2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 9
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
107 static const u16 mgmt_events[] = {
108 MGMT_EV_CONTROLLER_ERROR,
110 MGMT_EV_INDEX_REMOVED,
111 MGMT_EV_NEW_SETTINGS,
112 MGMT_EV_CLASS_OF_DEV_CHANGED,
113 MGMT_EV_LOCAL_NAME_CHANGED,
114 MGMT_EV_NEW_LINK_KEY,
115 MGMT_EV_NEW_LONG_TERM_KEY,
116 MGMT_EV_DEVICE_CONNECTED,
117 MGMT_EV_DEVICE_DISCONNECTED,
118 MGMT_EV_CONNECT_FAILED,
119 MGMT_EV_PIN_CODE_REQUEST,
120 MGMT_EV_USER_CONFIRM_REQUEST,
121 MGMT_EV_USER_PASSKEY_REQUEST,
123 MGMT_EV_DEVICE_FOUND,
125 MGMT_EV_DEVICE_BLOCKED,
126 MGMT_EV_DEVICE_UNBLOCKED,
127 MGMT_EV_DEVICE_UNPAIRED,
128 MGMT_EV_PASSKEY_NOTIFY,
131 MGMT_EV_DEVICE_ADDED,
132 MGMT_EV_DEVICE_REMOVED,
133 MGMT_EV_NEW_CONN_PARAM,
134 MGMT_EV_UNCONF_INDEX_ADDED,
135 MGMT_EV_UNCONF_INDEX_REMOVED,
136 MGMT_EV_NEW_CONFIG_OPTIONS,
137 MGMT_EV_EXT_INDEX_ADDED,
138 MGMT_EV_EXT_INDEX_REMOVED,
139 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
140 MGMT_EV_ADVERTISING_ADDED,
141 MGMT_EV_ADVERTISING_REMOVED,
144 static const u16 mgmt_untrusted_commands[] = {
145 MGMT_OP_READ_INDEX_LIST,
147 MGMT_OP_READ_UNCONF_INDEX_LIST,
148 MGMT_OP_READ_CONFIG_INFO,
149 MGMT_OP_READ_EXT_INDEX_LIST,
152 static const u16 mgmt_untrusted_events[] = {
154 MGMT_EV_INDEX_REMOVED,
155 MGMT_EV_NEW_SETTINGS,
156 MGMT_EV_CLASS_OF_DEV_CHANGED,
157 MGMT_EV_LOCAL_NAME_CHANGED,
158 MGMT_EV_UNCONF_INDEX_ADDED,
159 MGMT_EV_UNCONF_INDEX_REMOVED,
160 MGMT_EV_NEW_CONFIG_OPTIONS,
161 MGMT_EV_EXT_INDEX_ADDED,
162 MGMT_EV_EXT_INDEX_REMOVED,
165 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
167 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
168 "\x00\x00\x00\x00\x00\x00\x00\x00"
170 /* HCI to MGMT error code conversion table */
171 static u8 mgmt_status_table[] = {
173 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
174 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
175 MGMT_STATUS_FAILED, /* Hardware Failure */
176 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
177 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
178 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
179 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
180 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
181 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
183 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
184 MGMT_STATUS_BUSY, /* Command Disallowed */
185 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
186 MGMT_STATUS_REJECTED, /* Rejected Security */
187 MGMT_STATUS_REJECTED, /* Rejected Personal */
188 MGMT_STATUS_TIMEOUT, /* Host Timeout */
189 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
190 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
191 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
192 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
193 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
194 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
195 MGMT_STATUS_BUSY, /* Repeated Attempts */
196 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
197 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
198 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
199 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
200 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
201 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
202 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
203 MGMT_STATUS_FAILED, /* Unspecified Error */
204 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
205 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
206 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
207 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
208 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
209 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
210 MGMT_STATUS_FAILED, /* Unit Link Key Used */
211 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
212 MGMT_STATUS_TIMEOUT, /* Instant Passed */
213 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
214 MGMT_STATUS_FAILED, /* Transaction Collision */
215 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
216 MGMT_STATUS_REJECTED, /* QoS Rejected */
217 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
218 MGMT_STATUS_REJECTED, /* Insufficient Security */
219 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
220 MGMT_STATUS_BUSY, /* Role Switch Pending */
221 MGMT_STATUS_FAILED, /* Slot Violation */
222 MGMT_STATUS_FAILED, /* Role Switch Failed */
223 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
224 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
225 MGMT_STATUS_BUSY, /* Host Busy Pairing */
226 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
227 MGMT_STATUS_BUSY, /* Controller Busy */
228 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
229 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
230 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
231 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
232 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
235 static u8 mgmt_status(u8 hci_status)
237 if (hci_status < ARRAY_SIZE(mgmt_status_table))
238 return mgmt_status_table[hci_status];
240 return MGMT_STATUS_FAILED;
243 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
246 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
250 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag, struct sock *skip_sk)
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, struct sock *skip_sk)
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 HCI_MGMT_GENERIC_EVENTS, skip_sk);
264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
271 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
274 struct mgmt_rp_read_version rp;
276 BT_DBG("sock %p", sk);
278 rp.version = MGMT_VERSION;
279 rp.revision = cpu_to_le16(MGMT_REVISION);
281 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
285 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
288 struct mgmt_rp_read_commands *rp;
289 u16 num_commands, num_events;
293 BT_DBG("sock %p", sk);
295 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
296 num_commands = ARRAY_SIZE(mgmt_commands);
297 num_events = ARRAY_SIZE(mgmt_events);
299 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
300 num_events = ARRAY_SIZE(mgmt_untrusted_events);
303 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
305 rp = kmalloc(rp_size, GFP_KERNEL);
309 rp->num_commands = cpu_to_le16(num_commands);
310 rp->num_events = cpu_to_le16(num_events);
312 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
313 __le16 *opcode = rp->opcodes;
315 for (i = 0; i < num_commands; i++, opcode++)
316 put_unaligned_le16(mgmt_commands[i], opcode);
318 for (i = 0; i < num_events; i++, opcode++)
319 put_unaligned_le16(mgmt_events[i], opcode);
321 __le16 *opcode = rp->opcodes;
323 for (i = 0; i < num_commands; i++, opcode++)
324 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
326 for (i = 0; i < num_events; i++, opcode++)
327 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
330 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
337 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
340 struct mgmt_rp_read_index_list *rp;
346 BT_DBG("sock %p", sk);
348 read_lock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (d->dev_type == HCI_BREDR &&
353 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
357 rp_len = sizeof(*rp) + (2 * count);
358 rp = kmalloc(rp_len, GFP_ATOMIC);
360 read_unlock(&hci_dev_list_lock);
365 list_for_each_entry(d, &hci_dev_list, list) {
366 if (hci_dev_test_flag(d, HCI_SETUP) ||
367 hci_dev_test_flag(d, HCI_CONFIG) ||
368 hci_dev_test_flag(d, HCI_USER_CHANNEL))
371 /* Devices marked as raw-only are neither configured
372 * nor unconfigured controllers.
374 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
377 if (d->dev_type == HCI_BREDR &&
378 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
379 rp->index[count++] = cpu_to_le16(d->id);
380 BT_DBG("Added hci%u", d->id);
384 rp->num_controllers = cpu_to_le16(count);
385 rp_len = sizeof(*rp) + (2 * count);
387 read_unlock(&hci_dev_list_lock);
389 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
397 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
398 void *data, u16 data_len)
400 struct mgmt_rp_read_unconf_index_list *rp;
406 BT_DBG("sock %p", sk);
408 read_lock(&hci_dev_list_lock);
411 list_for_each_entry(d, &hci_dev_list, list) {
412 if (d->dev_type == HCI_BREDR &&
413 hci_dev_test_flag(d, HCI_UNCONFIGURED))
417 rp_len = sizeof(*rp) + (2 * count);
418 rp = kmalloc(rp_len, GFP_ATOMIC);
420 read_unlock(&hci_dev_list_lock);
425 list_for_each_entry(d, &hci_dev_list, list) {
426 if (hci_dev_test_flag(d, HCI_SETUP) ||
427 hci_dev_test_flag(d, HCI_CONFIG) ||
428 hci_dev_test_flag(d, HCI_USER_CHANNEL))
431 /* Devices marked as raw-only are neither configured
432 * nor unconfigured controllers.
434 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
437 if (d->dev_type == HCI_BREDR &&
438 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
439 rp->index[count++] = cpu_to_le16(d->id);
440 BT_DBG("Added hci%u", d->id);
444 rp->num_controllers = cpu_to_le16(count);
445 rp_len = sizeof(*rp) + (2 * count);
447 read_unlock(&hci_dev_list_lock);
449 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
450 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
457 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
458 void *data, u16 data_len)
460 struct mgmt_rp_read_ext_index_list *rp;
466 BT_DBG("sock %p", sk);
468 read_lock(&hci_dev_list_lock);
471 list_for_each_entry(d, &hci_dev_list, list) {
472 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
476 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
477 rp = kmalloc(rp_len, GFP_ATOMIC);
479 read_unlock(&hci_dev_list_lock);
484 list_for_each_entry(d, &hci_dev_list, list) {
485 if (hci_dev_test_flag(d, HCI_SETUP) ||
486 hci_dev_test_flag(d, HCI_CONFIG) ||
487 hci_dev_test_flag(d, HCI_USER_CHANNEL))
490 /* Devices marked as raw-only are neither configured
491 * nor unconfigured controllers.
493 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
496 if (d->dev_type == HCI_BREDR) {
497 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
498 rp->entry[count].type = 0x01;
500 rp->entry[count].type = 0x00;
501 } else if (d->dev_type == HCI_AMP) {
502 rp->entry[count].type = 0x02;
507 rp->entry[count].bus = d->bus;
508 rp->entry[count++].index = cpu_to_le16(d->id);
509 BT_DBG("Added hci%u", d->id);
512 rp->num_controllers = cpu_to_le16(count);
513 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
515 read_unlock(&hci_dev_list_lock);
517 /* If this command is called at least once, then all the
518 * default index and unconfigured index events are disabled
519 * and from now on only extended index events are used.
521 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
522 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
523 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
525 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
526 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
533 static bool is_configured(struct hci_dev *hdev)
535 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
536 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
539 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
540 !bacmp(&hdev->public_addr, BDADDR_ANY))
546 static __le32 get_missing_options(struct hci_dev *hdev)
550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
552 options |= MGMT_OPTION_EXTERNAL_CONFIG;
554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
556 options |= MGMT_OPTION_PUBLIC_ADDRESS;
558 return cpu_to_le32(options);
561 static int new_options(struct hci_dev *hdev, struct sock *skip)
563 __le32 options = get_missing_options(hdev);
565 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
566 sizeof(options), skip);
569 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
571 __le32 options = get_missing_options(hdev);
573 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
577 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
578 void *data, u16 data_len)
580 struct mgmt_rp_read_config_info rp;
583 BT_DBG("sock %p %s", sk, hdev->name);
587 memset(&rp, 0, sizeof(rp));
588 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
590 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
591 options |= MGMT_OPTION_EXTERNAL_CONFIG;
593 if (hdev->set_bdaddr)
594 options |= MGMT_OPTION_PUBLIC_ADDRESS;
596 rp.supported_options = cpu_to_le32(options);
597 rp.missing_options = get_missing_options(hdev);
599 hci_dev_unlock(hdev);
601 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
605 static u32 get_supported_settings(struct hci_dev *hdev)
609 settings |= MGMT_SETTING_POWERED;
610 settings |= MGMT_SETTING_BONDABLE;
611 settings |= MGMT_SETTING_DEBUG_KEYS;
612 settings |= MGMT_SETTING_CONNECTABLE;
613 settings |= MGMT_SETTING_DISCOVERABLE;
615 if (lmp_bredr_capable(hdev)) {
616 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
617 settings |= MGMT_SETTING_FAST_CONNECTABLE;
618 settings |= MGMT_SETTING_BREDR;
619 settings |= MGMT_SETTING_LINK_SECURITY;
621 if (lmp_ssp_capable(hdev)) {
622 settings |= MGMT_SETTING_SSP;
623 settings |= MGMT_SETTING_HS;
626 if (lmp_sc_capable(hdev))
627 settings |= MGMT_SETTING_SECURE_CONN;
630 if (lmp_le_capable(hdev)) {
631 settings |= MGMT_SETTING_LE;
632 settings |= MGMT_SETTING_ADVERTISING;
633 settings |= MGMT_SETTING_SECURE_CONN;
634 settings |= MGMT_SETTING_PRIVACY;
635 settings |= MGMT_SETTING_STATIC_ADDRESS;
638 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
640 settings |= MGMT_SETTING_CONFIGURATION;
645 static u32 get_current_settings(struct hci_dev *hdev)
649 if (hdev_is_powered(hdev))
650 settings |= MGMT_SETTING_POWERED;
652 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
653 settings |= MGMT_SETTING_CONNECTABLE;
655 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
656 settings |= MGMT_SETTING_FAST_CONNECTABLE;
658 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
659 settings |= MGMT_SETTING_DISCOVERABLE;
661 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
662 settings |= MGMT_SETTING_BONDABLE;
664 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
665 settings |= MGMT_SETTING_BREDR;
667 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
668 settings |= MGMT_SETTING_LE;
670 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
671 settings |= MGMT_SETTING_LINK_SECURITY;
673 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
674 settings |= MGMT_SETTING_SSP;
676 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
677 settings |= MGMT_SETTING_HS;
679 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
680 settings |= MGMT_SETTING_ADVERTISING;
682 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
683 settings |= MGMT_SETTING_SECURE_CONN;
685 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
686 settings |= MGMT_SETTING_DEBUG_KEYS;
688 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
689 settings |= MGMT_SETTING_PRIVACY;
691 /* The current setting for static address has two purposes. The
692 * first is to indicate if the static address will be used and
693 * the second is to indicate if it is actually set.
695 * This means if the static address is not configured, this flag
696 * will never be set. If the address is configured, then if the
697 * address is actually used decides if the flag is set or not.
699 * For single mode LE only controllers and dual-mode controllers
700 * with BR/EDR disabled, the existence of the static address will
703 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
704 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
705 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
706 if (bacmp(&hdev->static_addr, BDADDR_ANY))
707 settings |= MGMT_SETTING_STATIC_ADDRESS;
713 #define PNP_INFO_SVCLASS_ID 0x1200
715 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
717 u8 *ptr = data, *uuids_start = NULL;
718 struct bt_uuid *uuid;
723 list_for_each_entry(uuid, &hdev->uuids, list) {
726 if (uuid->size != 16)
729 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
733 if (uuid16 == PNP_INFO_SVCLASS_ID)
739 uuids_start[1] = EIR_UUID16_ALL;
743 /* Stop if not enough space to put next UUID */
744 if ((ptr - data) + sizeof(u16) > len) {
745 uuids_start[1] = EIR_UUID16_SOME;
749 *ptr++ = (uuid16 & 0x00ff);
750 *ptr++ = (uuid16 & 0xff00) >> 8;
751 uuids_start[0] += sizeof(uuid16);
757 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
759 u8 *ptr = data, *uuids_start = NULL;
760 struct bt_uuid *uuid;
765 list_for_each_entry(uuid, &hdev->uuids, list) {
766 if (uuid->size != 32)
772 uuids_start[1] = EIR_UUID32_ALL;
776 /* Stop if not enough space to put next UUID */
777 if ((ptr - data) + sizeof(u32) > len) {
778 uuids_start[1] = EIR_UUID32_SOME;
782 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
784 uuids_start[0] += sizeof(u32);
790 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
792 u8 *ptr = data, *uuids_start = NULL;
793 struct bt_uuid *uuid;
798 list_for_each_entry(uuid, &hdev->uuids, list) {
799 if (uuid->size != 128)
805 uuids_start[1] = EIR_UUID128_ALL;
809 /* Stop if not enough space to put next UUID */
810 if ((ptr - data) + 16 > len) {
811 uuids_start[1] = EIR_UUID128_SOME;
815 memcpy(ptr, uuid->uuid, 16);
817 uuids_start[0] += 16;
823 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
825 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
828 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
829 struct hci_dev *hdev,
832 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
835 static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
840 name_len = strlen(hdev->dev_name);
842 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
844 if (name_len > max_len) {
846 ptr[1] = EIR_NAME_SHORT;
848 ptr[1] = EIR_NAME_COMPLETE;
850 ptr[0] = name_len + 1;
852 memcpy(ptr + 2, hdev->dev_name, name_len);
854 ad_len += (name_len + 2);
855 ptr += (name_len + 2);
861 static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
863 /* TODO: Set the appropriate entries based on advertising instance flags
864 * here once flags other than 0 are supported.
866 memcpy(ptr, hdev->adv_instance.scan_rsp_data,
867 hdev->adv_instance.scan_rsp_len);
869 return hdev->adv_instance.scan_rsp_len;
872 static void update_scan_rsp_data_for_instance(struct hci_request *req,
875 struct hci_dev *hdev = req->hdev;
876 struct hci_cp_le_set_scan_rsp_data cp;
879 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
882 memset(&cp, 0, sizeof(cp));
885 len = create_instance_scan_rsp_data(hdev, cp.data);
887 len = create_default_scan_rsp_data(hdev, cp.data);
889 if (hdev->scan_rsp_data_len == len &&
890 !memcmp(cp.data, hdev->scan_rsp_data, len))
893 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
894 hdev->scan_rsp_data_len = len;
898 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
901 static void update_scan_rsp_data(struct hci_request *req)
903 struct hci_dev *hdev = req->hdev;
906 /* The "Set Advertising" setting supersedes the "Add Advertising"
907 * setting. Here we set the scan response data based on which
908 * setting was set. When neither apply, default to the global settings,
909 * represented by instance "0".
911 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
912 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
917 update_scan_rsp_data_for_instance(req, instance);
920 static u8 get_adv_discov_flags(struct hci_dev *hdev)
922 struct mgmt_pending_cmd *cmd;
924 /* If there's a pending mgmt command the flags will not yet have
925 * their final values, so check for this first.
927 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
929 struct mgmt_mode *cp = cmd->param;
931 return LE_AD_GENERAL;
932 else if (cp->val == 0x02)
933 return LE_AD_LIMITED;
935 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
936 return LE_AD_LIMITED;
937 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
938 return LE_AD_GENERAL;
944 static u8 create_default_adv_data(struct hci_dev *hdev, u8 *ptr)
946 u8 ad_len = 0, flags = 0;
948 flags |= get_adv_discov_flags(hdev);
950 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
951 flags |= LE_AD_NO_BREDR;
954 BT_DBG("adv flags 0x%02x", flags);
964 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
966 ptr[1] = EIR_TX_POWER;
967 ptr[2] = (u8) hdev->adv_tx_power;
976 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 *ptr)
978 u8 ad_len = 0, flags = 0;
980 if (hdev->adv_instance.flags & MGMT_ADV_FLAG_DISCOV)
981 flags |= LE_AD_GENERAL;
984 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
985 flags |= LE_AD_NO_BREDR;
995 memcpy(ptr, hdev->adv_instance.adv_data,
996 hdev->adv_instance.adv_data_len);
997 ad_len += hdev->adv_instance.adv_data_len;
1002 static void update_adv_data_for_instance(struct hci_request *req, u8 instance)
1004 struct hci_dev *hdev = req->hdev;
1005 struct hci_cp_le_set_adv_data cp;
1008 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1011 memset(&cp, 0, sizeof(cp));
1014 len = create_instance_adv_data(hdev, cp.data);
1016 len = create_default_adv_data(hdev, cp.data);
1018 /* There's nothing to do if the data hasn't changed */
1019 if (hdev->adv_data_len == len &&
1020 memcmp(cp.data, hdev->adv_data, len) == 0)
1023 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1024 hdev->adv_data_len = len;
1028 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1031 static u8 get_current_adv_instance(struct hci_dev *hdev)
1033 /* The "Set Advertising" setting supersedes the "Add Advertising"
1034 * setting. Here we set the advertising data based on which
1035 * setting was set. When neither apply, default to the global settings,
1036 * represented by instance "0".
1038 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
1039 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
1045 static bool get_connectable(struct hci_dev *hdev)
1047 struct mgmt_pending_cmd *cmd;
1049 /* If there's a pending mgmt command the flag will not yet have
1050 * it's final value, so check for this first.
1052 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1054 struct mgmt_mode *cp = cmd->param;
1059 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
1062 static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
1066 if (instance > 0x01)
1070 return hdev->adv_instance.flags;
1074 /* For instance 0, assemble the flags from global settings */
1075 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE) ||
1076 get_connectable(hdev))
1077 flags |= MGMT_ADV_FLAG_CONNECTABLE;
1079 /* TODO: Add the rest of the flags */
1084 static void update_adv_data(struct hci_request *req)
1086 struct hci_dev *hdev = req->hdev;
1087 u8 instance = get_current_adv_instance(hdev);
1089 update_adv_data_for_instance(req, instance);
1092 int mgmt_update_adv_data(struct hci_dev *hdev)
1094 struct hci_request req;
1096 hci_req_init(&req, hdev);
1097 update_adv_data(&req);
1099 return hci_req_run(&req, NULL);
1102 static void create_eir(struct hci_dev *hdev, u8 *data)
1107 name_len = strlen(hdev->dev_name);
1111 if (name_len > 48) {
1113 ptr[1] = EIR_NAME_SHORT;
1115 ptr[1] = EIR_NAME_COMPLETE;
1117 /* EIR Data length */
1118 ptr[0] = name_len + 1;
1120 memcpy(ptr + 2, hdev->dev_name, name_len);
1122 ptr += (name_len + 2);
1125 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
1127 ptr[1] = EIR_TX_POWER;
1128 ptr[2] = (u8) hdev->inq_tx_power;
1133 if (hdev->devid_source > 0) {
1135 ptr[1] = EIR_DEVICE_ID;
1137 put_unaligned_le16(hdev->devid_source, ptr + 2);
1138 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1139 put_unaligned_le16(hdev->devid_product, ptr + 6);
1140 put_unaligned_le16(hdev->devid_version, ptr + 8);
1145 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1146 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1147 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1150 static void update_eir(struct hci_request *req)
1152 struct hci_dev *hdev = req->hdev;
1153 struct hci_cp_write_eir cp;
1155 if (!hdev_is_powered(hdev))
1158 if (!lmp_ext_inq_capable(hdev))
1161 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1164 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1167 memset(&cp, 0, sizeof(cp));
1169 create_eir(hdev, cp.data);
1171 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
1174 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1176 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1179 static u8 get_service_classes(struct hci_dev *hdev)
1181 struct bt_uuid *uuid;
1184 list_for_each_entry(uuid, &hdev->uuids, list)
1185 val |= uuid->svc_hint;
1190 static void update_class(struct hci_request *req)
1192 struct hci_dev *hdev = req->hdev;
1195 BT_DBG("%s", hdev->name);
1197 if (!hdev_is_powered(hdev))
1200 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1203 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1206 cod[0] = hdev->minor_class;
1207 cod[1] = hdev->major_class;
1208 cod[2] = get_service_classes(hdev);
1210 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1213 if (memcmp(cod, hdev->dev_class, 3) == 0)
1216 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1219 static void disable_advertising(struct hci_request *req)
1223 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1226 static void enable_advertising(struct hci_request *req)
1228 struct hci_dev *hdev = req->hdev;
1229 struct hci_cp_le_set_adv_param cp;
1230 u8 own_addr_type, enable = 0x01;
1235 if (hci_conn_num(hdev, LE_LINK) > 0)
1238 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1239 disable_advertising(req);
1241 /* Clear the HCI_LE_ADV bit temporarily so that the
1242 * hci_update_random_address knows that it's safe to go ahead
1243 * and write a new random address. The flag will be set back on
1244 * as soon as the SET_ADV_ENABLE HCI command completes.
1246 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1248 instance = get_current_adv_instance(hdev);
1249 flags = get_adv_instance_flags(hdev, instance);
1250 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE);
1252 /* Set require_privacy to true only when non-connectable
1253 * advertising is used. In that case it is fine to use a
1254 * non-resolvable private address.
1256 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1259 memset(&cp, 0, sizeof(cp));
1260 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1261 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1262 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1263 cp.own_address_type = own_addr_type;
1264 cp.channel_map = hdev->le_adv_channel_map;
1266 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1268 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1271 static void service_cache_off(struct work_struct *work)
1273 struct hci_dev *hdev = container_of(work, struct hci_dev,
1274 service_cache.work);
1275 struct hci_request req;
1277 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1280 hci_req_init(&req, hdev);
1287 hci_dev_unlock(hdev);
1289 hci_req_run(&req, NULL);
1292 static void rpa_expired(struct work_struct *work)
1294 struct hci_dev *hdev = container_of(work, struct hci_dev,
1296 struct hci_request req;
1300 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1302 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1305 /* The generation of a new RPA and programming it into the
1306 * controller happens in the enable_advertising() function.
1308 hci_req_init(&req, hdev);
1309 enable_advertising(&req);
1310 hci_req_run(&req, NULL);
1313 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1315 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
1318 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1319 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1321 /* Non-mgmt controlled devices get this bit set
1322 * implicitly so that pairing works for them, however
1323 * for mgmt we require user-space to explicitly enable
1326 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1329 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1330 void *data, u16 data_len)
1332 struct mgmt_rp_read_info rp;
1334 BT_DBG("sock %p %s", sk, hdev->name);
1338 memset(&rp, 0, sizeof(rp));
1340 bacpy(&rp.bdaddr, &hdev->bdaddr);
1342 rp.version = hdev->hci_ver;
1343 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1345 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1346 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1348 memcpy(rp.dev_class, hdev->dev_class, 3);
1350 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1351 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1353 hci_dev_unlock(hdev);
1355 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1359 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1361 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1363 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1367 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1369 BT_DBG("%s status 0x%02x", hdev->name, status);
1371 if (hci_conn_count(hdev) == 0) {
1372 cancel_delayed_work(&hdev->power_off);
1373 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1377 static bool hci_stop_discovery(struct hci_request *req)
1379 struct hci_dev *hdev = req->hdev;
1380 struct hci_cp_remote_name_req_cancel cp;
1381 struct inquiry_entry *e;
1383 switch (hdev->discovery.state) {
1384 case DISCOVERY_FINDING:
1385 if (test_bit(HCI_INQUIRY, &hdev->flags))
1386 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1388 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1389 cancel_delayed_work(&hdev->le_scan_disable);
1390 hci_req_add_le_scan_disable(req);
1395 case DISCOVERY_RESOLVING:
1396 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1401 bacpy(&cp.bdaddr, &e->data.bdaddr);
1402 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1408 /* Passive scanning */
1409 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1410 hci_req_add_le_scan_disable(req);
1420 static void advertising_added(struct sock *sk, struct hci_dev *hdev,
1423 struct mgmt_ev_advertising_added ev;
1425 ev.instance = instance;
1427 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1430 static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
1433 struct mgmt_ev_advertising_removed ev;
1435 ev.instance = instance;
1437 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1440 static void clear_adv_instance(struct hci_dev *hdev)
1442 struct hci_request req;
1444 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1447 if (hdev->adv_instance.timeout)
1448 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
1450 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
1451 advertising_removed(NULL, hdev, 1);
1452 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
1454 if (!hdev_is_powered(hdev) ||
1455 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1458 hci_req_init(&req, hdev);
1459 disable_advertising(&req);
1460 hci_req_run(&req, NULL);
1463 static int clean_up_hci_state(struct hci_dev *hdev)
1465 struct hci_request req;
1466 struct hci_conn *conn;
1467 bool discov_stopped;
1470 hci_req_init(&req, hdev);
1472 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1473 test_bit(HCI_PSCAN, &hdev->flags)) {
1475 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1478 if (hdev->adv_instance.timeout)
1479 clear_adv_instance(hdev);
1481 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1482 disable_advertising(&req);
1484 discov_stopped = hci_stop_discovery(&req);
1486 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1487 struct hci_cp_disconnect dc;
1488 struct hci_cp_reject_conn_req rej;
1490 switch (conn->state) {
1493 dc.handle = cpu_to_le16(conn->handle);
1494 dc.reason = 0x15; /* Terminated due to Power Off */
1495 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1498 if (conn->type == LE_LINK)
1499 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1501 else if (conn->type == ACL_LINK)
1502 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1506 bacpy(&rej.bdaddr, &conn->dst);
1507 rej.reason = 0x15; /* Terminated due to Power Off */
1508 if (conn->type == ACL_LINK)
1509 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1511 else if (conn->type == SCO_LINK)
1512 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1518 err = hci_req_run(&req, clean_up_hci_complete);
1519 if (!err && discov_stopped)
1520 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1525 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1528 struct mgmt_mode *cp = data;
1529 struct mgmt_pending_cmd *cmd;
1532 BT_DBG("request for %s", hdev->name);
1534 if (cp->val != 0x00 && cp->val != 0x01)
1535 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1536 MGMT_STATUS_INVALID_PARAMS);
1540 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1541 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1546 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
1547 cancel_delayed_work(&hdev->power_off);
1550 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1552 err = mgmt_powered(hdev, 1);
1557 if (!!cp->val == hdev_is_powered(hdev)) {
1558 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1562 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1569 queue_work(hdev->req_workqueue, &hdev->power_on);
1572 /* Disconnect connections, stop scans, etc */
1573 err = clean_up_hci_state(hdev);
1575 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1576 HCI_POWER_OFF_TIMEOUT);
1578 /* ENODATA means there were no HCI commands queued */
1579 if (err == -ENODATA) {
1580 cancel_delayed_work(&hdev->power_off);
1581 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1587 hci_dev_unlock(hdev);
1591 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1593 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1595 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1599 int mgmt_new_settings(struct hci_dev *hdev)
1601 return new_settings(hdev, NULL);
1606 struct hci_dev *hdev;
1610 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1612 struct cmd_lookup *match = data;
1614 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1616 list_del(&cmd->list);
1618 if (match->sk == NULL) {
1619 match->sk = cmd->sk;
1620 sock_hold(match->sk);
1623 mgmt_pending_free(cmd);
1626 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1630 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1631 mgmt_pending_remove(cmd);
1634 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1636 if (cmd->cmd_complete) {
1639 cmd->cmd_complete(cmd, *status);
1640 mgmt_pending_remove(cmd);
1645 cmd_status_rsp(cmd, data);
1648 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1650 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1651 cmd->param, cmd->param_len);
1654 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1656 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1657 cmd->param, sizeof(struct mgmt_addr_info));
1660 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1662 if (!lmp_bredr_capable(hdev))
1663 return MGMT_STATUS_NOT_SUPPORTED;
1664 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1665 return MGMT_STATUS_REJECTED;
1667 return MGMT_STATUS_SUCCESS;
1670 static u8 mgmt_le_support(struct hci_dev *hdev)
1672 if (!lmp_le_capable(hdev))
1673 return MGMT_STATUS_NOT_SUPPORTED;
1674 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1675 return MGMT_STATUS_REJECTED;
1677 return MGMT_STATUS_SUCCESS;
1680 static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1683 struct mgmt_pending_cmd *cmd;
1684 struct mgmt_mode *cp;
1685 struct hci_request req;
1688 BT_DBG("status 0x%02x", status);
1692 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1697 u8 mgmt_err = mgmt_status(status);
1698 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1699 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1705 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
1707 if (hdev->discov_timeout > 0) {
1708 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1709 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1713 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
1716 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1719 new_settings(hdev, cmd->sk);
1721 /* When the discoverable mode gets changed, make sure
1722 * that class of device has the limited discoverable
1723 * bit correctly set. Also update page scan based on whitelist
1726 hci_req_init(&req, hdev);
1727 __hci_update_page_scan(&req);
1729 hci_req_run(&req, NULL);
1732 mgmt_pending_remove(cmd);
1735 hci_dev_unlock(hdev);
1738 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1741 struct mgmt_cp_set_discoverable *cp = data;
1742 struct mgmt_pending_cmd *cmd;
1743 struct hci_request req;
1748 BT_DBG("request for %s", hdev->name);
1750 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1751 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1753 MGMT_STATUS_REJECTED);
1755 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1756 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1757 MGMT_STATUS_INVALID_PARAMS);
1759 timeout = __le16_to_cpu(cp->timeout);
1761 /* Disabling discoverable requires that no timeout is set,
1762 * and enabling limited discoverable requires a timeout.
1764 if ((cp->val == 0x00 && timeout > 0) ||
1765 (cp->val == 0x02 && timeout == 0))
1766 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1767 MGMT_STATUS_INVALID_PARAMS);
1771 if (!hdev_is_powered(hdev) && timeout > 0) {
1772 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1773 MGMT_STATUS_NOT_POWERED);
1777 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1778 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1779 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1784 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1785 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1786 MGMT_STATUS_REJECTED);
1790 if (!hdev_is_powered(hdev)) {
1791 bool changed = false;
1793 /* Setting limited discoverable when powered off is
1794 * not a valid operation since it requires a timeout
1795 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1797 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1798 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1802 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1807 err = new_settings(hdev, sk);
1812 /* If the current mode is the same, then just update the timeout
1813 * value with the new value. And if only the timeout gets updated,
1814 * then no need for any HCI transactions.
1816 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1817 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1818 HCI_LIMITED_DISCOVERABLE)) {
1819 cancel_delayed_work(&hdev->discov_off);
1820 hdev->discov_timeout = timeout;
1822 if (cp->val && hdev->discov_timeout > 0) {
1823 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1824 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1828 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1832 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1838 /* Cancel any potential discoverable timeout that might be
1839 * still active and store new timeout value. The arming of
1840 * the timeout happens in the complete handler.
1842 cancel_delayed_work(&hdev->discov_off);
1843 hdev->discov_timeout = timeout;
1845 /* Limited discoverable mode */
1846 if (cp->val == 0x02)
1847 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1849 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1851 hci_req_init(&req, hdev);
1853 /* The procedure for LE-only controllers is much simpler - just
1854 * update the advertising data.
1856 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1862 struct hci_cp_write_current_iac_lap hci_cp;
1864 if (cp->val == 0x02) {
1865 /* Limited discoverable mode */
1866 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1867 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1868 hci_cp.iac_lap[1] = 0x8b;
1869 hci_cp.iac_lap[2] = 0x9e;
1870 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1871 hci_cp.iac_lap[4] = 0x8b;
1872 hci_cp.iac_lap[5] = 0x9e;
1874 /* General discoverable mode */
1876 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1877 hci_cp.iac_lap[1] = 0x8b;
1878 hci_cp.iac_lap[2] = 0x9e;
1881 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1882 (hci_cp.num_iac * 3) + 1, &hci_cp);
1884 scan |= SCAN_INQUIRY;
1886 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1889 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1892 update_adv_data(&req);
1894 err = hci_req_run(&req, set_discoverable_complete);
1896 mgmt_pending_remove(cmd);
1899 hci_dev_unlock(hdev);
1903 static void write_fast_connectable(struct hci_request *req, bool enable)
1905 struct hci_dev *hdev = req->hdev;
1906 struct hci_cp_write_page_scan_activity acp;
1909 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1912 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1916 type = PAGE_SCAN_TYPE_INTERLACED;
1918 /* 160 msec page scan interval */
1919 acp.interval = cpu_to_le16(0x0100);
1921 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1923 /* default 1.28 sec page scan */
1924 acp.interval = cpu_to_le16(0x0800);
1927 acp.window = cpu_to_le16(0x0012);
1929 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1930 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1931 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1934 if (hdev->page_scan_type != type)
1935 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1938 static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1941 struct mgmt_pending_cmd *cmd;
1942 struct mgmt_mode *cp;
1943 bool conn_changed, discov_changed;
1945 BT_DBG("status 0x%02x", status);
1949 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1954 u8 mgmt_err = mgmt_status(status);
1955 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1961 conn_changed = !hci_dev_test_and_set_flag(hdev,
1963 discov_changed = false;
1965 conn_changed = hci_dev_test_and_clear_flag(hdev,
1967 discov_changed = hci_dev_test_and_clear_flag(hdev,
1971 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1973 if (conn_changed || discov_changed) {
1974 new_settings(hdev, cmd->sk);
1975 hci_update_page_scan(hdev);
1977 mgmt_update_adv_data(hdev);
1978 hci_update_background_scan(hdev);
1982 mgmt_pending_remove(cmd);
1985 hci_dev_unlock(hdev);
1988 static int set_connectable_update_settings(struct hci_dev *hdev,
1989 struct sock *sk, u8 val)
1991 bool changed = false;
1994 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1998 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
2000 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
2001 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2004 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
2009 hci_update_page_scan(hdev);
2010 hci_update_background_scan(hdev);
2011 return new_settings(hdev, sk);
2017 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
2020 struct mgmt_mode *cp = data;
2021 struct mgmt_pending_cmd *cmd;
2022 struct hci_request req;
2026 BT_DBG("request for %s", hdev->name);
2028 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2029 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2030 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2031 MGMT_STATUS_REJECTED);
2033 if (cp->val != 0x00 && cp->val != 0x01)
2034 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2035 MGMT_STATUS_INVALID_PARAMS);
2039 if (!hdev_is_powered(hdev)) {
2040 err = set_connectable_update_settings(hdev, sk, cp->val);
2044 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
2045 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
2046 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2051 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
2057 hci_req_init(&req, hdev);
2059 /* If BR/EDR is not enabled and we disable advertising as a
2060 * by-product of disabling connectable, we need to update the
2061 * advertising flags.
2063 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2065 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2066 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2068 update_adv_data(&req);
2069 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
2073 /* If we don't have any whitelist entries just
2074 * disable all scanning. If there are entries
2075 * and we had both page and inquiry scanning
2076 * enabled then fall back to only page scanning.
2077 * Otherwise no changes are needed.
2079 if (list_empty(&hdev->whitelist))
2080 scan = SCAN_DISABLED;
2081 else if (test_bit(HCI_ISCAN, &hdev->flags))
2084 goto no_scan_update;
2086 if (test_bit(HCI_ISCAN, &hdev->flags) &&
2087 hdev->discov_timeout > 0)
2088 cancel_delayed_work(&hdev->discov_off);
2091 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2095 /* Update the advertising parameters if necessary */
2096 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
2097 enable_advertising(&req);
2099 err = hci_req_run(&req, set_connectable_complete);
2101 mgmt_pending_remove(cmd);
2102 if (err == -ENODATA)
2103 err = set_connectable_update_settings(hdev, sk,
2109 hci_dev_unlock(hdev);
2113 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
2116 struct mgmt_mode *cp = data;
2120 BT_DBG("request for %s", hdev->name);
2122 if (cp->val != 0x00 && cp->val != 0x01)
2123 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2124 MGMT_STATUS_INVALID_PARAMS);
2129 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
2131 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
2133 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
2138 err = new_settings(hdev, sk);
2141 hci_dev_unlock(hdev);
2145 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2148 struct mgmt_mode *cp = data;
2149 struct mgmt_pending_cmd *cmd;
2153 BT_DBG("request for %s", hdev->name);
2155 status = mgmt_bredr_support(hdev);
2157 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2160 if (cp->val != 0x00 && cp->val != 0x01)
2161 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2162 MGMT_STATUS_INVALID_PARAMS);
2166 if (!hdev_is_powered(hdev)) {
2167 bool changed = false;
2169 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
2170 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
2174 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2179 err = new_settings(hdev, sk);
2184 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2185 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2192 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2193 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2197 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2203 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2205 mgmt_pending_remove(cmd);
2210 hci_dev_unlock(hdev);
2214 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2216 struct mgmt_mode *cp = data;
2217 struct mgmt_pending_cmd *cmd;
2221 BT_DBG("request for %s", hdev->name);
2223 status = mgmt_bredr_support(hdev);
2225 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2227 if (!lmp_ssp_capable(hdev))
2228 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2229 MGMT_STATUS_NOT_SUPPORTED);
2231 if (cp->val != 0x00 && cp->val != 0x01)
2232 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2233 MGMT_STATUS_INVALID_PARAMS);
2237 if (!hdev_is_powered(hdev)) {
2241 changed = !hci_dev_test_and_set_flag(hdev,
2244 changed = hci_dev_test_and_clear_flag(hdev,
2247 changed = hci_dev_test_and_clear_flag(hdev,
2250 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
2253 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2258 err = new_settings(hdev, sk);
2263 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2264 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2269 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2270 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2274 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2280 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
2281 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2282 sizeof(cp->val), &cp->val);
2284 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2286 mgmt_pending_remove(cmd);
2291 hci_dev_unlock(hdev);
2295 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2297 struct mgmt_mode *cp = data;
2302 BT_DBG("request for %s", hdev->name);
2304 status = mgmt_bredr_support(hdev);
2306 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2308 if (!lmp_ssp_capable(hdev))
2309 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2310 MGMT_STATUS_NOT_SUPPORTED);
2312 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
2313 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2314 MGMT_STATUS_REJECTED);
2316 if (cp->val != 0x00 && cp->val != 0x01)
2317 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2318 MGMT_STATUS_INVALID_PARAMS);
2322 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2323 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2329 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2331 if (hdev_is_powered(hdev)) {
2332 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2333 MGMT_STATUS_REJECTED);
2337 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2340 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2345 err = new_settings(hdev, sk);
2348 hci_dev_unlock(hdev);
2352 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2354 struct cmd_lookup match = { NULL, hdev };
2359 u8 mgmt_err = mgmt_status(status);
2361 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2366 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2368 new_settings(hdev, match.sk);
2373 /* Make sure the controller has a good default for
2374 * advertising data. Restrict the update to when LE
2375 * has actually been enabled. During power on, the
2376 * update in powered_update_hci will take care of it.
2378 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2379 struct hci_request req;
2381 hci_req_init(&req, hdev);
2382 update_adv_data(&req);
2383 update_scan_rsp_data(&req);
2384 __hci_update_background_scan(&req);
2385 hci_req_run(&req, NULL);
2389 hci_dev_unlock(hdev);
2392 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2394 struct mgmt_mode *cp = data;
2395 struct hci_cp_write_le_host_supported hci_cp;
2396 struct mgmt_pending_cmd *cmd;
2397 struct hci_request req;
2401 BT_DBG("request for %s", hdev->name);
2403 if (!lmp_le_capable(hdev))
2404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2405 MGMT_STATUS_NOT_SUPPORTED);
2407 if (cp->val != 0x00 && cp->val != 0x01)
2408 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2409 MGMT_STATUS_INVALID_PARAMS);
2411 /* Bluetooth single mode LE only controllers or dual-mode
2412 * controllers configured as LE only devices, do not allow
2413 * switching LE off. These have either LE enabled explicitly
2414 * or BR/EDR has been previously switched off.
2416 * When trying to enable an already enabled LE, then gracefully
2417 * send a positive response. Trying to disable it however will
2418 * result into rejection.
2420 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2421 if (cp->val == 0x01)
2422 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2424 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2425 MGMT_STATUS_REJECTED);
2431 enabled = lmp_host_le_capable(hdev);
2433 if (!hdev_is_powered(hdev) || val == enabled) {
2434 bool changed = false;
2436 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2437 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2441 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2442 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2446 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2451 err = new_settings(hdev, sk);
2456 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2457 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2458 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2463 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2469 hci_req_init(&req, hdev);
2471 memset(&hci_cp, 0, sizeof(hci_cp));
2475 hci_cp.simul = 0x00;
2477 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2478 disable_advertising(&req);
2481 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2484 err = hci_req_run(&req, le_enable_complete);
2486 mgmt_pending_remove(cmd);
2489 hci_dev_unlock(hdev);
2493 /* This is a helper function to test for pending mgmt commands that can
2494 * cause CoD or EIR HCI commands. We can only allow one such pending
2495 * mgmt command at a time since otherwise we cannot easily track what
2496 * the current values are, will be, and based on that calculate if a new
2497 * HCI command needs to be sent and if yes with what value.
2499 static bool pending_eir_or_class(struct hci_dev *hdev)
2501 struct mgmt_pending_cmd *cmd;
2503 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2504 switch (cmd->opcode) {
2505 case MGMT_OP_ADD_UUID:
2506 case MGMT_OP_REMOVE_UUID:
2507 case MGMT_OP_SET_DEV_CLASS:
2508 case MGMT_OP_SET_POWERED:
2516 static const u8 bluetooth_base_uuid[] = {
2517 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2518 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2521 static u8 get_uuid_size(const u8 *uuid)
2525 if (memcmp(uuid, bluetooth_base_uuid, 12))
2528 val = get_unaligned_le32(&uuid[12]);
2535 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2537 struct mgmt_pending_cmd *cmd;
2541 cmd = pending_find(mgmt_op, hdev);
2545 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2546 mgmt_status(status), hdev->dev_class, 3);
2548 mgmt_pending_remove(cmd);
2551 hci_dev_unlock(hdev);
2554 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2556 BT_DBG("status 0x%02x", status);
2558 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2561 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2563 struct mgmt_cp_add_uuid *cp = data;
2564 struct mgmt_pending_cmd *cmd;
2565 struct hci_request req;
2566 struct bt_uuid *uuid;
2569 BT_DBG("request for %s", hdev->name);
2573 if (pending_eir_or_class(hdev)) {
2574 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2579 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2585 memcpy(uuid->uuid, cp->uuid, 16);
2586 uuid->svc_hint = cp->svc_hint;
2587 uuid->size = get_uuid_size(cp->uuid);
2589 list_add_tail(&uuid->list, &hdev->uuids);
2591 hci_req_init(&req, hdev);
2596 err = hci_req_run(&req, add_uuid_complete);
2598 if (err != -ENODATA)
2601 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2602 hdev->dev_class, 3);
2606 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2615 hci_dev_unlock(hdev);
2619 static bool enable_service_cache(struct hci_dev *hdev)
2621 if (!hdev_is_powered(hdev))
2624 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2625 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2633 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2635 BT_DBG("status 0x%02x", status);
2637 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2640 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2643 struct mgmt_cp_remove_uuid *cp = data;
2644 struct mgmt_pending_cmd *cmd;
2645 struct bt_uuid *match, *tmp;
2646 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2647 struct hci_request req;
2650 BT_DBG("request for %s", hdev->name);
2654 if (pending_eir_or_class(hdev)) {
2655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2660 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2661 hci_uuids_clear(hdev);
2663 if (enable_service_cache(hdev)) {
2664 err = mgmt_cmd_complete(sk, hdev->id,
2665 MGMT_OP_REMOVE_UUID,
2666 0, hdev->dev_class, 3);
2675 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2676 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2679 list_del(&match->list);
2685 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2686 MGMT_STATUS_INVALID_PARAMS);
2691 hci_req_init(&req, hdev);
2696 err = hci_req_run(&req, remove_uuid_complete);
2698 if (err != -ENODATA)
2701 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2702 hdev->dev_class, 3);
2706 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2715 hci_dev_unlock(hdev);
2719 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2721 BT_DBG("status 0x%02x", status);
2723 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2726 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2729 struct mgmt_cp_set_dev_class *cp = data;
2730 struct mgmt_pending_cmd *cmd;
2731 struct hci_request req;
2734 BT_DBG("request for %s", hdev->name);
2736 if (!lmp_bredr_capable(hdev))
2737 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2738 MGMT_STATUS_NOT_SUPPORTED);
2742 if (pending_eir_or_class(hdev)) {
2743 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2748 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2749 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2750 MGMT_STATUS_INVALID_PARAMS);
2754 hdev->major_class = cp->major;
2755 hdev->minor_class = cp->minor;
2757 if (!hdev_is_powered(hdev)) {
2758 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2759 hdev->dev_class, 3);
2763 hci_req_init(&req, hdev);
2765 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2766 hci_dev_unlock(hdev);
2767 cancel_delayed_work_sync(&hdev->service_cache);
2774 err = hci_req_run(&req, set_class_complete);
2776 if (err != -ENODATA)
2779 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2780 hdev->dev_class, 3);
2784 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2793 hci_dev_unlock(hdev);
2797 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2800 struct mgmt_cp_load_link_keys *cp = data;
2801 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2802 sizeof(struct mgmt_link_key_info));
2803 u16 key_count, expected_len;
2807 BT_DBG("request for %s", hdev->name);
2809 if (!lmp_bredr_capable(hdev))
2810 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2811 MGMT_STATUS_NOT_SUPPORTED);
2813 key_count = __le16_to_cpu(cp->key_count);
2814 if (key_count > max_key_count) {
2815 BT_ERR("load_link_keys: too big key_count value %u",
2817 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2818 MGMT_STATUS_INVALID_PARAMS);
2821 expected_len = sizeof(*cp) + key_count *
2822 sizeof(struct mgmt_link_key_info);
2823 if (expected_len != len) {
2824 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2826 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2827 MGMT_STATUS_INVALID_PARAMS);
2830 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2831 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2832 MGMT_STATUS_INVALID_PARAMS);
2834 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2837 for (i = 0; i < key_count; i++) {
2838 struct mgmt_link_key_info *key = &cp->keys[i];
2840 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2841 return mgmt_cmd_status(sk, hdev->id,
2842 MGMT_OP_LOAD_LINK_KEYS,
2843 MGMT_STATUS_INVALID_PARAMS);
2848 hci_link_keys_clear(hdev);
2851 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2853 changed = hci_dev_test_and_clear_flag(hdev,
2854 HCI_KEEP_DEBUG_KEYS);
2857 new_settings(hdev, NULL);
2859 for (i = 0; i < key_count; i++) {
2860 struct mgmt_link_key_info *key = &cp->keys[i];
2862 /* Always ignore debug keys and require a new pairing if
2863 * the user wants to use them.
2865 if (key->type == HCI_LK_DEBUG_COMBINATION)
2868 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2869 key->type, key->pin_len, NULL);
2872 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2874 hci_dev_unlock(hdev);
2879 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2880 u8 addr_type, struct sock *skip_sk)
2882 struct mgmt_ev_device_unpaired ev;
2884 bacpy(&ev.addr.bdaddr, bdaddr);
2885 ev.addr.type = addr_type;
2887 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2891 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2894 struct mgmt_cp_unpair_device *cp = data;
2895 struct mgmt_rp_unpair_device rp;
2896 struct hci_cp_disconnect dc;
2897 struct mgmt_pending_cmd *cmd;
2898 struct hci_conn *conn;
2901 memset(&rp, 0, sizeof(rp));
2902 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2903 rp.addr.type = cp->addr.type;
2905 if (!bdaddr_type_is_valid(cp->addr.type))
2906 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2907 MGMT_STATUS_INVALID_PARAMS,
2910 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2911 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2912 MGMT_STATUS_INVALID_PARAMS,
2917 if (!hdev_is_powered(hdev)) {
2918 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2919 MGMT_STATUS_NOT_POWERED, &rp,
2924 if (cp->addr.type == BDADDR_BREDR) {
2925 /* If disconnection is requested, then look up the
2926 * connection. If the remote device is connected, it
2927 * will be later used to terminate the link.
2929 * Setting it to NULL explicitly will cause no
2930 * termination of the link.
2933 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2938 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2942 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2945 /* Defer clearing up the connection parameters
2946 * until closing to give a chance of keeping
2947 * them if a repairing happens.
2949 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2951 /* If disconnection is not requested, then
2952 * clear the connection variable so that the
2953 * link is not terminated.
2955 if (!cp->disconnect)
2959 if (cp->addr.type == BDADDR_LE_PUBLIC)
2960 addr_type = ADDR_LE_DEV_PUBLIC;
2962 addr_type = ADDR_LE_DEV_RANDOM;
2964 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2966 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2970 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2971 MGMT_STATUS_NOT_PAIRED, &rp,
2976 /* If the connection variable is set, then termination of the
2977 * link is requested.
2980 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2982 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2986 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2993 cmd->cmd_complete = addr_cmd_complete;
2995 dc.handle = cpu_to_le16(conn->handle);
2996 dc.reason = 0x13; /* Remote User Terminated Connection */
2997 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2999 mgmt_pending_remove(cmd);
3002 hci_dev_unlock(hdev);
3006 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
3009 struct mgmt_cp_disconnect *cp = data;
3010 struct mgmt_rp_disconnect rp;
3011 struct mgmt_pending_cmd *cmd;
3012 struct hci_conn *conn;
3017 memset(&rp, 0, sizeof(rp));
3018 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3019 rp.addr.type = cp->addr.type;
3021 if (!bdaddr_type_is_valid(cp->addr.type))
3022 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3023 MGMT_STATUS_INVALID_PARAMS,
3028 if (!test_bit(HCI_UP, &hdev->flags)) {
3029 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3030 MGMT_STATUS_NOT_POWERED, &rp,
3035 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
3036 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3037 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3041 if (cp->addr.type == BDADDR_BREDR)
3042 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3045 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
3047 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
3048 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3049 MGMT_STATUS_NOT_CONNECTED, &rp,
3054 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
3060 cmd->cmd_complete = generic_cmd_complete;
3062 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3064 mgmt_pending_remove(cmd);
3067 hci_dev_unlock(hdev);
3071 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3073 switch (link_type) {
3075 switch (addr_type) {
3076 case ADDR_LE_DEV_PUBLIC:
3077 return BDADDR_LE_PUBLIC;
3080 /* Fallback to LE Random address type */
3081 return BDADDR_LE_RANDOM;
3085 /* Fallback to BR/EDR type */
3086 return BDADDR_BREDR;
3090 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3093 struct mgmt_rp_get_connections *rp;
3103 if (!hdev_is_powered(hdev)) {
3104 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3105 MGMT_STATUS_NOT_POWERED);
3110 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3111 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3115 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3116 rp = kmalloc(rp_len, GFP_KERNEL);
3123 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3124 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3126 bacpy(&rp->addr[i].bdaddr, &c->dst);
3127 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3128 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3133 rp->conn_count = cpu_to_le16(i);
3135 /* Recalculate length in case of filtered SCO connections, etc */
3136 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3138 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3144 hci_dev_unlock(hdev);
3148 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3149 struct mgmt_cp_pin_code_neg_reply *cp)
3151 struct mgmt_pending_cmd *cmd;
3154 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3159 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3160 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3162 mgmt_pending_remove(cmd);
3167 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3170 struct hci_conn *conn;
3171 struct mgmt_cp_pin_code_reply *cp = data;
3172 struct hci_cp_pin_code_reply reply;
3173 struct mgmt_pending_cmd *cmd;
3180 if (!hdev_is_powered(hdev)) {
3181 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3182 MGMT_STATUS_NOT_POWERED);
3186 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3188 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3189 MGMT_STATUS_NOT_CONNECTED);
3193 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3194 struct mgmt_cp_pin_code_neg_reply ncp;
3196 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3198 BT_ERR("PIN code is not 16 bytes long");
3200 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3202 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3203 MGMT_STATUS_INVALID_PARAMS);
3208 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3214 cmd->cmd_complete = addr_cmd_complete;
3216 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3217 reply.pin_len = cp->pin_len;
3218 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3220 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3222 mgmt_pending_remove(cmd);
3225 hci_dev_unlock(hdev);
3229 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3232 struct mgmt_cp_set_io_capability *cp = data;
3236 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3237 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3238 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3242 hdev->io_capability = cp->io_capability;
3244 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3245 hdev->io_capability);
3247 hci_dev_unlock(hdev);
3249 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3253 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
3255 struct hci_dev *hdev = conn->hdev;
3256 struct mgmt_pending_cmd *cmd;
3258 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3259 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3262 if (cmd->user_data != conn)
3271 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
3273 struct mgmt_rp_pair_device rp;
3274 struct hci_conn *conn = cmd->user_data;
3277 bacpy(&rp.addr.bdaddr, &conn->dst);
3278 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3280 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3281 status, &rp, sizeof(rp));
3283 /* So we don't get further callbacks for this connection */
3284 conn->connect_cfm_cb = NULL;
3285 conn->security_cfm_cb = NULL;
3286 conn->disconn_cfm_cb = NULL;
3288 hci_conn_drop(conn);
3290 /* The device is paired so there is no need to remove
3291 * its connection parameters anymore.
3293 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3300 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3302 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3303 struct mgmt_pending_cmd *cmd;
3305 cmd = find_pairing(conn);
3307 cmd->cmd_complete(cmd, status);
3308 mgmt_pending_remove(cmd);
3312 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3314 struct mgmt_pending_cmd *cmd;
3316 BT_DBG("status %u", status);
3318 cmd = find_pairing(conn);
3320 BT_DBG("Unable to find a pending command");
3324 cmd->cmd_complete(cmd, mgmt_status(status));
3325 mgmt_pending_remove(cmd);
3328 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3330 struct mgmt_pending_cmd *cmd;
3332 BT_DBG("status %u", status);
3337 cmd = find_pairing(conn);
3339 BT_DBG("Unable to find a pending command");
3343 cmd->cmd_complete(cmd, mgmt_status(status));
3344 mgmt_pending_remove(cmd);
3347 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3350 struct mgmt_cp_pair_device *cp = data;
3351 struct mgmt_rp_pair_device rp;
3352 struct mgmt_pending_cmd *cmd;
3353 u8 sec_level, auth_type;
3354 struct hci_conn *conn;
3359 memset(&rp, 0, sizeof(rp));
3360 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3361 rp.addr.type = cp->addr.type;
3363 if (!bdaddr_type_is_valid(cp->addr.type))
3364 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3365 MGMT_STATUS_INVALID_PARAMS,
3368 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3369 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3370 MGMT_STATUS_INVALID_PARAMS,
3375 if (!hdev_is_powered(hdev)) {
3376 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3377 MGMT_STATUS_NOT_POWERED, &rp,
3382 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3383 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3384 MGMT_STATUS_ALREADY_PAIRED, &rp,
3389 sec_level = BT_SECURITY_MEDIUM;
3390 auth_type = HCI_AT_DEDICATED_BONDING;
3392 if (cp->addr.type == BDADDR_BREDR) {
3393 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3398 /* Convert from L2CAP channel address type to HCI address type
3400 if (cp->addr.type == BDADDR_LE_PUBLIC)
3401 addr_type = ADDR_LE_DEV_PUBLIC;
3403 addr_type = ADDR_LE_DEV_RANDOM;
3405 /* When pairing a new device, it is expected to remember
3406 * this device for future connections. Adding the connection
3407 * parameter information ahead of time allows tracking
3408 * of the slave preferred values and will speed up any
3409 * further connection establishment.
3411 * If connection parameters already exist, then they
3412 * will be kept and this function does nothing.
3414 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3416 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3417 sec_level, HCI_LE_CONN_TIMEOUT,
3424 if (PTR_ERR(conn) == -EBUSY)
3425 status = MGMT_STATUS_BUSY;
3426 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3427 status = MGMT_STATUS_NOT_SUPPORTED;
3428 else if (PTR_ERR(conn) == -ECONNREFUSED)
3429 status = MGMT_STATUS_REJECTED;
3431 status = MGMT_STATUS_CONNECT_FAILED;
3433 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3434 status, &rp, sizeof(rp));
3438 if (conn->connect_cfm_cb) {
3439 hci_conn_drop(conn);
3440 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3441 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3445 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3448 hci_conn_drop(conn);
3452 cmd->cmd_complete = pairing_complete;
3454 /* For LE, just connecting isn't a proof that the pairing finished */
3455 if (cp->addr.type == BDADDR_BREDR) {
3456 conn->connect_cfm_cb = pairing_complete_cb;
3457 conn->security_cfm_cb = pairing_complete_cb;
3458 conn->disconn_cfm_cb = pairing_complete_cb;
3460 conn->connect_cfm_cb = le_pairing_complete_cb;
3461 conn->security_cfm_cb = le_pairing_complete_cb;
3462 conn->disconn_cfm_cb = le_pairing_complete_cb;
3465 conn->io_capability = cp->io_cap;
3466 cmd->user_data = hci_conn_get(conn);
3468 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3469 hci_conn_security(conn, sec_level, auth_type, true)) {
3470 cmd->cmd_complete(cmd, 0);
3471 mgmt_pending_remove(cmd);
3477 hci_dev_unlock(hdev);
3481 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3484 struct mgmt_addr_info *addr = data;
3485 struct mgmt_pending_cmd *cmd;
3486 struct hci_conn *conn;
3493 if (!hdev_is_powered(hdev)) {
3494 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3495 MGMT_STATUS_NOT_POWERED);
3499 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3501 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3502 MGMT_STATUS_INVALID_PARAMS);
3506 conn = cmd->user_data;
3508 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3509 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3510 MGMT_STATUS_INVALID_PARAMS);
3514 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3515 mgmt_pending_remove(cmd);
3517 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3518 addr, sizeof(*addr));
3520 hci_dev_unlock(hdev);
3524 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3525 struct mgmt_addr_info *addr, u16 mgmt_op,
3526 u16 hci_op, __le32 passkey)
3528 struct mgmt_pending_cmd *cmd;
3529 struct hci_conn *conn;
3534 if (!hdev_is_powered(hdev)) {
3535 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3536 MGMT_STATUS_NOT_POWERED, addr,
3541 if (addr->type == BDADDR_BREDR)
3542 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3544 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3547 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3548 MGMT_STATUS_NOT_CONNECTED, addr,
3553 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3554 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3556 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3557 MGMT_STATUS_SUCCESS, addr,
3560 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3561 MGMT_STATUS_FAILED, addr,
3567 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3573 cmd->cmd_complete = addr_cmd_complete;
3575 /* Continue with pairing via HCI */
3576 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3577 struct hci_cp_user_passkey_reply cp;
3579 bacpy(&cp.bdaddr, &addr->bdaddr);
3580 cp.passkey = passkey;
3581 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3583 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3587 mgmt_pending_remove(cmd);
3590 hci_dev_unlock(hdev);
3594 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3595 void *data, u16 len)
3597 struct mgmt_cp_pin_code_neg_reply *cp = data;
3601 return user_pairing_resp(sk, hdev, &cp->addr,
3602 MGMT_OP_PIN_CODE_NEG_REPLY,
3603 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3606 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3609 struct mgmt_cp_user_confirm_reply *cp = data;
3613 if (len != sizeof(*cp))
3614 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3615 MGMT_STATUS_INVALID_PARAMS);
3617 return user_pairing_resp(sk, hdev, &cp->addr,
3618 MGMT_OP_USER_CONFIRM_REPLY,
3619 HCI_OP_USER_CONFIRM_REPLY, 0);
3622 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3623 void *data, u16 len)
3625 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3629 return user_pairing_resp(sk, hdev, &cp->addr,
3630 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3631 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3634 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3637 struct mgmt_cp_user_passkey_reply *cp = data;
3641 return user_pairing_resp(sk, hdev, &cp->addr,
3642 MGMT_OP_USER_PASSKEY_REPLY,
3643 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3646 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3647 void *data, u16 len)
3649 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3653 return user_pairing_resp(sk, hdev, &cp->addr,
3654 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3655 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3658 static void update_name(struct hci_request *req)
3660 struct hci_dev *hdev = req->hdev;
3661 struct hci_cp_write_local_name cp;
3663 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3665 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3668 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3670 struct mgmt_cp_set_local_name *cp;
3671 struct mgmt_pending_cmd *cmd;
3673 BT_DBG("status 0x%02x", status);
3677 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3684 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3685 mgmt_status(status));
3687 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3690 mgmt_pending_remove(cmd);
3693 hci_dev_unlock(hdev);
3696 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3699 struct mgmt_cp_set_local_name *cp = data;
3700 struct mgmt_pending_cmd *cmd;
3701 struct hci_request req;
3708 /* If the old values are the same as the new ones just return a
3709 * direct command complete event.
3711 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3712 !memcmp(hdev->short_name, cp->short_name,
3713 sizeof(hdev->short_name))) {
3714 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3719 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3721 if (!hdev_is_powered(hdev)) {
3722 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3724 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3729 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3735 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3741 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3743 hci_req_init(&req, hdev);
3745 if (lmp_bredr_capable(hdev)) {
3750 /* The name is stored in the scan response data and so
3751 * no need to udpate the advertising data here.
3753 if (lmp_le_capable(hdev))
3754 update_scan_rsp_data(&req);
3756 err = hci_req_run(&req, set_name_complete);
3758 mgmt_pending_remove(cmd);
3761 hci_dev_unlock(hdev);
3765 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3766 void *data, u16 data_len)
3768 struct mgmt_pending_cmd *cmd;
3771 BT_DBG("%s", hdev->name);
3775 if (!hdev_is_powered(hdev)) {
3776 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3777 MGMT_STATUS_NOT_POWERED);
3781 if (!lmp_ssp_capable(hdev)) {
3782 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3783 MGMT_STATUS_NOT_SUPPORTED);
3787 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3788 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3793 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3799 if (bredr_sc_enabled(hdev))
3800 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3803 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3806 mgmt_pending_remove(cmd);
3809 hci_dev_unlock(hdev);
3813 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3814 void *data, u16 len)
3816 struct mgmt_addr_info *addr = data;
3819 BT_DBG("%s ", hdev->name);
3821 if (!bdaddr_type_is_valid(addr->type))
3822 return mgmt_cmd_complete(sk, hdev->id,
3823 MGMT_OP_ADD_REMOTE_OOB_DATA,
3824 MGMT_STATUS_INVALID_PARAMS,
3825 addr, sizeof(*addr));
3829 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3830 struct mgmt_cp_add_remote_oob_data *cp = data;
3833 if (cp->addr.type != BDADDR_BREDR) {
3834 err = mgmt_cmd_complete(sk, hdev->id,
3835 MGMT_OP_ADD_REMOTE_OOB_DATA,
3836 MGMT_STATUS_INVALID_PARAMS,
3837 &cp->addr, sizeof(cp->addr));
3841 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3842 cp->addr.type, cp->hash,
3843 cp->rand, NULL, NULL);
3845 status = MGMT_STATUS_FAILED;
3847 status = MGMT_STATUS_SUCCESS;
3849 err = mgmt_cmd_complete(sk, hdev->id,
3850 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3851 &cp->addr, sizeof(cp->addr));
3852 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3853 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3854 u8 *rand192, *hash192, *rand256, *hash256;
3857 if (bdaddr_type_is_le(cp->addr.type)) {
3858 /* Enforce zero-valued 192-bit parameters as
3859 * long as legacy SMP OOB isn't implemented.
3861 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3862 memcmp(cp->hash192, ZERO_KEY, 16)) {
3863 err = mgmt_cmd_complete(sk, hdev->id,
3864 MGMT_OP_ADD_REMOTE_OOB_DATA,
3865 MGMT_STATUS_INVALID_PARAMS,
3866 addr, sizeof(*addr));
3873 /* In case one of the P-192 values is set to zero,
3874 * then just disable OOB data for P-192.
3876 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3877 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3881 rand192 = cp->rand192;
3882 hash192 = cp->hash192;
3886 /* In case one of the P-256 values is set to zero, then just
3887 * disable OOB data for P-256.
3889 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3890 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3894 rand256 = cp->rand256;
3895 hash256 = cp->hash256;
3898 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3899 cp->addr.type, hash192, rand192,
3902 status = MGMT_STATUS_FAILED;
3904 status = MGMT_STATUS_SUCCESS;
3906 err = mgmt_cmd_complete(sk, hdev->id,
3907 MGMT_OP_ADD_REMOTE_OOB_DATA,
3908 status, &cp->addr, sizeof(cp->addr));
3910 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3911 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3912 MGMT_STATUS_INVALID_PARAMS);
3916 hci_dev_unlock(hdev);
3920 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3921 void *data, u16 len)
3923 struct mgmt_cp_remove_remote_oob_data *cp = data;
3927 BT_DBG("%s", hdev->name);
3929 if (cp->addr.type != BDADDR_BREDR)
3930 return mgmt_cmd_complete(sk, hdev->id,
3931 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3932 MGMT_STATUS_INVALID_PARAMS,
3933 &cp->addr, sizeof(cp->addr));
3937 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3938 hci_remote_oob_data_clear(hdev);
3939 status = MGMT_STATUS_SUCCESS;
3943 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3945 status = MGMT_STATUS_INVALID_PARAMS;
3947 status = MGMT_STATUS_SUCCESS;
3950 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3951 status, &cp->addr, sizeof(cp->addr));
3953 hci_dev_unlock(hdev);
3957 static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
3959 struct hci_dev *hdev = req->hdev;
3960 struct hci_cp_inquiry cp;
3961 /* General inquiry access code (GIAC) */
3962 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3964 *status = mgmt_bredr_support(hdev);
3968 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
3969 *status = MGMT_STATUS_BUSY;
3973 hci_inquiry_cache_flush(hdev);
3975 memset(&cp, 0, sizeof(cp));
3976 memcpy(&cp.lap, lap, sizeof(cp.lap));
3977 cp.length = DISCOV_BREDR_INQUIRY_LEN;
3979 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
3984 static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
3986 struct hci_dev *hdev = req->hdev;
3987 struct hci_cp_le_set_scan_param param_cp;
3988 struct hci_cp_le_set_scan_enable enable_cp;
3992 *status = mgmt_le_support(hdev);
3996 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
3997 /* Don't let discovery abort an outgoing connection attempt
3998 * that's using directed advertising.
4000 if (hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
4001 *status = MGMT_STATUS_REJECTED;
4005 disable_advertising(req);
4008 /* If controller is scanning, it means the background scanning is
4009 * running. Thus, we should temporarily stop it in order to set the
4010 * discovery scanning parameters.
4012 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
4013 hci_req_add_le_scan_disable(req);
4015 /* All active scans will be done with either a resolvable private
4016 * address (when privacy feature has been enabled) or non-resolvable
4019 err = hci_update_random_address(req, true, &own_addr_type);
4021 *status = MGMT_STATUS_FAILED;
4025 memset(¶m_cp, 0, sizeof(param_cp));
4026 param_cp.type = LE_SCAN_ACTIVE;
4027 param_cp.interval = cpu_to_le16(interval);
4028 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
4029 param_cp.own_address_type = own_addr_type;
4031 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
4034 memset(&enable_cp, 0, sizeof(enable_cp));
4035 enable_cp.enable = LE_SCAN_ENABLE;
4036 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
4038 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
4044 static bool trigger_discovery(struct hci_request *req, u8 *status)
4046 struct hci_dev *hdev = req->hdev;
4048 switch (hdev->discovery.type) {
4049 case DISCOV_TYPE_BREDR:
4050 if (!trigger_bredr_inquiry(req, status))
4054 case DISCOV_TYPE_INTERLEAVED:
4055 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
4057 /* During simultaneous discovery, we double LE scan
4058 * interval. We must leave some time for the controller
4059 * to do BR/EDR inquiry.
4061 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
4065 if (!trigger_bredr_inquiry(req, status))
4071 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4072 *status = MGMT_STATUS_NOT_SUPPORTED;
4077 case DISCOV_TYPE_LE:
4078 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
4083 *status = MGMT_STATUS_INVALID_PARAMS;
4090 static void start_discovery_complete(struct hci_dev *hdev, u8 status,
4093 struct mgmt_pending_cmd *cmd;
4094 unsigned long timeout;
4096 BT_DBG("status %d", status);
4100 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
4102 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4105 cmd->cmd_complete(cmd, mgmt_status(status));
4106 mgmt_pending_remove(cmd);
4110 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4114 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
4116 /* If the scan involves LE scan, pick proper timeout to schedule
4117 * hdev->le_scan_disable that will stop it.
4119 switch (hdev->discovery.type) {
4120 case DISCOV_TYPE_LE:
4121 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4123 case DISCOV_TYPE_INTERLEAVED:
4124 /* When running simultaneous discovery, the LE scanning time
4125 * should occupy the whole discovery time sine BR/EDR inquiry
4126 * and LE scanning are scheduled by the controller.
4128 * For interleaving discovery in comparison, BR/EDR inquiry
4129 * and LE scanning are done sequentially with separate
4132 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
4133 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4135 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
4137 case DISCOV_TYPE_BREDR:
4141 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
4147 /* When service discovery is used and the controller has
4148 * a strict duplicate filter, it is important to remember
4149 * the start and duration of the scan. This is required
4150 * for restarting scanning during the discovery phase.
4152 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4154 hdev->discovery.result_filtering) {
4155 hdev->discovery.scan_start = jiffies;
4156 hdev->discovery.scan_duration = timeout;
4159 queue_delayed_work(hdev->workqueue,
4160 &hdev->le_scan_disable, timeout);
4164 hci_dev_unlock(hdev);
4167 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4168 void *data, u16 len)
4170 struct mgmt_cp_start_discovery *cp = data;
4171 struct mgmt_pending_cmd *cmd;
4172 struct hci_request req;
4176 BT_DBG("%s", hdev->name);
4180 if (!hdev_is_powered(hdev)) {
4181 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4182 MGMT_STATUS_NOT_POWERED,
4183 &cp->type, sizeof(cp->type));
4187 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4188 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4189 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4190 MGMT_STATUS_BUSY, &cp->type,
4195 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4201 cmd->cmd_complete = generic_cmd_complete;
4203 /* Clear the discovery filter first to free any previously
4204 * allocated memory for the UUID list.
4206 hci_discovery_filter_clear(hdev);
4208 hdev->discovery.type = cp->type;
4209 hdev->discovery.report_invalid_rssi = false;
4211 hci_req_init(&req, hdev);
4213 if (!trigger_discovery(&req, &status)) {
4214 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4215 status, &cp->type, sizeof(cp->type));
4216 mgmt_pending_remove(cmd);
4220 err = hci_req_run(&req, start_discovery_complete);
4222 mgmt_pending_remove(cmd);
4226 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4229 hci_dev_unlock(hdev);
4233 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4236 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4240 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4241 void *data, u16 len)
4243 struct mgmt_cp_start_service_discovery *cp = data;
4244 struct mgmt_pending_cmd *cmd;
4245 struct hci_request req;
4246 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4247 u16 uuid_count, expected_len;
4251 BT_DBG("%s", hdev->name);
4255 if (!hdev_is_powered(hdev)) {
4256 err = mgmt_cmd_complete(sk, hdev->id,
4257 MGMT_OP_START_SERVICE_DISCOVERY,
4258 MGMT_STATUS_NOT_POWERED,
4259 &cp->type, sizeof(cp->type));
4263 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4264 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4265 err = mgmt_cmd_complete(sk, hdev->id,
4266 MGMT_OP_START_SERVICE_DISCOVERY,
4267 MGMT_STATUS_BUSY, &cp->type,
4272 uuid_count = __le16_to_cpu(cp->uuid_count);
4273 if (uuid_count > max_uuid_count) {
4274 BT_ERR("service_discovery: too big uuid_count value %u",
4276 err = mgmt_cmd_complete(sk, hdev->id,
4277 MGMT_OP_START_SERVICE_DISCOVERY,
4278 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4283 expected_len = sizeof(*cp) + uuid_count * 16;
4284 if (expected_len != len) {
4285 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4287 err = mgmt_cmd_complete(sk, hdev->id,
4288 MGMT_OP_START_SERVICE_DISCOVERY,
4289 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4294 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4301 cmd->cmd_complete = service_discovery_cmd_complete;
4303 /* Clear the discovery filter first to free any previously
4304 * allocated memory for the UUID list.
4306 hci_discovery_filter_clear(hdev);
4308 hdev->discovery.result_filtering = true;
4309 hdev->discovery.type = cp->type;
4310 hdev->discovery.rssi = cp->rssi;
4311 hdev->discovery.uuid_count = uuid_count;
4313 if (uuid_count > 0) {
4314 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4316 if (!hdev->discovery.uuids) {
4317 err = mgmt_cmd_complete(sk, hdev->id,
4318 MGMT_OP_START_SERVICE_DISCOVERY,
4320 &cp->type, sizeof(cp->type));
4321 mgmt_pending_remove(cmd);
4326 hci_req_init(&req, hdev);
4328 if (!trigger_discovery(&req, &status)) {
4329 err = mgmt_cmd_complete(sk, hdev->id,
4330 MGMT_OP_START_SERVICE_DISCOVERY,
4331 status, &cp->type, sizeof(cp->type));
4332 mgmt_pending_remove(cmd);
4336 err = hci_req_run(&req, start_discovery_complete);
4338 mgmt_pending_remove(cmd);
4342 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4345 hci_dev_unlock(hdev);
4349 static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4351 struct mgmt_pending_cmd *cmd;
4353 BT_DBG("status %d", status);
4357 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4359 cmd->cmd_complete(cmd, mgmt_status(status));
4360 mgmt_pending_remove(cmd);
4364 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4366 hci_dev_unlock(hdev);
4369 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4372 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4373 struct mgmt_pending_cmd *cmd;
4374 struct hci_request req;
4377 BT_DBG("%s", hdev->name);
4381 if (!hci_discovery_active(hdev)) {
4382 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4383 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4384 sizeof(mgmt_cp->type));
4388 if (hdev->discovery.type != mgmt_cp->type) {
4389 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4390 MGMT_STATUS_INVALID_PARAMS,
4391 &mgmt_cp->type, sizeof(mgmt_cp->type));
4395 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4401 cmd->cmd_complete = generic_cmd_complete;
4403 hci_req_init(&req, hdev);
4405 hci_stop_discovery(&req);
4407 err = hci_req_run(&req, stop_discovery_complete);
4409 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4413 mgmt_pending_remove(cmd);
4415 /* If no HCI commands were sent we're done */
4416 if (err == -ENODATA) {
4417 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4418 &mgmt_cp->type, sizeof(mgmt_cp->type));
4419 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4423 hci_dev_unlock(hdev);
4427 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4430 struct mgmt_cp_confirm_name *cp = data;
4431 struct inquiry_entry *e;
4434 BT_DBG("%s", hdev->name);
4438 if (!hci_discovery_active(hdev)) {
4439 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4440 MGMT_STATUS_FAILED, &cp->addr,
4445 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4447 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4448 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4453 if (cp->name_known) {
4454 e->name_state = NAME_KNOWN;
4457 e->name_state = NAME_NEEDED;
4458 hci_inquiry_cache_update_resolve(hdev, e);
4461 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4462 &cp->addr, sizeof(cp->addr));
4465 hci_dev_unlock(hdev);
4469 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4472 struct mgmt_cp_block_device *cp = data;
4476 BT_DBG("%s", hdev->name);
4478 if (!bdaddr_type_is_valid(cp->addr.type))
4479 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4480 MGMT_STATUS_INVALID_PARAMS,
4481 &cp->addr, sizeof(cp->addr));
4485 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4488 status = MGMT_STATUS_FAILED;
4492 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4494 status = MGMT_STATUS_SUCCESS;
4497 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4498 &cp->addr, sizeof(cp->addr));
4500 hci_dev_unlock(hdev);
4505 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4508 struct mgmt_cp_unblock_device *cp = data;
4512 BT_DBG("%s", hdev->name);
4514 if (!bdaddr_type_is_valid(cp->addr.type))
4515 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4516 MGMT_STATUS_INVALID_PARAMS,
4517 &cp->addr, sizeof(cp->addr));
4521 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4524 status = MGMT_STATUS_INVALID_PARAMS;
4528 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4530 status = MGMT_STATUS_SUCCESS;
4533 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4534 &cp->addr, sizeof(cp->addr));
4536 hci_dev_unlock(hdev);
4541 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4544 struct mgmt_cp_set_device_id *cp = data;
4545 struct hci_request req;
4549 BT_DBG("%s", hdev->name);
4551 source = __le16_to_cpu(cp->source);
4553 if (source > 0x0002)
4554 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4555 MGMT_STATUS_INVALID_PARAMS);
4559 hdev->devid_source = source;
4560 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4561 hdev->devid_product = __le16_to_cpu(cp->product);
4562 hdev->devid_version = __le16_to_cpu(cp->version);
4564 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4567 hci_req_init(&req, hdev);
4569 hci_req_run(&req, NULL);
4571 hci_dev_unlock(hdev);
4576 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4579 BT_DBG("status %d", status);
4582 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4585 struct cmd_lookup match = { NULL, hdev };
4586 struct hci_request req;
4591 u8 mgmt_err = mgmt_status(status);
4593 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4594 cmd_status_rsp, &mgmt_err);
4598 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4599 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4601 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4603 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4606 new_settings(hdev, match.sk);
4611 /* If "Set Advertising" was just disabled and instance advertising was
4612 * set up earlier, then enable the advertising instance.
4614 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4615 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
4618 hci_req_init(&req, hdev);
4620 update_adv_data(&req);
4621 enable_advertising(&req);
4623 if (hci_req_run(&req, enable_advertising_instance) < 0)
4624 BT_ERR("Failed to re-configure advertising");
4627 hci_dev_unlock(hdev);
4630 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4633 struct mgmt_mode *cp = data;
4634 struct mgmt_pending_cmd *cmd;
4635 struct hci_request req;
4639 BT_DBG("request for %s", hdev->name);
4641 status = mgmt_le_support(hdev);
4643 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4646 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4647 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4648 MGMT_STATUS_INVALID_PARAMS);
4654 /* The following conditions are ones which mean that we should
4655 * not do any HCI communication but directly send a mgmt
4656 * response to user space (after toggling the flag if
4659 if (!hdev_is_powered(hdev) ||
4660 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4661 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4662 hci_conn_num(hdev, LE_LINK) > 0 ||
4663 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4664 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4668 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4669 if (cp->val == 0x02)
4670 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4672 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4674 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4675 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4678 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4683 err = new_settings(hdev, sk);
4688 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4689 pending_find(MGMT_OP_SET_LE, hdev)) {
4690 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4695 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4701 hci_req_init(&req, hdev);
4703 if (cp->val == 0x02)
4704 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4706 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4709 /* Switch to instance "0" for the Set Advertising setting. */
4710 update_adv_data_for_instance(&req, 0);
4711 update_scan_rsp_data_for_instance(&req, 0);
4712 enable_advertising(&req);
4714 disable_advertising(&req);
4717 err = hci_req_run(&req, set_advertising_complete);
4719 mgmt_pending_remove(cmd);
4722 hci_dev_unlock(hdev);
4726 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4727 void *data, u16 len)
4729 struct mgmt_cp_set_static_address *cp = data;
4732 BT_DBG("%s", hdev->name);
4734 if (!lmp_le_capable(hdev))
4735 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4736 MGMT_STATUS_NOT_SUPPORTED);
4738 if (hdev_is_powered(hdev))
4739 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4740 MGMT_STATUS_REJECTED);
4742 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4743 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4744 return mgmt_cmd_status(sk, hdev->id,
4745 MGMT_OP_SET_STATIC_ADDRESS,
4746 MGMT_STATUS_INVALID_PARAMS);
4748 /* Two most significant bits shall be set */
4749 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4750 return mgmt_cmd_status(sk, hdev->id,
4751 MGMT_OP_SET_STATIC_ADDRESS,
4752 MGMT_STATUS_INVALID_PARAMS);
4757 bacpy(&hdev->static_addr, &cp->bdaddr);
4759 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4763 err = new_settings(hdev, sk);
4766 hci_dev_unlock(hdev);
4770 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4771 void *data, u16 len)
4773 struct mgmt_cp_set_scan_params *cp = data;
4774 __u16 interval, window;
4777 BT_DBG("%s", hdev->name);
4779 if (!lmp_le_capable(hdev))
4780 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4781 MGMT_STATUS_NOT_SUPPORTED);
4783 interval = __le16_to_cpu(cp->interval);
4785 if (interval < 0x0004 || interval > 0x4000)
4786 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4787 MGMT_STATUS_INVALID_PARAMS);
4789 window = __le16_to_cpu(cp->window);
4791 if (window < 0x0004 || window > 0x4000)
4792 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4793 MGMT_STATUS_INVALID_PARAMS);
4795 if (window > interval)
4796 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4797 MGMT_STATUS_INVALID_PARAMS);
4801 hdev->le_scan_interval = interval;
4802 hdev->le_scan_window = window;
4804 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4807 /* If background scan is running, restart it so new parameters are
4810 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4811 hdev->discovery.state == DISCOVERY_STOPPED) {
4812 struct hci_request req;
4814 hci_req_init(&req, hdev);
4816 hci_req_add_le_scan_disable(&req);
4817 hci_req_add_le_passive_scan(&req);
4819 hci_req_run(&req, NULL);
4822 hci_dev_unlock(hdev);
4827 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4830 struct mgmt_pending_cmd *cmd;
4832 BT_DBG("status 0x%02x", status);
4836 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4841 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4842 mgmt_status(status));
4844 struct mgmt_mode *cp = cmd->param;
4847 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4849 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4851 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4852 new_settings(hdev, cmd->sk);
4855 mgmt_pending_remove(cmd);
4858 hci_dev_unlock(hdev);
4861 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4862 void *data, u16 len)
4864 struct mgmt_mode *cp = data;
4865 struct mgmt_pending_cmd *cmd;
4866 struct hci_request req;
4869 BT_DBG("%s", hdev->name);
4871 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4872 hdev->hci_ver < BLUETOOTH_VER_1_2)
4873 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4874 MGMT_STATUS_NOT_SUPPORTED);
4876 if (cp->val != 0x00 && cp->val != 0x01)
4877 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4878 MGMT_STATUS_INVALID_PARAMS);
4882 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4883 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4888 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4889 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4894 if (!hdev_is_powered(hdev)) {
4895 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4896 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4898 new_settings(hdev, sk);
4902 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4909 hci_req_init(&req, hdev);
4911 write_fast_connectable(&req, cp->val);
4913 err = hci_req_run(&req, fast_connectable_complete);
4915 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4916 MGMT_STATUS_FAILED);
4917 mgmt_pending_remove(cmd);
4921 hci_dev_unlock(hdev);
4926 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4928 struct mgmt_pending_cmd *cmd;
4930 BT_DBG("status 0x%02x", status);
4934 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4939 u8 mgmt_err = mgmt_status(status);
4941 /* We need to restore the flag if related HCI commands
4944 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4946 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4948 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4949 new_settings(hdev, cmd->sk);
4952 mgmt_pending_remove(cmd);
4955 hci_dev_unlock(hdev);
4958 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4960 struct mgmt_mode *cp = data;
4961 struct mgmt_pending_cmd *cmd;
4962 struct hci_request req;
4965 BT_DBG("request for %s", hdev->name);
4967 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4968 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4969 MGMT_STATUS_NOT_SUPPORTED);
4971 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4972 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4973 MGMT_STATUS_REJECTED);
4975 if (cp->val != 0x00 && cp->val != 0x01)
4976 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4977 MGMT_STATUS_INVALID_PARAMS);
4981 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4982 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4986 if (!hdev_is_powered(hdev)) {
4988 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4989 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4990 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4991 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4992 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4995 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4997 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5001 err = new_settings(hdev, sk);
5005 /* Reject disabling when powered on */
5007 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5008 MGMT_STATUS_REJECTED);
5011 /* When configuring a dual-mode controller to operate
5012 * with LE only and using a static address, then switching
5013 * BR/EDR back on is not allowed.
5015 * Dual-mode controllers shall operate with the public
5016 * address as its identity address for BR/EDR and LE. So
5017 * reject the attempt to create an invalid configuration.
5019 * The same restrictions applies when secure connections
5020 * has been enabled. For BR/EDR this is a controller feature
5021 * while for LE it is a host stack feature. This means that
5022 * switching BR/EDR back on when secure connections has been
5023 * enabled is not a supported transaction.
5025 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5026 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5027 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
5028 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5029 MGMT_STATUS_REJECTED);
5034 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
5035 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5040 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5046 /* We need to flip the bit already here so that update_adv_data
5047 * generates the correct flags.
5049 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
5051 hci_req_init(&req, hdev);
5053 write_fast_connectable(&req, false);
5054 __hci_update_page_scan(&req);
5056 /* Since only the advertising data flags will change, there
5057 * is no need to update the scan response data.
5059 update_adv_data(&req);
5061 err = hci_req_run(&req, set_bredr_complete);
5063 mgmt_pending_remove(cmd);
5066 hci_dev_unlock(hdev);
5070 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5072 struct mgmt_pending_cmd *cmd;
5073 struct mgmt_mode *cp;
5075 BT_DBG("%s status %u", hdev->name, status);
5079 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5084 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5085 mgmt_status(status));
5093 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5094 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5097 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5098 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5101 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5102 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5106 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5107 new_settings(hdev, cmd->sk);
5110 mgmt_pending_remove(cmd);
5112 hci_dev_unlock(hdev);
5115 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5116 void *data, u16 len)
5118 struct mgmt_mode *cp = data;
5119 struct mgmt_pending_cmd *cmd;
5120 struct hci_request req;
5124 BT_DBG("request for %s", hdev->name);
5126 if (!lmp_sc_capable(hdev) &&
5127 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5128 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5129 MGMT_STATUS_NOT_SUPPORTED);
5131 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5132 lmp_sc_capable(hdev) &&
5133 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
5134 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5135 MGMT_STATUS_REJECTED);
5137 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5138 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5139 MGMT_STATUS_INVALID_PARAMS);
5143 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5144 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5148 changed = !hci_dev_test_and_set_flag(hdev,
5150 if (cp->val == 0x02)
5151 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5153 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5155 changed = hci_dev_test_and_clear_flag(hdev,
5157 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5160 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5165 err = new_settings(hdev, sk);
5170 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5171 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5178 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5179 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5180 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5184 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5190 hci_req_init(&req, hdev);
5191 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5192 err = hci_req_run(&req, sc_enable_complete);
5194 mgmt_pending_remove(cmd);
5199 hci_dev_unlock(hdev);
5203 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5204 void *data, u16 len)
5206 struct mgmt_mode *cp = data;
5207 bool changed, use_changed;
5210 BT_DBG("request for %s", hdev->name);
5212 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5213 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5214 MGMT_STATUS_INVALID_PARAMS);
5219 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5221 changed = hci_dev_test_and_clear_flag(hdev,
5222 HCI_KEEP_DEBUG_KEYS);
5224 if (cp->val == 0x02)
5225 use_changed = !hci_dev_test_and_set_flag(hdev,
5226 HCI_USE_DEBUG_KEYS);
5228 use_changed = hci_dev_test_and_clear_flag(hdev,
5229 HCI_USE_DEBUG_KEYS);
5231 if (hdev_is_powered(hdev) && use_changed &&
5232 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5233 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5234 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5235 sizeof(mode), &mode);
5238 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5243 err = new_settings(hdev, sk);
5246 hci_dev_unlock(hdev);
5250 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5253 struct mgmt_cp_set_privacy *cp = cp_data;
5257 BT_DBG("request for %s", hdev->name);
5259 if (!lmp_le_capable(hdev))
5260 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5261 MGMT_STATUS_NOT_SUPPORTED);
5263 if (cp->privacy != 0x00 && cp->privacy != 0x01)
5264 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5265 MGMT_STATUS_INVALID_PARAMS);
5267 if (hdev_is_powered(hdev))
5268 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5269 MGMT_STATUS_REJECTED);
5273 /* If user space supports this command it is also expected to
5274 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5276 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5279 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
5280 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5281 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5283 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
5284 memset(hdev->irk, 0, sizeof(hdev->irk));
5285 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
5288 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5293 err = new_settings(hdev, sk);
5296 hci_dev_unlock(hdev);
5300 static bool irk_is_valid(struct mgmt_irk_info *irk)
5302 switch (irk->addr.type) {
5303 case BDADDR_LE_PUBLIC:
5306 case BDADDR_LE_RANDOM:
5307 /* Two most significant bits shall be set */
5308 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5316 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5319 struct mgmt_cp_load_irks *cp = cp_data;
5320 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5321 sizeof(struct mgmt_irk_info));
5322 u16 irk_count, expected_len;
5325 BT_DBG("request for %s", hdev->name);
5327 if (!lmp_le_capable(hdev))
5328 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5329 MGMT_STATUS_NOT_SUPPORTED);
5331 irk_count = __le16_to_cpu(cp->irk_count);
5332 if (irk_count > max_irk_count) {
5333 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5334 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5335 MGMT_STATUS_INVALID_PARAMS);
5338 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5339 if (expected_len != len) {
5340 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5342 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5343 MGMT_STATUS_INVALID_PARAMS);
5346 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5348 for (i = 0; i < irk_count; i++) {
5349 struct mgmt_irk_info *key = &cp->irks[i];
5351 if (!irk_is_valid(key))
5352 return mgmt_cmd_status(sk, hdev->id,
5354 MGMT_STATUS_INVALID_PARAMS);
5359 hci_smp_irks_clear(hdev);
5361 for (i = 0; i < irk_count; i++) {
5362 struct mgmt_irk_info *irk = &cp->irks[i];
5365 if (irk->addr.type == BDADDR_LE_PUBLIC)
5366 addr_type = ADDR_LE_DEV_PUBLIC;
5368 addr_type = ADDR_LE_DEV_RANDOM;
5370 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5374 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5376 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5378 hci_dev_unlock(hdev);
5383 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5385 if (key->master != 0x00 && key->master != 0x01)
5388 switch (key->addr.type) {
5389 case BDADDR_LE_PUBLIC:
5392 case BDADDR_LE_RANDOM:
5393 /* Two most significant bits shall be set */
5394 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5402 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5403 void *cp_data, u16 len)
5405 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5406 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5407 sizeof(struct mgmt_ltk_info));
5408 u16 key_count, expected_len;
5411 BT_DBG("request for %s", hdev->name);
5413 if (!lmp_le_capable(hdev))
5414 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5415 MGMT_STATUS_NOT_SUPPORTED);
5417 key_count = __le16_to_cpu(cp->key_count);
5418 if (key_count > max_key_count) {
5419 BT_ERR("load_ltks: too big key_count value %u", key_count);
5420 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5421 MGMT_STATUS_INVALID_PARAMS);
5424 expected_len = sizeof(*cp) + key_count *
5425 sizeof(struct mgmt_ltk_info);
5426 if (expected_len != len) {
5427 BT_ERR("load_keys: expected %u bytes, got %u bytes",
5429 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5430 MGMT_STATUS_INVALID_PARAMS);
5433 BT_DBG("%s key_count %u", hdev->name, key_count);
5435 for (i = 0; i < key_count; i++) {
5436 struct mgmt_ltk_info *key = &cp->keys[i];
5438 if (!ltk_is_valid(key))
5439 return mgmt_cmd_status(sk, hdev->id,
5440 MGMT_OP_LOAD_LONG_TERM_KEYS,
5441 MGMT_STATUS_INVALID_PARAMS);
5446 hci_smp_ltks_clear(hdev);
5448 for (i = 0; i < key_count; i++) {
5449 struct mgmt_ltk_info *key = &cp->keys[i];
5450 u8 type, addr_type, authenticated;
5452 if (key->addr.type == BDADDR_LE_PUBLIC)
5453 addr_type = ADDR_LE_DEV_PUBLIC;
5455 addr_type = ADDR_LE_DEV_RANDOM;
5457 switch (key->type) {
5458 case MGMT_LTK_UNAUTHENTICATED:
5459 authenticated = 0x00;
5460 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5462 case MGMT_LTK_AUTHENTICATED:
5463 authenticated = 0x01;
5464 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5466 case MGMT_LTK_P256_UNAUTH:
5467 authenticated = 0x00;
5468 type = SMP_LTK_P256;
5470 case MGMT_LTK_P256_AUTH:
5471 authenticated = 0x01;
5472 type = SMP_LTK_P256;
5474 case MGMT_LTK_P256_DEBUG:
5475 authenticated = 0x00;
5476 type = SMP_LTK_P256_DEBUG;
5481 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
5482 authenticated, key->val, key->enc_size, key->ediv,
5486 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5489 hci_dev_unlock(hdev);
5494 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5496 struct hci_conn *conn = cmd->user_data;
5497 struct mgmt_rp_get_conn_info rp;
5500 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5502 if (status == MGMT_STATUS_SUCCESS) {
5503 rp.rssi = conn->rssi;
5504 rp.tx_power = conn->tx_power;
5505 rp.max_tx_power = conn->max_tx_power;
5507 rp.rssi = HCI_RSSI_INVALID;
5508 rp.tx_power = HCI_TX_POWER_INVALID;
5509 rp.max_tx_power = HCI_TX_POWER_INVALID;
5512 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5513 status, &rp, sizeof(rp));
5515 hci_conn_drop(conn);
5521 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5524 struct hci_cp_read_rssi *cp;
5525 struct mgmt_pending_cmd *cmd;
5526 struct hci_conn *conn;
5530 BT_DBG("status 0x%02x", hci_status);
5534 /* Commands sent in request are either Read RSSI or Read Transmit Power
5535 * Level so we check which one was last sent to retrieve connection
5536 * handle. Both commands have handle as first parameter so it's safe to
5537 * cast data on the same command struct.
5539 * First command sent is always Read RSSI and we fail only if it fails.
5540 * In other case we simply override error to indicate success as we
5541 * already remembered if TX power value is actually valid.
5543 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5545 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5546 status = MGMT_STATUS_SUCCESS;
5548 status = mgmt_status(hci_status);
5552 BT_ERR("invalid sent_cmd in conn_info response");
5556 handle = __le16_to_cpu(cp->handle);
5557 conn = hci_conn_hash_lookup_handle(hdev, handle);
5559 BT_ERR("unknown handle (%d) in conn_info response", handle);
5563 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5567 cmd->cmd_complete(cmd, status);
5568 mgmt_pending_remove(cmd);
5571 hci_dev_unlock(hdev);
5574 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5577 struct mgmt_cp_get_conn_info *cp = data;
5578 struct mgmt_rp_get_conn_info rp;
5579 struct hci_conn *conn;
5580 unsigned long conn_info_age;
5583 BT_DBG("%s", hdev->name);
5585 memset(&rp, 0, sizeof(rp));
5586 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5587 rp.addr.type = cp->addr.type;
5589 if (!bdaddr_type_is_valid(cp->addr.type))
5590 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5591 MGMT_STATUS_INVALID_PARAMS,
5596 if (!hdev_is_powered(hdev)) {
5597 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5598 MGMT_STATUS_NOT_POWERED, &rp,
5603 if (cp->addr.type == BDADDR_BREDR)
5604 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5607 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5609 if (!conn || conn->state != BT_CONNECTED) {
5610 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5611 MGMT_STATUS_NOT_CONNECTED, &rp,
5616 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5617 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5618 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5622 /* To avoid client trying to guess when to poll again for information we
5623 * calculate conn info age as random value between min/max set in hdev.
5625 conn_info_age = hdev->conn_info_min_age +
5626 prandom_u32_max(hdev->conn_info_max_age -
5627 hdev->conn_info_min_age);
5629 /* Query controller to refresh cached values if they are too old or were
5632 if (time_after(jiffies, conn->conn_info_timestamp +
5633 msecs_to_jiffies(conn_info_age)) ||
5634 !conn->conn_info_timestamp) {
5635 struct hci_request req;
5636 struct hci_cp_read_tx_power req_txp_cp;
5637 struct hci_cp_read_rssi req_rssi_cp;
5638 struct mgmt_pending_cmd *cmd;
5640 hci_req_init(&req, hdev);
5641 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5642 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5645 /* For LE links TX power does not change thus we don't need to
5646 * query for it once value is known.
5648 if (!bdaddr_type_is_le(cp->addr.type) ||
5649 conn->tx_power == HCI_TX_POWER_INVALID) {
5650 req_txp_cp.handle = cpu_to_le16(conn->handle);
5651 req_txp_cp.type = 0x00;
5652 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5653 sizeof(req_txp_cp), &req_txp_cp);
5656 /* Max TX power needs to be read only once per connection */
5657 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5658 req_txp_cp.handle = cpu_to_le16(conn->handle);
5659 req_txp_cp.type = 0x01;
5660 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5661 sizeof(req_txp_cp), &req_txp_cp);
5664 err = hci_req_run(&req, conn_info_refresh_complete);
5668 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5675 hci_conn_hold(conn);
5676 cmd->user_data = hci_conn_get(conn);
5677 cmd->cmd_complete = conn_info_cmd_complete;
5679 conn->conn_info_timestamp = jiffies;
5681 /* Cache is valid, just reply with values cached in hci_conn */
5682 rp.rssi = conn->rssi;
5683 rp.tx_power = conn->tx_power;
5684 rp.max_tx_power = conn->max_tx_power;
5686 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5687 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5691 hci_dev_unlock(hdev);
5695 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5697 struct hci_conn *conn = cmd->user_data;
5698 struct mgmt_rp_get_clock_info rp;
5699 struct hci_dev *hdev;
5702 memset(&rp, 0, sizeof(rp));
5703 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5708 hdev = hci_dev_get(cmd->index);
5710 rp.local_clock = cpu_to_le32(hdev->clock);
5715 rp.piconet_clock = cpu_to_le32(conn->clock);
5716 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5720 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5724 hci_conn_drop(conn);
5731 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5733 struct hci_cp_read_clock *hci_cp;
5734 struct mgmt_pending_cmd *cmd;
5735 struct hci_conn *conn;
5737 BT_DBG("%s status %u", hdev->name, status);
5741 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5745 if (hci_cp->which) {
5746 u16 handle = __le16_to_cpu(hci_cp->handle);
5747 conn = hci_conn_hash_lookup_handle(hdev, handle);
5752 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5756 cmd->cmd_complete(cmd, mgmt_status(status));
5757 mgmt_pending_remove(cmd);
5760 hci_dev_unlock(hdev);
5763 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5766 struct mgmt_cp_get_clock_info *cp = data;
5767 struct mgmt_rp_get_clock_info rp;
5768 struct hci_cp_read_clock hci_cp;
5769 struct mgmt_pending_cmd *cmd;
5770 struct hci_request req;
5771 struct hci_conn *conn;
5774 BT_DBG("%s", hdev->name);
5776 memset(&rp, 0, sizeof(rp));
5777 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5778 rp.addr.type = cp->addr.type;
5780 if (cp->addr.type != BDADDR_BREDR)
5781 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5782 MGMT_STATUS_INVALID_PARAMS,
5787 if (!hdev_is_powered(hdev)) {
5788 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5789 MGMT_STATUS_NOT_POWERED, &rp,
5794 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5795 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5797 if (!conn || conn->state != BT_CONNECTED) {
5798 err = mgmt_cmd_complete(sk, hdev->id,
5799 MGMT_OP_GET_CLOCK_INFO,
5800 MGMT_STATUS_NOT_CONNECTED,
5808 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5814 cmd->cmd_complete = clock_info_cmd_complete;
5816 hci_req_init(&req, hdev);
5818 memset(&hci_cp, 0, sizeof(hci_cp));
5819 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5822 hci_conn_hold(conn);
5823 cmd->user_data = hci_conn_get(conn);
5825 hci_cp.handle = cpu_to_le16(conn->handle);
5826 hci_cp.which = 0x01; /* Piconet clock */
5827 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5830 err = hci_req_run(&req, get_clock_info_complete);
5832 mgmt_pending_remove(cmd);
5835 hci_dev_unlock(hdev);
5839 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5841 struct hci_conn *conn;
5843 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5847 if (conn->dst_type != type)
5850 if (conn->state != BT_CONNECTED)
5856 /* This function requires the caller holds hdev->lock */
5857 static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5858 u8 addr_type, u8 auto_connect)
5860 struct hci_dev *hdev = req->hdev;
5861 struct hci_conn_params *params;
5863 params = hci_conn_params_add(hdev, addr, addr_type);
5867 if (params->auto_connect == auto_connect)
5870 list_del_init(¶ms->action);
5872 switch (auto_connect) {
5873 case HCI_AUTO_CONN_DISABLED:
5874 case HCI_AUTO_CONN_LINK_LOSS:
5875 __hci_update_background_scan(req);
5877 case HCI_AUTO_CONN_REPORT:
5878 list_add(¶ms->action, &hdev->pend_le_reports);
5879 __hci_update_background_scan(req);
5881 case HCI_AUTO_CONN_DIRECT:
5882 case HCI_AUTO_CONN_ALWAYS:
5883 if (!is_connected(hdev, addr, addr_type)) {
5884 list_add(¶ms->action, &hdev->pend_le_conns);
5885 __hci_update_background_scan(req);
5890 params->auto_connect = auto_connect;
5892 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5898 static void device_added(struct sock *sk, struct hci_dev *hdev,
5899 bdaddr_t *bdaddr, u8 type, u8 action)
5901 struct mgmt_ev_device_added ev;
5903 bacpy(&ev.addr.bdaddr, bdaddr);
5904 ev.addr.type = type;
5907 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5910 static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5912 struct mgmt_pending_cmd *cmd;
5914 BT_DBG("status 0x%02x", status);
5918 cmd = pending_find(MGMT_OP_ADD_DEVICE, hdev);
5922 cmd->cmd_complete(cmd, mgmt_status(status));
5923 mgmt_pending_remove(cmd);
5926 hci_dev_unlock(hdev);
5929 static int add_device(struct sock *sk, struct hci_dev *hdev,
5930 void *data, u16 len)
5932 struct mgmt_cp_add_device *cp = data;
5933 struct mgmt_pending_cmd *cmd;
5934 struct hci_request req;
5935 u8 auto_conn, addr_type;
5938 BT_DBG("%s", hdev->name);
5940 if (!bdaddr_type_is_valid(cp->addr.type) ||
5941 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5942 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5943 MGMT_STATUS_INVALID_PARAMS,
5944 &cp->addr, sizeof(cp->addr));
5946 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5947 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5948 MGMT_STATUS_INVALID_PARAMS,
5949 &cp->addr, sizeof(cp->addr));
5951 hci_req_init(&req, hdev);
5955 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5961 cmd->cmd_complete = addr_cmd_complete;
5963 if (cp->addr.type == BDADDR_BREDR) {
5964 /* Only incoming connections action is supported for now */
5965 if (cp->action != 0x01) {
5966 err = cmd->cmd_complete(cmd,
5967 MGMT_STATUS_INVALID_PARAMS);
5968 mgmt_pending_remove(cmd);
5972 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5977 __hci_update_page_scan(&req);
5982 if (cp->addr.type == BDADDR_LE_PUBLIC)
5983 addr_type = ADDR_LE_DEV_PUBLIC;
5985 addr_type = ADDR_LE_DEV_RANDOM;
5987 if (cp->action == 0x02)
5988 auto_conn = HCI_AUTO_CONN_ALWAYS;
5989 else if (cp->action == 0x01)
5990 auto_conn = HCI_AUTO_CONN_DIRECT;
5992 auto_conn = HCI_AUTO_CONN_REPORT;
5994 /* If the connection parameters don't exist for this device,
5995 * they will be created and configured with defaults.
5997 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
5999 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
6000 mgmt_pending_remove(cmd);
6005 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
6007 err = hci_req_run(&req, add_device_complete);
6009 /* ENODATA means no HCI commands were needed (e.g. if
6010 * the adapter is powered off).
6012 if (err == -ENODATA)
6013 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6014 mgmt_pending_remove(cmd);
6018 hci_dev_unlock(hdev);
6022 static void device_removed(struct sock *sk, struct hci_dev *hdev,
6023 bdaddr_t *bdaddr, u8 type)
6025 struct mgmt_ev_device_removed ev;
6027 bacpy(&ev.addr.bdaddr, bdaddr);
6028 ev.addr.type = type;
6030 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6033 static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6035 struct mgmt_pending_cmd *cmd;
6037 BT_DBG("status 0x%02x", status);
6041 cmd = pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
6045 cmd->cmd_complete(cmd, mgmt_status(status));
6046 mgmt_pending_remove(cmd);
6049 hci_dev_unlock(hdev);
6052 static int remove_device(struct sock *sk, struct hci_dev *hdev,
6053 void *data, u16 len)
6055 struct mgmt_cp_remove_device *cp = data;
6056 struct mgmt_pending_cmd *cmd;
6057 struct hci_request req;
6060 BT_DBG("%s", hdev->name);
6062 hci_req_init(&req, hdev);
6066 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
6072 cmd->cmd_complete = addr_cmd_complete;
6074 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6075 struct hci_conn_params *params;
6078 if (!bdaddr_type_is_valid(cp->addr.type)) {
6079 err = cmd->cmd_complete(cmd,
6080 MGMT_STATUS_INVALID_PARAMS);
6081 mgmt_pending_remove(cmd);
6085 if (cp->addr.type == BDADDR_BREDR) {
6086 err = hci_bdaddr_list_del(&hdev->whitelist,
6090 err = cmd->cmd_complete(cmd,
6091 MGMT_STATUS_INVALID_PARAMS);
6092 mgmt_pending_remove(cmd);
6096 __hci_update_page_scan(&req);
6098 device_removed(sk, hdev, &cp->addr.bdaddr,
6103 if (cp->addr.type == BDADDR_LE_PUBLIC)
6104 addr_type = ADDR_LE_DEV_PUBLIC;
6106 addr_type = ADDR_LE_DEV_RANDOM;
6108 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6111 err = cmd->cmd_complete(cmd,
6112 MGMT_STATUS_INVALID_PARAMS);
6113 mgmt_pending_remove(cmd);
6117 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
6118 err = cmd->cmd_complete(cmd,
6119 MGMT_STATUS_INVALID_PARAMS);
6120 mgmt_pending_remove(cmd);
6124 list_del(¶ms->action);
6125 list_del(¶ms->list);
6127 __hci_update_background_scan(&req);
6129 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
6131 struct hci_conn_params *p, *tmp;
6132 struct bdaddr_list *b, *btmp;
6134 if (cp->addr.type) {
6135 err = cmd->cmd_complete(cmd,
6136 MGMT_STATUS_INVALID_PARAMS);
6137 mgmt_pending_remove(cmd);
6141 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6142 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6147 __hci_update_page_scan(&req);
6149 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6150 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6152 device_removed(sk, hdev, &p->addr, p->addr_type);
6153 list_del(&p->action);
6158 BT_DBG("All LE connection parameters were removed");
6160 __hci_update_background_scan(&req);
6164 err = hci_req_run(&req, remove_device_complete);
6166 /* ENODATA means no HCI commands were needed (e.g. if
6167 * the adapter is powered off).
6169 if (err == -ENODATA)
6170 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6171 mgmt_pending_remove(cmd);
6175 hci_dev_unlock(hdev);
6179 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6182 struct mgmt_cp_load_conn_param *cp = data;
6183 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6184 sizeof(struct mgmt_conn_param));
6185 u16 param_count, expected_len;
6188 if (!lmp_le_capable(hdev))
6189 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6190 MGMT_STATUS_NOT_SUPPORTED);
6192 param_count = __le16_to_cpu(cp->param_count);
6193 if (param_count > max_param_count) {
6194 BT_ERR("load_conn_param: too big param_count value %u",
6196 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6197 MGMT_STATUS_INVALID_PARAMS);
6200 expected_len = sizeof(*cp) + param_count *
6201 sizeof(struct mgmt_conn_param);
6202 if (expected_len != len) {
6203 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6205 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6206 MGMT_STATUS_INVALID_PARAMS);
6209 BT_DBG("%s param_count %u", hdev->name, param_count);
6213 hci_conn_params_clear_disabled(hdev);
6215 for (i = 0; i < param_count; i++) {
6216 struct mgmt_conn_param *param = &cp->params[i];
6217 struct hci_conn_params *hci_param;
6218 u16 min, max, latency, timeout;
6221 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
6224 if (param->addr.type == BDADDR_LE_PUBLIC) {
6225 addr_type = ADDR_LE_DEV_PUBLIC;
6226 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6227 addr_type = ADDR_LE_DEV_RANDOM;
6229 BT_ERR("Ignoring invalid connection parameters");
6233 min = le16_to_cpu(param->min_interval);
6234 max = le16_to_cpu(param->max_interval);
6235 latency = le16_to_cpu(param->latency);
6236 timeout = le16_to_cpu(param->timeout);
6238 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6239 min, max, latency, timeout);
6241 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6242 BT_ERR("Ignoring invalid connection parameters");
6246 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
6249 BT_ERR("Failed to add connection parameters");
6253 hci_param->conn_min_interval = min;
6254 hci_param->conn_max_interval = max;
6255 hci_param->conn_latency = latency;
6256 hci_param->supervision_timeout = timeout;
6259 hci_dev_unlock(hdev);
6261 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6265 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6266 void *data, u16 len)
6268 struct mgmt_cp_set_external_config *cp = data;
6272 BT_DBG("%s", hdev->name);
6274 if (hdev_is_powered(hdev))
6275 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6276 MGMT_STATUS_REJECTED);
6278 if (cp->config != 0x00 && cp->config != 0x01)
6279 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6280 MGMT_STATUS_INVALID_PARAMS);
6282 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6283 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6284 MGMT_STATUS_NOT_SUPPORTED);
6289 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6291 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6293 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6300 err = new_options(hdev, sk);
6302 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6303 mgmt_index_removed(hdev);
6305 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6306 hci_dev_set_flag(hdev, HCI_CONFIG);
6307 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6309 queue_work(hdev->req_workqueue, &hdev->power_on);
6311 set_bit(HCI_RAW, &hdev->flags);
6312 mgmt_index_added(hdev);
6317 hci_dev_unlock(hdev);
6321 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6322 void *data, u16 len)
6324 struct mgmt_cp_set_public_address *cp = data;
6328 BT_DBG("%s", hdev->name);
6330 if (hdev_is_powered(hdev))
6331 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6332 MGMT_STATUS_REJECTED);
6334 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6335 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6336 MGMT_STATUS_INVALID_PARAMS);
6338 if (!hdev->set_bdaddr)
6339 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6340 MGMT_STATUS_NOT_SUPPORTED);
6344 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6345 bacpy(&hdev->public_addr, &cp->bdaddr);
6347 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6354 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6355 err = new_options(hdev, sk);
6357 if (is_configured(hdev)) {
6358 mgmt_index_removed(hdev);
6360 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6362 hci_dev_set_flag(hdev, HCI_CONFIG);
6363 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6365 queue_work(hdev->req_workqueue, &hdev->power_on);
6369 hci_dev_unlock(hdev);
6373 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6376 eir[eir_len++] = sizeof(type) + data_len;
6377 eir[eir_len++] = type;
6378 memcpy(&eir[eir_len], data, data_len);
6379 eir_len += data_len;
6384 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6385 void *data, u16 data_len)
6387 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6388 struct mgmt_rp_read_local_oob_ext_data *rp;
6391 u8 status, flags, role, addr[7], hash[16], rand[16];
6394 BT_DBG("%s", hdev->name);
6396 if (!hdev_is_powered(hdev))
6397 return mgmt_cmd_complete(sk, hdev->id,
6398 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6399 MGMT_STATUS_NOT_POWERED,
6400 &cp->type, sizeof(cp->type));
6403 case BIT(BDADDR_BREDR):
6404 status = mgmt_bredr_support(hdev);
6406 return mgmt_cmd_complete(sk, hdev->id,
6407 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6412 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6413 status = mgmt_le_support(hdev);
6415 return mgmt_cmd_complete(sk, hdev->id,
6416 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6419 eir_len = 9 + 3 + 18 + 18 + 3;
6422 return mgmt_cmd_complete(sk, hdev->id,
6423 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6424 MGMT_STATUS_INVALID_PARAMS,
6425 &cp->type, sizeof(cp->type));
6430 rp_len = sizeof(*rp) + eir_len;
6431 rp = kmalloc(rp_len, GFP_ATOMIC);
6433 hci_dev_unlock(hdev);
6439 case BIT(BDADDR_BREDR):
6440 eir_len = eir_append_data(rp->eir, eir_len, EIR_CLASS_OF_DEV,
6441 hdev->dev_class, 3);
6443 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6444 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6445 smp_generate_oob(hdev, hash, rand) < 0) {
6446 hci_dev_unlock(hdev);
6447 err = mgmt_cmd_complete(sk, hdev->id,
6448 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6450 &cp->type, sizeof(cp->type));
6454 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6455 memcpy(addr, &hdev->rpa, 6);
6457 } else if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6458 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6459 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6460 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6461 memcpy(addr, &hdev->static_addr, 6);
6464 memcpy(addr, &hdev->bdaddr, 6);
6468 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6469 addr, sizeof(addr));
6471 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6476 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6477 &role, sizeof(role));
6479 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6480 eir_len = eir_append_data(rp->eir, eir_len,
6482 hash, sizeof(hash));
6484 eir_len = eir_append_data(rp->eir, eir_len,
6486 rand, sizeof(rand));
6489 flags = get_adv_discov_flags(hdev);
6491 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6492 flags |= LE_AD_NO_BREDR;
6494 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6495 &flags, sizeof(flags));
6499 rp->type = cp->type;
6500 rp->eir_len = cpu_to_le16(eir_len);
6502 hci_dev_unlock(hdev);
6504 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6506 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6507 MGMT_STATUS_SUCCESS, rp, sizeof(*rp) + eir_len);
6511 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6512 rp, sizeof(*rp) + eir_len,
6513 HCI_MGMT_OOB_DATA_EVENTS, sk);
6521 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6522 void *data, u16 data_len)
6524 struct mgmt_rp_read_adv_features *rp;
6529 BT_DBG("%s", hdev->name);
6533 rp_len = sizeof(*rp);
6535 /* Currently only one instance is supported, so just add 1 to the
6538 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6542 rp = kmalloc(rp_len, GFP_ATOMIC);
6544 hci_dev_unlock(hdev);
6548 rp->supported_flags = cpu_to_le32(0);
6549 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6550 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6551 rp->max_instances = 1;
6553 /* Currently only one instance is supported, so simply return the
6554 * current instance number.
6557 rp->num_instances = 1;
6558 rp->instance[0] = 1;
6560 rp->num_instances = 0;
6563 hci_dev_unlock(hdev);
6565 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6566 MGMT_STATUS_SUCCESS, rp, rp_len);
6573 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6574 u8 len, bool is_adv_data)
6576 u8 max_len = HCI_MAX_AD_LENGTH;
6578 bool flags_managed = false;
6580 if (is_adv_data && (adv_flags & MGMT_ADV_FLAG_DISCOV)) {
6581 flags_managed = true;
6588 /* Make sure that the data is correctly formatted. */
6589 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6592 if (flags_managed && data[i + 1] == EIR_FLAGS)
6595 /* If the current field length would exceed the total data
6596 * length, then it's invalid.
6598 if (i + cur_len >= len)
6605 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6608 struct mgmt_pending_cmd *cmd;
6609 struct mgmt_rp_add_advertising rp;
6611 BT_DBG("status %d", status);
6615 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6618 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6619 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6620 advertising_removed(cmd ? cmd->sk : NULL, hdev, 1);
6629 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6630 mgmt_status(status));
6632 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6633 mgmt_status(status), &rp, sizeof(rp));
6635 mgmt_pending_remove(cmd);
6638 hci_dev_unlock(hdev);
6641 static void adv_timeout_expired(struct work_struct *work)
6643 struct hci_dev *hdev = container_of(work, struct hci_dev,
6644 adv_instance.timeout_exp.work);
6646 hdev->adv_instance.timeout = 0;
6649 clear_adv_instance(hdev);
6650 hci_dev_unlock(hdev);
6653 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6654 void *data, u16 data_len)
6656 struct mgmt_cp_add_advertising *cp = data;
6657 struct mgmt_rp_add_advertising rp;
6662 struct mgmt_pending_cmd *cmd;
6663 struct hci_request req;
6665 BT_DBG("%s", hdev->name);
6667 status = mgmt_le_support(hdev);
6669 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6672 flags = __le32_to_cpu(cp->flags);
6673 timeout = __le16_to_cpu(cp->timeout);
6675 /* The current implementation only supports adding one instance */
6676 if (cp->instance != 0x01)
6677 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6678 MGMT_STATUS_INVALID_PARAMS);
6682 if (timeout && !hdev_is_powered(hdev)) {
6683 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6684 MGMT_STATUS_REJECTED);
6688 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6689 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6690 pending_find(MGMT_OP_SET_LE, hdev)) {
6691 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6696 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6697 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6698 cp->scan_rsp_len, false)) {
6699 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6700 MGMT_STATUS_INVALID_PARAMS);
6704 INIT_DELAYED_WORK(&hdev->adv_instance.timeout_exp, adv_timeout_expired);
6706 hdev->adv_instance.flags = flags;
6707 hdev->adv_instance.adv_data_len = cp->adv_data_len;
6708 hdev->adv_instance.scan_rsp_len = cp->scan_rsp_len;
6710 if (cp->adv_data_len)
6711 memcpy(hdev->adv_instance.adv_data, cp->data, cp->adv_data_len);
6713 if (cp->scan_rsp_len)
6714 memcpy(hdev->adv_instance.scan_rsp_data,
6715 cp->data + cp->adv_data_len, cp->scan_rsp_len);
6717 if (hdev->adv_instance.timeout)
6718 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
6720 hdev->adv_instance.timeout = timeout;
6723 queue_delayed_work(hdev->workqueue,
6724 &hdev->adv_instance.timeout_exp,
6725 msecs_to_jiffies(timeout * 1000));
6727 if (!hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING_INSTANCE))
6728 advertising_added(sk, hdev, 1);
6730 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
6731 * we have no HCI communication to make. Simply return.
6733 if (!hdev_is_powered(hdev) ||
6734 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6736 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6737 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6741 /* We're good to go, update advertising data, parameters, and start
6744 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6751 hci_req_init(&req, hdev);
6753 update_adv_data(&req);
6754 update_scan_rsp_data(&req);
6755 enable_advertising(&req);
6757 err = hci_req_run(&req, add_advertising_complete);
6759 mgmt_pending_remove(cmd);
6762 hci_dev_unlock(hdev);
6767 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6770 struct mgmt_pending_cmd *cmd;
6771 struct mgmt_rp_remove_advertising rp;
6773 BT_DBG("status %d", status);
6777 /* A failure status here only means that we failed to disable
6778 * advertising. Otherwise, the advertising instance has been removed,
6779 * so report success.
6781 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6787 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6789 mgmt_pending_remove(cmd);
6792 hci_dev_unlock(hdev);
6795 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6796 void *data, u16 data_len)
6798 struct mgmt_cp_remove_advertising *cp = data;
6799 struct mgmt_rp_remove_advertising rp;
6801 struct mgmt_pending_cmd *cmd;
6802 struct hci_request req;
6804 BT_DBG("%s", hdev->name);
6806 /* The current implementation only allows modifying instance no 1. A
6807 * value of 0 indicates that all instances should be cleared.
6809 if (cp->instance > 1)
6810 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6811 MGMT_STATUS_INVALID_PARAMS);
6815 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6816 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6817 pending_find(MGMT_OP_SET_LE, hdev)) {
6818 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6823 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
6824 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6825 MGMT_STATUS_INVALID_PARAMS);
6829 if (hdev->adv_instance.timeout)
6830 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
6832 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6834 advertising_removed(sk, hdev, 1);
6836 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6838 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
6839 * we have no HCI communication to make. Simply return.
6841 if (!hdev_is_powered(hdev) ||
6842 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6844 err = mgmt_cmd_complete(sk, hdev->id,
6845 MGMT_OP_REMOVE_ADVERTISING,
6846 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6850 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6857 hci_req_init(&req, hdev);
6858 disable_advertising(&req);
6860 err = hci_req_run(&req, remove_advertising_complete);
6862 mgmt_pending_remove(cmd);
6865 hci_dev_unlock(hdev);
6870 static const struct hci_mgmt_handler mgmt_handlers[] = {
6871 { NULL }, /* 0x0000 (no command) */
6872 { read_version, MGMT_READ_VERSION_SIZE,
6874 HCI_MGMT_UNTRUSTED },
6875 { read_commands, MGMT_READ_COMMANDS_SIZE,
6877 HCI_MGMT_UNTRUSTED },
6878 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6880 HCI_MGMT_UNTRUSTED },
6881 { read_controller_info, MGMT_READ_INFO_SIZE,
6882 HCI_MGMT_UNTRUSTED },
6883 { set_powered, MGMT_SETTING_SIZE },
6884 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6885 { set_connectable, MGMT_SETTING_SIZE },
6886 { set_fast_connectable, MGMT_SETTING_SIZE },
6887 { set_bondable, MGMT_SETTING_SIZE },
6888 { set_link_security, MGMT_SETTING_SIZE },
6889 { set_ssp, MGMT_SETTING_SIZE },
6890 { set_hs, MGMT_SETTING_SIZE },
6891 { set_le, MGMT_SETTING_SIZE },
6892 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6893 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6894 { add_uuid, MGMT_ADD_UUID_SIZE },
6895 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6896 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6898 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6900 { disconnect, MGMT_DISCONNECT_SIZE },
6901 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6902 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6903 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6904 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6905 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6906 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6907 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6908 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6909 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6910 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6911 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6912 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6913 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6915 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6916 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6917 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6918 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6919 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6920 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6921 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6922 { set_advertising, MGMT_SETTING_SIZE },
6923 { set_bredr, MGMT_SETTING_SIZE },
6924 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6925 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6926 { set_secure_conn, MGMT_SETTING_SIZE },
6927 { set_debug_keys, MGMT_SETTING_SIZE },
6928 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6929 { load_irks, MGMT_LOAD_IRKS_SIZE,
6931 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6932 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6933 { add_device, MGMT_ADD_DEVICE_SIZE },
6934 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6935 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6937 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6939 HCI_MGMT_UNTRUSTED },
6940 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6941 HCI_MGMT_UNCONFIGURED |
6942 HCI_MGMT_UNTRUSTED },
6943 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6944 HCI_MGMT_UNCONFIGURED },
6945 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6946 HCI_MGMT_UNCONFIGURED },
6947 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6949 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6950 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6952 HCI_MGMT_UNTRUSTED },
6953 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6954 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6956 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6959 void mgmt_index_added(struct hci_dev *hdev)
6961 struct mgmt_ev_ext_index ev;
6963 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6966 switch (hdev->dev_type) {
6968 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6969 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6970 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6973 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6974 HCI_MGMT_INDEX_EVENTS);
6987 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6988 HCI_MGMT_EXT_INDEX_EVENTS);
6991 void mgmt_index_removed(struct hci_dev *hdev)
6993 struct mgmt_ev_ext_index ev;
6994 u8 status = MGMT_STATUS_INVALID_INDEX;
6996 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6999 switch (hdev->dev_type) {
7001 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7003 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7004 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7005 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7008 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7009 HCI_MGMT_INDEX_EVENTS);
7022 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7023 HCI_MGMT_EXT_INDEX_EVENTS);
7026 /* This function requires the caller holds hdev->lock */
7027 static void restart_le_actions(struct hci_request *req)
7029 struct hci_dev *hdev = req->hdev;
7030 struct hci_conn_params *p;
7032 list_for_each_entry(p, &hdev->le_conn_params, list) {
7033 /* Needed for AUTO_OFF case where might not "really"
7034 * have been powered off.
7036 list_del_init(&p->action);
7038 switch (p->auto_connect) {
7039 case HCI_AUTO_CONN_DIRECT:
7040 case HCI_AUTO_CONN_ALWAYS:
7041 list_add(&p->action, &hdev->pend_le_conns);
7043 case HCI_AUTO_CONN_REPORT:
7044 list_add(&p->action, &hdev->pend_le_reports);
7051 __hci_update_background_scan(req);
7054 static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7056 struct cmd_lookup match = { NULL, hdev };
7058 BT_DBG("status 0x%02x", status);
7061 /* Register the available SMP channels (BR/EDR and LE) only
7062 * when successfully powering on the controller. This late
7063 * registration is required so that LE SMP can clearly
7064 * decide if the public address or static address is used.
7071 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7073 new_settings(hdev, match.sk);
7075 hci_dev_unlock(hdev);
7081 static int powered_update_hci(struct hci_dev *hdev)
7083 struct hci_request req;
7086 hci_req_init(&req, hdev);
7088 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
7089 !lmp_host_ssp_capable(hdev)) {
7092 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
7094 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
7097 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
7098 sizeof(support), &support);
7102 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
7103 lmp_bredr_capable(hdev)) {
7104 struct hci_cp_write_le_host_supported cp;
7109 /* Check first if we already have the right
7110 * host state (host features set)
7112 if (cp.le != lmp_host_le_capable(hdev) ||
7113 cp.simul != lmp_host_le_br_capable(hdev))
7114 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
7118 if (lmp_le_capable(hdev)) {
7119 /* Make sure the controller has a good default for
7120 * advertising data. This also applies to the case
7121 * where BR/EDR was toggled during the AUTO_OFF phase.
7123 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
7124 update_adv_data(&req);
7125 update_scan_rsp_data(&req);
7128 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7129 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
7130 enable_advertising(&req);
7132 restart_le_actions(&req);
7135 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
7136 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
7137 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
7138 sizeof(link_sec), &link_sec);
7140 if (lmp_bredr_capable(hdev)) {
7141 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
7142 write_fast_connectable(&req, true);
7144 write_fast_connectable(&req, false);
7145 __hci_update_page_scan(&req);
7151 return hci_req_run(&req, powered_complete);
7154 int mgmt_powered(struct hci_dev *hdev, u8 powered)
7156 struct cmd_lookup match = { NULL, hdev };
7157 u8 status, zero_cod[] = { 0, 0, 0 };
7160 if (!hci_dev_test_flag(hdev, HCI_MGMT))
7164 if (powered_update_hci(hdev) == 0)
7167 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
7172 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7174 /* If the power off is because of hdev unregistration let
7175 * use the appropriate INVALID_INDEX status. Otherwise use
7176 * NOT_POWERED. We cover both scenarios here since later in
7177 * mgmt_index_removed() any hci_conn callbacks will have already
7178 * been triggered, potentially causing misleading DISCONNECTED
7181 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7182 status = MGMT_STATUS_INVALID_INDEX;
7184 status = MGMT_STATUS_NOT_POWERED;
7186 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7188 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
7189 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7190 zero_cod, sizeof(zero_cod), NULL);
7193 err = new_settings(hdev, match.sk);
7201 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7203 struct mgmt_pending_cmd *cmd;
7206 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7210 if (err == -ERFKILL)
7211 status = MGMT_STATUS_RFKILLED;
7213 status = MGMT_STATUS_FAILED;
7215 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7217 mgmt_pending_remove(cmd);
7220 void mgmt_discoverable_timeout(struct hci_dev *hdev)
7222 struct hci_request req;
7226 /* When discoverable timeout triggers, then just make sure
7227 * the limited discoverable flag is cleared. Even in the case
7228 * of a timeout triggered from general discoverable, it is
7229 * safe to unconditionally clear the flag.
7231 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7232 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
7234 hci_req_init(&req, hdev);
7235 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
7236 u8 scan = SCAN_PAGE;
7237 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7238 sizeof(scan), &scan);
7242 /* Advertising instances don't use the global discoverable setting, so
7243 * only update AD if advertising was enabled using Set Advertising.
7245 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7246 update_adv_data(&req);
7248 hci_req_run(&req, NULL);
7250 hdev->discov_timeout = 0;
7252 new_settings(hdev, NULL);
7254 hci_dev_unlock(hdev);
7257 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7260 struct mgmt_ev_new_link_key ev;
7262 memset(&ev, 0, sizeof(ev));
7264 ev.store_hint = persistent;
7265 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7266 ev.key.addr.type = BDADDR_BREDR;
7267 ev.key.type = key->type;
7268 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7269 ev.key.pin_len = key->pin_len;
7271 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7274 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7276 switch (ltk->type) {
7279 if (ltk->authenticated)
7280 return MGMT_LTK_AUTHENTICATED;
7281 return MGMT_LTK_UNAUTHENTICATED;
7283 if (ltk->authenticated)
7284 return MGMT_LTK_P256_AUTH;
7285 return MGMT_LTK_P256_UNAUTH;
7286 case SMP_LTK_P256_DEBUG:
7287 return MGMT_LTK_P256_DEBUG;
7290 return MGMT_LTK_UNAUTHENTICATED;
7293 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7295 struct mgmt_ev_new_long_term_key ev;
7297 memset(&ev, 0, sizeof(ev));
7299 /* Devices using resolvable or non-resolvable random addresses
7300 * without providing an indentity resolving key don't require
7301 * to store long term keys. Their addresses will change the
7304 * Only when a remote device provides an identity address
7305 * make sure the long term key is stored. If the remote
7306 * identity is known, the long term keys are internally
7307 * mapped to the identity address. So allow static random
7308 * and public addresses here.
7310 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7311 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7312 ev.store_hint = 0x00;
7314 ev.store_hint = persistent;
7316 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7317 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7318 ev.key.type = mgmt_ltk_type(key);
7319 ev.key.enc_size = key->enc_size;
7320 ev.key.ediv = key->ediv;
7321 ev.key.rand = key->rand;
7323 if (key->type == SMP_LTK)
7326 memcpy(ev.key.val, key->val, sizeof(key->val));
7328 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7331 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
7333 struct mgmt_ev_new_irk ev;
7335 memset(&ev, 0, sizeof(ev));
7337 /* For identity resolving keys from devices that are already
7338 * using a public address or static random address, do not
7339 * ask for storing this key. The identity resolving key really
7340 * is only mandatory for devices using resovlable random
7343 * Storing all identity resolving keys has the downside that
7344 * they will be also loaded on next boot of they system. More
7345 * identity resolving keys, means more time during scanning is
7346 * needed to actually resolve these addresses.
7348 if (bacmp(&irk->rpa, BDADDR_ANY))
7349 ev.store_hint = 0x01;
7351 ev.store_hint = 0x00;
7353 bacpy(&ev.rpa, &irk->rpa);
7354 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7355 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7356 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7358 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7361 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7364 struct mgmt_ev_new_csrk ev;
7366 memset(&ev, 0, sizeof(ev));
7368 /* Devices using resolvable or non-resolvable random addresses
7369 * without providing an indentity resolving key don't require
7370 * to store signature resolving keys. Their addresses will change
7371 * the next time around.
7373 * Only when a remote device provides an identity address
7374 * make sure the signature resolving key is stored. So allow
7375 * static random and public addresses here.
7377 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7378 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7379 ev.store_hint = 0x00;
7381 ev.store_hint = persistent;
7383 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7384 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7385 ev.key.type = csrk->type;
7386 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7388 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7391 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7392 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7393 u16 max_interval, u16 latency, u16 timeout)
7395 struct mgmt_ev_new_conn_param ev;
7397 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7400 memset(&ev, 0, sizeof(ev));
7401 bacpy(&ev.addr.bdaddr, bdaddr);
7402 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7403 ev.store_hint = store_hint;
7404 ev.min_interval = cpu_to_le16(min_interval);
7405 ev.max_interval = cpu_to_le16(max_interval);
7406 ev.latency = cpu_to_le16(latency);
7407 ev.timeout = cpu_to_le16(timeout);
7409 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7412 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7413 u32 flags, u8 *name, u8 name_len)
7416 struct mgmt_ev_device_connected *ev = (void *) buf;
7419 bacpy(&ev->addr.bdaddr, &conn->dst);
7420 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7422 ev->flags = __cpu_to_le32(flags);
7424 /* We must ensure that the EIR Data fields are ordered and
7425 * unique. Keep it simple for now and avoid the problem by not
7426 * adding any BR/EDR data to the LE adv.
7428 if (conn->le_adv_data_len > 0) {
7429 memcpy(&ev->eir[eir_len],
7430 conn->le_adv_data, conn->le_adv_data_len);
7431 eir_len = conn->le_adv_data_len;
7434 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7437 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7438 eir_len = eir_append_data(ev->eir, eir_len,
7440 conn->dev_class, 3);
7443 ev->eir_len = cpu_to_le16(eir_len);
7445 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7446 sizeof(*ev) + eir_len, NULL);
7449 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7451 struct sock **sk = data;
7453 cmd->cmd_complete(cmd, 0);
7458 mgmt_pending_remove(cmd);
7461 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7463 struct hci_dev *hdev = data;
7464 struct mgmt_cp_unpair_device *cp = cmd->param;
7466 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7468 cmd->cmd_complete(cmd, 0);
7469 mgmt_pending_remove(cmd);
7472 bool mgmt_powering_down(struct hci_dev *hdev)
7474 struct mgmt_pending_cmd *cmd;
7475 struct mgmt_mode *cp;
7477 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7488 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7489 u8 link_type, u8 addr_type, u8 reason,
7490 bool mgmt_connected)
7492 struct mgmt_ev_device_disconnected ev;
7493 struct sock *sk = NULL;
7495 /* The connection is still in hci_conn_hash so test for 1
7496 * instead of 0 to know if this is the last one.
7498 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7499 cancel_delayed_work(&hdev->power_off);
7500 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7503 if (!mgmt_connected)
7506 if (link_type != ACL_LINK && link_type != LE_LINK)
7509 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
7511 bacpy(&ev.addr.bdaddr, bdaddr);
7512 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7515 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
7520 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7524 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7525 u8 link_type, u8 addr_type, u8 status)
7527 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7528 struct mgmt_cp_disconnect *cp;
7529 struct mgmt_pending_cmd *cmd;
7531 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7534 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
7540 if (bacmp(bdaddr, &cp->addr.bdaddr))
7543 if (cp->addr.type != bdaddr_type)
7546 cmd->cmd_complete(cmd, mgmt_status(status));
7547 mgmt_pending_remove(cmd);
7550 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7551 u8 addr_type, u8 status)
7553 struct mgmt_ev_connect_failed ev;
7555 /* The connection is still in hci_conn_hash so test for 1
7556 * instead of 0 to know if this is the last one.
7558 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7559 cancel_delayed_work(&hdev->power_off);
7560 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7563 bacpy(&ev.addr.bdaddr, bdaddr);
7564 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7565 ev.status = mgmt_status(status);
7567 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7570 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7572 struct mgmt_ev_pin_code_request ev;
7574 bacpy(&ev.addr.bdaddr, bdaddr);
7575 ev.addr.type = BDADDR_BREDR;
7578 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7581 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7584 struct mgmt_pending_cmd *cmd;
7586 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7590 cmd->cmd_complete(cmd, mgmt_status(status));
7591 mgmt_pending_remove(cmd);
7594 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7597 struct mgmt_pending_cmd *cmd;
7599 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7603 cmd->cmd_complete(cmd, mgmt_status(status));
7604 mgmt_pending_remove(cmd);
7607 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7608 u8 link_type, u8 addr_type, u32 value,
7611 struct mgmt_ev_user_confirm_request ev;
7613 BT_DBG("%s", hdev->name);
7615 bacpy(&ev.addr.bdaddr, bdaddr);
7616 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7617 ev.confirm_hint = confirm_hint;
7618 ev.value = cpu_to_le32(value);
7620 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7624 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7625 u8 link_type, u8 addr_type)
7627 struct mgmt_ev_user_passkey_request ev;
7629 BT_DBG("%s", hdev->name);
7631 bacpy(&ev.addr.bdaddr, bdaddr);
7632 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7634 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7638 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7639 u8 link_type, u8 addr_type, u8 status,
7642 struct mgmt_pending_cmd *cmd;
7644 cmd = pending_find(opcode, hdev);
7648 cmd->cmd_complete(cmd, mgmt_status(status));
7649 mgmt_pending_remove(cmd);
7654 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7655 u8 link_type, u8 addr_type, u8 status)
7657 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7658 status, MGMT_OP_USER_CONFIRM_REPLY);
7661 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7662 u8 link_type, u8 addr_type, u8 status)
7664 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7666 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7669 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7670 u8 link_type, u8 addr_type, u8 status)
7672 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7673 status, MGMT_OP_USER_PASSKEY_REPLY);
7676 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7677 u8 link_type, u8 addr_type, u8 status)
7679 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7681 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7684 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7685 u8 link_type, u8 addr_type, u32 passkey,
7688 struct mgmt_ev_passkey_notify ev;
7690 BT_DBG("%s", hdev->name);
7692 bacpy(&ev.addr.bdaddr, bdaddr);
7693 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7694 ev.passkey = __cpu_to_le32(passkey);
7695 ev.entered = entered;
7697 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7700 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7702 struct mgmt_ev_auth_failed ev;
7703 struct mgmt_pending_cmd *cmd;
7704 u8 status = mgmt_status(hci_status);
7706 bacpy(&ev.addr.bdaddr, &conn->dst);
7707 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7710 cmd = find_pairing(conn);
7712 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7713 cmd ? cmd->sk : NULL);
7716 cmd->cmd_complete(cmd, status);
7717 mgmt_pending_remove(cmd);
7721 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7723 struct cmd_lookup match = { NULL, hdev };
7727 u8 mgmt_err = mgmt_status(status);
7728 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7729 cmd_status_rsp, &mgmt_err);
7733 if (test_bit(HCI_AUTH, &hdev->flags))
7734 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7736 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7738 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7742 new_settings(hdev, match.sk);
7748 static void clear_eir(struct hci_request *req)
7750 struct hci_dev *hdev = req->hdev;
7751 struct hci_cp_write_eir cp;
7753 if (!lmp_ext_inq_capable(hdev))
7756 memset(hdev->eir, 0, sizeof(hdev->eir));
7758 memset(&cp, 0, sizeof(cp));
7760 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7763 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7765 struct cmd_lookup match = { NULL, hdev };
7766 struct hci_request req;
7767 bool changed = false;
7770 u8 mgmt_err = mgmt_status(status);
7772 if (enable && hci_dev_test_and_clear_flag(hdev,
7774 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7775 new_settings(hdev, NULL);
7778 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7784 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7786 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7788 changed = hci_dev_test_and_clear_flag(hdev,
7791 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7794 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7797 new_settings(hdev, match.sk);
7802 hci_req_init(&req, hdev);
7804 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7805 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7806 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7807 sizeof(enable), &enable);
7813 hci_req_run(&req, NULL);
7816 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7818 struct cmd_lookup *match = data;
7820 if (match->sk == NULL) {
7821 match->sk = cmd->sk;
7822 sock_hold(match->sk);
7826 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7829 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7831 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7832 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7833 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7836 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7837 dev_class, 3, NULL);
7843 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7845 struct mgmt_cp_set_local_name ev;
7846 struct mgmt_pending_cmd *cmd;
7851 memset(&ev, 0, sizeof(ev));
7852 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7853 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7855 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7857 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7859 /* If this is a HCI command related to powering on the
7860 * HCI dev don't send any mgmt signals.
7862 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7866 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7867 cmd ? cmd->sk : NULL);
7870 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
7871 u8 *rand192, u8 *hash256, u8 *rand256,
7874 struct mgmt_pending_cmd *cmd;
7876 BT_DBG("%s status %u", hdev->name, status);
7878 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
7883 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7884 mgmt_status(status));
7886 struct mgmt_rp_read_local_oob_data rp;
7887 size_t rp_size = sizeof(rp);
7889 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7890 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
7892 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
7893 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
7894 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
7896 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
7899 mgmt_cmd_complete(cmd->sk, hdev->id,
7900 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7904 mgmt_pending_remove(cmd);
7907 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7911 for (i = 0; i < uuid_count; i++) {
7912 if (!memcmp(uuid, uuids[i], 16))
7919 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7923 while (parsed < eir_len) {
7924 u8 field_len = eir[0];
7931 if (eir_len - parsed < field_len + 1)
7935 case EIR_UUID16_ALL:
7936 case EIR_UUID16_SOME:
7937 for (i = 0; i + 3 <= field_len; i += 2) {
7938 memcpy(uuid, bluetooth_base_uuid, 16);
7939 uuid[13] = eir[i + 3];
7940 uuid[12] = eir[i + 2];
7941 if (has_uuid(uuid, uuid_count, uuids))
7945 case EIR_UUID32_ALL:
7946 case EIR_UUID32_SOME:
7947 for (i = 0; i + 5 <= field_len; i += 4) {
7948 memcpy(uuid, bluetooth_base_uuid, 16);
7949 uuid[15] = eir[i + 5];
7950 uuid[14] = eir[i + 4];
7951 uuid[13] = eir[i + 3];
7952 uuid[12] = eir[i + 2];
7953 if (has_uuid(uuid, uuid_count, uuids))
7957 case EIR_UUID128_ALL:
7958 case EIR_UUID128_SOME:
7959 for (i = 0; i + 17 <= field_len; i += 16) {
7960 memcpy(uuid, eir + i + 2, 16);
7961 if (has_uuid(uuid, uuid_count, uuids))
7967 parsed += field_len + 1;
7968 eir += field_len + 1;
7974 static void restart_le_scan(struct hci_dev *hdev)
7976 /* If controller is not scanning we are done. */
7977 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7980 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7981 hdev->discovery.scan_start +
7982 hdev->discovery.scan_duration))
7985 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7986 DISCOV_LE_RESTART_DELAY);
7989 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7990 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7992 /* If a RSSI threshold has been specified, and
7993 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7994 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7995 * is set, let it through for further processing, as we might need to
7998 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7999 * the results are also dropped.
8001 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8002 (rssi == HCI_RSSI_INVALID ||
8003 (rssi < hdev->discovery.rssi &&
8004 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
8007 if (hdev->discovery.uuid_count != 0) {
8008 /* If a list of UUIDs is provided in filter, results with no
8009 * matching UUID should be dropped.
8011 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8012 hdev->discovery.uuids) &&
8013 !eir_has_uuids(scan_rsp, scan_rsp_len,
8014 hdev->discovery.uuid_count,
8015 hdev->discovery.uuids))
8019 /* If duplicate filtering does not report RSSI changes, then restart
8020 * scanning to ensure updated result with updated RSSI values.
8022 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8023 restart_le_scan(hdev);
8025 /* Validate RSSI value against the RSSI threshold once more. */
8026 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8027 rssi < hdev->discovery.rssi)
8034 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8035 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8036 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8039 struct mgmt_ev_device_found *ev = (void *)buf;
8042 /* Don't send events for a non-kernel initiated discovery. With
8043 * LE one exception is if we have pend_le_reports > 0 in which
8044 * case we're doing passive scanning and want these events.
8046 if (!hci_discovery_active(hdev)) {
8047 if (link_type == ACL_LINK)
8049 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8053 if (hdev->discovery.result_filtering) {
8054 /* We are using service discovery */
8055 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8060 /* Make sure that the buffer is big enough. The 5 extra bytes
8061 * are for the potential CoD field.
8063 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
8066 memset(buf, 0, sizeof(buf));
8068 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8069 * RSSI value was reported as 0 when not available. This behavior
8070 * is kept when using device discovery. This is required for full
8071 * backwards compatibility with the API.
8073 * However when using service discovery, the value 127 will be
8074 * returned when the RSSI is not available.
8076 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8077 link_type == ACL_LINK)
8080 bacpy(&ev->addr.bdaddr, bdaddr);
8081 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8083 ev->flags = cpu_to_le32(flags);
8086 /* Copy EIR or advertising data into event */
8087 memcpy(ev->eir, eir, eir_len);
8089 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
8090 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8093 if (scan_rsp_len > 0)
8094 /* Append scan response data to event */
8095 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8097 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8098 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
8100 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
8103 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8104 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
8106 struct mgmt_ev_device_found *ev;
8107 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8110 ev = (struct mgmt_ev_device_found *) buf;
8112 memset(buf, 0, sizeof(buf));
8114 bacpy(&ev->addr.bdaddr, bdaddr);
8115 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8118 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8121 ev->eir_len = cpu_to_le16(eir_len);
8123 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
8126 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
8128 struct mgmt_ev_discovering ev;
8130 BT_DBG("%s discovering %u", hdev->name, discovering);
8132 memset(&ev, 0, sizeof(ev));
8133 ev.type = hdev->discovery.type;
8134 ev.discovering = discovering;
8136 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8139 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8141 BT_DBG("%s status %u", hdev->name, status);
8144 void mgmt_reenable_advertising(struct hci_dev *hdev)
8146 struct hci_request req;
8148 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
8149 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
8152 hci_req_init(&req, hdev);
8153 enable_advertising(&req);
8154 hci_req_run(&req, adv_enable_complete);
8157 static struct hci_mgmt_chan chan = {
8158 .channel = HCI_CHANNEL_CONTROL,
8159 .handler_count = ARRAY_SIZE(mgmt_handlers),
8160 .handlers = mgmt_handlers,
8161 .hdev_init = mgmt_init_hdev,
8166 return hci_mgmt_chan_register(&chan);
8169 void mgmt_exit(void)
8171 hci_mgmt_chan_unregister(&chan);