2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 9
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
107 static const u16 mgmt_events[] = {
108 MGMT_EV_CONTROLLER_ERROR,
110 MGMT_EV_INDEX_REMOVED,
111 MGMT_EV_NEW_SETTINGS,
112 MGMT_EV_CLASS_OF_DEV_CHANGED,
113 MGMT_EV_LOCAL_NAME_CHANGED,
114 MGMT_EV_NEW_LINK_KEY,
115 MGMT_EV_NEW_LONG_TERM_KEY,
116 MGMT_EV_DEVICE_CONNECTED,
117 MGMT_EV_DEVICE_DISCONNECTED,
118 MGMT_EV_CONNECT_FAILED,
119 MGMT_EV_PIN_CODE_REQUEST,
120 MGMT_EV_USER_CONFIRM_REQUEST,
121 MGMT_EV_USER_PASSKEY_REQUEST,
123 MGMT_EV_DEVICE_FOUND,
125 MGMT_EV_DEVICE_BLOCKED,
126 MGMT_EV_DEVICE_UNBLOCKED,
127 MGMT_EV_DEVICE_UNPAIRED,
128 MGMT_EV_PASSKEY_NOTIFY,
131 MGMT_EV_DEVICE_ADDED,
132 MGMT_EV_DEVICE_REMOVED,
133 MGMT_EV_NEW_CONN_PARAM,
134 MGMT_EV_UNCONF_INDEX_ADDED,
135 MGMT_EV_UNCONF_INDEX_REMOVED,
136 MGMT_EV_NEW_CONFIG_OPTIONS,
137 MGMT_EV_EXT_INDEX_ADDED,
138 MGMT_EV_EXT_INDEX_REMOVED,
139 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
140 MGMT_EV_ADVERTISING_ADDED,
141 MGMT_EV_ADVERTISING_REMOVED,
144 static const u16 mgmt_untrusted_commands[] = {
145 MGMT_OP_READ_INDEX_LIST,
147 MGMT_OP_READ_UNCONF_INDEX_LIST,
148 MGMT_OP_READ_CONFIG_INFO,
149 MGMT_OP_READ_EXT_INDEX_LIST,
152 static const u16 mgmt_untrusted_events[] = {
154 MGMT_EV_INDEX_REMOVED,
155 MGMT_EV_NEW_SETTINGS,
156 MGMT_EV_CLASS_OF_DEV_CHANGED,
157 MGMT_EV_LOCAL_NAME_CHANGED,
158 MGMT_EV_UNCONF_INDEX_ADDED,
159 MGMT_EV_UNCONF_INDEX_REMOVED,
160 MGMT_EV_NEW_CONFIG_OPTIONS,
161 MGMT_EV_EXT_INDEX_ADDED,
162 MGMT_EV_EXT_INDEX_REMOVED,
165 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
167 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
168 "\x00\x00\x00\x00\x00\x00\x00\x00"
170 /* HCI to MGMT error code conversion table */
171 static u8 mgmt_status_table[] = {
173 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
174 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
175 MGMT_STATUS_FAILED, /* Hardware Failure */
176 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
177 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
178 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
179 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
180 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
181 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
183 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
184 MGMT_STATUS_BUSY, /* Command Disallowed */
185 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
186 MGMT_STATUS_REJECTED, /* Rejected Security */
187 MGMT_STATUS_REJECTED, /* Rejected Personal */
188 MGMT_STATUS_TIMEOUT, /* Host Timeout */
189 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
190 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
191 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
192 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
193 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
194 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
195 MGMT_STATUS_BUSY, /* Repeated Attempts */
196 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
197 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
198 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
199 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
200 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
201 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
202 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
203 MGMT_STATUS_FAILED, /* Unspecified Error */
204 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
205 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
206 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
207 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
208 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
209 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
210 MGMT_STATUS_FAILED, /* Unit Link Key Used */
211 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
212 MGMT_STATUS_TIMEOUT, /* Instant Passed */
213 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
214 MGMT_STATUS_FAILED, /* Transaction Collision */
215 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
216 MGMT_STATUS_REJECTED, /* QoS Rejected */
217 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
218 MGMT_STATUS_REJECTED, /* Insufficient Security */
219 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
220 MGMT_STATUS_BUSY, /* Role Switch Pending */
221 MGMT_STATUS_FAILED, /* Slot Violation */
222 MGMT_STATUS_FAILED, /* Role Switch Failed */
223 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
224 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
225 MGMT_STATUS_BUSY, /* Host Busy Pairing */
226 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
227 MGMT_STATUS_BUSY, /* Controller Busy */
228 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
229 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
230 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
231 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
232 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
235 static u8 mgmt_status(u8 hci_status)
237 if (hci_status < ARRAY_SIZE(mgmt_status_table))
238 return mgmt_status_table[hci_status];
240 return MGMT_STATUS_FAILED;
243 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
246 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
250 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag, struct sock *skip_sk)
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, struct sock *skip_sk)
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 HCI_MGMT_GENERIC_EVENTS, skip_sk);
264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
271 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
274 struct mgmt_rp_read_version rp;
276 BT_DBG("sock %p", sk);
278 rp.version = MGMT_VERSION;
279 rp.revision = cpu_to_le16(MGMT_REVISION);
281 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
285 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
288 struct mgmt_rp_read_commands *rp;
289 u16 num_commands, num_events;
293 BT_DBG("sock %p", sk);
295 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
296 num_commands = ARRAY_SIZE(mgmt_commands);
297 num_events = ARRAY_SIZE(mgmt_events);
299 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
300 num_events = ARRAY_SIZE(mgmt_untrusted_events);
303 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
305 rp = kmalloc(rp_size, GFP_KERNEL);
309 rp->num_commands = cpu_to_le16(num_commands);
310 rp->num_events = cpu_to_le16(num_events);
312 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
313 __le16 *opcode = rp->opcodes;
315 for (i = 0; i < num_commands; i++, opcode++)
316 put_unaligned_le16(mgmt_commands[i], opcode);
318 for (i = 0; i < num_events; i++, opcode++)
319 put_unaligned_le16(mgmt_events[i], opcode);
321 __le16 *opcode = rp->opcodes;
323 for (i = 0; i < num_commands; i++, opcode++)
324 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
326 for (i = 0; i < num_events; i++, opcode++)
327 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
330 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
337 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
340 struct mgmt_rp_read_index_list *rp;
346 BT_DBG("sock %p", sk);
348 read_lock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (d->dev_type == HCI_BREDR &&
353 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
357 rp_len = sizeof(*rp) + (2 * count);
358 rp = kmalloc(rp_len, GFP_ATOMIC);
360 read_unlock(&hci_dev_list_lock);
365 list_for_each_entry(d, &hci_dev_list, list) {
366 if (hci_dev_test_flag(d, HCI_SETUP) ||
367 hci_dev_test_flag(d, HCI_CONFIG) ||
368 hci_dev_test_flag(d, HCI_USER_CHANNEL))
371 /* Devices marked as raw-only are neither configured
372 * nor unconfigured controllers.
374 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
377 if (d->dev_type == HCI_BREDR &&
378 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
379 rp->index[count++] = cpu_to_le16(d->id);
380 BT_DBG("Added hci%u", d->id);
384 rp->num_controllers = cpu_to_le16(count);
385 rp_len = sizeof(*rp) + (2 * count);
387 read_unlock(&hci_dev_list_lock);
389 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
397 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
398 void *data, u16 data_len)
400 struct mgmt_rp_read_unconf_index_list *rp;
406 BT_DBG("sock %p", sk);
408 read_lock(&hci_dev_list_lock);
411 list_for_each_entry(d, &hci_dev_list, list) {
412 if (d->dev_type == HCI_BREDR &&
413 hci_dev_test_flag(d, HCI_UNCONFIGURED))
417 rp_len = sizeof(*rp) + (2 * count);
418 rp = kmalloc(rp_len, GFP_ATOMIC);
420 read_unlock(&hci_dev_list_lock);
425 list_for_each_entry(d, &hci_dev_list, list) {
426 if (hci_dev_test_flag(d, HCI_SETUP) ||
427 hci_dev_test_flag(d, HCI_CONFIG) ||
428 hci_dev_test_flag(d, HCI_USER_CHANNEL))
431 /* Devices marked as raw-only are neither configured
432 * nor unconfigured controllers.
434 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
437 if (d->dev_type == HCI_BREDR &&
438 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
439 rp->index[count++] = cpu_to_le16(d->id);
440 BT_DBG("Added hci%u", d->id);
444 rp->num_controllers = cpu_to_le16(count);
445 rp_len = sizeof(*rp) + (2 * count);
447 read_unlock(&hci_dev_list_lock);
449 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
450 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
457 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
458 void *data, u16 data_len)
460 struct mgmt_rp_read_ext_index_list *rp;
466 BT_DBG("sock %p", sk);
468 read_lock(&hci_dev_list_lock);
471 list_for_each_entry(d, &hci_dev_list, list) {
472 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
476 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
477 rp = kmalloc(rp_len, GFP_ATOMIC);
479 read_unlock(&hci_dev_list_lock);
484 list_for_each_entry(d, &hci_dev_list, list) {
485 if (hci_dev_test_flag(d, HCI_SETUP) ||
486 hci_dev_test_flag(d, HCI_CONFIG) ||
487 hci_dev_test_flag(d, HCI_USER_CHANNEL))
490 /* Devices marked as raw-only are neither configured
491 * nor unconfigured controllers.
493 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
496 if (d->dev_type == HCI_BREDR) {
497 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
498 rp->entry[count].type = 0x01;
500 rp->entry[count].type = 0x00;
501 } else if (d->dev_type == HCI_AMP) {
502 rp->entry[count].type = 0x02;
507 rp->entry[count].bus = d->bus;
508 rp->entry[count++].index = cpu_to_le16(d->id);
509 BT_DBG("Added hci%u", d->id);
512 rp->num_controllers = cpu_to_le16(count);
513 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
515 read_unlock(&hci_dev_list_lock);
517 /* If this command is called at least once, then all the
518 * default index and unconfigured index events are disabled
519 * and from now on only extended index events are used.
521 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
522 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
523 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
525 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
526 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
533 static bool is_configured(struct hci_dev *hdev)
535 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
536 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
539 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
540 !bacmp(&hdev->public_addr, BDADDR_ANY))
546 static __le32 get_missing_options(struct hci_dev *hdev)
550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
552 options |= MGMT_OPTION_EXTERNAL_CONFIG;
554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
556 options |= MGMT_OPTION_PUBLIC_ADDRESS;
558 return cpu_to_le32(options);
561 static int new_options(struct hci_dev *hdev, struct sock *skip)
563 __le32 options = get_missing_options(hdev);
565 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
566 sizeof(options), skip);
569 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
571 __le32 options = get_missing_options(hdev);
573 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
577 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
578 void *data, u16 data_len)
580 struct mgmt_rp_read_config_info rp;
583 BT_DBG("sock %p %s", sk, hdev->name);
587 memset(&rp, 0, sizeof(rp));
588 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
590 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
591 options |= MGMT_OPTION_EXTERNAL_CONFIG;
593 if (hdev->set_bdaddr)
594 options |= MGMT_OPTION_PUBLIC_ADDRESS;
596 rp.supported_options = cpu_to_le32(options);
597 rp.missing_options = get_missing_options(hdev);
599 hci_dev_unlock(hdev);
601 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
605 static u32 get_supported_settings(struct hci_dev *hdev)
609 settings |= MGMT_SETTING_POWERED;
610 settings |= MGMT_SETTING_BONDABLE;
611 settings |= MGMT_SETTING_DEBUG_KEYS;
612 settings |= MGMT_SETTING_CONNECTABLE;
613 settings |= MGMT_SETTING_DISCOVERABLE;
615 if (lmp_bredr_capable(hdev)) {
616 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
617 settings |= MGMT_SETTING_FAST_CONNECTABLE;
618 settings |= MGMT_SETTING_BREDR;
619 settings |= MGMT_SETTING_LINK_SECURITY;
621 if (lmp_ssp_capable(hdev)) {
622 settings |= MGMT_SETTING_SSP;
623 settings |= MGMT_SETTING_HS;
626 if (lmp_sc_capable(hdev))
627 settings |= MGMT_SETTING_SECURE_CONN;
630 if (lmp_le_capable(hdev)) {
631 settings |= MGMT_SETTING_LE;
632 settings |= MGMT_SETTING_ADVERTISING;
633 settings |= MGMT_SETTING_SECURE_CONN;
634 settings |= MGMT_SETTING_PRIVACY;
635 settings |= MGMT_SETTING_STATIC_ADDRESS;
638 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
640 settings |= MGMT_SETTING_CONFIGURATION;
645 static u32 get_current_settings(struct hci_dev *hdev)
649 if (hdev_is_powered(hdev))
650 settings |= MGMT_SETTING_POWERED;
652 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
653 settings |= MGMT_SETTING_CONNECTABLE;
655 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
656 settings |= MGMT_SETTING_FAST_CONNECTABLE;
658 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
659 settings |= MGMT_SETTING_DISCOVERABLE;
661 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
662 settings |= MGMT_SETTING_BONDABLE;
664 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
665 settings |= MGMT_SETTING_BREDR;
667 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
668 settings |= MGMT_SETTING_LE;
670 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
671 settings |= MGMT_SETTING_LINK_SECURITY;
673 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
674 settings |= MGMT_SETTING_SSP;
676 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
677 settings |= MGMT_SETTING_HS;
679 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
680 settings |= MGMT_SETTING_ADVERTISING;
682 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
683 settings |= MGMT_SETTING_SECURE_CONN;
685 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
686 settings |= MGMT_SETTING_DEBUG_KEYS;
688 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
689 settings |= MGMT_SETTING_PRIVACY;
691 /* The current setting for static address has two purposes. The
692 * first is to indicate if the static address will be used and
693 * the second is to indicate if it is actually set.
695 * This means if the static address is not configured, this flag
696 * will never be set. If the address is configured, then if the
697 * address is actually used decides if the flag is set or not.
699 * For single mode LE only controllers and dual-mode controllers
700 * with BR/EDR disabled, the existence of the static address will
703 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
704 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
705 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
706 if (bacmp(&hdev->static_addr, BDADDR_ANY))
707 settings |= MGMT_SETTING_STATIC_ADDRESS;
713 #define PNP_INFO_SVCLASS_ID 0x1200
715 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
717 u8 *ptr = data, *uuids_start = NULL;
718 struct bt_uuid *uuid;
723 list_for_each_entry(uuid, &hdev->uuids, list) {
726 if (uuid->size != 16)
729 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
733 if (uuid16 == PNP_INFO_SVCLASS_ID)
739 uuids_start[1] = EIR_UUID16_ALL;
743 /* Stop if not enough space to put next UUID */
744 if ((ptr - data) + sizeof(u16) > len) {
745 uuids_start[1] = EIR_UUID16_SOME;
749 *ptr++ = (uuid16 & 0x00ff);
750 *ptr++ = (uuid16 & 0xff00) >> 8;
751 uuids_start[0] += sizeof(uuid16);
757 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
759 u8 *ptr = data, *uuids_start = NULL;
760 struct bt_uuid *uuid;
765 list_for_each_entry(uuid, &hdev->uuids, list) {
766 if (uuid->size != 32)
772 uuids_start[1] = EIR_UUID32_ALL;
776 /* Stop if not enough space to put next UUID */
777 if ((ptr - data) + sizeof(u32) > len) {
778 uuids_start[1] = EIR_UUID32_SOME;
782 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
784 uuids_start[0] += sizeof(u32);
790 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
792 u8 *ptr = data, *uuids_start = NULL;
793 struct bt_uuid *uuid;
798 list_for_each_entry(uuid, &hdev->uuids, list) {
799 if (uuid->size != 128)
805 uuids_start[1] = EIR_UUID128_ALL;
809 /* Stop if not enough space to put next UUID */
810 if ((ptr - data) + 16 > len) {
811 uuids_start[1] = EIR_UUID128_SOME;
815 memcpy(ptr, uuid->uuid, 16);
817 uuids_start[0] += 16;
823 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
825 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
828 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
829 struct hci_dev *hdev,
832 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
835 static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
840 name_len = strlen(hdev->dev_name);
842 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
844 if (name_len > max_len) {
846 ptr[1] = EIR_NAME_SHORT;
848 ptr[1] = EIR_NAME_COMPLETE;
850 ptr[0] = name_len + 1;
852 memcpy(ptr + 2, hdev->dev_name, name_len);
854 ad_len += (name_len + 2);
855 ptr += (name_len + 2);
861 static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
863 /* TODO: Set the appropriate entries based on advertising instance flags
864 * here once flags other than 0 are supported.
866 memcpy(ptr, hdev->adv_instance.scan_rsp_data,
867 hdev->adv_instance.scan_rsp_len);
869 return hdev->adv_instance.scan_rsp_len;
872 static void update_scan_rsp_data_for_instance(struct hci_request *req,
875 struct hci_dev *hdev = req->hdev;
876 struct hci_cp_le_set_scan_rsp_data cp;
879 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
882 memset(&cp, 0, sizeof(cp));
885 len = create_instance_scan_rsp_data(hdev, cp.data);
887 len = create_default_scan_rsp_data(hdev, cp.data);
889 if (hdev->scan_rsp_data_len == len &&
890 !memcmp(cp.data, hdev->scan_rsp_data, len))
893 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
894 hdev->scan_rsp_data_len = len;
898 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
901 static void update_scan_rsp_data(struct hci_request *req)
903 struct hci_dev *hdev = req->hdev;
906 /* The "Set Advertising" setting supersedes the "Add Advertising"
907 * setting. Here we set the scan response data based on which
908 * setting was set. When neither apply, default to the global settings,
909 * represented by instance "0".
911 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
912 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
917 update_scan_rsp_data_for_instance(req, instance);
920 static u8 get_adv_discov_flags(struct hci_dev *hdev)
922 struct mgmt_pending_cmd *cmd;
924 /* If there's a pending mgmt command the flags will not yet have
925 * their final values, so check for this first.
927 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
929 struct mgmt_mode *cp = cmd->param;
931 return LE_AD_GENERAL;
932 else if (cp->val == 0x02)
933 return LE_AD_LIMITED;
935 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
936 return LE_AD_LIMITED;
937 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
938 return LE_AD_GENERAL;
944 static u8 get_current_adv_instance(struct hci_dev *hdev)
946 /* The "Set Advertising" setting supersedes the "Add Advertising"
947 * setting. Here we set the advertising data based on which
948 * setting was set. When neither apply, default to the global settings,
949 * represented by instance "0".
951 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
952 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
958 static bool get_connectable(struct hci_dev *hdev)
960 struct mgmt_pending_cmd *cmd;
962 /* If there's a pending mgmt command the flag will not yet have
963 * it's final value, so check for this first.
965 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
967 struct mgmt_mode *cp = cmd->param;
972 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
975 static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
982 if (instance == 0x01)
983 return hdev->adv_instance.flags;
985 /* Instance 0 always manages the "Tx Power" and "Flags" fields */
986 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
988 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting corresponds
989 * to the "connectable" instance flag.
991 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
992 flags |= MGMT_ADV_FLAG_CONNECTABLE;
997 static u8 get_adv_instance_scan_rsp_len(struct hci_dev *hdev, u8 instance)
999 /* Ignore instance 0 and other unsupported instances */
1000 if (instance != 0x01)
1003 /* TODO: Take into account the "appearance" and "local-name" flags here.
1004 * These are currently being ignored as they are not supported.
1006 return hdev->adv_instance.scan_rsp_len;
1009 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
1011 u8 ad_len = 0, flags = 0;
1012 u32 instance_flags = get_adv_instance_flags(hdev, instance);
1014 /* The Add Advertising command allows userspace to set both the general
1015 * and limited discoverable flags.
1017 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
1018 flags |= LE_AD_GENERAL;
1020 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
1021 flags |= LE_AD_LIMITED;
1023 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
1024 /* If a discovery flag wasn't provided, simply use the global
1028 flags |= get_adv_discov_flags(hdev);
1030 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1031 flags |= LE_AD_NO_BREDR;
1033 /* If flags would still be empty, then there is no need to
1034 * include the "Flags" AD field".
1046 /* Provide Tx Power only if we can provide a valid value for it */
1047 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
1048 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
1050 ptr[1] = EIR_TX_POWER;
1051 ptr[2] = (u8)hdev->adv_tx_power;
1058 memcpy(ptr, hdev->adv_instance.adv_data,
1059 hdev->adv_instance.adv_data_len);
1060 ad_len += hdev->adv_instance.adv_data_len;
1066 static void update_adv_data_for_instance(struct hci_request *req, u8 instance)
1068 struct hci_dev *hdev = req->hdev;
1069 struct hci_cp_le_set_adv_data cp;
1072 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1075 memset(&cp, 0, sizeof(cp));
1077 len = create_instance_adv_data(hdev, instance, cp.data);
1079 /* There's nothing to do if the data hasn't changed */
1080 if (hdev->adv_data_len == len &&
1081 memcmp(cp.data, hdev->adv_data, len) == 0)
1084 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1085 hdev->adv_data_len = len;
1089 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1092 static void update_adv_data(struct hci_request *req)
1094 struct hci_dev *hdev = req->hdev;
1095 u8 instance = get_current_adv_instance(hdev);
1097 update_adv_data_for_instance(req, instance);
1100 int mgmt_update_adv_data(struct hci_dev *hdev)
1102 struct hci_request req;
1104 hci_req_init(&req, hdev);
1105 update_adv_data(&req);
1107 return hci_req_run(&req, NULL);
1110 static void create_eir(struct hci_dev *hdev, u8 *data)
1115 name_len = strlen(hdev->dev_name);
1119 if (name_len > 48) {
1121 ptr[1] = EIR_NAME_SHORT;
1123 ptr[1] = EIR_NAME_COMPLETE;
1125 /* EIR Data length */
1126 ptr[0] = name_len + 1;
1128 memcpy(ptr + 2, hdev->dev_name, name_len);
1130 ptr += (name_len + 2);
1133 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
1135 ptr[1] = EIR_TX_POWER;
1136 ptr[2] = (u8) hdev->inq_tx_power;
1141 if (hdev->devid_source > 0) {
1143 ptr[1] = EIR_DEVICE_ID;
1145 put_unaligned_le16(hdev->devid_source, ptr + 2);
1146 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1147 put_unaligned_le16(hdev->devid_product, ptr + 6);
1148 put_unaligned_le16(hdev->devid_version, ptr + 8);
1153 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1154 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1155 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1158 static void update_eir(struct hci_request *req)
1160 struct hci_dev *hdev = req->hdev;
1161 struct hci_cp_write_eir cp;
1163 if (!hdev_is_powered(hdev))
1166 if (!lmp_ext_inq_capable(hdev))
1169 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1172 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1175 memset(&cp, 0, sizeof(cp));
1177 create_eir(hdev, cp.data);
1179 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
1182 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1184 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1187 static u8 get_service_classes(struct hci_dev *hdev)
1189 struct bt_uuid *uuid;
1192 list_for_each_entry(uuid, &hdev->uuids, list)
1193 val |= uuid->svc_hint;
1198 static void update_class(struct hci_request *req)
1200 struct hci_dev *hdev = req->hdev;
1203 BT_DBG("%s", hdev->name);
1205 if (!hdev_is_powered(hdev))
1208 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1211 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1214 cod[0] = hdev->minor_class;
1215 cod[1] = hdev->major_class;
1216 cod[2] = get_service_classes(hdev);
1218 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1221 if (memcmp(cod, hdev->dev_class, 3) == 0)
1224 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1227 static void disable_advertising(struct hci_request *req)
1231 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1234 static void enable_advertising(struct hci_request *req)
1236 struct hci_dev *hdev = req->hdev;
1237 struct hci_cp_le_set_adv_param cp;
1238 u8 own_addr_type, enable = 0x01;
1243 if (hci_conn_num(hdev, LE_LINK) > 0)
1246 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1247 disable_advertising(req);
1249 /* Clear the HCI_LE_ADV bit temporarily so that the
1250 * hci_update_random_address knows that it's safe to go ahead
1251 * and write a new random address. The flag will be set back on
1252 * as soon as the SET_ADV_ENABLE HCI command completes.
1254 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1256 instance = get_current_adv_instance(hdev);
1257 flags = get_adv_instance_flags(hdev, instance);
1259 /* If the "connectable" instance flag was not set, then choose between
1260 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1262 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1263 get_connectable(hdev);
1265 /* Set require_privacy to true only when non-connectable
1266 * advertising is used. In that case it is fine to use a
1267 * non-resolvable private address.
1269 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1272 memset(&cp, 0, sizeof(cp));
1273 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1274 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1277 cp.type = LE_ADV_IND;
1278 else if (get_adv_instance_scan_rsp_len(hdev, instance))
1279 cp.type = LE_ADV_SCAN_IND;
1281 cp.type = LE_ADV_NONCONN_IND;
1283 cp.own_address_type = own_addr_type;
1284 cp.channel_map = hdev->le_adv_channel_map;
1286 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1288 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1291 static void service_cache_off(struct work_struct *work)
1293 struct hci_dev *hdev = container_of(work, struct hci_dev,
1294 service_cache.work);
1295 struct hci_request req;
1297 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1300 hci_req_init(&req, hdev);
1307 hci_dev_unlock(hdev);
1309 hci_req_run(&req, NULL);
1312 static void rpa_expired(struct work_struct *work)
1314 struct hci_dev *hdev = container_of(work, struct hci_dev,
1316 struct hci_request req;
1320 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1322 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1325 /* The generation of a new RPA and programming it into the
1326 * controller happens in the enable_advertising() function.
1328 hci_req_init(&req, hdev);
1329 enable_advertising(&req);
1330 hci_req_run(&req, NULL);
1333 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1335 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
1338 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1339 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1341 /* Non-mgmt controlled devices get this bit set
1342 * implicitly so that pairing works for them, however
1343 * for mgmt we require user-space to explicitly enable
1346 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1349 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1350 void *data, u16 data_len)
1352 struct mgmt_rp_read_info rp;
1354 BT_DBG("sock %p %s", sk, hdev->name);
1358 memset(&rp, 0, sizeof(rp));
1360 bacpy(&rp.bdaddr, &hdev->bdaddr);
1362 rp.version = hdev->hci_ver;
1363 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1365 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1366 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1368 memcpy(rp.dev_class, hdev->dev_class, 3);
1370 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1371 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1373 hci_dev_unlock(hdev);
1375 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1379 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1381 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1383 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1387 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1389 BT_DBG("%s status 0x%02x", hdev->name, status);
1391 if (hci_conn_count(hdev) == 0) {
1392 cancel_delayed_work(&hdev->power_off);
1393 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1397 static bool hci_stop_discovery(struct hci_request *req)
1399 struct hci_dev *hdev = req->hdev;
1400 struct hci_cp_remote_name_req_cancel cp;
1401 struct inquiry_entry *e;
1403 switch (hdev->discovery.state) {
1404 case DISCOVERY_FINDING:
1405 if (test_bit(HCI_INQUIRY, &hdev->flags))
1406 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1408 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1409 cancel_delayed_work(&hdev->le_scan_disable);
1410 hci_req_add_le_scan_disable(req);
1415 case DISCOVERY_RESOLVING:
1416 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1421 bacpy(&cp.bdaddr, &e->data.bdaddr);
1422 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1428 /* Passive scanning */
1429 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1430 hci_req_add_le_scan_disable(req);
1440 static void advertising_added(struct sock *sk, struct hci_dev *hdev,
1443 struct mgmt_ev_advertising_added ev;
1445 ev.instance = instance;
1447 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1450 static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
1453 struct mgmt_ev_advertising_removed ev;
1455 ev.instance = instance;
1457 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1460 static void clear_adv_instance(struct hci_dev *hdev)
1462 struct hci_request req;
1464 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1467 if (hdev->adv_instance.timeout)
1468 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
1470 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
1471 advertising_removed(NULL, hdev, 1);
1472 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
1474 if (!hdev_is_powered(hdev) ||
1475 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1478 hci_req_init(&req, hdev);
1479 disable_advertising(&req);
1480 hci_req_run(&req, NULL);
1483 static int clean_up_hci_state(struct hci_dev *hdev)
1485 struct hci_request req;
1486 struct hci_conn *conn;
1487 bool discov_stopped;
1490 hci_req_init(&req, hdev);
1492 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1493 test_bit(HCI_PSCAN, &hdev->flags)) {
1495 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1498 if (hdev->adv_instance.timeout)
1499 clear_adv_instance(hdev);
1501 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1502 disable_advertising(&req);
1504 discov_stopped = hci_stop_discovery(&req);
1506 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1507 struct hci_cp_disconnect dc;
1508 struct hci_cp_reject_conn_req rej;
1510 switch (conn->state) {
1513 dc.handle = cpu_to_le16(conn->handle);
1514 dc.reason = 0x15; /* Terminated due to Power Off */
1515 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1518 if (conn->type == LE_LINK)
1519 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1521 else if (conn->type == ACL_LINK)
1522 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1526 bacpy(&rej.bdaddr, &conn->dst);
1527 rej.reason = 0x15; /* Terminated due to Power Off */
1528 if (conn->type == ACL_LINK)
1529 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1531 else if (conn->type == SCO_LINK)
1532 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1538 err = hci_req_run(&req, clean_up_hci_complete);
1539 if (!err && discov_stopped)
1540 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1545 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1548 struct mgmt_mode *cp = data;
1549 struct mgmt_pending_cmd *cmd;
1552 BT_DBG("request for %s", hdev->name);
1554 if (cp->val != 0x00 && cp->val != 0x01)
1555 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1556 MGMT_STATUS_INVALID_PARAMS);
1560 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1561 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1566 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
1567 cancel_delayed_work(&hdev->power_off);
1570 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1572 err = mgmt_powered(hdev, 1);
1577 if (!!cp->val == hdev_is_powered(hdev)) {
1578 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1582 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1589 queue_work(hdev->req_workqueue, &hdev->power_on);
1592 /* Disconnect connections, stop scans, etc */
1593 err = clean_up_hci_state(hdev);
1595 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1596 HCI_POWER_OFF_TIMEOUT);
1598 /* ENODATA means there were no HCI commands queued */
1599 if (err == -ENODATA) {
1600 cancel_delayed_work(&hdev->power_off);
1601 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1607 hci_dev_unlock(hdev);
1611 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1613 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1615 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1619 int mgmt_new_settings(struct hci_dev *hdev)
1621 return new_settings(hdev, NULL);
1626 struct hci_dev *hdev;
1630 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1632 struct cmd_lookup *match = data;
1634 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1636 list_del(&cmd->list);
1638 if (match->sk == NULL) {
1639 match->sk = cmd->sk;
1640 sock_hold(match->sk);
1643 mgmt_pending_free(cmd);
1646 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1650 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1651 mgmt_pending_remove(cmd);
1654 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1656 if (cmd->cmd_complete) {
1659 cmd->cmd_complete(cmd, *status);
1660 mgmt_pending_remove(cmd);
1665 cmd_status_rsp(cmd, data);
1668 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1670 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1671 cmd->param, cmd->param_len);
1674 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1676 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1677 cmd->param, sizeof(struct mgmt_addr_info));
1680 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1682 if (!lmp_bredr_capable(hdev))
1683 return MGMT_STATUS_NOT_SUPPORTED;
1684 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1685 return MGMT_STATUS_REJECTED;
1687 return MGMT_STATUS_SUCCESS;
1690 static u8 mgmt_le_support(struct hci_dev *hdev)
1692 if (!lmp_le_capable(hdev))
1693 return MGMT_STATUS_NOT_SUPPORTED;
1694 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1695 return MGMT_STATUS_REJECTED;
1697 return MGMT_STATUS_SUCCESS;
1700 static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1703 struct mgmt_pending_cmd *cmd;
1704 struct mgmt_mode *cp;
1705 struct hci_request req;
1708 BT_DBG("status 0x%02x", status);
1712 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1717 u8 mgmt_err = mgmt_status(status);
1718 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1719 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1725 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
1727 if (hdev->discov_timeout > 0) {
1728 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1729 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1733 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
1736 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1739 new_settings(hdev, cmd->sk);
1741 /* When the discoverable mode gets changed, make sure
1742 * that class of device has the limited discoverable
1743 * bit correctly set. Also update page scan based on whitelist
1746 hci_req_init(&req, hdev);
1747 __hci_update_page_scan(&req);
1749 hci_req_run(&req, NULL);
1752 mgmt_pending_remove(cmd);
1755 hci_dev_unlock(hdev);
1758 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1761 struct mgmt_cp_set_discoverable *cp = data;
1762 struct mgmt_pending_cmd *cmd;
1763 struct hci_request req;
1768 BT_DBG("request for %s", hdev->name);
1770 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1771 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1772 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1773 MGMT_STATUS_REJECTED);
1775 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1777 MGMT_STATUS_INVALID_PARAMS);
1779 timeout = __le16_to_cpu(cp->timeout);
1781 /* Disabling discoverable requires that no timeout is set,
1782 * and enabling limited discoverable requires a timeout.
1784 if ((cp->val == 0x00 && timeout > 0) ||
1785 (cp->val == 0x02 && timeout == 0))
1786 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1787 MGMT_STATUS_INVALID_PARAMS);
1791 if (!hdev_is_powered(hdev) && timeout > 0) {
1792 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1793 MGMT_STATUS_NOT_POWERED);
1797 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1798 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1799 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1804 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1805 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1806 MGMT_STATUS_REJECTED);
1810 if (!hdev_is_powered(hdev)) {
1811 bool changed = false;
1813 /* Setting limited discoverable when powered off is
1814 * not a valid operation since it requires a timeout
1815 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1817 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1818 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1822 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1827 err = new_settings(hdev, sk);
1832 /* If the current mode is the same, then just update the timeout
1833 * value with the new value. And if only the timeout gets updated,
1834 * then no need for any HCI transactions.
1836 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1837 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1838 HCI_LIMITED_DISCOVERABLE)) {
1839 cancel_delayed_work(&hdev->discov_off);
1840 hdev->discov_timeout = timeout;
1842 if (cp->val && hdev->discov_timeout > 0) {
1843 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1844 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1848 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1852 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1858 /* Cancel any potential discoverable timeout that might be
1859 * still active and store new timeout value. The arming of
1860 * the timeout happens in the complete handler.
1862 cancel_delayed_work(&hdev->discov_off);
1863 hdev->discov_timeout = timeout;
1865 /* Limited discoverable mode */
1866 if (cp->val == 0x02)
1867 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1869 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1871 hci_req_init(&req, hdev);
1873 /* The procedure for LE-only controllers is much simpler - just
1874 * update the advertising data.
1876 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1882 struct hci_cp_write_current_iac_lap hci_cp;
1884 if (cp->val == 0x02) {
1885 /* Limited discoverable mode */
1886 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1887 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1888 hci_cp.iac_lap[1] = 0x8b;
1889 hci_cp.iac_lap[2] = 0x9e;
1890 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1891 hci_cp.iac_lap[4] = 0x8b;
1892 hci_cp.iac_lap[5] = 0x9e;
1894 /* General discoverable mode */
1896 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1897 hci_cp.iac_lap[1] = 0x8b;
1898 hci_cp.iac_lap[2] = 0x9e;
1901 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1902 (hci_cp.num_iac * 3) + 1, &hci_cp);
1904 scan |= SCAN_INQUIRY;
1906 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1909 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1912 update_adv_data(&req);
1914 err = hci_req_run(&req, set_discoverable_complete);
1916 mgmt_pending_remove(cmd);
1919 hci_dev_unlock(hdev);
1923 static void write_fast_connectable(struct hci_request *req, bool enable)
1925 struct hci_dev *hdev = req->hdev;
1926 struct hci_cp_write_page_scan_activity acp;
1929 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1932 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1936 type = PAGE_SCAN_TYPE_INTERLACED;
1938 /* 160 msec page scan interval */
1939 acp.interval = cpu_to_le16(0x0100);
1941 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1943 /* default 1.28 sec page scan */
1944 acp.interval = cpu_to_le16(0x0800);
1947 acp.window = cpu_to_le16(0x0012);
1949 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1950 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1951 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1954 if (hdev->page_scan_type != type)
1955 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1958 static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1961 struct mgmt_pending_cmd *cmd;
1962 struct mgmt_mode *cp;
1963 bool conn_changed, discov_changed;
1965 BT_DBG("status 0x%02x", status);
1969 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1974 u8 mgmt_err = mgmt_status(status);
1975 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1981 conn_changed = !hci_dev_test_and_set_flag(hdev,
1983 discov_changed = false;
1985 conn_changed = hci_dev_test_and_clear_flag(hdev,
1987 discov_changed = hci_dev_test_and_clear_flag(hdev,
1991 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1993 if (conn_changed || discov_changed) {
1994 new_settings(hdev, cmd->sk);
1995 hci_update_page_scan(hdev);
1997 mgmt_update_adv_data(hdev);
1998 hci_update_background_scan(hdev);
2002 mgmt_pending_remove(cmd);
2005 hci_dev_unlock(hdev);
2008 static int set_connectable_update_settings(struct hci_dev *hdev,
2009 struct sock *sk, u8 val)
2011 bool changed = false;
2014 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
2018 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
2020 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
2021 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2024 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
2029 hci_update_page_scan(hdev);
2030 hci_update_background_scan(hdev);
2031 return new_settings(hdev, sk);
2037 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
2040 struct mgmt_mode *cp = data;
2041 struct mgmt_pending_cmd *cmd;
2042 struct hci_request req;
2046 BT_DBG("request for %s", hdev->name);
2048 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2049 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2050 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2051 MGMT_STATUS_REJECTED);
2053 if (cp->val != 0x00 && cp->val != 0x01)
2054 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2055 MGMT_STATUS_INVALID_PARAMS);
2059 if (!hdev_is_powered(hdev)) {
2060 err = set_connectable_update_settings(hdev, sk, cp->val);
2064 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
2065 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
2066 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2071 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
2077 hci_req_init(&req, hdev);
2079 /* If BR/EDR is not enabled and we disable advertising as a
2080 * by-product of disabling connectable, we need to update the
2081 * advertising flags.
2083 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2085 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2086 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2088 update_adv_data(&req);
2089 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
2093 /* If we don't have any whitelist entries just
2094 * disable all scanning. If there are entries
2095 * and we had both page and inquiry scanning
2096 * enabled then fall back to only page scanning.
2097 * Otherwise no changes are needed.
2099 if (list_empty(&hdev->whitelist))
2100 scan = SCAN_DISABLED;
2101 else if (test_bit(HCI_ISCAN, &hdev->flags))
2104 goto no_scan_update;
2106 if (test_bit(HCI_ISCAN, &hdev->flags) &&
2107 hdev->discov_timeout > 0)
2108 cancel_delayed_work(&hdev->discov_off);
2111 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2115 /* Update the advertising parameters if necessary */
2116 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2117 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
2118 enable_advertising(&req);
2120 err = hci_req_run(&req, set_connectable_complete);
2122 mgmt_pending_remove(cmd);
2123 if (err == -ENODATA)
2124 err = set_connectable_update_settings(hdev, sk,
2130 hci_dev_unlock(hdev);
2134 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
2137 struct mgmt_mode *cp = data;
2141 BT_DBG("request for %s", hdev->name);
2143 if (cp->val != 0x00 && cp->val != 0x01)
2144 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2145 MGMT_STATUS_INVALID_PARAMS);
2150 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
2152 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
2154 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
2159 err = new_settings(hdev, sk);
2162 hci_dev_unlock(hdev);
2166 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2169 struct mgmt_mode *cp = data;
2170 struct mgmt_pending_cmd *cmd;
2174 BT_DBG("request for %s", hdev->name);
2176 status = mgmt_bredr_support(hdev);
2178 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2181 if (cp->val != 0x00 && cp->val != 0x01)
2182 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2183 MGMT_STATUS_INVALID_PARAMS);
2187 if (!hdev_is_powered(hdev)) {
2188 bool changed = false;
2190 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
2191 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
2195 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2200 err = new_settings(hdev, sk);
2205 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2206 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2213 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2214 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2218 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2224 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2226 mgmt_pending_remove(cmd);
2231 hci_dev_unlock(hdev);
2235 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2237 struct mgmt_mode *cp = data;
2238 struct mgmt_pending_cmd *cmd;
2242 BT_DBG("request for %s", hdev->name);
2244 status = mgmt_bredr_support(hdev);
2246 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2248 if (!lmp_ssp_capable(hdev))
2249 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2250 MGMT_STATUS_NOT_SUPPORTED);
2252 if (cp->val != 0x00 && cp->val != 0x01)
2253 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2254 MGMT_STATUS_INVALID_PARAMS);
2258 if (!hdev_is_powered(hdev)) {
2262 changed = !hci_dev_test_and_set_flag(hdev,
2265 changed = hci_dev_test_and_clear_flag(hdev,
2268 changed = hci_dev_test_and_clear_flag(hdev,
2271 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
2274 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2279 err = new_settings(hdev, sk);
2284 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2285 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2290 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2291 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2295 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2301 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
2302 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2303 sizeof(cp->val), &cp->val);
2305 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2307 mgmt_pending_remove(cmd);
2312 hci_dev_unlock(hdev);
2316 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2318 struct mgmt_mode *cp = data;
2323 BT_DBG("request for %s", hdev->name);
2325 status = mgmt_bredr_support(hdev);
2327 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2329 if (!lmp_ssp_capable(hdev))
2330 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2331 MGMT_STATUS_NOT_SUPPORTED);
2333 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
2334 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2335 MGMT_STATUS_REJECTED);
2337 if (cp->val != 0x00 && cp->val != 0x01)
2338 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2339 MGMT_STATUS_INVALID_PARAMS);
2343 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2344 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2350 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2352 if (hdev_is_powered(hdev)) {
2353 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2354 MGMT_STATUS_REJECTED);
2358 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2361 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2366 err = new_settings(hdev, sk);
2369 hci_dev_unlock(hdev);
2373 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2375 struct cmd_lookup match = { NULL, hdev };
2380 u8 mgmt_err = mgmt_status(status);
2382 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2387 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2389 new_settings(hdev, match.sk);
2394 /* Make sure the controller has a good default for
2395 * advertising data. Restrict the update to when LE
2396 * has actually been enabled. During power on, the
2397 * update in powered_update_hci will take care of it.
2399 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2400 struct hci_request req;
2402 hci_req_init(&req, hdev);
2403 update_adv_data(&req);
2404 update_scan_rsp_data(&req);
2405 __hci_update_background_scan(&req);
2406 hci_req_run(&req, NULL);
2410 hci_dev_unlock(hdev);
2413 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2415 struct mgmt_mode *cp = data;
2416 struct hci_cp_write_le_host_supported hci_cp;
2417 struct mgmt_pending_cmd *cmd;
2418 struct hci_request req;
2422 BT_DBG("request for %s", hdev->name);
2424 if (!lmp_le_capable(hdev))
2425 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2426 MGMT_STATUS_NOT_SUPPORTED);
2428 if (cp->val != 0x00 && cp->val != 0x01)
2429 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2430 MGMT_STATUS_INVALID_PARAMS);
2432 /* Bluetooth single mode LE only controllers or dual-mode
2433 * controllers configured as LE only devices, do not allow
2434 * switching LE off. These have either LE enabled explicitly
2435 * or BR/EDR has been previously switched off.
2437 * When trying to enable an already enabled LE, then gracefully
2438 * send a positive response. Trying to disable it however will
2439 * result into rejection.
2441 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2442 if (cp->val == 0x01)
2443 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2445 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2446 MGMT_STATUS_REJECTED);
2452 enabled = lmp_host_le_capable(hdev);
2454 if (!hdev_is_powered(hdev) || val == enabled) {
2455 bool changed = false;
2457 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2458 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2462 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2463 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2467 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2472 err = new_settings(hdev, sk);
2477 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2478 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2479 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2484 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2490 hci_req_init(&req, hdev);
2492 memset(&hci_cp, 0, sizeof(hci_cp));
2496 hci_cp.simul = 0x00;
2498 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2499 disable_advertising(&req);
2502 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2505 err = hci_req_run(&req, le_enable_complete);
2507 mgmt_pending_remove(cmd);
2510 hci_dev_unlock(hdev);
2514 /* This is a helper function to test for pending mgmt commands that can
2515 * cause CoD or EIR HCI commands. We can only allow one such pending
2516 * mgmt command at a time since otherwise we cannot easily track what
2517 * the current values are, will be, and based on that calculate if a new
2518 * HCI command needs to be sent and if yes with what value.
2520 static bool pending_eir_or_class(struct hci_dev *hdev)
2522 struct mgmt_pending_cmd *cmd;
2524 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2525 switch (cmd->opcode) {
2526 case MGMT_OP_ADD_UUID:
2527 case MGMT_OP_REMOVE_UUID:
2528 case MGMT_OP_SET_DEV_CLASS:
2529 case MGMT_OP_SET_POWERED:
2537 static const u8 bluetooth_base_uuid[] = {
2538 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2539 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2542 static u8 get_uuid_size(const u8 *uuid)
2546 if (memcmp(uuid, bluetooth_base_uuid, 12))
2549 val = get_unaligned_le32(&uuid[12]);
2556 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2558 struct mgmt_pending_cmd *cmd;
2562 cmd = pending_find(mgmt_op, hdev);
2566 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2567 mgmt_status(status), hdev->dev_class, 3);
2569 mgmt_pending_remove(cmd);
2572 hci_dev_unlock(hdev);
2575 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2577 BT_DBG("status 0x%02x", status);
2579 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2582 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2584 struct mgmt_cp_add_uuid *cp = data;
2585 struct mgmt_pending_cmd *cmd;
2586 struct hci_request req;
2587 struct bt_uuid *uuid;
2590 BT_DBG("request for %s", hdev->name);
2594 if (pending_eir_or_class(hdev)) {
2595 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2600 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2606 memcpy(uuid->uuid, cp->uuid, 16);
2607 uuid->svc_hint = cp->svc_hint;
2608 uuid->size = get_uuid_size(cp->uuid);
2610 list_add_tail(&uuid->list, &hdev->uuids);
2612 hci_req_init(&req, hdev);
2617 err = hci_req_run(&req, add_uuid_complete);
2619 if (err != -ENODATA)
2622 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2623 hdev->dev_class, 3);
2627 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2636 hci_dev_unlock(hdev);
2640 static bool enable_service_cache(struct hci_dev *hdev)
2642 if (!hdev_is_powered(hdev))
2645 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2646 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2654 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2656 BT_DBG("status 0x%02x", status);
2658 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2661 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2664 struct mgmt_cp_remove_uuid *cp = data;
2665 struct mgmt_pending_cmd *cmd;
2666 struct bt_uuid *match, *tmp;
2667 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2668 struct hci_request req;
2671 BT_DBG("request for %s", hdev->name);
2675 if (pending_eir_or_class(hdev)) {
2676 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2681 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2682 hci_uuids_clear(hdev);
2684 if (enable_service_cache(hdev)) {
2685 err = mgmt_cmd_complete(sk, hdev->id,
2686 MGMT_OP_REMOVE_UUID,
2687 0, hdev->dev_class, 3);
2696 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2697 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2700 list_del(&match->list);
2706 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2707 MGMT_STATUS_INVALID_PARAMS);
2712 hci_req_init(&req, hdev);
2717 err = hci_req_run(&req, remove_uuid_complete);
2719 if (err != -ENODATA)
2722 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2723 hdev->dev_class, 3);
2727 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2736 hci_dev_unlock(hdev);
2740 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2742 BT_DBG("status 0x%02x", status);
2744 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2747 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2750 struct mgmt_cp_set_dev_class *cp = data;
2751 struct mgmt_pending_cmd *cmd;
2752 struct hci_request req;
2755 BT_DBG("request for %s", hdev->name);
2757 if (!lmp_bredr_capable(hdev))
2758 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2759 MGMT_STATUS_NOT_SUPPORTED);
2763 if (pending_eir_or_class(hdev)) {
2764 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2769 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2770 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2771 MGMT_STATUS_INVALID_PARAMS);
2775 hdev->major_class = cp->major;
2776 hdev->minor_class = cp->minor;
2778 if (!hdev_is_powered(hdev)) {
2779 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2780 hdev->dev_class, 3);
2784 hci_req_init(&req, hdev);
2786 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2787 hci_dev_unlock(hdev);
2788 cancel_delayed_work_sync(&hdev->service_cache);
2795 err = hci_req_run(&req, set_class_complete);
2797 if (err != -ENODATA)
2800 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2801 hdev->dev_class, 3);
2805 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2814 hci_dev_unlock(hdev);
2818 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2821 struct mgmt_cp_load_link_keys *cp = data;
2822 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2823 sizeof(struct mgmt_link_key_info));
2824 u16 key_count, expected_len;
2828 BT_DBG("request for %s", hdev->name);
2830 if (!lmp_bredr_capable(hdev))
2831 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2832 MGMT_STATUS_NOT_SUPPORTED);
2834 key_count = __le16_to_cpu(cp->key_count);
2835 if (key_count > max_key_count) {
2836 BT_ERR("load_link_keys: too big key_count value %u",
2838 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2839 MGMT_STATUS_INVALID_PARAMS);
2842 expected_len = sizeof(*cp) + key_count *
2843 sizeof(struct mgmt_link_key_info);
2844 if (expected_len != len) {
2845 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2847 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2848 MGMT_STATUS_INVALID_PARAMS);
2851 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2852 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2853 MGMT_STATUS_INVALID_PARAMS);
2855 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2858 for (i = 0; i < key_count; i++) {
2859 struct mgmt_link_key_info *key = &cp->keys[i];
2861 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2862 return mgmt_cmd_status(sk, hdev->id,
2863 MGMT_OP_LOAD_LINK_KEYS,
2864 MGMT_STATUS_INVALID_PARAMS);
2869 hci_link_keys_clear(hdev);
2872 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2874 changed = hci_dev_test_and_clear_flag(hdev,
2875 HCI_KEEP_DEBUG_KEYS);
2878 new_settings(hdev, NULL);
2880 for (i = 0; i < key_count; i++) {
2881 struct mgmt_link_key_info *key = &cp->keys[i];
2883 /* Always ignore debug keys and require a new pairing if
2884 * the user wants to use them.
2886 if (key->type == HCI_LK_DEBUG_COMBINATION)
2889 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2890 key->type, key->pin_len, NULL);
2893 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2895 hci_dev_unlock(hdev);
2900 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2901 u8 addr_type, struct sock *skip_sk)
2903 struct mgmt_ev_device_unpaired ev;
2905 bacpy(&ev.addr.bdaddr, bdaddr);
2906 ev.addr.type = addr_type;
2908 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2912 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2915 struct mgmt_cp_unpair_device *cp = data;
2916 struct mgmt_rp_unpair_device rp;
2917 struct hci_cp_disconnect dc;
2918 struct mgmt_pending_cmd *cmd;
2919 struct hci_conn *conn;
2922 memset(&rp, 0, sizeof(rp));
2923 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2924 rp.addr.type = cp->addr.type;
2926 if (!bdaddr_type_is_valid(cp->addr.type))
2927 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2928 MGMT_STATUS_INVALID_PARAMS,
2931 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2932 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2933 MGMT_STATUS_INVALID_PARAMS,
2938 if (!hdev_is_powered(hdev)) {
2939 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2940 MGMT_STATUS_NOT_POWERED, &rp,
2945 if (cp->addr.type == BDADDR_BREDR) {
2946 /* If disconnection is requested, then look up the
2947 * connection. If the remote device is connected, it
2948 * will be later used to terminate the link.
2950 * Setting it to NULL explicitly will cause no
2951 * termination of the link.
2954 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2959 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2963 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2966 /* Defer clearing up the connection parameters
2967 * until closing to give a chance of keeping
2968 * them if a repairing happens.
2970 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2972 /* If disconnection is not requested, then
2973 * clear the connection variable so that the
2974 * link is not terminated.
2976 if (!cp->disconnect)
2980 if (cp->addr.type == BDADDR_LE_PUBLIC)
2981 addr_type = ADDR_LE_DEV_PUBLIC;
2983 addr_type = ADDR_LE_DEV_RANDOM;
2985 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2987 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2991 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2992 MGMT_STATUS_NOT_PAIRED, &rp,
2997 /* If the connection variable is set, then termination of the
2998 * link is requested.
3001 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3003 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
3007 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
3014 cmd->cmd_complete = addr_cmd_complete;
3016 dc.handle = cpu_to_le16(conn->handle);
3017 dc.reason = 0x13; /* Remote User Terminated Connection */
3018 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
3020 mgmt_pending_remove(cmd);
3023 hci_dev_unlock(hdev);
3027 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
3030 struct mgmt_cp_disconnect *cp = data;
3031 struct mgmt_rp_disconnect rp;
3032 struct mgmt_pending_cmd *cmd;
3033 struct hci_conn *conn;
3038 memset(&rp, 0, sizeof(rp));
3039 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3040 rp.addr.type = cp->addr.type;
3042 if (!bdaddr_type_is_valid(cp->addr.type))
3043 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3044 MGMT_STATUS_INVALID_PARAMS,
3049 if (!test_bit(HCI_UP, &hdev->flags)) {
3050 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3051 MGMT_STATUS_NOT_POWERED, &rp,
3056 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
3057 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3058 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3062 if (cp->addr.type == BDADDR_BREDR)
3063 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3066 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
3068 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
3069 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3070 MGMT_STATUS_NOT_CONNECTED, &rp,
3075 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
3081 cmd->cmd_complete = generic_cmd_complete;
3083 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3085 mgmt_pending_remove(cmd);
3088 hci_dev_unlock(hdev);
3092 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3094 switch (link_type) {
3096 switch (addr_type) {
3097 case ADDR_LE_DEV_PUBLIC:
3098 return BDADDR_LE_PUBLIC;
3101 /* Fallback to LE Random address type */
3102 return BDADDR_LE_RANDOM;
3106 /* Fallback to BR/EDR type */
3107 return BDADDR_BREDR;
3111 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3114 struct mgmt_rp_get_connections *rp;
3124 if (!hdev_is_powered(hdev)) {
3125 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3126 MGMT_STATUS_NOT_POWERED);
3131 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3132 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3136 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3137 rp = kmalloc(rp_len, GFP_KERNEL);
3144 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3145 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3147 bacpy(&rp->addr[i].bdaddr, &c->dst);
3148 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3149 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3154 rp->conn_count = cpu_to_le16(i);
3156 /* Recalculate length in case of filtered SCO connections, etc */
3157 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3159 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3165 hci_dev_unlock(hdev);
3169 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3170 struct mgmt_cp_pin_code_neg_reply *cp)
3172 struct mgmt_pending_cmd *cmd;
3175 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3180 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3181 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3183 mgmt_pending_remove(cmd);
3188 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3191 struct hci_conn *conn;
3192 struct mgmt_cp_pin_code_reply *cp = data;
3193 struct hci_cp_pin_code_reply reply;
3194 struct mgmt_pending_cmd *cmd;
3201 if (!hdev_is_powered(hdev)) {
3202 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3203 MGMT_STATUS_NOT_POWERED);
3207 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3209 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3210 MGMT_STATUS_NOT_CONNECTED);
3214 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3215 struct mgmt_cp_pin_code_neg_reply ncp;
3217 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3219 BT_ERR("PIN code is not 16 bytes long");
3221 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3223 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3224 MGMT_STATUS_INVALID_PARAMS);
3229 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3235 cmd->cmd_complete = addr_cmd_complete;
3237 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3238 reply.pin_len = cp->pin_len;
3239 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3241 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3243 mgmt_pending_remove(cmd);
3246 hci_dev_unlock(hdev);
3250 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3253 struct mgmt_cp_set_io_capability *cp = data;
3257 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3258 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3259 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3263 hdev->io_capability = cp->io_capability;
3265 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3266 hdev->io_capability);
3268 hci_dev_unlock(hdev);
3270 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3274 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
3276 struct hci_dev *hdev = conn->hdev;
3277 struct mgmt_pending_cmd *cmd;
3279 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3280 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3283 if (cmd->user_data != conn)
3292 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
3294 struct mgmt_rp_pair_device rp;
3295 struct hci_conn *conn = cmd->user_data;
3298 bacpy(&rp.addr.bdaddr, &conn->dst);
3299 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3301 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3302 status, &rp, sizeof(rp));
3304 /* So we don't get further callbacks for this connection */
3305 conn->connect_cfm_cb = NULL;
3306 conn->security_cfm_cb = NULL;
3307 conn->disconn_cfm_cb = NULL;
3309 hci_conn_drop(conn);
3311 /* The device is paired so there is no need to remove
3312 * its connection parameters anymore.
3314 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3321 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3323 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3324 struct mgmt_pending_cmd *cmd;
3326 cmd = find_pairing(conn);
3328 cmd->cmd_complete(cmd, status);
3329 mgmt_pending_remove(cmd);
3333 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3335 struct mgmt_pending_cmd *cmd;
3337 BT_DBG("status %u", status);
3339 cmd = find_pairing(conn);
3341 BT_DBG("Unable to find a pending command");
3345 cmd->cmd_complete(cmd, mgmt_status(status));
3346 mgmt_pending_remove(cmd);
3349 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3351 struct mgmt_pending_cmd *cmd;
3353 BT_DBG("status %u", status);
3358 cmd = find_pairing(conn);
3360 BT_DBG("Unable to find a pending command");
3364 cmd->cmd_complete(cmd, mgmt_status(status));
3365 mgmt_pending_remove(cmd);
3368 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3371 struct mgmt_cp_pair_device *cp = data;
3372 struct mgmt_rp_pair_device rp;
3373 struct mgmt_pending_cmd *cmd;
3374 u8 sec_level, auth_type;
3375 struct hci_conn *conn;
3380 memset(&rp, 0, sizeof(rp));
3381 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3382 rp.addr.type = cp->addr.type;
3384 if (!bdaddr_type_is_valid(cp->addr.type))
3385 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3386 MGMT_STATUS_INVALID_PARAMS,
3389 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3390 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3391 MGMT_STATUS_INVALID_PARAMS,
3396 if (!hdev_is_powered(hdev)) {
3397 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3398 MGMT_STATUS_NOT_POWERED, &rp,
3403 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3404 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3405 MGMT_STATUS_ALREADY_PAIRED, &rp,
3410 sec_level = BT_SECURITY_MEDIUM;
3411 auth_type = HCI_AT_DEDICATED_BONDING;
3413 if (cp->addr.type == BDADDR_BREDR) {
3414 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3419 /* Convert from L2CAP channel address type to HCI address type
3421 if (cp->addr.type == BDADDR_LE_PUBLIC)
3422 addr_type = ADDR_LE_DEV_PUBLIC;
3424 addr_type = ADDR_LE_DEV_RANDOM;
3426 /* When pairing a new device, it is expected to remember
3427 * this device for future connections. Adding the connection
3428 * parameter information ahead of time allows tracking
3429 * of the slave preferred values and will speed up any
3430 * further connection establishment.
3432 * If connection parameters already exist, then they
3433 * will be kept and this function does nothing.
3435 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3437 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3438 sec_level, HCI_LE_CONN_TIMEOUT,
3445 if (PTR_ERR(conn) == -EBUSY)
3446 status = MGMT_STATUS_BUSY;
3447 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3448 status = MGMT_STATUS_NOT_SUPPORTED;
3449 else if (PTR_ERR(conn) == -ECONNREFUSED)
3450 status = MGMT_STATUS_REJECTED;
3452 status = MGMT_STATUS_CONNECT_FAILED;
3454 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3455 status, &rp, sizeof(rp));
3459 if (conn->connect_cfm_cb) {
3460 hci_conn_drop(conn);
3461 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3462 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3466 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3469 hci_conn_drop(conn);
3473 cmd->cmd_complete = pairing_complete;
3475 /* For LE, just connecting isn't a proof that the pairing finished */
3476 if (cp->addr.type == BDADDR_BREDR) {
3477 conn->connect_cfm_cb = pairing_complete_cb;
3478 conn->security_cfm_cb = pairing_complete_cb;
3479 conn->disconn_cfm_cb = pairing_complete_cb;
3481 conn->connect_cfm_cb = le_pairing_complete_cb;
3482 conn->security_cfm_cb = le_pairing_complete_cb;
3483 conn->disconn_cfm_cb = le_pairing_complete_cb;
3486 conn->io_capability = cp->io_cap;
3487 cmd->user_data = hci_conn_get(conn);
3489 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3490 hci_conn_security(conn, sec_level, auth_type, true)) {
3491 cmd->cmd_complete(cmd, 0);
3492 mgmt_pending_remove(cmd);
3498 hci_dev_unlock(hdev);
3502 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3505 struct mgmt_addr_info *addr = data;
3506 struct mgmt_pending_cmd *cmd;
3507 struct hci_conn *conn;
3514 if (!hdev_is_powered(hdev)) {
3515 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3516 MGMT_STATUS_NOT_POWERED);
3520 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3522 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3523 MGMT_STATUS_INVALID_PARAMS);
3527 conn = cmd->user_data;
3529 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3530 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3531 MGMT_STATUS_INVALID_PARAMS);
3535 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3536 mgmt_pending_remove(cmd);
3538 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3539 addr, sizeof(*addr));
3541 hci_dev_unlock(hdev);
3545 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3546 struct mgmt_addr_info *addr, u16 mgmt_op,
3547 u16 hci_op, __le32 passkey)
3549 struct mgmt_pending_cmd *cmd;
3550 struct hci_conn *conn;
3555 if (!hdev_is_powered(hdev)) {
3556 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3557 MGMT_STATUS_NOT_POWERED, addr,
3562 if (addr->type == BDADDR_BREDR)
3563 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3565 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3568 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3569 MGMT_STATUS_NOT_CONNECTED, addr,
3574 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3575 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3577 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3578 MGMT_STATUS_SUCCESS, addr,
3581 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3582 MGMT_STATUS_FAILED, addr,
3588 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3594 cmd->cmd_complete = addr_cmd_complete;
3596 /* Continue with pairing via HCI */
3597 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3598 struct hci_cp_user_passkey_reply cp;
3600 bacpy(&cp.bdaddr, &addr->bdaddr);
3601 cp.passkey = passkey;
3602 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3604 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3608 mgmt_pending_remove(cmd);
3611 hci_dev_unlock(hdev);
3615 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3616 void *data, u16 len)
3618 struct mgmt_cp_pin_code_neg_reply *cp = data;
3622 return user_pairing_resp(sk, hdev, &cp->addr,
3623 MGMT_OP_PIN_CODE_NEG_REPLY,
3624 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3627 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3630 struct mgmt_cp_user_confirm_reply *cp = data;
3634 if (len != sizeof(*cp))
3635 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3636 MGMT_STATUS_INVALID_PARAMS);
3638 return user_pairing_resp(sk, hdev, &cp->addr,
3639 MGMT_OP_USER_CONFIRM_REPLY,
3640 HCI_OP_USER_CONFIRM_REPLY, 0);
3643 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3644 void *data, u16 len)
3646 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3650 return user_pairing_resp(sk, hdev, &cp->addr,
3651 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3652 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3655 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3658 struct mgmt_cp_user_passkey_reply *cp = data;
3662 return user_pairing_resp(sk, hdev, &cp->addr,
3663 MGMT_OP_USER_PASSKEY_REPLY,
3664 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3667 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3668 void *data, u16 len)
3670 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3674 return user_pairing_resp(sk, hdev, &cp->addr,
3675 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3676 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3679 static void update_name(struct hci_request *req)
3681 struct hci_dev *hdev = req->hdev;
3682 struct hci_cp_write_local_name cp;
3684 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3686 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3689 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3691 struct mgmt_cp_set_local_name *cp;
3692 struct mgmt_pending_cmd *cmd;
3694 BT_DBG("status 0x%02x", status);
3698 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3705 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3706 mgmt_status(status));
3708 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3711 mgmt_pending_remove(cmd);
3714 hci_dev_unlock(hdev);
3717 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3720 struct mgmt_cp_set_local_name *cp = data;
3721 struct mgmt_pending_cmd *cmd;
3722 struct hci_request req;
3729 /* If the old values are the same as the new ones just return a
3730 * direct command complete event.
3732 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3733 !memcmp(hdev->short_name, cp->short_name,
3734 sizeof(hdev->short_name))) {
3735 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3740 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3742 if (!hdev_is_powered(hdev)) {
3743 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3745 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3750 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3756 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3762 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3764 hci_req_init(&req, hdev);
3766 if (lmp_bredr_capable(hdev)) {
3771 /* The name is stored in the scan response data and so
3772 * no need to udpate the advertising data here.
3774 if (lmp_le_capable(hdev))
3775 update_scan_rsp_data(&req);
3777 err = hci_req_run(&req, set_name_complete);
3779 mgmt_pending_remove(cmd);
3782 hci_dev_unlock(hdev);
3786 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3787 void *data, u16 data_len)
3789 struct mgmt_pending_cmd *cmd;
3792 BT_DBG("%s", hdev->name);
3796 if (!hdev_is_powered(hdev)) {
3797 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3798 MGMT_STATUS_NOT_POWERED);
3802 if (!lmp_ssp_capable(hdev)) {
3803 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3804 MGMT_STATUS_NOT_SUPPORTED);
3808 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3809 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3814 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3820 if (bredr_sc_enabled(hdev))
3821 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3824 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3827 mgmt_pending_remove(cmd);
3830 hci_dev_unlock(hdev);
3834 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3835 void *data, u16 len)
3837 struct mgmt_addr_info *addr = data;
3840 BT_DBG("%s ", hdev->name);
3842 if (!bdaddr_type_is_valid(addr->type))
3843 return mgmt_cmd_complete(sk, hdev->id,
3844 MGMT_OP_ADD_REMOTE_OOB_DATA,
3845 MGMT_STATUS_INVALID_PARAMS,
3846 addr, sizeof(*addr));
3850 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3851 struct mgmt_cp_add_remote_oob_data *cp = data;
3854 if (cp->addr.type != BDADDR_BREDR) {
3855 err = mgmt_cmd_complete(sk, hdev->id,
3856 MGMT_OP_ADD_REMOTE_OOB_DATA,
3857 MGMT_STATUS_INVALID_PARAMS,
3858 &cp->addr, sizeof(cp->addr));
3862 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3863 cp->addr.type, cp->hash,
3864 cp->rand, NULL, NULL);
3866 status = MGMT_STATUS_FAILED;
3868 status = MGMT_STATUS_SUCCESS;
3870 err = mgmt_cmd_complete(sk, hdev->id,
3871 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3872 &cp->addr, sizeof(cp->addr));
3873 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3874 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3875 u8 *rand192, *hash192, *rand256, *hash256;
3878 if (bdaddr_type_is_le(cp->addr.type)) {
3879 /* Enforce zero-valued 192-bit parameters as
3880 * long as legacy SMP OOB isn't implemented.
3882 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3883 memcmp(cp->hash192, ZERO_KEY, 16)) {
3884 err = mgmt_cmd_complete(sk, hdev->id,
3885 MGMT_OP_ADD_REMOTE_OOB_DATA,
3886 MGMT_STATUS_INVALID_PARAMS,
3887 addr, sizeof(*addr));
3894 /* In case one of the P-192 values is set to zero,
3895 * then just disable OOB data for P-192.
3897 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3898 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3902 rand192 = cp->rand192;
3903 hash192 = cp->hash192;
3907 /* In case one of the P-256 values is set to zero, then just
3908 * disable OOB data for P-256.
3910 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3911 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3915 rand256 = cp->rand256;
3916 hash256 = cp->hash256;
3919 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3920 cp->addr.type, hash192, rand192,
3923 status = MGMT_STATUS_FAILED;
3925 status = MGMT_STATUS_SUCCESS;
3927 err = mgmt_cmd_complete(sk, hdev->id,
3928 MGMT_OP_ADD_REMOTE_OOB_DATA,
3929 status, &cp->addr, sizeof(cp->addr));
3931 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3932 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3933 MGMT_STATUS_INVALID_PARAMS);
3937 hci_dev_unlock(hdev);
3941 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3942 void *data, u16 len)
3944 struct mgmt_cp_remove_remote_oob_data *cp = data;
3948 BT_DBG("%s", hdev->name);
3950 if (cp->addr.type != BDADDR_BREDR)
3951 return mgmt_cmd_complete(sk, hdev->id,
3952 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3953 MGMT_STATUS_INVALID_PARAMS,
3954 &cp->addr, sizeof(cp->addr));
3958 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3959 hci_remote_oob_data_clear(hdev);
3960 status = MGMT_STATUS_SUCCESS;
3964 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3966 status = MGMT_STATUS_INVALID_PARAMS;
3968 status = MGMT_STATUS_SUCCESS;
3971 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3972 status, &cp->addr, sizeof(cp->addr));
3974 hci_dev_unlock(hdev);
3978 static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
3980 struct hci_dev *hdev = req->hdev;
3981 struct hci_cp_inquiry cp;
3982 /* General inquiry access code (GIAC) */
3983 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3985 *status = mgmt_bredr_support(hdev);
3989 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
3990 *status = MGMT_STATUS_BUSY;
3994 hci_inquiry_cache_flush(hdev);
3996 memset(&cp, 0, sizeof(cp));
3997 memcpy(&cp.lap, lap, sizeof(cp.lap));
3998 cp.length = DISCOV_BREDR_INQUIRY_LEN;
4000 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
4005 static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
4007 struct hci_dev *hdev = req->hdev;
4008 struct hci_cp_le_set_scan_param param_cp;
4009 struct hci_cp_le_set_scan_enable enable_cp;
4013 *status = mgmt_le_support(hdev);
4017 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
4018 /* Don't let discovery abort an outgoing connection attempt
4019 * that's using directed advertising.
4021 if (hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
4022 *status = MGMT_STATUS_REJECTED;
4026 disable_advertising(req);
4029 /* If controller is scanning, it means the background scanning is
4030 * running. Thus, we should temporarily stop it in order to set the
4031 * discovery scanning parameters.
4033 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
4034 hci_req_add_le_scan_disable(req);
4036 /* All active scans will be done with either a resolvable private
4037 * address (when privacy feature has been enabled) or non-resolvable
4040 err = hci_update_random_address(req, true, &own_addr_type);
4042 *status = MGMT_STATUS_FAILED;
4046 memset(¶m_cp, 0, sizeof(param_cp));
4047 param_cp.type = LE_SCAN_ACTIVE;
4048 param_cp.interval = cpu_to_le16(interval);
4049 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
4050 param_cp.own_address_type = own_addr_type;
4052 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
4055 memset(&enable_cp, 0, sizeof(enable_cp));
4056 enable_cp.enable = LE_SCAN_ENABLE;
4057 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
4059 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
4065 static bool trigger_discovery(struct hci_request *req, u8 *status)
4067 struct hci_dev *hdev = req->hdev;
4069 switch (hdev->discovery.type) {
4070 case DISCOV_TYPE_BREDR:
4071 if (!trigger_bredr_inquiry(req, status))
4075 case DISCOV_TYPE_INTERLEAVED:
4076 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
4078 /* During simultaneous discovery, we double LE scan
4079 * interval. We must leave some time for the controller
4080 * to do BR/EDR inquiry.
4082 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
4086 if (!trigger_bredr_inquiry(req, status))
4092 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4093 *status = MGMT_STATUS_NOT_SUPPORTED;
4098 case DISCOV_TYPE_LE:
4099 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
4104 *status = MGMT_STATUS_INVALID_PARAMS;
4111 static void start_discovery_complete(struct hci_dev *hdev, u8 status,
4114 struct mgmt_pending_cmd *cmd;
4115 unsigned long timeout;
4117 BT_DBG("status %d", status);
4121 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
4123 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4126 cmd->cmd_complete(cmd, mgmt_status(status));
4127 mgmt_pending_remove(cmd);
4131 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4135 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
4137 /* If the scan involves LE scan, pick proper timeout to schedule
4138 * hdev->le_scan_disable that will stop it.
4140 switch (hdev->discovery.type) {
4141 case DISCOV_TYPE_LE:
4142 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4144 case DISCOV_TYPE_INTERLEAVED:
4145 /* When running simultaneous discovery, the LE scanning time
4146 * should occupy the whole discovery time sine BR/EDR inquiry
4147 * and LE scanning are scheduled by the controller.
4149 * For interleaving discovery in comparison, BR/EDR inquiry
4150 * and LE scanning are done sequentially with separate
4153 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
4154 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4156 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
4158 case DISCOV_TYPE_BREDR:
4162 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
4168 /* When service discovery is used and the controller has
4169 * a strict duplicate filter, it is important to remember
4170 * the start and duration of the scan. This is required
4171 * for restarting scanning during the discovery phase.
4173 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4175 hdev->discovery.result_filtering) {
4176 hdev->discovery.scan_start = jiffies;
4177 hdev->discovery.scan_duration = timeout;
4180 queue_delayed_work(hdev->workqueue,
4181 &hdev->le_scan_disable, timeout);
4185 hci_dev_unlock(hdev);
4188 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4189 void *data, u16 len)
4191 struct mgmt_cp_start_discovery *cp = data;
4192 struct mgmt_pending_cmd *cmd;
4193 struct hci_request req;
4197 BT_DBG("%s", hdev->name);
4201 if (!hdev_is_powered(hdev)) {
4202 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4203 MGMT_STATUS_NOT_POWERED,
4204 &cp->type, sizeof(cp->type));
4208 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4209 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4210 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4211 MGMT_STATUS_BUSY, &cp->type,
4216 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4222 cmd->cmd_complete = generic_cmd_complete;
4224 /* Clear the discovery filter first to free any previously
4225 * allocated memory for the UUID list.
4227 hci_discovery_filter_clear(hdev);
4229 hdev->discovery.type = cp->type;
4230 hdev->discovery.report_invalid_rssi = false;
4232 hci_req_init(&req, hdev);
4234 if (!trigger_discovery(&req, &status)) {
4235 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4236 status, &cp->type, sizeof(cp->type));
4237 mgmt_pending_remove(cmd);
4241 err = hci_req_run(&req, start_discovery_complete);
4243 mgmt_pending_remove(cmd);
4247 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4250 hci_dev_unlock(hdev);
4254 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4257 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4261 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4262 void *data, u16 len)
4264 struct mgmt_cp_start_service_discovery *cp = data;
4265 struct mgmt_pending_cmd *cmd;
4266 struct hci_request req;
4267 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4268 u16 uuid_count, expected_len;
4272 BT_DBG("%s", hdev->name);
4276 if (!hdev_is_powered(hdev)) {
4277 err = mgmt_cmd_complete(sk, hdev->id,
4278 MGMT_OP_START_SERVICE_DISCOVERY,
4279 MGMT_STATUS_NOT_POWERED,
4280 &cp->type, sizeof(cp->type));
4284 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4285 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4286 err = mgmt_cmd_complete(sk, hdev->id,
4287 MGMT_OP_START_SERVICE_DISCOVERY,
4288 MGMT_STATUS_BUSY, &cp->type,
4293 uuid_count = __le16_to_cpu(cp->uuid_count);
4294 if (uuid_count > max_uuid_count) {
4295 BT_ERR("service_discovery: too big uuid_count value %u",
4297 err = mgmt_cmd_complete(sk, hdev->id,
4298 MGMT_OP_START_SERVICE_DISCOVERY,
4299 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4304 expected_len = sizeof(*cp) + uuid_count * 16;
4305 if (expected_len != len) {
4306 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4308 err = mgmt_cmd_complete(sk, hdev->id,
4309 MGMT_OP_START_SERVICE_DISCOVERY,
4310 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4315 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4322 cmd->cmd_complete = service_discovery_cmd_complete;
4324 /* Clear the discovery filter first to free any previously
4325 * allocated memory for the UUID list.
4327 hci_discovery_filter_clear(hdev);
4329 hdev->discovery.result_filtering = true;
4330 hdev->discovery.type = cp->type;
4331 hdev->discovery.rssi = cp->rssi;
4332 hdev->discovery.uuid_count = uuid_count;
4334 if (uuid_count > 0) {
4335 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4337 if (!hdev->discovery.uuids) {
4338 err = mgmt_cmd_complete(sk, hdev->id,
4339 MGMT_OP_START_SERVICE_DISCOVERY,
4341 &cp->type, sizeof(cp->type));
4342 mgmt_pending_remove(cmd);
4347 hci_req_init(&req, hdev);
4349 if (!trigger_discovery(&req, &status)) {
4350 err = mgmt_cmd_complete(sk, hdev->id,
4351 MGMT_OP_START_SERVICE_DISCOVERY,
4352 status, &cp->type, sizeof(cp->type));
4353 mgmt_pending_remove(cmd);
4357 err = hci_req_run(&req, start_discovery_complete);
4359 mgmt_pending_remove(cmd);
4363 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4366 hci_dev_unlock(hdev);
4370 static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4372 struct mgmt_pending_cmd *cmd;
4374 BT_DBG("status %d", status);
4378 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4380 cmd->cmd_complete(cmd, mgmt_status(status));
4381 mgmt_pending_remove(cmd);
4385 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4387 hci_dev_unlock(hdev);
4390 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4393 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4394 struct mgmt_pending_cmd *cmd;
4395 struct hci_request req;
4398 BT_DBG("%s", hdev->name);
4402 if (!hci_discovery_active(hdev)) {
4403 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4404 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4405 sizeof(mgmt_cp->type));
4409 if (hdev->discovery.type != mgmt_cp->type) {
4410 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4411 MGMT_STATUS_INVALID_PARAMS,
4412 &mgmt_cp->type, sizeof(mgmt_cp->type));
4416 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4422 cmd->cmd_complete = generic_cmd_complete;
4424 hci_req_init(&req, hdev);
4426 hci_stop_discovery(&req);
4428 err = hci_req_run(&req, stop_discovery_complete);
4430 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4434 mgmt_pending_remove(cmd);
4436 /* If no HCI commands were sent we're done */
4437 if (err == -ENODATA) {
4438 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4439 &mgmt_cp->type, sizeof(mgmt_cp->type));
4440 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4444 hci_dev_unlock(hdev);
4448 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4451 struct mgmt_cp_confirm_name *cp = data;
4452 struct inquiry_entry *e;
4455 BT_DBG("%s", hdev->name);
4459 if (!hci_discovery_active(hdev)) {
4460 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4461 MGMT_STATUS_FAILED, &cp->addr,
4466 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4468 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4469 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4474 if (cp->name_known) {
4475 e->name_state = NAME_KNOWN;
4478 e->name_state = NAME_NEEDED;
4479 hci_inquiry_cache_update_resolve(hdev, e);
4482 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4483 &cp->addr, sizeof(cp->addr));
4486 hci_dev_unlock(hdev);
4490 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4493 struct mgmt_cp_block_device *cp = data;
4497 BT_DBG("%s", hdev->name);
4499 if (!bdaddr_type_is_valid(cp->addr.type))
4500 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4501 MGMT_STATUS_INVALID_PARAMS,
4502 &cp->addr, sizeof(cp->addr));
4506 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4509 status = MGMT_STATUS_FAILED;
4513 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4515 status = MGMT_STATUS_SUCCESS;
4518 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4519 &cp->addr, sizeof(cp->addr));
4521 hci_dev_unlock(hdev);
4526 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4529 struct mgmt_cp_unblock_device *cp = data;
4533 BT_DBG("%s", hdev->name);
4535 if (!bdaddr_type_is_valid(cp->addr.type))
4536 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4537 MGMT_STATUS_INVALID_PARAMS,
4538 &cp->addr, sizeof(cp->addr));
4542 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4545 status = MGMT_STATUS_INVALID_PARAMS;
4549 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4551 status = MGMT_STATUS_SUCCESS;
4554 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4555 &cp->addr, sizeof(cp->addr));
4557 hci_dev_unlock(hdev);
4562 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4565 struct mgmt_cp_set_device_id *cp = data;
4566 struct hci_request req;
4570 BT_DBG("%s", hdev->name);
4572 source = __le16_to_cpu(cp->source);
4574 if (source > 0x0002)
4575 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4576 MGMT_STATUS_INVALID_PARAMS);
4580 hdev->devid_source = source;
4581 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4582 hdev->devid_product = __le16_to_cpu(cp->product);
4583 hdev->devid_version = __le16_to_cpu(cp->version);
4585 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4588 hci_req_init(&req, hdev);
4590 hci_req_run(&req, NULL);
4592 hci_dev_unlock(hdev);
4597 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4600 BT_DBG("status %d", status);
4603 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4606 struct cmd_lookup match = { NULL, hdev };
4607 struct hci_request req;
4612 u8 mgmt_err = mgmt_status(status);
4614 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4615 cmd_status_rsp, &mgmt_err);
4619 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4620 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4622 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4624 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4627 new_settings(hdev, match.sk);
4632 /* If "Set Advertising" was just disabled and instance advertising was
4633 * set up earlier, then enable the advertising instance.
4635 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4636 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
4639 hci_req_init(&req, hdev);
4641 update_adv_data(&req);
4642 enable_advertising(&req);
4644 if (hci_req_run(&req, enable_advertising_instance) < 0)
4645 BT_ERR("Failed to re-configure advertising");
4648 hci_dev_unlock(hdev);
4651 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4654 struct mgmt_mode *cp = data;
4655 struct mgmt_pending_cmd *cmd;
4656 struct hci_request req;
4660 BT_DBG("request for %s", hdev->name);
4662 status = mgmt_le_support(hdev);
4664 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4667 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4668 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4669 MGMT_STATUS_INVALID_PARAMS);
4675 /* The following conditions are ones which mean that we should
4676 * not do any HCI communication but directly send a mgmt
4677 * response to user space (after toggling the flag if
4680 if (!hdev_is_powered(hdev) ||
4681 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4682 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4683 hci_conn_num(hdev, LE_LINK) > 0 ||
4684 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4685 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4689 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4690 if (cp->val == 0x02)
4691 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4693 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4695 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4696 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4699 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4704 err = new_settings(hdev, sk);
4709 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4710 pending_find(MGMT_OP_SET_LE, hdev)) {
4711 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4716 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4722 hci_req_init(&req, hdev);
4724 if (cp->val == 0x02)
4725 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4727 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4730 /* Switch to instance "0" for the Set Advertising setting. */
4731 update_adv_data_for_instance(&req, 0);
4732 update_scan_rsp_data_for_instance(&req, 0);
4733 enable_advertising(&req);
4735 disable_advertising(&req);
4738 err = hci_req_run(&req, set_advertising_complete);
4740 mgmt_pending_remove(cmd);
4743 hci_dev_unlock(hdev);
4747 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4748 void *data, u16 len)
4750 struct mgmt_cp_set_static_address *cp = data;
4753 BT_DBG("%s", hdev->name);
4755 if (!lmp_le_capable(hdev))
4756 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4757 MGMT_STATUS_NOT_SUPPORTED);
4759 if (hdev_is_powered(hdev))
4760 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4761 MGMT_STATUS_REJECTED);
4763 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4764 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4765 return mgmt_cmd_status(sk, hdev->id,
4766 MGMT_OP_SET_STATIC_ADDRESS,
4767 MGMT_STATUS_INVALID_PARAMS);
4769 /* Two most significant bits shall be set */
4770 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4771 return mgmt_cmd_status(sk, hdev->id,
4772 MGMT_OP_SET_STATIC_ADDRESS,
4773 MGMT_STATUS_INVALID_PARAMS);
4778 bacpy(&hdev->static_addr, &cp->bdaddr);
4780 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4784 err = new_settings(hdev, sk);
4787 hci_dev_unlock(hdev);
4791 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4792 void *data, u16 len)
4794 struct mgmt_cp_set_scan_params *cp = data;
4795 __u16 interval, window;
4798 BT_DBG("%s", hdev->name);
4800 if (!lmp_le_capable(hdev))
4801 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4802 MGMT_STATUS_NOT_SUPPORTED);
4804 interval = __le16_to_cpu(cp->interval);
4806 if (interval < 0x0004 || interval > 0x4000)
4807 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4808 MGMT_STATUS_INVALID_PARAMS);
4810 window = __le16_to_cpu(cp->window);
4812 if (window < 0x0004 || window > 0x4000)
4813 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4814 MGMT_STATUS_INVALID_PARAMS);
4816 if (window > interval)
4817 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4818 MGMT_STATUS_INVALID_PARAMS);
4822 hdev->le_scan_interval = interval;
4823 hdev->le_scan_window = window;
4825 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4828 /* If background scan is running, restart it so new parameters are
4831 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4832 hdev->discovery.state == DISCOVERY_STOPPED) {
4833 struct hci_request req;
4835 hci_req_init(&req, hdev);
4837 hci_req_add_le_scan_disable(&req);
4838 hci_req_add_le_passive_scan(&req);
4840 hci_req_run(&req, NULL);
4843 hci_dev_unlock(hdev);
4848 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4851 struct mgmt_pending_cmd *cmd;
4853 BT_DBG("status 0x%02x", status);
4857 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4862 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4863 mgmt_status(status));
4865 struct mgmt_mode *cp = cmd->param;
4868 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4870 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4872 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4873 new_settings(hdev, cmd->sk);
4876 mgmt_pending_remove(cmd);
4879 hci_dev_unlock(hdev);
4882 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4883 void *data, u16 len)
4885 struct mgmt_mode *cp = data;
4886 struct mgmt_pending_cmd *cmd;
4887 struct hci_request req;
4890 BT_DBG("%s", hdev->name);
4892 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4893 hdev->hci_ver < BLUETOOTH_VER_1_2)
4894 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4895 MGMT_STATUS_NOT_SUPPORTED);
4897 if (cp->val != 0x00 && cp->val != 0x01)
4898 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4899 MGMT_STATUS_INVALID_PARAMS);
4903 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4904 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4909 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4910 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4915 if (!hdev_is_powered(hdev)) {
4916 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4917 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4919 new_settings(hdev, sk);
4923 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4930 hci_req_init(&req, hdev);
4932 write_fast_connectable(&req, cp->val);
4934 err = hci_req_run(&req, fast_connectable_complete);
4936 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4937 MGMT_STATUS_FAILED);
4938 mgmt_pending_remove(cmd);
4942 hci_dev_unlock(hdev);
4947 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4949 struct mgmt_pending_cmd *cmd;
4951 BT_DBG("status 0x%02x", status);
4955 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4960 u8 mgmt_err = mgmt_status(status);
4962 /* We need to restore the flag if related HCI commands
4965 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4967 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4969 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4970 new_settings(hdev, cmd->sk);
4973 mgmt_pending_remove(cmd);
4976 hci_dev_unlock(hdev);
4979 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4981 struct mgmt_mode *cp = data;
4982 struct mgmt_pending_cmd *cmd;
4983 struct hci_request req;
4986 BT_DBG("request for %s", hdev->name);
4988 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4989 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4990 MGMT_STATUS_NOT_SUPPORTED);
4992 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4993 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4994 MGMT_STATUS_REJECTED);
4996 if (cp->val != 0x00 && cp->val != 0x01)
4997 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4998 MGMT_STATUS_INVALID_PARAMS);
5002 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5003 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5007 if (!hdev_is_powered(hdev)) {
5009 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
5010 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
5011 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
5012 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5013 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
5016 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
5018 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5022 err = new_settings(hdev, sk);
5026 /* Reject disabling when powered on */
5028 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5029 MGMT_STATUS_REJECTED);
5032 /* When configuring a dual-mode controller to operate
5033 * with LE only and using a static address, then switching
5034 * BR/EDR back on is not allowed.
5036 * Dual-mode controllers shall operate with the public
5037 * address as its identity address for BR/EDR and LE. So
5038 * reject the attempt to create an invalid configuration.
5040 * The same restrictions applies when secure connections
5041 * has been enabled. For BR/EDR this is a controller feature
5042 * while for LE it is a host stack feature. This means that
5043 * switching BR/EDR back on when secure connections has been
5044 * enabled is not a supported transaction.
5046 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5047 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5048 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
5049 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5050 MGMT_STATUS_REJECTED);
5055 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
5056 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5061 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5067 /* We need to flip the bit already here so that update_adv_data
5068 * generates the correct flags.
5070 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
5072 hci_req_init(&req, hdev);
5074 write_fast_connectable(&req, false);
5075 __hci_update_page_scan(&req);
5077 /* Since only the advertising data flags will change, there
5078 * is no need to update the scan response data.
5080 update_adv_data(&req);
5082 err = hci_req_run(&req, set_bredr_complete);
5084 mgmt_pending_remove(cmd);
5087 hci_dev_unlock(hdev);
5091 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5093 struct mgmt_pending_cmd *cmd;
5094 struct mgmt_mode *cp;
5096 BT_DBG("%s status %u", hdev->name, status);
5100 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5105 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5106 mgmt_status(status));
5114 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5115 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5118 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5119 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5122 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5123 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5127 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5128 new_settings(hdev, cmd->sk);
5131 mgmt_pending_remove(cmd);
5133 hci_dev_unlock(hdev);
5136 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5137 void *data, u16 len)
5139 struct mgmt_mode *cp = data;
5140 struct mgmt_pending_cmd *cmd;
5141 struct hci_request req;
5145 BT_DBG("request for %s", hdev->name);
5147 if (!lmp_sc_capable(hdev) &&
5148 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5149 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5150 MGMT_STATUS_NOT_SUPPORTED);
5152 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5153 lmp_sc_capable(hdev) &&
5154 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
5155 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5156 MGMT_STATUS_REJECTED);
5158 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5159 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5160 MGMT_STATUS_INVALID_PARAMS);
5164 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5165 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5169 changed = !hci_dev_test_and_set_flag(hdev,
5171 if (cp->val == 0x02)
5172 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5174 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5176 changed = hci_dev_test_and_clear_flag(hdev,
5178 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5181 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5186 err = new_settings(hdev, sk);
5191 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5192 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5199 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5200 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5201 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5205 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5211 hci_req_init(&req, hdev);
5212 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5213 err = hci_req_run(&req, sc_enable_complete);
5215 mgmt_pending_remove(cmd);
5220 hci_dev_unlock(hdev);
5224 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5225 void *data, u16 len)
5227 struct mgmt_mode *cp = data;
5228 bool changed, use_changed;
5231 BT_DBG("request for %s", hdev->name);
5233 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5234 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5235 MGMT_STATUS_INVALID_PARAMS);
5240 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5242 changed = hci_dev_test_and_clear_flag(hdev,
5243 HCI_KEEP_DEBUG_KEYS);
5245 if (cp->val == 0x02)
5246 use_changed = !hci_dev_test_and_set_flag(hdev,
5247 HCI_USE_DEBUG_KEYS);
5249 use_changed = hci_dev_test_and_clear_flag(hdev,
5250 HCI_USE_DEBUG_KEYS);
5252 if (hdev_is_powered(hdev) && use_changed &&
5253 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5254 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5255 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5256 sizeof(mode), &mode);
5259 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5264 err = new_settings(hdev, sk);
5267 hci_dev_unlock(hdev);
5271 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5274 struct mgmt_cp_set_privacy *cp = cp_data;
5278 BT_DBG("request for %s", hdev->name);
5280 if (!lmp_le_capable(hdev))
5281 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5282 MGMT_STATUS_NOT_SUPPORTED);
5284 if (cp->privacy != 0x00 && cp->privacy != 0x01)
5285 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5286 MGMT_STATUS_INVALID_PARAMS);
5288 if (hdev_is_powered(hdev))
5289 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5290 MGMT_STATUS_REJECTED);
5294 /* If user space supports this command it is also expected to
5295 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5297 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5300 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
5301 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5302 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5304 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
5305 memset(hdev->irk, 0, sizeof(hdev->irk));
5306 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
5309 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5314 err = new_settings(hdev, sk);
5317 hci_dev_unlock(hdev);
5321 static bool irk_is_valid(struct mgmt_irk_info *irk)
5323 switch (irk->addr.type) {
5324 case BDADDR_LE_PUBLIC:
5327 case BDADDR_LE_RANDOM:
5328 /* Two most significant bits shall be set */
5329 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5337 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5340 struct mgmt_cp_load_irks *cp = cp_data;
5341 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5342 sizeof(struct mgmt_irk_info));
5343 u16 irk_count, expected_len;
5346 BT_DBG("request for %s", hdev->name);
5348 if (!lmp_le_capable(hdev))
5349 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5350 MGMT_STATUS_NOT_SUPPORTED);
5352 irk_count = __le16_to_cpu(cp->irk_count);
5353 if (irk_count > max_irk_count) {
5354 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5355 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5356 MGMT_STATUS_INVALID_PARAMS);
5359 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5360 if (expected_len != len) {
5361 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5363 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5364 MGMT_STATUS_INVALID_PARAMS);
5367 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5369 for (i = 0; i < irk_count; i++) {
5370 struct mgmt_irk_info *key = &cp->irks[i];
5372 if (!irk_is_valid(key))
5373 return mgmt_cmd_status(sk, hdev->id,
5375 MGMT_STATUS_INVALID_PARAMS);
5380 hci_smp_irks_clear(hdev);
5382 for (i = 0; i < irk_count; i++) {
5383 struct mgmt_irk_info *irk = &cp->irks[i];
5386 if (irk->addr.type == BDADDR_LE_PUBLIC)
5387 addr_type = ADDR_LE_DEV_PUBLIC;
5389 addr_type = ADDR_LE_DEV_RANDOM;
5391 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5395 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5397 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5399 hci_dev_unlock(hdev);
5404 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5406 if (key->master != 0x00 && key->master != 0x01)
5409 switch (key->addr.type) {
5410 case BDADDR_LE_PUBLIC:
5413 case BDADDR_LE_RANDOM:
5414 /* Two most significant bits shall be set */
5415 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5423 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5424 void *cp_data, u16 len)
5426 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5427 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5428 sizeof(struct mgmt_ltk_info));
5429 u16 key_count, expected_len;
5432 BT_DBG("request for %s", hdev->name);
5434 if (!lmp_le_capable(hdev))
5435 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5436 MGMT_STATUS_NOT_SUPPORTED);
5438 key_count = __le16_to_cpu(cp->key_count);
5439 if (key_count > max_key_count) {
5440 BT_ERR("load_ltks: too big key_count value %u", key_count);
5441 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5442 MGMT_STATUS_INVALID_PARAMS);
5445 expected_len = sizeof(*cp) + key_count *
5446 sizeof(struct mgmt_ltk_info);
5447 if (expected_len != len) {
5448 BT_ERR("load_keys: expected %u bytes, got %u bytes",
5450 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5451 MGMT_STATUS_INVALID_PARAMS);
5454 BT_DBG("%s key_count %u", hdev->name, key_count);
5456 for (i = 0; i < key_count; i++) {
5457 struct mgmt_ltk_info *key = &cp->keys[i];
5459 if (!ltk_is_valid(key))
5460 return mgmt_cmd_status(sk, hdev->id,
5461 MGMT_OP_LOAD_LONG_TERM_KEYS,
5462 MGMT_STATUS_INVALID_PARAMS);
5467 hci_smp_ltks_clear(hdev);
5469 for (i = 0; i < key_count; i++) {
5470 struct mgmt_ltk_info *key = &cp->keys[i];
5471 u8 type, addr_type, authenticated;
5473 if (key->addr.type == BDADDR_LE_PUBLIC)
5474 addr_type = ADDR_LE_DEV_PUBLIC;
5476 addr_type = ADDR_LE_DEV_RANDOM;
5478 switch (key->type) {
5479 case MGMT_LTK_UNAUTHENTICATED:
5480 authenticated = 0x00;
5481 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5483 case MGMT_LTK_AUTHENTICATED:
5484 authenticated = 0x01;
5485 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5487 case MGMT_LTK_P256_UNAUTH:
5488 authenticated = 0x00;
5489 type = SMP_LTK_P256;
5491 case MGMT_LTK_P256_AUTH:
5492 authenticated = 0x01;
5493 type = SMP_LTK_P256;
5495 case MGMT_LTK_P256_DEBUG:
5496 authenticated = 0x00;
5497 type = SMP_LTK_P256_DEBUG;
5502 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
5503 authenticated, key->val, key->enc_size, key->ediv,
5507 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5510 hci_dev_unlock(hdev);
5515 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5517 struct hci_conn *conn = cmd->user_data;
5518 struct mgmt_rp_get_conn_info rp;
5521 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5523 if (status == MGMT_STATUS_SUCCESS) {
5524 rp.rssi = conn->rssi;
5525 rp.tx_power = conn->tx_power;
5526 rp.max_tx_power = conn->max_tx_power;
5528 rp.rssi = HCI_RSSI_INVALID;
5529 rp.tx_power = HCI_TX_POWER_INVALID;
5530 rp.max_tx_power = HCI_TX_POWER_INVALID;
5533 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5534 status, &rp, sizeof(rp));
5536 hci_conn_drop(conn);
5542 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5545 struct hci_cp_read_rssi *cp;
5546 struct mgmt_pending_cmd *cmd;
5547 struct hci_conn *conn;
5551 BT_DBG("status 0x%02x", hci_status);
5555 /* Commands sent in request are either Read RSSI or Read Transmit Power
5556 * Level so we check which one was last sent to retrieve connection
5557 * handle. Both commands have handle as first parameter so it's safe to
5558 * cast data on the same command struct.
5560 * First command sent is always Read RSSI and we fail only if it fails.
5561 * In other case we simply override error to indicate success as we
5562 * already remembered if TX power value is actually valid.
5564 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5566 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5567 status = MGMT_STATUS_SUCCESS;
5569 status = mgmt_status(hci_status);
5573 BT_ERR("invalid sent_cmd in conn_info response");
5577 handle = __le16_to_cpu(cp->handle);
5578 conn = hci_conn_hash_lookup_handle(hdev, handle);
5580 BT_ERR("unknown handle (%d) in conn_info response", handle);
5584 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5588 cmd->cmd_complete(cmd, status);
5589 mgmt_pending_remove(cmd);
5592 hci_dev_unlock(hdev);
5595 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5598 struct mgmt_cp_get_conn_info *cp = data;
5599 struct mgmt_rp_get_conn_info rp;
5600 struct hci_conn *conn;
5601 unsigned long conn_info_age;
5604 BT_DBG("%s", hdev->name);
5606 memset(&rp, 0, sizeof(rp));
5607 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5608 rp.addr.type = cp->addr.type;
5610 if (!bdaddr_type_is_valid(cp->addr.type))
5611 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5612 MGMT_STATUS_INVALID_PARAMS,
5617 if (!hdev_is_powered(hdev)) {
5618 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5619 MGMT_STATUS_NOT_POWERED, &rp,
5624 if (cp->addr.type == BDADDR_BREDR)
5625 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5628 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5630 if (!conn || conn->state != BT_CONNECTED) {
5631 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5632 MGMT_STATUS_NOT_CONNECTED, &rp,
5637 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5638 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5639 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5643 /* To avoid client trying to guess when to poll again for information we
5644 * calculate conn info age as random value between min/max set in hdev.
5646 conn_info_age = hdev->conn_info_min_age +
5647 prandom_u32_max(hdev->conn_info_max_age -
5648 hdev->conn_info_min_age);
5650 /* Query controller to refresh cached values if they are too old or were
5653 if (time_after(jiffies, conn->conn_info_timestamp +
5654 msecs_to_jiffies(conn_info_age)) ||
5655 !conn->conn_info_timestamp) {
5656 struct hci_request req;
5657 struct hci_cp_read_tx_power req_txp_cp;
5658 struct hci_cp_read_rssi req_rssi_cp;
5659 struct mgmt_pending_cmd *cmd;
5661 hci_req_init(&req, hdev);
5662 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5663 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5666 /* For LE links TX power does not change thus we don't need to
5667 * query for it once value is known.
5669 if (!bdaddr_type_is_le(cp->addr.type) ||
5670 conn->tx_power == HCI_TX_POWER_INVALID) {
5671 req_txp_cp.handle = cpu_to_le16(conn->handle);
5672 req_txp_cp.type = 0x00;
5673 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5674 sizeof(req_txp_cp), &req_txp_cp);
5677 /* Max TX power needs to be read only once per connection */
5678 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5679 req_txp_cp.handle = cpu_to_le16(conn->handle);
5680 req_txp_cp.type = 0x01;
5681 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5682 sizeof(req_txp_cp), &req_txp_cp);
5685 err = hci_req_run(&req, conn_info_refresh_complete);
5689 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5696 hci_conn_hold(conn);
5697 cmd->user_data = hci_conn_get(conn);
5698 cmd->cmd_complete = conn_info_cmd_complete;
5700 conn->conn_info_timestamp = jiffies;
5702 /* Cache is valid, just reply with values cached in hci_conn */
5703 rp.rssi = conn->rssi;
5704 rp.tx_power = conn->tx_power;
5705 rp.max_tx_power = conn->max_tx_power;
5707 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5708 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5712 hci_dev_unlock(hdev);
5716 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5718 struct hci_conn *conn = cmd->user_data;
5719 struct mgmt_rp_get_clock_info rp;
5720 struct hci_dev *hdev;
5723 memset(&rp, 0, sizeof(rp));
5724 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5729 hdev = hci_dev_get(cmd->index);
5731 rp.local_clock = cpu_to_le32(hdev->clock);
5736 rp.piconet_clock = cpu_to_le32(conn->clock);
5737 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5741 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5745 hci_conn_drop(conn);
5752 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5754 struct hci_cp_read_clock *hci_cp;
5755 struct mgmt_pending_cmd *cmd;
5756 struct hci_conn *conn;
5758 BT_DBG("%s status %u", hdev->name, status);
5762 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5766 if (hci_cp->which) {
5767 u16 handle = __le16_to_cpu(hci_cp->handle);
5768 conn = hci_conn_hash_lookup_handle(hdev, handle);
5773 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5777 cmd->cmd_complete(cmd, mgmt_status(status));
5778 mgmt_pending_remove(cmd);
5781 hci_dev_unlock(hdev);
5784 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5787 struct mgmt_cp_get_clock_info *cp = data;
5788 struct mgmt_rp_get_clock_info rp;
5789 struct hci_cp_read_clock hci_cp;
5790 struct mgmt_pending_cmd *cmd;
5791 struct hci_request req;
5792 struct hci_conn *conn;
5795 BT_DBG("%s", hdev->name);
5797 memset(&rp, 0, sizeof(rp));
5798 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5799 rp.addr.type = cp->addr.type;
5801 if (cp->addr.type != BDADDR_BREDR)
5802 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5803 MGMT_STATUS_INVALID_PARAMS,
5808 if (!hdev_is_powered(hdev)) {
5809 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5810 MGMT_STATUS_NOT_POWERED, &rp,
5815 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5816 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5818 if (!conn || conn->state != BT_CONNECTED) {
5819 err = mgmt_cmd_complete(sk, hdev->id,
5820 MGMT_OP_GET_CLOCK_INFO,
5821 MGMT_STATUS_NOT_CONNECTED,
5829 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5835 cmd->cmd_complete = clock_info_cmd_complete;
5837 hci_req_init(&req, hdev);
5839 memset(&hci_cp, 0, sizeof(hci_cp));
5840 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5843 hci_conn_hold(conn);
5844 cmd->user_data = hci_conn_get(conn);
5846 hci_cp.handle = cpu_to_le16(conn->handle);
5847 hci_cp.which = 0x01; /* Piconet clock */
5848 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5851 err = hci_req_run(&req, get_clock_info_complete);
5853 mgmt_pending_remove(cmd);
5856 hci_dev_unlock(hdev);
5860 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5862 struct hci_conn *conn;
5864 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5868 if (conn->dst_type != type)
5871 if (conn->state != BT_CONNECTED)
5877 /* This function requires the caller holds hdev->lock */
5878 static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5879 u8 addr_type, u8 auto_connect)
5881 struct hci_dev *hdev = req->hdev;
5882 struct hci_conn_params *params;
5884 params = hci_conn_params_add(hdev, addr, addr_type);
5888 if (params->auto_connect == auto_connect)
5891 list_del_init(¶ms->action);
5893 switch (auto_connect) {
5894 case HCI_AUTO_CONN_DISABLED:
5895 case HCI_AUTO_CONN_LINK_LOSS:
5896 __hci_update_background_scan(req);
5898 case HCI_AUTO_CONN_REPORT:
5899 list_add(¶ms->action, &hdev->pend_le_reports);
5900 __hci_update_background_scan(req);
5902 case HCI_AUTO_CONN_DIRECT:
5903 case HCI_AUTO_CONN_ALWAYS:
5904 if (!is_connected(hdev, addr, addr_type)) {
5905 list_add(¶ms->action, &hdev->pend_le_conns);
5906 __hci_update_background_scan(req);
5911 params->auto_connect = auto_connect;
5913 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5919 static void device_added(struct sock *sk, struct hci_dev *hdev,
5920 bdaddr_t *bdaddr, u8 type, u8 action)
5922 struct mgmt_ev_device_added ev;
5924 bacpy(&ev.addr.bdaddr, bdaddr);
5925 ev.addr.type = type;
5928 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5931 static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5933 struct mgmt_pending_cmd *cmd;
5935 BT_DBG("status 0x%02x", status);
5939 cmd = pending_find(MGMT_OP_ADD_DEVICE, hdev);
5943 cmd->cmd_complete(cmd, mgmt_status(status));
5944 mgmt_pending_remove(cmd);
5947 hci_dev_unlock(hdev);
5950 static int add_device(struct sock *sk, struct hci_dev *hdev,
5951 void *data, u16 len)
5953 struct mgmt_cp_add_device *cp = data;
5954 struct mgmt_pending_cmd *cmd;
5955 struct hci_request req;
5956 u8 auto_conn, addr_type;
5959 BT_DBG("%s", hdev->name);
5961 if (!bdaddr_type_is_valid(cp->addr.type) ||
5962 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5963 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5964 MGMT_STATUS_INVALID_PARAMS,
5965 &cp->addr, sizeof(cp->addr));
5967 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5968 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5969 MGMT_STATUS_INVALID_PARAMS,
5970 &cp->addr, sizeof(cp->addr));
5972 hci_req_init(&req, hdev);
5976 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5982 cmd->cmd_complete = addr_cmd_complete;
5984 if (cp->addr.type == BDADDR_BREDR) {
5985 /* Only incoming connections action is supported for now */
5986 if (cp->action != 0x01) {
5987 err = cmd->cmd_complete(cmd,
5988 MGMT_STATUS_INVALID_PARAMS);
5989 mgmt_pending_remove(cmd);
5993 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5998 __hci_update_page_scan(&req);
6003 if (cp->addr.type == BDADDR_LE_PUBLIC)
6004 addr_type = ADDR_LE_DEV_PUBLIC;
6006 addr_type = ADDR_LE_DEV_RANDOM;
6008 if (cp->action == 0x02)
6009 auto_conn = HCI_AUTO_CONN_ALWAYS;
6010 else if (cp->action == 0x01)
6011 auto_conn = HCI_AUTO_CONN_DIRECT;
6013 auto_conn = HCI_AUTO_CONN_REPORT;
6015 /* If the connection parameters don't exist for this device,
6016 * they will be created and configured with defaults.
6018 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
6020 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
6021 mgmt_pending_remove(cmd);
6026 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
6028 err = hci_req_run(&req, add_device_complete);
6030 /* ENODATA means no HCI commands were needed (e.g. if
6031 * the adapter is powered off).
6033 if (err == -ENODATA)
6034 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6035 mgmt_pending_remove(cmd);
6039 hci_dev_unlock(hdev);
6043 static void device_removed(struct sock *sk, struct hci_dev *hdev,
6044 bdaddr_t *bdaddr, u8 type)
6046 struct mgmt_ev_device_removed ev;
6048 bacpy(&ev.addr.bdaddr, bdaddr);
6049 ev.addr.type = type;
6051 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6054 static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6056 struct mgmt_pending_cmd *cmd;
6058 BT_DBG("status 0x%02x", status);
6062 cmd = pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
6066 cmd->cmd_complete(cmd, mgmt_status(status));
6067 mgmt_pending_remove(cmd);
6070 hci_dev_unlock(hdev);
6073 static int remove_device(struct sock *sk, struct hci_dev *hdev,
6074 void *data, u16 len)
6076 struct mgmt_cp_remove_device *cp = data;
6077 struct mgmt_pending_cmd *cmd;
6078 struct hci_request req;
6081 BT_DBG("%s", hdev->name);
6083 hci_req_init(&req, hdev);
6087 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
6093 cmd->cmd_complete = addr_cmd_complete;
6095 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6096 struct hci_conn_params *params;
6099 if (!bdaddr_type_is_valid(cp->addr.type)) {
6100 err = cmd->cmd_complete(cmd,
6101 MGMT_STATUS_INVALID_PARAMS);
6102 mgmt_pending_remove(cmd);
6106 if (cp->addr.type == BDADDR_BREDR) {
6107 err = hci_bdaddr_list_del(&hdev->whitelist,
6111 err = cmd->cmd_complete(cmd,
6112 MGMT_STATUS_INVALID_PARAMS);
6113 mgmt_pending_remove(cmd);
6117 __hci_update_page_scan(&req);
6119 device_removed(sk, hdev, &cp->addr.bdaddr,
6124 if (cp->addr.type == BDADDR_LE_PUBLIC)
6125 addr_type = ADDR_LE_DEV_PUBLIC;
6127 addr_type = ADDR_LE_DEV_RANDOM;
6129 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6132 err = cmd->cmd_complete(cmd,
6133 MGMT_STATUS_INVALID_PARAMS);
6134 mgmt_pending_remove(cmd);
6138 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
6139 err = cmd->cmd_complete(cmd,
6140 MGMT_STATUS_INVALID_PARAMS);
6141 mgmt_pending_remove(cmd);
6145 list_del(¶ms->action);
6146 list_del(¶ms->list);
6148 __hci_update_background_scan(&req);
6150 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
6152 struct hci_conn_params *p, *tmp;
6153 struct bdaddr_list *b, *btmp;
6155 if (cp->addr.type) {
6156 err = cmd->cmd_complete(cmd,
6157 MGMT_STATUS_INVALID_PARAMS);
6158 mgmt_pending_remove(cmd);
6162 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6163 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6168 __hci_update_page_scan(&req);
6170 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6171 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6173 device_removed(sk, hdev, &p->addr, p->addr_type);
6174 list_del(&p->action);
6179 BT_DBG("All LE connection parameters were removed");
6181 __hci_update_background_scan(&req);
6185 err = hci_req_run(&req, remove_device_complete);
6187 /* ENODATA means no HCI commands were needed (e.g. if
6188 * the adapter is powered off).
6190 if (err == -ENODATA)
6191 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6192 mgmt_pending_remove(cmd);
6196 hci_dev_unlock(hdev);
6200 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6203 struct mgmt_cp_load_conn_param *cp = data;
6204 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6205 sizeof(struct mgmt_conn_param));
6206 u16 param_count, expected_len;
6209 if (!lmp_le_capable(hdev))
6210 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6211 MGMT_STATUS_NOT_SUPPORTED);
6213 param_count = __le16_to_cpu(cp->param_count);
6214 if (param_count > max_param_count) {
6215 BT_ERR("load_conn_param: too big param_count value %u",
6217 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6218 MGMT_STATUS_INVALID_PARAMS);
6221 expected_len = sizeof(*cp) + param_count *
6222 sizeof(struct mgmt_conn_param);
6223 if (expected_len != len) {
6224 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6226 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6227 MGMT_STATUS_INVALID_PARAMS);
6230 BT_DBG("%s param_count %u", hdev->name, param_count);
6234 hci_conn_params_clear_disabled(hdev);
6236 for (i = 0; i < param_count; i++) {
6237 struct mgmt_conn_param *param = &cp->params[i];
6238 struct hci_conn_params *hci_param;
6239 u16 min, max, latency, timeout;
6242 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
6245 if (param->addr.type == BDADDR_LE_PUBLIC) {
6246 addr_type = ADDR_LE_DEV_PUBLIC;
6247 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6248 addr_type = ADDR_LE_DEV_RANDOM;
6250 BT_ERR("Ignoring invalid connection parameters");
6254 min = le16_to_cpu(param->min_interval);
6255 max = le16_to_cpu(param->max_interval);
6256 latency = le16_to_cpu(param->latency);
6257 timeout = le16_to_cpu(param->timeout);
6259 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6260 min, max, latency, timeout);
6262 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6263 BT_ERR("Ignoring invalid connection parameters");
6267 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
6270 BT_ERR("Failed to add connection parameters");
6274 hci_param->conn_min_interval = min;
6275 hci_param->conn_max_interval = max;
6276 hci_param->conn_latency = latency;
6277 hci_param->supervision_timeout = timeout;
6280 hci_dev_unlock(hdev);
6282 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6286 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6287 void *data, u16 len)
6289 struct mgmt_cp_set_external_config *cp = data;
6293 BT_DBG("%s", hdev->name);
6295 if (hdev_is_powered(hdev))
6296 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6297 MGMT_STATUS_REJECTED);
6299 if (cp->config != 0x00 && cp->config != 0x01)
6300 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6301 MGMT_STATUS_INVALID_PARAMS);
6303 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6304 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6305 MGMT_STATUS_NOT_SUPPORTED);
6310 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6312 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6314 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6321 err = new_options(hdev, sk);
6323 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6324 mgmt_index_removed(hdev);
6326 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6327 hci_dev_set_flag(hdev, HCI_CONFIG);
6328 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6330 queue_work(hdev->req_workqueue, &hdev->power_on);
6332 set_bit(HCI_RAW, &hdev->flags);
6333 mgmt_index_added(hdev);
6338 hci_dev_unlock(hdev);
6342 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6343 void *data, u16 len)
6345 struct mgmt_cp_set_public_address *cp = data;
6349 BT_DBG("%s", hdev->name);
6351 if (hdev_is_powered(hdev))
6352 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6353 MGMT_STATUS_REJECTED);
6355 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6356 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6357 MGMT_STATUS_INVALID_PARAMS);
6359 if (!hdev->set_bdaddr)
6360 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6361 MGMT_STATUS_NOT_SUPPORTED);
6365 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6366 bacpy(&hdev->public_addr, &cp->bdaddr);
6368 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6375 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6376 err = new_options(hdev, sk);
6378 if (is_configured(hdev)) {
6379 mgmt_index_removed(hdev);
6381 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6383 hci_dev_set_flag(hdev, HCI_CONFIG);
6384 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6386 queue_work(hdev->req_workqueue, &hdev->power_on);
6390 hci_dev_unlock(hdev);
6394 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6397 eir[eir_len++] = sizeof(type) + data_len;
6398 eir[eir_len++] = type;
6399 memcpy(&eir[eir_len], data, data_len);
6400 eir_len += data_len;
6405 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6406 void *data, u16 data_len)
6408 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6409 struct mgmt_rp_read_local_oob_ext_data *rp;
6412 u8 status, flags, role, addr[7], hash[16], rand[16];
6415 BT_DBG("%s", hdev->name);
6417 if (hdev_is_powered(hdev)) {
6419 case BIT(BDADDR_BREDR):
6420 status = mgmt_bredr_support(hdev);
6426 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6427 status = mgmt_le_support(hdev);
6431 eir_len = 9 + 3 + 18 + 18 + 3;
6434 status = MGMT_STATUS_INVALID_PARAMS;
6439 status = MGMT_STATUS_NOT_POWERED;
6443 rp_len = sizeof(*rp) + eir_len;
6444 rp = kmalloc(rp_len, GFP_ATOMIC);
6455 case BIT(BDADDR_BREDR):
6456 eir_len = eir_append_data(rp->eir, eir_len, EIR_CLASS_OF_DEV,
6457 hdev->dev_class, 3);
6459 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6460 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6461 smp_generate_oob(hdev, hash, rand) < 0) {
6462 hci_dev_unlock(hdev);
6463 status = MGMT_STATUS_FAILED;
6467 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6468 memcpy(addr, &hdev->rpa, 6);
6470 } else if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6471 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6472 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6473 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6474 memcpy(addr, &hdev->static_addr, 6);
6477 memcpy(addr, &hdev->bdaddr, 6);
6481 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6482 addr, sizeof(addr));
6484 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6489 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6490 &role, sizeof(role));
6492 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6493 eir_len = eir_append_data(rp->eir, eir_len,
6495 hash, sizeof(hash));
6497 eir_len = eir_append_data(rp->eir, eir_len,
6499 rand, sizeof(rand));
6502 flags = get_adv_discov_flags(hdev);
6504 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6505 flags |= LE_AD_NO_BREDR;
6507 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6508 &flags, sizeof(flags));
6512 hci_dev_unlock(hdev);
6514 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6516 status = MGMT_STATUS_SUCCESS;
6519 rp->type = cp->type;
6520 rp->eir_len = cpu_to_le16(eir_len);
6522 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6523 status, rp, sizeof(*rp) + eir_len);
6524 if (err < 0 || status)
6527 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6528 rp, sizeof(*rp) + eir_len,
6529 HCI_MGMT_OOB_DATA_EVENTS, sk);
6537 static u32 get_supported_adv_flags(struct hci_dev *hdev)
6541 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6542 flags |= MGMT_ADV_FLAG_DISCOV;
6543 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6544 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6546 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
6547 flags |= MGMT_ADV_FLAG_TX_POWER;
6552 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6553 void *data, u16 data_len)
6555 struct mgmt_rp_read_adv_features *rp;
6559 u32 supported_flags;
6561 BT_DBG("%s", hdev->name);
6563 if (!lmp_le_capable(hdev))
6564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6565 MGMT_STATUS_REJECTED);
6569 rp_len = sizeof(*rp);
6571 /* Currently only one instance is supported, so just add 1 to the
6574 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6578 rp = kmalloc(rp_len, GFP_ATOMIC);
6580 hci_dev_unlock(hdev);
6584 supported_flags = get_supported_adv_flags(hdev);
6586 rp->supported_flags = cpu_to_le32(supported_flags);
6587 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6588 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6589 rp->max_instances = 1;
6591 /* Currently only one instance is supported, so simply return the
6592 * current instance number.
6595 rp->num_instances = 1;
6596 rp->instance[0] = 1;
6598 rp->num_instances = 0;
6601 hci_dev_unlock(hdev);
6603 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6604 MGMT_STATUS_SUCCESS, rp, rp_len);
6611 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6612 u8 len, bool is_adv_data)
6614 u8 max_len = HCI_MAX_AD_LENGTH;
6616 bool flags_managed = false;
6617 bool tx_power_managed = false;
6618 u32 flags_params = MGMT_ADV_FLAG_DISCOV | MGMT_ADV_FLAG_LIMITED_DISCOV |
6619 MGMT_ADV_FLAG_MANAGED_FLAGS;
6621 if (is_adv_data && (adv_flags & flags_params)) {
6622 flags_managed = true;
6626 if (is_adv_data && (adv_flags & MGMT_ADV_FLAG_TX_POWER)) {
6627 tx_power_managed = true;
6634 /* Make sure that the data is correctly formatted. */
6635 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6638 if (flags_managed && data[i + 1] == EIR_FLAGS)
6641 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
6644 /* If the current field length would exceed the total data
6645 * length, then it's invalid.
6647 if (i + cur_len >= len)
6654 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6657 struct mgmt_pending_cmd *cmd;
6658 struct mgmt_rp_add_advertising rp;
6660 BT_DBG("status %d", status);
6664 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6667 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6668 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6669 advertising_removed(cmd ? cmd->sk : NULL, hdev, 1);
6678 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6679 mgmt_status(status));
6681 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6682 mgmt_status(status), &rp, sizeof(rp));
6684 mgmt_pending_remove(cmd);
6687 hci_dev_unlock(hdev);
6690 static void adv_timeout_expired(struct work_struct *work)
6692 struct hci_dev *hdev = container_of(work, struct hci_dev,
6693 adv_instance.timeout_exp.work);
6695 hdev->adv_instance.timeout = 0;
6698 clear_adv_instance(hdev);
6699 hci_dev_unlock(hdev);
6702 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6703 void *data, u16 data_len)
6705 struct mgmt_cp_add_advertising *cp = data;
6706 struct mgmt_rp_add_advertising rp;
6708 u32 supported_flags;
6712 struct mgmt_pending_cmd *cmd;
6713 struct hci_request req;
6715 BT_DBG("%s", hdev->name);
6717 status = mgmt_le_support(hdev);
6719 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6722 flags = __le32_to_cpu(cp->flags);
6723 timeout = __le16_to_cpu(cp->timeout);
6725 /* The current implementation only supports adding one instance and only
6726 * a subset of the specified flags.
6728 supported_flags = get_supported_adv_flags(hdev);
6729 if (cp->instance != 0x01 || (flags & ~supported_flags))
6730 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6731 MGMT_STATUS_INVALID_PARAMS);
6735 if (timeout && !hdev_is_powered(hdev)) {
6736 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6737 MGMT_STATUS_REJECTED);
6741 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6742 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6743 pending_find(MGMT_OP_SET_LE, hdev)) {
6744 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6749 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6750 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6751 cp->scan_rsp_len, false)) {
6752 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6753 MGMT_STATUS_INVALID_PARAMS);
6757 INIT_DELAYED_WORK(&hdev->adv_instance.timeout_exp, adv_timeout_expired);
6759 hdev->adv_instance.flags = flags;
6760 hdev->adv_instance.adv_data_len = cp->adv_data_len;
6761 hdev->adv_instance.scan_rsp_len = cp->scan_rsp_len;
6763 if (cp->adv_data_len)
6764 memcpy(hdev->adv_instance.adv_data, cp->data, cp->adv_data_len);
6766 if (cp->scan_rsp_len)
6767 memcpy(hdev->adv_instance.scan_rsp_data,
6768 cp->data + cp->adv_data_len, cp->scan_rsp_len);
6770 if (hdev->adv_instance.timeout)
6771 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
6773 hdev->adv_instance.timeout = timeout;
6776 queue_delayed_work(hdev->workqueue,
6777 &hdev->adv_instance.timeout_exp,
6778 msecs_to_jiffies(timeout * 1000));
6780 if (!hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING_INSTANCE))
6781 advertising_added(sk, hdev, 1);
6783 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
6784 * we have no HCI communication to make. Simply return.
6786 if (!hdev_is_powered(hdev) ||
6787 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6789 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6790 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6794 /* We're good to go, update advertising data, parameters, and start
6797 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6804 hci_req_init(&req, hdev);
6806 update_adv_data(&req);
6807 update_scan_rsp_data(&req);
6808 enable_advertising(&req);
6810 err = hci_req_run(&req, add_advertising_complete);
6812 mgmt_pending_remove(cmd);
6815 hci_dev_unlock(hdev);
6820 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6823 struct mgmt_pending_cmd *cmd;
6824 struct mgmt_rp_remove_advertising rp;
6826 BT_DBG("status %d", status);
6830 /* A failure status here only means that we failed to disable
6831 * advertising. Otherwise, the advertising instance has been removed,
6832 * so report success.
6834 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6840 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6842 mgmt_pending_remove(cmd);
6845 hci_dev_unlock(hdev);
6848 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6849 void *data, u16 data_len)
6851 struct mgmt_cp_remove_advertising *cp = data;
6852 struct mgmt_rp_remove_advertising rp;
6854 struct mgmt_pending_cmd *cmd;
6855 struct hci_request req;
6857 BT_DBG("%s", hdev->name);
6859 /* The current implementation only allows modifying instance no 1. A
6860 * value of 0 indicates that all instances should be cleared.
6862 if (cp->instance > 1)
6863 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6864 MGMT_STATUS_INVALID_PARAMS);
6868 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6869 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6870 pending_find(MGMT_OP_SET_LE, hdev)) {
6871 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6876 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
6877 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6878 MGMT_STATUS_INVALID_PARAMS);
6882 if (hdev->adv_instance.timeout)
6883 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
6885 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6887 advertising_removed(sk, hdev, 1);
6889 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6891 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
6892 * we have no HCI communication to make. Simply return.
6894 if (!hdev_is_powered(hdev) ||
6895 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6897 err = mgmt_cmd_complete(sk, hdev->id,
6898 MGMT_OP_REMOVE_ADVERTISING,
6899 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6903 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6910 hci_req_init(&req, hdev);
6911 disable_advertising(&req);
6913 err = hci_req_run(&req, remove_advertising_complete);
6915 mgmt_pending_remove(cmd);
6918 hci_dev_unlock(hdev);
6923 static const struct hci_mgmt_handler mgmt_handlers[] = {
6924 { NULL }, /* 0x0000 (no command) */
6925 { read_version, MGMT_READ_VERSION_SIZE,
6927 HCI_MGMT_UNTRUSTED },
6928 { read_commands, MGMT_READ_COMMANDS_SIZE,
6930 HCI_MGMT_UNTRUSTED },
6931 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6933 HCI_MGMT_UNTRUSTED },
6934 { read_controller_info, MGMT_READ_INFO_SIZE,
6935 HCI_MGMT_UNTRUSTED },
6936 { set_powered, MGMT_SETTING_SIZE },
6937 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6938 { set_connectable, MGMT_SETTING_SIZE },
6939 { set_fast_connectable, MGMT_SETTING_SIZE },
6940 { set_bondable, MGMT_SETTING_SIZE },
6941 { set_link_security, MGMT_SETTING_SIZE },
6942 { set_ssp, MGMT_SETTING_SIZE },
6943 { set_hs, MGMT_SETTING_SIZE },
6944 { set_le, MGMT_SETTING_SIZE },
6945 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6946 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6947 { add_uuid, MGMT_ADD_UUID_SIZE },
6948 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6949 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6951 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6953 { disconnect, MGMT_DISCONNECT_SIZE },
6954 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6955 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6956 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6957 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6958 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6959 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6960 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6961 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6962 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6963 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6964 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6965 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6966 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6968 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6969 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6970 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6971 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6972 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6973 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6974 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6975 { set_advertising, MGMT_SETTING_SIZE },
6976 { set_bredr, MGMT_SETTING_SIZE },
6977 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6978 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6979 { set_secure_conn, MGMT_SETTING_SIZE },
6980 { set_debug_keys, MGMT_SETTING_SIZE },
6981 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6982 { load_irks, MGMT_LOAD_IRKS_SIZE,
6984 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6985 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6986 { add_device, MGMT_ADD_DEVICE_SIZE },
6987 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6988 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6990 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6992 HCI_MGMT_UNTRUSTED },
6993 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6994 HCI_MGMT_UNCONFIGURED |
6995 HCI_MGMT_UNTRUSTED },
6996 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6997 HCI_MGMT_UNCONFIGURED },
6998 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6999 HCI_MGMT_UNCONFIGURED },
7000 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7002 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
7003 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
7005 HCI_MGMT_UNTRUSTED },
7006 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
7007 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7009 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
7012 void mgmt_index_added(struct hci_dev *hdev)
7014 struct mgmt_ev_ext_index ev;
7016 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7019 switch (hdev->dev_type) {
7021 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7022 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7023 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7026 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7027 HCI_MGMT_INDEX_EVENTS);
7040 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7041 HCI_MGMT_EXT_INDEX_EVENTS);
7044 void mgmt_index_removed(struct hci_dev *hdev)
7046 struct mgmt_ev_ext_index ev;
7047 u8 status = MGMT_STATUS_INVALID_INDEX;
7049 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7052 switch (hdev->dev_type) {
7054 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7056 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7057 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7058 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7061 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7062 HCI_MGMT_INDEX_EVENTS);
7075 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7076 HCI_MGMT_EXT_INDEX_EVENTS);
7079 /* This function requires the caller holds hdev->lock */
7080 static void restart_le_actions(struct hci_request *req)
7082 struct hci_dev *hdev = req->hdev;
7083 struct hci_conn_params *p;
7085 list_for_each_entry(p, &hdev->le_conn_params, list) {
7086 /* Needed for AUTO_OFF case where might not "really"
7087 * have been powered off.
7089 list_del_init(&p->action);
7091 switch (p->auto_connect) {
7092 case HCI_AUTO_CONN_DIRECT:
7093 case HCI_AUTO_CONN_ALWAYS:
7094 list_add(&p->action, &hdev->pend_le_conns);
7096 case HCI_AUTO_CONN_REPORT:
7097 list_add(&p->action, &hdev->pend_le_reports);
7104 __hci_update_background_scan(req);
7107 static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7109 struct cmd_lookup match = { NULL, hdev };
7111 BT_DBG("status 0x%02x", status);
7114 /* Register the available SMP channels (BR/EDR and LE) only
7115 * when successfully powering on the controller. This late
7116 * registration is required so that LE SMP can clearly
7117 * decide if the public address or static address is used.
7124 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7126 new_settings(hdev, match.sk);
7128 hci_dev_unlock(hdev);
7134 static int powered_update_hci(struct hci_dev *hdev)
7136 struct hci_request req;
7139 hci_req_init(&req, hdev);
7141 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
7142 !lmp_host_ssp_capable(hdev)) {
7145 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
7147 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
7150 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
7151 sizeof(support), &support);
7155 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
7156 lmp_bredr_capable(hdev)) {
7157 struct hci_cp_write_le_host_supported cp;
7162 /* Check first if we already have the right
7163 * host state (host features set)
7165 if (cp.le != lmp_host_le_capable(hdev) ||
7166 cp.simul != lmp_host_le_br_capable(hdev))
7167 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
7171 if (lmp_le_capable(hdev)) {
7172 /* Make sure the controller has a good default for
7173 * advertising data. This also applies to the case
7174 * where BR/EDR was toggled during the AUTO_OFF phase.
7176 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
7177 update_adv_data(&req);
7178 update_scan_rsp_data(&req);
7181 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7182 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
7183 enable_advertising(&req);
7185 restart_le_actions(&req);
7188 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
7189 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
7190 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
7191 sizeof(link_sec), &link_sec);
7193 if (lmp_bredr_capable(hdev)) {
7194 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
7195 write_fast_connectable(&req, true);
7197 write_fast_connectable(&req, false);
7198 __hci_update_page_scan(&req);
7204 return hci_req_run(&req, powered_complete);
7207 int mgmt_powered(struct hci_dev *hdev, u8 powered)
7209 struct cmd_lookup match = { NULL, hdev };
7210 u8 status, zero_cod[] = { 0, 0, 0 };
7213 if (!hci_dev_test_flag(hdev, HCI_MGMT))
7217 if (powered_update_hci(hdev) == 0)
7220 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
7225 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7227 /* If the power off is because of hdev unregistration let
7228 * use the appropriate INVALID_INDEX status. Otherwise use
7229 * NOT_POWERED. We cover both scenarios here since later in
7230 * mgmt_index_removed() any hci_conn callbacks will have already
7231 * been triggered, potentially causing misleading DISCONNECTED
7234 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7235 status = MGMT_STATUS_INVALID_INDEX;
7237 status = MGMT_STATUS_NOT_POWERED;
7239 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7241 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
7242 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7243 zero_cod, sizeof(zero_cod), NULL);
7246 err = new_settings(hdev, match.sk);
7254 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7256 struct mgmt_pending_cmd *cmd;
7259 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7263 if (err == -ERFKILL)
7264 status = MGMT_STATUS_RFKILLED;
7266 status = MGMT_STATUS_FAILED;
7268 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7270 mgmt_pending_remove(cmd);
7273 void mgmt_discoverable_timeout(struct hci_dev *hdev)
7275 struct hci_request req;
7279 /* When discoverable timeout triggers, then just make sure
7280 * the limited discoverable flag is cleared. Even in the case
7281 * of a timeout triggered from general discoverable, it is
7282 * safe to unconditionally clear the flag.
7284 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7285 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
7287 hci_req_init(&req, hdev);
7288 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
7289 u8 scan = SCAN_PAGE;
7290 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7291 sizeof(scan), &scan);
7295 /* Advertising instances don't use the global discoverable setting, so
7296 * only update AD if advertising was enabled using Set Advertising.
7298 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7299 update_adv_data(&req);
7301 hci_req_run(&req, NULL);
7303 hdev->discov_timeout = 0;
7305 new_settings(hdev, NULL);
7307 hci_dev_unlock(hdev);
7310 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7313 struct mgmt_ev_new_link_key ev;
7315 memset(&ev, 0, sizeof(ev));
7317 ev.store_hint = persistent;
7318 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7319 ev.key.addr.type = BDADDR_BREDR;
7320 ev.key.type = key->type;
7321 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7322 ev.key.pin_len = key->pin_len;
7324 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7327 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7329 switch (ltk->type) {
7332 if (ltk->authenticated)
7333 return MGMT_LTK_AUTHENTICATED;
7334 return MGMT_LTK_UNAUTHENTICATED;
7336 if (ltk->authenticated)
7337 return MGMT_LTK_P256_AUTH;
7338 return MGMT_LTK_P256_UNAUTH;
7339 case SMP_LTK_P256_DEBUG:
7340 return MGMT_LTK_P256_DEBUG;
7343 return MGMT_LTK_UNAUTHENTICATED;
7346 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7348 struct mgmt_ev_new_long_term_key ev;
7350 memset(&ev, 0, sizeof(ev));
7352 /* Devices using resolvable or non-resolvable random addresses
7353 * without providing an indentity resolving key don't require
7354 * to store long term keys. Their addresses will change the
7357 * Only when a remote device provides an identity address
7358 * make sure the long term key is stored. If the remote
7359 * identity is known, the long term keys are internally
7360 * mapped to the identity address. So allow static random
7361 * and public addresses here.
7363 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7364 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7365 ev.store_hint = 0x00;
7367 ev.store_hint = persistent;
7369 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7370 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7371 ev.key.type = mgmt_ltk_type(key);
7372 ev.key.enc_size = key->enc_size;
7373 ev.key.ediv = key->ediv;
7374 ev.key.rand = key->rand;
7376 if (key->type == SMP_LTK)
7379 memcpy(ev.key.val, key->val, sizeof(key->val));
7381 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7384 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
7386 struct mgmt_ev_new_irk ev;
7388 memset(&ev, 0, sizeof(ev));
7390 /* For identity resolving keys from devices that are already
7391 * using a public address or static random address, do not
7392 * ask for storing this key. The identity resolving key really
7393 * is only mandatory for devices using resovlable random
7396 * Storing all identity resolving keys has the downside that
7397 * they will be also loaded on next boot of they system. More
7398 * identity resolving keys, means more time during scanning is
7399 * needed to actually resolve these addresses.
7401 if (bacmp(&irk->rpa, BDADDR_ANY))
7402 ev.store_hint = 0x01;
7404 ev.store_hint = 0x00;
7406 bacpy(&ev.rpa, &irk->rpa);
7407 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7408 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7409 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7411 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7414 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7417 struct mgmt_ev_new_csrk ev;
7419 memset(&ev, 0, sizeof(ev));
7421 /* Devices using resolvable or non-resolvable random addresses
7422 * without providing an indentity resolving key don't require
7423 * to store signature resolving keys. Their addresses will change
7424 * the next time around.
7426 * Only when a remote device provides an identity address
7427 * make sure the signature resolving key is stored. So allow
7428 * static random and public addresses here.
7430 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7431 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7432 ev.store_hint = 0x00;
7434 ev.store_hint = persistent;
7436 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7437 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7438 ev.key.type = csrk->type;
7439 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7441 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7444 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7445 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7446 u16 max_interval, u16 latency, u16 timeout)
7448 struct mgmt_ev_new_conn_param ev;
7450 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7453 memset(&ev, 0, sizeof(ev));
7454 bacpy(&ev.addr.bdaddr, bdaddr);
7455 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7456 ev.store_hint = store_hint;
7457 ev.min_interval = cpu_to_le16(min_interval);
7458 ev.max_interval = cpu_to_le16(max_interval);
7459 ev.latency = cpu_to_le16(latency);
7460 ev.timeout = cpu_to_le16(timeout);
7462 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7465 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7466 u32 flags, u8 *name, u8 name_len)
7469 struct mgmt_ev_device_connected *ev = (void *) buf;
7472 bacpy(&ev->addr.bdaddr, &conn->dst);
7473 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7475 ev->flags = __cpu_to_le32(flags);
7477 /* We must ensure that the EIR Data fields are ordered and
7478 * unique. Keep it simple for now and avoid the problem by not
7479 * adding any BR/EDR data to the LE adv.
7481 if (conn->le_adv_data_len > 0) {
7482 memcpy(&ev->eir[eir_len],
7483 conn->le_adv_data, conn->le_adv_data_len);
7484 eir_len = conn->le_adv_data_len;
7487 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7490 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7491 eir_len = eir_append_data(ev->eir, eir_len,
7493 conn->dev_class, 3);
7496 ev->eir_len = cpu_to_le16(eir_len);
7498 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7499 sizeof(*ev) + eir_len, NULL);
7502 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7504 struct sock **sk = data;
7506 cmd->cmd_complete(cmd, 0);
7511 mgmt_pending_remove(cmd);
7514 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7516 struct hci_dev *hdev = data;
7517 struct mgmt_cp_unpair_device *cp = cmd->param;
7519 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7521 cmd->cmd_complete(cmd, 0);
7522 mgmt_pending_remove(cmd);
7525 bool mgmt_powering_down(struct hci_dev *hdev)
7527 struct mgmt_pending_cmd *cmd;
7528 struct mgmt_mode *cp;
7530 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7541 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7542 u8 link_type, u8 addr_type, u8 reason,
7543 bool mgmt_connected)
7545 struct mgmt_ev_device_disconnected ev;
7546 struct sock *sk = NULL;
7548 /* The connection is still in hci_conn_hash so test for 1
7549 * instead of 0 to know if this is the last one.
7551 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7552 cancel_delayed_work(&hdev->power_off);
7553 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7556 if (!mgmt_connected)
7559 if (link_type != ACL_LINK && link_type != LE_LINK)
7562 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
7564 bacpy(&ev.addr.bdaddr, bdaddr);
7565 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7568 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
7573 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7577 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7578 u8 link_type, u8 addr_type, u8 status)
7580 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7581 struct mgmt_cp_disconnect *cp;
7582 struct mgmt_pending_cmd *cmd;
7584 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7587 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
7593 if (bacmp(bdaddr, &cp->addr.bdaddr))
7596 if (cp->addr.type != bdaddr_type)
7599 cmd->cmd_complete(cmd, mgmt_status(status));
7600 mgmt_pending_remove(cmd);
7603 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7604 u8 addr_type, u8 status)
7606 struct mgmt_ev_connect_failed ev;
7608 /* The connection is still in hci_conn_hash so test for 1
7609 * instead of 0 to know if this is the last one.
7611 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7612 cancel_delayed_work(&hdev->power_off);
7613 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7616 bacpy(&ev.addr.bdaddr, bdaddr);
7617 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7618 ev.status = mgmt_status(status);
7620 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7623 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7625 struct mgmt_ev_pin_code_request ev;
7627 bacpy(&ev.addr.bdaddr, bdaddr);
7628 ev.addr.type = BDADDR_BREDR;
7631 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7634 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7637 struct mgmt_pending_cmd *cmd;
7639 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7643 cmd->cmd_complete(cmd, mgmt_status(status));
7644 mgmt_pending_remove(cmd);
7647 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7650 struct mgmt_pending_cmd *cmd;
7652 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7656 cmd->cmd_complete(cmd, mgmt_status(status));
7657 mgmt_pending_remove(cmd);
7660 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7661 u8 link_type, u8 addr_type, u32 value,
7664 struct mgmt_ev_user_confirm_request ev;
7666 BT_DBG("%s", hdev->name);
7668 bacpy(&ev.addr.bdaddr, bdaddr);
7669 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7670 ev.confirm_hint = confirm_hint;
7671 ev.value = cpu_to_le32(value);
7673 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7677 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7678 u8 link_type, u8 addr_type)
7680 struct mgmt_ev_user_passkey_request ev;
7682 BT_DBG("%s", hdev->name);
7684 bacpy(&ev.addr.bdaddr, bdaddr);
7685 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7687 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7691 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7692 u8 link_type, u8 addr_type, u8 status,
7695 struct mgmt_pending_cmd *cmd;
7697 cmd = pending_find(opcode, hdev);
7701 cmd->cmd_complete(cmd, mgmt_status(status));
7702 mgmt_pending_remove(cmd);
7707 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7708 u8 link_type, u8 addr_type, u8 status)
7710 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7711 status, MGMT_OP_USER_CONFIRM_REPLY);
7714 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7715 u8 link_type, u8 addr_type, u8 status)
7717 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7719 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7722 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7723 u8 link_type, u8 addr_type, u8 status)
7725 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7726 status, MGMT_OP_USER_PASSKEY_REPLY);
7729 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7730 u8 link_type, u8 addr_type, u8 status)
7732 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7734 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7737 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7738 u8 link_type, u8 addr_type, u32 passkey,
7741 struct mgmt_ev_passkey_notify ev;
7743 BT_DBG("%s", hdev->name);
7745 bacpy(&ev.addr.bdaddr, bdaddr);
7746 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7747 ev.passkey = __cpu_to_le32(passkey);
7748 ev.entered = entered;
7750 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7753 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7755 struct mgmt_ev_auth_failed ev;
7756 struct mgmt_pending_cmd *cmd;
7757 u8 status = mgmt_status(hci_status);
7759 bacpy(&ev.addr.bdaddr, &conn->dst);
7760 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7763 cmd = find_pairing(conn);
7765 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7766 cmd ? cmd->sk : NULL);
7769 cmd->cmd_complete(cmd, status);
7770 mgmt_pending_remove(cmd);
7774 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7776 struct cmd_lookup match = { NULL, hdev };
7780 u8 mgmt_err = mgmt_status(status);
7781 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7782 cmd_status_rsp, &mgmt_err);
7786 if (test_bit(HCI_AUTH, &hdev->flags))
7787 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7789 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7791 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7795 new_settings(hdev, match.sk);
7801 static void clear_eir(struct hci_request *req)
7803 struct hci_dev *hdev = req->hdev;
7804 struct hci_cp_write_eir cp;
7806 if (!lmp_ext_inq_capable(hdev))
7809 memset(hdev->eir, 0, sizeof(hdev->eir));
7811 memset(&cp, 0, sizeof(cp));
7813 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7816 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7818 struct cmd_lookup match = { NULL, hdev };
7819 struct hci_request req;
7820 bool changed = false;
7823 u8 mgmt_err = mgmt_status(status);
7825 if (enable && hci_dev_test_and_clear_flag(hdev,
7827 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7828 new_settings(hdev, NULL);
7831 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7837 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7839 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7841 changed = hci_dev_test_and_clear_flag(hdev,
7844 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7847 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7850 new_settings(hdev, match.sk);
7855 hci_req_init(&req, hdev);
7857 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7858 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7859 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7860 sizeof(enable), &enable);
7866 hci_req_run(&req, NULL);
7869 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7871 struct cmd_lookup *match = data;
7873 if (match->sk == NULL) {
7874 match->sk = cmd->sk;
7875 sock_hold(match->sk);
7879 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7882 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7884 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7885 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7886 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7889 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7890 dev_class, 3, NULL);
7896 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7898 struct mgmt_cp_set_local_name ev;
7899 struct mgmt_pending_cmd *cmd;
7904 memset(&ev, 0, sizeof(ev));
7905 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7906 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7908 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7910 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7912 /* If this is a HCI command related to powering on the
7913 * HCI dev don't send any mgmt signals.
7915 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7919 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7920 cmd ? cmd->sk : NULL);
7923 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
7924 u8 *rand192, u8 *hash256, u8 *rand256,
7927 struct mgmt_pending_cmd *cmd;
7929 BT_DBG("%s status %u", hdev->name, status);
7931 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
7936 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7937 mgmt_status(status));
7939 struct mgmt_rp_read_local_oob_data rp;
7940 size_t rp_size = sizeof(rp);
7942 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7943 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
7945 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
7946 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
7947 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
7949 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
7952 mgmt_cmd_complete(cmd->sk, hdev->id,
7953 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7957 mgmt_pending_remove(cmd);
7960 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7964 for (i = 0; i < uuid_count; i++) {
7965 if (!memcmp(uuid, uuids[i], 16))
7972 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7976 while (parsed < eir_len) {
7977 u8 field_len = eir[0];
7984 if (eir_len - parsed < field_len + 1)
7988 case EIR_UUID16_ALL:
7989 case EIR_UUID16_SOME:
7990 for (i = 0; i + 3 <= field_len; i += 2) {
7991 memcpy(uuid, bluetooth_base_uuid, 16);
7992 uuid[13] = eir[i + 3];
7993 uuid[12] = eir[i + 2];
7994 if (has_uuid(uuid, uuid_count, uuids))
7998 case EIR_UUID32_ALL:
7999 case EIR_UUID32_SOME:
8000 for (i = 0; i + 5 <= field_len; i += 4) {
8001 memcpy(uuid, bluetooth_base_uuid, 16);
8002 uuid[15] = eir[i + 5];
8003 uuid[14] = eir[i + 4];
8004 uuid[13] = eir[i + 3];
8005 uuid[12] = eir[i + 2];
8006 if (has_uuid(uuid, uuid_count, uuids))
8010 case EIR_UUID128_ALL:
8011 case EIR_UUID128_SOME:
8012 for (i = 0; i + 17 <= field_len; i += 16) {
8013 memcpy(uuid, eir + i + 2, 16);
8014 if (has_uuid(uuid, uuid_count, uuids))
8020 parsed += field_len + 1;
8021 eir += field_len + 1;
8027 static void restart_le_scan(struct hci_dev *hdev)
8029 /* If controller is not scanning we are done. */
8030 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
8033 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8034 hdev->discovery.scan_start +
8035 hdev->discovery.scan_duration))
8038 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
8039 DISCOV_LE_RESTART_DELAY);
8042 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8043 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8045 /* If a RSSI threshold has been specified, and
8046 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
8047 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
8048 * is set, let it through for further processing, as we might need to
8051 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
8052 * the results are also dropped.
8054 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8055 (rssi == HCI_RSSI_INVALID ||
8056 (rssi < hdev->discovery.rssi &&
8057 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
8060 if (hdev->discovery.uuid_count != 0) {
8061 /* If a list of UUIDs is provided in filter, results with no
8062 * matching UUID should be dropped.
8064 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8065 hdev->discovery.uuids) &&
8066 !eir_has_uuids(scan_rsp, scan_rsp_len,
8067 hdev->discovery.uuid_count,
8068 hdev->discovery.uuids))
8072 /* If duplicate filtering does not report RSSI changes, then restart
8073 * scanning to ensure updated result with updated RSSI values.
8075 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8076 restart_le_scan(hdev);
8078 /* Validate RSSI value against the RSSI threshold once more. */
8079 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8080 rssi < hdev->discovery.rssi)
8087 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8088 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8089 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8092 struct mgmt_ev_device_found *ev = (void *)buf;
8095 /* Don't send events for a non-kernel initiated discovery. With
8096 * LE one exception is if we have pend_le_reports > 0 in which
8097 * case we're doing passive scanning and want these events.
8099 if (!hci_discovery_active(hdev)) {
8100 if (link_type == ACL_LINK)
8102 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8106 if (hdev->discovery.result_filtering) {
8107 /* We are using service discovery */
8108 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8113 /* Make sure that the buffer is big enough. The 5 extra bytes
8114 * are for the potential CoD field.
8116 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
8119 memset(buf, 0, sizeof(buf));
8121 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8122 * RSSI value was reported as 0 when not available. This behavior
8123 * is kept when using device discovery. This is required for full
8124 * backwards compatibility with the API.
8126 * However when using service discovery, the value 127 will be
8127 * returned when the RSSI is not available.
8129 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8130 link_type == ACL_LINK)
8133 bacpy(&ev->addr.bdaddr, bdaddr);
8134 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8136 ev->flags = cpu_to_le32(flags);
8139 /* Copy EIR or advertising data into event */
8140 memcpy(ev->eir, eir, eir_len);
8142 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
8143 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8146 if (scan_rsp_len > 0)
8147 /* Append scan response data to event */
8148 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8150 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8151 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
8153 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
8156 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8157 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
8159 struct mgmt_ev_device_found *ev;
8160 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8163 ev = (struct mgmt_ev_device_found *) buf;
8165 memset(buf, 0, sizeof(buf));
8167 bacpy(&ev->addr.bdaddr, bdaddr);
8168 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8171 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8174 ev->eir_len = cpu_to_le16(eir_len);
8176 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
8179 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
8181 struct mgmt_ev_discovering ev;
8183 BT_DBG("%s discovering %u", hdev->name, discovering);
8185 memset(&ev, 0, sizeof(ev));
8186 ev.type = hdev->discovery.type;
8187 ev.discovering = discovering;
8189 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8192 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8194 BT_DBG("%s status %u", hdev->name, status);
8197 void mgmt_reenable_advertising(struct hci_dev *hdev)
8199 struct hci_request req;
8201 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
8202 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
8205 hci_req_init(&req, hdev);
8206 enable_advertising(&req);
8207 hci_req_run(&req, adv_enable_complete);
8210 static struct hci_mgmt_chan chan = {
8211 .channel = HCI_CHANNEL_CONTROL,
8212 .handler_count = ARRAY_SIZE(mgmt_handlers),
8213 .handlers = mgmt_handlers,
8214 .hdev_init = mgmt_init_hdev,
8219 return hci_mgmt_chan_register(&chan);
8222 void mgmt_exit(void)
8224 hci_mgmt_chan_unregister(&chan);