2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 9
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
107 static const u16 mgmt_events[] = {
108 MGMT_EV_CONTROLLER_ERROR,
110 MGMT_EV_INDEX_REMOVED,
111 MGMT_EV_NEW_SETTINGS,
112 MGMT_EV_CLASS_OF_DEV_CHANGED,
113 MGMT_EV_LOCAL_NAME_CHANGED,
114 MGMT_EV_NEW_LINK_KEY,
115 MGMT_EV_NEW_LONG_TERM_KEY,
116 MGMT_EV_DEVICE_CONNECTED,
117 MGMT_EV_DEVICE_DISCONNECTED,
118 MGMT_EV_CONNECT_FAILED,
119 MGMT_EV_PIN_CODE_REQUEST,
120 MGMT_EV_USER_CONFIRM_REQUEST,
121 MGMT_EV_USER_PASSKEY_REQUEST,
123 MGMT_EV_DEVICE_FOUND,
125 MGMT_EV_DEVICE_BLOCKED,
126 MGMT_EV_DEVICE_UNBLOCKED,
127 MGMT_EV_DEVICE_UNPAIRED,
128 MGMT_EV_PASSKEY_NOTIFY,
131 MGMT_EV_DEVICE_ADDED,
132 MGMT_EV_DEVICE_REMOVED,
133 MGMT_EV_NEW_CONN_PARAM,
134 MGMT_EV_UNCONF_INDEX_ADDED,
135 MGMT_EV_UNCONF_INDEX_REMOVED,
136 MGMT_EV_NEW_CONFIG_OPTIONS,
137 MGMT_EV_EXT_INDEX_ADDED,
138 MGMT_EV_EXT_INDEX_REMOVED,
139 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
140 MGMT_EV_ADVERTISING_ADDED,
141 MGMT_EV_ADVERTISING_REMOVED,
144 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
146 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
147 "\x00\x00\x00\x00\x00\x00\x00\x00"
149 /* HCI to MGMT error code conversion table */
150 static u8 mgmt_status_table[] = {
152 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
153 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
154 MGMT_STATUS_FAILED, /* Hardware Failure */
155 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
156 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
157 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
158 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
159 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
160 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
161 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
162 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
163 MGMT_STATUS_BUSY, /* Command Disallowed */
164 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
165 MGMT_STATUS_REJECTED, /* Rejected Security */
166 MGMT_STATUS_REJECTED, /* Rejected Personal */
167 MGMT_STATUS_TIMEOUT, /* Host Timeout */
168 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
169 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
170 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
171 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
172 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
173 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
174 MGMT_STATUS_BUSY, /* Repeated Attempts */
175 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
176 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
177 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
178 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
179 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
180 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
181 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
182 MGMT_STATUS_FAILED, /* Unspecified Error */
183 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
184 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
185 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
186 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
187 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
188 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
189 MGMT_STATUS_FAILED, /* Unit Link Key Used */
190 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
191 MGMT_STATUS_TIMEOUT, /* Instant Passed */
192 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
193 MGMT_STATUS_FAILED, /* Transaction Collision */
194 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
195 MGMT_STATUS_REJECTED, /* QoS Rejected */
196 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
197 MGMT_STATUS_REJECTED, /* Insufficient Security */
198 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
199 MGMT_STATUS_BUSY, /* Role Switch Pending */
200 MGMT_STATUS_FAILED, /* Slot Violation */
201 MGMT_STATUS_FAILED, /* Role Switch Failed */
202 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
203 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
204 MGMT_STATUS_BUSY, /* Host Busy Pairing */
205 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
206 MGMT_STATUS_BUSY, /* Controller Busy */
207 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
208 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
209 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
210 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
211 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
214 static u8 mgmt_status(u8 hci_status)
216 if (hci_status < ARRAY_SIZE(mgmt_status_table))
217 return mgmt_status_table[hci_status];
219 return MGMT_STATUS_FAILED;
222 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
225 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
229 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
230 u16 len, int flag, struct sock *skip_sk)
232 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
236 static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
237 u16 len, struct sock *skip_sk)
239 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
240 HCI_MGMT_GENERIC_EVENTS, skip_sk);
243 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
244 struct sock *skip_sk)
246 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
247 HCI_SOCK_TRUSTED, skip_sk);
250 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
253 struct mgmt_rp_read_version rp;
255 BT_DBG("sock %p", sk);
257 rp.version = MGMT_VERSION;
258 rp.revision = cpu_to_le16(MGMT_REVISION);
260 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
264 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
267 struct mgmt_rp_read_commands *rp;
268 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
269 const u16 num_events = ARRAY_SIZE(mgmt_events);
274 BT_DBG("sock %p", sk);
276 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
278 rp = kmalloc(rp_size, GFP_KERNEL);
282 rp->num_commands = cpu_to_le16(num_commands);
283 rp->num_events = cpu_to_le16(num_events);
285 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
286 put_unaligned_le16(mgmt_commands[i], opcode);
288 for (i = 0; i < num_events; i++, opcode++)
289 put_unaligned_le16(mgmt_events[i], opcode);
291 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
298 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
301 struct mgmt_rp_read_index_list *rp;
307 BT_DBG("sock %p", sk);
309 read_lock(&hci_dev_list_lock);
312 list_for_each_entry(d, &hci_dev_list, list) {
313 if (d->dev_type == HCI_BREDR &&
314 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
318 rp_len = sizeof(*rp) + (2 * count);
319 rp = kmalloc(rp_len, GFP_ATOMIC);
321 read_unlock(&hci_dev_list_lock);
326 list_for_each_entry(d, &hci_dev_list, list) {
327 if (hci_dev_test_flag(d, HCI_SETUP) ||
328 hci_dev_test_flag(d, HCI_CONFIG) ||
329 hci_dev_test_flag(d, HCI_USER_CHANNEL))
332 /* Devices marked as raw-only are neither configured
333 * nor unconfigured controllers.
335 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
338 if (d->dev_type == HCI_BREDR &&
339 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
340 rp->index[count++] = cpu_to_le16(d->id);
341 BT_DBG("Added hci%u", d->id);
345 rp->num_controllers = cpu_to_le16(count);
346 rp_len = sizeof(*rp) + (2 * count);
348 read_unlock(&hci_dev_list_lock);
350 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
358 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
359 void *data, u16 data_len)
361 struct mgmt_rp_read_unconf_index_list *rp;
367 BT_DBG("sock %p", sk);
369 read_lock(&hci_dev_list_lock);
372 list_for_each_entry(d, &hci_dev_list, list) {
373 if (d->dev_type == HCI_BREDR &&
374 hci_dev_test_flag(d, HCI_UNCONFIGURED))
378 rp_len = sizeof(*rp) + (2 * count);
379 rp = kmalloc(rp_len, GFP_ATOMIC);
381 read_unlock(&hci_dev_list_lock);
386 list_for_each_entry(d, &hci_dev_list, list) {
387 if (hci_dev_test_flag(d, HCI_SETUP) ||
388 hci_dev_test_flag(d, HCI_CONFIG) ||
389 hci_dev_test_flag(d, HCI_USER_CHANNEL))
392 /* Devices marked as raw-only are neither configured
393 * nor unconfigured controllers.
395 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
398 if (d->dev_type == HCI_BREDR &&
399 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
400 rp->index[count++] = cpu_to_le16(d->id);
401 BT_DBG("Added hci%u", d->id);
405 rp->num_controllers = cpu_to_le16(count);
406 rp_len = sizeof(*rp) + (2 * count);
408 read_unlock(&hci_dev_list_lock);
410 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
411 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
418 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
419 void *data, u16 data_len)
421 struct mgmt_rp_read_ext_index_list *rp;
427 BT_DBG("sock %p", sk);
429 read_lock(&hci_dev_list_lock);
432 list_for_each_entry(d, &hci_dev_list, list) {
433 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
437 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
438 rp = kmalloc(rp_len, GFP_ATOMIC);
440 read_unlock(&hci_dev_list_lock);
445 list_for_each_entry(d, &hci_dev_list, list) {
446 if (hci_dev_test_flag(d, HCI_SETUP) ||
447 hci_dev_test_flag(d, HCI_CONFIG) ||
448 hci_dev_test_flag(d, HCI_USER_CHANNEL))
451 /* Devices marked as raw-only are neither configured
452 * nor unconfigured controllers.
454 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
457 if (d->dev_type == HCI_BREDR) {
458 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
459 rp->entry[count].type = 0x01;
461 rp->entry[count].type = 0x00;
462 } else if (d->dev_type == HCI_AMP) {
463 rp->entry[count].type = 0x02;
468 rp->entry[count].bus = d->bus;
469 rp->entry[count++].index = cpu_to_le16(d->id);
470 BT_DBG("Added hci%u", d->id);
473 rp->num_controllers = cpu_to_le16(count);
474 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
476 read_unlock(&hci_dev_list_lock);
478 /* If this command is called at least once, then all the
479 * default index and unconfigured index events are disabled
480 * and from now on only extended index events are used.
482 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
483 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
484 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
486 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
487 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
494 static bool is_configured(struct hci_dev *hdev)
496 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
497 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
500 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
501 !bacmp(&hdev->public_addr, BDADDR_ANY))
507 static __le32 get_missing_options(struct hci_dev *hdev)
511 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
512 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
513 options |= MGMT_OPTION_EXTERNAL_CONFIG;
515 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
516 !bacmp(&hdev->public_addr, BDADDR_ANY))
517 options |= MGMT_OPTION_PUBLIC_ADDRESS;
519 return cpu_to_le32(options);
522 static int new_options(struct hci_dev *hdev, struct sock *skip)
524 __le32 options = get_missing_options(hdev);
526 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
527 sizeof(options), skip);
530 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
532 __le32 options = get_missing_options(hdev);
534 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
538 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
539 void *data, u16 data_len)
541 struct mgmt_rp_read_config_info rp;
544 BT_DBG("sock %p %s", sk, hdev->name);
548 memset(&rp, 0, sizeof(rp));
549 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
551 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
552 options |= MGMT_OPTION_EXTERNAL_CONFIG;
554 if (hdev->set_bdaddr)
555 options |= MGMT_OPTION_PUBLIC_ADDRESS;
557 rp.supported_options = cpu_to_le32(options);
558 rp.missing_options = get_missing_options(hdev);
560 hci_dev_unlock(hdev);
562 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
566 static u32 get_supported_settings(struct hci_dev *hdev)
570 settings |= MGMT_SETTING_POWERED;
571 settings |= MGMT_SETTING_BONDABLE;
572 settings |= MGMT_SETTING_DEBUG_KEYS;
573 settings |= MGMT_SETTING_CONNECTABLE;
574 settings |= MGMT_SETTING_DISCOVERABLE;
576 if (lmp_bredr_capable(hdev)) {
577 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
578 settings |= MGMT_SETTING_FAST_CONNECTABLE;
579 settings |= MGMT_SETTING_BREDR;
580 settings |= MGMT_SETTING_LINK_SECURITY;
582 if (lmp_ssp_capable(hdev)) {
583 settings |= MGMT_SETTING_SSP;
584 settings |= MGMT_SETTING_HS;
587 if (lmp_sc_capable(hdev))
588 settings |= MGMT_SETTING_SECURE_CONN;
591 if (lmp_le_capable(hdev)) {
592 settings |= MGMT_SETTING_LE;
593 settings |= MGMT_SETTING_ADVERTISING;
594 settings |= MGMT_SETTING_SECURE_CONN;
595 settings |= MGMT_SETTING_PRIVACY;
596 settings |= MGMT_SETTING_STATIC_ADDRESS;
599 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
601 settings |= MGMT_SETTING_CONFIGURATION;
606 static u32 get_current_settings(struct hci_dev *hdev)
610 if (hdev_is_powered(hdev))
611 settings |= MGMT_SETTING_POWERED;
613 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
614 settings |= MGMT_SETTING_CONNECTABLE;
616 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
617 settings |= MGMT_SETTING_FAST_CONNECTABLE;
619 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
620 settings |= MGMT_SETTING_DISCOVERABLE;
622 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
623 settings |= MGMT_SETTING_BONDABLE;
625 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
626 settings |= MGMT_SETTING_BREDR;
628 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
629 settings |= MGMT_SETTING_LE;
631 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
632 settings |= MGMT_SETTING_LINK_SECURITY;
634 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
635 settings |= MGMT_SETTING_SSP;
637 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
638 settings |= MGMT_SETTING_HS;
640 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
641 settings |= MGMT_SETTING_ADVERTISING;
643 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
644 settings |= MGMT_SETTING_SECURE_CONN;
646 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
647 settings |= MGMT_SETTING_DEBUG_KEYS;
649 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
650 settings |= MGMT_SETTING_PRIVACY;
652 /* The current setting for static address has two purposes. The
653 * first is to indicate if the static address will be used and
654 * the second is to indicate if it is actually set.
656 * This means if the static address is not configured, this flag
657 * will never bet set. If the address is configured, then if the
658 * address is actually used decides if the flag is set or not.
660 * For single mode LE only controllers and dual-mode controllers
661 * with BR/EDR disabled, the existence of the static address will
664 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
665 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
666 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
667 if (bacmp(&hdev->static_addr, BDADDR_ANY))
668 settings |= MGMT_SETTING_STATIC_ADDRESS;
674 #define PNP_INFO_SVCLASS_ID 0x1200
676 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
678 u8 *ptr = data, *uuids_start = NULL;
679 struct bt_uuid *uuid;
684 list_for_each_entry(uuid, &hdev->uuids, list) {
687 if (uuid->size != 16)
690 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
694 if (uuid16 == PNP_INFO_SVCLASS_ID)
700 uuids_start[1] = EIR_UUID16_ALL;
704 /* Stop if not enough space to put next UUID */
705 if ((ptr - data) + sizeof(u16) > len) {
706 uuids_start[1] = EIR_UUID16_SOME;
710 *ptr++ = (uuid16 & 0x00ff);
711 *ptr++ = (uuid16 & 0xff00) >> 8;
712 uuids_start[0] += sizeof(uuid16);
718 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
720 u8 *ptr = data, *uuids_start = NULL;
721 struct bt_uuid *uuid;
726 list_for_each_entry(uuid, &hdev->uuids, list) {
727 if (uuid->size != 32)
733 uuids_start[1] = EIR_UUID32_ALL;
737 /* Stop if not enough space to put next UUID */
738 if ((ptr - data) + sizeof(u32) > len) {
739 uuids_start[1] = EIR_UUID32_SOME;
743 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
745 uuids_start[0] += sizeof(u32);
751 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
753 u8 *ptr = data, *uuids_start = NULL;
754 struct bt_uuid *uuid;
759 list_for_each_entry(uuid, &hdev->uuids, list) {
760 if (uuid->size != 128)
766 uuids_start[1] = EIR_UUID128_ALL;
770 /* Stop if not enough space to put next UUID */
771 if ((ptr - data) + 16 > len) {
772 uuids_start[1] = EIR_UUID128_SOME;
776 memcpy(ptr, uuid->uuid, 16);
778 uuids_start[0] += 16;
784 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
786 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
789 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
790 struct hci_dev *hdev,
793 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
796 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
801 name_len = strlen(hdev->dev_name);
803 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
805 if (name_len > max_len) {
807 ptr[1] = EIR_NAME_SHORT;
809 ptr[1] = EIR_NAME_COMPLETE;
811 ptr[0] = name_len + 1;
813 memcpy(ptr + 2, hdev->dev_name, name_len);
815 ad_len += (name_len + 2);
816 ptr += (name_len + 2);
822 static void update_scan_rsp_data(struct hci_request *req)
824 struct hci_dev *hdev = req->hdev;
825 struct hci_cp_le_set_scan_rsp_data cp;
828 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
831 memset(&cp, 0, sizeof(cp));
833 len = create_scan_rsp_data(hdev, cp.data);
835 if (hdev->scan_rsp_data_len == len &&
836 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
839 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
840 hdev->scan_rsp_data_len = len;
844 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
847 static u8 get_adv_discov_flags(struct hci_dev *hdev)
849 struct mgmt_pending_cmd *cmd;
851 /* If there's a pending mgmt command the flags will not yet have
852 * their final values, so check for this first.
854 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
856 struct mgmt_mode *cp = cmd->param;
858 return LE_AD_GENERAL;
859 else if (cp->val == 0x02)
860 return LE_AD_LIMITED;
862 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
863 return LE_AD_LIMITED;
864 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
865 return LE_AD_GENERAL;
871 static u8 create_default_adv_data(struct hci_dev *hdev, u8 *ptr)
873 u8 ad_len = 0, flags = 0;
875 flags |= get_adv_discov_flags(hdev);
877 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
878 flags |= LE_AD_NO_BREDR;
881 BT_DBG("adv flags 0x%02x", flags);
891 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
893 ptr[1] = EIR_TX_POWER;
894 ptr[2] = (u8) hdev->adv_tx_power;
903 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 *ptr)
905 /* TODO: Set the appropriate entries based on advertising instance flags
906 * here once flags other than 0 are supported.
908 memcpy(ptr, hdev->adv_instance.adv_data,
909 hdev->adv_instance.adv_data_len);
911 return hdev->adv_instance.adv_data_len;
914 static void update_adv_data_for_instance(struct hci_request *req, u8 instance)
916 struct hci_dev *hdev = req->hdev;
917 struct hci_cp_le_set_adv_data cp;
920 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
923 memset(&cp, 0, sizeof(cp));
926 len = create_instance_adv_data(hdev, cp.data);
928 len = create_default_adv_data(hdev, cp.data);
930 /* There's nothing to do if the data hasn't changed */
931 if (hdev->adv_data_len == len &&
932 memcmp(cp.data, hdev->adv_data, len) == 0)
935 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
936 hdev->adv_data_len = len;
940 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
943 static void update_adv_data(struct hci_request *req)
945 struct hci_dev *hdev = req->hdev;
948 /* The "Set Advertising" setting supersedes the "Add Advertising"
949 * setting. Here we set the advertising data based on which
950 * setting was set. When neither apply, default to the global settings,
951 * represented by instance "0".
953 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
954 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
959 update_adv_data_for_instance(req, instance);
962 int mgmt_update_adv_data(struct hci_dev *hdev)
964 struct hci_request req;
966 hci_req_init(&req, hdev);
967 update_adv_data(&req);
969 return hci_req_run(&req, NULL);
972 static void create_eir(struct hci_dev *hdev, u8 *data)
977 name_len = strlen(hdev->dev_name);
983 ptr[1] = EIR_NAME_SHORT;
985 ptr[1] = EIR_NAME_COMPLETE;
987 /* EIR Data length */
988 ptr[0] = name_len + 1;
990 memcpy(ptr + 2, hdev->dev_name, name_len);
992 ptr += (name_len + 2);
995 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
997 ptr[1] = EIR_TX_POWER;
998 ptr[2] = (u8) hdev->inq_tx_power;
1003 if (hdev->devid_source > 0) {
1005 ptr[1] = EIR_DEVICE_ID;
1007 put_unaligned_le16(hdev->devid_source, ptr + 2);
1008 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1009 put_unaligned_le16(hdev->devid_product, ptr + 6);
1010 put_unaligned_le16(hdev->devid_version, ptr + 8);
1015 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1016 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1017 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1020 static void update_eir(struct hci_request *req)
1022 struct hci_dev *hdev = req->hdev;
1023 struct hci_cp_write_eir cp;
1025 if (!hdev_is_powered(hdev))
1028 if (!lmp_ext_inq_capable(hdev))
1031 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1034 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1037 memset(&cp, 0, sizeof(cp));
1039 create_eir(hdev, cp.data);
1041 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
1044 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1046 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1049 static u8 get_service_classes(struct hci_dev *hdev)
1051 struct bt_uuid *uuid;
1054 list_for_each_entry(uuid, &hdev->uuids, list)
1055 val |= uuid->svc_hint;
1060 static void update_class(struct hci_request *req)
1062 struct hci_dev *hdev = req->hdev;
1065 BT_DBG("%s", hdev->name);
1067 if (!hdev_is_powered(hdev))
1070 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1073 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1076 cod[0] = hdev->minor_class;
1077 cod[1] = hdev->major_class;
1078 cod[2] = get_service_classes(hdev);
1080 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1083 if (memcmp(cod, hdev->dev_class, 3) == 0)
1086 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1089 static bool get_connectable(struct hci_dev *hdev)
1091 struct mgmt_pending_cmd *cmd;
1093 /* If there's a pending mgmt command the flag will not yet have
1094 * it's final value, so check for this first.
1096 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1098 struct mgmt_mode *cp = cmd->param;
1102 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
1105 static void disable_advertising(struct hci_request *req)
1109 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1112 static void enable_advertising(struct hci_request *req)
1114 struct hci_dev *hdev = req->hdev;
1115 struct hci_cp_le_set_adv_param cp;
1116 u8 own_addr_type, enable = 0x01;
1119 if (hci_conn_num(hdev, LE_LINK) > 0)
1122 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1123 disable_advertising(req);
1125 /* Clear the HCI_LE_ADV bit temporarily so that the
1126 * hci_update_random_address knows that it's safe to go ahead
1127 * and write a new random address. The flag will be set back on
1128 * as soon as the SET_ADV_ENABLE HCI command completes.
1130 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1132 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
1135 connectable = get_connectable(hdev);
1137 /* Set require_privacy to true only when non-connectable
1138 * advertising is used. In that case it is fine to use a
1139 * non-resolvable private address.
1141 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1144 memset(&cp, 0, sizeof(cp));
1145 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1146 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1147 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1148 cp.own_address_type = own_addr_type;
1149 cp.channel_map = hdev->le_adv_channel_map;
1151 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1153 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1156 static void service_cache_off(struct work_struct *work)
1158 struct hci_dev *hdev = container_of(work, struct hci_dev,
1159 service_cache.work);
1160 struct hci_request req;
1162 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1165 hci_req_init(&req, hdev);
1172 hci_dev_unlock(hdev);
1174 hci_req_run(&req, NULL);
1177 static void rpa_expired(struct work_struct *work)
1179 struct hci_dev *hdev = container_of(work, struct hci_dev,
1181 struct hci_request req;
1185 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1187 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1190 /* The generation of a new RPA and programming it into the
1191 * controller happens in the enable_advertising() function.
1193 hci_req_init(&req, hdev);
1194 enable_advertising(&req);
1195 hci_req_run(&req, NULL);
1198 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1200 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
1203 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1204 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1206 /* Non-mgmt controlled devices get this bit set
1207 * implicitly so that pairing works for them, however
1208 * for mgmt we require user-space to explicitly enable
1211 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1214 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1215 void *data, u16 data_len)
1217 struct mgmt_rp_read_info rp;
1219 BT_DBG("sock %p %s", sk, hdev->name);
1223 memset(&rp, 0, sizeof(rp));
1225 bacpy(&rp.bdaddr, &hdev->bdaddr);
1227 rp.version = hdev->hci_ver;
1228 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1230 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1231 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1233 memcpy(rp.dev_class, hdev->dev_class, 3);
1235 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1236 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1238 hci_dev_unlock(hdev);
1240 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1244 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1246 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1248 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1252 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1254 BT_DBG("%s status 0x%02x", hdev->name, status);
1256 if (hci_conn_count(hdev) == 0) {
1257 cancel_delayed_work(&hdev->power_off);
1258 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1262 static bool hci_stop_discovery(struct hci_request *req)
1264 struct hci_dev *hdev = req->hdev;
1265 struct hci_cp_remote_name_req_cancel cp;
1266 struct inquiry_entry *e;
1268 switch (hdev->discovery.state) {
1269 case DISCOVERY_FINDING:
1270 if (test_bit(HCI_INQUIRY, &hdev->flags))
1271 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1273 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1274 cancel_delayed_work(&hdev->le_scan_disable);
1275 hci_req_add_le_scan_disable(req);
1280 case DISCOVERY_RESOLVING:
1281 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1286 bacpy(&cp.bdaddr, &e->data.bdaddr);
1287 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1293 /* Passive scanning */
1294 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1295 hci_req_add_le_scan_disable(req);
1305 static int clean_up_hci_state(struct hci_dev *hdev)
1307 struct hci_request req;
1308 struct hci_conn *conn;
1309 bool discov_stopped;
1312 hci_req_init(&req, hdev);
1314 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1315 test_bit(HCI_PSCAN, &hdev->flags)) {
1317 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1320 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1321 disable_advertising(&req);
1323 discov_stopped = hci_stop_discovery(&req);
1325 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1326 struct hci_cp_disconnect dc;
1327 struct hci_cp_reject_conn_req rej;
1329 switch (conn->state) {
1332 dc.handle = cpu_to_le16(conn->handle);
1333 dc.reason = 0x15; /* Terminated due to Power Off */
1334 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1337 if (conn->type == LE_LINK)
1338 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1340 else if (conn->type == ACL_LINK)
1341 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1345 bacpy(&rej.bdaddr, &conn->dst);
1346 rej.reason = 0x15; /* Terminated due to Power Off */
1347 if (conn->type == ACL_LINK)
1348 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1350 else if (conn->type == SCO_LINK)
1351 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1357 err = hci_req_run(&req, clean_up_hci_complete);
1358 if (!err && discov_stopped)
1359 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1364 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1367 struct mgmt_mode *cp = data;
1368 struct mgmt_pending_cmd *cmd;
1371 BT_DBG("request for %s", hdev->name);
1373 if (cp->val != 0x00 && cp->val != 0x01)
1374 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1375 MGMT_STATUS_INVALID_PARAMS);
1379 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1380 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1385 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
1386 cancel_delayed_work(&hdev->power_off);
1389 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1391 err = mgmt_powered(hdev, 1);
1396 if (!!cp->val == hdev_is_powered(hdev)) {
1397 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1401 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1408 queue_work(hdev->req_workqueue, &hdev->power_on);
1411 /* Disconnect connections, stop scans, etc */
1412 err = clean_up_hci_state(hdev);
1414 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1415 HCI_POWER_OFF_TIMEOUT);
1417 /* ENODATA means there were no HCI commands queued */
1418 if (err == -ENODATA) {
1419 cancel_delayed_work(&hdev->power_off);
1420 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1426 hci_dev_unlock(hdev);
1430 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1432 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1434 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1438 int mgmt_new_settings(struct hci_dev *hdev)
1440 return new_settings(hdev, NULL);
1445 struct hci_dev *hdev;
1449 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1451 struct cmd_lookup *match = data;
1453 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1455 list_del(&cmd->list);
1457 if (match->sk == NULL) {
1458 match->sk = cmd->sk;
1459 sock_hold(match->sk);
1462 mgmt_pending_free(cmd);
1465 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1469 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1470 mgmt_pending_remove(cmd);
1473 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1475 if (cmd->cmd_complete) {
1478 cmd->cmd_complete(cmd, *status);
1479 mgmt_pending_remove(cmd);
1484 cmd_status_rsp(cmd, data);
1487 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1489 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1490 cmd->param, cmd->param_len);
1493 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1495 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1496 cmd->param, sizeof(struct mgmt_addr_info));
1499 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1501 if (!lmp_bredr_capable(hdev))
1502 return MGMT_STATUS_NOT_SUPPORTED;
1503 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1504 return MGMT_STATUS_REJECTED;
1506 return MGMT_STATUS_SUCCESS;
1509 static u8 mgmt_le_support(struct hci_dev *hdev)
1511 if (!lmp_le_capable(hdev))
1512 return MGMT_STATUS_NOT_SUPPORTED;
1513 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1514 return MGMT_STATUS_REJECTED;
1516 return MGMT_STATUS_SUCCESS;
1519 static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1522 struct mgmt_pending_cmd *cmd;
1523 struct mgmt_mode *cp;
1524 struct hci_request req;
1527 BT_DBG("status 0x%02x", status);
1531 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1536 u8 mgmt_err = mgmt_status(status);
1537 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1538 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1544 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
1546 if (hdev->discov_timeout > 0) {
1547 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1548 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1552 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
1555 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1558 new_settings(hdev, cmd->sk);
1560 /* When the discoverable mode gets changed, make sure
1561 * that class of device has the limited discoverable
1562 * bit correctly set. Also update page scan based on whitelist
1565 hci_req_init(&req, hdev);
1566 __hci_update_page_scan(&req);
1568 hci_req_run(&req, NULL);
1571 mgmt_pending_remove(cmd);
1574 hci_dev_unlock(hdev);
1577 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1580 struct mgmt_cp_set_discoverable *cp = data;
1581 struct mgmt_pending_cmd *cmd;
1582 struct hci_request req;
1587 BT_DBG("request for %s", hdev->name);
1589 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1590 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1591 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1592 MGMT_STATUS_REJECTED);
1594 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1595 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1596 MGMT_STATUS_INVALID_PARAMS);
1598 timeout = __le16_to_cpu(cp->timeout);
1600 /* Disabling discoverable requires that no timeout is set,
1601 * and enabling limited discoverable requires a timeout.
1603 if ((cp->val == 0x00 && timeout > 0) ||
1604 (cp->val == 0x02 && timeout == 0))
1605 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1606 MGMT_STATUS_INVALID_PARAMS);
1610 if (!hdev_is_powered(hdev) && timeout > 0) {
1611 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1612 MGMT_STATUS_NOT_POWERED);
1616 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1617 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1618 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1623 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1624 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1625 MGMT_STATUS_REJECTED);
1629 if (!hdev_is_powered(hdev)) {
1630 bool changed = false;
1632 /* Setting limited discoverable when powered off is
1633 * not a valid operation since it requires a timeout
1634 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1636 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1637 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1641 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1646 err = new_settings(hdev, sk);
1651 /* If the current mode is the same, then just update the timeout
1652 * value with the new value. And if only the timeout gets updated,
1653 * then no need for any HCI transactions.
1655 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1656 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1657 HCI_LIMITED_DISCOVERABLE)) {
1658 cancel_delayed_work(&hdev->discov_off);
1659 hdev->discov_timeout = timeout;
1661 if (cp->val && hdev->discov_timeout > 0) {
1662 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1663 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1667 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1671 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1677 /* Cancel any potential discoverable timeout that might be
1678 * still active and store new timeout value. The arming of
1679 * the timeout happens in the complete handler.
1681 cancel_delayed_work(&hdev->discov_off);
1682 hdev->discov_timeout = timeout;
1684 /* Limited discoverable mode */
1685 if (cp->val == 0x02)
1686 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1688 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1690 hci_req_init(&req, hdev);
1692 /* The procedure for LE-only controllers is much simpler - just
1693 * update the advertising data.
1695 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1701 struct hci_cp_write_current_iac_lap hci_cp;
1703 if (cp->val == 0x02) {
1704 /* Limited discoverable mode */
1705 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1706 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1707 hci_cp.iac_lap[1] = 0x8b;
1708 hci_cp.iac_lap[2] = 0x9e;
1709 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1710 hci_cp.iac_lap[4] = 0x8b;
1711 hci_cp.iac_lap[5] = 0x9e;
1713 /* General discoverable mode */
1715 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1716 hci_cp.iac_lap[1] = 0x8b;
1717 hci_cp.iac_lap[2] = 0x9e;
1720 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1721 (hci_cp.num_iac * 3) + 1, &hci_cp);
1723 scan |= SCAN_INQUIRY;
1725 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1728 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1731 update_adv_data(&req);
1733 err = hci_req_run(&req, set_discoverable_complete);
1735 mgmt_pending_remove(cmd);
1738 hci_dev_unlock(hdev);
1742 static void write_fast_connectable(struct hci_request *req, bool enable)
1744 struct hci_dev *hdev = req->hdev;
1745 struct hci_cp_write_page_scan_activity acp;
1748 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1751 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1755 type = PAGE_SCAN_TYPE_INTERLACED;
1757 /* 160 msec page scan interval */
1758 acp.interval = cpu_to_le16(0x0100);
1760 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1762 /* default 1.28 sec page scan */
1763 acp.interval = cpu_to_le16(0x0800);
1766 acp.window = cpu_to_le16(0x0012);
1768 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1769 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1770 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1773 if (hdev->page_scan_type != type)
1774 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1777 static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1780 struct mgmt_pending_cmd *cmd;
1781 struct mgmt_mode *cp;
1782 bool conn_changed, discov_changed;
1784 BT_DBG("status 0x%02x", status);
1788 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1793 u8 mgmt_err = mgmt_status(status);
1794 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1800 conn_changed = !hci_dev_test_and_set_flag(hdev,
1802 discov_changed = false;
1804 conn_changed = hci_dev_test_and_clear_flag(hdev,
1806 discov_changed = hci_dev_test_and_clear_flag(hdev,
1810 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1812 if (conn_changed || discov_changed) {
1813 new_settings(hdev, cmd->sk);
1814 hci_update_page_scan(hdev);
1816 mgmt_update_adv_data(hdev);
1817 hci_update_background_scan(hdev);
1821 mgmt_pending_remove(cmd);
1824 hci_dev_unlock(hdev);
1827 static int set_connectable_update_settings(struct hci_dev *hdev,
1828 struct sock *sk, u8 val)
1830 bool changed = false;
1833 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1837 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1839 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1840 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1843 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1848 hci_update_page_scan(hdev);
1849 hci_update_background_scan(hdev);
1850 return new_settings(hdev, sk);
1856 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1859 struct mgmt_mode *cp = data;
1860 struct mgmt_pending_cmd *cmd;
1861 struct hci_request req;
1865 BT_DBG("request for %s", hdev->name);
1867 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1868 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1869 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1870 MGMT_STATUS_REJECTED);
1872 if (cp->val != 0x00 && cp->val != 0x01)
1873 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1874 MGMT_STATUS_INVALID_PARAMS);
1878 if (!hdev_is_powered(hdev)) {
1879 err = set_connectable_update_settings(hdev, sk, cp->val);
1883 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1884 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1885 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1890 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1896 hci_req_init(&req, hdev);
1898 /* If BR/EDR is not enabled and we disable advertising as a
1899 * by-product of disabling connectable, we need to update the
1900 * advertising flags.
1902 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1904 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1905 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1907 update_adv_data(&req);
1908 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1912 /* If we don't have any whitelist entries just
1913 * disable all scanning. If there are entries
1914 * and we had both page and inquiry scanning
1915 * enabled then fall back to only page scanning.
1916 * Otherwise no changes are needed.
1918 if (list_empty(&hdev->whitelist))
1919 scan = SCAN_DISABLED;
1920 else if (test_bit(HCI_ISCAN, &hdev->flags))
1923 goto no_scan_update;
1925 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1926 hdev->discov_timeout > 0)
1927 cancel_delayed_work(&hdev->discov_off);
1930 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1934 /* Update the advertising parameters if necessary */
1935 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
1936 enable_advertising(&req);
1938 err = hci_req_run(&req, set_connectable_complete);
1940 mgmt_pending_remove(cmd);
1941 if (err == -ENODATA)
1942 err = set_connectable_update_settings(hdev, sk,
1948 hci_dev_unlock(hdev);
1952 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1955 struct mgmt_mode *cp = data;
1959 BT_DBG("request for %s", hdev->name);
1961 if (cp->val != 0x00 && cp->val != 0x01)
1962 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1963 MGMT_STATUS_INVALID_PARAMS);
1968 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1970 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1972 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1977 err = new_settings(hdev, sk);
1980 hci_dev_unlock(hdev);
1984 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1987 struct mgmt_mode *cp = data;
1988 struct mgmt_pending_cmd *cmd;
1992 BT_DBG("request for %s", hdev->name);
1994 status = mgmt_bredr_support(hdev);
1996 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1999 if (cp->val != 0x00 && cp->val != 0x01)
2000 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2001 MGMT_STATUS_INVALID_PARAMS);
2005 if (!hdev_is_powered(hdev)) {
2006 bool changed = false;
2008 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
2009 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
2013 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2018 err = new_settings(hdev, sk);
2023 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2024 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2031 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2032 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2036 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2042 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2044 mgmt_pending_remove(cmd);
2049 hci_dev_unlock(hdev);
2053 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2055 struct mgmt_mode *cp = data;
2056 struct mgmt_pending_cmd *cmd;
2060 BT_DBG("request for %s", hdev->name);
2062 status = mgmt_bredr_support(hdev);
2064 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2066 if (!lmp_ssp_capable(hdev))
2067 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2068 MGMT_STATUS_NOT_SUPPORTED);
2070 if (cp->val != 0x00 && cp->val != 0x01)
2071 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2072 MGMT_STATUS_INVALID_PARAMS);
2076 if (!hdev_is_powered(hdev)) {
2080 changed = !hci_dev_test_and_set_flag(hdev,
2083 changed = hci_dev_test_and_clear_flag(hdev,
2086 changed = hci_dev_test_and_clear_flag(hdev,
2089 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
2092 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2097 err = new_settings(hdev, sk);
2102 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2103 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2108 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2109 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2113 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2119 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
2120 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2121 sizeof(cp->val), &cp->val);
2123 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2125 mgmt_pending_remove(cmd);
2130 hci_dev_unlock(hdev);
2134 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2136 struct mgmt_mode *cp = data;
2141 BT_DBG("request for %s", hdev->name);
2143 status = mgmt_bredr_support(hdev);
2145 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2147 if (!lmp_ssp_capable(hdev))
2148 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2149 MGMT_STATUS_NOT_SUPPORTED);
2151 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
2152 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2153 MGMT_STATUS_REJECTED);
2155 if (cp->val != 0x00 && cp->val != 0x01)
2156 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2157 MGMT_STATUS_INVALID_PARAMS);
2161 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2162 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2168 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2170 if (hdev_is_powered(hdev)) {
2171 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2172 MGMT_STATUS_REJECTED);
2176 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2179 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2184 err = new_settings(hdev, sk);
2187 hci_dev_unlock(hdev);
2191 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2193 struct cmd_lookup match = { NULL, hdev };
2198 u8 mgmt_err = mgmt_status(status);
2200 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2205 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2207 new_settings(hdev, match.sk);
2212 /* Make sure the controller has a good default for
2213 * advertising data. Restrict the update to when LE
2214 * has actually been enabled. During power on, the
2215 * update in powered_update_hci will take care of it.
2217 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2218 struct hci_request req;
2220 hci_req_init(&req, hdev);
2221 update_adv_data(&req);
2222 update_scan_rsp_data(&req);
2223 __hci_update_background_scan(&req);
2224 hci_req_run(&req, NULL);
2228 hci_dev_unlock(hdev);
2231 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2233 struct mgmt_mode *cp = data;
2234 struct hci_cp_write_le_host_supported hci_cp;
2235 struct mgmt_pending_cmd *cmd;
2236 struct hci_request req;
2240 BT_DBG("request for %s", hdev->name);
2242 if (!lmp_le_capable(hdev))
2243 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2244 MGMT_STATUS_NOT_SUPPORTED);
2246 if (cp->val != 0x00 && cp->val != 0x01)
2247 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2248 MGMT_STATUS_INVALID_PARAMS);
2250 /* Bluetooth single mode LE only controllers or dual-mode
2251 * controllers configured as LE only devices, do not allow
2252 * switching LE off. These have either LE enabled explicitly
2253 * or BR/EDR has been previously switched off.
2255 * When trying to enable an already enabled LE, then gracefully
2256 * send a positive response. Trying to disable it however will
2257 * result into rejection.
2259 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2260 if (cp->val == 0x01)
2261 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2263 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2264 MGMT_STATUS_REJECTED);
2270 enabled = lmp_host_le_capable(hdev);
2272 if (!hdev_is_powered(hdev) || val == enabled) {
2273 bool changed = false;
2275 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2276 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2280 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2281 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2285 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2290 err = new_settings(hdev, sk);
2295 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2296 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2297 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2302 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2308 hci_req_init(&req, hdev);
2310 memset(&hci_cp, 0, sizeof(hci_cp));
2314 hci_cp.simul = 0x00;
2316 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2317 disable_advertising(&req);
2320 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2323 err = hci_req_run(&req, le_enable_complete);
2325 mgmt_pending_remove(cmd);
2328 hci_dev_unlock(hdev);
2332 /* This is a helper function to test for pending mgmt commands that can
2333 * cause CoD or EIR HCI commands. We can only allow one such pending
2334 * mgmt command at a time since otherwise we cannot easily track what
2335 * the current values are, will be, and based on that calculate if a new
2336 * HCI command needs to be sent and if yes with what value.
2338 static bool pending_eir_or_class(struct hci_dev *hdev)
2340 struct mgmt_pending_cmd *cmd;
2342 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2343 switch (cmd->opcode) {
2344 case MGMT_OP_ADD_UUID:
2345 case MGMT_OP_REMOVE_UUID:
2346 case MGMT_OP_SET_DEV_CLASS:
2347 case MGMT_OP_SET_POWERED:
2355 static const u8 bluetooth_base_uuid[] = {
2356 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2357 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2360 static u8 get_uuid_size(const u8 *uuid)
2364 if (memcmp(uuid, bluetooth_base_uuid, 12))
2367 val = get_unaligned_le32(&uuid[12]);
2374 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2376 struct mgmt_pending_cmd *cmd;
2380 cmd = pending_find(mgmt_op, hdev);
2384 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2385 mgmt_status(status), hdev->dev_class, 3);
2387 mgmt_pending_remove(cmd);
2390 hci_dev_unlock(hdev);
2393 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2395 BT_DBG("status 0x%02x", status);
2397 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2400 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2402 struct mgmt_cp_add_uuid *cp = data;
2403 struct mgmt_pending_cmd *cmd;
2404 struct hci_request req;
2405 struct bt_uuid *uuid;
2408 BT_DBG("request for %s", hdev->name);
2412 if (pending_eir_or_class(hdev)) {
2413 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2418 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2424 memcpy(uuid->uuid, cp->uuid, 16);
2425 uuid->svc_hint = cp->svc_hint;
2426 uuid->size = get_uuid_size(cp->uuid);
2428 list_add_tail(&uuid->list, &hdev->uuids);
2430 hci_req_init(&req, hdev);
2435 err = hci_req_run(&req, add_uuid_complete);
2437 if (err != -ENODATA)
2440 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2441 hdev->dev_class, 3);
2445 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2454 hci_dev_unlock(hdev);
2458 static bool enable_service_cache(struct hci_dev *hdev)
2460 if (!hdev_is_powered(hdev))
2463 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2464 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2472 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2474 BT_DBG("status 0x%02x", status);
2476 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2479 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2482 struct mgmt_cp_remove_uuid *cp = data;
2483 struct mgmt_pending_cmd *cmd;
2484 struct bt_uuid *match, *tmp;
2485 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2486 struct hci_request req;
2489 BT_DBG("request for %s", hdev->name);
2493 if (pending_eir_or_class(hdev)) {
2494 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2499 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2500 hci_uuids_clear(hdev);
2502 if (enable_service_cache(hdev)) {
2503 err = mgmt_cmd_complete(sk, hdev->id,
2504 MGMT_OP_REMOVE_UUID,
2505 0, hdev->dev_class, 3);
2514 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2515 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2518 list_del(&match->list);
2524 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2525 MGMT_STATUS_INVALID_PARAMS);
2530 hci_req_init(&req, hdev);
2535 err = hci_req_run(&req, remove_uuid_complete);
2537 if (err != -ENODATA)
2540 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2541 hdev->dev_class, 3);
2545 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2554 hci_dev_unlock(hdev);
2558 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2560 BT_DBG("status 0x%02x", status);
2562 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2565 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2568 struct mgmt_cp_set_dev_class *cp = data;
2569 struct mgmt_pending_cmd *cmd;
2570 struct hci_request req;
2573 BT_DBG("request for %s", hdev->name);
2575 if (!lmp_bredr_capable(hdev))
2576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2577 MGMT_STATUS_NOT_SUPPORTED);
2581 if (pending_eir_or_class(hdev)) {
2582 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2587 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2588 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2589 MGMT_STATUS_INVALID_PARAMS);
2593 hdev->major_class = cp->major;
2594 hdev->minor_class = cp->minor;
2596 if (!hdev_is_powered(hdev)) {
2597 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2598 hdev->dev_class, 3);
2602 hci_req_init(&req, hdev);
2604 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2605 hci_dev_unlock(hdev);
2606 cancel_delayed_work_sync(&hdev->service_cache);
2613 err = hci_req_run(&req, set_class_complete);
2615 if (err != -ENODATA)
2618 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2619 hdev->dev_class, 3);
2623 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2632 hci_dev_unlock(hdev);
2636 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2639 struct mgmt_cp_load_link_keys *cp = data;
2640 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2641 sizeof(struct mgmt_link_key_info));
2642 u16 key_count, expected_len;
2646 BT_DBG("request for %s", hdev->name);
2648 if (!lmp_bredr_capable(hdev))
2649 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2650 MGMT_STATUS_NOT_SUPPORTED);
2652 key_count = __le16_to_cpu(cp->key_count);
2653 if (key_count > max_key_count) {
2654 BT_ERR("load_link_keys: too big key_count value %u",
2656 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2657 MGMT_STATUS_INVALID_PARAMS);
2660 expected_len = sizeof(*cp) + key_count *
2661 sizeof(struct mgmt_link_key_info);
2662 if (expected_len != len) {
2663 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2665 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2666 MGMT_STATUS_INVALID_PARAMS);
2669 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2670 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2671 MGMT_STATUS_INVALID_PARAMS);
2673 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2676 for (i = 0; i < key_count; i++) {
2677 struct mgmt_link_key_info *key = &cp->keys[i];
2679 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2680 return mgmt_cmd_status(sk, hdev->id,
2681 MGMT_OP_LOAD_LINK_KEYS,
2682 MGMT_STATUS_INVALID_PARAMS);
2687 hci_link_keys_clear(hdev);
2690 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2692 changed = hci_dev_test_and_clear_flag(hdev,
2693 HCI_KEEP_DEBUG_KEYS);
2696 new_settings(hdev, NULL);
2698 for (i = 0; i < key_count; i++) {
2699 struct mgmt_link_key_info *key = &cp->keys[i];
2701 /* Always ignore debug keys and require a new pairing if
2702 * the user wants to use them.
2704 if (key->type == HCI_LK_DEBUG_COMBINATION)
2707 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2708 key->type, key->pin_len, NULL);
2711 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2713 hci_dev_unlock(hdev);
2718 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2719 u8 addr_type, struct sock *skip_sk)
2721 struct mgmt_ev_device_unpaired ev;
2723 bacpy(&ev.addr.bdaddr, bdaddr);
2724 ev.addr.type = addr_type;
2726 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2730 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2733 struct mgmt_cp_unpair_device *cp = data;
2734 struct mgmt_rp_unpair_device rp;
2735 struct hci_cp_disconnect dc;
2736 struct mgmt_pending_cmd *cmd;
2737 struct hci_conn *conn;
2740 memset(&rp, 0, sizeof(rp));
2741 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2742 rp.addr.type = cp->addr.type;
2744 if (!bdaddr_type_is_valid(cp->addr.type))
2745 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2746 MGMT_STATUS_INVALID_PARAMS,
2749 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2750 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2751 MGMT_STATUS_INVALID_PARAMS,
2756 if (!hdev_is_powered(hdev)) {
2757 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2758 MGMT_STATUS_NOT_POWERED, &rp,
2763 if (cp->addr.type == BDADDR_BREDR) {
2764 /* If disconnection is requested, then look up the
2765 * connection. If the remote device is connected, it
2766 * will be later used to terminate the link.
2768 * Setting it to NULL explicitly will cause no
2769 * termination of the link.
2772 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2777 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2781 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2784 /* Defer clearing up the connection parameters
2785 * until closing to give a chance of keeping
2786 * them if a repairing happens.
2788 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2790 /* If disconnection is not requested, then
2791 * clear the connection variable so that the
2792 * link is not terminated.
2794 if (!cp->disconnect)
2798 if (cp->addr.type == BDADDR_LE_PUBLIC)
2799 addr_type = ADDR_LE_DEV_PUBLIC;
2801 addr_type = ADDR_LE_DEV_RANDOM;
2803 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2805 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2809 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2810 MGMT_STATUS_NOT_PAIRED, &rp,
2815 /* If the connection variable is set, then termination of the
2816 * link is requested.
2819 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2821 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2825 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2832 cmd->cmd_complete = addr_cmd_complete;
2834 dc.handle = cpu_to_le16(conn->handle);
2835 dc.reason = 0x13; /* Remote User Terminated Connection */
2836 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2838 mgmt_pending_remove(cmd);
2841 hci_dev_unlock(hdev);
2845 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2848 struct mgmt_cp_disconnect *cp = data;
2849 struct mgmt_rp_disconnect rp;
2850 struct mgmt_pending_cmd *cmd;
2851 struct hci_conn *conn;
2856 memset(&rp, 0, sizeof(rp));
2857 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2858 rp.addr.type = cp->addr.type;
2860 if (!bdaddr_type_is_valid(cp->addr.type))
2861 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2862 MGMT_STATUS_INVALID_PARAMS,
2867 if (!test_bit(HCI_UP, &hdev->flags)) {
2868 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2869 MGMT_STATUS_NOT_POWERED, &rp,
2874 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2875 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2876 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2880 if (cp->addr.type == BDADDR_BREDR)
2881 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2884 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2886 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2887 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2888 MGMT_STATUS_NOT_CONNECTED, &rp,
2893 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2899 cmd->cmd_complete = generic_cmd_complete;
2901 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2903 mgmt_pending_remove(cmd);
2906 hci_dev_unlock(hdev);
2910 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2912 switch (link_type) {
2914 switch (addr_type) {
2915 case ADDR_LE_DEV_PUBLIC:
2916 return BDADDR_LE_PUBLIC;
2919 /* Fallback to LE Random address type */
2920 return BDADDR_LE_RANDOM;
2924 /* Fallback to BR/EDR type */
2925 return BDADDR_BREDR;
2929 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2932 struct mgmt_rp_get_connections *rp;
2942 if (!hdev_is_powered(hdev)) {
2943 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2944 MGMT_STATUS_NOT_POWERED);
2949 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2950 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2954 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2955 rp = kmalloc(rp_len, GFP_KERNEL);
2962 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2963 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2965 bacpy(&rp->addr[i].bdaddr, &c->dst);
2966 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2967 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2972 rp->conn_count = cpu_to_le16(i);
2974 /* Recalculate length in case of filtered SCO connections, etc */
2975 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2977 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2983 hci_dev_unlock(hdev);
2987 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2988 struct mgmt_cp_pin_code_neg_reply *cp)
2990 struct mgmt_pending_cmd *cmd;
2993 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2998 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2999 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3001 mgmt_pending_remove(cmd);
3006 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3009 struct hci_conn *conn;
3010 struct mgmt_cp_pin_code_reply *cp = data;
3011 struct hci_cp_pin_code_reply reply;
3012 struct mgmt_pending_cmd *cmd;
3019 if (!hdev_is_powered(hdev)) {
3020 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3021 MGMT_STATUS_NOT_POWERED);
3025 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3027 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3028 MGMT_STATUS_NOT_CONNECTED);
3032 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3033 struct mgmt_cp_pin_code_neg_reply ncp;
3035 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3037 BT_ERR("PIN code is not 16 bytes long");
3039 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3041 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3042 MGMT_STATUS_INVALID_PARAMS);
3047 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3053 cmd->cmd_complete = addr_cmd_complete;
3055 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3056 reply.pin_len = cp->pin_len;
3057 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3059 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3061 mgmt_pending_remove(cmd);
3064 hci_dev_unlock(hdev);
3068 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3071 struct mgmt_cp_set_io_capability *cp = data;
3075 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3076 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3077 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3081 hdev->io_capability = cp->io_capability;
3083 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3084 hdev->io_capability);
3086 hci_dev_unlock(hdev);
3088 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3092 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
3094 struct hci_dev *hdev = conn->hdev;
3095 struct mgmt_pending_cmd *cmd;
3097 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3098 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3101 if (cmd->user_data != conn)
3110 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
3112 struct mgmt_rp_pair_device rp;
3113 struct hci_conn *conn = cmd->user_data;
3116 bacpy(&rp.addr.bdaddr, &conn->dst);
3117 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3119 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3120 status, &rp, sizeof(rp));
3122 /* So we don't get further callbacks for this connection */
3123 conn->connect_cfm_cb = NULL;
3124 conn->security_cfm_cb = NULL;
3125 conn->disconn_cfm_cb = NULL;
3127 hci_conn_drop(conn);
3129 /* The device is paired so there is no need to remove
3130 * its connection parameters anymore.
3132 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3139 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3141 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3142 struct mgmt_pending_cmd *cmd;
3144 cmd = find_pairing(conn);
3146 cmd->cmd_complete(cmd, status);
3147 mgmt_pending_remove(cmd);
3151 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3153 struct mgmt_pending_cmd *cmd;
3155 BT_DBG("status %u", status);
3157 cmd = find_pairing(conn);
3159 BT_DBG("Unable to find a pending command");
3163 cmd->cmd_complete(cmd, mgmt_status(status));
3164 mgmt_pending_remove(cmd);
3167 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3169 struct mgmt_pending_cmd *cmd;
3171 BT_DBG("status %u", status);
3176 cmd = find_pairing(conn);
3178 BT_DBG("Unable to find a pending command");
3182 cmd->cmd_complete(cmd, mgmt_status(status));
3183 mgmt_pending_remove(cmd);
3186 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3189 struct mgmt_cp_pair_device *cp = data;
3190 struct mgmt_rp_pair_device rp;
3191 struct mgmt_pending_cmd *cmd;
3192 u8 sec_level, auth_type;
3193 struct hci_conn *conn;
3198 memset(&rp, 0, sizeof(rp));
3199 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3200 rp.addr.type = cp->addr.type;
3202 if (!bdaddr_type_is_valid(cp->addr.type))
3203 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3204 MGMT_STATUS_INVALID_PARAMS,
3207 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3208 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3209 MGMT_STATUS_INVALID_PARAMS,
3214 if (!hdev_is_powered(hdev)) {
3215 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3216 MGMT_STATUS_NOT_POWERED, &rp,
3221 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3222 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3223 MGMT_STATUS_ALREADY_PAIRED, &rp,
3228 sec_level = BT_SECURITY_MEDIUM;
3229 auth_type = HCI_AT_DEDICATED_BONDING;
3231 if (cp->addr.type == BDADDR_BREDR) {
3232 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3237 /* Convert from L2CAP channel address type to HCI address type
3239 if (cp->addr.type == BDADDR_LE_PUBLIC)
3240 addr_type = ADDR_LE_DEV_PUBLIC;
3242 addr_type = ADDR_LE_DEV_RANDOM;
3244 /* When pairing a new device, it is expected to remember
3245 * this device for future connections. Adding the connection
3246 * parameter information ahead of time allows tracking
3247 * of the slave preferred values and will speed up any
3248 * further connection establishment.
3250 * If connection parameters already exist, then they
3251 * will be kept and this function does nothing.
3253 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3255 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3256 sec_level, HCI_LE_CONN_TIMEOUT,
3263 if (PTR_ERR(conn) == -EBUSY)
3264 status = MGMT_STATUS_BUSY;
3265 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3266 status = MGMT_STATUS_NOT_SUPPORTED;
3267 else if (PTR_ERR(conn) == -ECONNREFUSED)
3268 status = MGMT_STATUS_REJECTED;
3270 status = MGMT_STATUS_CONNECT_FAILED;
3272 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3273 status, &rp, sizeof(rp));
3277 if (conn->connect_cfm_cb) {
3278 hci_conn_drop(conn);
3279 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3280 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3284 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3287 hci_conn_drop(conn);
3291 cmd->cmd_complete = pairing_complete;
3293 /* For LE, just connecting isn't a proof that the pairing finished */
3294 if (cp->addr.type == BDADDR_BREDR) {
3295 conn->connect_cfm_cb = pairing_complete_cb;
3296 conn->security_cfm_cb = pairing_complete_cb;
3297 conn->disconn_cfm_cb = pairing_complete_cb;
3299 conn->connect_cfm_cb = le_pairing_complete_cb;
3300 conn->security_cfm_cb = le_pairing_complete_cb;
3301 conn->disconn_cfm_cb = le_pairing_complete_cb;
3304 conn->io_capability = cp->io_cap;
3305 cmd->user_data = hci_conn_get(conn);
3307 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3308 hci_conn_security(conn, sec_level, auth_type, true)) {
3309 cmd->cmd_complete(cmd, 0);
3310 mgmt_pending_remove(cmd);
3316 hci_dev_unlock(hdev);
3320 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3323 struct mgmt_addr_info *addr = data;
3324 struct mgmt_pending_cmd *cmd;
3325 struct hci_conn *conn;
3332 if (!hdev_is_powered(hdev)) {
3333 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3334 MGMT_STATUS_NOT_POWERED);
3338 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3340 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3341 MGMT_STATUS_INVALID_PARAMS);
3345 conn = cmd->user_data;
3347 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3348 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3349 MGMT_STATUS_INVALID_PARAMS);
3353 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3354 mgmt_pending_remove(cmd);
3356 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3357 addr, sizeof(*addr));
3359 hci_dev_unlock(hdev);
3363 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3364 struct mgmt_addr_info *addr, u16 mgmt_op,
3365 u16 hci_op, __le32 passkey)
3367 struct mgmt_pending_cmd *cmd;
3368 struct hci_conn *conn;
3373 if (!hdev_is_powered(hdev)) {
3374 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3375 MGMT_STATUS_NOT_POWERED, addr,
3380 if (addr->type == BDADDR_BREDR)
3381 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3383 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3386 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3387 MGMT_STATUS_NOT_CONNECTED, addr,
3392 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3393 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3395 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3396 MGMT_STATUS_SUCCESS, addr,
3399 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3400 MGMT_STATUS_FAILED, addr,
3406 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3412 cmd->cmd_complete = addr_cmd_complete;
3414 /* Continue with pairing via HCI */
3415 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3416 struct hci_cp_user_passkey_reply cp;
3418 bacpy(&cp.bdaddr, &addr->bdaddr);
3419 cp.passkey = passkey;
3420 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3422 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3426 mgmt_pending_remove(cmd);
3429 hci_dev_unlock(hdev);
3433 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3434 void *data, u16 len)
3436 struct mgmt_cp_pin_code_neg_reply *cp = data;
3440 return user_pairing_resp(sk, hdev, &cp->addr,
3441 MGMT_OP_PIN_CODE_NEG_REPLY,
3442 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3445 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3448 struct mgmt_cp_user_confirm_reply *cp = data;
3452 if (len != sizeof(*cp))
3453 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3454 MGMT_STATUS_INVALID_PARAMS);
3456 return user_pairing_resp(sk, hdev, &cp->addr,
3457 MGMT_OP_USER_CONFIRM_REPLY,
3458 HCI_OP_USER_CONFIRM_REPLY, 0);
3461 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3462 void *data, u16 len)
3464 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3468 return user_pairing_resp(sk, hdev, &cp->addr,
3469 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3470 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3473 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3476 struct mgmt_cp_user_passkey_reply *cp = data;
3480 return user_pairing_resp(sk, hdev, &cp->addr,
3481 MGMT_OP_USER_PASSKEY_REPLY,
3482 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3485 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3486 void *data, u16 len)
3488 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3492 return user_pairing_resp(sk, hdev, &cp->addr,
3493 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3494 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3497 static void update_name(struct hci_request *req)
3499 struct hci_dev *hdev = req->hdev;
3500 struct hci_cp_write_local_name cp;
3502 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3504 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3507 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3509 struct mgmt_cp_set_local_name *cp;
3510 struct mgmt_pending_cmd *cmd;
3512 BT_DBG("status 0x%02x", status);
3516 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3523 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3524 mgmt_status(status));
3526 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3529 mgmt_pending_remove(cmd);
3532 hci_dev_unlock(hdev);
3535 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3538 struct mgmt_cp_set_local_name *cp = data;
3539 struct mgmt_pending_cmd *cmd;
3540 struct hci_request req;
3547 /* If the old values are the same as the new ones just return a
3548 * direct command complete event.
3550 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3551 !memcmp(hdev->short_name, cp->short_name,
3552 sizeof(hdev->short_name))) {
3553 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3558 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3560 if (!hdev_is_powered(hdev)) {
3561 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3563 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3568 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3574 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3580 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3582 hci_req_init(&req, hdev);
3584 if (lmp_bredr_capable(hdev)) {
3589 /* The name is stored in the scan response data and so
3590 * no need to udpate the advertising data here.
3592 if (lmp_le_capable(hdev))
3593 update_scan_rsp_data(&req);
3595 err = hci_req_run(&req, set_name_complete);
3597 mgmt_pending_remove(cmd);
3600 hci_dev_unlock(hdev);
3604 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3605 void *data, u16 data_len)
3607 struct mgmt_pending_cmd *cmd;
3610 BT_DBG("%s", hdev->name);
3614 if (!hdev_is_powered(hdev)) {
3615 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3616 MGMT_STATUS_NOT_POWERED);
3620 if (!lmp_ssp_capable(hdev)) {
3621 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3622 MGMT_STATUS_NOT_SUPPORTED);
3626 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3627 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3632 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3638 if (bredr_sc_enabled(hdev))
3639 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3642 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3645 mgmt_pending_remove(cmd);
3648 hci_dev_unlock(hdev);
3652 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3653 void *data, u16 len)
3655 struct mgmt_addr_info *addr = data;
3658 BT_DBG("%s ", hdev->name);
3660 if (!bdaddr_type_is_valid(addr->type))
3661 return mgmt_cmd_complete(sk, hdev->id,
3662 MGMT_OP_ADD_REMOTE_OOB_DATA,
3663 MGMT_STATUS_INVALID_PARAMS,
3664 addr, sizeof(*addr));
3668 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3669 struct mgmt_cp_add_remote_oob_data *cp = data;
3672 if (cp->addr.type != BDADDR_BREDR) {
3673 err = mgmt_cmd_complete(sk, hdev->id,
3674 MGMT_OP_ADD_REMOTE_OOB_DATA,
3675 MGMT_STATUS_INVALID_PARAMS,
3676 &cp->addr, sizeof(cp->addr));
3680 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3681 cp->addr.type, cp->hash,
3682 cp->rand, NULL, NULL);
3684 status = MGMT_STATUS_FAILED;
3686 status = MGMT_STATUS_SUCCESS;
3688 err = mgmt_cmd_complete(sk, hdev->id,
3689 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3690 &cp->addr, sizeof(cp->addr));
3691 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3692 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3693 u8 *rand192, *hash192, *rand256, *hash256;
3696 if (bdaddr_type_is_le(cp->addr.type)) {
3697 /* Enforce zero-valued 192-bit parameters as
3698 * long as legacy SMP OOB isn't implemented.
3700 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3701 memcmp(cp->hash192, ZERO_KEY, 16)) {
3702 err = mgmt_cmd_complete(sk, hdev->id,
3703 MGMT_OP_ADD_REMOTE_OOB_DATA,
3704 MGMT_STATUS_INVALID_PARAMS,
3705 addr, sizeof(*addr));
3712 /* In case one of the P-192 values is set to zero,
3713 * then just disable OOB data for P-192.
3715 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3716 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3720 rand192 = cp->rand192;
3721 hash192 = cp->hash192;
3725 /* In case one of the P-256 values is set to zero, then just
3726 * disable OOB data for P-256.
3728 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3729 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3733 rand256 = cp->rand256;
3734 hash256 = cp->hash256;
3737 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3738 cp->addr.type, hash192, rand192,
3741 status = MGMT_STATUS_FAILED;
3743 status = MGMT_STATUS_SUCCESS;
3745 err = mgmt_cmd_complete(sk, hdev->id,
3746 MGMT_OP_ADD_REMOTE_OOB_DATA,
3747 status, &cp->addr, sizeof(cp->addr));
3749 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3750 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3751 MGMT_STATUS_INVALID_PARAMS);
3755 hci_dev_unlock(hdev);
3759 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3760 void *data, u16 len)
3762 struct mgmt_cp_remove_remote_oob_data *cp = data;
3766 BT_DBG("%s", hdev->name);
3768 if (cp->addr.type != BDADDR_BREDR)
3769 return mgmt_cmd_complete(sk, hdev->id,
3770 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3771 MGMT_STATUS_INVALID_PARAMS,
3772 &cp->addr, sizeof(cp->addr));
3776 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3777 hci_remote_oob_data_clear(hdev);
3778 status = MGMT_STATUS_SUCCESS;
3782 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3784 status = MGMT_STATUS_INVALID_PARAMS;
3786 status = MGMT_STATUS_SUCCESS;
3789 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3790 status, &cp->addr, sizeof(cp->addr));
3792 hci_dev_unlock(hdev);
3796 static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
3798 struct hci_dev *hdev = req->hdev;
3799 struct hci_cp_inquiry cp;
3800 /* General inquiry access code (GIAC) */
3801 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3803 *status = mgmt_bredr_support(hdev);
3807 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
3808 *status = MGMT_STATUS_BUSY;
3812 hci_inquiry_cache_flush(hdev);
3814 memset(&cp, 0, sizeof(cp));
3815 memcpy(&cp.lap, lap, sizeof(cp.lap));
3816 cp.length = DISCOV_BREDR_INQUIRY_LEN;
3818 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
3823 static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
3825 struct hci_dev *hdev = req->hdev;
3826 struct hci_cp_le_set_scan_param param_cp;
3827 struct hci_cp_le_set_scan_enable enable_cp;
3831 *status = mgmt_le_support(hdev);
3835 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
3836 /* Don't let discovery abort an outgoing connection attempt
3837 * that's using directed advertising.
3839 if (hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
3840 *status = MGMT_STATUS_REJECTED;
3844 disable_advertising(req);
3847 /* If controller is scanning, it means the background scanning is
3848 * running. Thus, we should temporarily stop it in order to set the
3849 * discovery scanning parameters.
3851 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
3852 hci_req_add_le_scan_disable(req);
3854 /* All active scans will be done with either a resolvable private
3855 * address (when privacy feature has been enabled) or non-resolvable
3858 err = hci_update_random_address(req, true, &own_addr_type);
3860 *status = MGMT_STATUS_FAILED;
3864 memset(¶m_cp, 0, sizeof(param_cp));
3865 param_cp.type = LE_SCAN_ACTIVE;
3866 param_cp.interval = cpu_to_le16(interval);
3867 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3868 param_cp.own_address_type = own_addr_type;
3870 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3873 memset(&enable_cp, 0, sizeof(enable_cp));
3874 enable_cp.enable = LE_SCAN_ENABLE;
3875 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3877 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3883 static bool trigger_discovery(struct hci_request *req, u8 *status)
3885 struct hci_dev *hdev = req->hdev;
3887 switch (hdev->discovery.type) {
3888 case DISCOV_TYPE_BREDR:
3889 if (!trigger_bredr_inquiry(req, status))
3893 case DISCOV_TYPE_INTERLEAVED:
3894 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
3896 /* During simultaneous discovery, we double LE scan
3897 * interval. We must leave some time for the controller
3898 * to do BR/EDR inquiry.
3900 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
3904 if (!trigger_bredr_inquiry(req, status))
3910 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
3911 *status = MGMT_STATUS_NOT_SUPPORTED;
3916 case DISCOV_TYPE_LE:
3917 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
3922 *status = MGMT_STATUS_INVALID_PARAMS;
3929 static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3932 struct mgmt_pending_cmd *cmd;
3933 unsigned long timeout;
3935 BT_DBG("status %d", status);
3939 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3941 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3944 cmd->cmd_complete(cmd, mgmt_status(status));
3945 mgmt_pending_remove(cmd);
3949 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3953 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3955 /* If the scan involves LE scan, pick proper timeout to schedule
3956 * hdev->le_scan_disable that will stop it.
3958 switch (hdev->discovery.type) {
3959 case DISCOV_TYPE_LE:
3960 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3962 case DISCOV_TYPE_INTERLEAVED:
3963 /* When running simultaneous discovery, the LE scanning time
3964 * should occupy the whole discovery time sine BR/EDR inquiry
3965 * and LE scanning are scheduled by the controller.
3967 * For interleaving discovery in comparison, BR/EDR inquiry
3968 * and LE scanning are done sequentially with separate
3971 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
3972 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3974 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3976 case DISCOV_TYPE_BREDR:
3980 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3986 /* When service discovery is used and the controller has
3987 * a strict duplicate filter, it is important to remember
3988 * the start and duration of the scan. This is required
3989 * for restarting scanning during the discovery phase.
3991 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
3993 hdev->discovery.result_filtering) {
3994 hdev->discovery.scan_start = jiffies;
3995 hdev->discovery.scan_duration = timeout;
3998 queue_delayed_work(hdev->workqueue,
3999 &hdev->le_scan_disable, timeout);
4003 hci_dev_unlock(hdev);
4006 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4007 void *data, u16 len)
4009 struct mgmt_cp_start_discovery *cp = data;
4010 struct mgmt_pending_cmd *cmd;
4011 struct hci_request req;
4015 BT_DBG("%s", hdev->name);
4019 if (!hdev_is_powered(hdev)) {
4020 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4021 MGMT_STATUS_NOT_POWERED,
4022 &cp->type, sizeof(cp->type));
4026 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4027 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4028 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4029 MGMT_STATUS_BUSY, &cp->type,
4034 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4040 cmd->cmd_complete = generic_cmd_complete;
4042 /* Clear the discovery filter first to free any previously
4043 * allocated memory for the UUID list.
4045 hci_discovery_filter_clear(hdev);
4047 hdev->discovery.type = cp->type;
4048 hdev->discovery.report_invalid_rssi = false;
4050 hci_req_init(&req, hdev);
4052 if (!trigger_discovery(&req, &status)) {
4053 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4054 status, &cp->type, sizeof(cp->type));
4055 mgmt_pending_remove(cmd);
4059 err = hci_req_run(&req, start_discovery_complete);
4061 mgmt_pending_remove(cmd);
4065 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4068 hci_dev_unlock(hdev);
4072 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4075 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4079 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4080 void *data, u16 len)
4082 struct mgmt_cp_start_service_discovery *cp = data;
4083 struct mgmt_pending_cmd *cmd;
4084 struct hci_request req;
4085 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4086 u16 uuid_count, expected_len;
4090 BT_DBG("%s", hdev->name);
4094 if (!hdev_is_powered(hdev)) {
4095 err = mgmt_cmd_complete(sk, hdev->id,
4096 MGMT_OP_START_SERVICE_DISCOVERY,
4097 MGMT_STATUS_NOT_POWERED,
4098 &cp->type, sizeof(cp->type));
4102 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4103 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4104 err = mgmt_cmd_complete(sk, hdev->id,
4105 MGMT_OP_START_SERVICE_DISCOVERY,
4106 MGMT_STATUS_BUSY, &cp->type,
4111 uuid_count = __le16_to_cpu(cp->uuid_count);
4112 if (uuid_count > max_uuid_count) {
4113 BT_ERR("service_discovery: too big uuid_count value %u",
4115 err = mgmt_cmd_complete(sk, hdev->id,
4116 MGMT_OP_START_SERVICE_DISCOVERY,
4117 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4122 expected_len = sizeof(*cp) + uuid_count * 16;
4123 if (expected_len != len) {
4124 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4126 err = mgmt_cmd_complete(sk, hdev->id,
4127 MGMT_OP_START_SERVICE_DISCOVERY,
4128 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4133 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4140 cmd->cmd_complete = service_discovery_cmd_complete;
4142 /* Clear the discovery filter first to free any previously
4143 * allocated memory for the UUID list.
4145 hci_discovery_filter_clear(hdev);
4147 hdev->discovery.result_filtering = true;
4148 hdev->discovery.type = cp->type;
4149 hdev->discovery.rssi = cp->rssi;
4150 hdev->discovery.uuid_count = uuid_count;
4152 if (uuid_count > 0) {
4153 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4155 if (!hdev->discovery.uuids) {
4156 err = mgmt_cmd_complete(sk, hdev->id,
4157 MGMT_OP_START_SERVICE_DISCOVERY,
4159 &cp->type, sizeof(cp->type));
4160 mgmt_pending_remove(cmd);
4165 hci_req_init(&req, hdev);
4167 if (!trigger_discovery(&req, &status)) {
4168 err = mgmt_cmd_complete(sk, hdev->id,
4169 MGMT_OP_START_SERVICE_DISCOVERY,
4170 status, &cp->type, sizeof(cp->type));
4171 mgmt_pending_remove(cmd);
4175 err = hci_req_run(&req, start_discovery_complete);
4177 mgmt_pending_remove(cmd);
4181 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4184 hci_dev_unlock(hdev);
4188 static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4190 struct mgmt_pending_cmd *cmd;
4192 BT_DBG("status %d", status);
4196 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4198 cmd->cmd_complete(cmd, mgmt_status(status));
4199 mgmt_pending_remove(cmd);
4203 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4205 hci_dev_unlock(hdev);
4208 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4211 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4212 struct mgmt_pending_cmd *cmd;
4213 struct hci_request req;
4216 BT_DBG("%s", hdev->name);
4220 if (!hci_discovery_active(hdev)) {
4221 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4222 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4223 sizeof(mgmt_cp->type));
4227 if (hdev->discovery.type != mgmt_cp->type) {
4228 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4229 MGMT_STATUS_INVALID_PARAMS,
4230 &mgmt_cp->type, sizeof(mgmt_cp->type));
4234 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4240 cmd->cmd_complete = generic_cmd_complete;
4242 hci_req_init(&req, hdev);
4244 hci_stop_discovery(&req);
4246 err = hci_req_run(&req, stop_discovery_complete);
4248 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4252 mgmt_pending_remove(cmd);
4254 /* If no HCI commands were sent we're done */
4255 if (err == -ENODATA) {
4256 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4257 &mgmt_cp->type, sizeof(mgmt_cp->type));
4258 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4262 hci_dev_unlock(hdev);
4266 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4269 struct mgmt_cp_confirm_name *cp = data;
4270 struct inquiry_entry *e;
4273 BT_DBG("%s", hdev->name);
4277 if (!hci_discovery_active(hdev)) {
4278 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4279 MGMT_STATUS_FAILED, &cp->addr,
4284 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4286 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4287 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4292 if (cp->name_known) {
4293 e->name_state = NAME_KNOWN;
4296 e->name_state = NAME_NEEDED;
4297 hci_inquiry_cache_update_resolve(hdev, e);
4300 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4301 &cp->addr, sizeof(cp->addr));
4304 hci_dev_unlock(hdev);
4308 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4311 struct mgmt_cp_block_device *cp = data;
4315 BT_DBG("%s", hdev->name);
4317 if (!bdaddr_type_is_valid(cp->addr.type))
4318 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4319 MGMT_STATUS_INVALID_PARAMS,
4320 &cp->addr, sizeof(cp->addr));
4324 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4327 status = MGMT_STATUS_FAILED;
4331 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4333 status = MGMT_STATUS_SUCCESS;
4336 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4337 &cp->addr, sizeof(cp->addr));
4339 hci_dev_unlock(hdev);
4344 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4347 struct mgmt_cp_unblock_device *cp = data;
4351 BT_DBG("%s", hdev->name);
4353 if (!bdaddr_type_is_valid(cp->addr.type))
4354 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4355 MGMT_STATUS_INVALID_PARAMS,
4356 &cp->addr, sizeof(cp->addr));
4360 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4363 status = MGMT_STATUS_INVALID_PARAMS;
4367 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4369 status = MGMT_STATUS_SUCCESS;
4372 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4373 &cp->addr, sizeof(cp->addr));
4375 hci_dev_unlock(hdev);
4380 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4383 struct mgmt_cp_set_device_id *cp = data;
4384 struct hci_request req;
4388 BT_DBG("%s", hdev->name);
4390 source = __le16_to_cpu(cp->source);
4392 if (source > 0x0002)
4393 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4394 MGMT_STATUS_INVALID_PARAMS);
4398 hdev->devid_source = source;
4399 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4400 hdev->devid_product = __le16_to_cpu(cp->product);
4401 hdev->devid_version = __le16_to_cpu(cp->version);
4403 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4406 hci_req_init(&req, hdev);
4408 hci_req_run(&req, NULL);
4410 hci_dev_unlock(hdev);
4415 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4418 BT_DBG("status %d", status);
4421 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4424 struct cmd_lookup match = { NULL, hdev };
4425 struct hci_request req;
4430 u8 mgmt_err = mgmt_status(status);
4432 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4433 cmd_status_rsp, &mgmt_err);
4437 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4438 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4440 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4442 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4445 new_settings(hdev, match.sk);
4450 /* If "Set Advertising" was just disabled and instance advertising was
4451 * set up earlier, then enable the advertising instance.
4453 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4454 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
4457 hci_req_init(&req, hdev);
4459 update_adv_data(&req);
4460 enable_advertising(&req);
4462 if (hci_req_run(&req, enable_advertising_instance) < 0)
4463 BT_ERR("Failed to re-configure advertising");
4466 hci_dev_unlock(hdev);
4469 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4472 struct mgmt_mode *cp = data;
4473 struct mgmt_pending_cmd *cmd;
4474 struct hci_request req;
4478 BT_DBG("request for %s", hdev->name);
4480 status = mgmt_le_support(hdev);
4482 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4485 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4486 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4487 MGMT_STATUS_INVALID_PARAMS);
4493 /* The following conditions are ones which mean that we should
4494 * not do any HCI communication but directly send a mgmt
4495 * response to user space (after toggling the flag if
4498 if (!hdev_is_powered(hdev) ||
4499 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4500 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4501 hci_conn_num(hdev, LE_LINK) > 0 ||
4502 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4503 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4507 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4508 if (cp->val == 0x02)
4509 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4511 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4513 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4514 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4517 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4522 err = new_settings(hdev, sk);
4527 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4528 pending_find(MGMT_OP_SET_LE, hdev)) {
4529 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4534 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4540 hci_req_init(&req, hdev);
4542 if (cp->val == 0x02)
4543 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4545 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4548 /* Switch to instance "0" for the Set Advertising setting. */
4549 update_adv_data_for_instance(&req, 0);
4550 enable_advertising(&req);
4552 disable_advertising(&req);
4555 err = hci_req_run(&req, set_advertising_complete);
4557 mgmt_pending_remove(cmd);
4560 hci_dev_unlock(hdev);
4564 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4565 void *data, u16 len)
4567 struct mgmt_cp_set_static_address *cp = data;
4570 BT_DBG("%s", hdev->name);
4572 if (!lmp_le_capable(hdev))
4573 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4574 MGMT_STATUS_NOT_SUPPORTED);
4576 if (hdev_is_powered(hdev))
4577 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4578 MGMT_STATUS_REJECTED);
4580 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4581 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4582 return mgmt_cmd_status(sk, hdev->id,
4583 MGMT_OP_SET_STATIC_ADDRESS,
4584 MGMT_STATUS_INVALID_PARAMS);
4586 /* Two most significant bits shall be set */
4587 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4588 return mgmt_cmd_status(sk, hdev->id,
4589 MGMT_OP_SET_STATIC_ADDRESS,
4590 MGMT_STATUS_INVALID_PARAMS);
4595 bacpy(&hdev->static_addr, &cp->bdaddr);
4597 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4601 err = new_settings(hdev, sk);
4604 hci_dev_unlock(hdev);
4608 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4609 void *data, u16 len)
4611 struct mgmt_cp_set_scan_params *cp = data;
4612 __u16 interval, window;
4615 BT_DBG("%s", hdev->name);
4617 if (!lmp_le_capable(hdev))
4618 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4619 MGMT_STATUS_NOT_SUPPORTED);
4621 interval = __le16_to_cpu(cp->interval);
4623 if (interval < 0x0004 || interval > 0x4000)
4624 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4625 MGMT_STATUS_INVALID_PARAMS);
4627 window = __le16_to_cpu(cp->window);
4629 if (window < 0x0004 || window > 0x4000)
4630 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4631 MGMT_STATUS_INVALID_PARAMS);
4633 if (window > interval)
4634 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4635 MGMT_STATUS_INVALID_PARAMS);
4639 hdev->le_scan_interval = interval;
4640 hdev->le_scan_window = window;
4642 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4645 /* If background scan is running, restart it so new parameters are
4648 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4649 hdev->discovery.state == DISCOVERY_STOPPED) {
4650 struct hci_request req;
4652 hci_req_init(&req, hdev);
4654 hci_req_add_le_scan_disable(&req);
4655 hci_req_add_le_passive_scan(&req);
4657 hci_req_run(&req, NULL);
4660 hci_dev_unlock(hdev);
4665 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4668 struct mgmt_pending_cmd *cmd;
4670 BT_DBG("status 0x%02x", status);
4674 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4679 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4680 mgmt_status(status));
4682 struct mgmt_mode *cp = cmd->param;
4685 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4687 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4689 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4690 new_settings(hdev, cmd->sk);
4693 mgmt_pending_remove(cmd);
4696 hci_dev_unlock(hdev);
4699 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4700 void *data, u16 len)
4702 struct mgmt_mode *cp = data;
4703 struct mgmt_pending_cmd *cmd;
4704 struct hci_request req;
4707 BT_DBG("%s", hdev->name);
4709 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4710 hdev->hci_ver < BLUETOOTH_VER_1_2)
4711 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4712 MGMT_STATUS_NOT_SUPPORTED);
4714 if (cp->val != 0x00 && cp->val != 0x01)
4715 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4716 MGMT_STATUS_INVALID_PARAMS);
4720 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4721 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4726 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4727 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4732 if (!hdev_is_powered(hdev)) {
4733 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4734 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4736 new_settings(hdev, sk);
4740 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4747 hci_req_init(&req, hdev);
4749 write_fast_connectable(&req, cp->val);
4751 err = hci_req_run(&req, fast_connectable_complete);
4753 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4754 MGMT_STATUS_FAILED);
4755 mgmt_pending_remove(cmd);
4759 hci_dev_unlock(hdev);
4764 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4766 struct mgmt_pending_cmd *cmd;
4768 BT_DBG("status 0x%02x", status);
4772 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4777 u8 mgmt_err = mgmt_status(status);
4779 /* We need to restore the flag if related HCI commands
4782 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4784 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4786 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4787 new_settings(hdev, cmd->sk);
4790 mgmt_pending_remove(cmd);
4793 hci_dev_unlock(hdev);
4796 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4798 struct mgmt_mode *cp = data;
4799 struct mgmt_pending_cmd *cmd;
4800 struct hci_request req;
4803 BT_DBG("request for %s", hdev->name);
4805 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4806 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4807 MGMT_STATUS_NOT_SUPPORTED);
4809 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4810 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4811 MGMT_STATUS_REJECTED);
4813 if (cp->val != 0x00 && cp->val != 0x01)
4814 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4815 MGMT_STATUS_INVALID_PARAMS);
4819 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4820 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4824 if (!hdev_is_powered(hdev)) {
4826 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4827 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4828 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4829 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4830 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4833 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4835 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4839 err = new_settings(hdev, sk);
4843 /* Reject disabling when powered on */
4845 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4846 MGMT_STATUS_REJECTED);
4849 /* When configuring a dual-mode controller to operate
4850 * with LE only and using a static address, then switching
4851 * BR/EDR back on is not allowed.
4853 * Dual-mode controllers shall operate with the public
4854 * address as its identity address for BR/EDR and LE. So
4855 * reject the attempt to create an invalid configuration.
4857 * The same restrictions applies when secure connections
4858 * has been enabled. For BR/EDR this is a controller feature
4859 * while for LE it is a host stack feature. This means that
4860 * switching BR/EDR back on when secure connections has been
4861 * enabled is not a supported transaction.
4863 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4864 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4865 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4866 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4867 MGMT_STATUS_REJECTED);
4872 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4873 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4878 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4884 /* We need to flip the bit already here so that update_adv_data
4885 * generates the correct flags.
4887 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4889 hci_req_init(&req, hdev);
4891 write_fast_connectable(&req, false);
4892 __hci_update_page_scan(&req);
4894 /* Since only the advertising data flags will change, there
4895 * is no need to update the scan response data.
4897 update_adv_data(&req);
4899 err = hci_req_run(&req, set_bredr_complete);
4901 mgmt_pending_remove(cmd);
4904 hci_dev_unlock(hdev);
4908 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4910 struct mgmt_pending_cmd *cmd;
4911 struct mgmt_mode *cp;
4913 BT_DBG("%s status %u", hdev->name, status);
4917 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4922 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4923 mgmt_status(status));
4931 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4932 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4935 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4936 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4939 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4940 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4944 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4945 new_settings(hdev, cmd->sk);
4948 mgmt_pending_remove(cmd);
4950 hci_dev_unlock(hdev);
4953 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4954 void *data, u16 len)
4956 struct mgmt_mode *cp = data;
4957 struct mgmt_pending_cmd *cmd;
4958 struct hci_request req;
4962 BT_DBG("request for %s", hdev->name);
4964 if (!lmp_sc_capable(hdev) &&
4965 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4966 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4967 MGMT_STATUS_NOT_SUPPORTED);
4969 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4970 lmp_sc_capable(hdev) &&
4971 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4972 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4973 MGMT_STATUS_REJECTED);
4975 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4976 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4977 MGMT_STATUS_INVALID_PARAMS);
4981 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4982 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4986 changed = !hci_dev_test_and_set_flag(hdev,
4988 if (cp->val == 0x02)
4989 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4991 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4993 changed = hci_dev_test_and_clear_flag(hdev,
4995 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4998 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5003 err = new_settings(hdev, sk);
5008 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5009 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5016 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5017 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5018 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5022 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5028 hci_req_init(&req, hdev);
5029 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5030 err = hci_req_run(&req, sc_enable_complete);
5032 mgmt_pending_remove(cmd);
5037 hci_dev_unlock(hdev);
5041 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5042 void *data, u16 len)
5044 struct mgmt_mode *cp = data;
5045 bool changed, use_changed;
5048 BT_DBG("request for %s", hdev->name);
5050 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5051 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5052 MGMT_STATUS_INVALID_PARAMS);
5057 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5059 changed = hci_dev_test_and_clear_flag(hdev,
5060 HCI_KEEP_DEBUG_KEYS);
5062 if (cp->val == 0x02)
5063 use_changed = !hci_dev_test_and_set_flag(hdev,
5064 HCI_USE_DEBUG_KEYS);
5066 use_changed = hci_dev_test_and_clear_flag(hdev,
5067 HCI_USE_DEBUG_KEYS);
5069 if (hdev_is_powered(hdev) && use_changed &&
5070 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5071 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5072 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5073 sizeof(mode), &mode);
5076 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5081 err = new_settings(hdev, sk);
5084 hci_dev_unlock(hdev);
5088 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5091 struct mgmt_cp_set_privacy *cp = cp_data;
5095 BT_DBG("request for %s", hdev->name);
5097 if (!lmp_le_capable(hdev))
5098 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5099 MGMT_STATUS_NOT_SUPPORTED);
5101 if (cp->privacy != 0x00 && cp->privacy != 0x01)
5102 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5103 MGMT_STATUS_INVALID_PARAMS);
5105 if (hdev_is_powered(hdev))
5106 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5107 MGMT_STATUS_REJECTED);
5111 /* If user space supports this command it is also expected to
5112 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5114 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5117 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
5118 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5119 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5121 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
5122 memset(hdev->irk, 0, sizeof(hdev->irk));
5123 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
5126 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5131 err = new_settings(hdev, sk);
5134 hci_dev_unlock(hdev);
5138 static bool irk_is_valid(struct mgmt_irk_info *irk)
5140 switch (irk->addr.type) {
5141 case BDADDR_LE_PUBLIC:
5144 case BDADDR_LE_RANDOM:
5145 /* Two most significant bits shall be set */
5146 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5154 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5157 struct mgmt_cp_load_irks *cp = cp_data;
5158 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5159 sizeof(struct mgmt_irk_info));
5160 u16 irk_count, expected_len;
5163 BT_DBG("request for %s", hdev->name);
5165 if (!lmp_le_capable(hdev))
5166 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5167 MGMT_STATUS_NOT_SUPPORTED);
5169 irk_count = __le16_to_cpu(cp->irk_count);
5170 if (irk_count > max_irk_count) {
5171 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5172 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5173 MGMT_STATUS_INVALID_PARAMS);
5176 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5177 if (expected_len != len) {
5178 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5180 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5181 MGMT_STATUS_INVALID_PARAMS);
5184 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5186 for (i = 0; i < irk_count; i++) {
5187 struct mgmt_irk_info *key = &cp->irks[i];
5189 if (!irk_is_valid(key))
5190 return mgmt_cmd_status(sk, hdev->id,
5192 MGMT_STATUS_INVALID_PARAMS);
5197 hci_smp_irks_clear(hdev);
5199 for (i = 0; i < irk_count; i++) {
5200 struct mgmt_irk_info *irk = &cp->irks[i];
5203 if (irk->addr.type == BDADDR_LE_PUBLIC)
5204 addr_type = ADDR_LE_DEV_PUBLIC;
5206 addr_type = ADDR_LE_DEV_RANDOM;
5208 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5212 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5214 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5216 hci_dev_unlock(hdev);
5221 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5223 if (key->master != 0x00 && key->master != 0x01)
5226 switch (key->addr.type) {
5227 case BDADDR_LE_PUBLIC:
5230 case BDADDR_LE_RANDOM:
5231 /* Two most significant bits shall be set */
5232 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5240 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5241 void *cp_data, u16 len)
5243 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5244 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5245 sizeof(struct mgmt_ltk_info));
5246 u16 key_count, expected_len;
5249 BT_DBG("request for %s", hdev->name);
5251 if (!lmp_le_capable(hdev))
5252 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5253 MGMT_STATUS_NOT_SUPPORTED);
5255 key_count = __le16_to_cpu(cp->key_count);
5256 if (key_count > max_key_count) {
5257 BT_ERR("load_ltks: too big key_count value %u", key_count);
5258 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5259 MGMT_STATUS_INVALID_PARAMS);
5262 expected_len = sizeof(*cp) + key_count *
5263 sizeof(struct mgmt_ltk_info);
5264 if (expected_len != len) {
5265 BT_ERR("load_keys: expected %u bytes, got %u bytes",
5267 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5268 MGMT_STATUS_INVALID_PARAMS);
5271 BT_DBG("%s key_count %u", hdev->name, key_count);
5273 for (i = 0; i < key_count; i++) {
5274 struct mgmt_ltk_info *key = &cp->keys[i];
5276 if (!ltk_is_valid(key))
5277 return mgmt_cmd_status(sk, hdev->id,
5278 MGMT_OP_LOAD_LONG_TERM_KEYS,
5279 MGMT_STATUS_INVALID_PARAMS);
5284 hci_smp_ltks_clear(hdev);
5286 for (i = 0; i < key_count; i++) {
5287 struct mgmt_ltk_info *key = &cp->keys[i];
5288 u8 type, addr_type, authenticated;
5290 if (key->addr.type == BDADDR_LE_PUBLIC)
5291 addr_type = ADDR_LE_DEV_PUBLIC;
5293 addr_type = ADDR_LE_DEV_RANDOM;
5295 switch (key->type) {
5296 case MGMT_LTK_UNAUTHENTICATED:
5297 authenticated = 0x00;
5298 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5300 case MGMT_LTK_AUTHENTICATED:
5301 authenticated = 0x01;
5302 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5304 case MGMT_LTK_P256_UNAUTH:
5305 authenticated = 0x00;
5306 type = SMP_LTK_P256;
5308 case MGMT_LTK_P256_AUTH:
5309 authenticated = 0x01;
5310 type = SMP_LTK_P256;
5312 case MGMT_LTK_P256_DEBUG:
5313 authenticated = 0x00;
5314 type = SMP_LTK_P256_DEBUG;
5319 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
5320 authenticated, key->val, key->enc_size, key->ediv,
5324 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5327 hci_dev_unlock(hdev);
5332 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5334 struct hci_conn *conn = cmd->user_data;
5335 struct mgmt_rp_get_conn_info rp;
5338 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5340 if (status == MGMT_STATUS_SUCCESS) {
5341 rp.rssi = conn->rssi;
5342 rp.tx_power = conn->tx_power;
5343 rp.max_tx_power = conn->max_tx_power;
5345 rp.rssi = HCI_RSSI_INVALID;
5346 rp.tx_power = HCI_TX_POWER_INVALID;
5347 rp.max_tx_power = HCI_TX_POWER_INVALID;
5350 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5351 status, &rp, sizeof(rp));
5353 hci_conn_drop(conn);
5359 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5362 struct hci_cp_read_rssi *cp;
5363 struct mgmt_pending_cmd *cmd;
5364 struct hci_conn *conn;
5368 BT_DBG("status 0x%02x", hci_status);
5372 /* Commands sent in request are either Read RSSI or Read Transmit Power
5373 * Level so we check which one was last sent to retrieve connection
5374 * handle. Both commands have handle as first parameter so it's safe to
5375 * cast data on the same command struct.
5377 * First command sent is always Read RSSI and we fail only if it fails.
5378 * In other case we simply override error to indicate success as we
5379 * already remembered if TX power value is actually valid.
5381 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5383 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5384 status = MGMT_STATUS_SUCCESS;
5386 status = mgmt_status(hci_status);
5390 BT_ERR("invalid sent_cmd in conn_info response");
5394 handle = __le16_to_cpu(cp->handle);
5395 conn = hci_conn_hash_lookup_handle(hdev, handle);
5397 BT_ERR("unknown handle (%d) in conn_info response", handle);
5401 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5405 cmd->cmd_complete(cmd, status);
5406 mgmt_pending_remove(cmd);
5409 hci_dev_unlock(hdev);
5412 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5415 struct mgmt_cp_get_conn_info *cp = data;
5416 struct mgmt_rp_get_conn_info rp;
5417 struct hci_conn *conn;
5418 unsigned long conn_info_age;
5421 BT_DBG("%s", hdev->name);
5423 memset(&rp, 0, sizeof(rp));
5424 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5425 rp.addr.type = cp->addr.type;
5427 if (!bdaddr_type_is_valid(cp->addr.type))
5428 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5429 MGMT_STATUS_INVALID_PARAMS,
5434 if (!hdev_is_powered(hdev)) {
5435 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5436 MGMT_STATUS_NOT_POWERED, &rp,
5441 if (cp->addr.type == BDADDR_BREDR)
5442 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5445 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5447 if (!conn || conn->state != BT_CONNECTED) {
5448 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5449 MGMT_STATUS_NOT_CONNECTED, &rp,
5454 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5455 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5456 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5460 /* To avoid client trying to guess when to poll again for information we
5461 * calculate conn info age as random value between min/max set in hdev.
5463 conn_info_age = hdev->conn_info_min_age +
5464 prandom_u32_max(hdev->conn_info_max_age -
5465 hdev->conn_info_min_age);
5467 /* Query controller to refresh cached values if they are too old or were
5470 if (time_after(jiffies, conn->conn_info_timestamp +
5471 msecs_to_jiffies(conn_info_age)) ||
5472 !conn->conn_info_timestamp) {
5473 struct hci_request req;
5474 struct hci_cp_read_tx_power req_txp_cp;
5475 struct hci_cp_read_rssi req_rssi_cp;
5476 struct mgmt_pending_cmd *cmd;
5478 hci_req_init(&req, hdev);
5479 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5480 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5483 /* For LE links TX power does not change thus we don't need to
5484 * query for it once value is known.
5486 if (!bdaddr_type_is_le(cp->addr.type) ||
5487 conn->tx_power == HCI_TX_POWER_INVALID) {
5488 req_txp_cp.handle = cpu_to_le16(conn->handle);
5489 req_txp_cp.type = 0x00;
5490 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5491 sizeof(req_txp_cp), &req_txp_cp);
5494 /* Max TX power needs to be read only once per connection */
5495 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5496 req_txp_cp.handle = cpu_to_le16(conn->handle);
5497 req_txp_cp.type = 0x01;
5498 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5499 sizeof(req_txp_cp), &req_txp_cp);
5502 err = hci_req_run(&req, conn_info_refresh_complete);
5506 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5513 hci_conn_hold(conn);
5514 cmd->user_data = hci_conn_get(conn);
5515 cmd->cmd_complete = conn_info_cmd_complete;
5517 conn->conn_info_timestamp = jiffies;
5519 /* Cache is valid, just reply with values cached in hci_conn */
5520 rp.rssi = conn->rssi;
5521 rp.tx_power = conn->tx_power;
5522 rp.max_tx_power = conn->max_tx_power;
5524 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5525 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5529 hci_dev_unlock(hdev);
5533 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5535 struct hci_conn *conn = cmd->user_data;
5536 struct mgmt_rp_get_clock_info rp;
5537 struct hci_dev *hdev;
5540 memset(&rp, 0, sizeof(rp));
5541 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5546 hdev = hci_dev_get(cmd->index);
5548 rp.local_clock = cpu_to_le32(hdev->clock);
5553 rp.piconet_clock = cpu_to_le32(conn->clock);
5554 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5558 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5562 hci_conn_drop(conn);
5569 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5571 struct hci_cp_read_clock *hci_cp;
5572 struct mgmt_pending_cmd *cmd;
5573 struct hci_conn *conn;
5575 BT_DBG("%s status %u", hdev->name, status);
5579 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5583 if (hci_cp->which) {
5584 u16 handle = __le16_to_cpu(hci_cp->handle);
5585 conn = hci_conn_hash_lookup_handle(hdev, handle);
5590 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5594 cmd->cmd_complete(cmd, mgmt_status(status));
5595 mgmt_pending_remove(cmd);
5598 hci_dev_unlock(hdev);
5601 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5604 struct mgmt_cp_get_clock_info *cp = data;
5605 struct mgmt_rp_get_clock_info rp;
5606 struct hci_cp_read_clock hci_cp;
5607 struct mgmt_pending_cmd *cmd;
5608 struct hci_request req;
5609 struct hci_conn *conn;
5612 BT_DBG("%s", hdev->name);
5614 memset(&rp, 0, sizeof(rp));
5615 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5616 rp.addr.type = cp->addr.type;
5618 if (cp->addr.type != BDADDR_BREDR)
5619 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5620 MGMT_STATUS_INVALID_PARAMS,
5625 if (!hdev_is_powered(hdev)) {
5626 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5627 MGMT_STATUS_NOT_POWERED, &rp,
5632 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5633 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5635 if (!conn || conn->state != BT_CONNECTED) {
5636 err = mgmt_cmd_complete(sk, hdev->id,
5637 MGMT_OP_GET_CLOCK_INFO,
5638 MGMT_STATUS_NOT_CONNECTED,
5646 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5652 cmd->cmd_complete = clock_info_cmd_complete;
5654 hci_req_init(&req, hdev);
5656 memset(&hci_cp, 0, sizeof(hci_cp));
5657 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5660 hci_conn_hold(conn);
5661 cmd->user_data = hci_conn_get(conn);
5663 hci_cp.handle = cpu_to_le16(conn->handle);
5664 hci_cp.which = 0x01; /* Piconet clock */
5665 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5668 err = hci_req_run(&req, get_clock_info_complete);
5670 mgmt_pending_remove(cmd);
5673 hci_dev_unlock(hdev);
5677 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5679 struct hci_conn *conn;
5681 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5685 if (conn->dst_type != type)
5688 if (conn->state != BT_CONNECTED)
5694 /* This function requires the caller holds hdev->lock */
5695 static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5696 u8 addr_type, u8 auto_connect)
5698 struct hci_dev *hdev = req->hdev;
5699 struct hci_conn_params *params;
5701 params = hci_conn_params_add(hdev, addr, addr_type);
5705 if (params->auto_connect == auto_connect)
5708 list_del_init(¶ms->action);
5710 switch (auto_connect) {
5711 case HCI_AUTO_CONN_DISABLED:
5712 case HCI_AUTO_CONN_LINK_LOSS:
5713 __hci_update_background_scan(req);
5715 case HCI_AUTO_CONN_REPORT:
5716 list_add(¶ms->action, &hdev->pend_le_reports);
5717 __hci_update_background_scan(req);
5719 case HCI_AUTO_CONN_DIRECT:
5720 case HCI_AUTO_CONN_ALWAYS:
5721 if (!is_connected(hdev, addr, addr_type)) {
5722 list_add(¶ms->action, &hdev->pend_le_conns);
5723 __hci_update_background_scan(req);
5728 params->auto_connect = auto_connect;
5730 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5736 static void device_added(struct sock *sk, struct hci_dev *hdev,
5737 bdaddr_t *bdaddr, u8 type, u8 action)
5739 struct mgmt_ev_device_added ev;
5741 bacpy(&ev.addr.bdaddr, bdaddr);
5742 ev.addr.type = type;
5745 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5748 static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5750 struct mgmt_pending_cmd *cmd;
5752 BT_DBG("status 0x%02x", status);
5756 cmd = pending_find(MGMT_OP_ADD_DEVICE, hdev);
5760 cmd->cmd_complete(cmd, mgmt_status(status));
5761 mgmt_pending_remove(cmd);
5764 hci_dev_unlock(hdev);
5767 static int add_device(struct sock *sk, struct hci_dev *hdev,
5768 void *data, u16 len)
5770 struct mgmt_cp_add_device *cp = data;
5771 struct mgmt_pending_cmd *cmd;
5772 struct hci_request req;
5773 u8 auto_conn, addr_type;
5776 BT_DBG("%s", hdev->name);
5778 if (!bdaddr_type_is_valid(cp->addr.type) ||
5779 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5780 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5781 MGMT_STATUS_INVALID_PARAMS,
5782 &cp->addr, sizeof(cp->addr));
5784 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5785 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5786 MGMT_STATUS_INVALID_PARAMS,
5787 &cp->addr, sizeof(cp->addr));
5789 hci_req_init(&req, hdev);
5793 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5799 cmd->cmd_complete = addr_cmd_complete;
5801 if (cp->addr.type == BDADDR_BREDR) {
5802 /* Only incoming connections action is supported for now */
5803 if (cp->action != 0x01) {
5804 err = cmd->cmd_complete(cmd,
5805 MGMT_STATUS_INVALID_PARAMS);
5806 mgmt_pending_remove(cmd);
5810 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5815 __hci_update_page_scan(&req);
5820 if (cp->addr.type == BDADDR_LE_PUBLIC)
5821 addr_type = ADDR_LE_DEV_PUBLIC;
5823 addr_type = ADDR_LE_DEV_RANDOM;
5825 if (cp->action == 0x02)
5826 auto_conn = HCI_AUTO_CONN_ALWAYS;
5827 else if (cp->action == 0x01)
5828 auto_conn = HCI_AUTO_CONN_DIRECT;
5830 auto_conn = HCI_AUTO_CONN_REPORT;
5832 /* If the connection parameters don't exist for this device,
5833 * they will be created and configured with defaults.
5835 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
5837 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5838 mgmt_pending_remove(cmd);
5843 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5845 err = hci_req_run(&req, add_device_complete);
5847 /* ENODATA means no HCI commands were needed (e.g. if
5848 * the adapter is powered off).
5850 if (err == -ENODATA)
5851 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5852 mgmt_pending_remove(cmd);
5856 hci_dev_unlock(hdev);
5860 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5861 bdaddr_t *bdaddr, u8 type)
5863 struct mgmt_ev_device_removed ev;
5865 bacpy(&ev.addr.bdaddr, bdaddr);
5866 ev.addr.type = type;
5868 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5871 static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5873 struct mgmt_pending_cmd *cmd;
5875 BT_DBG("status 0x%02x", status);
5879 cmd = pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5883 cmd->cmd_complete(cmd, mgmt_status(status));
5884 mgmt_pending_remove(cmd);
5887 hci_dev_unlock(hdev);
5890 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5891 void *data, u16 len)
5893 struct mgmt_cp_remove_device *cp = data;
5894 struct mgmt_pending_cmd *cmd;
5895 struct hci_request req;
5898 BT_DBG("%s", hdev->name);
5900 hci_req_init(&req, hdev);
5904 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5910 cmd->cmd_complete = addr_cmd_complete;
5912 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5913 struct hci_conn_params *params;
5916 if (!bdaddr_type_is_valid(cp->addr.type)) {
5917 err = cmd->cmd_complete(cmd,
5918 MGMT_STATUS_INVALID_PARAMS);
5919 mgmt_pending_remove(cmd);
5923 if (cp->addr.type == BDADDR_BREDR) {
5924 err = hci_bdaddr_list_del(&hdev->whitelist,
5928 err = cmd->cmd_complete(cmd,
5929 MGMT_STATUS_INVALID_PARAMS);
5930 mgmt_pending_remove(cmd);
5934 __hci_update_page_scan(&req);
5936 device_removed(sk, hdev, &cp->addr.bdaddr,
5941 if (cp->addr.type == BDADDR_LE_PUBLIC)
5942 addr_type = ADDR_LE_DEV_PUBLIC;
5944 addr_type = ADDR_LE_DEV_RANDOM;
5946 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5949 err = cmd->cmd_complete(cmd,
5950 MGMT_STATUS_INVALID_PARAMS);
5951 mgmt_pending_remove(cmd);
5955 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5956 err = cmd->cmd_complete(cmd,
5957 MGMT_STATUS_INVALID_PARAMS);
5958 mgmt_pending_remove(cmd);
5962 list_del(¶ms->action);
5963 list_del(¶ms->list);
5965 __hci_update_background_scan(&req);
5967 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5969 struct hci_conn_params *p, *tmp;
5970 struct bdaddr_list *b, *btmp;
5972 if (cp->addr.type) {
5973 err = cmd->cmd_complete(cmd,
5974 MGMT_STATUS_INVALID_PARAMS);
5975 mgmt_pending_remove(cmd);
5979 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5980 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5985 __hci_update_page_scan(&req);
5987 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5988 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5990 device_removed(sk, hdev, &p->addr, p->addr_type);
5991 list_del(&p->action);
5996 BT_DBG("All LE connection parameters were removed");
5998 __hci_update_background_scan(&req);
6002 err = hci_req_run(&req, remove_device_complete);
6004 /* ENODATA means no HCI commands were needed (e.g. if
6005 * the adapter is powered off).
6007 if (err == -ENODATA)
6008 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6009 mgmt_pending_remove(cmd);
6013 hci_dev_unlock(hdev);
6017 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6020 struct mgmt_cp_load_conn_param *cp = data;
6021 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6022 sizeof(struct mgmt_conn_param));
6023 u16 param_count, expected_len;
6026 if (!lmp_le_capable(hdev))
6027 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6028 MGMT_STATUS_NOT_SUPPORTED);
6030 param_count = __le16_to_cpu(cp->param_count);
6031 if (param_count > max_param_count) {
6032 BT_ERR("load_conn_param: too big param_count value %u",
6034 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6035 MGMT_STATUS_INVALID_PARAMS);
6038 expected_len = sizeof(*cp) + param_count *
6039 sizeof(struct mgmt_conn_param);
6040 if (expected_len != len) {
6041 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6043 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6044 MGMT_STATUS_INVALID_PARAMS);
6047 BT_DBG("%s param_count %u", hdev->name, param_count);
6051 hci_conn_params_clear_disabled(hdev);
6053 for (i = 0; i < param_count; i++) {
6054 struct mgmt_conn_param *param = &cp->params[i];
6055 struct hci_conn_params *hci_param;
6056 u16 min, max, latency, timeout;
6059 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
6062 if (param->addr.type == BDADDR_LE_PUBLIC) {
6063 addr_type = ADDR_LE_DEV_PUBLIC;
6064 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6065 addr_type = ADDR_LE_DEV_RANDOM;
6067 BT_ERR("Ignoring invalid connection parameters");
6071 min = le16_to_cpu(param->min_interval);
6072 max = le16_to_cpu(param->max_interval);
6073 latency = le16_to_cpu(param->latency);
6074 timeout = le16_to_cpu(param->timeout);
6076 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6077 min, max, latency, timeout);
6079 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6080 BT_ERR("Ignoring invalid connection parameters");
6084 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
6087 BT_ERR("Failed to add connection parameters");
6091 hci_param->conn_min_interval = min;
6092 hci_param->conn_max_interval = max;
6093 hci_param->conn_latency = latency;
6094 hci_param->supervision_timeout = timeout;
6097 hci_dev_unlock(hdev);
6099 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6103 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6104 void *data, u16 len)
6106 struct mgmt_cp_set_external_config *cp = data;
6110 BT_DBG("%s", hdev->name);
6112 if (hdev_is_powered(hdev))
6113 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6114 MGMT_STATUS_REJECTED);
6116 if (cp->config != 0x00 && cp->config != 0x01)
6117 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6118 MGMT_STATUS_INVALID_PARAMS);
6120 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6121 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6122 MGMT_STATUS_NOT_SUPPORTED);
6127 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6129 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6131 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6138 err = new_options(hdev, sk);
6140 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6141 mgmt_index_removed(hdev);
6143 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6144 hci_dev_set_flag(hdev, HCI_CONFIG);
6145 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6147 queue_work(hdev->req_workqueue, &hdev->power_on);
6149 set_bit(HCI_RAW, &hdev->flags);
6150 mgmt_index_added(hdev);
6155 hci_dev_unlock(hdev);
6159 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6160 void *data, u16 len)
6162 struct mgmt_cp_set_public_address *cp = data;
6166 BT_DBG("%s", hdev->name);
6168 if (hdev_is_powered(hdev))
6169 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6170 MGMT_STATUS_REJECTED);
6172 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6173 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6174 MGMT_STATUS_INVALID_PARAMS);
6176 if (!hdev->set_bdaddr)
6177 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6178 MGMT_STATUS_NOT_SUPPORTED);
6182 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6183 bacpy(&hdev->public_addr, &cp->bdaddr);
6185 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6192 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6193 err = new_options(hdev, sk);
6195 if (is_configured(hdev)) {
6196 mgmt_index_removed(hdev);
6198 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6200 hci_dev_set_flag(hdev, HCI_CONFIG);
6201 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6203 queue_work(hdev->req_workqueue, &hdev->power_on);
6207 hci_dev_unlock(hdev);
6211 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6214 eir[eir_len++] = sizeof(type) + data_len;
6215 eir[eir_len++] = type;
6216 memcpy(&eir[eir_len], data, data_len);
6217 eir_len += data_len;
6222 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6223 void *data, u16 data_len)
6225 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6226 struct mgmt_rp_read_local_oob_ext_data *rp;
6229 u8 status, flags, role, addr[7], hash[16], rand[16];
6232 BT_DBG("%s", hdev->name);
6234 if (!hdev_is_powered(hdev))
6235 return mgmt_cmd_complete(sk, hdev->id,
6236 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6237 MGMT_STATUS_NOT_POWERED,
6238 &cp->type, sizeof(cp->type));
6241 case BIT(BDADDR_BREDR):
6242 status = mgmt_bredr_support(hdev);
6244 return mgmt_cmd_complete(sk, hdev->id,
6245 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6250 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6251 status = mgmt_le_support(hdev);
6253 return mgmt_cmd_complete(sk, hdev->id,
6254 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6257 eir_len = 9 + 3 + 18 + 18 + 3;
6260 return mgmt_cmd_complete(sk, hdev->id,
6261 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6262 MGMT_STATUS_INVALID_PARAMS,
6263 &cp->type, sizeof(cp->type));
6268 rp_len = sizeof(*rp) + eir_len;
6269 rp = kmalloc(rp_len, GFP_ATOMIC);
6271 hci_dev_unlock(hdev);
6277 case BIT(BDADDR_BREDR):
6278 eir_len = eir_append_data(rp->eir, eir_len, EIR_CLASS_OF_DEV,
6279 hdev->dev_class, 3);
6281 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6282 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6283 smp_generate_oob(hdev, hash, rand) < 0) {
6284 hci_dev_unlock(hdev);
6285 err = mgmt_cmd_complete(sk, hdev->id,
6286 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6288 &cp->type, sizeof(cp->type));
6292 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6293 memcpy(addr, &hdev->rpa, 6);
6295 } else if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6296 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6297 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6298 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6299 memcpy(addr, &hdev->static_addr, 6);
6302 memcpy(addr, &hdev->bdaddr, 6);
6306 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6307 addr, sizeof(addr));
6309 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6314 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6315 &role, sizeof(role));
6317 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6318 eir_len = eir_append_data(rp->eir, eir_len,
6320 hash, sizeof(hash));
6322 eir_len = eir_append_data(rp->eir, eir_len,
6324 rand, sizeof(rand));
6327 flags = get_adv_discov_flags(hdev);
6329 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6330 flags |= LE_AD_NO_BREDR;
6332 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6333 &flags, sizeof(flags));
6337 rp->type = cp->type;
6338 rp->eir_len = cpu_to_le16(eir_len);
6340 hci_dev_unlock(hdev);
6342 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6344 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6345 MGMT_STATUS_SUCCESS, rp, sizeof(*rp) + eir_len);
6349 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6350 rp, sizeof(*rp) + eir_len,
6351 HCI_MGMT_OOB_DATA_EVENTS, sk);
6359 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6360 void *data, u16 data_len)
6362 struct mgmt_rp_read_adv_features *rp;
6367 BT_DBG("%s", hdev->name);
6371 rp_len = sizeof(*rp);
6373 /* Currently only one instance is supported, so just add 1 to the
6376 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6380 rp = kmalloc(rp_len, GFP_ATOMIC);
6382 hci_dev_unlock(hdev);
6386 rp->supported_flags = cpu_to_le32(0);
6387 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6388 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6389 rp->max_instances = 1;
6391 /* Currently only one instance is supported, so simply return the
6392 * current instance number.
6395 rp->num_instances = 1;
6396 rp->instance[0] = 1;
6398 rp->num_instances = 0;
6401 hci_dev_unlock(hdev);
6403 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6404 MGMT_STATUS_SUCCESS, rp, rp_len);
6411 static bool adv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *adv_data,
6414 u8 max_adv_len = HCI_MAX_AD_LENGTH;
6417 /* TODO: Correctly reduce adv_len based on adv_flags. */
6419 if (adv_data_len > max_adv_len)
6422 /* Make sure that adv_data is correctly formatted. */
6423 for (i = 0, cur_len = 0; i < adv_data_len; i += (cur_len + 1)) {
6424 cur_len = adv_data[i];
6426 /* If the current field length would exceed the total data
6427 * length, then it's invalid.
6429 if (i + cur_len >= adv_data_len)
6436 static void advertising_added(struct sock *sk, struct hci_dev *hdev,
6439 struct mgmt_ev_advertising_added ev;
6441 ev.instance = instance;
6443 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
6446 static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
6449 struct mgmt_ev_advertising_removed ev;
6451 ev.instance = instance;
6453 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
6456 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6459 struct mgmt_pending_cmd *cmd;
6460 struct mgmt_rp_add_advertising rp;
6462 BT_DBG("status %d", status);
6466 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6469 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6470 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6471 advertising_removed(cmd ? cmd->sk : NULL, hdev, 1);
6480 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6481 mgmt_status(status));
6483 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6484 mgmt_status(status), &rp, sizeof(rp));
6486 mgmt_pending_remove(cmd);
6489 hci_dev_unlock(hdev);
6492 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6493 void *data, u16 data_len)
6495 struct mgmt_cp_add_advertising *cp = data;
6496 struct mgmt_rp_add_advertising rp;
6500 struct mgmt_pending_cmd *cmd;
6501 struct hci_request req;
6503 BT_DBG("%s", hdev->name);
6505 status = mgmt_le_support(hdev);
6507 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6510 flags = __le32_to_cpu(cp->flags);
6512 /* The current implementation only supports adding one instance and
6513 * doesn't support flags.
6515 if (cp->instance != 0x01 || flags)
6516 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6517 MGMT_STATUS_INVALID_PARAMS);
6521 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6522 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6523 pending_find(MGMT_OP_SET_LE, hdev)) {
6524 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6529 if (!adv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len)) {
6530 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6531 MGMT_STATUS_INVALID_PARAMS);
6535 hdev->adv_instance.flags = flags;
6536 hdev->adv_instance.adv_data_len = cp->adv_data_len;
6537 hdev->adv_instance.scan_rsp_len = cp->scan_rsp_len;
6539 if (cp->adv_data_len)
6540 memcpy(hdev->adv_instance.adv_data, cp->data, cp->adv_data_len);
6542 if (cp->scan_rsp_len)
6543 memcpy(hdev->adv_instance.scan_rsp_data,
6544 cp->data + cp->adv_data_len, cp->scan_rsp_len);
6546 if (!hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING_INSTANCE))
6547 advertising_added(sk, hdev, 1);
6549 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
6550 * we have no HCI communication to make. Simply return.
6552 if (!hdev_is_powered(hdev) ||
6553 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6555 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6556 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6560 /* We're good to go, update advertising data, parameters, and start
6563 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6570 hci_req_init(&req, hdev);
6572 update_adv_data(&req);
6573 enable_advertising(&req);
6575 err = hci_req_run(&req, add_advertising_complete);
6577 mgmt_pending_remove(cmd);
6580 hci_dev_unlock(hdev);
6585 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6588 struct mgmt_pending_cmd *cmd;
6589 struct mgmt_rp_remove_advertising rp;
6591 BT_DBG("status %d", status);
6595 /* A failure status here only means that we failed to disable
6596 * advertising. Otherwise, the advertising instance has been removed,
6597 * so report success.
6599 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6605 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6607 mgmt_pending_remove(cmd);
6610 hci_dev_unlock(hdev);
6613 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6614 void *data, u16 data_len)
6616 struct mgmt_cp_remove_advertising *cp = data;
6617 struct mgmt_rp_remove_advertising rp;
6619 struct mgmt_pending_cmd *cmd;
6620 struct hci_request req;
6622 BT_DBG("%s", hdev->name);
6624 /* The current implementation only allows modifying instance no 1. A
6625 * value of 0 indicates that all instances should be cleared.
6627 if (cp->instance > 1)
6628 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6629 MGMT_STATUS_INVALID_PARAMS);
6633 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6634 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6635 pending_find(MGMT_OP_SET_LE, hdev)) {
6636 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6641 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
6642 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6643 MGMT_STATUS_INVALID_PARAMS);
6647 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6649 advertising_removed(sk, hdev, 1);
6651 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6653 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
6654 * we have no HCI communication to make. Simply return.
6656 if (!hdev_is_powered(hdev) ||
6657 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6659 err = mgmt_cmd_complete(sk, hdev->id,
6660 MGMT_OP_REMOVE_ADVERTISING,
6661 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6665 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6672 hci_req_init(&req, hdev);
6673 disable_advertising(&req);
6675 err = hci_req_run(&req, remove_advertising_complete);
6677 mgmt_pending_remove(cmd);
6680 hci_dev_unlock(hdev);
6685 static const struct hci_mgmt_handler mgmt_handlers[] = {
6686 { NULL }, /* 0x0000 (no command) */
6687 { read_version, MGMT_READ_VERSION_SIZE,
6689 HCI_MGMT_UNTRUSTED },
6690 { read_commands, MGMT_READ_COMMANDS_SIZE,
6692 HCI_MGMT_UNTRUSTED },
6693 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6695 HCI_MGMT_UNTRUSTED },
6696 { read_controller_info, MGMT_READ_INFO_SIZE,
6697 HCI_MGMT_UNTRUSTED },
6698 { set_powered, MGMT_SETTING_SIZE },
6699 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6700 { set_connectable, MGMT_SETTING_SIZE },
6701 { set_fast_connectable, MGMT_SETTING_SIZE },
6702 { set_bondable, MGMT_SETTING_SIZE },
6703 { set_link_security, MGMT_SETTING_SIZE },
6704 { set_ssp, MGMT_SETTING_SIZE },
6705 { set_hs, MGMT_SETTING_SIZE },
6706 { set_le, MGMT_SETTING_SIZE },
6707 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6708 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6709 { add_uuid, MGMT_ADD_UUID_SIZE },
6710 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6711 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6713 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6715 { disconnect, MGMT_DISCONNECT_SIZE },
6716 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6717 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6718 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6719 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6720 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6721 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6722 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6723 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6724 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6725 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6726 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6727 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6728 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6730 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6731 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6732 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6733 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6734 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6735 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6736 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6737 { set_advertising, MGMT_SETTING_SIZE },
6738 { set_bredr, MGMT_SETTING_SIZE },
6739 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6740 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6741 { set_secure_conn, MGMT_SETTING_SIZE },
6742 { set_debug_keys, MGMT_SETTING_SIZE },
6743 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6744 { load_irks, MGMT_LOAD_IRKS_SIZE,
6746 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6747 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6748 { add_device, MGMT_ADD_DEVICE_SIZE },
6749 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6750 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6752 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6754 HCI_MGMT_UNTRUSTED },
6755 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6756 HCI_MGMT_UNCONFIGURED |
6757 HCI_MGMT_UNTRUSTED },
6758 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6759 HCI_MGMT_UNCONFIGURED },
6760 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6761 HCI_MGMT_UNCONFIGURED },
6762 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6764 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6765 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6767 HCI_MGMT_UNTRUSTED },
6768 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6769 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6771 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6774 void mgmt_index_added(struct hci_dev *hdev)
6776 struct mgmt_ev_ext_index ev;
6778 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6781 switch (hdev->dev_type) {
6783 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6784 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6785 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6788 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6789 HCI_MGMT_INDEX_EVENTS);
6802 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6803 HCI_MGMT_EXT_INDEX_EVENTS);
6806 void mgmt_index_removed(struct hci_dev *hdev)
6808 struct mgmt_ev_ext_index ev;
6809 u8 status = MGMT_STATUS_INVALID_INDEX;
6811 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6814 switch (hdev->dev_type) {
6816 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6818 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6819 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6820 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6823 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6824 HCI_MGMT_INDEX_EVENTS);
6837 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6838 HCI_MGMT_EXT_INDEX_EVENTS);
6841 /* This function requires the caller holds hdev->lock */
6842 static void restart_le_actions(struct hci_request *req)
6844 struct hci_dev *hdev = req->hdev;
6845 struct hci_conn_params *p;
6847 list_for_each_entry(p, &hdev->le_conn_params, list) {
6848 /* Needed for AUTO_OFF case where might not "really"
6849 * have been powered off.
6851 list_del_init(&p->action);
6853 switch (p->auto_connect) {
6854 case HCI_AUTO_CONN_DIRECT:
6855 case HCI_AUTO_CONN_ALWAYS:
6856 list_add(&p->action, &hdev->pend_le_conns);
6858 case HCI_AUTO_CONN_REPORT:
6859 list_add(&p->action, &hdev->pend_le_reports);
6866 __hci_update_background_scan(req);
6869 static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6871 struct cmd_lookup match = { NULL, hdev };
6873 BT_DBG("status 0x%02x", status);
6876 /* Register the available SMP channels (BR/EDR and LE) only
6877 * when successfully powering on the controller. This late
6878 * registration is required so that LE SMP can clearly
6879 * decide if the public address or static address is used.
6886 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6888 new_settings(hdev, match.sk);
6890 hci_dev_unlock(hdev);
6896 static int powered_update_hci(struct hci_dev *hdev)
6898 struct hci_request req;
6901 hci_req_init(&req, hdev);
6903 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
6904 !lmp_host_ssp_capable(hdev)) {
6907 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6909 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6912 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6913 sizeof(support), &support);
6917 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
6918 lmp_bredr_capable(hdev)) {
6919 struct hci_cp_write_le_host_supported cp;
6924 /* Check first if we already have the right
6925 * host state (host features set)
6927 if (cp.le != lmp_host_le_capable(hdev) ||
6928 cp.simul != lmp_host_le_br_capable(hdev))
6929 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6933 if (lmp_le_capable(hdev)) {
6934 /* Make sure the controller has a good default for
6935 * advertising data. This also applies to the case
6936 * where BR/EDR was toggled during the AUTO_OFF phase.
6938 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
6939 update_adv_data(&req);
6940 update_scan_rsp_data(&req);
6943 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6944 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
6945 enable_advertising(&req);
6947 restart_le_actions(&req);
6950 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
6951 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
6952 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6953 sizeof(link_sec), &link_sec);
6955 if (lmp_bredr_capable(hdev)) {
6956 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
6957 write_fast_connectable(&req, true);
6959 write_fast_connectable(&req, false);
6960 __hci_update_page_scan(&req);
6966 return hci_req_run(&req, powered_complete);
6969 int mgmt_powered(struct hci_dev *hdev, u8 powered)
6971 struct cmd_lookup match = { NULL, hdev };
6972 u8 status, zero_cod[] = { 0, 0, 0 };
6975 if (!hci_dev_test_flag(hdev, HCI_MGMT))
6979 if (powered_update_hci(hdev) == 0)
6982 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6987 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6989 /* If the power off is because of hdev unregistration let
6990 * use the appropriate INVALID_INDEX status. Otherwise use
6991 * NOT_POWERED. We cover both scenarios here since later in
6992 * mgmt_index_removed() any hci_conn callbacks will have already
6993 * been triggered, potentially causing misleading DISCONNECTED
6996 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
6997 status = MGMT_STATUS_INVALID_INDEX;
6999 status = MGMT_STATUS_NOT_POWERED;
7001 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7003 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
7004 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7005 zero_cod, sizeof(zero_cod), NULL);
7008 err = new_settings(hdev, match.sk);
7016 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7018 struct mgmt_pending_cmd *cmd;
7021 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7025 if (err == -ERFKILL)
7026 status = MGMT_STATUS_RFKILLED;
7028 status = MGMT_STATUS_FAILED;
7030 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7032 mgmt_pending_remove(cmd);
7035 void mgmt_discoverable_timeout(struct hci_dev *hdev)
7037 struct hci_request req;
7041 /* When discoverable timeout triggers, then just make sure
7042 * the limited discoverable flag is cleared. Even in the case
7043 * of a timeout triggered from general discoverable, it is
7044 * safe to unconditionally clear the flag.
7046 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7047 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
7049 hci_req_init(&req, hdev);
7050 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
7051 u8 scan = SCAN_PAGE;
7052 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7053 sizeof(scan), &scan);
7057 /* Advertising instances don't use the global discoverable setting, so
7058 * only update AD if advertising was enabled using Set Advertising.
7060 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7061 update_adv_data(&req);
7063 hci_req_run(&req, NULL);
7065 hdev->discov_timeout = 0;
7067 new_settings(hdev, NULL);
7069 hci_dev_unlock(hdev);
7072 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7075 struct mgmt_ev_new_link_key ev;
7077 memset(&ev, 0, sizeof(ev));
7079 ev.store_hint = persistent;
7080 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7081 ev.key.addr.type = BDADDR_BREDR;
7082 ev.key.type = key->type;
7083 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7084 ev.key.pin_len = key->pin_len;
7086 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7089 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7091 switch (ltk->type) {
7094 if (ltk->authenticated)
7095 return MGMT_LTK_AUTHENTICATED;
7096 return MGMT_LTK_UNAUTHENTICATED;
7098 if (ltk->authenticated)
7099 return MGMT_LTK_P256_AUTH;
7100 return MGMT_LTK_P256_UNAUTH;
7101 case SMP_LTK_P256_DEBUG:
7102 return MGMT_LTK_P256_DEBUG;
7105 return MGMT_LTK_UNAUTHENTICATED;
7108 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7110 struct mgmt_ev_new_long_term_key ev;
7112 memset(&ev, 0, sizeof(ev));
7114 /* Devices using resolvable or non-resolvable random addresses
7115 * without providing an indentity resolving key don't require
7116 * to store long term keys. Their addresses will change the
7119 * Only when a remote device provides an identity address
7120 * make sure the long term key is stored. If the remote
7121 * identity is known, the long term keys are internally
7122 * mapped to the identity address. So allow static random
7123 * and public addresses here.
7125 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7126 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7127 ev.store_hint = 0x00;
7129 ev.store_hint = persistent;
7131 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7132 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7133 ev.key.type = mgmt_ltk_type(key);
7134 ev.key.enc_size = key->enc_size;
7135 ev.key.ediv = key->ediv;
7136 ev.key.rand = key->rand;
7138 if (key->type == SMP_LTK)
7141 memcpy(ev.key.val, key->val, sizeof(key->val));
7143 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7146 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
7148 struct mgmt_ev_new_irk ev;
7150 memset(&ev, 0, sizeof(ev));
7152 /* For identity resolving keys from devices that are already
7153 * using a public address or static random address, do not
7154 * ask for storing this key. The identity resolving key really
7155 * is only mandatory for devices using resovlable random
7158 * Storing all identity resolving keys has the downside that
7159 * they will be also loaded on next boot of they system. More
7160 * identity resolving keys, means more time during scanning is
7161 * needed to actually resolve these addresses.
7163 if (bacmp(&irk->rpa, BDADDR_ANY))
7164 ev.store_hint = 0x01;
7166 ev.store_hint = 0x00;
7168 bacpy(&ev.rpa, &irk->rpa);
7169 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7170 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7171 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7173 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7176 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7179 struct mgmt_ev_new_csrk ev;
7181 memset(&ev, 0, sizeof(ev));
7183 /* Devices using resolvable or non-resolvable random addresses
7184 * without providing an indentity resolving key don't require
7185 * to store signature resolving keys. Their addresses will change
7186 * the next time around.
7188 * Only when a remote device provides an identity address
7189 * make sure the signature resolving key is stored. So allow
7190 * static random and public addresses here.
7192 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7193 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7194 ev.store_hint = 0x00;
7196 ev.store_hint = persistent;
7198 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7199 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7200 ev.key.type = csrk->type;
7201 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7203 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7206 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7207 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7208 u16 max_interval, u16 latency, u16 timeout)
7210 struct mgmt_ev_new_conn_param ev;
7212 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7215 memset(&ev, 0, sizeof(ev));
7216 bacpy(&ev.addr.bdaddr, bdaddr);
7217 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7218 ev.store_hint = store_hint;
7219 ev.min_interval = cpu_to_le16(min_interval);
7220 ev.max_interval = cpu_to_le16(max_interval);
7221 ev.latency = cpu_to_le16(latency);
7222 ev.timeout = cpu_to_le16(timeout);
7224 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7227 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7228 u32 flags, u8 *name, u8 name_len)
7231 struct mgmt_ev_device_connected *ev = (void *) buf;
7234 bacpy(&ev->addr.bdaddr, &conn->dst);
7235 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7237 ev->flags = __cpu_to_le32(flags);
7239 /* We must ensure that the EIR Data fields are ordered and
7240 * unique. Keep it simple for now and avoid the problem by not
7241 * adding any BR/EDR data to the LE adv.
7243 if (conn->le_adv_data_len > 0) {
7244 memcpy(&ev->eir[eir_len],
7245 conn->le_adv_data, conn->le_adv_data_len);
7246 eir_len = conn->le_adv_data_len;
7249 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7252 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7253 eir_len = eir_append_data(ev->eir, eir_len,
7255 conn->dev_class, 3);
7258 ev->eir_len = cpu_to_le16(eir_len);
7260 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7261 sizeof(*ev) + eir_len, NULL);
7264 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7266 struct sock **sk = data;
7268 cmd->cmd_complete(cmd, 0);
7273 mgmt_pending_remove(cmd);
7276 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7278 struct hci_dev *hdev = data;
7279 struct mgmt_cp_unpair_device *cp = cmd->param;
7281 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7283 cmd->cmd_complete(cmd, 0);
7284 mgmt_pending_remove(cmd);
7287 bool mgmt_powering_down(struct hci_dev *hdev)
7289 struct mgmt_pending_cmd *cmd;
7290 struct mgmt_mode *cp;
7292 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7303 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7304 u8 link_type, u8 addr_type, u8 reason,
7305 bool mgmt_connected)
7307 struct mgmt_ev_device_disconnected ev;
7308 struct sock *sk = NULL;
7310 /* The connection is still in hci_conn_hash so test for 1
7311 * instead of 0 to know if this is the last one.
7313 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7314 cancel_delayed_work(&hdev->power_off);
7315 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7318 if (!mgmt_connected)
7321 if (link_type != ACL_LINK && link_type != LE_LINK)
7324 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
7326 bacpy(&ev.addr.bdaddr, bdaddr);
7327 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7330 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
7335 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7339 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7340 u8 link_type, u8 addr_type, u8 status)
7342 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7343 struct mgmt_cp_disconnect *cp;
7344 struct mgmt_pending_cmd *cmd;
7346 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7349 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
7355 if (bacmp(bdaddr, &cp->addr.bdaddr))
7358 if (cp->addr.type != bdaddr_type)
7361 cmd->cmd_complete(cmd, mgmt_status(status));
7362 mgmt_pending_remove(cmd);
7365 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7366 u8 addr_type, u8 status)
7368 struct mgmt_ev_connect_failed ev;
7370 /* The connection is still in hci_conn_hash so test for 1
7371 * instead of 0 to know if this is the last one.
7373 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7374 cancel_delayed_work(&hdev->power_off);
7375 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7378 bacpy(&ev.addr.bdaddr, bdaddr);
7379 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7380 ev.status = mgmt_status(status);
7382 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7385 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7387 struct mgmt_ev_pin_code_request ev;
7389 bacpy(&ev.addr.bdaddr, bdaddr);
7390 ev.addr.type = BDADDR_BREDR;
7393 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7396 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7399 struct mgmt_pending_cmd *cmd;
7401 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7405 cmd->cmd_complete(cmd, mgmt_status(status));
7406 mgmt_pending_remove(cmd);
7409 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7412 struct mgmt_pending_cmd *cmd;
7414 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7418 cmd->cmd_complete(cmd, mgmt_status(status));
7419 mgmt_pending_remove(cmd);
7422 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7423 u8 link_type, u8 addr_type, u32 value,
7426 struct mgmt_ev_user_confirm_request ev;
7428 BT_DBG("%s", hdev->name);
7430 bacpy(&ev.addr.bdaddr, bdaddr);
7431 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7432 ev.confirm_hint = confirm_hint;
7433 ev.value = cpu_to_le32(value);
7435 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7439 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7440 u8 link_type, u8 addr_type)
7442 struct mgmt_ev_user_passkey_request ev;
7444 BT_DBG("%s", hdev->name);
7446 bacpy(&ev.addr.bdaddr, bdaddr);
7447 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7449 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7453 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7454 u8 link_type, u8 addr_type, u8 status,
7457 struct mgmt_pending_cmd *cmd;
7459 cmd = pending_find(opcode, hdev);
7463 cmd->cmd_complete(cmd, mgmt_status(status));
7464 mgmt_pending_remove(cmd);
7469 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7470 u8 link_type, u8 addr_type, u8 status)
7472 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7473 status, MGMT_OP_USER_CONFIRM_REPLY);
7476 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7477 u8 link_type, u8 addr_type, u8 status)
7479 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7481 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7484 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7485 u8 link_type, u8 addr_type, u8 status)
7487 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7488 status, MGMT_OP_USER_PASSKEY_REPLY);
7491 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7492 u8 link_type, u8 addr_type, u8 status)
7494 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7496 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7499 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7500 u8 link_type, u8 addr_type, u32 passkey,
7503 struct mgmt_ev_passkey_notify ev;
7505 BT_DBG("%s", hdev->name);
7507 bacpy(&ev.addr.bdaddr, bdaddr);
7508 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7509 ev.passkey = __cpu_to_le32(passkey);
7510 ev.entered = entered;
7512 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7515 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7517 struct mgmt_ev_auth_failed ev;
7518 struct mgmt_pending_cmd *cmd;
7519 u8 status = mgmt_status(hci_status);
7521 bacpy(&ev.addr.bdaddr, &conn->dst);
7522 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7525 cmd = find_pairing(conn);
7527 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7528 cmd ? cmd->sk : NULL);
7531 cmd->cmd_complete(cmd, status);
7532 mgmt_pending_remove(cmd);
7536 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7538 struct cmd_lookup match = { NULL, hdev };
7542 u8 mgmt_err = mgmt_status(status);
7543 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7544 cmd_status_rsp, &mgmt_err);
7548 if (test_bit(HCI_AUTH, &hdev->flags))
7549 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7551 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7553 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7557 new_settings(hdev, match.sk);
7563 static void clear_eir(struct hci_request *req)
7565 struct hci_dev *hdev = req->hdev;
7566 struct hci_cp_write_eir cp;
7568 if (!lmp_ext_inq_capable(hdev))
7571 memset(hdev->eir, 0, sizeof(hdev->eir));
7573 memset(&cp, 0, sizeof(cp));
7575 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7578 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7580 struct cmd_lookup match = { NULL, hdev };
7581 struct hci_request req;
7582 bool changed = false;
7585 u8 mgmt_err = mgmt_status(status);
7587 if (enable && hci_dev_test_and_clear_flag(hdev,
7589 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7590 new_settings(hdev, NULL);
7593 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7599 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7601 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7603 changed = hci_dev_test_and_clear_flag(hdev,
7606 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7609 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7612 new_settings(hdev, match.sk);
7617 hci_req_init(&req, hdev);
7619 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7620 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7621 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7622 sizeof(enable), &enable);
7628 hci_req_run(&req, NULL);
7631 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7633 struct cmd_lookup *match = data;
7635 if (match->sk == NULL) {
7636 match->sk = cmd->sk;
7637 sock_hold(match->sk);
7641 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7644 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7646 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7647 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7648 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7651 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7652 dev_class, 3, NULL);
7658 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7660 struct mgmt_cp_set_local_name ev;
7661 struct mgmt_pending_cmd *cmd;
7666 memset(&ev, 0, sizeof(ev));
7667 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7668 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7670 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7672 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7674 /* If this is a HCI command related to powering on the
7675 * HCI dev don't send any mgmt signals.
7677 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7681 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7682 cmd ? cmd->sk : NULL);
7685 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
7686 u8 *rand192, u8 *hash256, u8 *rand256,
7689 struct mgmt_pending_cmd *cmd;
7691 BT_DBG("%s status %u", hdev->name, status);
7693 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
7698 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7699 mgmt_status(status));
7701 struct mgmt_rp_read_local_oob_data rp;
7702 size_t rp_size = sizeof(rp);
7704 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7705 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
7707 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
7708 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
7709 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
7711 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
7714 mgmt_cmd_complete(cmd->sk, hdev->id,
7715 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7719 mgmt_pending_remove(cmd);
7722 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7726 for (i = 0; i < uuid_count; i++) {
7727 if (!memcmp(uuid, uuids[i], 16))
7734 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7738 while (parsed < eir_len) {
7739 u8 field_len = eir[0];
7746 if (eir_len - parsed < field_len + 1)
7750 case EIR_UUID16_ALL:
7751 case EIR_UUID16_SOME:
7752 for (i = 0; i + 3 <= field_len; i += 2) {
7753 memcpy(uuid, bluetooth_base_uuid, 16);
7754 uuid[13] = eir[i + 3];
7755 uuid[12] = eir[i + 2];
7756 if (has_uuid(uuid, uuid_count, uuids))
7760 case EIR_UUID32_ALL:
7761 case EIR_UUID32_SOME:
7762 for (i = 0; i + 5 <= field_len; i += 4) {
7763 memcpy(uuid, bluetooth_base_uuid, 16);
7764 uuid[15] = eir[i + 5];
7765 uuid[14] = eir[i + 4];
7766 uuid[13] = eir[i + 3];
7767 uuid[12] = eir[i + 2];
7768 if (has_uuid(uuid, uuid_count, uuids))
7772 case EIR_UUID128_ALL:
7773 case EIR_UUID128_SOME:
7774 for (i = 0; i + 17 <= field_len; i += 16) {
7775 memcpy(uuid, eir + i + 2, 16);
7776 if (has_uuid(uuid, uuid_count, uuids))
7782 parsed += field_len + 1;
7783 eir += field_len + 1;
7789 static void restart_le_scan(struct hci_dev *hdev)
7791 /* If controller is not scanning we are done. */
7792 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7795 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7796 hdev->discovery.scan_start +
7797 hdev->discovery.scan_duration))
7800 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7801 DISCOV_LE_RESTART_DELAY);
7804 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7805 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7807 /* If a RSSI threshold has been specified, and
7808 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7809 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7810 * is set, let it through for further processing, as we might need to
7813 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7814 * the results are also dropped.
7816 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7817 (rssi == HCI_RSSI_INVALID ||
7818 (rssi < hdev->discovery.rssi &&
7819 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7822 if (hdev->discovery.uuid_count != 0) {
7823 /* If a list of UUIDs is provided in filter, results with no
7824 * matching UUID should be dropped.
7826 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7827 hdev->discovery.uuids) &&
7828 !eir_has_uuids(scan_rsp, scan_rsp_len,
7829 hdev->discovery.uuid_count,
7830 hdev->discovery.uuids))
7834 /* If duplicate filtering does not report RSSI changes, then restart
7835 * scanning to ensure updated result with updated RSSI values.
7837 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7838 restart_le_scan(hdev);
7840 /* Validate RSSI value against the RSSI threshold once more. */
7841 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7842 rssi < hdev->discovery.rssi)
7849 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7850 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7851 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7854 struct mgmt_ev_device_found *ev = (void *)buf;
7857 /* Don't send events for a non-kernel initiated discovery. With
7858 * LE one exception is if we have pend_le_reports > 0 in which
7859 * case we're doing passive scanning and want these events.
7861 if (!hci_discovery_active(hdev)) {
7862 if (link_type == ACL_LINK)
7864 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7868 if (hdev->discovery.result_filtering) {
7869 /* We are using service discovery */
7870 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7875 /* Make sure that the buffer is big enough. The 5 extra bytes
7876 * are for the potential CoD field.
7878 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7881 memset(buf, 0, sizeof(buf));
7883 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7884 * RSSI value was reported as 0 when not available. This behavior
7885 * is kept when using device discovery. This is required for full
7886 * backwards compatibility with the API.
7888 * However when using service discovery, the value 127 will be
7889 * returned when the RSSI is not available.
7891 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7892 link_type == ACL_LINK)
7895 bacpy(&ev->addr.bdaddr, bdaddr);
7896 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7898 ev->flags = cpu_to_le32(flags);
7901 /* Copy EIR or advertising data into event */
7902 memcpy(ev->eir, eir, eir_len);
7904 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7905 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7908 if (scan_rsp_len > 0)
7909 /* Append scan response data to event */
7910 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7912 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7913 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7915 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7918 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7919 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7921 struct mgmt_ev_device_found *ev;
7922 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7925 ev = (struct mgmt_ev_device_found *) buf;
7927 memset(buf, 0, sizeof(buf));
7929 bacpy(&ev->addr.bdaddr, bdaddr);
7930 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7933 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7936 ev->eir_len = cpu_to_le16(eir_len);
7938 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7941 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7943 struct mgmt_ev_discovering ev;
7945 BT_DBG("%s discovering %u", hdev->name, discovering);
7947 memset(&ev, 0, sizeof(ev));
7948 ev.type = hdev->discovery.type;
7949 ev.discovering = discovering;
7951 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7954 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7956 BT_DBG("%s status %u", hdev->name, status);
7959 void mgmt_reenable_advertising(struct hci_dev *hdev)
7961 struct hci_request req;
7963 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
7964 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
7967 hci_req_init(&req, hdev);
7968 enable_advertising(&req);
7969 hci_req_run(&req, adv_enable_complete);
7972 static struct hci_mgmt_chan chan = {
7973 .channel = HCI_CHANNEL_CONTROL,
7974 .handler_count = ARRAY_SIZE(mgmt_handlers),
7975 .handlers = mgmt_handlers,
7976 .hdev_init = mgmt_init_hdev,
7981 return hci_mgmt_chan_register(&chan);
7984 void mgmt_exit(void)
7986 hci_mgmt_chan_unregister(&chan);
projects / firefly-linux-kernel-4.4.55.git / blob