, action)
2624 p = kvcalloc(*n, sizeof(struct conn_params), GFP_KERNEL);
2631 list_for_each_entry_rcu(params, list, action) {
2632 /* Racing adds are handled in next scan update */
2636 /* No hdev->lock, but: addr, addr_type are immutable.
2637 * privacy_mode is only written by us or in
2638 * hci_cc_le_set_privacy_mode that we wait for.
2639 * We should be idempotent so MGMT updating flags
2640 * while we are processing is OK.
2642 bacpy(&p[i].addr, ¶ms->addr);
2643 p[i].addr_type = params->addr_type;
2644 p[i].flags = READ_ONCE(params->flags);
2645 p[i].privacy_mode = READ_ONCE(params->privacy_mode);
2655 /* Clear LE Accept List */
2656 static int hci_le_clear_accept_list_sync(struct hci_dev *hdev)
2658 if (!(hdev->commands[26] & 0x80))
2661 return __hci_cmd_sync_status(hdev, HCI_OP_LE_CLEAR_ACCEPT_LIST, 0, NULL,
2665 /* Device must not be scanning when updating the accept list.
2667 * Update is done using the following sequence:
2669 * use_ll_privacy((Disable Advertising) -> Disable Resolving List) ->
2670 * Remove Devices From Accept List ->
2671 * (has IRK && use_ll_privacy(Remove Devices From Resolving List))->
2672 * Add Devices to Accept List ->
2673 * (has IRK && use_ll_privacy(Remove Devices From Resolving List)) ->
2674 * use_ll_privacy(Enable Resolving List -> (Enable Advertising)) ->
2677 * In case of failure advertising shall be restored to its original state and
2678 * return would disable accept list since either accept or resolving list could
2679 * not be programmed.
2682 static u8 hci_update_accept_list_sync(struct hci_dev *hdev)
2684 struct conn_params *params;
2685 struct bdaddr_list *b, *t;
2687 bool pend_conn, pend_report;
2692 /* Pause advertising if resolving list can be used as controllers
2693 * cannot accept resolving list modifications while advertising.
2695 if (use_ll_privacy(hdev)) {
2696 err = hci_pause_advertising_sync(hdev);
2698 bt_dev_err(hdev, "pause advertising failed: %d", err);
2703 /* Disable address resolution while reprogramming accept list since
2704 * devices that do have an IRK will be programmed in the resolving list
2705 * when LL Privacy is enabled.
2707 err = hci_le_set_addr_resolution_enable_sync(hdev, 0x00);
2709 bt_dev_err(hdev, "Unable to disable LL privacy: %d", err);
2713 /* Force address filtering if PA Sync is in progress */
2714 if (hci_dev_test_flag(hdev, HCI_PA_SYNC)) {
2715 struct hci_cp_le_pa_create_sync *sent;
2717 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_PA_CREATE_SYNC);
2719 struct conn_params pa;
2721 memset(&pa, 0, sizeof(pa));
2723 bacpy(&pa.addr, &sent->addr);
2724 pa.addr_type = sent->addr_type;
2726 /* Clear first since there could be addresses left
2729 hci_le_clear_accept_list_sync(hdev);
2732 err = hci_le_add_accept_list_sync(hdev, &pa,
2738 /* Go through the current accept list programmed into the
2739 * controller one by one and check if that address is connected or is
2740 * still in the list of pending connections or list of devices to
2741 * report. If not present in either list, then remove it from
2744 list_for_each_entry_safe(b, t, &hdev->le_accept_list, list) {
2745 if (hci_conn_hash_lookup_le(hdev, &b->bdaddr, b->bdaddr_type))
2748 /* Pointers not dereferenced, no locks needed */
2749 pend_conn = hci_pend_le_action_lookup(&hdev->pend_le_conns,
2752 pend_report = hci_pend_le_action_lookup(&hdev->pend_le_reports,
2756 /* If the device is not likely to connect or report,
2757 * remove it from the acceptlist.
2759 if (!pend_conn && !pend_report) {
2760 hci_le_del_accept_list_sync(hdev, &b->bdaddr,
2768 /* Since all no longer valid accept list entries have been
2769 * removed, walk through the list of pending connections
2770 * and ensure that any new device gets programmed into
2773 * If the list of the devices is larger than the list of
2774 * available accept list entries in the controller, then
2775 * just abort and return filer policy value to not use the
2778 * The list and params may be mutated while we wait for events,
2779 * so make a copy and iterate it.
2782 params = conn_params_copy(&hdev->pend_le_conns, &n);
2788 for (i = 0; i < n; ++i) {
2789 err = hci_le_add_accept_list_sync(hdev, ¶ms[i],
2799 /* After adding all new pending connections, walk through
2800 * the list of pending reports and also add these to the
2801 * accept list if there is still space. Abort if space runs out.
2804 params = conn_params_copy(&hdev->pend_le_reports, &n);
2810 for (i = 0; i < n; ++i) {
2811 err = hci_le_add_accept_list_sync(hdev, ¶ms[i],
2821 /* Use the allowlist unless the following conditions are all true:
2822 * - We are not currently suspending
2823 * - There are 1 or more ADV monitors registered and it's not offloaded
2824 * - Interleaved scanning is not currently using the allowlist
2826 if (!idr_is_empty(&hdev->adv_monitors_idr) && !hdev->suspended &&
2827 hci_get_adv_monitor_offload_ext(hdev) == HCI_ADV_MONITOR_EXT_NONE &&
2828 hdev->interleave_scan_state != INTERLEAVE_SCAN_ALLOWLIST)
2832 filter_policy = err ? 0x00 : 0x01;
2834 /* Enable address resolution when LL Privacy is enabled. */
2835 err = hci_le_set_addr_resolution_enable_sync(hdev, 0x01);
2837 bt_dev_err(hdev, "Unable to enable LL privacy: %d", err);
2839 /* Resume advertising if it was paused */
2840 if (use_ll_privacy(hdev))
2841 hci_resume_advertising_sync(hdev);
2843 /* Select filter policy to use accept list */
2844 return filter_policy;
2847 static void hci_le_scan_phy_params(struct hci_cp_le_scan_phy_params *cp,
2848 u8 type, u16 interval, u16 window)
2851 cp->interval = cpu_to_le16(interval);
2852 cp->window = cpu_to_le16(window);
2855 static int hci_le_set_ext_scan_param_sync(struct hci_dev *hdev, u8 type,
2856 u16 interval, u16 window,
2857 u8 own_addr_type, u8 filter_policy)
2859 struct hci_cp_le_set_ext_scan_params *cp;
2860 struct hci_cp_le_scan_phy_params *phy;
2861 u8 data[sizeof(*cp) + sizeof(*phy) * 2];
2865 phy = (void *)cp->data;
2867 memset(data, 0, sizeof(data));
2869 cp->own_addr_type = own_addr_type;
2870 cp->filter_policy = filter_policy;
2872 /* Check if PA Sync is in progress then select the PHY based on the
2875 if (hci_dev_test_flag(hdev, HCI_PA_SYNC)) {
2876 struct hci_cp_le_add_to_accept_list *sent;
2878 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_ACCEPT_LIST);
2880 struct hci_conn *conn;
2882 conn = hci_conn_hash_lookup_ba(hdev, ISO_LINK,
2885 struct bt_iso_qos *qos = &conn->iso_qos;
2887 if (qos->bcast.in.phy & BT_ISO_PHY_1M ||
2888 qos->bcast.in.phy & BT_ISO_PHY_2M) {
2889 cp->scanning_phys |= LE_SCAN_PHY_1M;
2890 hci_le_scan_phy_params(phy, type,
2897 if (qos->bcast.in.phy & BT_ISO_PHY_CODED) {
2898 cp->scanning_phys |= LE_SCAN_PHY_CODED;
2899 hci_le_scan_phy_params(phy, type,
2912 if (scan_1m(hdev) || scan_2m(hdev)) {
2913 cp->scanning_phys |= LE_SCAN_PHY_1M;
2914 hci_le_scan_phy_params(phy, type, interval, window);
2919 if (scan_coded(hdev)) {
2920 cp->scanning_phys |= LE_SCAN_PHY_CODED;
2921 hci_le_scan_phy_params(phy, type, interval * 3, window * 3);
2930 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_SCAN_PARAMS,
2931 sizeof(*cp) + sizeof(*phy) * num_phy,
2932 data, HCI_CMD_TIMEOUT);
2935 static int hci_le_set_scan_param_sync(struct hci_dev *hdev, u8 type,
2936 u16 interval, u16 window,
2937 u8 own_addr_type, u8 filter_policy)
2939 struct hci_cp_le_set_scan_param cp;
2941 if (use_ext_scan(hdev))
2942 return hci_le_set_ext_scan_param_sync(hdev, type, interval,
2943 window, own_addr_type,
2946 memset(&cp, 0, sizeof(cp));
2948 cp.interval = cpu_to_le16(interval);
2949 cp.window = cpu_to_le16(window);
2950 cp.own_address_type = own_addr_type;
2951 cp.filter_policy = filter_policy;
2953 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_SCAN_PARAM,
2954 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
2957 static int hci_start_scan_sync(struct hci_dev *hdev, u8 type, u16 interval,
2958 u16 window, u8 own_addr_type, u8 filter_policy,
2963 if (hdev->scanning_paused) {
2964 bt_dev_dbg(hdev, "Scanning is paused for suspend");
2968 err = hci_le_set_scan_param_sync(hdev, type, interval, window,
2969 own_addr_type, filter_policy);
2973 return hci_le_set_scan_enable_sync(hdev, LE_SCAN_ENABLE, filter_dup);
2976 static int hci_passive_scan_sync(struct hci_dev *hdev)
2980 u16 window, interval;
2981 u8 filter_dups = LE_SCAN_FILTER_DUP_ENABLE;
2984 if (hdev->scanning_paused) {
2985 bt_dev_dbg(hdev, "Scanning is paused for suspend");
2989 err = hci_scan_disable_sync(hdev);
2991 bt_dev_err(hdev, "disable scanning failed: %d", err);
2995 /* Set require_privacy to false since no SCAN_REQ are send
2996 * during passive scanning. Not using an non-resolvable address
2997 * here is important so that peer devices using direct
2998 * advertising with our address will be correctly reported
2999 * by the controller.
3001 if (hci_update_random_address_sync(hdev, false, scan_use_rpa(hdev),
3005 if (hdev->enable_advmon_interleave_scan &&
3006 hci_update_interleaved_scan_sync(hdev))
3009 bt_dev_dbg(hdev, "interleave state %d", hdev->interleave_scan_state);
3011 /* Adding or removing entries from the accept list must
3012 * happen before enabling scanning. The controller does
3013 * not allow accept list modification while scanning.
3015 filter_policy = hci_update_accept_list_sync(hdev);
3017 /* If suspended and filter_policy set to 0x00 (no acceptlist) then
3018 * passive scanning cannot be started since that would require the host
3019 * to be woken up to process the reports.
3021 if (hdev->suspended && !filter_policy) {
3022 /* Check if accept list is empty then there is no need to scan
3025 if (list_empty(&hdev->le_accept_list))
3028 /* If there are devices is the accept_list that means some
3029 * devices could not be programmed which in non-suspended case
3030 * means filter_policy needs to be set to 0x00 so the host needs
3031 * to filter, but since this is treating suspended case we
3032 * can ignore device needing host to filter to allow devices in
3033 * the acceptlist to be able to wakeup the system.
3035 filter_policy = 0x01;
3038 /* When the controller is using random resolvable addresses and
3039 * with that having LE privacy enabled, then controllers with
3040 * Extended Scanner Filter Policies support can now enable support
3041 * for handling directed advertising.
3043 * So instead of using filter polices 0x00 (no acceptlist)
3044 * and 0x01 (acceptlist enabled) use the new filter policies
3045 * 0x02 (no acceptlist) and 0x03 (acceptlist enabled).
3047 if (hci_dev_test_flag(hdev, HCI_PRIVACY) &&
3048 (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY))
3049 filter_policy |= 0x02;
3051 if (hdev->suspended) {
3052 window = hdev->le_scan_window_suspend;
3053 interval = hdev->le_scan_int_suspend;
3054 } else if (hci_is_le_conn_scanning(hdev)) {
3055 window = hdev->le_scan_window_connect;
3056 interval = hdev->le_scan_int_connect;
3057 } else if (hci_is_adv_monitoring(hdev)) {
3058 window = hdev->le_scan_window_adv_monitor;
3059 interval = hdev->le_scan_int_adv_monitor;
3061 /* Disable duplicates filter when scanning for advertisement
3062 * monitor for the following reasons.
3064 * For HW pattern filtering (ex. MSFT), Realtek and Qualcomm
3065 * controllers ignore RSSI_Sampling_Period when the duplicates
3066 * filter is enabled.
3068 * For SW pattern filtering, when we're not doing interleaved
3069 * scanning, it is necessary to disable duplicates filter,
3070 * otherwise hosts can only receive one advertisement and it's
3071 * impossible to know if a peer is still in range.
3073 filter_dups = LE_SCAN_FILTER_DUP_DISABLE;
3075 window = hdev->le_scan_window;
3076 interval = hdev->le_scan_interval;
3079 /* Disable all filtering for Mesh */
3080 if (hci_dev_test_flag(hdev, HCI_MESH)) {
3082 filter_dups = LE_SCAN_FILTER_DUP_DISABLE;
3085 bt_dev_dbg(hdev, "LE passive scan with acceptlist = %d", filter_policy);
3087 return hci_start_scan_sync(hdev, LE_SCAN_PASSIVE, interval, window,
3088 own_addr_type, filter_policy, filter_dups);
3091 /* This function controls the passive scanning based on hdev->pend_le_conns
3092 * list. If there are pending LE connection we start the background scanning,
3093 * otherwise we stop it in the following sequence:
3095 * If there are devices to scan:
3097 * Disable Scanning -> Update Accept List ->
3098 * use_ll_privacy((Disable Advertising) -> Disable Resolving List ->
3099 * Update Resolving List -> Enable Resolving List -> (Enable Advertising)) ->
3106 int hci_update_passive_scan_sync(struct hci_dev *hdev)
3110 if (!test_bit(HCI_UP, &hdev->flags) ||
3111 test_bit(HCI_INIT, &hdev->flags) ||
3112 hci_dev_test_flag(hdev, HCI_SETUP) ||
3113 hci_dev_test_flag(hdev, HCI_CONFIG) ||
3114 hci_dev_test_flag(hdev, HCI_AUTO_OFF) ||
3115 hci_dev_test_flag(hdev, HCI_UNREGISTER))
3118 /* No point in doing scanning if LE support hasn't been enabled */
3119 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
3122 /* If discovery is active don't interfere with it */
3123 if (hdev->discovery.state != DISCOVERY_STOPPED)
3126 /* Reset RSSI and UUID filters when starting background scanning
3127 * since these filters are meant for service discovery only.
3129 * The Start Discovery and Start Service Discovery operations
3130 * ensure to set proper values for RSSI threshold and UUID
3131 * filter list. So it is safe to just reset them here.
3133 hci_discovery_filter_clear(hdev);
3135 bt_dev_dbg(hdev, "ADV monitoring is %s",
3136 hci_is_adv_monitoring(hdev) ? "on" : "off");
3138 if (!hci_dev_test_flag(hdev, HCI_MESH) &&
3139 list_empty(&hdev->pend_le_conns) &&
3140 list_empty(&hdev->pend_le_reports) &&
3141 !hci_is_adv_monitoring(hdev) &&
3142 !hci_dev_test_flag(hdev, HCI_PA_SYNC)) {
3143 /* If there is no pending LE connections or devices
3144 * to be scanned for or no ADV monitors, we should stop the
3145 * background scanning.
3148 bt_dev_dbg(hdev, "stopping background scanning");
3150 err = hci_scan_disable_sync(hdev);
3152 bt_dev_err(hdev, "stop background scanning failed: %d",
3155 /* If there is at least one pending LE connection, we should
3156 * keep the background scan running.
3159 /* If controller is connecting, we should not start scanning
3160 * since some controllers are not able to scan and connect at
3163 if (hci_lookup_le_connect(hdev))
3166 bt_dev_dbg(hdev, "start background scanning");
3168 err = hci_passive_scan_sync(hdev);
3170 bt_dev_err(hdev, "start background scanning failed: %d",
3177 static int update_scan_sync(struct hci_dev *hdev, void *data)
3179 return hci_update_scan_sync(hdev);
3182 int hci_update_scan(struct hci_dev *hdev)
3184 return hci_cmd_sync_queue(hdev, update_scan_sync, NULL, NULL);
3187 static int update_passive_scan_sync(struct hci_dev *hdev, void *data)
3189 return hci_update_passive_scan_sync(hdev);
3192 int hci_update_passive_scan(struct hci_dev *hdev)
3194 /* Only queue if it would have any effect */
3195 if (!test_bit(HCI_UP, &hdev->flags) ||
3196 test_bit(HCI_INIT, &hdev->flags) ||
3197 hci_dev_test_flag(hdev, HCI_SETUP) ||
3198 hci_dev_test_flag(hdev, HCI_CONFIG) ||
3199 hci_dev_test_flag(hdev, HCI_AUTO_OFF) ||
3200 hci_dev_test_flag(hdev, HCI_UNREGISTER))
3203 return hci_cmd_sync_queue_once(hdev, update_passive_scan_sync, NULL,
3207 int hci_write_sc_support_sync(struct hci_dev *hdev, u8 val)
3211 if (!bredr_sc_enabled(hdev) || lmp_host_sc_capable(hdev))
3214 err = __hci_cmd_sync_status(hdev, HCI_OP_WRITE_SC_SUPPORT,
3215 sizeof(val), &val, HCI_CMD_TIMEOUT);
3219 hdev->features[1][0] |= LMP_HOST_SC;
3220 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
3222 hdev->features[1][0] &= ~LMP_HOST_SC;
3223 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
3230 int hci_write_ssp_mode_sync(struct hci_dev *hdev, u8 mode)
3234 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED) ||
3235 lmp_host_ssp_capable(hdev))
3238 if (!mode && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
3239 __hci_cmd_sync_status(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
3240 sizeof(mode), &mode, HCI_CMD_TIMEOUT);
3243 err = __hci_cmd_sync_status(hdev, HCI_OP_WRITE_SSP_MODE,
3244 sizeof(mode), &mode, HCI_CMD_TIMEOUT);
3248 return hci_write_sc_support_sync(hdev, 0x01);
3251 int hci_write_le_host_supported_sync(struct hci_dev *hdev, u8 le, u8 simul)
3253 struct hci_cp_write_le_host_supported cp;
3255 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) ||
3256 !lmp_bredr_capable(hdev))
3259 /* Check first if we already have the right host state
3260 * (host features set)
3262 if (le == lmp_host_le_capable(hdev) &&
3263 simul == lmp_host_le_br_capable(hdev))
3266 memset(&cp, 0, sizeof(cp));
3271 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3272 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
3275 static int hci_powered_update_adv_sync(struct hci_dev *hdev)
3277 struct adv_info *adv, *tmp;
3280 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
3283 /* If RPA Resolution has not been enable yet it means the
3284 * resolving list is empty and we should attempt to program the
3285 * local IRK in order to support using own_addr_type
3286 * ADDR_LE_DEV_RANDOM_RESOLVED (0x03).
3288 if (!hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION)) {
3289 hci_le_add_resolve_list_sync(hdev, NULL);
3290 hci_le_set_addr_resolution_enable_sync(hdev, 0x01);
3293 /* Make sure the controller has a good default for
3294 * advertising data. This also applies to the case
3295 * where BR/EDR was toggled during the AUTO_OFF phase.
3297 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
3298 list_empty(&hdev->adv_instances)) {
3299 if (ext_adv_capable(hdev)) {
3300 err = hci_setup_ext_adv_instance_sync(hdev, 0x00);
3302 hci_update_scan_rsp_data_sync(hdev, 0x00);
3304 err = hci_update_adv_data_sync(hdev, 0x00);
3306 hci_update_scan_rsp_data_sync(hdev, 0x00);
3309 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
3310 hci_enable_advertising_sync(hdev);
3313 /* Call for each tracked instance to be scheduled */
3314 list_for_each_entry_safe(adv, tmp, &hdev->adv_instances, list)
3315 hci_schedule_adv_instance_sync(hdev, adv->instance, true);
3320 static int hci_write_auth_enable_sync(struct hci_dev *hdev)
3324 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
3325 if (link_sec == test_bit(HCI_AUTH, &hdev->flags))
3328 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_AUTH_ENABLE,
3329 sizeof(link_sec), &link_sec,
3333 int hci_write_fast_connectable_sync(struct hci_dev *hdev, bool enable)
3335 struct hci_cp_write_page_scan_activity cp;
3339 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
3342 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
3345 memset(&cp, 0, sizeof(cp));
3348 type = PAGE_SCAN_TYPE_INTERLACED;
3350 /* 160 msec page scan interval */
3351 cp.interval = cpu_to_le16(0x0100);
3353 type = hdev->def_page_scan_type;
3354 cp.interval = cpu_to_le16(hdev->def_page_scan_int);
3357 cp.window = cpu_to_le16(hdev->def_page_scan_window);
3359 if (__cpu_to_le16(hdev->page_scan_interval) != cp.interval ||
3360 __cpu_to_le16(hdev->page_scan_window) != cp.window) {
3361 err = __hci_cmd_sync_status(hdev,
3362 HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
3363 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
3368 if (hdev->page_scan_type != type)
3369 err = __hci_cmd_sync_status(hdev,
3370 HCI_OP_WRITE_PAGE_SCAN_TYPE,
3371 sizeof(type), &type,
3377 static bool disconnected_accept_list_entries(struct hci_dev *hdev)
3379 struct bdaddr_list *b;
3381 list_for_each_entry(b, &hdev->accept_list, list) {
3382 struct hci_conn *conn;
3384 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr);
3388 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3395 static int hci_write_scan_enable_sync(struct hci_dev *hdev, u8 val)
3397 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_SCAN_ENABLE,
3402 int hci_update_scan_sync(struct hci_dev *hdev)
3406 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
3409 if (!hdev_is_powered(hdev))
3412 if (mgmt_powering_down(hdev))
3415 if (hdev->scanning_paused)
3418 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE) ||
3419 disconnected_accept_list_entries(hdev))
3422 scan = SCAN_DISABLED;
3424 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
3425 scan |= SCAN_INQUIRY;
3427 if (test_bit(HCI_PSCAN, &hdev->flags) == !!(scan & SCAN_PAGE) &&
3428 test_bit(HCI_ISCAN, &hdev->flags) == !!(scan & SCAN_INQUIRY))
3431 return hci_write_scan_enable_sync(hdev, scan);
3434 int hci_update_name_sync(struct hci_dev *hdev)
3436 struct hci_cp_write_local_name cp;
3438 memset(&cp, 0, sizeof(cp));
3440 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3442 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_LOCAL_NAME,
3447 /* This function perform powered update HCI command sequence after the HCI init
3448 * sequence which end up resetting all states, the sequence is as follows:
3450 * HCI_SSP_ENABLED(Enable SSP)
3451 * HCI_LE_ENABLED(Enable LE)
3452 * HCI_LE_ENABLED(use_ll_privacy(Add local IRK to Resolving List) ->
3454 * Enable Authentication
3455 * lmp_bredr_capable(Set Fast Connectable -> Set Scan Type -> Set Class ->
3456 * Set Name -> Set EIR)
3457 * HCI_FORCE_STATIC_ADDR | BDADDR_ANY && !HCI_BREDR_ENABLED (Set Static Address)
3459 int hci_powered_update_sync(struct hci_dev *hdev)
3463 /* Register the available SMP channels (BR/EDR and LE) only when
3464 * successfully powering on the controller. This late
3465 * registration is required so that LE SMP can clearly decide if
3466 * the public address or static address is used.
3470 err = hci_write_ssp_mode_sync(hdev, 0x01);
3474 err = hci_write_le_host_supported_sync(hdev, 0x01, 0x00);
3478 err = hci_powered_update_adv_sync(hdev);
3482 err = hci_write_auth_enable_sync(hdev);
3486 if (lmp_bredr_capable(hdev)) {
3487 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
3488 hci_write_fast_connectable_sync(hdev, true);
3490 hci_write_fast_connectable_sync(hdev, false);
3491 hci_update_scan_sync(hdev);
3492 hci_update_class_sync(hdev);
3493 hci_update_name_sync(hdev);
3494 hci_update_eir_sync(hdev);
3497 /* If forcing static address is in use or there is no public
3498 * address use the static address as random address (but skip
3499 * the HCI command if the current random address is already the
3502 * In case BR/EDR has been disabled on a dual-mode controller
3503 * and a static address has been configured, then use that
3504 * address instead of the public BR/EDR address.
3506 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
3507 (!bacmp(&hdev->bdaddr, BDADDR_ANY) &&
3508 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))) {
3509 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3510 return hci_set_random_addr_sync(hdev,
3511 &hdev->static_addr);
3518 * hci_dev_get_bd_addr_from_property - Get the Bluetooth Device Address
3519 * (BD_ADDR) for a HCI device from
3520 * a firmware node property.
3521 * @hdev: The HCI device
3523 * Search the firmware node for 'local-bd-address'.
3525 * All-zero BD addresses are rejected, because those could be properties
3526 * that exist in the firmware tables, but were not updated by the firmware. For
3527 * example, the DTS could define 'local-bd-address', with zero BD addresses.
3529 static void hci_dev_get_bd_addr_from_property(struct hci_dev *hdev)
3531 struct fwnode_handle *fwnode = dev_fwnode(hdev->dev.parent);
3535 ret = fwnode_property_read_u8_array(fwnode, "local-bd-address",
3536 (u8 *)&ba, sizeof(ba));
3537 if (ret < 0 || !bacmp(&ba, BDADDR_ANY))
3540 if (test_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks))
3541 baswap(&hdev->public_addr, &ba);
3543 bacpy(&hdev->public_addr, &ba);
3546 struct hci_init_stage {
3547 int (*func)(struct hci_dev *hdev);
3550 /* Run init stage NULL terminated function table */
3551 static int hci_init_stage_sync(struct hci_dev *hdev,
3552 const struct hci_init_stage *stage)
3556 for (i = 0; stage[i].func; i++) {
3559 err = stage[i].func(hdev);
3567 /* Read Local Version */
3568 static int hci_read_local_version_sync(struct hci_dev *hdev)
3570 return __hci_cmd_sync_status(hdev, HCI_OP_READ_LOCAL_VERSION,
3571 0, NULL, HCI_CMD_TIMEOUT);
3574 /* Read BD Address */
3575 static int hci_read_bd_addr_sync(struct hci_dev *hdev)
3577 return __hci_cmd_sync_status(hdev, HCI_OP_READ_BD_ADDR,
3578 0, NULL, HCI_CMD_TIMEOUT);
3581 #define HCI_INIT(_func) \
3586 static const struct hci_init_stage hci_init0[] = {
3587 /* HCI_OP_READ_LOCAL_VERSION */
3588 HCI_INIT(hci_read_local_version_sync),
3589 /* HCI_OP_READ_BD_ADDR */
3590 HCI_INIT(hci_read_bd_addr_sync),
3594 int hci_reset_sync(struct hci_dev *hdev)
3598 set_bit(HCI_RESET, &hdev->flags);
3600 err = __hci_cmd_sync_status(hdev, HCI_OP_RESET, 0, NULL,
3608 static int hci_init0_sync(struct hci_dev *hdev)
3612 bt_dev_dbg(hdev, "");
3615 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
3616 err = hci_reset_sync(hdev);
3621 return hci_init_stage_sync(hdev, hci_init0);
3624 static int hci_unconf_init_sync(struct hci_dev *hdev)
3628 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
3631 err = hci_init0_sync(hdev);
3635 if (hci_dev_test_flag(hdev, HCI_SETUP))
3636 hci_debugfs_create_basic(hdev);
3641 /* Read Local Supported Features. */
3642 static int hci_read_local_features_sync(struct hci_dev *hdev)
3644 return __hci_cmd_sync_status(hdev, HCI_OP_READ_LOCAL_FEATURES,
3645 0, NULL, HCI_CMD_TIMEOUT);
3648 /* BR Controller init stage 1 command sequence */
3649 static const struct hci_init_stage br_init1[] = {
3650 /* HCI_OP_READ_LOCAL_FEATURES */
3651 HCI_INIT(hci_read_local_features_sync),
3652 /* HCI_OP_READ_LOCAL_VERSION */
3653 HCI_INIT(hci_read_local_version_sync),
3654 /* HCI_OP_READ_BD_ADDR */
3655 HCI_INIT(hci_read_bd_addr_sync),
3659 /* Read Local Commands */
3660 static int hci_read_local_cmds_sync(struct hci_dev *hdev)
3662 /* All Bluetooth 1.2 and later controllers should support the
3663 * HCI command for reading the local supported commands.
3665 * Unfortunately some controllers indicate Bluetooth 1.2 support,
3666 * but do not have support for this command. If that is the case,
3667 * the driver can quirk the behavior and skip reading the local
3668 * supported commands.
3670 if (hdev->hci_ver > BLUETOOTH_VER_1_1 &&
3671 !test_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks))
3672 return __hci_cmd_sync_status(hdev, HCI_OP_READ_LOCAL_COMMANDS,
3673 0, NULL, HCI_CMD_TIMEOUT);
3678 static int hci_init1_sync(struct hci_dev *hdev)
3682 bt_dev_dbg(hdev, "");
3685 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
3686 err = hci_reset_sync(hdev);
3691 return hci_init_stage_sync(hdev, br_init1);
3694 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
3695 static int hci_read_buffer_size_sync(struct hci_dev *hdev)
3697 return __hci_cmd_sync_status(hdev, HCI_OP_READ_BUFFER_SIZE,
3698 0, NULL, HCI_CMD_TIMEOUT);
3701 /* Read Class of Device */
3702 static int hci_read_dev_class_sync(struct hci_dev *hdev)
3704 return __hci_cmd_sync_status(hdev, HCI_OP_READ_CLASS_OF_DEV,
3705 0, NULL, HCI_CMD_TIMEOUT);
3708 /* Read Local Name */
3709 static int hci_read_local_name_sync(struct hci_dev *hdev)
3711 return __hci_cmd_sync_status(hdev, HCI_OP_READ_LOCAL_NAME,
3712 0, NULL, HCI_CMD_TIMEOUT);
3715 /* Read Voice Setting */
3716 static int hci_read_voice_setting_sync(struct hci_dev *hdev)
3718 return __hci_cmd_sync_status(hdev, HCI_OP_READ_VOICE_SETTING,
3719 0, NULL, HCI_CMD_TIMEOUT);
3722 /* Read Number of Supported IAC */
3723 static int hci_read_num_supported_iac_sync(struct hci_dev *hdev)
3725 return __hci_cmd_sync_status(hdev, HCI_OP_READ_NUM_SUPPORTED_IAC,
3726 0, NULL, HCI_CMD_TIMEOUT);
3729 /* Read Current IAC LAP */
3730 static int hci_read_current_iac_lap_sync(struct hci_dev *hdev)
3732 return __hci_cmd_sync_status(hdev, HCI_OP_READ_CURRENT_IAC_LAP,
3733 0, NULL, HCI_CMD_TIMEOUT);
3736 static int hci_set_event_filter_sync(struct hci_dev *hdev, u8 flt_type,
3737 u8 cond_type, bdaddr_t *bdaddr,
3740 struct hci_cp_set_event_filter cp;
3742 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
3745 if (test_bit(HCI_QUIRK_BROKEN_FILTER_CLEAR_ALL, &hdev->quirks))
3748 memset(&cp, 0, sizeof(cp));
3749 cp.flt_type = flt_type;
3751 if (flt_type != HCI_FLT_CLEAR_ALL) {
3752 cp.cond_type = cond_type;
3753 bacpy(&cp.addr_conn_flt.bdaddr, bdaddr);
3754 cp.addr_conn_flt.auto_accept = auto_accept;
3757 return __hci_cmd_sync_status(hdev, HCI_OP_SET_EVENT_FLT,
3758 flt_type == HCI_FLT_CLEAR_ALL ?
3759 sizeof(cp.flt_type) : sizeof(cp), &cp,
3763 static int hci_clear_event_filter_sync(struct hci_dev *hdev)
3765 if (!hci_dev_test_flag(hdev, HCI_EVENT_FILTER_CONFIGURED))
3768 /* In theory the state machine should not reach here unless
3769 * a hci_set_event_filter_sync() call succeeds, but we do
3770 * the check both for parity and as a future reminder.
3772 if (test_bit(HCI_QUIRK_BROKEN_FILTER_CLEAR_ALL, &hdev->quirks))
3775 return hci_set_event_filter_sync(hdev, HCI_FLT_CLEAR_ALL, 0x00,
3779 /* Connection accept timeout ~20 secs */
3780 static int hci_write_ca_timeout_sync(struct hci_dev *hdev)
3782 __le16 param = cpu_to_le16(0x7d00);
3784 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_CA_TIMEOUT,
3785 sizeof(param), ¶m, HCI_CMD_TIMEOUT);
3788 /* BR Controller init stage 2 command sequence */
3789 static const struct hci_init_stage br_init2[] = {
3790 /* HCI_OP_READ_BUFFER_SIZE */
3791 HCI_INIT(hci_read_buffer_size_sync),
3792 /* HCI_OP_READ_CLASS_OF_DEV */
3793 HCI_INIT(hci_read_dev_class_sync),
3794 /* HCI_OP_READ_LOCAL_NAME */
3795 HCI_INIT(hci_read_local_name_sync),
3796 /* HCI_OP_READ_VOICE_SETTING */
3797 HCI_INIT(hci_read_voice_setting_sync),
3798 /* HCI_OP_READ_NUM_SUPPORTED_IAC */
3799 HCI_INIT(hci_read_num_supported_iac_sync),
3800 /* HCI_OP_READ_CURRENT_IAC_LAP */
3801 HCI_INIT(hci_read_current_iac_lap_sync),
3802 /* HCI_OP_SET_EVENT_FLT */
3803 HCI_INIT(hci_clear_event_filter_sync),
3804 /* HCI_OP_WRITE_CA_TIMEOUT */
3805 HCI_INIT(hci_write_ca_timeout_sync),
3809 static int hci_write_ssp_mode_1_sync(struct hci_dev *hdev)
3813 if (!lmp_ssp_capable(hdev) || !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
3816 /* When SSP is available, then the host features page
3817 * should also be available as well. However some
3818 * controllers list the max_page as 0 as long as SSP
3819 * has not been enabled. To achieve proper debugging
3820 * output, force the minimum max_page to 1 at least.
3822 hdev->max_page = 0x01;
3824 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_SSP_MODE,
3825 sizeof(mode), &mode, HCI_CMD_TIMEOUT);
3828 static int hci_write_eir_sync(struct hci_dev *hdev)
3830 struct hci_cp_write_eir cp;
3832 if (!lmp_ssp_capable(hdev) || hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
3835 memset(hdev->eir, 0, sizeof(hdev->eir));
3836 memset(&cp, 0, sizeof(cp));
3838 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp,
3842 static int hci_write_inquiry_mode_sync(struct hci_dev *hdev)
3846 if (!lmp_inq_rssi_capable(hdev) &&
3847 !test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks))
3850 /* If Extended Inquiry Result events are supported, then
3851 * they are clearly preferred over Inquiry Result with RSSI
3854 mode = lmp_ext_inq_capable(hdev) ? 0x02 : 0x01;
3856 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_INQUIRY_MODE,
3857 sizeof(mode), &mode, HCI_CMD_TIMEOUT);
3860 static int hci_read_inq_rsp_tx_power_sync(struct hci_dev *hdev)
3862 if (!lmp_inq_tx_pwr_capable(hdev))
3865 return __hci_cmd_sync_status(hdev, HCI_OP_READ_INQ_RSP_TX_POWER,
3866 0, NULL, HCI_CMD_TIMEOUT);
3869 static int hci_read_local_ext_features_sync(struct hci_dev *hdev, u8 page)
3871 struct hci_cp_read_local_ext_features cp;
3873 if (!lmp_ext_feat_capable(hdev))
3876 memset(&cp, 0, sizeof(cp));
3879 return __hci_cmd_sync_status(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
3880 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
3883 static int hci_read_local_ext_features_1_sync(struct hci_dev *hdev)
3885 return hci_read_local_ext_features_sync(hdev, 0x01);
3888 /* HCI Controller init stage 2 command sequence */
3889 static const struct hci_init_stage hci_init2[] = {
3890 /* HCI_OP_READ_LOCAL_COMMANDS */
3891 HCI_INIT(hci_read_local_cmds_sync),
3892 /* HCI_OP_WRITE_SSP_MODE */
3893 HCI_INIT(hci_write_ssp_mode_1_sync),
3894 /* HCI_OP_WRITE_EIR */
3895 HCI_INIT(hci_write_eir_sync),
3896 /* HCI_OP_WRITE_INQUIRY_MODE */
3897 HCI_INIT(hci_write_inquiry_mode_sync),
3898 /* HCI_OP_READ_INQ_RSP_TX_POWER */
3899 HCI_INIT(hci_read_inq_rsp_tx_power_sync),
3900 /* HCI_OP_READ_LOCAL_EXT_FEATURES */
3901 HCI_INIT(hci_read_local_ext_features_1_sync),
3902 /* HCI_OP_WRITE_AUTH_ENABLE */
3903 HCI_INIT(hci_write_auth_enable_sync),
3907 /* Read LE Buffer Size */
3908 static int hci_le_read_buffer_size_sync(struct hci_dev *hdev)
3910 /* Use Read LE Buffer Size V2 if supported */
3911 if (iso_capable(hdev) && hdev->commands[41] & 0x20)
3912 return __hci_cmd_sync_status(hdev,
3913 HCI_OP_LE_READ_BUFFER_SIZE_V2,
3914 0, NULL, HCI_CMD_TIMEOUT);
3916 return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_BUFFER_SIZE,
3917 0, NULL, HCI_CMD_TIMEOUT);
3920 /* Read LE Local Supported Features */
3921 static int hci_le_read_local_features_sync(struct hci_dev *hdev)
3923 return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_LOCAL_FEATURES,
3924 0, NULL, HCI_CMD_TIMEOUT);
3927 /* Read LE Supported States */
3928 static int hci_le_read_supported_states_sync(struct hci_dev *hdev)
3930 return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_SUPPORTED_STATES,
3931 0, NULL, HCI_CMD_TIMEOUT);
3934 /* LE Controller init stage 2 command sequence */
3935 static const struct hci_init_stage le_init2[] = {
3936 /* HCI_OP_LE_READ_LOCAL_FEATURES */
3937 HCI_INIT(hci_le_read_local_features_sync),
3938 /* HCI_OP_LE_READ_BUFFER_SIZE */
3939 HCI_INIT(hci_le_read_buffer_size_sync),
3940 /* HCI_OP_LE_READ_SUPPORTED_STATES */
3941 HCI_INIT(hci_le_read_supported_states_sync),
3945 static int hci_init2_sync(struct hci_dev *hdev)
3949 bt_dev_dbg(hdev, "");
3951 err = hci_init_stage_sync(hdev, hci_init2);
3955 if (lmp_bredr_capable(hdev)) {
3956 err = hci_init_stage_sync(hdev, br_init2);
3960 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
3963 if (lmp_le_capable(hdev)) {
3964 err = hci_init_stage_sync(hdev, le_init2);
3967 /* LE-only controllers have LE implicitly enabled */
3968 if (!lmp_bredr_capable(hdev))
3969 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
3975 static int hci_set_event_mask_sync(struct hci_dev *hdev)
3977 /* The second byte is 0xff instead of 0x9f (two reserved bits
3978 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
3979 * command otherwise.
3981 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
3983 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
3984 * any event mask for pre 1.2 devices.
3986 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
3989 if (lmp_bredr_capable(hdev)) {
3990 events[4] |= 0x01; /* Flow Specification Complete */
3992 /* Don't set Disconnect Complete and mode change when
3993 * suspended as that would wakeup the host when disconnecting
3996 if (hdev->suspended) {
4001 /* Use a different default for LE-only devices */
4002 memset(events, 0, sizeof(events));
4003 events[1] |= 0x20; /* Command Complete */
4004 events[1] |= 0x40; /* Command Status */
4005 events[1] |= 0x80; /* Hardware Error */
4007 /* If the controller supports the Disconnect command, enable
4008 * the corresponding event. In addition enable packet flow
4009 * control related events.
4011 if (hdev->commands[0] & 0x20) {
4012 /* Don't set Disconnect Complete when suspended as that
4013 * would wakeup the host when disconnecting due to
4016 if (!hdev->suspended)
4017 events[0] |= 0x10; /* Disconnection Complete */
4018 events[2] |= 0x04; /* Number of Completed Packets */
4019 events[3] |= 0x02; /* Data Buffer Overflow */
4022 /* If the controller supports the Read Remote Version
4023 * Information command, enable the corresponding event.
4025 if (hdev->commands[2] & 0x80)
4026 events[1] |= 0x08; /* Read Remote Version Information
4030 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
4031 events[0] |= 0x80; /* Encryption Change */
4032 events[5] |= 0x80; /* Encryption Key Refresh Complete */
4036 if (lmp_inq_rssi_capable(hdev) ||
4037 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks))
4038 events[4] |= 0x02; /* Inquiry Result with RSSI */
4040 if (lmp_ext_feat_capable(hdev))
4041 events[4] |= 0x04; /* Read Remote Extended Features Complete */
4043 if (lmp_esco_capable(hdev)) {
4044 events[5] |= 0x08; /* Synchronous Connection Complete */
4045 events[5] |= 0x10; /* Synchronous Connection Changed */
4048 if (lmp_sniffsubr_capable(hdev))
4049 events[5] |= 0x20; /* Sniff Subrating */
4051 if (lmp_pause_enc_capable(hdev))
4052 events[5] |= 0x80; /* Encryption Key Refresh Complete */
4054 if (lmp_ext_inq_capable(hdev))
4055 events[5] |= 0x40; /* Extended Inquiry Result */
4057 if (lmp_no_flush_capable(hdev))
4058 events[7] |= 0x01; /* Enhanced Flush Complete */
4060 if (lmp_lsto_capable(hdev))
4061 events[6] |= 0x80; /* Link Supervision Timeout Changed */
4063 if (lmp_ssp_capable(hdev)) {
4064 events[6] |= 0x01; /* IO Capability Request */
4065 events[6] |= 0x02; /* IO Capability Response */
4066 events[6] |= 0x04; /* User Confirmation Request */
4067 events[6] |= 0x08; /* User Passkey Request */
4068 events[6] |= 0x10; /* Remote OOB Data Request */
4069 events[6] |= 0x20; /* Simple Pairing Complete */
4070 events[7] |= 0x04; /* User Passkey Notification */
4071 events[7] |= 0x08; /* Keypress Notification */
4072 events[7] |= 0x10; /* Remote Host Supported
4073 * Features Notification
4077 if (lmp_le_capable(hdev))
4078 events[7] |= 0x20; /* LE Meta-Event */
4080 return __hci_cmd_sync_status(hdev, HCI_OP_SET_EVENT_MASK,
4081 sizeof(events), events, HCI_CMD_TIMEOUT);
4084 static int hci_read_stored_link_key_sync(struct hci_dev *hdev)
4086 struct hci_cp_read_stored_link_key cp;
4088 if (!(hdev->commands[6] & 0x20) ||
4089 test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks))
4092 memset(&cp, 0, sizeof(cp));
4093 bacpy(&cp.bdaddr, BDADDR_ANY);
4096 return __hci_cmd_sync_status(hdev, HCI_OP_READ_STORED_LINK_KEY,
4097 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
4100 static int hci_setup_link_policy_sync(struct hci_dev *hdev)
4102 struct hci_cp_write_def_link_policy cp;
4103 u16 link_policy = 0;
4105 if (!(hdev->commands[5] & 0x10))
4108 memset(&cp, 0, sizeof(cp));
4110 if (lmp_rswitch_capable(hdev))
4111 link_policy |= HCI_LP_RSWITCH;
4112 if (lmp_hold_capable(hdev))
4113 link_policy |= HCI_LP_HOLD;
4114 if (lmp_sniff_capable(hdev))
4115 link_policy |= HCI_LP_SNIFF;
4116 if (lmp_park_capable(hdev))
4117 link_policy |= HCI_LP_PARK;
4119 cp.policy = cpu_to_le16(link_policy);
4121 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
4122 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
4125 static int hci_read_page_scan_activity_sync(struct hci_dev *hdev)
4127 if (!(hdev->commands[8] & 0x01))
4130 return __hci_cmd_sync_status(hdev, HCI_OP_READ_PAGE_SCAN_ACTIVITY,
4131 0, NULL, HCI_CMD_TIMEOUT);
4134 static int hci_read_def_err_data_reporting_sync(struct hci_dev *hdev)
4136 if (!(hdev->commands[18] & 0x04) ||
4137 !(hdev->features[0][6] & LMP_ERR_DATA_REPORTING) ||
4138 test_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks))
4141 return __hci_cmd_sync_status(hdev, HCI_OP_READ_DEF_ERR_DATA_REPORTING,
4142 0, NULL, HCI_CMD_TIMEOUT);
4145 static int hci_read_page_scan_type_sync(struct hci_dev *hdev)
4147 /* Some older Broadcom based Bluetooth 1.2 controllers do not
4148 * support the Read Page Scan Type command. Check support for
4149 * this command in the bit mask of supported commands.
4151 if (!(hdev->commands[13] & 0x01))
4154 return __hci_cmd_sync_status(hdev, HCI_OP_READ_PAGE_SCAN_TYPE,
4155 0, NULL, HCI_CMD_TIMEOUT);
4158 /* Read features beyond page 1 if available */
4159 static int hci_read_local_ext_features_all_sync(struct hci_dev *hdev)
4164 if (!lmp_ext_feat_capable(hdev))
4167 for (page = 2; page < HCI_MAX_PAGES && page <= hdev->max_page;
4169 err = hci_read_local_ext_features_sync(hdev, page);
4177 /* HCI Controller init stage 3 command sequence */
4178 static const struct hci_init_stage hci_init3[] = {
4179 /* HCI_OP_SET_EVENT_MASK */
4180 HCI_INIT(hci_set_event_mask_sync),
4181 /* HCI_OP_READ_STORED_LINK_KEY */
4182 HCI_INIT(hci_read_stored_link_key_sync),
4183 /* HCI_OP_WRITE_DEF_LINK_POLICY */
4184 HCI_INIT(hci_setup_link_policy_sync),
4185 /* HCI_OP_READ_PAGE_SCAN_ACTIVITY */
4186 HCI_INIT(hci_read_page_scan_activity_sync),
4187 /* HCI_OP_READ_DEF_ERR_DATA_REPORTING */
4188 HCI_INIT(hci_read_def_err_data_reporting_sync),
4189 /* HCI_OP_READ_PAGE_SCAN_TYPE */
4190 HCI_INIT(hci_read_page_scan_type_sync),
4191 /* HCI_OP_READ_LOCAL_EXT_FEATURES */
4192 HCI_INIT(hci_read_local_ext_features_all_sync),
4196 static int hci_le_set_event_mask_sync(struct hci_dev *hdev)
4200 if (!lmp_le_capable(hdev))
4203 memset(events, 0, sizeof(events));
4205 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
4206 events[0] |= 0x10; /* LE Long Term Key Request */
4208 /* If controller supports the Connection Parameters Request
4209 * Link Layer Procedure, enable the corresponding event.
4211 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
4212 /* LE Remote Connection Parameter Request */
4215 /* If the controller supports the Data Length Extension
4216 * feature, enable the corresponding event.
4218 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT)
4219 events[0] |= 0x40; /* LE Data Length Change */
4221 /* If the controller supports LL Privacy feature or LE Extended Adv,
4222 * enable the corresponding event.
4224 if (use_enhanced_conn_complete(hdev))
4225 events[1] |= 0x02; /* LE Enhanced Connection Complete */
4227 /* If the controller supports Extended Scanner Filter
4228 * Policies, enable the corresponding event.
4230 if (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)
4231 events[1] |= 0x04; /* LE Direct Advertising Report */
4233 /* If the controller supports Channel Selection Algorithm #2
4234 * feature, enable the corresponding event.
4236 if (hdev->le_features[1] & HCI_LE_CHAN_SEL_ALG2)
4237 events[2] |= 0x08; /* LE Channel Selection Algorithm */
4239 /* If the controller supports the LE Set Scan Enable command,
4240 * enable the corresponding advertising report event.
4242 if (hdev->commands[26] & 0x08)
4243 events[0] |= 0x02; /* LE Advertising Report */
4245 /* If the controller supports the LE Create Connection
4246 * command, enable the corresponding event.
4248 if (hdev->commands[26] & 0x10)
4249 events[0] |= 0x01; /* LE Connection Complete */
4251 /* If the controller supports the LE Connection Update
4252 * command, enable the corresponding event.
4254 if (hdev->commands[27] & 0x04)
4255 events[0] |= 0x04; /* LE Connection Update Complete */
4257 /* If the controller supports the LE Read Remote Used Features
4258 * command, enable the corresponding event.
4260 if (hdev->commands[27] & 0x20)
4261 /* LE Read Remote Used Features Complete */
4264 /* If the controller supports the LE Read Local P-256
4265 * Public Key command, enable the corresponding event.
4267 if (hdev->commands[34] & 0x02)
4268 /* LE Read Local P-256 Public Key Complete */
4271 /* If the controller supports the LE Generate DHKey
4272 * command, enable the corresponding event.
4274 if (hdev->commands[34] & 0x04)
4275 events[1] |= 0x01; /* LE Generate DHKey Complete */
4277 /* If the controller supports the LE Set Default PHY or
4278 * LE Set PHY commands, enable the corresponding event.
4280 if (hdev->commands[35] & (0x20 | 0x40))
4281 events[1] |= 0x08; /* LE PHY Update Complete */
4283 /* If the controller supports LE Set Extended Scan Parameters
4284 * and LE Set Extended Scan Enable commands, enable the
4285 * corresponding event.
4287 if (use_ext_scan(hdev))
4288 events[1] |= 0x10; /* LE Extended Advertising Report */
4290 /* If the controller supports the LE Extended Advertising
4291 * command, enable the corresponding event.
4293 if (ext_adv_capable(hdev))
4294 events[2] |= 0x02; /* LE Advertising Set Terminated */
4296 if (cis_capable(hdev)) {
4297 events[3] |= 0x01; /* LE CIS Established */
4298 if (cis_peripheral_capable(hdev))
4299 events[3] |= 0x02; /* LE CIS Request */
4302 if (bis_capable(hdev)) {
4303 events[1] |= 0x20; /* LE PA Report */
4304 events[1] |= 0x40; /* LE PA Sync Established */
4305 events[3] |= 0x04; /* LE Create BIG Complete */
4306 events[3] |= 0x08; /* LE Terminate BIG Complete */
4307 events[3] |= 0x10; /* LE BIG Sync Established */
4308 events[3] |= 0x20; /* LE BIG Sync Loss */
4309 events[4] |= 0x02; /* LE BIG Info Advertising Report */
4312 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EVENT_MASK,
4313 sizeof(events), events, HCI_CMD_TIMEOUT);
4316 /* Read LE Advertising Channel TX Power */
4317 static int hci_le_read_adv_tx_power_sync(struct hci_dev *hdev)
4319 if ((hdev->commands[25] & 0x40) && !ext_adv_capable(hdev)) {
4320 /* HCI TS spec forbids mixing of legacy and extended
4321 * advertising commands wherein READ_ADV_TX_POWER is
4322 * also included. So do not call it if extended adv
4323 * is supported otherwise controller will return
4324 * COMMAND_DISALLOWED for extended commands.
4326 return __hci_cmd_sync_status(hdev,
4327 HCI_OP_LE_READ_ADV_TX_POWER,
4328 0, NULL, HCI_CMD_TIMEOUT);
4334 /* Read LE Min/Max Tx Power*/
4335 static int hci_le_read_tx_power_sync(struct hci_dev *hdev)
4337 if (!(hdev->commands[38] & 0x80) ||
4338 test_bit(HCI_QUIRK_BROKEN_READ_TRANSMIT_POWER, &hdev->quirks))
4341 return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_TRANSMIT_POWER,
4342 0, NULL, HCI_CMD_TIMEOUT);
4345 /* Read LE Accept List Size */
4346 static int hci_le_read_accept_list_size_sync(struct hci_dev *hdev)
4348 if (!(hdev->commands[26] & 0x40))
4351 return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_ACCEPT_LIST_SIZE,
4352 0, NULL, HCI_CMD_TIMEOUT);
4355 /* Read LE Resolving List Size */
4356 static int hci_le_read_resolv_list_size_sync(struct hci_dev *hdev)
4358 if (!(hdev->commands[34] & 0x40))
4361 return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_RESOLV_LIST_SIZE,
4362 0, NULL, HCI_CMD_TIMEOUT);
4365 /* Clear LE Resolving List */
4366 static int hci_le_clear_resolv_list_sync(struct hci_dev *hdev)
4368 if (!(hdev->commands[34] & 0x20))
4371 return __hci_cmd_sync_status(hdev, HCI_OP_LE_CLEAR_RESOLV_LIST, 0, NULL,
4375 /* Set RPA timeout */
4376 static int hci_le_set_rpa_timeout_sync(struct hci_dev *hdev)
4378 __le16 timeout = cpu_to_le16(hdev->rpa_timeout);
4380 if (!(hdev->commands[35] & 0x04) ||
4381 test_bit(HCI_QUIRK_BROKEN_SET_RPA_TIMEOUT, &hdev->quirks))
4384 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_RPA_TIMEOUT,
4385 sizeof(timeout), &timeout,
4389 /* Read LE Maximum Data Length */
4390 static int hci_le_read_max_data_len_sync(struct hci_dev *hdev)
4392 if (!(hdev->le_features[0] & HCI_LE_DATA_LEN_EXT))
4395 return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_MAX_DATA_LEN, 0, NULL,
4399 /* Read LE Suggested Default Data Length */
4400 static int hci_le_read_def_data_len_sync(struct hci_dev *hdev)
4402 if (!(hdev->le_features[0] & HCI_LE_DATA_LEN_EXT))
4405 return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_DEF_DATA_LEN, 0, NULL,
4409 /* Read LE Number of Supported Advertising Sets */
4410 static int hci_le_read_num_support_adv_sets_sync(struct hci_dev *hdev)
4412 if (!ext_adv_capable(hdev))
4415 return __hci_cmd_sync_status(hdev,
4416 HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS,
4417 0, NULL, HCI_CMD_TIMEOUT);
4420 /* Write LE Host Supported */
4421 static int hci_set_le_support_sync(struct hci_dev *hdev)
4423 struct hci_cp_write_le_host_supported cp;
4425 /* LE-only devices do not support explicit enablement */
4426 if (!lmp_bredr_capable(hdev))
4429 memset(&cp, 0, sizeof(cp));
4431 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
4436 if (cp.le == lmp_host_le_capable(hdev))
4439 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4440 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
4443 /* LE Set Host Feature */
4444 static int hci_le_set_host_feature_sync(struct hci_dev *hdev)
4446 struct hci_cp_le_set_host_feature cp;
4448 if (!cis_capable(hdev))
4451 memset(&cp, 0, sizeof(cp));
4453 /* Connected Isochronous Channels (Host Support) */
4457 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_HOST_FEATURE,
4458 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
4461 /* LE Controller init stage 3 command sequence */
4462 static const struct hci_init_stage le_init3[] = {
4463 /* HCI_OP_LE_SET_EVENT_MASK */
4464 HCI_INIT(hci_le_set_event_mask_sync),
4465 /* HCI_OP_LE_READ_ADV_TX_POWER */
4466 HCI_INIT(hci_le_read_adv_tx_power_sync),
4467 /* HCI_OP_LE_READ_TRANSMIT_POWER */
4468 HCI_INIT(hci_le_read_tx_power_sync),
4469 /* HCI_OP_LE_READ_ACCEPT_LIST_SIZE */
4470 HCI_INIT(hci_le_read_accept_list_size_sync),
4471 /* HCI_OP_LE_CLEAR_ACCEPT_LIST */
4472 HCI_INIT(hci_le_clear_accept_list_sync),
4473 /* HCI_OP_LE_READ_RESOLV_LIST_SIZE */
4474 HCI_INIT(hci_le_read_resolv_list_size_sync),
4475 /* HCI_OP_LE_CLEAR_RESOLV_LIST */
4476 HCI_INIT(hci_le_clear_resolv_list_sync),
4477 /* HCI_OP_LE_SET_RPA_TIMEOUT */
4478 HCI_INIT(hci_le_set_rpa_timeout_sync),
4479 /* HCI_OP_LE_READ_MAX_DATA_LEN */
4480 HCI_INIT(hci_le_read_max_data_len_sync),
4481 /* HCI_OP_LE_READ_DEF_DATA_LEN */
4482 HCI_INIT(hci_le_read_def_data_len_sync),
4483 /* HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS */
4484 HCI_INIT(hci_le_read_num_support_adv_sets_sync),
4485 /* HCI_OP_WRITE_LE_HOST_SUPPORTED */
4486 HCI_INIT(hci_set_le_support_sync),
4487 /* HCI_OP_LE_SET_HOST_FEATURE */
4488 HCI_INIT(hci_le_set_host_feature_sync),
4492 static int hci_init3_sync(struct hci_dev *hdev)
4496 bt_dev_dbg(hdev, "");
4498 err = hci_init_stage_sync(hdev, hci_init3);
4502 if (lmp_le_capable(hdev))
4503 return hci_init_stage_sync(hdev, le_init3);
4508 static int hci_delete_stored_link_key_sync(struct hci_dev *hdev)
4510 struct hci_cp_delete_stored_link_key cp;
4512 /* Some Broadcom based Bluetooth controllers do not support the
4513 * Delete Stored Link Key command. They are clearly indicating its
4514 * absence in the bit mask of supported commands.
4516 * Check the supported commands and only if the command is marked
4517 * as supported send it. If not supported assume that the controller
4518 * does not have actual support for stored link keys which makes this
4519 * command redundant anyway.
4521 * Some controllers indicate that they support handling deleting
4522 * stored link keys, but they don't. The quirk lets a driver
4523 * just disable this command.
4525 if (!(hdev->commands[6] & 0x80) ||
4526 test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks))
4529 memset(&cp, 0, sizeof(cp));
4530 bacpy(&cp.bdaddr, BDADDR_ANY);
4531 cp.delete_all = 0x01;
4533 return __hci_cmd_sync_status(hdev, HCI_OP_DELETE_STORED_LINK_KEY,
4534 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
4537 static int hci_set_event_mask_page_2_sync(struct hci_dev *hdev)
4539 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
4540 bool changed = false;
4542 /* Set event mask page 2 if the HCI command for it is supported */
4543 if (!(hdev->commands[22] & 0x04))
4546 /* If Connectionless Peripheral Broadcast central role is supported
4547 * enable all necessary events for it.
4549 if (lmp_cpb_central_capable(hdev)) {
4550 events[1] |= 0x40; /* Triggered Clock Capture */
4551 events[1] |= 0x80; /* Synchronization Train Complete */
4552 events[2] |= 0x08; /* Truncated Page Complete */
4553 events[2] |= 0x20; /* CPB Channel Map Change */
4557 /* If Connectionless Peripheral Broadcast peripheral role is supported
4558 * enable all necessary events for it.
4560 if (lmp_cpb_peripheral_capable(hdev)) {
4561 events[2] |= 0x01; /* Synchronization Train Received */
4562 events[2] |= 0x02; /* CPB Receive */
4563 events[2] |= 0x04; /* CPB Timeout */
4564 events[2] |= 0x10; /* Peripheral Page Response Timeout */
4568 /* Enable Authenticated Payload Timeout Expired event if supported */
4569 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING) {
4574 /* Some Broadcom based controllers indicate support for Set Event
4575 * Mask Page 2 command, but then actually do not support it. Since
4576 * the default value is all bits set to zero, the command is only
4577 * required if the event mask has to be changed. In case no change
4578 * to the event mask is needed, skip this command.
4583 return __hci_cmd_sync_status(hdev, HCI_OP_SET_EVENT_MASK_PAGE_2,
4584 sizeof(events), events, HCI_CMD_TIMEOUT);
4587 /* Read local codec list if the HCI command is supported */
4588 static int hci_read_local_codecs_sync(struct hci_dev *hdev)
4590 if (hdev->commands[45] & 0x04)
4591 hci_read_supported_codecs_v2(hdev);
4592 else if (hdev->commands[29] & 0x20)
4593 hci_read_supported_codecs(hdev);
4598 /* Read local pairing options if the HCI command is supported */
4599 static int hci_read_local_pairing_opts_sync(struct hci_dev *hdev)
4601 if (!(hdev->commands[41] & 0x08))
4604 return __hci_cmd_sync_status(hdev, HCI_OP_READ_LOCAL_PAIRING_OPTS,
4605 0, NULL, HCI_CMD_TIMEOUT);
4608 /* Get MWS transport configuration if the HCI command is supported */
4609 static int hci_get_mws_transport_config_sync(struct hci_dev *hdev)
4611 if (!mws_transport_config_capable(hdev))
4614 return __hci_cmd_sync_status(hdev, HCI_OP_GET_MWS_TRANSPORT_CONFIG,
4615 0, NULL, HCI_CMD_TIMEOUT);
4618 /* Check for Synchronization Train support */
4619 static int hci_read_sync_train_params_sync(struct hci_dev *hdev)
4621 if (!lmp_sync_train_capable(hdev))
4624 return __hci_cmd_sync_status(hdev, HCI_OP_READ_SYNC_TRAIN_PARAMS,
4625 0, NULL, HCI_CMD_TIMEOUT);
4628 /* Enable Secure Connections if supported and configured */
4629 static int hci_write_sc_support_1_sync(struct hci_dev *hdev)
4633 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED) ||
4634 !bredr_sc_enabled(hdev))
4637 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_SC_SUPPORT,
4638 sizeof(support), &support,
4642 /* Set erroneous data reporting if supported to the wideband speech
4645 static int hci_set_err_data_report_sync(struct hci_dev *hdev)
4647 struct hci_cp_write_def_err_data_reporting cp;
4648 bool enabled = hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED);
4650 if (!(hdev->commands[18] & 0x08) ||
4651 !(hdev->features[0][6] & LMP_ERR_DATA_REPORTING) ||
4652 test_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks))
4655 if (enabled == hdev->err_data_reporting)
4658 memset(&cp, 0, sizeof(cp));
4659 cp.err_data_reporting = enabled ? ERR_DATA_REPORTING_ENABLED :
4660 ERR_DATA_REPORTING_DISABLED;
4662 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_DEF_ERR_DATA_REPORTING,
4663 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
4666 static const struct hci_init_stage hci_init4[] = {
4667 /* HCI_OP_DELETE_STORED_LINK_KEY */
4668 HCI_INIT(hci_delete_stored_link_key_sync),
4669 /* HCI_OP_SET_EVENT_MASK_PAGE_2 */
4670 HCI_INIT(hci_set_event_mask_page_2_sync),
4671 /* HCI_OP_READ_LOCAL_CODECS */
4672 HCI_INIT(hci_read_local_codecs_sync),
4673 /* HCI_OP_READ_LOCAL_PAIRING_OPTS */
4674 HCI_INIT(hci_read_local_pairing_opts_sync),
4675 /* HCI_OP_GET_MWS_TRANSPORT_CONFIG */
4676 HCI_INIT(hci_get_mws_transport_config_sync),
4677 /* HCI_OP_READ_SYNC_TRAIN_PARAMS */
4678 HCI_INIT(hci_read_sync_train_params_sync),
4679 /* HCI_OP_WRITE_SC_SUPPORT */
4680 HCI_INIT(hci_write_sc_support_1_sync),
4681 /* HCI_OP_WRITE_DEF_ERR_DATA_REPORTING */
4682 HCI_INIT(hci_set_err_data_report_sync),
4686 /* Set Suggested Default Data Length to maximum if supported */
4687 static int hci_le_set_write_def_data_len_sync(struct hci_dev *hdev)
4689 struct hci_cp_le_write_def_data_len cp;
4691 if (!(hdev->le_features[0] & HCI_LE_DATA_LEN_EXT))
4694 memset(&cp, 0, sizeof(cp));
4695 cp.tx_len = cpu_to_le16(hdev->le_max_tx_len);
4696 cp.tx_time = cpu_to_le16(hdev->le_max_tx_time);
4698 return __hci_cmd_sync_status(hdev, HCI_OP_LE_WRITE_DEF_DATA_LEN,
4699 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
4702 /* Set Default PHY parameters if command is supported, enables all supported
4703 * PHYs according to the LE Features bits.
4705 static int hci_le_set_default_phy_sync(struct hci_dev *hdev)
4707 struct hci_cp_le_set_default_phy cp;
4709 if (!(hdev->commands[35] & 0x20)) {
4710 /* If the command is not supported it means only 1M PHY is
4713 hdev->le_tx_def_phys = HCI_LE_SET_PHY_1M;
4714 hdev->le_rx_def_phys = HCI_LE_SET_PHY_1M;
4718 memset(&cp, 0, sizeof(cp));
4720 cp.tx_phys = HCI_LE_SET_PHY_1M;
4721 cp.rx_phys = HCI_LE_SET_PHY_1M;
4723 /* Enables 2M PHY if supported */
4724 if (le_2m_capable(hdev)) {
4725 cp.tx_phys |= HCI_LE_SET_PHY_2M;
4726 cp.rx_phys |= HCI_LE_SET_PHY_2M;
4729 /* Enables Coded PHY if supported */
4730 if (le_coded_capable(hdev)) {
4731 cp.tx_phys |= HCI_LE_SET_PHY_CODED;
4732 cp.rx_phys |= HCI_LE_SET_PHY_CODED;
4735 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_DEFAULT_PHY,
4736 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
4739 static const struct hci_init_stage le_init4[] = {
4740 /* HCI_OP_LE_WRITE_DEF_DATA_LEN */
4741 HCI_INIT(hci_le_set_write_def_data_len_sync),
4742 /* HCI_OP_LE_SET_DEFAULT_PHY */
4743 HCI_INIT(hci_le_set_default_phy_sync),
4747 static int hci_init4_sync(struct hci_dev *hdev)
4751 bt_dev_dbg(hdev, "");
4753 err = hci_init_stage_sync(hdev, hci_init4);
4757 if (lmp_le_capable(hdev))
4758 return hci_init_stage_sync(hdev, le_init4);
4763 static int hci_init_sync(struct hci_dev *hdev)
4767 err = hci_init1_sync(hdev);
4771 if (hci_dev_test_flag(hdev, HCI_SETUP))
4772 hci_debugfs_create_basic(hdev);
4774 err = hci_init2_sync(hdev);
4778 err = hci_init3_sync(hdev);
4782 err = hci_init4_sync(hdev);
4786 /* This function is only called when the controller is actually in
4787 * configured state. When the controller is marked as unconfigured,
4788 * this initialization procedure is not run.
4790 * It means that it is possible that a controller runs through its
4791 * setup phase and then discovers missing settings. If that is the
4792 * case, then this function will not be called. It then will only
4793 * be called during the config phase.
4795 * So only when in setup phase or config phase, create the debugfs
4796 * entries and register the SMP channels.
4798 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
4799 !hci_dev_test_flag(hdev, HCI_CONFIG))
4802 if (hci_dev_test_and_set_flag(hdev, HCI_DEBUGFS_CREATED))
4805 hci_debugfs_create_common(hdev);
4807 if (lmp_bredr_capable(hdev))
4808 hci_debugfs_create_bredr(hdev);
4810 if (lmp_le_capable(hdev))
4811 hci_debugfs_create_le(hdev);
4816 #define HCI_QUIRK_BROKEN(_quirk, _desc) { HCI_QUIRK_BROKEN_##_quirk, _desc }
4818 static const struct {
4819 unsigned long quirk;
4821 } hci_broken_table[] = {
4822 HCI_QUIRK_BROKEN(LOCAL_COMMANDS,
4823 "HCI Read Local Supported Commands not supported"),
4824 HCI_QUIRK_BROKEN(STORED_LINK_KEY,
4825 "HCI Delete Stored Link Key command is advertised, "
4826 "but not supported."),
4827 HCI_QUIRK_BROKEN(ERR_DATA_REPORTING,
4828 "HCI Read Default Erroneous Data Reporting command is "
4829 "advertised, but not supported."),
4830 HCI_QUIRK_BROKEN(READ_TRANSMIT_POWER,
4831 "HCI Read Transmit Power Level command is advertised, "
4832 "but not supported."),
4833 HCI_QUIRK_BROKEN(FILTER_CLEAR_ALL,
4834 "HCI Set Event Filter command not supported."),
4835 HCI_QUIRK_BROKEN(ENHANCED_SETUP_SYNC_CONN,
4836 "HCI Enhanced Setup Synchronous Connection command is "
4837 "advertised, but not supported."),
4838 HCI_QUIRK_BROKEN(SET_RPA_TIMEOUT,
4839 "HCI LE Set Random Private Address Timeout command is "
4840 "advertised, but not supported."),
4841 HCI_QUIRK_BROKEN(LE_CODED,
4842 "HCI LE Coded PHY feature bit is set, "
4843 "but its usage is not supported.")
4846 /* This function handles hdev setup stage:
4849 * Setup address if HCI_QUIRK_USE_BDADDR_PROPERTY is set.
4851 static int hci_dev_setup_sync(struct hci_dev *hdev)
4854 bool invalid_bdaddr;
4857 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
4858 !test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks))
4861 bt_dev_dbg(hdev, "");
4863 hci_sock_dev_event(hdev, HCI_DEV_SETUP);
4866 ret = hdev->setup(hdev);
4868 for (i = 0; i < ARRAY_SIZE(hci_broken_table); i++) {
4869 if (test_bit(hci_broken_table[i].quirk, &hdev->quirks))
4870 bt_dev_warn(hdev, "%s", hci_broken_table[i].desc);
4873 /* The transport driver can set the quirk to mark the
4874 * BD_ADDR invalid before creating the HCI device or in
4875 * its setup callback.
4877 invalid_bdaddr = test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
4878 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);
4880 if (test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks) &&
4881 !bacmp(&hdev->public_addr, BDADDR_ANY))
4882 hci_dev_get_bd_addr_from_property(hdev);
4884 if (invalid_bdaddr && bacmp(&hdev->public_addr, BDADDR_ANY) &&
4886 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
4888 invalid_bdaddr = false;
4892 /* The transport driver can set these quirks before
4893 * creating the HCI device or in its setup callback.
4895 * For the invalid BD_ADDR quirk it is possible that
4896 * it becomes a valid address if the bootloader does
4897 * provide it (see above).
4899 * In case any of them is set, the controller has to
4900 * start up as unconfigured.
4902 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
4904 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
4906 /* For an unconfigured controller it is required to
4907 * read at least the version information provided by
4908 * the Read Local Version Information command.
4910 * If the set_bdaddr driver callback is provided, then
4911 * also the original Bluetooth public device address
4912 * will be read using the Read BD Address command.
4914 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
4915 return hci_unconf_init_sync(hdev);
4920 /* This function handles hdev init stage:
4922 * Calls hci_dev_setup_sync to perform setup stage
4923 * Calls hci_init_sync to perform HCI command init sequence
4925 static int hci_dev_init_sync(struct hci_dev *hdev)
4929 bt_dev_dbg(hdev, "");
4931 atomic_set(&hdev->cmd_cnt, 1);
4932 set_bit(HCI_INIT, &hdev->flags);
4934 ret = hci_dev_setup_sync(hdev);
4936 if (hci_dev_test_flag(hdev, HCI_CONFIG)) {
4937 /* If public address change is configured, ensure that
4938 * the address gets programmed. If the driver does not
4939 * support changing the public address, fail the power
4942 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
4944 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
4946 ret = -EADDRNOTAVAIL;
4950 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
4951 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
4952 ret = hci_init_sync(hdev);
4953 if (!ret && hdev->post_init)
4954 ret = hdev->post_init(hdev);
4958 /* If the HCI Reset command is clearing all diagnostic settings,
4959 * then they need to be reprogrammed after the init procedure
4962 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
4963 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
4964 hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) && hdev->set_diag)
4965 ret = hdev->set_diag(hdev, true);
4967 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
4972 clear_bit(HCI_INIT, &hdev->flags);
4977 int hci_dev_open_sync(struct hci_dev *hdev)
4981 bt_dev_dbg(hdev, "");
4983 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) {
4988 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
4989 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
4990 /* Check for rfkill but allow the HCI setup stage to
4991 * proceed (which in itself doesn't cause any RF activity).
4993 if (hci_dev_test_flag(hdev, HCI_RFKILLED)) {
4998 /* Check for valid public address or a configured static
4999 * random address, but let the HCI setup proceed to
5000 * be able to determine if there is a public address
5003 * In case of user channel usage, it is not important
5004 * if a public address or static random address is
5007 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
5008 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
5009 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
5010 ret = -EADDRNOTAVAIL;
5015 if (test_bit(HCI_UP, &hdev->flags)) {
5020 if (hdev->open(hdev)) {
5025 hci_devcd_reset(hdev);
5027 set_bit(HCI_RUNNING, &hdev->flags);
5028 hci_sock_dev_event(hdev, HCI_DEV_OPEN);
5030 ret = hci_dev_init_sync(hdev);
5033 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5034 hci_adv_instances_set_rpa_expired(hdev, true);
5035 set_bit(HCI_UP, &hdev->flags);
5036 hci_sock_dev_event(hdev, HCI_DEV_UP);
5037 hci_leds_update_powered(hdev, true);
5038 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
5039 !hci_dev_test_flag(hdev, HCI_CONFIG) &&
5040 !hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
5041 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
5042 hci_dev_test_flag(hdev, HCI_MGMT)) {
5043 ret = hci_powered_update_sync(hdev);
5044 mgmt_power_on(hdev, ret);
5047 /* Init failed, cleanup */
5048 flush_work(&hdev->tx_work);
5050 /* Since hci_rx_work() is possible to awake new cmd_work
5051 * it should be flushed first to avoid unexpected call of
5054 flush_work(&hdev->rx_work);
5055 flush_work(&hdev->cmd_work);
5057 skb_queue_purge(&hdev->cmd_q);
5058 skb_queue_purge(&hdev->rx_q);
5063 if (hdev->sent_cmd) {
5064 cancel_delayed_work_sync(&hdev->cmd_timer);
5065 kfree_skb(hdev->sent_cmd);
5066 hdev->sent_cmd = NULL;
5069 if (hdev->req_skb) {
5070 kfree_skb(hdev->req_skb);
5071 hdev->req_skb = NULL;
5074 clear_bit(HCI_RUNNING, &hdev->flags);
5075 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
5078 hdev->flags &= BIT(HCI_RAW);
5085 /* This function requires the caller holds hdev->lock */
5086 static void hci_pend_le_actions_clear(struct hci_dev *hdev)
5088 struct hci_conn_params *p;
5090 list_for_each_entry(p, &hdev->le_conn_params, list) {
5091 hci_pend_le_list_del_init(p);
5093 hci_conn_drop(p->conn);
5094 hci_conn_put(p->conn);
5099 BT_DBG("All LE pending actions cleared");
5102 static int hci_dev_shutdown(struct hci_dev *hdev)
5105 /* Similar to how we first do setup and then set the exclusive access
5106 * bit for userspace, we must first unset userchannel and then clean up.
5107 * Otherwise, the kernel can't properly use the hci channel to clean up
5108 * the controller (some shutdown routines require sending additional
5109 * commands to the controller for example).
5111 bool was_userchannel =
5112 hci_dev_test_and_clear_flag(hdev, HCI_USER_CHANNEL);
5114 if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) &&
5115 test_bit(HCI_UP, &hdev->flags)) {
5116 /* Execute vendor specific shutdown routine */
5118 err = hdev->shutdown(hdev);
5121 if (was_userchannel)
5122 hci_dev_set_flag(hdev, HCI_USER_CHANNEL);
5127 int hci_dev_close_sync(struct hci_dev *hdev)
5132 bt_dev_dbg(hdev, "");
5134 cancel_delayed_work(&hdev->power_off);
5135 cancel_delayed_work(&hdev->ncmd_timer);
5136 cancel_delayed_work(&hdev->le_scan_disable);
5138 hci_cmd_sync_cancel_sync(hdev, ENODEV);
5140 cancel_interleave_scan(hdev);
5142 if (hdev->adv_instance_timeout) {
5143 cancel_delayed_work_sync(&hdev->adv_instance_expire);
5144 hdev->adv_instance_timeout = 0;
5147 err = hci_dev_shutdown(hdev);
5149 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
5150 cancel_delayed_work_sync(&hdev->cmd_timer);
5154 hci_leds_update_powered(hdev, false);
5156 /* Flush RX and TX works */
5157 flush_work(&hdev->tx_work);
5158 flush_work(&hdev->rx_work);
5160 if (hdev->discov_timeout > 0) {
5161 hdev->discov_timeout = 0;
5162 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
5163 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
5166 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
5167 cancel_delayed_work(&hdev->service_cache);
5169 if (hci_dev_test_flag(hdev, HCI_MGMT)) {
5170 struct adv_info *adv_instance;
5172 cancel_delayed_work_sync(&hdev->rpa_expired);
5174 list_for_each_entry(adv_instance, &hdev->adv_instances, list)
5175 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
5178 /* Avoid potential lockdep warnings from the *_flush() calls by
5179 * ensuring the workqueue is empty up front.
5181 drain_workqueue(hdev->workqueue);
5185 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
5187 auto_off = hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF);
5189 if (!auto_off && !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
5190 hci_dev_test_flag(hdev, HCI_MGMT))
5191 __mgmt_power_off(hdev);
5193 hci_inquiry_cache_flush(hdev);
5194 hci_pend_le_actions_clear(hdev);
5195 hci_conn_hash_flush(hdev);
5196 /* Prevent data races on hdev->smp_data or hdev->smp_bredr_data */
5197 smp_unregister(hdev);
5198 hci_dev_unlock(hdev);
5200 hci_sock_dev_event(hdev, HCI_DEV_DOWN);
5202 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
5203 aosp_do_close(hdev);
5204 msft_do_close(hdev);
5211 skb_queue_purge(&hdev->cmd_q);
5212 atomic_set(&hdev->cmd_cnt, 1);
5213 if (test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks) &&
5214 !auto_off && !hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
5215 set_bit(HCI_INIT, &hdev->flags);
5216 hci_reset_sync(hdev);
5217 clear_bit(HCI_INIT, &hdev->flags);
5220 /* flush cmd work */
5221 flush_work(&hdev->cmd_work);
5224 skb_queue_purge(&hdev->rx_q);
5225 skb_queue_purge(&hdev->cmd_q);
5226 skb_queue_purge(&hdev->raw_q);
5228 /* Drop last sent command */
5229 if (hdev->sent_cmd) {
5230 cancel_delayed_work_sync(&hdev->cmd_timer);
5231 kfree_skb(hdev->sent_cmd);
5232 hdev->sent_cmd = NULL;
5235 /* Drop last request */
5236 if (hdev->req_skb) {
5237 kfree_skb(hdev->req_skb);
5238 hdev->req_skb = NULL;
5241 clear_bit(HCI_RUNNING, &hdev->flags);
5242 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
5244 /* After this point our queues are empty and no tasks are scheduled. */
5248 hdev->flags &= BIT(HCI_RAW);
5249 hci_dev_clear_volatile_flags(hdev);
5251 memset(hdev->eir, 0, sizeof(hdev->eir));
5252 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
5253 bacpy(&hdev->random_addr, BDADDR_ANY);
5254 hci_codec_list_clear(&hdev->local_codecs);
5260 /* This function perform power on HCI command sequence as follows:
5262 * If controller is already up (HCI_UP) performs hci_powered_update_sync
5263 * sequence otherwise run hci_dev_open_sync which will follow with
5264 * hci_powered_update_sync after the init sequence is completed.
5266 static int hci_power_on_sync(struct hci_dev *hdev)
5270 if (test_bit(HCI_UP, &hdev->flags) &&
5271 hci_dev_test_flag(hdev, HCI_MGMT) &&
5272 hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
5273 cancel_delayed_work(&hdev->power_off);
5274 return hci_powered_update_sync(hdev);
5277 err = hci_dev_open_sync(hdev);
5281 /* During the HCI setup phase, a few error conditions are
5282 * ignored and they need to be checked now. If they are still
5283 * valid, it is important to return the device back off.
5285 if (hci_dev_test_flag(hdev, HCI_RFKILLED) ||
5286 hci_dev_test_flag(hdev, HCI_UNCONFIGURED) ||
5287 (!bacmp(&hdev->bdaddr, BDADDR_ANY) &&
5288 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
5289 hci_dev_clear_flag(hdev, HCI_AUTO_OFF);
5290 hci_dev_close_sync(hdev);
5291 } else if (hci_dev_test_flag(hdev, HCI_AUTO_OFF)) {
5292 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
5293 HCI_AUTO_OFF_TIMEOUT);
5296 if (hci_dev_test_and_clear_flag(hdev, HCI_SETUP)) {
5297 /* For unconfigured devices, set the HCI_RAW flag
5298 * so that userspace can easily identify them.
5300 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
5301 set_bit(HCI_RAW, &hdev->flags);
5303 /* For fully configured devices, this will send
5304 * the Index Added event. For unconfigured devices,
5305 * it will send Unconfigued Index Added event.
5307 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
5308 * and no event will be send.
5310 mgmt_index_added(hdev);
5311 } else if (hci_dev_test_and_clear_flag(hdev, HCI_CONFIG)) {
5312 /* When the controller is now configured, then it
5313 * is important to clear the HCI_RAW flag.
5315 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
5316 clear_bit(HCI_RAW, &hdev->flags);
5318 /* Powering on the controller with HCI_CONFIG set only
5319 * happens with the transition from unconfigured to
5320 * configured. This will send the Index Added event.
5322 mgmt_index_added(hdev);
5328 static int hci_remote_name_cancel_sync(struct hci_dev *hdev, bdaddr_t *addr)
5330 struct hci_cp_remote_name_req_cancel cp;
5332 memset(&cp, 0, sizeof(cp));
5333 bacpy(&cp.bdaddr, addr);
5335 return __hci_cmd_sync_status(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
5336 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
5339 int hci_stop_discovery_sync(struct hci_dev *hdev)
5341 struct discovery_state *d = &hdev->discovery;
5342 struct inquiry_entry *e;
5345 bt_dev_dbg(hdev, "state %u", hdev->discovery.state);
5347 if (d->state == DISCOVERY_FINDING || d->state == DISCOVERY_STOPPING) {
5348 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
5349 err = __hci_cmd_sync_status(hdev, HCI_OP_INQUIRY_CANCEL,
5350 0, NULL, HCI_CMD_TIMEOUT);
5355 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
5356 cancel_delayed_work(&hdev->le_scan_disable);
5358 err = hci_scan_disable_sync(hdev);
5364 err = hci_scan_disable_sync(hdev);
5369 /* Resume advertising if it was paused */
5370 if (use_ll_privacy(hdev))
5371 hci_resume_advertising_sync(hdev);
5373 /* No further actions needed for LE-only discovery */
5374 if (d->type == DISCOV_TYPE_LE)
5377 if (d->state == DISCOVERY_RESOLVING || d->state == DISCOVERY_STOPPING) {
5378 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
5383 /* Ignore cancel errors since it should interfere with stopping
5386 hci_remote_name_cancel_sync(hdev, &e->data.bdaddr);
5392 static int hci_disconnect_sync(struct hci_dev *hdev, struct hci_conn *conn,
5395 struct hci_cp_disconnect cp;
5397 if (test_bit(HCI_CONN_BIG_CREATED, &conn->flags)) {
5398 /* This is a BIS connection, hci_conn_del will
5399 * do the necessary cleanup.
5402 hci_conn_failed(conn, reason);
5403 hci_dev_unlock(hdev);
5408 memset(&cp, 0, sizeof(cp));
5409 cp.handle = cpu_to_le16(conn->handle);
5412 /* Wait for HCI_EV_DISCONN_COMPLETE, not HCI_EV_CMD_STATUS, when the
5413 * reason is anything but HCI_ERROR_REMOTE_POWER_OFF. This reason is
5414 * used when suspending or powering off, where we don't want to wait
5415 * for the peer's response.
5417 if (reason != HCI_ERROR_REMOTE_POWER_OFF)
5418 return __hci_cmd_sync_status_sk(hdev, HCI_OP_DISCONNECT,
5420 HCI_EV_DISCONN_COMPLETE,
5421 HCI_CMD_TIMEOUT, NULL);
5423 return __hci_cmd_sync_status(hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp,
5427 static int hci_le_connect_cancel_sync(struct hci_dev *hdev,
5428 struct hci_conn *conn, u8 reason)
5430 /* Return reason if scanning since the connection shall probably be
5433 if (test_bit(HCI_CONN_SCANNING, &conn->flags))
5436 if (conn->role == HCI_ROLE_SLAVE ||
5437 test_and_set_bit(HCI_CONN_CANCEL, &conn->flags))
5440 return __hci_cmd_sync_status(hdev, HCI_OP_LE_CREATE_CONN_CANCEL,
5441 0, NULL, HCI_CMD_TIMEOUT);
5444 static int hci_connect_cancel_sync(struct hci_dev *hdev, struct hci_conn *conn,
5447 if (conn->type == LE_LINK)
5448 return hci_le_connect_cancel_sync(hdev, conn, reason);
5450 if (conn->type == ISO_LINK) {
5451 /* BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E
5454 * If this command is issued for a CIS on the Central and the
5455 * CIS is successfully terminated before being established,
5456 * then an HCI_LE_CIS_Established event shall also be sent for
5457 * this CIS with the Status Operation Cancelled by Host (0x44).
5459 if (test_bit(HCI_CONN_CREATE_CIS, &conn->flags))
5460 return hci_disconnect_sync(hdev, conn, reason);
5462 /* CIS with no Create CIS sent have nothing to cancel */
5463 if (bacmp(&conn->dst, BDADDR_ANY))
5464 return HCI_ERROR_LOCAL_HOST_TERM;
5466 /* There is no way to cancel a BIS without terminating the BIG
5467 * which is done later on connection cleanup.
5472 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
5475 /* Wait for HCI_EV_CONN_COMPLETE, not HCI_EV_CMD_STATUS, when the
5476 * reason is anything but HCI_ERROR_REMOTE_POWER_OFF. This reason is
5477 * used when suspending or powering off, where we don't want to wait
5478 * for the peer's response.
5480 if (reason != HCI_ERROR_REMOTE_POWER_OFF)
5481 return __hci_cmd_sync_status_sk(hdev, HCI_OP_CREATE_CONN_CANCEL,
5483 HCI_EV_CONN_COMPLETE,
5484 HCI_CMD_TIMEOUT, NULL);
5486 return __hci_cmd_sync_status(hdev, HCI_OP_CREATE_CONN_CANCEL,
5487 6, &conn->dst, HCI_CMD_TIMEOUT);
5490 static int hci_reject_sco_sync(struct hci_dev *hdev, struct hci_conn *conn,
5493 struct hci_cp_reject_sync_conn_req cp;
5495 memset(&cp, 0, sizeof(cp));
5496 bacpy(&cp.bdaddr, &conn->dst);
5499 /* SCO rejection has its own limited set of
5500 * allowed error values (0x0D-0x0F).
5502 if (reason < 0x0d || reason > 0x0f)
5503 cp.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
5505 return __hci_cmd_sync_status(hdev, HCI_OP_REJECT_SYNC_CONN_REQ,
5506 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
5509 static int hci_le_reject_cis_sync(struct hci_dev *hdev, struct hci_conn *conn,
5512 struct hci_cp_le_reject_cis cp;
5514 memset(&cp, 0, sizeof(cp));
5515 cp.handle = cpu_to_le16(conn->handle);
5518 return __hci_cmd_sync_status(hdev, HCI_OP_LE_REJECT_CIS,
5519 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
5522 static int hci_reject_conn_sync(struct hci_dev *hdev, struct hci_conn *conn,
5525 struct hci_cp_reject_conn_req cp;
5527 if (conn->type == ISO_LINK)
5528 return hci_le_reject_cis_sync(hdev, conn, reason);
5530 if (conn->type == SCO_LINK || conn->type == ESCO_LINK)
5531 return hci_reject_sco_sync(hdev, conn, reason);
5533 memset(&cp, 0, sizeof(cp));
5534 bacpy(&cp.bdaddr, &conn->dst);
5537 return __hci_cmd_sync_status(hdev, HCI_OP_REJECT_CONN_REQ,
5538 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
5541 int hci_abort_conn_sync(struct hci_dev *hdev, struct hci_conn *conn, u8 reason)
5544 u16 handle = conn->handle;
5545 bool disconnect = false;
5548 switch (conn->state) {
5551 err = hci_disconnect_sync(hdev, conn, reason);
5554 err = hci_connect_cancel_sync(hdev, conn, reason);
5557 err = hci_reject_conn_sync(hdev, conn, reason);
5569 /* Check if the connection has been cleaned up concurrently */
5570 c = hci_conn_hash_lookup_handle(hdev, handle);
5571 if (!c || c != conn) {
5576 /* Cleanup hci_conn object if it cannot be cancelled as it
5577 * likelly means the controller and host stack are out of sync
5578 * or in case of LE it was still scanning so it can be cleanup
5582 conn->state = BT_CLOSED;
5583 hci_disconn_cfm(conn, reason);
5586 hci_conn_failed(conn, reason);
5590 hci_dev_unlock(hdev);
5594 static int hci_disconnect_all_sync(struct hci_dev *hdev, u8 reason)
5596 struct list_head *head = &hdev->conn_hash.list;
5597 struct hci_conn *conn;
5600 while ((conn = list_first_or_null_rcu(head, struct hci_conn, list))) {
5601 /* Make sure the connection is not freed while unlocking */
5602 conn = hci_conn_get(conn);
5604 /* Disregard possible errors since hci_conn_del shall have been
5605 * called even in case of errors had occurred since it would
5606 * then cause hci_conn_failed to be called which calls
5607 * hci_conn_del internally.
5609 hci_abort_conn_sync(hdev, conn, reason);
5618 /* This function perform power off HCI command sequence as follows:
5622 * Disconnect all connections
5623 * hci_dev_close_sync
5625 static int hci_power_off_sync(struct hci_dev *hdev)
5629 /* If controller is already down there is nothing to do */
5630 if (!test_bit(HCI_UP, &hdev->flags))
5633 hci_dev_set_flag(hdev, HCI_POWERING_DOWN);
5635 if (test_bit(HCI_ISCAN, &hdev->flags) ||
5636 test_bit(HCI_PSCAN, &hdev->flags)) {
5637 err = hci_write_scan_enable_sync(hdev, 0x00);
5642 err = hci_clear_adv_sync(hdev, NULL, false);
5646 err = hci_stop_discovery_sync(hdev);
5650 /* Terminated due to Power Off */
5651 err = hci_disconnect_all_sync(hdev, HCI_ERROR_REMOTE_POWER_OFF);
5655 err = hci_dev_close_sync(hdev);
5658 hci_dev_clear_flag(hdev, HCI_POWERING_DOWN);
5662 int hci_set_powered_sync(struct hci_dev *hdev, u8 val)
5665 return hci_power_on_sync(hdev);
5667 return hci_power_off_sync(hdev);
5670 static int hci_write_iac_sync(struct hci_dev *hdev)
5672 struct hci_cp_write_current_iac_lap cp;
5674 if (!hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
5677 memset(&cp, 0, sizeof(cp));
5679 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) {
5680 /* Limited discoverable mode */
5681 cp.num_iac = min_t(u8, hdev->num_iac, 2);
5682 cp.iac_lap[0] = 0x00; /* LIAC */
5683 cp.iac_lap[1] = 0x8b;
5684 cp.iac_lap[2] = 0x9e;
5685 cp.iac_lap[3] = 0x33; /* GIAC */
5686 cp.iac_lap[4] = 0x8b;
5687 cp.iac_lap[5] = 0x9e;
5689 /* General discoverable mode */
5691 cp.iac_lap[0] = 0x33; /* GIAC */
5692 cp.iac_lap[1] = 0x8b;
5693 cp.iac_lap[2] = 0x9e;
5696 return __hci_cmd_sync_status(hdev, HCI_OP_WRITE_CURRENT_IAC_LAP,
5697 (cp.num_iac * 3) + 1, &cp,
5701 int hci_update_discoverable_sync(struct hci_dev *hdev)
5705 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5706 err = hci_write_iac_sync(hdev);
5710 err = hci_update_scan_sync(hdev);
5714 err = hci_update_class_sync(hdev);
5719 /* Advertising instances don't use the global discoverable setting, so
5720 * only update AD if advertising was enabled using Set Advertising.
5722 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
5723 err = hci_update_adv_data_sync(hdev, 0x00);
5727 /* Discoverable mode affects the local advertising
5728 * address in limited privacy mode.
5730 if (hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) {
5731 if (ext_adv_capable(hdev))
5732 err = hci_start_ext_adv_sync(hdev, 0x00);
5734 err = hci_enable_advertising_sync(hdev);
5741 static int update_discoverable_sync(struct hci_dev *hdev, void *data)
5743 return hci_update_discoverable_sync(hdev);
5746 int hci_update_discoverable(struct hci_dev *hdev)
5748 /* Only queue if it would have any effect */
5749 if (hdev_is_powered(hdev) &&
5750 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
5751 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
5752 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
5753 return hci_cmd_sync_queue(hdev, update_discoverable_sync, NULL,
5759 int hci_update_connectable_sync(struct hci_dev *hdev)
5763 err = hci_update_scan_sync(hdev);
5767 /* If BR/EDR is not enabled and we disable advertising as a
5768 * by-product of disabling connectable, we need to update the
5769 * advertising flags.
5771 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5772 err = hci_update_adv_data_sync(hdev, hdev->cur_adv_instance);
5774 /* Update the advertising parameters if necessary */
5775 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
5776 !list_empty(&hdev->adv_instances)) {
5777 if (ext_adv_capable(hdev))
5778 err = hci_start_ext_adv_sync(hdev,
5779 hdev->cur_adv_instance);
5781 err = hci_enable_advertising_sync(hdev);
5787 return hci_update_passive_scan_sync(hdev);
5790 int hci_inquiry_sync(struct hci_dev *hdev, u8 length, u8 num_rsp)
5792 const u8 giac[3] = { 0x33, 0x8b, 0x9e };
5793 const u8 liac[3] = { 0x00, 0x8b, 0x9e };
5794 struct hci_cp_inquiry cp;
5796 bt_dev_dbg(hdev, "");
5798 if (test_bit(HCI_INQUIRY, &hdev->flags))
5802 hci_inquiry_cache_flush(hdev);
5803 hci_dev_unlock(hdev);
5805 memset(&cp, 0, sizeof(cp));
5807 if (hdev->discovery.limited)
5808 memcpy(&cp.lap, liac, sizeof(cp.lap));
5810 memcpy(&cp.lap, giac, sizeof(cp.lap));
5813 cp.num_rsp = num_rsp;
5815 return __hci_cmd_sync_status(hdev, HCI_OP_INQUIRY,
5816 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
5819 static int hci_active_scan_sync(struct hci_dev *hdev, uint16_t interval)
5822 /* Accept list is not used for discovery */
5823 u8 filter_policy = 0x00;
5824 /* Default is to enable duplicates filter */
5825 u8 filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
5828 bt_dev_dbg(hdev, "");
5830 /* If controller is scanning, it means the passive scanning is
5831 * running. Thus, we should temporarily stop it in order to set the
5832 * discovery scanning parameters.
5834 err = hci_scan_disable_sync(hdev);
5836 bt_dev_err(hdev, "Unable to disable scanning: %d", err);
5840 cancel_interleave_scan(hdev);
5842 /* Pause address resolution for active scan and stop advertising if
5843 * privacy is enabled.
5845 err = hci_pause_addr_resolution(hdev);
5849 /* All active scans will be done with either a resolvable private
5850 * address (when privacy feature has been enabled) or non-resolvable
5853 err = hci_update_random_address_sync(hdev, true, scan_use_rpa(hdev),
5856 own_addr_type = ADDR_LE_DEV_PUBLIC;
5858 if (hci_is_adv_monitoring(hdev) ||
5859 (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) &&
5860 hdev->discovery.result_filtering)) {
5861 /* Duplicate filter should be disabled when some advertisement
5862 * monitor is activated, otherwise AdvMon can only receive one
5863 * advertisement for one peer(*) during active scanning, and
5864 * might report loss to these peers.
5866 * If controller does strict duplicate filtering and the
5867 * discovery requires result filtering disables controller based
5868 * filtering since that can cause reports that would match the
5869 * host filter to not be reported.
5871 filter_dup = LE_SCAN_FILTER_DUP_DISABLE;
5874 err = hci_start_scan_sync(hdev, LE_SCAN_ACTIVE, interval,
5875 hdev->le_scan_window_discovery,
5876 own_addr_type, filter_policy, filter_dup);
5881 /* Resume advertising if it was paused */
5882 if (use_ll_privacy(hdev))
5883 hci_resume_advertising_sync(hdev);
5885 /* Resume passive scanning */
5886 hci_update_passive_scan_sync(hdev);
5890 static int hci_start_interleaved_discovery_sync(struct hci_dev *hdev)
5894 bt_dev_dbg(hdev, "");
5896 err = hci_active_scan_sync(hdev, hdev->le_scan_int_discovery * 2);
5900 return hci_inquiry_sync(hdev, DISCOV_BREDR_INQUIRY_LEN, 0);
5903 int hci_start_discovery_sync(struct hci_dev *hdev)
5905 unsigned long timeout;
5908 bt_dev_dbg(hdev, "type %u", hdev->discovery.type);
5910 switch (hdev->discovery.type) {
5911 case DISCOV_TYPE_BREDR:
5912 return hci_inquiry_sync(hdev, DISCOV_BREDR_INQUIRY_LEN, 0);
5913 case DISCOV_TYPE_INTERLEAVED:
5914 /* When running simultaneous discovery, the LE scanning time
5915 * should occupy the whole discovery time sine BR/EDR inquiry
5916 * and LE scanning are scheduled by the controller.
5918 * For interleaving discovery in comparison, BR/EDR inquiry
5919 * and LE scanning are done sequentially with separate
5922 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
5924 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
5925 /* During simultaneous discovery, we double LE scan
5926 * interval. We must leave some time for the controller
5927 * to do BR/EDR inquiry.
5929 err = hci_start_interleaved_discovery_sync(hdev);
5933 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
5934 err = hci_active_scan_sync(hdev, hdev->le_scan_int_discovery);
5936 case DISCOV_TYPE_LE:
5937 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
5938 err = hci_active_scan_sync(hdev, hdev->le_scan_int_discovery);
5947 bt_dev_dbg(hdev, "timeout %u ms", jiffies_to_msecs(timeout));
5949 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_disable,
5954 static void hci_suspend_monitor_sync(struct hci_dev *hdev)
5956 switch (hci_get_adv_monitor_offload_ext(hdev)) {
5957 case HCI_ADV_MONITOR_EXT_MSFT:
5958 msft_suspend_sync(hdev);
5965 /* This function disables discovery and mark it as paused */
5966 static int hci_pause_discovery_sync(struct hci_dev *hdev)
5968 int old_state = hdev->discovery.state;
5971 /* If discovery already stopped/stopping/paused there nothing to do */
5972 if (old_state == DISCOVERY_STOPPED || old_state == DISCOVERY_STOPPING ||
5973 hdev->discovery_paused)
5976 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
5977 err = hci_stop_discovery_sync(hdev);
5981 hdev->discovery_paused = true;
5982 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
5987 static int hci_update_event_filter_sync(struct hci_dev *hdev)
5989 struct bdaddr_list_with_flags *b;
5990 u8 scan = SCAN_DISABLED;
5991 bool scanning = test_bit(HCI_PSCAN, &hdev->flags);
5994 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5997 /* Some fake CSR controllers lock up after setting this type of
5998 * filter, so avoid sending the request altogether.
6000 if (test_bit(HCI_QUIRK_BROKEN_FILTER_CLEAR_ALL, &hdev->quirks))
6003 /* Always clear event filter when starting */
6004 hci_clear_event_filter_sync(hdev);
6006 list_for_each_entry(b, &hdev->accept_list, list) {
6007 if (!(b->flags & HCI_CONN_FLAG_REMOTE_WAKEUP))
6010 bt_dev_dbg(hdev, "Adding event filters for %pMR", &b->bdaddr);
6012 err = hci_set_event_filter_sync(hdev, HCI_FLT_CONN_SETUP,
6013 HCI_CONN_SETUP_ALLOW_BDADDR,
6015 HCI_CONN_SETUP_AUTO_ON);
6017 bt_dev_dbg(hdev, "Failed to set event filter for %pMR",
6023 if (scan && !scanning)
6024 hci_write_scan_enable_sync(hdev, scan);
6025 else if (!scan && scanning)
6026 hci_write_scan_enable_sync(hdev, scan);
6031 /* This function disables scan (BR and LE) and mark it as paused */
6032 static int hci_pause_scan_sync(struct hci_dev *hdev)
6034 if (hdev->scanning_paused)
6037 /* Disable page scan if enabled */
6038 if (test_bit(HCI_PSCAN, &hdev->flags))
6039 hci_write_scan_enable_sync(hdev, SCAN_DISABLED);
6041 hci_scan_disable_sync(hdev);
6043 hdev->scanning_paused = true;
6048 /* This function performs the HCI suspend procedures in the follow order:
6050 * Pause discovery (active scanning/inquiry)
6051 * Pause Directed Advertising/Advertising
6052 * Pause Scanning (passive scanning in case discovery was not active)
6053 * Disconnect all connections
6054 * Set suspend_status to BT_SUSPEND_DISCONNECT if hdev cannot wakeup
6056 * Update event mask (only set events that are allowed to wake up the host)
6057 * Update event filter (with devices marked with HCI_CONN_FLAG_REMOTE_WAKEUP)
6058 * Update passive scanning (lower duty cycle)
6059 * Set suspend_status to BT_SUSPEND_CONFIGURE_WAKE
6061 int hci_suspend_sync(struct hci_dev *hdev)
6065 /* If marked as suspended there nothing to do */
6066 if (hdev->suspended)
6069 /* Mark device as suspended */
6070 hdev->suspended = true;
6072 /* Pause discovery if not already stopped */
6073 hci_pause_discovery_sync(hdev);
6075 /* Pause other advertisements */
6076 hci_pause_advertising_sync(hdev);
6078 /* Suspend monitor filters */
6079 hci_suspend_monitor_sync(hdev);
6081 /* Prevent disconnects from causing scanning to be re-enabled */
6082 hci_pause_scan_sync(hdev);
6084 if (hci_conn_count(hdev)) {
6085 /* Soft disconnect everything (power off) */
6086 err = hci_disconnect_all_sync(hdev, HCI_ERROR_REMOTE_POWER_OFF);
6088 /* Set state to BT_RUNNING so resume doesn't notify */
6089 hdev->suspend_state = BT_RUNNING;
6090 hci_resume_sync(hdev);
6094 /* Update event mask so only the allowed event can wakeup the
6097 hci_set_event_mask_sync(hdev);
6100 /* Only configure accept list if disconnect succeeded and wake
6101 * isn't being prevented.
6103 if (!hdev->wakeup || !hdev->wakeup(hdev)) {
6104 hdev->suspend_state = BT_SUSPEND_DISCONNECT;
6108 /* Unpause to take care of updating scanning params */
6109 hdev->scanning_paused = false;
6111 /* Enable event filter for paired devices */
6112 hci_update_event_filter_sync(hdev);
6114 /* Update LE passive scan if enabled */
6115 hci_update_passive_scan_sync(hdev);
6117 /* Pause scan changes again. */
6118 hdev->scanning_paused = true;
6120 hdev->suspend_state = BT_SUSPEND_CONFIGURE_WAKE;
6125 /* This function resumes discovery */
6126 static int hci_resume_discovery_sync(struct hci_dev *hdev)
6130 /* If discovery not paused there nothing to do */
6131 if (!hdev->discovery_paused)
6134 hdev->discovery_paused = false;
6136 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
6138 err = hci_start_discovery_sync(hdev);
6140 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED :
6146 static void hci_resume_monitor_sync(struct hci_dev *hdev)
6148 switch (hci_get_adv_monitor_offload_ext(hdev)) {
6149 case HCI_ADV_MONITOR_EXT_MSFT:
6150 msft_resume_sync(hdev);
6157 /* This function resume scan and reset paused flag */
6158 static int hci_resume_scan_sync(struct hci_dev *hdev)
6160 if (!hdev->scanning_paused)
6163 hdev->scanning_paused = false;
6165 hci_update_scan_sync(hdev);
6167 /* Reset passive scanning to normal */
6168 hci_update_passive_scan_sync(hdev);
6173 /* This function performs the HCI suspend procedures in the follow order:
6175 * Restore event mask
6176 * Clear event filter
6177 * Update passive scanning (normal duty cycle)
6178 * Resume Directed Advertising/Advertising
6179 * Resume discovery (active scanning/inquiry)
6181 int hci_resume_sync(struct hci_dev *hdev)
6183 /* If not marked as suspended there nothing to do */
6184 if (!hdev->suspended)
6187 hdev->suspended = false;
6189 /* Restore event mask */
6190 hci_set_event_mask_sync(hdev);
6192 /* Clear any event filters and restore scan state */
6193 hci_clear_event_filter_sync(hdev);
6195 /* Resume scanning */
6196 hci_resume_scan_sync(hdev);
6198 /* Resume monitor filters */
6199 hci_resume_monitor_sync(hdev);
6201 /* Resume other advertisements */
6202 hci_resume_advertising_sync(hdev);
6204 /* Resume discovery */
6205 hci_resume_discovery_sync(hdev);
6210 static bool conn_use_rpa(struct hci_conn *conn)
6212 struct hci_dev *hdev = conn->hdev;
6214 return hci_dev_test_flag(hdev, HCI_PRIVACY);
6217 static int hci_le_ext_directed_advertising_sync(struct hci_dev *hdev,
6218 struct hci_conn *conn)
6220 struct hci_cp_le_set_ext_adv_params cp;
6222 bdaddr_t random_addr;
6225 err = hci_update_random_address_sync(hdev, false, conn_use_rpa(conn),
6230 /* Set require_privacy to false so that the remote device has a
6231 * chance of identifying us.
6233 err = hci_get_random_address(hdev, false, conn_use_rpa(conn), NULL,
6234 &own_addr_type, &random_addr);
6238 memset(&cp, 0, sizeof(cp));
6240 cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_DIRECT_IND);
6241 cp.channel_map = hdev->le_adv_channel_map;
6242 cp.tx_power = HCI_TX_POWER_INVALID;
6243 cp.primary_phy = HCI_ADV_PHY_1M;
6244 cp.secondary_phy = HCI_ADV_PHY_1M;
6245 cp.handle = 0x00; /* Use instance 0 for directed adv */
6246 cp.own_addr_type = own_addr_type;
6247 cp.peer_addr_type = conn->dst_type;
6248 bacpy(&cp.peer_addr, &conn->dst);
6250 /* As per Core Spec 5.2 Vol 2, PART E, Sec 7.8.53, for
6251 * advertising_event_property LE_LEGACY_ADV_DIRECT_IND
6252 * does not supports advertising data when the advertising set already
6253 * contains some, the controller shall return erroc code 'Invalid
6254 * HCI Command Parameters(0x12).
6255 * So it is required to remove adv set for handle 0x00. since we use
6256 * instance 0 for directed adv.
6258 err = hci_remove_ext_adv_instance_sync(hdev, cp.handle, NULL);
6262 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS,
6263 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
6267 /* Check if random address need to be updated */
6268 if (own_addr_type == ADDR_LE_DEV_RANDOM &&
6269 bacmp(&random_addr, BDADDR_ANY) &&
6270 bacmp(&random_addr, &hdev->random_addr)) {
6271 err = hci_set_adv_set_random_addr_sync(hdev, 0x00,
6277 return hci_enable_ext_advertising_sync(hdev, 0x00);
6280 static int hci_le_directed_advertising_sync(struct hci_dev *hdev,
6281 struct hci_conn *conn)
6283 struct hci_cp_le_set_adv_param cp;
6288 if (ext_adv_capable(hdev))
6289 return hci_le_ext_directed_advertising_sync(hdev, conn);
6291 /* Clear the HCI_LE_ADV bit temporarily so that the
6292 * hci_update_random_address knows that it's safe to go ahead
6293 * and write a new random address. The flag will be set back on
6294 * as soon as the SET_ADV_ENABLE HCI command completes.
6296 hci_dev_clear_flag(hdev, HCI_LE_ADV);
6298 /* Set require_privacy to false so that the remote device has a
6299 * chance of identifying us.
6301 status = hci_update_random_address_sync(hdev, false, conn_use_rpa(conn),
6306 memset(&cp, 0, sizeof(cp));
6308 /* Some controllers might reject command if intervals are not
6309 * within range for undirected advertising.
6310 * BCM20702A0 is known to be affected by this.
6312 cp.min_interval = cpu_to_le16(0x0020);
6313 cp.max_interval = cpu_to_le16(0x0020);
6315 cp.type = LE_ADV_DIRECT_IND;
6316 cp.own_address_type = own_addr_type;
6317 cp.direct_addr_type = conn->dst_type;
6318 bacpy(&cp.direct_addr, &conn->dst);
6319 cp.channel_map = hdev->le_adv_channel_map;
6321 status = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_PARAM,
6322 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
6328 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_ENABLE,
6329 sizeof(enable), &enable, HCI_CMD_TIMEOUT);
6332 static void set_ext_conn_params(struct hci_conn *conn,
6333 struct hci_cp_le_ext_conn_param *p)
6335 struct hci_dev *hdev = conn->hdev;
6337 memset(p, 0, sizeof(*p));
6339 p->scan_interval = cpu_to_le16(hdev->le_scan_int_connect);
6340 p->scan_window = cpu_to_le16(hdev->le_scan_window_connect);
6341 p->conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
6342 p->conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
6343 p->conn_latency = cpu_to_le16(conn->le_conn_latency);
6344 p->supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
6345 p->min_ce_len = cpu_to_le16(0x0000);
6346 p->max_ce_len = cpu_to_le16(0x0000);
6349 static int hci_le_ext_create_conn_sync(struct hci_dev *hdev,
6350 struct hci_conn *conn, u8 own_addr_type)
6352 struct hci_cp_le_ext_create_conn *cp;
6353 struct hci_cp_le_ext_conn_param *p;
6354 u8 data[sizeof(*cp) + sizeof(*p) * 3];
6358 p = (void *)cp->data;
6360 memset(cp, 0, sizeof(*cp));
6362 bacpy(&cp->peer_addr, &conn->dst);
6363 cp->peer_addr_type = conn->dst_type;
6364 cp->own_addr_type = own_addr_type;
6368 if (scan_1m(hdev) && (conn->le_adv_phy == HCI_ADV_PHY_1M ||
6369 conn->le_adv_sec_phy == HCI_ADV_PHY_1M)) {
6370 cp->phys |= LE_SCAN_PHY_1M;
6371 set_ext_conn_params(conn, p);
6377 if (scan_2m(hdev) && (conn->le_adv_phy == HCI_ADV_PHY_2M ||
6378 conn->le_adv_sec_phy == HCI_ADV_PHY_2M)) {
6379 cp->phys |= LE_SCAN_PHY_2M;
6380 set_ext_conn_params(conn, p);
6386 if (scan_coded(hdev) && (conn->le_adv_phy == HCI_ADV_PHY_CODED ||
6387 conn->le_adv_sec_phy == HCI_ADV_PHY_CODED)) {
6388 cp->phys |= LE_SCAN_PHY_CODED;
6389 set_ext_conn_params(conn, p);
6394 return __hci_cmd_sync_status_sk(hdev, HCI_OP_LE_EXT_CREATE_CONN,
6396 HCI_EV_LE_ENHANCED_CONN_COMPLETE,
6397 conn->conn_timeout, NULL);
6400 static int hci_le_create_conn_sync(struct hci_dev *hdev, void *data)
6402 struct hci_cp_le_create_conn cp;
6403 struct hci_conn_params *params;
6406 struct hci_conn *conn = data;
6408 if (!hci_conn_valid(hdev, conn))
6411 bt_dev_dbg(hdev, "conn %p", conn);
6413 clear_bit(HCI_CONN_SCANNING, &conn->flags);
6414 conn->state = BT_CONNECT;
6416 /* If requested to connect as peripheral use directed advertising */
6417 if (conn->role == HCI_ROLE_SLAVE) {
6418 /* If we're active scanning and simultaneous roles is not
6419 * enabled simply reject the attempt.
6421 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
6422 hdev->le_scan_type == LE_SCAN_ACTIVE &&
6423 !hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES)) {
6428 /* Pause advertising while doing directed advertising. */
6429 hci_pause_advertising_sync(hdev);
6431 err = hci_le_directed_advertising_sync(hdev, conn);
6435 /* Disable advertising if simultaneous roles is not in use. */
6436 if (!hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES))
6437 hci_pause_advertising_sync(hdev);
6439 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
6441 conn->le_conn_min_interval = params->conn_min_interval;
6442 conn->le_conn_max_interval = params->conn_max_interval;
6443 conn->le_conn_latency = params->conn_latency;
6444 conn->le_supv_timeout = params->supervision_timeout;
6446 conn->le_conn_min_interval = hdev->le_conn_min_interval;
6447 conn->le_conn_max_interval = hdev->le_conn_max_interval;
6448 conn->le_conn_latency = hdev->le_conn_latency;
6449 conn->le_supv_timeout = hdev->le_supv_timeout;
6452 /* If controller is scanning, we stop it since some controllers are
6453 * not able to scan and connect at the same time. Also set the
6454 * HCI_LE_SCAN_INTERRUPTED flag so that the command complete
6455 * handler for scan disabling knows to set the correct discovery
6458 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
6459 hci_scan_disable_sync(hdev);
6460 hci_dev_set_flag(hdev, HCI_LE_SCAN_INTERRUPTED);
6463 /* Update random address, but set require_privacy to false so
6464 * that we never connect with an non-resolvable address.
6466 err = hci_update_random_address_sync(hdev, false, conn_use_rpa(conn),
6471 if (use_ext_conn(hdev)) {
6472 err = hci_le_ext_create_conn_sync(hdev, conn, own_addr_type);
6476 memset(&cp, 0, sizeof(cp));
6478 cp.scan_interval = cpu_to_le16(hdev->le_scan_int_connect);
6479 cp.scan_window = cpu_to_le16(hdev->le_scan_window_connect);
6481 bacpy(&cp.peer_addr, &conn->dst);
6482 cp.peer_addr_type = conn->dst_type;
6483 cp.own_address_type = own_addr_type;
6484 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
6485 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
6486 cp.conn_latency = cpu_to_le16(conn->le_conn_latency);
6487 cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
6488 cp.min_ce_len = cpu_to_le16(0x0000);
6489 cp.max_ce_len = cpu_to_le16(0x0000);
6491 /* BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E page 2261:
6493 * If this event is unmasked and the HCI_LE_Connection_Complete event
6494 * is unmasked, only the HCI_LE_Enhanced_Connection_Complete event is
6495 * sent when a new connection has been created.
6497 err = __hci_cmd_sync_status_sk(hdev, HCI_OP_LE_CREATE_CONN,
6499 use_enhanced_conn_complete(hdev) ?
6500 HCI_EV_LE_ENHANCED_CONN_COMPLETE :
6501 HCI_EV_LE_CONN_COMPLETE,
6502 conn->conn_timeout, NULL);
6505 if (err == -ETIMEDOUT)
6506 hci_le_connect_cancel_sync(hdev, conn, 0x00);
6508 /* Re-enable advertising after the connection attempt is finished. */
6509 hci_resume_advertising_sync(hdev);
6513 int hci_le_create_cis_sync(struct hci_dev *hdev)
6515 DEFINE_FLEX(struct hci_cp_le_create_cis, cmd, cis, num_cis, 0x1f);
6516 size_t aux_num_cis = 0;
6517 struct hci_conn *conn;
6518 u8 cig = BT_ISO_QOS_CIG_UNSET;
6520 /* The spec allows only one pending LE Create CIS command at a time. If
6521 * the command is pending now, don't do anything. We check for pending
6522 * connections after each CIS Established event.
6524 * BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E
6527 * If the Host issues this command before all the
6528 * HCI_LE_CIS_Established events from the previous use of the
6529 * command have been generated, the Controller shall return the
6530 * error code Command Disallowed (0x0C).
6532 * BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E
6535 * When the Controller receives the HCI_LE_Create_CIS command, the
6536 * Controller sends the HCI_Command_Status event to the Host. An
6537 * HCI_LE_CIS_Established event will be generated for each CIS when it
6538 * is established or if it is disconnected or considered lost before
6539 * being established; until all the events are generated, the command
6547 /* Wait until previous Create CIS has completed */
6548 list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
6549 if (test_bit(HCI_CONN_CREATE_CIS, &conn->flags))
6553 /* Find CIG with all CIS ready */
6554 list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
6555 struct hci_conn *link;
6557 if (hci_conn_check_create_cis(conn))
6560 cig = conn->iso_qos.ucast.cig;
6562 list_for_each_entry_rcu(link, &hdev->conn_hash.list, list) {
6563 if (hci_conn_check_create_cis(link) > 0 &&
6564 link->iso_qos.ucast.cig == cig &&
6565 link->state != BT_CONNECTED) {
6566 cig = BT_ISO_QOS_CIG_UNSET;
6571 if (cig != BT_ISO_QOS_CIG_UNSET)
6575 if (cig == BT_ISO_QOS_CIG_UNSET)
6578 list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
6579 struct hci_cis *cis = &cmd->cis[aux_num_cis];
6581 if (hci_conn_check_create_cis(conn) ||
6582 conn->iso_qos.ucast.cig != cig)
6585 set_bit(HCI_CONN_CREATE_CIS, &conn->flags);
6586 cis->acl_handle = cpu_to_le16(conn->parent->handle);
6587 cis->cis_handle = cpu_to_le16(conn->handle);
6590 if (aux_num_cis >= cmd->num_cis)
6593 cmd->num_cis = aux_num_cis;
6598 hci_dev_unlock(hdev);
6603 /* Wait for HCI_LE_CIS_Established */
6604 return __hci_cmd_sync_status_sk(hdev, HCI_OP_LE_CREATE_CIS,
6605 struct_size(cmd, cis, cmd->num_cis),
6606 cmd, HCI_EVT_LE_CIS_ESTABLISHED,
6607 conn->conn_timeout, NULL);
6610 int hci_le_remove_cig_sync(struct hci_dev *hdev, u8 handle)
6612 struct hci_cp_le_remove_cig cp;
6614 memset(&cp, 0, sizeof(cp));
6617 return __hci_cmd_sync_status(hdev, HCI_OP_LE_REMOVE_CIG, sizeof(cp),
6618 &cp, HCI_CMD_TIMEOUT);
6621 int hci_le_big_terminate_sync(struct hci_dev *hdev, u8 handle)
6623 struct hci_cp_le_big_term_sync cp;
6625 memset(&cp, 0, sizeof(cp));
6628 return __hci_cmd_sync_status(hdev, HCI_OP_LE_BIG_TERM_SYNC,
6629 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
6632 int hci_le_pa_terminate_sync(struct hci_dev *hdev, u16 handle)
6634 struct hci_cp_le_pa_term_sync cp;
6636 memset(&cp, 0, sizeof(cp));
6637 cp.handle = cpu_to_le16(handle);
6639 return __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_TERM_SYNC,
6640 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
6643 int hci_get_random_address(struct hci_dev *hdev, bool require_privacy,
6644 bool use_rpa, struct adv_info *adv_instance,
6645 u8 *own_addr_type, bdaddr_t *rand_addr)
6649 bacpy(rand_addr, BDADDR_ANY);
6651 /* If privacy is enabled use a resolvable private address. If
6652 * current RPA has expired then generate a new one.
6655 /* If Controller supports LL Privacy use own address type is
6658 if (use_ll_privacy(hdev))
6659 *own_addr_type = ADDR_LE_DEV_RANDOM_RESOLVED;
6661 *own_addr_type = ADDR_LE_DEV_RANDOM;
6664 if (adv_rpa_valid(adv_instance))
6667 if (rpa_valid(hdev))
6671 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
6673 bt_dev_err(hdev, "failed to generate new RPA");
6677 bacpy(rand_addr, &hdev->rpa);
6682 /* In case of required privacy without resolvable private address,
6683 * use an non-resolvable private address. This is useful for
6684 * non-connectable advertising.
6686 if (require_privacy) {
6690 /* The non-resolvable private address is generated
6691 * from random six bytes with the two most significant
6694 get_random_bytes(&nrpa, 6);
6697 /* The non-resolvable private address shall not be
6698 * equal to the public address.
6700 if (bacmp(&hdev->bdaddr, &nrpa))
6704 *own_addr_type = ADDR_LE_DEV_RANDOM;
6705 bacpy(rand_addr, &nrpa);
6710 /* No privacy so use a public address. */
6711 *own_addr_type = ADDR_LE_DEV_PUBLIC;
6716 static int _update_adv_data_sync(struct hci_dev *hdev, void *data)
6718 u8 instance = PTR_UINT(data);
6720 return hci_update_adv_data_sync(hdev, instance);
6723 int hci_update_adv_data(struct hci_dev *hdev, u8 instance)
6725 return hci_cmd_sync_queue(hdev, _update_adv_data_sync,
6726 UINT_PTR(instance), NULL);
6729 static int hci_acl_create_conn_sync(struct hci_dev *hdev, void *data)
6731 struct hci_conn *conn = data;
6732 struct inquiry_entry *ie;
6733 struct hci_cp_create_conn cp;
6736 if (!hci_conn_valid(hdev, conn))
6739 /* Many controllers disallow HCI Create Connection while it is doing
6740 * HCI Inquiry. So we cancel the Inquiry first before issuing HCI Create
6741 * Connection. This may cause the MGMT discovering state to become false
6742 * without user space's request but it is okay since the MGMT Discovery
6743 * APIs do not promise that discovery should be done forever. Instead,
6744 * the user space monitors the status of MGMT discovering and it may
6745 * request for discovery again when this flag becomes false.
6747 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
6748 err = __hci_cmd_sync_status(hdev, HCI_OP_INQUIRY_CANCEL, 0,
6749 NULL, HCI_CMD_TIMEOUT);
6751 bt_dev_warn(hdev, "Failed to cancel inquiry %d", err);
6754 conn->state = BT_CONNECT;
6756 conn->role = HCI_ROLE_MASTER;
6760 conn->link_policy = hdev->link_policy;
6762 memset(&cp, 0, sizeof(cp));
6763 bacpy(&cp.bdaddr, &conn->dst);
6764 cp.pscan_rep_mode = 0x02;
6766 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
6768 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
6769 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
6770 cp.pscan_mode = ie->data.pscan_mode;
6771 cp.clock_offset = ie->data.clock_offset |
6772 cpu_to_le16(0x8000);
6775 memcpy(conn->dev_class, ie->data.dev_class, 3);
6778 cp.pkt_type = cpu_to_le16(conn->pkt_type);
6779 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
6780 cp.role_switch = 0x01;
6782 cp.role_switch = 0x00;
6784 return __hci_cmd_sync_status_sk(hdev, HCI_OP_CREATE_CONN,
6786 HCI_EV_CONN_COMPLETE,
6787 conn->conn_timeout, NULL);
6790 int hci_connect_acl_sync(struct hci_dev *hdev, struct hci_conn *conn)
6792 return hci_cmd_sync_queue_once(hdev, hci_acl_create_conn_sync, conn,
6796 static void create_le_conn_complete(struct hci_dev *hdev, void *data, int err)
6798 struct hci_conn *conn = data;
6800 bt_dev_dbg(hdev, "err %d", err);
6802 if (err == -ECANCELED)
6807 if (!hci_conn_valid(hdev, conn))
6811 hci_connect_le_scan_cleanup(conn, 0x00);
6815 /* Check if connection is still pending */
6816 if (conn != hci_lookup_le_connect(hdev))
6819 /* Flush to make sure we send create conn cancel command if needed */
6820 flush_delayed_work(&conn->le_conn_timeout);
6821 hci_conn_failed(conn, bt_status(err));
6824 hci_dev_unlock(hdev);
6827 int hci_connect_le_sync(struct hci_dev *hdev, struct hci_conn *conn)
6829 return hci_cmd_sync_queue_once(hdev, hci_le_create_conn_sync, conn,
6830 create_le_conn_complete);
6833 int hci_cancel_connect_sync(struct hci_dev *hdev, struct hci_conn *conn)
6835 if (conn->state != BT_OPEN)
6838 switch (conn->type) {
6840 return !hci_cmd_sync_dequeue_once(hdev,
6841 hci_acl_create_conn_sync,
6844 return !hci_cmd_sync_dequeue_once(hdev, hci_le_create_conn_sync,
6845 conn, create_le_conn_complete);
6851 int hci_le_conn_update_sync(struct hci_dev *hdev, struct hci_conn *conn,
6852 struct hci_conn_params *params)
6854 struct hci_cp_le_conn_update cp;
6856 memset(&cp, 0, sizeof(cp));
6857 cp.handle = cpu_to_le16(conn->handle);
6858 cp.conn_interval_min = cpu_to_le16(params->conn_min_interval);
6859 cp.conn_interval_max = cpu_to_le16(params->conn_max_interval);
6860 cp.conn_latency = cpu_to_le16(params->conn_latency);
6861 cp.supervision_timeout = cpu_to_le16(params->supervision_timeout);
6862 cp.min_ce_len = cpu_to_le16(0x0000);
6863 cp.max_ce_len = cpu_to_le16(0x0000);
6865 return __hci_cmd_sync_status(hdev, HCI_OP_LE_CONN_UPDATE,
6866 sizeof(cp), &cp, HCI_CMD_TIMEOUT);
projects / linux.git / blob