1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2020 Google Corporation
4 */
5
6 #include <net/bluetooth/bluetooth.h>
7 #include <net/bluetooth/hci_core.h>
8 #include <net/bluetooth/mgmt.h>
9
10 #include "mgmt_util.h"
11 #include "msft.h"
12
13 #define MSFT_RSSI_THRESHOLD_VALUE_MIN -127
14 #define MSFT_RSSI_THRESHOLD_VALUE_MAX 20
15 #define MSFT_RSSI_LOW_TIMEOUT_MAX 0x3C
16
17 #define MSFT_OP_READ_SUPPORTED_FEATURES 0x00
18 struct msft_cp_read_supported_features {
19 __u8 sub_opcode;
20 } __packed;
21
22 struct msft_rp_read_supported_features {
23 __u8 status;
24 __u8 sub_opcode;
25 __le64 features;
26 __u8 evt_prefix_len;
27 __u8 evt_prefix[];
28 } __packed;
29
30 #define MSFT_OP_LE_MONITOR_ADVERTISEMENT 0x03
31 #define MSFT_MONITOR_ADVERTISEMENT_TYPE_PATTERN 0x01
32 struct msft_le_monitor_advertisement_pattern {
33 __u8 length;
34 __u8 data_type;
35 __u8 start_byte;
36 __u8 pattern[];
37 };
38
39 struct msft_le_monitor_advertisement_pattern_data {
40 __u8 count;
41 __u8 data[];
42 };
43
44 struct msft_cp_le_monitor_advertisement {
45 __u8 sub_opcode;
46 __s8 rssi_high;
47 __s8 rssi_low;
48 __u8 rssi_low_interval;
49 __u8 rssi_sampling_period;
50 __u8 cond_type;
51 __u8 data[];
52 } __packed;
53
54 struct msft_rp_le_monitor_advertisement {
55 __u8 status;
56 __u8 sub_opcode;
57 __u8 handle;
58 } __packed;
59
60 #define MSFT_OP_LE_CANCEL_MONITOR_ADVERTISEMENT 0x04
61 struct msft_cp_le_cancel_monitor_advertisement {
62 __u8 sub_opcode;
63 __u8 handle;
64 } __packed;
65
66 struct msft_rp_le_cancel_monitor_advertisement {
67 __u8 status;
68 __u8 sub_opcode;
69 } __packed;
70
71 #define MSFT_OP_LE_SET_ADVERTISEMENT_FILTER_ENABLE 0x05
72 struct msft_cp_le_set_advertisement_filter_enable {
73 __u8 sub_opcode;
74 __u8 enable;
75 } __packed;
76
77 struct msft_rp_le_set_advertisement_filter_enable {
78 __u8 status;
79 __u8 sub_opcode;
80 } __packed;
81
82 #define MSFT_EV_LE_MONITOR_DEVICE 0x02
83 struct msft_ev_le_monitor_device {
84 __u8 addr_type;
85 bdaddr_t bdaddr;
86 __u8 monitor_handle;
87 __u8 monitor_state;
88 } __packed;
89
90 struct msft_monitor_advertisement_handle_data {
91 __u8 msft_handle;
92 __u16 mgmt_handle;
93 __s8 rssi_high;
94 __s8 rssi_low;
95 __u8 rssi_low_interval;
96 __u8 rssi_sampling_period;
97 __u8 cond_type;
98 struct list_head list;
99 };
100
101 enum monitor_addr_filter_state {
102 AF_STATE_IDLE,
103 AF_STATE_ADDING,
104 AF_STATE_ADDED,
105 AF_STATE_REMOVING,
106 };
107
108 #define MSFT_MONITOR_ADVERTISEMENT_TYPE_ADDR 0x04
109 struct msft_monitor_addr_filter_data {
110 __u8 msft_handle;
111 __u8 pattern_handle; /* address filters pertain to */
112 __u16 mgmt_handle;
113 int state;
114 __s8 rssi_high;
115 __s8 rssi_low;
116 __u8 rssi_low_interval;
117 __u8 rssi_sampling_period;
118 __u8 addr_type;
119 bdaddr_t bdaddr;
120 struct list_head list;
121 };
122
123 struct msft_data {
124 __u64 features;
125 __u8 evt_prefix_len;
126 __u8 *evt_prefix;
127 struct list_head handle_map;
128 struct list_head address_filters;
129 __u8 resuming;
130 __u8 suspending;
131 __u8 filter_enabled;
132 /* To synchronize add/remove address filter and monitor device event.*/
133 struct mutex filter_lock;
134 };
135
msft_monitor_supported(struct hci_dev * hdev)136 bool msft_monitor_supported(struct hci_dev *hdev)
137 {
138 return !!(msft_get_features(hdev) & MSFT_FEATURE_MASK_LE_ADV_MONITOR);
139 }
140
read_supported_features(struct hci_dev * hdev,struct msft_data * msft)141 static bool read_supported_features(struct hci_dev *hdev,
142 struct msft_data *msft)
143 {
144 struct msft_cp_read_supported_features cp;
145 struct msft_rp_read_supported_features *rp;
146 struct sk_buff *skb;
147
148 cp.sub_opcode = MSFT_OP_READ_SUPPORTED_FEATURES;
149
150 skb = __hci_cmd_sync(hdev, hdev->msft_opcode, sizeof(cp), &cp,
151 HCI_CMD_TIMEOUT);
152 if (IS_ERR(skb)) {
153 bt_dev_err(hdev, "Failed to read MSFT supported features (%ld)",
154 PTR_ERR(skb));
155 return false;
156 }
157
158 if (skb->len < sizeof(*rp)) {
159 bt_dev_err(hdev, "MSFT supported features length mismatch");
160 goto failed;
161 }
162
163 rp = (struct msft_rp_read_supported_features *)skb->data;
164
165 if (rp->sub_opcode != MSFT_OP_READ_SUPPORTED_FEATURES)
166 goto failed;
167
168 if (rp->evt_prefix_len > 0) {
169 msft->evt_prefix = kmemdup(rp->evt_prefix, rp->evt_prefix_len,
170 GFP_KERNEL);
171 if (!msft->evt_prefix)
172 goto failed;
173 }
174
175 msft->evt_prefix_len = rp->evt_prefix_len;
176 msft->features = __le64_to_cpu(rp->features);
177
178 if (msft->features & MSFT_FEATURE_MASK_CURVE_VALIDITY)
179 hdev->msft_curve_validity = true;
180
181 kfree_skb(skb);
182 return true;
183
184 failed:
185 kfree_skb(skb);
186 return false;
187 }
188
189 /* is_mgmt = true matches the handle exposed to userspace via mgmt.
190 * is_mgmt = false matches the handle used by the msft controller.
191 * This function requires the caller holds hdev->lock
192 */
msft_find_handle_data(struct hci_dev * hdev,u16 handle,bool is_mgmt)193 static struct msft_monitor_advertisement_handle_data *msft_find_handle_data
194 (struct hci_dev *hdev, u16 handle, bool is_mgmt)
195 {
196 struct msft_monitor_advertisement_handle_data *entry;
197 struct msft_data *msft = hdev->msft_data;
198
199 list_for_each_entry(entry, &msft->handle_map, list) {
200 if (is_mgmt && entry->mgmt_handle == handle)
201 return entry;
202 if (!is_mgmt && entry->msft_handle == handle)
203 return entry;
204 }
205
206 return NULL;
207 }
208
209 /* This function requires the caller holds msft->filter_lock */
msft_find_address_data(struct hci_dev * hdev,u8 addr_type,bdaddr_t * addr,u8 pattern_handle)210 static struct msft_monitor_addr_filter_data *msft_find_address_data
211 (struct hci_dev *hdev, u8 addr_type, bdaddr_t *addr,
212 u8 pattern_handle)
213 {
214 struct msft_monitor_addr_filter_data *entry;
215 struct msft_data *msft = hdev->msft_data;
216
217 list_for_each_entry(entry, &msft->address_filters, list) {
218 if (entry->pattern_handle == pattern_handle &&
219 addr_type == entry->addr_type &&
220 !bacmp(addr, &entry->bdaddr))
221 return entry;
222 }
223
224 return NULL;
225 }
226
227 /* This function requires the caller holds hdev->lock */
msft_monitor_device_del(struct hci_dev * hdev,__u16 mgmt_handle,bdaddr_t * bdaddr,__u8 addr_type,bool notify)228 static int msft_monitor_device_del(struct hci_dev *hdev, __u16 mgmt_handle,
229 bdaddr_t *bdaddr, __u8 addr_type,
230 bool notify)
231 {
232 struct monitored_device *dev, *tmp;
233 int count = 0;
234
235 list_for_each_entry_safe(dev, tmp, &hdev->monitored_devices, list) {
236 /* mgmt_handle == 0 indicates remove all devices, whereas,
237 * bdaddr == NULL indicates remove all devices matching the
238 * mgmt_handle.
239 */
240 if ((!mgmt_handle || dev->handle == mgmt_handle) &&
241 (!bdaddr || (!bacmp(bdaddr, &dev->bdaddr) &&
242 addr_type == dev->addr_type))) {
243 if (notify && dev->notified) {
244 mgmt_adv_monitor_device_lost(hdev, dev->handle,
245 &dev->bdaddr,
246 dev->addr_type);
247 }
248
249 list_del(&dev->list);
250 kfree(dev);
251 count++;
252 }
253 }
254
255 return count;
256 }
257
msft_le_monitor_advertisement_cb(struct hci_dev * hdev,u16 opcode,struct adv_monitor * monitor,struct sk_buff * skb)258 static int msft_le_monitor_advertisement_cb(struct hci_dev *hdev, u16 opcode,
259 struct adv_monitor *monitor,
260 struct sk_buff *skb)
261 {
262 struct msft_rp_le_monitor_advertisement *rp;
263 struct msft_monitor_advertisement_handle_data *handle_data;
264 struct msft_data *msft = hdev->msft_data;
265 int status = 0;
266
267 hci_dev_lock(hdev);
268
269 rp = (struct msft_rp_le_monitor_advertisement *)skb->data;
270 if (skb->len < sizeof(*rp)) {
271 status = HCI_ERROR_UNSPECIFIED;
272 goto unlock;
273 }
274
275 status = rp->status;
276 if (status)
277 goto unlock;
278
279 handle_data = kmalloc(sizeof(*handle_data), GFP_KERNEL);
280 if (!handle_data) {
281 status = HCI_ERROR_UNSPECIFIED;
282 goto unlock;
283 }
284
285 handle_data->mgmt_handle = monitor->handle;
286 handle_data->msft_handle = rp->handle;
287 handle_data->cond_type = MSFT_MONITOR_ADVERTISEMENT_TYPE_PATTERN;
288 INIT_LIST_HEAD(&handle_data->list);
289 list_add(&handle_data->list, &msft->handle_map);
290
291 monitor->state = ADV_MONITOR_STATE_OFFLOADED;
292
293 unlock:
294 if (status)
295 hci_free_adv_monitor(hdev, monitor);
296
297 hci_dev_unlock(hdev);
298
299 return status;
300 }
301
302 /* This function requires the caller holds hci_req_sync_lock */
msft_remove_addr_filters_sync(struct hci_dev * hdev,u8 handle)303 static void msft_remove_addr_filters_sync(struct hci_dev *hdev, u8 handle)
304 {
305 struct msft_monitor_addr_filter_data *address_filter, *n;
306 struct msft_cp_le_cancel_monitor_advertisement cp;
307 struct msft_data *msft = hdev->msft_data;
308 struct list_head head;
309 struct sk_buff *skb;
310
311 INIT_LIST_HEAD(&head);
312
313 /* Cancel all corresponding address monitors */
314 mutex_lock(&msft->filter_lock);
315
316 list_for_each_entry_safe(address_filter, n, &msft->address_filters,
317 list) {
318 if (address_filter->pattern_handle != handle)
319 continue;
320
321 list_del(&address_filter->list);
322
323 /* Keep the address filter and let
324 * msft_add_address_filter_sync() remove and free the address
325 * filter.
326 */
327 if (address_filter->state == AF_STATE_ADDING) {
328 address_filter->state = AF_STATE_REMOVING;
329 continue;
330 }
331
332 /* Keep the address filter and let
333 * msft_cancel_address_filter_sync() remove and free the address
334 * filter
335 */
336 if (address_filter->state == AF_STATE_REMOVING)
337 continue;
338
339 list_add_tail(&address_filter->list, &head);
340 }
341
342 mutex_unlock(&msft->filter_lock);
343
344 list_for_each_entry_safe(address_filter, n, &head, list) {
345 list_del(&address_filter->list);
346
347 cp.sub_opcode = MSFT_OP_LE_CANCEL_MONITOR_ADVERTISEMENT;
348 cp.handle = address_filter->msft_handle;
349
350 skb = __hci_cmd_sync(hdev, hdev->msft_opcode, sizeof(cp), &cp,
351 HCI_CMD_TIMEOUT);
352 if (IS_ERR(skb)) {
353 kfree(address_filter);
354 continue;
355 }
356
357 kfree_skb(skb);
358
359 bt_dev_dbg(hdev, "MSFT: Canceled device %pMR address filter",
360 &address_filter->bdaddr);
361
362 kfree(address_filter);
363 }
364 }
365
msft_le_cancel_monitor_advertisement_cb(struct hci_dev * hdev,u16 opcode,struct adv_monitor * monitor,struct sk_buff * skb)366 static int msft_le_cancel_monitor_advertisement_cb(struct hci_dev *hdev,
367 u16 opcode,
368 struct adv_monitor *monitor,
369 struct sk_buff *skb)
370 {
371 struct msft_rp_le_cancel_monitor_advertisement *rp;
372 struct msft_monitor_advertisement_handle_data *handle_data;
373 struct msft_data *msft = hdev->msft_data;
374 int status = 0;
375 u8 msft_handle;
376
377 rp = (struct msft_rp_le_cancel_monitor_advertisement *)skb->data;
378 if (skb->len < sizeof(*rp)) {
379 status = HCI_ERROR_UNSPECIFIED;
380 goto done;
381 }
382
383 status = rp->status;
384 if (status)
385 goto done;
386
387 hci_dev_lock(hdev);
388
389 handle_data = msft_find_handle_data(hdev, monitor->handle, true);
390
391 if (handle_data) {
392 if (monitor->state == ADV_MONITOR_STATE_OFFLOADED)
393 monitor->state = ADV_MONITOR_STATE_REGISTERED;
394
395 /* Do not free the monitor if it is being removed due to
396 * suspend. It will be re-monitored on resume.
397 */
398 if (!msft->suspending) {
399 hci_free_adv_monitor(hdev, monitor);
400
401 /* Clear any monitored devices by this Adv Monitor */
402 msft_monitor_device_del(hdev, handle_data->mgmt_handle,
403 NULL, 0, false);
404 }
405
406 msft_handle = handle_data->msft_handle;
407
408 list_del(&handle_data->list);
409 kfree(handle_data);
410
411 hci_dev_unlock(hdev);
412
413 msft_remove_addr_filters_sync(hdev, msft_handle);
414 } else {
415 hci_dev_unlock(hdev);
416 }
417
418 done:
419 return status;
420 }
421
422 /* This function requires the caller holds hci_req_sync_lock */
msft_remove_monitor_sync(struct hci_dev * hdev,struct adv_monitor * monitor)423 static int msft_remove_monitor_sync(struct hci_dev *hdev,
424 struct adv_monitor *monitor)
425 {
426 struct msft_cp_le_cancel_monitor_advertisement cp;
427 struct msft_monitor_advertisement_handle_data *handle_data;
428 struct sk_buff *skb;
429
430 handle_data = msft_find_handle_data(hdev, monitor->handle, true);
431
432 /* If no matched handle, just remove without telling controller */
433 if (!handle_data)
434 return -ENOENT;
435
436 cp.sub_opcode = MSFT_OP_LE_CANCEL_MONITOR_ADVERTISEMENT;
437 cp.handle = handle_data->msft_handle;
438
439 skb = __hci_cmd_sync(hdev, hdev->msft_opcode, sizeof(cp), &cp,
440 HCI_CMD_TIMEOUT);
441 if (IS_ERR(skb))
442 return PTR_ERR(skb);
443
444 return msft_le_cancel_monitor_advertisement_cb(hdev, hdev->msft_opcode,
445 monitor, skb);
446 }
447
448 /* This function requires the caller holds hci_req_sync_lock */
msft_suspend_sync(struct hci_dev * hdev)449 int msft_suspend_sync(struct hci_dev *hdev)
450 {
451 struct msft_data *msft = hdev->msft_data;
452 struct adv_monitor *monitor;
453 int handle = 0;
454
455 if (!msft || !msft_monitor_supported(hdev))
456 return 0;
457
458 msft->suspending = true;
459
460 while (1) {
461 monitor = idr_get_next(&hdev->adv_monitors_idr, &handle);
462 if (!monitor)
463 break;
464
465 msft_remove_monitor_sync(hdev, monitor);
466
467 handle++;
468 }
469
470 /* All monitors have been removed */
471 msft->suspending = false;
472
473 return 0;
474 }
475
msft_monitor_rssi_valid(struct adv_monitor * monitor)476 static bool msft_monitor_rssi_valid(struct adv_monitor *monitor)
477 {
478 struct adv_rssi_thresholds *r = &monitor->rssi;
479
480 if (r->high_threshold < MSFT_RSSI_THRESHOLD_VALUE_MIN ||
481 r->high_threshold > MSFT_RSSI_THRESHOLD_VALUE_MAX ||
482 r->low_threshold < MSFT_RSSI_THRESHOLD_VALUE_MIN ||
483 r->low_threshold > MSFT_RSSI_THRESHOLD_VALUE_MAX)
484 return false;
485
486 /* High_threshold_timeout is not supported,
487 * once high_threshold is reached, events are immediately reported.
488 */
489 if (r->high_threshold_timeout != 0)
490 return false;
491
492 if (r->low_threshold_timeout > MSFT_RSSI_LOW_TIMEOUT_MAX)
493 return false;
494
495 /* Sampling period from 0x00 to 0xFF are all allowed */
496 return true;
497 }
498
msft_monitor_pattern_valid(struct adv_monitor * monitor)499 static bool msft_monitor_pattern_valid(struct adv_monitor *monitor)
500 {
501 return msft_monitor_rssi_valid(monitor);
502 /* No additional check needed for pattern-based monitor */
503 }
504
msft_add_monitor_sync(struct hci_dev * hdev,struct adv_monitor * monitor)505 static int msft_add_monitor_sync(struct hci_dev *hdev,
506 struct adv_monitor *monitor)
507 {
508 struct msft_cp_le_monitor_advertisement *cp;
509 struct msft_le_monitor_advertisement_pattern_data *pattern_data;
510 struct msft_monitor_advertisement_handle_data *handle_data;
511 struct msft_le_monitor_advertisement_pattern *pattern;
512 struct adv_pattern *entry;
513 size_t total_size = sizeof(*cp) + sizeof(*pattern_data);
514 ptrdiff_t offset = 0;
515 u8 pattern_count = 0;
516 struct sk_buff *skb;
517 int err;
518
519 if (!msft_monitor_pattern_valid(monitor))
520 return -EINVAL;
521
522 list_for_each_entry(entry, &monitor->patterns, list) {
523 pattern_count++;
524 total_size += sizeof(*pattern) + entry->length;
525 }
526
527 cp = kmalloc(total_size, GFP_KERNEL);
528 if (!cp)
529 return -ENOMEM;
530
531 cp->sub_opcode = MSFT_OP_LE_MONITOR_ADVERTISEMENT;
532 cp->rssi_high = monitor->rssi.high_threshold;
533 cp->rssi_low = monitor->rssi.low_threshold;
534 cp->rssi_low_interval = (u8)monitor->rssi.low_threshold_timeout;
535 cp->rssi_sampling_period = monitor->rssi.sampling_period;
536
537 cp->cond_type = MSFT_MONITOR_ADVERTISEMENT_TYPE_PATTERN;
538
539 pattern_data = (void *)cp->data;
540 pattern_data->count = pattern_count;
541
542 list_for_each_entry(entry, &monitor->patterns, list) {
543 pattern = (void *)(pattern_data->data + offset);
544 /* the length also includes data_type and offset */
545 pattern->length = entry->length + 2;
546 pattern->data_type = entry->ad_type;
547 pattern->start_byte = entry->offset;
548 memcpy(pattern->pattern, entry->value, entry->length);
549 offset += sizeof(*pattern) + entry->length;
550 }
551
552 skb = __hci_cmd_sync(hdev, hdev->msft_opcode, total_size, cp,
553 HCI_CMD_TIMEOUT);
554
555 if (IS_ERR(skb)) {
556 err = PTR_ERR(skb);
557 goto out_free;
558 }
559
560 err = msft_le_monitor_advertisement_cb(hdev, hdev->msft_opcode,
561 monitor, skb);
562 if (err)
563 goto out_free;
564
565 handle_data = msft_find_handle_data(hdev, monitor->handle, true);
566 if (!handle_data) {
567 err = -ENODATA;
568 goto out_free;
569 }
570
571 handle_data->rssi_high = cp->rssi_high;
572 handle_data->rssi_low = cp->rssi_low;
573 handle_data->rssi_low_interval = cp->rssi_low_interval;
574 handle_data->rssi_sampling_period = cp->rssi_sampling_period;
575
576 out_free:
577 kfree(cp);
578 return err;
579 }
580
581 /* This function requires the caller holds hci_req_sync_lock */
reregister_monitor(struct hci_dev * hdev)582 static void reregister_monitor(struct hci_dev *hdev)
583 {
584 struct adv_monitor *monitor;
585 struct msft_data *msft = hdev->msft_data;
586 int handle = 0;
587
588 if (!msft)
589 return;
590
591 msft->resuming = true;
592
593 while (1) {
594 monitor = idr_get_next(&hdev->adv_monitors_idr, &handle);
595 if (!monitor)
596 break;
597
598 msft_add_monitor_sync(hdev, monitor);
599
600 handle++;
601 }
602
603 /* All monitors have been reregistered */
604 msft->resuming = false;
605 }
606
607 /* This function requires the caller holds hci_req_sync_lock */
msft_resume_sync(struct hci_dev * hdev)608 int msft_resume_sync(struct hci_dev *hdev)
609 {
610 struct msft_data *msft = hdev->msft_data;
611
612 if (!msft || !msft_monitor_supported(hdev))
613 return 0;
614
615 hci_dev_lock(hdev);
616
617 /* Clear already tracked devices on resume. Once the monitors are
618 * reregistered, devices in range will be found again after resume.
619 */
620 hdev->advmon_pend_notify = false;
621 msft_monitor_device_del(hdev, 0, NULL, 0, true);
622
623 hci_dev_unlock(hdev);
624
625 reregister_monitor(hdev);
626
627 return 0;
628 }
629
630 /* This function requires the caller holds hci_req_sync_lock */
msft_do_open(struct hci_dev * hdev)631 void msft_do_open(struct hci_dev *hdev)
632 {
633 struct msft_data *msft = hdev->msft_data;
634
635 if (hdev->msft_opcode == HCI_OP_NOP)
636 return;
637
638 if (!msft) {
639 bt_dev_err(hdev, "MSFT extension not registered");
640 return;
641 }
642
643 bt_dev_dbg(hdev, "Initialize MSFT extension");
644
645 /* Reset existing MSFT data before re-reading */
646 kfree(msft->evt_prefix);
647 msft->evt_prefix = NULL;
648 msft->evt_prefix_len = 0;
649 msft->features = 0;
650
651 if (!read_supported_features(hdev, msft)) {
652 hdev->msft_data = NULL;
653 kfree(msft);
654 return;
655 }
656
657 if (msft_monitor_supported(hdev)) {
658 msft->resuming = true;
659 msft_set_filter_enable(hdev, true);
660 /* Monitors get removed on power off, so we need to explicitly
661 * tell the controller to re-monitor.
662 */
663 reregister_monitor(hdev);
664 }
665 }
666
msft_do_close(struct hci_dev * hdev)667 void msft_do_close(struct hci_dev *hdev)
668 {
669 struct msft_data *msft = hdev->msft_data;
670 struct msft_monitor_advertisement_handle_data *handle_data, *tmp;
671 struct msft_monitor_addr_filter_data *address_filter, *n;
672 struct adv_monitor *monitor;
673
674 if (!msft)
675 return;
676
677 bt_dev_dbg(hdev, "Cleanup of MSFT extension");
678
679 /* The controller will silently remove all monitors on power off.
680 * Therefore, remove handle_data mapping and reset monitor state.
681 */
682 list_for_each_entry_safe(handle_data, tmp, &msft->handle_map, list) {
683 monitor = idr_find(&hdev->adv_monitors_idr,
684 handle_data->mgmt_handle);
685
686 if (monitor && monitor->state == ADV_MONITOR_STATE_OFFLOADED)
687 monitor->state = ADV_MONITOR_STATE_REGISTERED;
688
689 list_del(&handle_data->list);
690 kfree(handle_data);
691 }
692
693 mutex_lock(&msft->filter_lock);
694 list_for_each_entry_safe(address_filter, n, &msft->address_filters,
695 list) {
696 list_del(&address_filter->list);
697 kfree(address_filter);
698 }
699 mutex_unlock(&msft->filter_lock);
700
701 hci_dev_lock(hdev);
702
703 /* Clear any devices that are being monitored and notify device lost */
704 hdev->advmon_pend_notify = false;
705 msft_monitor_device_del(hdev, 0, NULL, 0, true);
706
707 hci_dev_unlock(hdev);
708 }
709
msft_cancel_address_filter_sync(struct hci_dev * hdev,void * data)710 static int msft_cancel_address_filter_sync(struct hci_dev *hdev, void *data)
711 {
712 struct msft_monitor_addr_filter_data *address_filter = data;
713 struct msft_cp_le_cancel_monitor_advertisement cp;
714 struct msft_data *msft = hdev->msft_data;
715 struct sk_buff *skb;
716 int err = 0;
717
718 if (!msft) {
719 bt_dev_err(hdev, "MSFT: msft data is freed");
720 return -EINVAL;
721 }
722
723 /* The address filter has been removed by hci dev close */
724 if (!test_bit(HCI_UP, &hdev->flags))
725 return 0;
726
727 mutex_lock(&msft->filter_lock);
728 list_del(&address_filter->list);
729 mutex_unlock(&msft->filter_lock);
730
731 cp.sub_opcode = MSFT_OP_LE_CANCEL_MONITOR_ADVERTISEMENT;
732 cp.handle = address_filter->msft_handle;
733
734 skb = __hci_cmd_sync(hdev, hdev->msft_opcode, sizeof(cp), &cp,
735 HCI_CMD_TIMEOUT);
736 if (IS_ERR(skb)) {
737 bt_dev_err(hdev, "MSFT: Failed to cancel address (%pMR) filter",
738 &address_filter->bdaddr);
739 err = PTR_ERR(skb);
740 goto done;
741 }
742 kfree_skb(skb);
743
744 bt_dev_dbg(hdev, "MSFT: Canceled device %pMR address filter",
745 &address_filter->bdaddr);
746
747 done:
748 kfree(address_filter);
749
750 return err;
751 }
752
msft_register(struct hci_dev * hdev)753 void msft_register(struct hci_dev *hdev)
754 {
755 struct msft_data *msft = NULL;
756
757 bt_dev_dbg(hdev, "Register MSFT extension");
758
759 msft = kzalloc(sizeof(*msft), GFP_KERNEL);
760 if (!msft) {
761 bt_dev_err(hdev, "Failed to register MSFT extension");
762 return;
763 }
764
765 INIT_LIST_HEAD(&msft->handle_map);
766 INIT_LIST_HEAD(&msft->address_filters);
767 hdev->msft_data = msft;
768 mutex_init(&msft->filter_lock);
769 }
770
msft_release(struct hci_dev * hdev)771 void msft_release(struct hci_dev *hdev)
772 {
773 struct msft_data *msft = hdev->msft_data;
774
775 if (!msft)
776 return;
777
778 bt_dev_dbg(hdev, "Unregister MSFT extension");
779
780 hdev->msft_data = NULL;
781
782 kfree(msft->evt_prefix);
783 mutex_destroy(&msft->filter_lock);
784 kfree(msft);
785 }
786
787 /* This function requires the caller holds hdev->lock */
msft_device_found(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 addr_type,__u16 mgmt_handle)788 static void msft_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr,
789 __u8 addr_type, __u16 mgmt_handle)
790 {
791 struct monitored_device *dev;
792
793 dev = kmalloc(sizeof(*dev), GFP_KERNEL);
794 if (!dev) {
795 bt_dev_err(hdev, "MSFT vendor event %u: no memory",
796 MSFT_EV_LE_MONITOR_DEVICE);
797 return;
798 }
799
800 bacpy(&dev->bdaddr, bdaddr);
801 dev->addr_type = addr_type;
802 dev->handle = mgmt_handle;
803 dev->notified = false;
804
805 INIT_LIST_HEAD(&dev->list);
806 list_add(&dev->list, &hdev->monitored_devices);
807 hdev->advmon_pend_notify = true;
808 }
809
810 /* This function requires the caller holds hdev->lock */
msft_device_lost(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 addr_type,__u16 mgmt_handle)811 static void msft_device_lost(struct hci_dev *hdev, bdaddr_t *bdaddr,
812 __u8 addr_type, __u16 mgmt_handle)
813 {
814 if (!msft_monitor_device_del(hdev, mgmt_handle, bdaddr, addr_type,
815 true)) {
816 bt_dev_err(hdev, "MSFT vendor event %u: dev %pMR not in list",
817 MSFT_EV_LE_MONITOR_DEVICE, bdaddr);
818 }
819 }
820
msft_skb_pull(struct hci_dev * hdev,struct sk_buff * skb,u8 ev,size_t len)821 static void *msft_skb_pull(struct hci_dev *hdev, struct sk_buff *skb,
822 u8 ev, size_t len)
823 {
824 void *data;
825
826 data = skb_pull_data(skb, len);
827 if (!data)
828 bt_dev_err(hdev, "Malformed MSFT vendor event: 0x%02x", ev);
829
830 return data;
831 }
832
msft_add_address_filter_sync(struct hci_dev * hdev,void * data)833 static int msft_add_address_filter_sync(struct hci_dev *hdev, void *data)
834 {
835 struct msft_monitor_addr_filter_data *address_filter = data;
836 struct msft_rp_le_monitor_advertisement *rp;
837 struct msft_cp_le_monitor_advertisement *cp;
838 struct msft_data *msft = hdev->msft_data;
839 struct sk_buff *skb = NULL;
840 bool remove = false;
841 size_t size;
842
843 if (!msft) {
844 bt_dev_err(hdev, "MSFT: msft data is freed");
845 return -EINVAL;
846 }
847
848 /* The address filter has been removed by hci dev close */
849 if (!test_bit(HCI_UP, &hdev->flags))
850 return -ENODEV;
851
852 /* We are safe to use the address filter from now on.
853 * msft_monitor_device_evt() wouldn't delete this filter because it's
854 * not been added by now.
855 * And all other functions that requiring hci_req_sync_lock wouldn't
856 * touch this filter before this func completes because it's protected
857 * by hci_req_sync_lock.
858 */
859
860 if (address_filter->state == AF_STATE_REMOVING) {
861 mutex_lock(&msft->filter_lock);
862 list_del(&address_filter->list);
863 mutex_unlock(&msft->filter_lock);
864 kfree(address_filter);
865 return 0;
866 }
867
868 size = sizeof(*cp) +
869 sizeof(address_filter->addr_type) +
870 sizeof(address_filter->bdaddr);
871 cp = kzalloc(size, GFP_KERNEL);
872 if (!cp) {
873 bt_dev_err(hdev, "MSFT: Alloc cmd param err");
874 remove = true;
875 goto done;
876 }
877
878 cp->sub_opcode = MSFT_OP_LE_MONITOR_ADVERTISEMENT;
879 cp->rssi_high = address_filter->rssi_high;
880 cp->rssi_low = address_filter->rssi_low;
881 cp->rssi_low_interval = address_filter->rssi_low_interval;
882 cp->rssi_sampling_period = address_filter->rssi_sampling_period;
883 cp->cond_type = MSFT_MONITOR_ADVERTISEMENT_TYPE_ADDR;
884 cp->data[0] = address_filter->addr_type;
885 memcpy(&cp->data[1], &address_filter->bdaddr,
886 sizeof(address_filter->bdaddr));
887
888 skb = __hci_cmd_sync(hdev, hdev->msft_opcode, size, cp,
889 HCI_CMD_TIMEOUT);
890 kfree(cp);
891
892 if (IS_ERR(skb)) {
893 bt_dev_err(hdev, "Failed to enable address %pMR filter",
894 &address_filter->bdaddr);
895 skb = NULL;
896 remove = true;
897 goto done;
898 }
899
900 rp = skb_pull_data(skb, sizeof(*rp));
901 if (!rp || rp->sub_opcode != MSFT_OP_LE_MONITOR_ADVERTISEMENT ||
902 rp->status)
903 remove = true;
904
905 done:
906 mutex_lock(&msft->filter_lock);
907
908 if (remove) {
909 bt_dev_warn(hdev, "MSFT: Remove address (%pMR) filter",
910 &address_filter->bdaddr);
911 list_del(&address_filter->list);
912 kfree(address_filter);
913 } else {
914 address_filter->state = AF_STATE_ADDED;
915 address_filter->msft_handle = rp->handle;
916 bt_dev_dbg(hdev, "MSFT: Address %pMR filter enabled",
917 &address_filter->bdaddr);
918 }
919 mutex_unlock(&msft->filter_lock);
920
921 kfree_skb(skb);
922
923 return 0;
924 }
925
926 /* This function requires the caller holds msft->filter_lock */
msft_add_address_filter(struct hci_dev * hdev,u8 addr_type,bdaddr_t * bdaddr,struct msft_monitor_advertisement_handle_data * handle_data)927 static struct msft_monitor_addr_filter_data *msft_add_address_filter
928 (struct hci_dev *hdev, u8 addr_type, bdaddr_t *bdaddr,
929 struct msft_monitor_advertisement_handle_data *handle_data)
930 {
931 struct msft_monitor_addr_filter_data *address_filter = NULL;
932 struct msft_data *msft = hdev->msft_data;
933 int err;
934
935 address_filter = kzalloc(sizeof(*address_filter), GFP_KERNEL);
936 if (!address_filter)
937 return NULL;
938
939 address_filter->state = AF_STATE_ADDING;
940 address_filter->msft_handle = 0xff;
941 address_filter->pattern_handle = handle_data->msft_handle;
942 address_filter->mgmt_handle = handle_data->mgmt_handle;
943 address_filter->rssi_high = handle_data->rssi_high;
944 address_filter->rssi_low = handle_data->rssi_low;
945 address_filter->rssi_low_interval = handle_data->rssi_low_interval;
946 address_filter->rssi_sampling_period = handle_data->rssi_sampling_period;
947 address_filter->addr_type = addr_type;
948 bacpy(&address_filter->bdaddr, bdaddr);
949
950 /* With the above AF_STATE_ADDING, duplicated address filter can be
951 * avoided when receiving monitor device event (found/lost) frequently
952 * for the same device.
953 */
954 list_add_tail(&address_filter->list, &msft->address_filters);
955
956 err = hci_cmd_sync_queue(hdev, msft_add_address_filter_sync,
957 address_filter, NULL);
958 if (err < 0) {
959 bt_dev_err(hdev, "MSFT: Add address %pMR filter err", bdaddr);
960 list_del(&address_filter->list);
961 kfree(address_filter);
962 return NULL;
963 }
964
965 bt_dev_dbg(hdev, "MSFT: Add device %pMR address filter",
966 &address_filter->bdaddr);
967
968 return address_filter;
969 }
970
971 /* This function requires the caller holds hdev->lock */
msft_monitor_device_evt(struct hci_dev * hdev,struct sk_buff * skb)972 static void msft_monitor_device_evt(struct hci_dev *hdev, struct sk_buff *skb)
973 {
974 struct msft_monitor_addr_filter_data *n, *address_filter = NULL;
975 struct msft_ev_le_monitor_device *ev;
976 struct msft_monitor_advertisement_handle_data *handle_data;
977 struct msft_data *msft = hdev->msft_data;
978 u16 mgmt_handle = 0xffff;
979 u8 addr_type;
980
981 ev = msft_skb_pull(hdev, skb, MSFT_EV_LE_MONITOR_DEVICE, sizeof(*ev));
982 if (!ev)
983 return;
984
985 bt_dev_dbg(hdev,
986 "MSFT vendor event 0x%02x: handle 0x%04x state %d addr %pMR",
987 MSFT_EV_LE_MONITOR_DEVICE, ev->monitor_handle,
988 ev->monitor_state, &ev->bdaddr);
989
990 handle_data = msft_find_handle_data(hdev, ev->monitor_handle, false);
991
992 if (!test_bit(HCI_QUIRK_USE_MSFT_EXT_ADDRESS_FILTER, &hdev->quirks)) {
993 if (!handle_data)
994 return;
995 mgmt_handle = handle_data->mgmt_handle;
996 goto report_state;
997 }
998
999 if (handle_data) {
1000 /* Don't report any device found/lost event from pattern
1001 * monitors. Pattern monitor always has its address filters for
1002 * tracking devices.
1003 */
1004
1005 address_filter = msft_find_address_data(hdev, ev->addr_type,
1006 &ev->bdaddr,
1007 handle_data->msft_handle);
1008 if (address_filter)
1009 return;
1010
1011 if (ev->monitor_state && handle_data->cond_type ==
1012 MSFT_MONITOR_ADVERTISEMENT_TYPE_PATTERN)
1013 msft_add_address_filter(hdev, ev->addr_type,
1014 &ev->bdaddr, handle_data);
1015
1016 return;
1017 }
1018
1019 /* This device event is not from pattern monitor.
1020 * Report it if there is a corresponding address_filter for it.
1021 */
1022 list_for_each_entry(n, &msft->address_filters, list) {
1023 if (n->state == AF_STATE_ADDED &&
1024 n->msft_handle == ev->monitor_handle) {
1025 mgmt_handle = n->mgmt_handle;
1026 address_filter = n;
1027 break;
1028 }
1029 }
1030
1031 if (!address_filter) {
1032 bt_dev_warn(hdev, "MSFT: Unexpected device event %pMR, %u, %u",
1033 &ev->bdaddr, ev->monitor_handle, ev->monitor_state);
1034 return;
1035 }
1036
1037 report_state:
1038 switch (ev->addr_type) {
1039 case ADDR_LE_DEV_PUBLIC:
1040 addr_type = BDADDR_LE_PUBLIC;
1041 break;
1042
1043 case ADDR_LE_DEV_RANDOM:
1044 addr_type = BDADDR_LE_RANDOM;
1045 break;
1046
1047 default:
1048 bt_dev_err(hdev,
1049 "MSFT vendor event 0x%02x: unknown addr type 0x%02x",
1050 MSFT_EV_LE_MONITOR_DEVICE, ev->addr_type);
1051 return;
1052 }
1053
1054 if (ev->monitor_state) {
1055 msft_device_found(hdev, &ev->bdaddr, addr_type, mgmt_handle);
1056 } else {
1057 if (address_filter && address_filter->state == AF_STATE_ADDED) {
1058 address_filter->state = AF_STATE_REMOVING;
1059 hci_cmd_sync_queue(hdev,
1060 msft_cancel_address_filter_sync,
1061 address_filter,
1062 NULL);
1063 }
1064 msft_device_lost(hdev, &ev->bdaddr, addr_type, mgmt_handle);
1065 }
1066 }
1067
msft_vendor_evt(struct hci_dev * hdev,void * data,struct sk_buff * skb)1068 void msft_vendor_evt(struct hci_dev *hdev, void *data, struct sk_buff *skb)
1069 {
1070 struct msft_data *msft = hdev->msft_data;
1071 u8 *evt_prefix;
1072 u8 *evt;
1073
1074 if (!msft)
1075 return;
1076
1077 /* When the extension has defined an event prefix, check that it
1078 * matches, and otherwise just return.
1079 */
1080 if (msft->evt_prefix_len > 0) {
1081 evt_prefix = msft_skb_pull(hdev, skb, 0, msft->evt_prefix_len);
1082 if (!evt_prefix)
1083 return;
1084
1085 if (memcmp(evt_prefix, msft->evt_prefix, msft->evt_prefix_len))
1086 return;
1087 }
1088
1089 /* Every event starts at least with an event code and the rest of
1090 * the data is variable and depends on the event code.
1091 */
1092 if (skb->len < 1)
1093 return;
1094
1095 evt = msft_skb_pull(hdev, skb, 0, sizeof(*evt));
1096 if (!evt)
1097 return;
1098
1099 hci_dev_lock(hdev);
1100
1101 switch (*evt) {
1102 case MSFT_EV_LE_MONITOR_DEVICE:
1103 mutex_lock(&msft->filter_lock);
1104 msft_monitor_device_evt(hdev, skb);
1105 mutex_unlock(&msft->filter_lock);
1106 break;
1107
1108 default:
1109 bt_dev_dbg(hdev, "MSFT vendor event 0x%02x", *evt);
1110 break;
1111 }
1112
1113 hci_dev_unlock(hdev);
1114 }
1115
msft_get_features(struct hci_dev * hdev)1116 __u64 msft_get_features(struct hci_dev *hdev)
1117 {
1118 struct msft_data *msft = hdev->msft_data;
1119
1120 return msft ? msft->features : 0;
1121 }
1122
msft_le_set_advertisement_filter_enable_cb(struct hci_dev * hdev,void * user_data,u8 status)1123 static void msft_le_set_advertisement_filter_enable_cb(struct hci_dev *hdev,
1124 void *user_data,
1125 u8 status)
1126 {
1127 struct msft_cp_le_set_advertisement_filter_enable *cp = user_data;
1128 struct msft_data *msft = hdev->msft_data;
1129
1130 /* Error 0x0C would be returned if the filter enabled status is
1131 * already set to whatever we were trying to set.
1132 * Although the default state should be disabled, some controller set
1133 * the initial value to enabled. Because there is no way to know the
1134 * actual initial value before sending this command, here we also treat
1135 * error 0x0C as success.
1136 */
1137 if (status != 0x00 && status != 0x0C)
1138 return;
1139
1140 hci_dev_lock(hdev);
1141
1142 msft->filter_enabled = cp->enable;
1143
1144 if (status == 0x0C)
1145 bt_dev_warn(hdev, "MSFT filter_enable is already %s",
1146 cp->enable ? "on" : "off");
1147
1148 hci_dev_unlock(hdev);
1149 }
1150
1151 /* This function requires the caller holds hci_req_sync_lock */
msft_add_monitor_pattern(struct hci_dev * hdev,struct adv_monitor * monitor)1152 int msft_add_monitor_pattern(struct hci_dev *hdev, struct adv_monitor *monitor)
1153 {
1154 struct msft_data *msft = hdev->msft_data;
1155
1156 if (!msft)
1157 return -EOPNOTSUPP;
1158
1159 if (msft->resuming || msft->suspending)
1160 return -EBUSY;
1161
1162 return msft_add_monitor_sync(hdev, monitor);
1163 }
1164
1165 /* This function requires the caller holds hci_req_sync_lock */
msft_remove_monitor(struct hci_dev * hdev,struct adv_monitor * monitor)1166 int msft_remove_monitor(struct hci_dev *hdev, struct adv_monitor *monitor)
1167 {
1168 struct msft_data *msft = hdev->msft_data;
1169
1170 if (!msft)
1171 return -EOPNOTSUPP;
1172
1173 if (msft->resuming || msft->suspending)
1174 return -EBUSY;
1175
1176 return msft_remove_monitor_sync(hdev, monitor);
1177 }
1178
msft_set_filter_enable(struct hci_dev * hdev,bool enable)1179 int msft_set_filter_enable(struct hci_dev *hdev, bool enable)
1180 {
1181 struct msft_cp_le_set_advertisement_filter_enable cp;
1182 struct msft_data *msft = hdev->msft_data;
1183 int err;
1184
1185 if (!msft)
1186 return -EOPNOTSUPP;
1187
1188 cp.sub_opcode = MSFT_OP_LE_SET_ADVERTISEMENT_FILTER_ENABLE;
1189 cp.enable = enable;
1190 err = __hci_cmd_sync_status(hdev, hdev->msft_opcode, sizeof(cp), &cp,
1191 HCI_CMD_TIMEOUT);
1192
1193 msft_le_set_advertisement_filter_enable_cb(hdev, &cp, err);
1194
1195 return 0;
1196 }
1197
msft_curve_validity(struct hci_dev * hdev)1198 bool msft_curve_validity(struct hci_dev *hdev)
1199 {
1200 return hdev->msft_curve_validity;
1201 }
1202