aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth/hci_core.c
diff options
context:
space:
mode:
authorJames Morris <james.l.morris@oracle.com>2014-11-19 05:32:12 -0500
committerJames Morris <james.l.morris@oracle.com>2014-11-19 05:32:12 -0500
commitb10778a00d40b3d9fdaaf5891e802794781ff71c (patch)
tree6ba4cbac86eecedc3f30650e7f764ecf00c83898 /net/bluetooth/hci_core.c
parent594081ee7145cc30a3977cb4e218f81213b63dc5 (diff)
parentbfe01a5ba2490f299e1d2d5508cbbbadd897bbe9 (diff)
Merge commit 'v3.17' into next
Diffstat (limited to 'net/bluetooth/hci_core.c')
-rw-r--r--net/bluetooth/hci_core.c1206
1 files changed, 749 insertions, 457 deletions
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 0a43cce9a914..1d9c29a00568 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -35,6 +35,7 @@
35#include <net/bluetooth/bluetooth.h> 35#include <net/bluetooth/bluetooth.h>
36#include <net/bluetooth/hci_core.h> 36#include <net/bluetooth/hci_core.h>
37#include <net/bluetooth/l2cap.h> 37#include <net/bluetooth/l2cap.h>
38#include <net/bluetooth/mgmt.h>
38 39
39#include "smp.h" 40#include "smp.h"
40 41
@@ -53,6 +54,15 @@ DEFINE_RWLOCK(hci_cb_list_lock);
53/* HCI ID Numbering */ 54/* HCI ID Numbering */
54static DEFINE_IDA(hci_index_ida); 55static DEFINE_IDA(hci_index_ida);
55 56
57/* ----- HCI requests ----- */
58
59#define HCI_REQ_DONE 0
60#define HCI_REQ_PEND 1
61#define HCI_REQ_CANCELED 2
62
63#define hci_req_lock(d) mutex_lock(&d->req_lock)
64#define hci_req_unlock(d) mutex_unlock(&d->req_lock)
65
56/* ---- HCI notifications ---- */ 66/* ---- HCI notifications ---- */
57 67
58static void hci_notify(struct hci_dev *hdev, int event) 68static void hci_notify(struct hci_dev *hdev, int event)
@@ -68,7 +78,7 @@ static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
68 struct hci_dev *hdev = file->private_data; 78 struct hci_dev *hdev = file->private_data;
69 char buf[3]; 79 char buf[3];
70 80
71 buf[0] = test_bit(HCI_DUT_MODE, &hdev->dev_flags) ? 'Y': 'N'; 81 buf[0] = test_bit(HCI_DUT_MODE, &hdev->dbg_flags) ? 'Y': 'N';
72 buf[1] = '\n'; 82 buf[1] = '\n';
73 buf[2] = '\0'; 83 buf[2] = '\0';
74 return simple_read_from_buffer(user_buf, count, ppos, buf, 2); 84 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
@@ -94,7 +104,7 @@ static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
94 if (strtobool(buf, &enable)) 104 if (strtobool(buf, &enable))
95 return -EINVAL; 105 return -EINVAL;
96 106
97 if (enable == test_bit(HCI_DUT_MODE, &hdev->dev_flags)) 107 if (enable == test_bit(HCI_DUT_MODE, &hdev->dbg_flags))
98 return -EALREADY; 108 return -EALREADY;
99 109
100 hci_req_lock(hdev); 110 hci_req_lock(hdev);
@@ -115,7 +125,7 @@ static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
115 if (err < 0) 125 if (err < 0)
116 return err; 126 return err;
117 127
118 change_bit(HCI_DUT_MODE, &hdev->dev_flags); 128 change_bit(HCI_DUT_MODE, &hdev->dbg_flags);
119 129
120 return count; 130 return count;
121} 131}
@@ -190,6 +200,31 @@ static const struct file_operations blacklist_fops = {
190 .release = single_release, 200 .release = single_release,
191}; 201};
192 202
203static int whitelist_show(struct seq_file *f, void *p)
204{
205 struct hci_dev *hdev = f->private;
206 struct bdaddr_list *b;
207
208 hci_dev_lock(hdev);
209 list_for_each_entry(b, &hdev->whitelist, list)
210 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
211 hci_dev_unlock(hdev);
212
213 return 0;
214}
215
216static int whitelist_open(struct inode *inode, struct file *file)
217{
218 return single_open(file, whitelist_show, inode->i_private);
219}
220
221static const struct file_operations whitelist_fops = {
222 .open = whitelist_open,
223 .read = seq_read,
224 .llseek = seq_lseek,
225 .release = single_release,
226};
227
193static int uuids_show(struct seq_file *f, void *p) 228static int uuids_show(struct seq_file *f, void *p)
194{ 229{
195 struct hci_dev *hdev = f->private; 230 struct hci_dev *hdev = f->private;
@@ -352,62 +387,13 @@ static int auto_accept_delay_get(void *data, u64 *val)
352DEFINE_SIMPLE_ATTRIBUTE(auto_accept_delay_fops, auto_accept_delay_get, 387DEFINE_SIMPLE_ATTRIBUTE(auto_accept_delay_fops, auto_accept_delay_get,
353 auto_accept_delay_set, "%llu\n"); 388 auto_accept_delay_set, "%llu\n");
354 389
355static int ssp_debug_mode_set(void *data, u64 val)
356{
357 struct hci_dev *hdev = data;
358 struct sk_buff *skb;
359 __u8 mode;
360 int err;
361
362 if (val != 0 && val != 1)
363 return -EINVAL;
364
365 if (!test_bit(HCI_UP, &hdev->flags))
366 return -ENETDOWN;
367
368 hci_req_lock(hdev);
369 mode = val;
370 skb = __hci_cmd_sync(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, sizeof(mode),
371 &mode, HCI_CMD_TIMEOUT);
372 hci_req_unlock(hdev);
373
374 if (IS_ERR(skb))
375 return PTR_ERR(skb);
376
377 err = -bt_to_errno(skb->data[0]);
378 kfree_skb(skb);
379
380 if (err < 0)
381 return err;
382
383 hci_dev_lock(hdev);
384 hdev->ssp_debug_mode = val;
385 hci_dev_unlock(hdev);
386
387 return 0;
388}
389
390static int ssp_debug_mode_get(void *data, u64 *val)
391{
392 struct hci_dev *hdev = data;
393
394 hci_dev_lock(hdev);
395 *val = hdev->ssp_debug_mode;
396 hci_dev_unlock(hdev);
397
398 return 0;
399}
400
401DEFINE_SIMPLE_ATTRIBUTE(ssp_debug_mode_fops, ssp_debug_mode_get,
402 ssp_debug_mode_set, "%llu\n");
403
404static ssize_t force_sc_support_read(struct file *file, char __user *user_buf, 390static ssize_t force_sc_support_read(struct file *file, char __user *user_buf,
405 size_t count, loff_t *ppos) 391 size_t count, loff_t *ppos)
406{ 392{
407 struct hci_dev *hdev = file->private_data; 393 struct hci_dev *hdev = file->private_data;
408 char buf[3]; 394 char buf[3];
409 395
410 buf[0] = test_bit(HCI_FORCE_SC, &hdev->dev_flags) ? 'Y': 'N'; 396 buf[0] = test_bit(HCI_FORCE_SC, &hdev->dbg_flags) ? 'Y': 'N';
411 buf[1] = '\n'; 397 buf[1] = '\n';
412 buf[2] = '\0'; 398 buf[2] = '\0';
413 return simple_read_from_buffer(user_buf, count, ppos, buf, 2); 399 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
@@ -432,10 +418,10 @@ static ssize_t force_sc_support_write(struct file *file,
432 if (strtobool(buf, &enable)) 418 if (strtobool(buf, &enable))
433 return -EINVAL; 419 return -EINVAL;
434 420
435 if (enable == test_bit(HCI_FORCE_SC, &hdev->dev_flags)) 421 if (enable == test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
436 return -EALREADY; 422 return -EALREADY;
437 423
438 change_bit(HCI_FORCE_SC, &hdev->dev_flags); 424 change_bit(HCI_FORCE_SC, &hdev->dbg_flags);
439 425
440 return count; 426 return count;
441} 427}
@@ -719,7 +705,7 @@ static ssize_t force_static_address_read(struct file *file,
719 struct hci_dev *hdev = file->private_data; 705 struct hci_dev *hdev = file->private_data;
720 char buf[3]; 706 char buf[3];
721 707
722 buf[0] = test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dev_flags) ? 'Y': 'N'; 708 buf[0] = test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ? 'Y': 'N';
723 buf[1] = '\n'; 709 buf[1] = '\n';
724 buf[2] = '\0'; 710 buf[2] = '\0';
725 return simple_read_from_buffer(user_buf, count, ppos, buf, 2); 711 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
@@ -744,10 +730,10 @@ static ssize_t force_static_address_write(struct file *file,
744 if (strtobool(buf, &enable)) 730 if (strtobool(buf, &enable))
745 return -EINVAL; 731 return -EINVAL;
746 732
747 if (enable == test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dev_flags)) 733 if (enable == test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags))
748 return -EALREADY; 734 return -EALREADY;
749 735
750 change_bit(HCI_FORCE_STATIC_ADDR, &hdev->dev_flags); 736 change_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags);
751 737
752 return count; 738 return count;
753} 739}
@@ -900,177 +886,169 @@ static int conn_max_interval_get(void *data, u64 *val)
900DEFINE_SIMPLE_ATTRIBUTE(conn_max_interval_fops, conn_max_interval_get, 886DEFINE_SIMPLE_ATTRIBUTE(conn_max_interval_fops, conn_max_interval_get,
901 conn_max_interval_set, "%llu\n"); 887 conn_max_interval_set, "%llu\n");
902 888
903static int adv_channel_map_set(void *data, u64 val) 889static int conn_latency_set(void *data, u64 val)
904{ 890{
905 struct hci_dev *hdev = data; 891 struct hci_dev *hdev = data;
906 892
907 if (val < 0x01 || val > 0x07) 893 if (val > 0x01f3)
908 return -EINVAL; 894 return -EINVAL;
909 895
910 hci_dev_lock(hdev); 896 hci_dev_lock(hdev);
911 hdev->le_adv_channel_map = val; 897 hdev->le_conn_latency = val;
912 hci_dev_unlock(hdev); 898 hci_dev_unlock(hdev);
913 899
914 return 0; 900 return 0;
915} 901}
916 902
917static int adv_channel_map_get(void *data, u64 *val) 903static int conn_latency_get(void *data, u64 *val)
918{ 904{
919 struct hci_dev *hdev = data; 905 struct hci_dev *hdev = data;
920 906
921 hci_dev_lock(hdev); 907 hci_dev_lock(hdev);
922 *val = hdev->le_adv_channel_map; 908 *val = hdev->le_conn_latency;
923 hci_dev_unlock(hdev); 909 hci_dev_unlock(hdev);
924 910
925 return 0; 911 return 0;
926} 912}
927 913
928DEFINE_SIMPLE_ATTRIBUTE(adv_channel_map_fops, adv_channel_map_get, 914DEFINE_SIMPLE_ATTRIBUTE(conn_latency_fops, conn_latency_get,
929 adv_channel_map_set, "%llu\n"); 915 conn_latency_set, "%llu\n");
930 916
931static ssize_t lowpan_read(struct file *file, char __user *user_buf, 917static int supervision_timeout_set(void *data, u64 val)
932 size_t count, loff_t *ppos)
933{ 918{
934 struct hci_dev *hdev = file->private_data; 919 struct hci_dev *hdev = data;
935 char buf[3];
936 920
937 buf[0] = test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags) ? 'Y' : 'N'; 921 if (val < 0x000a || val > 0x0c80)
938 buf[1] = '\n'; 922 return -EINVAL;
939 buf[2] = '\0'; 923
940 return simple_read_from_buffer(user_buf, count, ppos, buf, 2); 924 hci_dev_lock(hdev);
925 hdev->le_supv_timeout = val;
926 hci_dev_unlock(hdev);
927
928 return 0;
941} 929}
942 930
943static ssize_t lowpan_write(struct file *fp, const char __user *user_buffer, 931static int supervision_timeout_get(void *data, u64 *val)
944 size_t count, loff_t *position)
945{ 932{
946 struct hci_dev *hdev = fp->private_data; 933 struct hci_dev *hdev = data;
947 bool enable;
948 char buf[32];
949 size_t buf_size = min(count, (sizeof(buf)-1));
950 934
951 if (copy_from_user(buf, user_buffer, buf_size)) 935 hci_dev_lock(hdev);
952 return -EFAULT; 936 *val = hdev->le_supv_timeout;
937 hci_dev_unlock(hdev);
953 938
954 buf[buf_size] = '\0'; 939 return 0;
940}
955 941
956 if (strtobool(buf, &enable) < 0) 942DEFINE_SIMPLE_ATTRIBUTE(supervision_timeout_fops, supervision_timeout_get,
957 return -EINVAL; 943 supervision_timeout_set, "%llu\n");
958 944
959 if (enable == test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags)) 945static int adv_channel_map_set(void *data, u64 val)
960 return -EALREADY; 946{
947 struct hci_dev *hdev = data;
961 948
962 change_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags); 949 if (val < 0x01 || val > 0x07)
950 return -EINVAL;
963 951
964 return count; 952 hci_dev_lock(hdev);
965} 953 hdev->le_adv_channel_map = val;
954 hci_dev_unlock(hdev);
966 955
967static const struct file_operations lowpan_debugfs_fops = { 956 return 0;
968 .open = simple_open, 957}
969 .read = lowpan_read,
970 .write = lowpan_write,
971 .llseek = default_llseek,
972};
973 958
974static int le_auto_conn_show(struct seq_file *sf, void *ptr) 959static int adv_channel_map_get(void *data, u64 *val)
975{ 960{
976 struct hci_dev *hdev = sf->private; 961 struct hci_dev *hdev = data;
977 struct hci_conn_params *p;
978 962
979 hci_dev_lock(hdev); 963 hci_dev_lock(hdev);
964 *val = hdev->le_adv_channel_map;
965 hci_dev_unlock(hdev);
980 966
981 list_for_each_entry(p, &hdev->le_conn_params, list) { 967 return 0;
982 seq_printf(sf, "%pMR %u %u\n", &p->addr, p->addr_type, 968}
983 p->auto_connect); 969
984 } 970DEFINE_SIMPLE_ATTRIBUTE(adv_channel_map_fops, adv_channel_map_get,
971 adv_channel_map_set, "%llu\n");
985 972
973static int adv_min_interval_set(void *data, u64 val)
974{
975 struct hci_dev *hdev = data;
976
977 if (val < 0x0020 || val > 0x4000 || val > hdev->le_adv_max_interval)
978 return -EINVAL;
979
980 hci_dev_lock(hdev);
981 hdev->le_adv_min_interval = val;
986 hci_dev_unlock(hdev); 982 hci_dev_unlock(hdev);
987 983
988 return 0; 984 return 0;
989} 985}
990 986
991static int le_auto_conn_open(struct inode *inode, struct file *file) 987static int adv_min_interval_get(void *data, u64 *val)
992{ 988{
993 return single_open(file, le_auto_conn_show, inode->i_private); 989 struct hci_dev *hdev = data;
990
991 hci_dev_lock(hdev);
992 *val = hdev->le_adv_min_interval;
993 hci_dev_unlock(hdev);
994
995 return 0;
994} 996}
995 997
996static ssize_t le_auto_conn_write(struct file *file, const char __user *data, 998DEFINE_SIMPLE_ATTRIBUTE(adv_min_interval_fops, adv_min_interval_get,
997 size_t count, loff_t *offset) 999 adv_min_interval_set, "%llu\n");
1000
1001static int adv_max_interval_set(void *data, u64 val)
998{ 1002{
999 struct seq_file *sf = file->private_data; 1003 struct hci_dev *hdev = data;
1000 struct hci_dev *hdev = sf->private;
1001 u8 auto_connect = 0;
1002 bdaddr_t addr;
1003 u8 addr_type;
1004 char *buf;
1005 int err = 0;
1006 int n;
1007 1004
1008 /* Don't allow partial write */ 1005 if (val < 0x0020 || val > 0x4000 || val < hdev->le_adv_min_interval)
1009 if (*offset != 0)
1010 return -EINVAL; 1006 return -EINVAL;
1011 1007
1012 if (count < 3) 1008 hci_dev_lock(hdev);
1013 return -EINVAL; 1009 hdev->le_adv_max_interval = val;
1010 hci_dev_unlock(hdev);
1014 1011
1015 buf = memdup_user(data, count); 1012 return 0;
1016 if (IS_ERR(buf)) 1013}
1017 return PTR_ERR(buf);
1018 1014
1019 if (memcmp(buf, "add", 3) == 0) { 1015static int adv_max_interval_get(void *data, u64 *val)
1020 n = sscanf(&buf[4], "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx %hhu %hhu", 1016{
1021 &addr.b[5], &addr.b[4], &addr.b[3], &addr.b[2], 1017 struct hci_dev *hdev = data;
1022 &addr.b[1], &addr.b[0], &addr_type,
1023 &auto_connect);
1024 1018
1025 if (n < 7) { 1019 hci_dev_lock(hdev);
1026 err = -EINVAL; 1020 *val = hdev->le_adv_max_interval;
1027 goto done; 1021 hci_dev_unlock(hdev);
1028 }
1029 1022
1030 hci_dev_lock(hdev); 1023 return 0;
1031 err = hci_conn_params_add(hdev, &addr, addr_type, auto_connect, 1024}
1032 hdev->le_conn_min_interval,
1033 hdev->le_conn_max_interval);
1034 hci_dev_unlock(hdev);
1035 1025
1036 if (err) 1026DEFINE_SIMPLE_ATTRIBUTE(adv_max_interval_fops, adv_max_interval_get,
1037 goto done; 1027 adv_max_interval_set, "%llu\n");
1038 } else if (memcmp(buf, "del", 3) == 0) {
1039 n = sscanf(&buf[4], "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx %hhu",
1040 &addr.b[5], &addr.b[4], &addr.b[3], &addr.b[2],
1041 &addr.b[1], &addr.b[0], &addr_type);
1042 1028
1043 if (n < 7) { 1029static int device_list_show(struct seq_file *f, void *ptr)
1044 err = -EINVAL; 1030{
1045 goto done; 1031 struct hci_dev *hdev = f->private;
1046 } 1032 struct hci_conn_params *p;
1047 1033
1048 hci_dev_lock(hdev); 1034 hci_dev_lock(hdev);
1049 hci_conn_params_del(hdev, &addr, addr_type); 1035 list_for_each_entry(p, &hdev->le_conn_params, list) {
1050 hci_dev_unlock(hdev); 1036 seq_printf(f, "%pMR %u %u\n", &p->addr, p->addr_type,
1051 } else if (memcmp(buf, "clr", 3) == 0) { 1037 p->auto_connect);
1052 hci_dev_lock(hdev);
1053 hci_conn_params_clear(hdev);
1054 hci_pend_le_conns_clear(hdev);
1055 hci_update_background_scan(hdev);
1056 hci_dev_unlock(hdev);
1057 } else {
1058 err = -EINVAL;
1059 } 1038 }
1039 hci_dev_unlock(hdev);
1060 1040
1061done: 1041 return 0;
1062 kfree(buf); 1042}
1063 1043
1064 if (err) 1044static int device_list_open(struct inode *inode, struct file *file)
1065 return err; 1045{
1066 else 1046 return single_open(file, device_list_show, inode->i_private);
1067 return count;
1068} 1047}
1069 1048
1070static const struct file_operations le_auto_conn_fops = { 1049static const struct file_operations device_list_fops = {
1071 .open = le_auto_conn_open, 1050 .open = device_list_open,
1072 .read = seq_read, 1051 .read = seq_read,
1073 .write = le_auto_conn_write,
1074 .llseek = seq_lseek, 1052 .llseek = seq_lseek,
1075 .release = single_release, 1053 .release = single_release,
1076}; 1054};
@@ -1426,9 +1404,6 @@ static void le_setup(struct hci_request *req)
1426 /* Read LE Supported States */ 1404 /* Read LE Supported States */
1427 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL); 1405 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
1428 1406
1429 /* Read LE Advertising Channel TX Power */
1430 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
1431
1432 /* Read LE White List Size */ 1407 /* Read LE White List Size */
1433 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL); 1408 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL);
1434 1409
@@ -1503,14 +1478,17 @@ static void hci_setup_event_mask(struct hci_request *req)
1503 /* Use a different default for LE-only devices */ 1478 /* Use a different default for LE-only devices */
1504 memset(events, 0, sizeof(events)); 1479 memset(events, 0, sizeof(events));
1505 events[0] |= 0x10; /* Disconnection Complete */ 1480 events[0] |= 0x10; /* Disconnection Complete */
1506 events[0] |= 0x80; /* Encryption Change */
1507 events[1] |= 0x08; /* Read Remote Version Information Complete */ 1481 events[1] |= 0x08; /* Read Remote Version Information Complete */
1508 events[1] |= 0x20; /* Command Complete */ 1482 events[1] |= 0x20; /* Command Complete */
1509 events[1] |= 0x40; /* Command Status */ 1483 events[1] |= 0x40; /* Command Status */
1510 events[1] |= 0x80; /* Hardware Error */ 1484 events[1] |= 0x80; /* Hardware Error */
1511 events[2] |= 0x04; /* Number of Completed Packets */ 1485 events[2] |= 0x04; /* Number of Completed Packets */
1512 events[3] |= 0x02; /* Data Buffer Overflow */ 1486 events[3] |= 0x02; /* Data Buffer Overflow */
1513 events[5] |= 0x80; /* Encryption Key Refresh Complete */ 1487
1488 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
1489 events[0] |= 0x80; /* Encryption Change */
1490 events[5] |= 0x80; /* Encryption Key Refresh Complete */
1491 }
1514 } 1492 }
1515 1493
1516 if (lmp_inq_rssi_capable(hdev)) 1494 if (lmp_inq_rssi_capable(hdev))
@@ -1549,13 +1527,6 @@ static void hci_setup_event_mask(struct hci_request *req)
1549 events[7] |= 0x20; /* LE Meta-Event */ 1527 events[7] |= 0x20; /* LE Meta-Event */
1550 1528
1551 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events); 1529 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
1552
1553 if (lmp_le_capable(hdev)) {
1554 memset(events, 0, sizeof(events));
1555 events[0] = 0x1f;
1556 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK,
1557 sizeof(events), events);
1558 }
1559} 1530}
1560 1531
1561static void hci_init2_req(struct hci_request *req, unsigned long opt) 1532static void hci_init2_req(struct hci_request *req, unsigned long opt)
@@ -1570,8 +1541,6 @@ static void hci_init2_req(struct hci_request *req, unsigned long opt)
1570 if (lmp_le_capable(hdev)) 1541 if (lmp_le_capable(hdev))
1571 le_setup(req); 1542 le_setup(req);
1572 1543
1573 hci_setup_event_mask(req);
1574
1575 /* AVM Berlin (31), aka "BlueFRITZ!", doesn't support the read 1544 /* AVM Berlin (31), aka "BlueFRITZ!", doesn't support the read
1576 * local supported commands HCI command. 1545 * local supported commands HCI command.
1577 */ 1546 */
@@ -1654,7 +1623,7 @@ static void hci_set_le_support(struct hci_request *req)
1654 1623
1655 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { 1624 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1656 cp.le = 0x01; 1625 cp.le = 0x01;
1657 cp.simul = lmp_le_br_capable(hdev); 1626 cp.simul = 0x00;
1658 } 1627 }
1659 1628
1660 if (cp.le != lmp_host_le_capable(hdev)) 1629 if (cp.le != lmp_host_le_capable(hdev))
@@ -1688,7 +1657,7 @@ static void hci_set_event_mask_page_2(struct hci_request *req)
1688 } 1657 }
1689 1658
1690 /* Enable Authenticated Payload Timeout Expired event if supported */ 1659 /* Enable Authenticated Payload Timeout Expired event if supported */
1691 if (lmp_ping_capable(hdev)) 1660 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING)
1692 events[2] |= 0x80; 1661 events[2] |= 0x80;
1693 1662
1694 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2, sizeof(events), events); 1663 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2, sizeof(events), events);
@@ -1699,6 +1668,8 @@ static void hci_init3_req(struct hci_request *req, unsigned long opt)
1699 struct hci_dev *hdev = req->hdev; 1668 struct hci_dev *hdev = req->hdev;
1700 u8 p; 1669 u8 p;
1701 1670
1671 hci_setup_event_mask(req);
1672
1702 /* Some Broadcom based Bluetooth controllers do not support the 1673 /* Some Broadcom based Bluetooth controllers do not support the
1703 * Delete Stored Link Key command. They are clearly indicating its 1674 * Delete Stored Link Key command. They are clearly indicating its
1704 * absence in the bit mask of supported commands. 1675 * absence in the bit mask of supported commands.
@@ -1725,8 +1696,33 @@ static void hci_init3_req(struct hci_request *req, unsigned long opt)
1725 if (hdev->commands[5] & 0x10) 1696 if (hdev->commands[5] & 0x10)
1726 hci_setup_link_policy(req); 1697 hci_setup_link_policy(req);
1727 1698
1728 if (lmp_le_capable(hdev)) 1699 if (lmp_le_capable(hdev)) {
1700 u8 events[8];
1701
1702 memset(events, 0, sizeof(events));
1703 events[0] = 0x0f;
1704
1705 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
1706 events[0] |= 0x10; /* LE Long Term Key Request */
1707
1708 /* If controller supports the Connection Parameters Request
1709 * Link Layer Procedure, enable the corresponding event.
1710 */
1711 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
1712 events[0] |= 0x20; /* LE Remote Connection
1713 * Parameter Request
1714 */
1715
1716 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
1717 events);
1718
1719 if (hdev->commands[25] & 0x40) {
1720 /* Read LE Advertising Channel TX Power */
1721 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
1722 }
1723
1729 hci_set_le_support(req); 1724 hci_set_le_support(req);
1725 }
1730 1726
1731 /* Read features beyond page 1 if available */ 1727 /* Read features beyond page 1 if available */
1732 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) { 1728 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
@@ -1746,13 +1742,21 @@ static void hci_init4_req(struct hci_request *req, unsigned long opt)
1746 if (hdev->commands[22] & 0x04) 1742 if (hdev->commands[22] & 0x04)
1747 hci_set_event_mask_page_2(req); 1743 hci_set_event_mask_page_2(req);
1748 1744
1745 /* Read local codec list if the HCI command is supported */
1746 if (hdev->commands[29] & 0x20)
1747 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
1748
1749 /* Get MWS transport configuration if the HCI command is supported */
1750 if (hdev->commands[30] & 0x08)
1751 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
1752
1749 /* Check for Synchronization Train support */ 1753 /* Check for Synchronization Train support */
1750 if (lmp_sync_train_capable(hdev)) 1754 if (lmp_sync_train_capable(hdev))
1751 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL); 1755 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
1752 1756
1753 /* Enable Secure Connections if supported and configured */ 1757 /* Enable Secure Connections if supported and configured */
1754 if ((lmp_sc_capable(hdev) || 1758 if ((lmp_sc_capable(hdev) ||
1755 test_bit(HCI_FORCE_SC, &hdev->dev_flags)) && 1759 test_bit(HCI_FORCE_SC, &hdev->dbg_flags)) &&
1756 test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) { 1760 test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
1757 u8 support = 0x01; 1761 u8 support = 0x01;
1758 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT, 1762 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
@@ -1809,6 +1813,8 @@ static int __hci_init(struct hci_dev *hdev)
1809 debugfs_create_u16("hci_revision", 0444, hdev->debugfs, &hdev->hci_rev); 1813 debugfs_create_u16("hci_revision", 0444, hdev->debugfs, &hdev->hci_rev);
1810 debugfs_create_file("blacklist", 0444, hdev->debugfs, hdev, 1814 debugfs_create_file("blacklist", 0444, hdev->debugfs, hdev,
1811 &blacklist_fops); 1815 &blacklist_fops);
1816 debugfs_create_file("whitelist", 0444, hdev->debugfs, hdev,
1817 &whitelist_fops);
1812 debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops); 1818 debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops);
1813 1819
1814 debugfs_create_file("conn_info_min_age", 0644, hdev->debugfs, hdev, 1820 debugfs_create_file("conn_info_min_age", 0644, hdev->debugfs, hdev,
@@ -1830,8 +1836,6 @@ static int __hci_init(struct hci_dev *hdev)
1830 if (lmp_ssp_capable(hdev)) { 1836 if (lmp_ssp_capable(hdev)) {
1831 debugfs_create_file("auto_accept_delay", 0644, hdev->debugfs, 1837 debugfs_create_file("auto_accept_delay", 0644, hdev->debugfs,
1832 hdev, &auto_accept_delay_fops); 1838 hdev, &auto_accept_delay_fops);
1833 debugfs_create_file("ssp_debug_mode", 0644, hdev->debugfs,
1834 hdev, &ssp_debug_mode_fops);
1835 debugfs_create_file("force_sc_support", 0644, hdev->debugfs, 1839 debugfs_create_file("force_sc_support", 0644, hdev->debugfs,
1836 hdev, &force_sc_support_fops); 1840 hdev, &force_sc_support_fops);
1837 debugfs_create_file("sc_only_mode", 0444, hdev->debugfs, 1841 debugfs_create_file("sc_only_mode", 0444, hdev->debugfs,
@@ -1879,12 +1883,18 @@ static int __hci_init(struct hci_dev *hdev)
1879 hdev, &conn_min_interval_fops); 1883 hdev, &conn_min_interval_fops);
1880 debugfs_create_file("conn_max_interval", 0644, hdev->debugfs, 1884 debugfs_create_file("conn_max_interval", 0644, hdev->debugfs,
1881 hdev, &conn_max_interval_fops); 1885 hdev, &conn_max_interval_fops);
1886 debugfs_create_file("conn_latency", 0644, hdev->debugfs,
1887 hdev, &conn_latency_fops);
1888 debugfs_create_file("supervision_timeout", 0644, hdev->debugfs,
1889 hdev, &supervision_timeout_fops);
1882 debugfs_create_file("adv_channel_map", 0644, hdev->debugfs, 1890 debugfs_create_file("adv_channel_map", 0644, hdev->debugfs,
1883 hdev, &adv_channel_map_fops); 1891 hdev, &adv_channel_map_fops);
1884 debugfs_create_file("6lowpan", 0644, hdev->debugfs, hdev, 1892 debugfs_create_file("adv_min_interval", 0644, hdev->debugfs,
1885 &lowpan_debugfs_fops); 1893 hdev, &adv_min_interval_fops);
1886 debugfs_create_file("le_auto_conn", 0644, hdev->debugfs, hdev, 1894 debugfs_create_file("adv_max_interval", 0644, hdev->debugfs,
1887 &le_auto_conn_fops); 1895 hdev, &adv_max_interval_fops);
1896 debugfs_create_file("device_list", 0444, hdev->debugfs, hdev,
1897 &device_list_fops);
1888 debugfs_create_u16("discov_interleaved_timeout", 0644, 1898 debugfs_create_u16("discov_interleaved_timeout", 0644,
1889 hdev->debugfs, 1899 hdev->debugfs,
1890 &hdev->discov_interleaved_timeout); 1900 &hdev->discov_interleaved_timeout);
@@ -1893,6 +1903,38 @@ static int __hci_init(struct hci_dev *hdev)
1893 return 0; 1903 return 0;
1894} 1904}
1895 1905
1906static void hci_init0_req(struct hci_request *req, unsigned long opt)
1907{
1908 struct hci_dev *hdev = req->hdev;
1909
1910 BT_DBG("%s %ld", hdev->name, opt);
1911
1912 /* Reset */
1913 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
1914 hci_reset_req(req, 0);
1915
1916 /* Read Local Version */
1917 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1918
1919 /* Read BD Address */
1920 if (hdev->set_bdaddr)
1921 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
1922}
1923
1924static int __hci_unconf_init(struct hci_dev *hdev)
1925{
1926 int err;
1927
1928 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
1929 return 0;
1930
1931 err = __hci_req_sync(hdev, hci_init0_req, 0, HCI_INIT_TIMEOUT);
1932 if (err < 0)
1933 return err;
1934
1935 return 0;
1936}
1937
1896static void hci_scan_req(struct hci_request *req, unsigned long opt) 1938static void hci_scan_req(struct hci_request *req, unsigned long opt)
1897{ 1939{
1898 __u8 scan = opt; 1940 __u8 scan = opt;
@@ -1973,16 +2015,20 @@ bool hci_discovery_active(struct hci_dev *hdev)
1973 2015
1974void hci_discovery_set_state(struct hci_dev *hdev, int state) 2016void hci_discovery_set_state(struct hci_dev *hdev, int state)
1975{ 2017{
2018 int old_state = hdev->discovery.state;
2019
1976 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state); 2020 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
1977 2021
1978 if (hdev->discovery.state == state) 2022 if (old_state == state)
1979 return; 2023 return;
1980 2024
2025 hdev->discovery.state = state;
2026
1981 switch (state) { 2027 switch (state) {
1982 case DISCOVERY_STOPPED: 2028 case DISCOVERY_STOPPED:
1983 hci_update_background_scan(hdev); 2029 hci_update_background_scan(hdev);
1984 2030
1985 if (hdev->discovery.state != DISCOVERY_STARTING) 2031 if (old_state != DISCOVERY_STARTING)
1986 mgmt_discovering(hdev, 0); 2032 mgmt_discovering(hdev, 0);
1987 break; 2033 break;
1988 case DISCOVERY_STARTING: 2034 case DISCOVERY_STARTING:
@@ -1995,8 +2041,6 @@ void hci_discovery_set_state(struct hci_dev *hdev, int state)
1995 case DISCOVERY_STOPPING: 2041 case DISCOVERY_STOPPING:
1996 break; 2042 break;
1997 } 2043 }
1998
1999 hdev->discovery.state = state;
2000} 2044}
2001 2045
2002void hci_inquiry_cache_flush(struct hci_dev *hdev) 2046void hci_inquiry_cache_flush(struct hci_dev *hdev)
@@ -2083,22 +2127,24 @@ void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
2083 list_add(&ie->list, pos); 2127 list_add(&ie->list, pos);
2084} 2128}
2085 2129
2086bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data, 2130u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
2087 bool name_known, bool *ssp) 2131 bool name_known)
2088{ 2132{
2089 struct discovery_state *cache = &hdev->discovery; 2133 struct discovery_state *cache = &hdev->discovery;
2090 struct inquiry_entry *ie; 2134 struct inquiry_entry *ie;
2135 u32 flags = 0;
2091 2136
2092 BT_DBG("cache %p, %pMR", cache, &data->bdaddr); 2137 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
2093 2138
2094 hci_remove_remote_oob_data(hdev, &data->bdaddr); 2139 hci_remove_remote_oob_data(hdev, &data->bdaddr);
2095 2140
2096 *ssp = data->ssp_mode; 2141 if (!data->ssp_mode)
2142 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
2097 2143
2098 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr); 2144 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
2099 if (ie) { 2145 if (ie) {
2100 if (ie->data.ssp_mode) 2146 if (!ie->data.ssp_mode)
2101 *ssp = true; 2147 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
2102 2148
2103 if (ie->name_state == NAME_NEEDED && 2149 if (ie->name_state == NAME_NEEDED &&
2104 data->rssi != ie->data.rssi) { 2150 data->rssi != ie->data.rssi) {
@@ -2110,9 +2156,11 @@ bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
2110 } 2156 }
2111 2157
2112 /* Entry not in the cache. Add new one. */ 2158 /* Entry not in the cache. Add new one. */
2113 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC); 2159 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
2114 if (!ie) 2160 if (!ie) {
2115 return false; 2161 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
2162 goto done;
2163 }
2116 2164
2117 list_add(&ie->all, &cache->all); 2165 list_add(&ie->all, &cache->all);
2118 2166
@@ -2135,9 +2183,10 @@ update:
2135 cache->timestamp = jiffies; 2183 cache->timestamp = jiffies;
2136 2184
2137 if (ie->name_state == NAME_NOT_KNOWN) 2185 if (ie->name_state == NAME_NOT_KNOWN)
2138 return false; 2186 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
2139 2187
2140 return true; 2188done:
2189 return flags;
2141} 2190}
2142 2191
2143static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf) 2192static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
@@ -2186,12 +2235,6 @@ static void hci_inq_req(struct hci_request *req, unsigned long opt)
2186 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp); 2235 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
2187} 2236}
2188 2237
2189static int wait_inquiry(void *word)
2190{
2191 schedule();
2192 return signal_pending(current);
2193}
2194
2195int hci_inquiry(void __user *arg) 2238int hci_inquiry(void __user *arg)
2196{ 2239{
2197 __u8 __user *ptr = arg; 2240 __u8 __user *ptr = arg;
@@ -2213,6 +2256,11 @@ int hci_inquiry(void __user *arg)
2213 goto done; 2256 goto done;
2214 } 2257 }
2215 2258
2259 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2260 err = -EOPNOTSUPP;
2261 goto done;
2262 }
2263
2216 if (hdev->dev_type != HCI_BREDR) { 2264 if (hdev->dev_type != HCI_BREDR) {
2217 err = -EOPNOTSUPP; 2265 err = -EOPNOTSUPP;
2218 goto done; 2266 goto done;
@@ -2242,7 +2290,7 @@ int hci_inquiry(void __user *arg)
2242 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is 2290 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
2243 * cleared). If it is interrupted by a signal, return -EINTR. 2291 * cleared). If it is interrupted by a signal, return -EINTR.
2244 */ 2292 */
2245 if (wait_on_bit(&hdev->flags, HCI_INQUIRY, wait_inquiry, 2293 if (wait_on_bit(&hdev->flags, HCI_INQUIRY,
2246 TASK_INTERRUPTIBLE)) 2294 TASK_INTERRUPTIBLE))
2247 return -EINTR; 2295 return -EINTR;
2248 } 2296 }
@@ -2295,7 +2343,8 @@ static int hci_dev_do_open(struct hci_dev *hdev)
2295 goto done; 2343 goto done;
2296 } 2344 }
2297 2345
2298 if (!test_bit(HCI_SETUP, &hdev->dev_flags)) { 2346 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
2347 !test_bit(HCI_CONFIG, &hdev->dev_flags)) {
2299 /* Check for rfkill but allow the HCI setup stage to 2348 /* Check for rfkill but allow the HCI setup stage to
2300 * proceed (which in itself doesn't cause any RF activity). 2349 * proceed (which in itself doesn't cause any RF activity).
2301 */ 2350 */
@@ -2338,14 +2387,47 @@ static int hci_dev_do_open(struct hci_dev *hdev)
2338 atomic_set(&hdev->cmd_cnt, 1); 2387 atomic_set(&hdev->cmd_cnt, 1);
2339 set_bit(HCI_INIT, &hdev->flags); 2388 set_bit(HCI_INIT, &hdev->flags);
2340 2389
2341 if (hdev->setup && test_bit(HCI_SETUP, &hdev->dev_flags)) 2390 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
2342 ret = hdev->setup(hdev); 2391 if (hdev->setup)
2392 ret = hdev->setup(hdev);
2343 2393
2344 if (!ret) { 2394 /* The transport driver can set these quirks before
2345 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 2395 * creating the HCI device or in its setup callback.
2346 set_bit(HCI_RAW, &hdev->flags); 2396 *
2397 * In case any of them is set, the controller has to
2398 * start up as unconfigured.
2399 */
2400 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
2401 test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks))
2402 set_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
2347 2403
2348 if (!test_bit(HCI_RAW, &hdev->flags) && 2404 /* For an unconfigured controller it is required to
2405 * read at least the version information provided by
2406 * the Read Local Version Information command.
2407 *
2408 * If the set_bdaddr driver callback is provided, then
2409 * also the original Bluetooth public device address
2410 * will be read using the Read BD Address command.
2411 */
2412 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
2413 ret = __hci_unconf_init(hdev);
2414 }
2415
2416 if (test_bit(HCI_CONFIG, &hdev->dev_flags)) {
2417 /* If public address change is configured, ensure that
2418 * the address gets programmed. If the driver does not
2419 * support changing the public address, fail the power
2420 * on procedure.
2421 */
2422 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
2423 hdev->set_bdaddr)
2424 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
2425 else
2426 ret = -EADDRNOTAVAIL;
2427 }
2428
2429 if (!ret) {
2430 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2349 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) 2431 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
2350 ret = __hci_init(hdev); 2432 ret = __hci_init(hdev);
2351 } 2433 }
@@ -2358,6 +2440,8 @@ static int hci_dev_do_open(struct hci_dev *hdev)
2358 set_bit(HCI_UP, &hdev->flags); 2440 set_bit(HCI_UP, &hdev->flags);
2359 hci_notify(hdev, HCI_DEV_UP); 2441 hci_notify(hdev, HCI_DEV_UP);
2360 if (!test_bit(HCI_SETUP, &hdev->dev_flags) && 2442 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
2443 !test_bit(HCI_CONFIG, &hdev->dev_flags) &&
2444 !test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2361 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) && 2445 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2362 hdev->dev_type == HCI_BREDR) { 2446 hdev->dev_type == HCI_BREDR) {
2363 hci_dev_lock(hdev); 2447 hci_dev_lock(hdev);
@@ -2382,7 +2466,7 @@ static int hci_dev_do_open(struct hci_dev *hdev)
2382 } 2466 }
2383 2467
2384 hdev->close(hdev); 2468 hdev->close(hdev);
2385 hdev->flags = 0; 2469 hdev->flags &= BIT(HCI_RAW);
2386 } 2470 }
2387 2471
2388done: 2472done:
@@ -2401,6 +2485,21 @@ int hci_dev_open(__u16 dev)
2401 if (!hdev) 2485 if (!hdev)
2402 return -ENODEV; 2486 return -ENODEV;
2403 2487
2488 /* Devices that are marked as unconfigured can only be powered
2489 * up as user channel. Trying to bring them up as normal devices
2490 * will result into a failure. Only user channel operation is
2491 * possible.
2492 *
2493 * When this function is called for a user channel, the flag
2494 * HCI_USER_CHANNEL will be set first before attempting to
2495 * open the device.
2496 */
2497 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2498 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2499 err = -EOPNOTSUPP;
2500 goto done;
2501 }
2502
2404 /* We need to ensure that no other power on/off work is pending 2503 /* We need to ensure that no other power on/off work is pending
2405 * before proceeding to call hci_dev_do_open. This is 2504 * before proceeding to call hci_dev_do_open. This is
2406 * particularly important if the setup procedure has not yet 2505 * particularly important if the setup procedure has not yet
@@ -2415,13 +2514,39 @@ int hci_dev_open(__u16 dev)
2415 */ 2514 */
2416 flush_workqueue(hdev->req_workqueue); 2515 flush_workqueue(hdev->req_workqueue);
2417 2516
2517 /* For controllers not using the management interface and that
2518 * are brought up using legacy ioctl, set the HCI_BONDABLE bit
2519 * so that pairing works for them. Once the management interface
2520 * is in use this bit will be cleared again and userspace has
2521 * to explicitly enable it.
2522 */
2523 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2524 !test_bit(HCI_MGMT, &hdev->dev_flags))
2525 set_bit(HCI_BONDABLE, &hdev->dev_flags);
2526
2418 err = hci_dev_do_open(hdev); 2527 err = hci_dev_do_open(hdev);
2419 2528
2529done:
2420 hci_dev_put(hdev); 2530 hci_dev_put(hdev);
2421
2422 return err; 2531 return err;
2423} 2532}
2424 2533
2534/* This function requires the caller holds hdev->lock */
2535static void hci_pend_le_actions_clear(struct hci_dev *hdev)
2536{
2537 struct hci_conn_params *p;
2538
2539 list_for_each_entry(p, &hdev->le_conn_params, list) {
2540 if (p->conn) {
2541 hci_conn_drop(p->conn);
2542 p->conn = NULL;
2543 }
2544 list_del_init(&p->action);
2545 }
2546
2547 BT_DBG("All LE pending actions cleared");
2548}
2549
2425static int hci_dev_do_close(struct hci_dev *hdev) 2550static int hci_dev_do_close(struct hci_dev *hdev)
2426{ 2551{
2427 BT_DBG("%s %p", hdev->name, hdev); 2552 BT_DBG("%s %p", hdev->name, hdev);
@@ -2432,7 +2557,7 @@ static int hci_dev_do_close(struct hci_dev *hdev)
2432 hci_req_lock(hdev); 2557 hci_req_lock(hdev);
2433 2558
2434 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) { 2559 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
2435 del_timer_sync(&hdev->cmd_timer); 2560 cancel_delayed_work_sync(&hdev->cmd_timer);
2436 hci_req_unlock(hdev); 2561 hci_req_unlock(hdev);
2437 return 0; 2562 return 0;
2438 } 2563 }
@@ -2458,8 +2583,8 @@ static int hci_dev_do_close(struct hci_dev *hdev)
2458 2583
2459 hci_dev_lock(hdev); 2584 hci_dev_lock(hdev);
2460 hci_inquiry_cache_flush(hdev); 2585 hci_inquiry_cache_flush(hdev);
2586 hci_pend_le_actions_clear(hdev);
2461 hci_conn_hash_flush(hdev); 2587 hci_conn_hash_flush(hdev);
2462 hci_pend_le_conns_clear(hdev);
2463 hci_dev_unlock(hdev); 2588 hci_dev_unlock(hdev);
2464 2589
2465 hci_notify(hdev, HCI_DEV_DOWN); 2590 hci_notify(hdev, HCI_DEV_DOWN);
@@ -2470,8 +2595,8 @@ static int hci_dev_do_close(struct hci_dev *hdev)
2470 /* Reset device */ 2595 /* Reset device */
2471 skb_queue_purge(&hdev->cmd_q); 2596 skb_queue_purge(&hdev->cmd_q);
2472 atomic_set(&hdev->cmd_cnt, 1); 2597 atomic_set(&hdev->cmd_cnt, 1);
2473 if (!test_bit(HCI_RAW, &hdev->flags) && 2598 if (!test_bit(HCI_AUTO_OFF, &hdev->dev_flags) &&
2474 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags) && 2599 !test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2475 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) { 2600 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
2476 set_bit(HCI_INIT, &hdev->flags); 2601 set_bit(HCI_INIT, &hdev->flags);
2477 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT); 2602 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
@@ -2488,7 +2613,7 @@ static int hci_dev_do_close(struct hci_dev *hdev)
2488 2613
2489 /* Drop last sent command */ 2614 /* Drop last sent command */
2490 if (hdev->sent_cmd) { 2615 if (hdev->sent_cmd) {
2491 del_timer_sync(&hdev->cmd_timer); 2616 cancel_delayed_work_sync(&hdev->cmd_timer);
2492 kfree_skb(hdev->sent_cmd); 2617 kfree_skb(hdev->sent_cmd);
2493 hdev->sent_cmd = NULL; 2618 hdev->sent_cmd = NULL;
2494 } 2619 }
@@ -2501,7 +2626,7 @@ static int hci_dev_do_close(struct hci_dev *hdev)
2501 hdev->close(hdev); 2626 hdev->close(hdev);
2502 2627
2503 /* Clear flags */ 2628 /* Clear flags */
2504 hdev->flags = 0; 2629 hdev->flags &= BIT(HCI_RAW);
2505 hdev->dev_flags &= ~HCI_PERSISTENT_MASK; 2630 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
2506 2631
2507 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) { 2632 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
@@ -2570,6 +2695,11 @@ int hci_dev_reset(__u16 dev)
2570 goto done; 2695 goto done;
2571 } 2696 }
2572 2697
2698 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2699 ret = -EOPNOTSUPP;
2700 goto done;
2701 }
2702
2573 /* Drop queues */ 2703 /* Drop queues */
2574 skb_queue_purge(&hdev->rx_q); 2704 skb_queue_purge(&hdev->rx_q);
2575 skb_queue_purge(&hdev->cmd_q); 2705 skb_queue_purge(&hdev->cmd_q);
@@ -2585,8 +2715,7 @@ int hci_dev_reset(__u16 dev)
2585 atomic_set(&hdev->cmd_cnt, 1); 2715 atomic_set(&hdev->cmd_cnt, 1);
2586 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0; 2716 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
2587 2717
2588 if (!test_bit(HCI_RAW, &hdev->flags)) 2718 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
2589 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
2590 2719
2591done: 2720done:
2592 hci_req_unlock(hdev); 2721 hci_req_unlock(hdev);
@@ -2608,6 +2737,11 @@ int hci_dev_reset_stat(__u16 dev)
2608 goto done; 2737 goto done;
2609 } 2738 }
2610 2739
2740 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2741 ret = -EOPNOTSUPP;
2742 goto done;
2743 }
2744
2611 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats)); 2745 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
2612 2746
2613done: 2747done:
@@ -2615,6 +2749,42 @@ done:
2615 return ret; 2749 return ret;
2616} 2750}
2617 2751
2752static void hci_update_scan_state(struct hci_dev *hdev, u8 scan)
2753{
2754 bool conn_changed, discov_changed;
2755
2756 BT_DBG("%s scan 0x%02x", hdev->name, scan);
2757
2758 if ((scan & SCAN_PAGE))
2759 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
2760 &hdev->dev_flags);
2761 else
2762 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
2763 &hdev->dev_flags);
2764
2765 if ((scan & SCAN_INQUIRY)) {
2766 discov_changed = !test_and_set_bit(HCI_DISCOVERABLE,
2767 &hdev->dev_flags);
2768 } else {
2769 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
2770 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
2771 &hdev->dev_flags);
2772 }
2773
2774 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2775 return;
2776
2777 if (conn_changed || discov_changed) {
2778 /* In case this was disabled through mgmt */
2779 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
2780
2781 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
2782 mgmt_update_adv_data(hdev);
2783
2784 mgmt_new_settings(hdev);
2785 }
2786}
2787
2618int hci_dev_cmd(unsigned int cmd, void __user *arg) 2788int hci_dev_cmd(unsigned int cmd, void __user *arg)
2619{ 2789{
2620 struct hci_dev *hdev; 2790 struct hci_dev *hdev;
@@ -2633,6 +2803,11 @@ int hci_dev_cmd(unsigned int cmd, void __user *arg)
2633 goto done; 2803 goto done;
2634 } 2804 }
2635 2805
2806 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2807 err = -EOPNOTSUPP;
2808 goto done;
2809 }
2810
2636 if (hdev->dev_type != HCI_BREDR) { 2811 if (hdev->dev_type != HCI_BREDR) {
2637 err = -EOPNOTSUPP; 2812 err = -EOPNOTSUPP;
2638 goto done; 2813 goto done;
@@ -2670,6 +2845,12 @@ int hci_dev_cmd(unsigned int cmd, void __user *arg)
2670 case HCISETSCAN: 2845 case HCISETSCAN:
2671 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt, 2846 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
2672 HCI_INIT_TIMEOUT); 2847 HCI_INIT_TIMEOUT);
2848
2849 /* Ensure that the connectable and discoverable states
2850 * get correctly modified as this was a non-mgmt change.
2851 */
2852 if (!err)
2853 hci_update_scan_state(hdev, dr.dev_opt);
2673 break; 2854 break;
2674 2855
2675 case HCISETLINKPOL: 2856 case HCISETLINKPOL:
@@ -2730,14 +2911,17 @@ int hci_get_dev_list(void __user *arg)
2730 2911
2731 read_lock(&hci_dev_list_lock); 2912 read_lock(&hci_dev_list_lock);
2732 list_for_each_entry(hdev, &hci_dev_list, list) { 2913 list_for_each_entry(hdev, &hci_dev_list, list) {
2733 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 2914 unsigned long flags = hdev->flags;
2734 cancel_delayed_work(&hdev->power_off);
2735 2915
2736 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 2916 /* When the auto-off is configured it means the transport
2737 set_bit(HCI_PAIRABLE, &hdev->dev_flags); 2917 * is running, but in that case still indicate that the
2918 * device is actually down.
2919 */
2920 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2921 flags &= ~BIT(HCI_UP);
2738 2922
2739 (dr + n)->dev_id = hdev->id; 2923 (dr + n)->dev_id = hdev->id;
2740 (dr + n)->dev_opt = hdev->flags; 2924 (dr + n)->dev_opt = flags;
2741 2925
2742 if (++n >= dev_num) 2926 if (++n >= dev_num)
2743 break; 2927 break;
@@ -2757,6 +2941,7 @@ int hci_get_dev_info(void __user *arg)
2757{ 2941{
2758 struct hci_dev *hdev; 2942 struct hci_dev *hdev;
2759 struct hci_dev_info di; 2943 struct hci_dev_info di;
2944 unsigned long flags;
2760 int err = 0; 2945 int err = 0;
2761 2946
2762 if (copy_from_user(&di, arg, sizeof(di))) 2947 if (copy_from_user(&di, arg, sizeof(di)))
@@ -2766,16 +2951,19 @@ int hci_get_dev_info(void __user *arg)
2766 if (!hdev) 2951 if (!hdev)
2767 return -ENODEV; 2952 return -ENODEV;
2768 2953
2769 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 2954 /* When the auto-off is configured it means the transport
2770 cancel_delayed_work_sync(&hdev->power_off); 2955 * is running, but in that case still indicate that the
2771 2956 * device is actually down.
2772 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 2957 */
2773 set_bit(HCI_PAIRABLE, &hdev->dev_flags); 2958 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2959 flags = hdev->flags & ~BIT(HCI_UP);
2960 else
2961 flags = hdev->flags;
2774 2962
2775 strcpy(di.name, hdev->name); 2963 strcpy(di.name, hdev->name);
2776 di.bdaddr = hdev->bdaddr; 2964 di.bdaddr = hdev->bdaddr;
2777 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4); 2965 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
2778 di.flags = hdev->flags; 2966 di.flags = flags;
2779 di.pkt_type = hdev->pkt_type; 2967 di.pkt_type = hdev->pkt_type;
2780 if (lmp_bredr_capable(hdev)) { 2968 if (lmp_bredr_capable(hdev)) {
2781 di.acl_mtu = hdev->acl_mtu; 2969 di.acl_mtu = hdev->acl_mtu;
@@ -2815,7 +3003,8 @@ static int hci_rfkill_set_block(void *data, bool blocked)
2815 3003
2816 if (blocked) { 3004 if (blocked) {
2817 set_bit(HCI_RFKILLED, &hdev->dev_flags); 3005 set_bit(HCI_RFKILLED, &hdev->dev_flags);
2818 if (!test_bit(HCI_SETUP, &hdev->dev_flags)) 3006 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
3007 !test_bit(HCI_CONFIG, &hdev->dev_flags))
2819 hci_dev_do_close(hdev); 3008 hci_dev_do_close(hdev);
2820 } else { 3009 } else {
2821 clear_bit(HCI_RFKILLED, &hdev->dev_flags); 3010 clear_bit(HCI_RFKILLED, &hdev->dev_flags);
@@ -2846,6 +3035,7 @@ static void hci_power_on(struct work_struct *work)
2846 * valid, it is important to turn the device back off. 3035 * valid, it is important to turn the device back off.
2847 */ 3036 */
2848 if (test_bit(HCI_RFKILLED, &hdev->dev_flags) || 3037 if (test_bit(HCI_RFKILLED, &hdev->dev_flags) ||
3038 test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) ||
2849 (hdev->dev_type == HCI_BREDR && 3039 (hdev->dev_type == HCI_BREDR &&
2850 !bacmp(&hdev->bdaddr, BDADDR_ANY) && 3040 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2851 !bacmp(&hdev->static_addr, BDADDR_ANY))) { 3041 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
@@ -2856,8 +3046,34 @@ static void hci_power_on(struct work_struct *work)
2856 HCI_AUTO_OFF_TIMEOUT); 3046 HCI_AUTO_OFF_TIMEOUT);
2857 } 3047 }
2858 3048
2859 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags)) 3049 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags)) {
3050 /* For unconfigured devices, set the HCI_RAW flag
3051 * so that userspace can easily identify them.
3052 */
3053 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
3054 set_bit(HCI_RAW, &hdev->flags);
3055
3056 /* For fully configured devices, this will send
3057 * the Index Added event. For unconfigured devices,
3058 * it will send Unconfigued Index Added event.
3059 *
3060 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
3061 * and no event will be send.
3062 */
2860 mgmt_index_added(hdev); 3063 mgmt_index_added(hdev);
3064 } else if (test_and_clear_bit(HCI_CONFIG, &hdev->dev_flags)) {
3065 /* When the controller is now configured, then it
3066 * is important to clear the HCI_RAW flag.
3067 */
3068 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
3069 clear_bit(HCI_RAW, &hdev->flags);
3070
3071 /* Powering on the controller with HCI_CONFIG set only
3072 * happens with the transition from unconfigured to
3073 * configured. This will send the Index Added event.
3074 */
3075 mgmt_index_added(hdev);
3076 }
2861} 3077}
2862 3078
2863static void hci_power_off(struct work_struct *work) 3079static void hci_power_off(struct work_struct *work)
@@ -2972,16 +3188,16 @@ static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
2972 return false; 3188 return false;
2973} 3189}
2974 3190
2975static bool ltk_type_master(u8 type) 3191static u8 ltk_role(u8 type)
2976{ 3192{
2977 if (type == HCI_SMP_STK || type == HCI_SMP_LTK) 3193 if (type == SMP_LTK)
2978 return true; 3194 return HCI_ROLE_MASTER;
2979 3195
2980 return false; 3196 return HCI_ROLE_SLAVE;
2981} 3197}
2982 3198
2983struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, __le64 rand, 3199struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, __le64 rand,
2984 bool master) 3200 u8 role)
2985{ 3201{
2986 struct smp_ltk *k; 3202 struct smp_ltk *k;
2987 3203
@@ -2989,7 +3205,7 @@ struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, __le64 rand,
2989 if (k->ediv != ediv || k->rand != rand) 3205 if (k->ediv != ediv || k->rand != rand)
2990 continue; 3206 continue;
2991 3207
2992 if (ltk_type_master(k->type) != master) 3208 if (ltk_role(k->type) != role)
2993 continue; 3209 continue;
2994 3210
2995 return k; 3211 return k;
@@ -2999,14 +3215,14 @@ struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, __le64 rand,
2999} 3215}
3000 3216
3001struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr, 3217struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
3002 u8 addr_type, bool master) 3218 u8 addr_type, u8 role)
3003{ 3219{
3004 struct smp_ltk *k; 3220 struct smp_ltk *k;
3005 3221
3006 list_for_each_entry(k, &hdev->long_term_keys, list) 3222 list_for_each_entry(k, &hdev->long_term_keys, list)
3007 if (addr_type == k->bdaddr_type && 3223 if (addr_type == k->bdaddr_type &&
3008 bacmp(bdaddr, &k->bdaddr) == 0 && 3224 bacmp(bdaddr, &k->bdaddr) == 0 &&
3009 ltk_type_master(k->type) == master) 3225 ltk_role(k->type) == role)
3010 return k; 3226 return k;
3011 3227
3012 return NULL; 3228 return NULL;
@@ -3049,12 +3265,12 @@ struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
3049 return NULL; 3265 return NULL;
3050} 3266}
3051 3267
3052int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key, 3268struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
3053 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len) 3269 bdaddr_t *bdaddr, u8 *val, u8 type,
3270 u8 pin_len, bool *persistent)
3054{ 3271{
3055 struct link_key *key, *old_key; 3272 struct link_key *key, *old_key;
3056 u8 old_key_type; 3273 u8 old_key_type;
3057 bool persistent;
3058 3274
3059 old_key = hci_find_link_key(hdev, bdaddr); 3275 old_key = hci_find_link_key(hdev, bdaddr);
3060 if (old_key) { 3276 if (old_key) {
@@ -3064,7 +3280,7 @@ int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
3064 old_key_type = conn ? conn->key_type : 0xff; 3280 old_key_type = conn ? conn->key_type : 0xff;
3065 key = kzalloc(sizeof(*key), GFP_KERNEL); 3281 key = kzalloc(sizeof(*key), GFP_KERNEL);
3066 if (!key) 3282 if (!key)
3067 return -ENOMEM; 3283 return NULL;
3068 list_add(&key->list, &hdev->link_keys); 3284 list_add(&key->list, &hdev->link_keys);
3069 } 3285 }
3070 3286
@@ -3089,17 +3305,11 @@ int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
3089 else 3305 else
3090 key->type = type; 3306 key->type = type;
3091 3307
3092 if (!new_key) 3308 if (persistent)
3093 return 0; 3309 *persistent = hci_persistent_key(hdev, conn, type,
3094 3310 old_key_type);
3095 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
3096 3311
3097 mgmt_new_link_key(hdev, key, persistent); 3312 return key;
3098
3099 if (conn)
3100 conn->flush_key = !persistent;
3101
3102 return 0;
3103} 3313}
3104 3314
3105struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, 3315struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
@@ -3107,9 +3317,9 @@ struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
3107 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand) 3317 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
3108{ 3318{
3109 struct smp_ltk *key, *old_key; 3319 struct smp_ltk *key, *old_key;
3110 bool master = ltk_type_master(type); 3320 u8 role = ltk_role(type);
3111 3321
3112 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type, master); 3322 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type, role);
3113 if (old_key) 3323 if (old_key)
3114 key = old_key; 3324 key = old_key;
3115 else { 3325 else {
@@ -3205,9 +3415,10 @@ void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
3205} 3415}
3206 3416
3207/* HCI command timer function */ 3417/* HCI command timer function */
3208static void hci_cmd_timeout(unsigned long arg) 3418static void hci_cmd_timeout(struct work_struct *work)
3209{ 3419{
3210 struct hci_dev *hdev = (void *) arg; 3420 struct hci_dev *hdev = container_of(work, struct hci_dev,
3421 cmd_timer.work);
3211 3422
3212 if (hdev->sent_cmd) { 3423 if (hdev->sent_cmd) {
3213 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data; 3424 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
@@ -3313,12 +3524,12 @@ int hci_add_remote_oob_ext_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
3313 return 0; 3524 return 0;
3314} 3525}
3315 3526
3316struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, 3527struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list,
3317 bdaddr_t *bdaddr, u8 type) 3528 bdaddr_t *bdaddr, u8 type)
3318{ 3529{
3319 struct bdaddr_list *b; 3530 struct bdaddr_list *b;
3320 3531
3321 list_for_each_entry(b, &hdev->blacklist, list) { 3532 list_for_each_entry(b, bdaddr_list, list) {
3322 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type) 3533 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3323 return b; 3534 return b;
3324 } 3535 }
@@ -3326,11 +3537,11 @@ struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev,
3326 return NULL; 3537 return NULL;
3327} 3538}
3328 3539
3329static void hci_blacklist_clear(struct hci_dev *hdev) 3540void hci_bdaddr_list_clear(struct list_head *bdaddr_list)
3330{ 3541{
3331 struct list_head *p, *n; 3542 struct list_head *p, *n;
3332 3543
3333 list_for_each_safe(p, n, &hdev->blacklist) { 3544 list_for_each_safe(p, n, bdaddr_list) {
3334 struct bdaddr_list *b = list_entry(p, struct bdaddr_list, list); 3545 struct bdaddr_list *b = list_entry(p, struct bdaddr_list, list);
3335 3546
3336 list_del(p); 3547 list_del(p);
@@ -3338,99 +3549,38 @@ static void hci_blacklist_clear(struct hci_dev *hdev)
3338 } 3549 }
3339} 3550}
3340 3551
3341int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 3552int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3342{ 3553{
3343 struct bdaddr_list *entry; 3554 struct bdaddr_list *entry;
3344 3555
3345 if (!bacmp(bdaddr, BDADDR_ANY)) 3556 if (!bacmp(bdaddr, BDADDR_ANY))
3346 return -EBADF; 3557 return -EBADF;
3347 3558
3348 if (hci_blacklist_lookup(hdev, bdaddr, type)) 3559 if (hci_bdaddr_list_lookup(list, bdaddr, type))
3349 return -EEXIST; 3560 return -EEXIST;
3350 3561
3351 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL); 3562 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
3352 if (!entry) 3563 if (!entry)
3353 return -ENOMEM; 3564 return -ENOMEM;
3354 3565
3355 bacpy(&entry->bdaddr, bdaddr); 3566 bacpy(&entry->bdaddr, bdaddr);
3356 entry->bdaddr_type = type; 3567 entry->bdaddr_type = type;
3357 3568
3358 list_add(&entry->list, &hdev->blacklist); 3569 list_add(&entry->list, list);
3359 3570
3360 return mgmt_device_blocked(hdev, bdaddr, type); 3571 return 0;
3361} 3572}
3362 3573
3363int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 3574int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3364{ 3575{
3365 struct bdaddr_list *entry; 3576 struct bdaddr_list *entry;
3366 3577
3367 if (!bacmp(bdaddr, BDADDR_ANY)) { 3578 if (!bacmp(bdaddr, BDADDR_ANY)) {
3368 hci_blacklist_clear(hdev); 3579 hci_bdaddr_list_clear(list);
3369 return 0; 3580 return 0;
3370 } 3581 }
3371 3582
3372 entry = hci_blacklist_lookup(hdev, bdaddr, type); 3583 entry = hci_bdaddr_list_lookup(list, bdaddr, type);
3373 if (!entry)
3374 return -ENOENT;
3375
3376 list_del(&entry->list);
3377 kfree(entry);
3378
3379 return mgmt_device_unblocked(hdev, bdaddr, type);
3380}
3381
3382struct bdaddr_list *hci_white_list_lookup(struct hci_dev *hdev,
3383 bdaddr_t *bdaddr, u8 type)
3384{
3385 struct bdaddr_list *b;
3386
3387 list_for_each_entry(b, &hdev->le_white_list, list) {
3388 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3389 return b;
3390 }
3391
3392 return NULL;
3393}
3394
3395void hci_white_list_clear(struct hci_dev *hdev)
3396{
3397 struct list_head *p, *n;
3398
3399 list_for_each_safe(p, n, &hdev->le_white_list) {
3400 struct bdaddr_list *b = list_entry(p, struct bdaddr_list, list);
3401
3402 list_del(p);
3403 kfree(b);
3404 }
3405}
3406
3407int hci_white_list_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3408{
3409 struct bdaddr_list *entry;
3410
3411 if (!bacmp(bdaddr, BDADDR_ANY))
3412 return -EBADF;
3413
3414 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
3415 if (!entry)
3416 return -ENOMEM;
3417
3418 bacpy(&entry->bdaddr, bdaddr);
3419 entry->bdaddr_type = type;
3420
3421 list_add(&entry->list, &hdev->le_white_list);
3422
3423 return 0;
3424}
3425
3426int hci_white_list_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3427{
3428 struct bdaddr_list *entry;
3429
3430 if (!bacmp(bdaddr, BDADDR_ANY))
3431 return -EBADF;
3432
3433 entry = hci_white_list_lookup(hdev, bdaddr, type);
3434 if (!entry) 3584 if (!entry)
3435 return -ENOENT; 3585 return -ENOENT;
3436 3586
@@ -3446,6 +3596,10 @@ struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
3446{ 3596{
3447 struct hci_conn_params *params; 3597 struct hci_conn_params *params;
3448 3598
3599 /* The conn params list only contains identity addresses */
3600 if (!hci_is_identity_address(addr, addr_type))
3601 return NULL;
3602
3449 list_for_each_entry(params, &hdev->le_conn_params, list) { 3603 list_for_each_entry(params, &hdev->le_conn_params, list) {
3450 if (bacmp(&params->addr, addr) == 0 && 3604 if (bacmp(&params->addr, addr) == 0 &&
3451 params->addr_type == addr_type) { 3605 params->addr_type == addr_type) {
@@ -3473,62 +3627,98 @@ static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
3473 return true; 3627 return true;
3474} 3628}
3475 3629
3476static bool is_identity_address(bdaddr_t *addr, u8 addr_type) 3630/* This function requires the caller holds hdev->lock */
3631struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
3632 bdaddr_t *addr, u8 addr_type)
3477{ 3633{
3478 if (addr_type == ADDR_LE_DEV_PUBLIC) 3634 struct hci_conn_params *param;
3479 return true;
3480 3635
3481 /* Check for Random Static address type */ 3636 /* The list only contains identity addresses */
3482 if ((addr->b[5] & 0xc0) == 0xc0) 3637 if (!hci_is_identity_address(addr, addr_type))
3483 return true; 3638 return NULL;
3484 3639
3485 return false; 3640 list_for_each_entry(param, list, action) {
3641 if (bacmp(&param->addr, addr) == 0 &&
3642 param->addr_type == addr_type)
3643 return param;
3644 }
3645
3646 return NULL;
3486} 3647}
3487 3648
3488/* This function requires the caller holds hdev->lock */ 3649/* This function requires the caller holds hdev->lock */
3489int hci_conn_params_add(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type, 3650struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
3490 u8 auto_connect, u16 conn_min_interval, 3651 bdaddr_t *addr, u8 addr_type)
3491 u16 conn_max_interval)
3492{ 3652{
3493 struct hci_conn_params *params; 3653 struct hci_conn_params *params;
3494 3654
3495 if (!is_identity_address(addr, addr_type)) 3655 if (!hci_is_identity_address(addr, addr_type))
3496 return -EINVAL; 3656 return NULL;
3497 3657
3498 params = hci_conn_params_lookup(hdev, addr, addr_type); 3658 params = hci_conn_params_lookup(hdev, addr, addr_type);
3499 if (params) 3659 if (params)
3500 goto update; 3660 return params;
3501 3661
3502 params = kzalloc(sizeof(*params), GFP_KERNEL); 3662 params = kzalloc(sizeof(*params), GFP_KERNEL);
3503 if (!params) { 3663 if (!params) {
3504 BT_ERR("Out of memory"); 3664 BT_ERR("Out of memory");
3505 return -ENOMEM; 3665 return NULL;
3506 } 3666 }
3507 3667
3508 bacpy(&params->addr, addr); 3668 bacpy(&params->addr, addr);
3509 params->addr_type = addr_type; 3669 params->addr_type = addr_type;
3510 3670
3511 list_add(&params->list, &hdev->le_conn_params); 3671 list_add(&params->list, &hdev->le_conn_params);
3672 INIT_LIST_HEAD(&params->action);
3512 3673
3513update: 3674 params->conn_min_interval = hdev->le_conn_min_interval;
3514 params->conn_min_interval = conn_min_interval; 3675 params->conn_max_interval = hdev->le_conn_max_interval;
3515 params->conn_max_interval = conn_max_interval; 3676 params->conn_latency = hdev->le_conn_latency;
3516 params->auto_connect = auto_connect; 3677 params->supervision_timeout = hdev->le_supv_timeout;
3678 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3679
3680 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3681
3682 return params;
3683}
3684
3685/* This function requires the caller holds hdev->lock */
3686int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type,
3687 u8 auto_connect)
3688{
3689 struct hci_conn_params *params;
3690
3691 params = hci_conn_params_add(hdev, addr, addr_type);
3692 if (!params)
3693 return -EIO;
3694
3695 if (params->auto_connect == auto_connect)
3696 return 0;
3697
3698 list_del_init(&params->action);
3517 3699
3518 switch (auto_connect) { 3700 switch (auto_connect) {
3519 case HCI_AUTO_CONN_DISABLED: 3701 case HCI_AUTO_CONN_DISABLED:
3520 case HCI_AUTO_CONN_LINK_LOSS: 3702 case HCI_AUTO_CONN_LINK_LOSS:
3521 hci_pend_le_conn_del(hdev, addr, addr_type); 3703 hci_update_background_scan(hdev);
3522 break; 3704 break;
3705 case HCI_AUTO_CONN_REPORT:
3706 list_add(&params->action, &hdev->pend_le_reports);
3707 hci_update_background_scan(hdev);
3708 break;
3709 case HCI_AUTO_CONN_DIRECT:
3523 case HCI_AUTO_CONN_ALWAYS: 3710 case HCI_AUTO_CONN_ALWAYS:
3524 if (!is_connected(hdev, addr, addr_type)) 3711 if (!is_connected(hdev, addr, addr_type)) {
3525 hci_pend_le_conn_add(hdev, addr, addr_type); 3712 list_add(&params->action, &hdev->pend_le_conns);
3713 hci_update_background_scan(hdev);
3714 }
3526 break; 3715 break;
3527 } 3716 }
3528 3717
3529 BT_DBG("addr %pMR (type %u) auto_connect %u conn_min_interval 0x%.4x " 3718 params->auto_connect = auto_connect;
3530 "conn_max_interval 0x%.4x", addr, addr_type, auto_connect, 3719
3531 conn_min_interval, conn_max_interval); 3720 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
3721 auto_connect);
3532 3722
3533 return 0; 3723 return 0;
3534} 3724}
@@ -3542,97 +3732,49 @@ void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
3542 if (!params) 3732 if (!params)
3543 return; 3733 return;
3544 3734
3545 hci_pend_le_conn_del(hdev, addr, addr_type); 3735 if (params->conn)
3736 hci_conn_drop(params->conn);
3546 3737
3738 list_del(&params->action);
3547 list_del(&params->list); 3739 list_del(&params->list);
3548 kfree(params); 3740 kfree(params);
3549 3741
3742 hci_update_background_scan(hdev);
3743
3550 BT_DBG("addr %pMR (type %u)", addr, addr_type); 3744 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3551} 3745}
3552 3746
3553/* This function requires the caller holds hdev->lock */ 3747/* This function requires the caller holds hdev->lock */
3554void hci_conn_params_clear(struct hci_dev *hdev) 3748void hci_conn_params_clear_disabled(struct hci_dev *hdev)
3555{ 3749{
3556 struct hci_conn_params *params, *tmp; 3750 struct hci_conn_params *params, *tmp;
3557 3751
3558 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) { 3752 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
3753 if (params->auto_connect != HCI_AUTO_CONN_DISABLED)
3754 continue;
3559 list_del(&params->list); 3755 list_del(&params->list);
3560 kfree(params); 3756 kfree(params);
3561 } 3757 }
3562 3758
3563 BT_DBG("All LE connection parameters were removed"); 3759 BT_DBG("All LE disabled connection parameters were removed");
3564}
3565
3566/* This function requires the caller holds hdev->lock */
3567struct bdaddr_list *hci_pend_le_conn_lookup(struct hci_dev *hdev,
3568 bdaddr_t *addr, u8 addr_type)
3569{
3570 struct bdaddr_list *entry;
3571
3572 list_for_each_entry(entry, &hdev->pend_le_conns, list) {
3573 if (bacmp(&entry->bdaddr, addr) == 0 &&
3574 entry->bdaddr_type == addr_type)
3575 return entry;
3576 }
3577
3578 return NULL;
3579} 3760}
3580 3761
3581/* This function requires the caller holds hdev->lock */ 3762/* This function requires the caller holds hdev->lock */
3582void hci_pend_le_conn_add(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type) 3763void hci_conn_params_clear_all(struct hci_dev *hdev)
3583{ 3764{
3584 struct bdaddr_list *entry; 3765 struct hci_conn_params *params, *tmp;
3585
3586 entry = hci_pend_le_conn_lookup(hdev, addr, addr_type);
3587 if (entry)
3588 goto done;
3589 3766
3590 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 3767 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
3591 if (!entry) { 3768 if (params->conn)
3592 BT_ERR("Out of memory"); 3769 hci_conn_drop(params->conn);
3593 return; 3770 list_del(&params->action);
3771 list_del(&params->list);
3772 kfree(params);
3594 } 3773 }
3595 3774
3596 bacpy(&entry->bdaddr, addr);
3597 entry->bdaddr_type = addr_type;
3598
3599 list_add(&entry->list, &hdev->pend_le_conns);
3600
3601 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3602
3603done:
3604 hci_update_background_scan(hdev); 3775 hci_update_background_scan(hdev);
3605}
3606 3776
3607/* This function requires the caller holds hdev->lock */ 3777 BT_DBG("All LE connection parameters were removed");
3608void hci_pend_le_conn_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
3609{
3610 struct bdaddr_list *entry;
3611
3612 entry = hci_pend_le_conn_lookup(hdev, addr, addr_type);
3613 if (!entry)
3614 goto done;
3615
3616 list_del(&entry->list);
3617 kfree(entry);
3618
3619 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3620
3621done:
3622 hci_update_background_scan(hdev);
3623}
3624
3625/* This function requires the caller holds hdev->lock */
3626void hci_pend_le_conns_clear(struct hci_dev *hdev)
3627{
3628 struct bdaddr_list *entry, *tmp;
3629
3630 list_for_each_entry_safe(entry, tmp, &hdev->pend_le_conns, list) {
3631 list_del(&entry->list);
3632 kfree(entry);
3633 }
3634
3635 BT_DBG("All LE pending connections cleared");
3636} 3778}
3637 3779
3638static void inquiry_complete(struct hci_dev *hdev, u8 status) 3780static void inquiry_complete(struct hci_dev *hdev, u8 status)
@@ -3722,7 +3864,7 @@ static void set_random_addr(struct hci_request *req, bdaddr_t *rpa)
3722 * In this kind of scenario skip the update and let the random 3864 * In this kind of scenario skip the update and let the random
3723 * address be updated at the next cycle. 3865 * address be updated at the next cycle.
3724 */ 3866 */
3725 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) || 3867 if (test_bit(HCI_LE_ADV, &hdev->dev_flags) ||
3726 hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) { 3868 hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
3727 BT_DBG("Deferring random address update"); 3869 BT_DBG("Deferring random address update");
3728 return; 3870 return;
@@ -3784,7 +3926,7 @@ int hci_update_random_address(struct hci_request *req, bool require_privacy,
3784 * the HCI command if the current random address is already the 3926 * the HCI command if the current random address is already the
3785 * static one. 3927 * static one.
3786 */ 3928 */
3787 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dev_flags) || 3929 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
3788 !bacmp(&hdev->bdaddr, BDADDR_ANY)) { 3930 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
3789 *own_addr_type = ADDR_LE_DEV_RANDOM; 3931 *own_addr_type = ADDR_LE_DEV_RANDOM;
3790 if (bacmp(&hdev->static_addr, &hdev->random_addr)) 3932 if (bacmp(&hdev->static_addr, &hdev->random_addr))
@@ -3813,7 +3955,7 @@ int hci_update_random_address(struct hci_request *req, bool require_privacy,
3813void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr, 3955void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
3814 u8 *bdaddr_type) 3956 u8 *bdaddr_type)
3815{ 3957{
3816 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dev_flags) || 3958 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
3817 !bacmp(&hdev->bdaddr, BDADDR_ANY)) { 3959 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
3818 bacpy(bdaddr, &hdev->static_addr); 3960 bacpy(bdaddr, &hdev->static_addr);
3819 *bdaddr_type = ADDR_LE_DEV_RANDOM; 3961 *bdaddr_type = ADDR_LE_DEV_RANDOM;
@@ -3828,7 +3970,7 @@ struct hci_dev *hci_alloc_dev(void)
3828{ 3970{
3829 struct hci_dev *hdev; 3971 struct hci_dev *hdev;
3830 3972
3831 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL); 3973 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
3832 if (!hdev) 3974 if (!hdev)
3833 return NULL; 3975 return NULL;
3834 3976
@@ -3837,6 +3979,7 @@ struct hci_dev *hci_alloc_dev(void)
3837 hdev->link_mode = (HCI_LM_ACCEPT); 3979 hdev->link_mode = (HCI_LM_ACCEPT);
3838 hdev->num_iac = 0x01; /* One IAC support is mandatory */ 3980 hdev->num_iac = 0x01; /* One IAC support is mandatory */
3839 hdev->io_capability = 0x03; /* No Input No Output */ 3981 hdev->io_capability = 0x03; /* No Input No Output */
3982 hdev->manufacturer = 0xffff; /* Default to internal use */
3840 hdev->inq_tx_power = HCI_TX_POWER_INVALID; 3983 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
3841 hdev->adv_tx_power = HCI_TX_POWER_INVALID; 3984 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3842 3985
@@ -3844,10 +3987,14 @@ struct hci_dev *hci_alloc_dev(void)
3844 hdev->sniff_min_interval = 80; 3987 hdev->sniff_min_interval = 80;
3845 3988
3846 hdev->le_adv_channel_map = 0x07; 3989 hdev->le_adv_channel_map = 0x07;
3990 hdev->le_adv_min_interval = 0x0800;
3991 hdev->le_adv_max_interval = 0x0800;
3847 hdev->le_scan_interval = 0x0060; 3992 hdev->le_scan_interval = 0x0060;
3848 hdev->le_scan_window = 0x0030; 3993 hdev->le_scan_window = 0x0030;
3849 hdev->le_conn_min_interval = 0x0028; 3994 hdev->le_conn_min_interval = 0x0028;
3850 hdev->le_conn_max_interval = 0x0038; 3995 hdev->le_conn_max_interval = 0x0038;
3996 hdev->le_conn_latency = 0x0000;
3997 hdev->le_supv_timeout = 0x002a;
3851 3998
3852 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT; 3999 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
3853 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT; 4000 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
@@ -3859,6 +4006,7 @@ struct hci_dev *hci_alloc_dev(void)
3859 4006
3860 INIT_LIST_HEAD(&hdev->mgmt_pending); 4007 INIT_LIST_HEAD(&hdev->mgmt_pending);
3861 INIT_LIST_HEAD(&hdev->blacklist); 4008 INIT_LIST_HEAD(&hdev->blacklist);
4009 INIT_LIST_HEAD(&hdev->whitelist);
3862 INIT_LIST_HEAD(&hdev->uuids); 4010 INIT_LIST_HEAD(&hdev->uuids);
3863 INIT_LIST_HEAD(&hdev->link_keys); 4011 INIT_LIST_HEAD(&hdev->link_keys);
3864 INIT_LIST_HEAD(&hdev->long_term_keys); 4012 INIT_LIST_HEAD(&hdev->long_term_keys);
@@ -3867,6 +4015,7 @@ struct hci_dev *hci_alloc_dev(void)
3867 INIT_LIST_HEAD(&hdev->le_white_list); 4015 INIT_LIST_HEAD(&hdev->le_white_list);
3868 INIT_LIST_HEAD(&hdev->le_conn_params); 4016 INIT_LIST_HEAD(&hdev->le_conn_params);
3869 INIT_LIST_HEAD(&hdev->pend_le_conns); 4017 INIT_LIST_HEAD(&hdev->pend_le_conns);
4018 INIT_LIST_HEAD(&hdev->pend_le_reports);
3870 INIT_LIST_HEAD(&hdev->conn_hash.list); 4019 INIT_LIST_HEAD(&hdev->conn_hash.list);
3871 4020
3872 INIT_WORK(&hdev->rx_work, hci_rx_work); 4021 INIT_WORK(&hdev->rx_work, hci_rx_work);
@@ -3884,7 +4033,7 @@ struct hci_dev *hci_alloc_dev(void)
3884 4033
3885 init_waitqueue_head(&hdev->req_wait_q); 4034 init_waitqueue_head(&hdev->req_wait_q);
3886 4035
3887 setup_timer(&hdev->cmd_timer, hci_cmd_timeout, (unsigned long) hdev); 4036 INIT_DELAYED_WORK(&hdev->cmd_timer, hci_cmd_timeout);
3888 4037
3889 hci_init_sysfs(hdev); 4038 hci_init_sysfs(hdev);
3890 discovery_init(hdev); 4039 discovery_init(hdev);
@@ -3906,7 +4055,7 @@ int hci_register_dev(struct hci_dev *hdev)
3906{ 4055{
3907 int id, error; 4056 int id, error;
3908 4057
3909 if (!hdev->open || !hdev->close) 4058 if (!hdev->open || !hdev->close || !hdev->send)
3910 return -EINVAL; 4059 return -EINVAL;
3911 4060
3912 /* Do not allow HCI_AMP devices to register at index 0, 4061 /* Do not allow HCI_AMP devices to register at index 0,
@@ -3991,6 +4140,12 @@ int hci_register_dev(struct hci_dev *hdev)
3991 list_add(&hdev->list, &hci_dev_list); 4140 list_add(&hdev->list, &hci_dev_list);
3992 write_unlock(&hci_dev_list_lock); 4141 write_unlock(&hci_dev_list_lock);
3993 4142
4143 /* Devices that are marked for raw-only usage are unconfigured
4144 * and should not be included in normal operation.
4145 */
4146 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
4147 set_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
4148
3994 hci_notify(hdev, HCI_DEV_REG); 4149 hci_notify(hdev, HCI_DEV_REG);
3995 hci_dev_hold(hdev); 4150 hci_dev_hold(hdev);
3996 4151
@@ -4033,7 +4188,8 @@ void hci_unregister_dev(struct hci_dev *hdev)
4033 cancel_work_sync(&hdev->power_on); 4188 cancel_work_sync(&hdev->power_on);
4034 4189
4035 if (!test_bit(HCI_INIT, &hdev->flags) && 4190 if (!test_bit(HCI_INIT, &hdev->flags) &&
4036 !test_bit(HCI_SETUP, &hdev->dev_flags)) { 4191 !test_bit(HCI_SETUP, &hdev->dev_flags) &&
4192 !test_bit(HCI_CONFIG, &hdev->dev_flags)) {
4037 hci_dev_lock(hdev); 4193 hci_dev_lock(hdev);
4038 mgmt_index_removed(hdev); 4194 mgmt_index_removed(hdev);
4039 hci_dev_unlock(hdev); 4195 hci_dev_unlock(hdev);
@@ -4061,15 +4217,15 @@ void hci_unregister_dev(struct hci_dev *hdev)
4061 destroy_workqueue(hdev->req_workqueue); 4217 destroy_workqueue(hdev->req_workqueue);
4062 4218
4063 hci_dev_lock(hdev); 4219 hci_dev_lock(hdev);
4064 hci_blacklist_clear(hdev); 4220 hci_bdaddr_list_clear(&hdev->blacklist);
4221 hci_bdaddr_list_clear(&hdev->whitelist);
4065 hci_uuids_clear(hdev); 4222 hci_uuids_clear(hdev);
4066 hci_link_keys_clear(hdev); 4223 hci_link_keys_clear(hdev);
4067 hci_smp_ltks_clear(hdev); 4224 hci_smp_ltks_clear(hdev);
4068 hci_smp_irks_clear(hdev); 4225 hci_smp_irks_clear(hdev);
4069 hci_remote_oob_data_clear(hdev); 4226 hci_remote_oob_data_clear(hdev);
4070 hci_white_list_clear(hdev); 4227 hci_bdaddr_list_clear(&hdev->le_white_list);
4071 hci_conn_params_clear(hdev); 4228 hci_conn_params_clear_all(hdev);
4072 hci_pend_le_conns_clear(hdev);
4073 hci_dev_unlock(hdev); 4229 hci_dev_unlock(hdev);
4074 4230
4075 hci_dev_put(hdev); 4231 hci_dev_put(hdev);
@@ -4307,6 +4463,8 @@ EXPORT_SYMBOL(hci_unregister_cb);
4307 4463
4308static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 4464static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
4309{ 4465{
4466 int err;
4467
4310 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len); 4468 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
4311 4469
4312 /* Time stamp */ 4470 /* Time stamp */
@@ -4323,8 +4481,11 @@ static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
4323 /* Get rid of skb owner, prior to sending to the driver. */ 4481 /* Get rid of skb owner, prior to sending to the driver. */
4324 skb_orphan(skb); 4482 skb_orphan(skb);
4325 4483
4326 if (hdev->send(hdev, skb) < 0) 4484 err = hdev->send(hdev, skb);
4327 BT_ERR("%s sending frame failed", hdev->name); 4485 if (err < 0) {
4486 BT_ERR("%s sending frame failed (%d)", hdev->name, err);
4487 kfree_skb(skb);
4488 }
4328} 4489}
4329 4490
4330void hci_req_init(struct hci_request *req, struct hci_dev *hdev) 4491void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
@@ -4366,6 +4527,11 @@ int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
4366 return 0; 4527 return 0;
4367} 4528}
4368 4529
4530bool hci_req_pending(struct hci_dev *hdev)
4531{
4532 return (hdev->req_status == HCI_REQ_PEND);
4533}
4534
4369static struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode, 4535static struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode,
4370 u32 plen, const void *param) 4536 u32 plen, const void *param)
4371{ 4537{
@@ -4798,7 +4964,7 @@ static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
4798 4964
4799static void __check_timeout(struct hci_dev *hdev, unsigned int cnt) 4965static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
4800{ 4966{
4801 if (!test_bit(HCI_RAW, &hdev->flags)) { 4967 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
4802 /* ACL tx timeout must be longer than maximum 4968 /* ACL tx timeout must be longer than maximum
4803 * link supervision timeout (40.9 seconds) */ 4969 * link supervision timeout (40.9 seconds) */
4804 if (!cnt && time_after(jiffies, hdev->acl_last_tx + 4970 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
@@ -4981,7 +5147,7 @@ static void hci_sched_le(struct hci_dev *hdev)
4981 if (!hci_conn_num(hdev, LE_LINK)) 5147 if (!hci_conn_num(hdev, LE_LINK))
4982 return; 5148 return;
4983 5149
4984 if (!test_bit(HCI_RAW, &hdev->flags)) { 5150 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
4985 /* LE tx timeout must be longer than maximum 5151 /* LE tx timeout must be longer than maximum
4986 * link supervision timeout (40.9 seconds) */ 5152 * link supervision timeout (40.9 seconds) */
4987 if (!hdev->le_cnt && hdev->le_pkts && 5153 if (!hdev->le_cnt && hdev->le_pkts &&
@@ -5226,8 +5392,7 @@ static void hci_rx_work(struct work_struct *work)
5226 hci_send_to_sock(hdev, skb); 5392 hci_send_to_sock(hdev, skb);
5227 } 5393 }
5228 5394
5229 if (test_bit(HCI_RAW, &hdev->flags) || 5395 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
5230 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
5231 kfree_skb(skb); 5396 kfree_skb(skb);
5232 continue; 5397 continue;
5233 } 5398 }
@@ -5287,10 +5452,10 @@ static void hci_cmd_work(struct work_struct *work)
5287 atomic_dec(&hdev->cmd_cnt); 5452 atomic_dec(&hdev->cmd_cnt);
5288 hci_send_frame(hdev, skb); 5453 hci_send_frame(hdev, skb);
5289 if (test_bit(HCI_RESET, &hdev->flags)) 5454 if (test_bit(HCI_RESET, &hdev->flags))
5290 del_timer(&hdev->cmd_timer); 5455 cancel_delayed_work(&hdev->cmd_timer);
5291 else 5456 else
5292 mod_timer(&hdev->cmd_timer, 5457 schedule_delayed_work(&hdev->cmd_timer,
5293 jiffies + HCI_CMD_TIMEOUT); 5458 HCI_CMD_TIMEOUT);
5294 } else { 5459 } else {
5295 skb_queue_head(&hdev->cmd_q, skb); 5460 skb_queue_head(&hdev->cmd_q, skb);
5296 queue_work(hdev->workqueue, &hdev->cmd_work); 5461 queue_work(hdev->workqueue, &hdev->cmd_work);
@@ -5307,26 +5472,135 @@ void hci_req_add_le_scan_disable(struct hci_request *req)
5307 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 5472 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
5308} 5473}
5309 5474
5475static void add_to_white_list(struct hci_request *req,
5476 struct hci_conn_params *params)
5477{
5478 struct hci_cp_le_add_to_white_list cp;
5479
5480 cp.bdaddr_type = params->addr_type;
5481 bacpy(&cp.bdaddr, &params->addr);
5482
5483 hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp);
5484}
5485
5486static u8 update_white_list(struct hci_request *req)
5487{
5488 struct hci_dev *hdev = req->hdev;
5489 struct hci_conn_params *params;
5490 struct bdaddr_list *b;
5491 uint8_t white_list_entries = 0;
5492
5493 /* Go through the current white list programmed into the
5494 * controller one by one and check if that address is still
5495 * in the list of pending connections or list of devices to
5496 * report. If not present in either list, then queue the
5497 * command to remove it from the controller.
5498 */
5499 list_for_each_entry(b, &hdev->le_white_list, list) {
5500 struct hci_cp_le_del_from_white_list cp;
5501
5502 if (hci_pend_le_action_lookup(&hdev->pend_le_conns,
5503 &b->bdaddr, b->bdaddr_type) ||
5504 hci_pend_le_action_lookup(&hdev->pend_le_reports,
5505 &b->bdaddr, b->bdaddr_type)) {
5506 white_list_entries++;
5507 continue;
5508 }
5509
5510 cp.bdaddr_type = b->bdaddr_type;
5511 bacpy(&cp.bdaddr, &b->bdaddr);
5512
5513 hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST,
5514 sizeof(cp), &cp);
5515 }
5516
5517 /* Since all no longer valid white list entries have been
5518 * removed, walk through the list of pending connections
5519 * and ensure that any new device gets programmed into
5520 * the controller.
5521 *
5522 * If the list of the devices is larger than the list of
5523 * available white list entries in the controller, then
5524 * just abort and return filer policy value to not use the
5525 * white list.
5526 */
5527 list_for_each_entry(params, &hdev->pend_le_conns, action) {
5528 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
5529 &params->addr, params->addr_type))
5530 continue;
5531
5532 if (white_list_entries >= hdev->le_white_list_size) {
5533 /* Select filter policy to accept all advertising */
5534 return 0x00;
5535 }
5536
5537 if (hci_find_irk_by_addr(hdev, &params->addr,
5538 params->addr_type)) {
5539 /* White list can not be used with RPAs */
5540 return 0x00;
5541 }
5542
5543 white_list_entries++;
5544 add_to_white_list(req, params);
5545 }
5546
5547 /* After adding all new pending connections, walk through
5548 * the list of pending reports and also add these to the
5549 * white list if there is still space.
5550 */
5551 list_for_each_entry(params, &hdev->pend_le_reports, action) {
5552 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
5553 &params->addr, params->addr_type))
5554 continue;
5555
5556 if (white_list_entries >= hdev->le_white_list_size) {
5557 /* Select filter policy to accept all advertising */
5558 return 0x00;
5559 }
5560
5561 if (hci_find_irk_by_addr(hdev, &params->addr,
5562 params->addr_type)) {
5563 /* White list can not be used with RPAs */
5564 return 0x00;
5565 }
5566
5567 white_list_entries++;
5568 add_to_white_list(req, params);
5569 }
5570
5571 /* Select filter policy to use white list */
5572 return 0x01;
5573}
5574
5310void hci_req_add_le_passive_scan(struct hci_request *req) 5575void hci_req_add_le_passive_scan(struct hci_request *req)
5311{ 5576{
5312 struct hci_cp_le_set_scan_param param_cp; 5577 struct hci_cp_le_set_scan_param param_cp;
5313 struct hci_cp_le_set_scan_enable enable_cp; 5578 struct hci_cp_le_set_scan_enable enable_cp;
5314 struct hci_dev *hdev = req->hdev; 5579 struct hci_dev *hdev = req->hdev;
5315 u8 own_addr_type; 5580 u8 own_addr_type;
5581 u8 filter_policy;
5316 5582
5317 /* Set require_privacy to true to avoid identification from 5583 /* Set require_privacy to false since no SCAN_REQ are send
5318 * unknown peer devices. Since this is passive scanning, no 5584 * during passive scanning. Not using an unresolvable address
5319 * SCAN_REQ using the local identity should be sent. Mandating 5585 * here is important so that peer devices using direct
5320 * privacy is just an extra precaution. 5586 * advertising with our address will be correctly reported
5587 * by the controller.
5321 */ 5588 */
5322 if (hci_update_random_address(req, true, &own_addr_type)) 5589 if (hci_update_random_address(req, false, &own_addr_type))
5323 return; 5590 return;
5324 5591
5592 /* Adding or removing entries from the white list must
5593 * happen before enabling scanning. The controller does
5594 * not allow white list modification while scanning.
5595 */
5596 filter_policy = update_white_list(req);
5597
5325 memset(&param_cp, 0, sizeof(param_cp)); 5598 memset(&param_cp, 0, sizeof(param_cp));
5326 param_cp.type = LE_SCAN_PASSIVE; 5599 param_cp.type = LE_SCAN_PASSIVE;
5327 param_cp.interval = cpu_to_le16(hdev->le_scan_interval); 5600 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
5328 param_cp.window = cpu_to_le16(hdev->le_scan_window); 5601 param_cp.window = cpu_to_le16(hdev->le_scan_window);
5329 param_cp.own_address_type = own_addr_type; 5602 param_cp.own_address_type = own_addr_type;
5603 param_cp.filter_policy = filter_policy;
5330 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp), 5604 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
5331 &param_cp); 5605 &param_cp);
5332 5606
@@ -5356,11 +5630,29 @@ void hci_update_background_scan(struct hci_dev *hdev)
5356 struct hci_conn *conn; 5630 struct hci_conn *conn;
5357 int err; 5631 int err;
5358 5632
5633 if (!test_bit(HCI_UP, &hdev->flags) ||
5634 test_bit(HCI_INIT, &hdev->flags) ||
5635 test_bit(HCI_SETUP, &hdev->dev_flags) ||
5636 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
5637 test_bit(HCI_AUTO_OFF, &hdev->dev_flags) ||
5638 test_bit(HCI_UNREGISTER, &hdev->dev_flags))
5639 return;
5640
5641 /* No point in doing scanning if LE support hasn't been enabled */
5642 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
5643 return;
5644
5645 /* If discovery is active don't interfere with it */
5646 if (hdev->discovery.state != DISCOVERY_STOPPED)
5647 return;
5648
5359 hci_req_init(&req, hdev); 5649 hci_req_init(&req, hdev);
5360 5650
5361 if (list_empty(&hdev->pend_le_conns)) { 5651 if (list_empty(&hdev->pend_le_conns) &&
5362 /* If there is no pending LE connections, we should stop 5652 list_empty(&hdev->pend_le_reports)) {
5363 * the background scanning. 5653 /* If there is no pending LE connections or devices
5654 * to be scanned for, we should stop the background
5655 * scanning.
5364 */ 5656 */
5365 5657
5366 /* If controller is not scanning we are done. */ 5658 /* If controller is not scanning we are done. */
generated by cgit v1.2.2 (git 2.25.0) at 2025-05-23 12:54:59 -0400