2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 10
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
107 static const u16 mgmt_events[] = {
108 MGMT_EV_CONTROLLER_ERROR,
110 MGMT_EV_INDEX_REMOVED,
111 MGMT_EV_NEW_SETTINGS,
112 MGMT_EV_CLASS_OF_DEV_CHANGED,
113 MGMT_EV_LOCAL_NAME_CHANGED,
114 MGMT_EV_NEW_LINK_KEY,
115 MGMT_EV_NEW_LONG_TERM_KEY,
116 MGMT_EV_DEVICE_CONNECTED,
117 MGMT_EV_DEVICE_DISCONNECTED,
118 MGMT_EV_CONNECT_FAILED,
119 MGMT_EV_PIN_CODE_REQUEST,
120 MGMT_EV_USER_CONFIRM_REQUEST,
121 MGMT_EV_USER_PASSKEY_REQUEST,
123 MGMT_EV_DEVICE_FOUND,
125 MGMT_EV_DEVICE_BLOCKED,
126 MGMT_EV_DEVICE_UNBLOCKED,
127 MGMT_EV_DEVICE_UNPAIRED,
128 MGMT_EV_PASSKEY_NOTIFY,
131 MGMT_EV_DEVICE_ADDED,
132 MGMT_EV_DEVICE_REMOVED,
133 MGMT_EV_NEW_CONN_PARAM,
134 MGMT_EV_UNCONF_INDEX_ADDED,
135 MGMT_EV_UNCONF_INDEX_REMOVED,
136 MGMT_EV_NEW_CONFIG_OPTIONS,
137 MGMT_EV_EXT_INDEX_ADDED,
138 MGMT_EV_EXT_INDEX_REMOVED,
139 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
140 MGMT_EV_ADVERTISING_ADDED,
141 MGMT_EV_ADVERTISING_REMOVED,
144 static const u16 mgmt_untrusted_commands[] = {
145 MGMT_OP_READ_INDEX_LIST,
147 MGMT_OP_READ_UNCONF_INDEX_LIST,
148 MGMT_OP_READ_CONFIG_INFO,
149 MGMT_OP_READ_EXT_INDEX_LIST,
152 static const u16 mgmt_untrusted_events[] = {
154 MGMT_EV_INDEX_REMOVED,
155 MGMT_EV_NEW_SETTINGS,
156 MGMT_EV_CLASS_OF_DEV_CHANGED,
157 MGMT_EV_LOCAL_NAME_CHANGED,
158 MGMT_EV_UNCONF_INDEX_ADDED,
159 MGMT_EV_UNCONF_INDEX_REMOVED,
160 MGMT_EV_NEW_CONFIG_OPTIONS,
161 MGMT_EV_EXT_INDEX_ADDED,
162 MGMT_EV_EXT_INDEX_REMOVED,
165 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
167 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
168 "\x00\x00\x00\x00\x00\x00\x00\x00"
170 /* HCI to MGMT error code conversion table */
171 static u8 mgmt_status_table[] = {
173 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
174 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
175 MGMT_STATUS_FAILED, /* Hardware Failure */
176 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
177 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
178 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
179 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
180 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
181 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
183 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
184 MGMT_STATUS_BUSY, /* Command Disallowed */
185 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
186 MGMT_STATUS_REJECTED, /* Rejected Security */
187 MGMT_STATUS_REJECTED, /* Rejected Personal */
188 MGMT_STATUS_TIMEOUT, /* Host Timeout */
189 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
190 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
191 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
192 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
193 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
194 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
195 MGMT_STATUS_BUSY, /* Repeated Attempts */
196 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
197 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
198 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
199 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
200 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
201 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
202 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
203 MGMT_STATUS_FAILED, /* Unspecified Error */
204 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
205 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
206 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
207 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
208 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
209 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
210 MGMT_STATUS_FAILED, /* Unit Link Key Used */
211 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
212 MGMT_STATUS_TIMEOUT, /* Instant Passed */
213 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
214 MGMT_STATUS_FAILED, /* Transaction Collision */
215 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
216 MGMT_STATUS_REJECTED, /* QoS Rejected */
217 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
218 MGMT_STATUS_REJECTED, /* Insufficient Security */
219 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
220 MGMT_STATUS_BUSY, /* Role Switch Pending */
221 MGMT_STATUS_FAILED, /* Slot Violation */
222 MGMT_STATUS_FAILED, /* Role Switch Failed */
223 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
224 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
225 MGMT_STATUS_BUSY, /* Host Busy Pairing */
226 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
227 MGMT_STATUS_BUSY, /* Controller Busy */
228 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
229 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
230 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
231 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
232 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
235 static u8 mgmt_status(u8 hci_status)
237 if (hci_status < ARRAY_SIZE(mgmt_status_table))
238 return mgmt_status_table[hci_status];
240 return MGMT_STATUS_FAILED;
243 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
246 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
250 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag, struct sock *skip_sk)
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, struct sock *skip_sk)
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 HCI_MGMT_GENERIC_EVENTS, skip_sk);
264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
271 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
274 struct mgmt_rp_read_version rp;
276 BT_DBG("sock %p", sk);
278 rp.version = MGMT_VERSION;
279 rp.revision = cpu_to_le16(MGMT_REVISION);
281 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
285 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
288 struct mgmt_rp_read_commands *rp;
289 u16 num_commands, num_events;
293 BT_DBG("sock %p", sk);
295 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
296 num_commands = ARRAY_SIZE(mgmt_commands);
297 num_events = ARRAY_SIZE(mgmt_events);
299 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
300 num_events = ARRAY_SIZE(mgmt_untrusted_events);
303 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
305 rp = kmalloc(rp_size, GFP_KERNEL);
309 rp->num_commands = cpu_to_le16(num_commands);
310 rp->num_events = cpu_to_le16(num_events);
312 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
313 __le16 *opcode = rp->opcodes;
315 for (i = 0; i < num_commands; i++, opcode++)
316 put_unaligned_le16(mgmt_commands[i], opcode);
318 for (i = 0; i < num_events; i++, opcode++)
319 put_unaligned_le16(mgmt_events[i], opcode);
321 __le16 *opcode = rp->opcodes;
323 for (i = 0; i < num_commands; i++, opcode++)
324 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
326 for (i = 0; i < num_events; i++, opcode++)
327 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
330 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
337 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
340 struct mgmt_rp_read_index_list *rp;
346 BT_DBG("sock %p", sk);
348 read_lock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (d->dev_type == HCI_BREDR &&
353 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
357 rp_len = sizeof(*rp) + (2 * count);
358 rp = kmalloc(rp_len, GFP_ATOMIC);
360 read_unlock(&hci_dev_list_lock);
365 list_for_each_entry(d, &hci_dev_list, list) {
366 if (hci_dev_test_flag(d, HCI_SETUP) ||
367 hci_dev_test_flag(d, HCI_CONFIG) ||
368 hci_dev_test_flag(d, HCI_USER_CHANNEL))
371 /* Devices marked as raw-only are neither configured
372 * nor unconfigured controllers.
374 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
377 if (d->dev_type == HCI_BREDR &&
378 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
379 rp->index[count++] = cpu_to_le16(d->id);
380 BT_DBG("Added hci%u", d->id);
384 rp->num_controllers = cpu_to_le16(count);
385 rp_len = sizeof(*rp) + (2 * count);
387 read_unlock(&hci_dev_list_lock);
389 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
397 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
398 void *data, u16 data_len)
400 struct mgmt_rp_read_unconf_index_list *rp;
406 BT_DBG("sock %p", sk);
408 read_lock(&hci_dev_list_lock);
411 list_for_each_entry(d, &hci_dev_list, list) {
412 if (d->dev_type == HCI_BREDR &&
413 hci_dev_test_flag(d, HCI_UNCONFIGURED))
417 rp_len = sizeof(*rp) + (2 * count);
418 rp = kmalloc(rp_len, GFP_ATOMIC);
420 read_unlock(&hci_dev_list_lock);
425 list_for_each_entry(d, &hci_dev_list, list) {
426 if (hci_dev_test_flag(d, HCI_SETUP) ||
427 hci_dev_test_flag(d, HCI_CONFIG) ||
428 hci_dev_test_flag(d, HCI_USER_CHANNEL))
431 /* Devices marked as raw-only are neither configured
432 * nor unconfigured controllers.
434 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
437 if (d->dev_type == HCI_BREDR &&
438 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
439 rp->index[count++] = cpu_to_le16(d->id);
440 BT_DBG("Added hci%u", d->id);
444 rp->num_controllers = cpu_to_le16(count);
445 rp_len = sizeof(*rp) + (2 * count);
447 read_unlock(&hci_dev_list_lock);
449 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
450 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
457 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
458 void *data, u16 data_len)
460 struct mgmt_rp_read_ext_index_list *rp;
466 BT_DBG("sock %p", sk);
468 read_lock(&hci_dev_list_lock);
471 list_for_each_entry(d, &hci_dev_list, list) {
472 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
476 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
477 rp = kmalloc(rp_len, GFP_ATOMIC);
479 read_unlock(&hci_dev_list_lock);
484 list_for_each_entry(d, &hci_dev_list, list) {
485 if (hci_dev_test_flag(d, HCI_SETUP) ||
486 hci_dev_test_flag(d, HCI_CONFIG) ||
487 hci_dev_test_flag(d, HCI_USER_CHANNEL))
490 /* Devices marked as raw-only are neither configured
491 * nor unconfigured controllers.
493 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
496 if (d->dev_type == HCI_BREDR) {
497 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
498 rp->entry[count].type = 0x01;
500 rp->entry[count].type = 0x00;
501 } else if (d->dev_type == HCI_AMP) {
502 rp->entry[count].type = 0x02;
507 rp->entry[count].bus = d->bus;
508 rp->entry[count++].index = cpu_to_le16(d->id);
509 BT_DBG("Added hci%u", d->id);
512 rp->num_controllers = cpu_to_le16(count);
513 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
515 read_unlock(&hci_dev_list_lock);
517 /* If this command is called at least once, then all the
518 * default index and unconfigured index events are disabled
519 * and from now on only extended index events are used.
521 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
522 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
523 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
525 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
526 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
533 static bool is_configured(struct hci_dev *hdev)
535 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
536 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
539 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
540 !bacmp(&hdev->public_addr, BDADDR_ANY))
546 static __le32 get_missing_options(struct hci_dev *hdev)
550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
552 options |= MGMT_OPTION_EXTERNAL_CONFIG;
554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
556 options |= MGMT_OPTION_PUBLIC_ADDRESS;
558 return cpu_to_le32(options);
561 static int new_options(struct hci_dev *hdev, struct sock *skip)
563 __le32 options = get_missing_options(hdev);
565 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
566 sizeof(options), skip);
569 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
571 __le32 options = get_missing_options(hdev);
573 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
577 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
578 void *data, u16 data_len)
580 struct mgmt_rp_read_config_info rp;
583 BT_DBG("sock %p %s", sk, hdev->name);
587 memset(&rp, 0, sizeof(rp));
588 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
590 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
591 options |= MGMT_OPTION_EXTERNAL_CONFIG;
593 if (hdev->set_bdaddr)
594 options |= MGMT_OPTION_PUBLIC_ADDRESS;
596 rp.supported_options = cpu_to_le32(options);
597 rp.missing_options = get_missing_options(hdev);
599 hci_dev_unlock(hdev);
601 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
605 static u32 get_supported_settings(struct hci_dev *hdev)
609 settings |= MGMT_SETTING_POWERED;
610 settings |= MGMT_SETTING_BONDABLE;
611 settings |= MGMT_SETTING_DEBUG_KEYS;
612 settings |= MGMT_SETTING_CONNECTABLE;
613 settings |= MGMT_SETTING_DISCOVERABLE;
615 if (lmp_bredr_capable(hdev)) {
616 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
617 settings |= MGMT_SETTING_FAST_CONNECTABLE;
618 settings |= MGMT_SETTING_BREDR;
619 settings |= MGMT_SETTING_LINK_SECURITY;
621 if (lmp_ssp_capable(hdev)) {
622 settings |= MGMT_SETTING_SSP;
623 settings |= MGMT_SETTING_HS;
626 if (lmp_sc_capable(hdev))
627 settings |= MGMT_SETTING_SECURE_CONN;
630 if (lmp_le_capable(hdev)) {
631 settings |= MGMT_SETTING_LE;
632 settings |= MGMT_SETTING_ADVERTISING;
633 settings |= MGMT_SETTING_SECURE_CONN;
634 settings |= MGMT_SETTING_PRIVACY;
635 settings |= MGMT_SETTING_STATIC_ADDRESS;
638 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
640 settings |= MGMT_SETTING_CONFIGURATION;
645 static u32 get_current_settings(struct hci_dev *hdev)
649 if (hdev_is_powered(hdev))
650 settings |= MGMT_SETTING_POWERED;
652 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
653 settings |= MGMT_SETTING_CONNECTABLE;
655 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
656 settings |= MGMT_SETTING_FAST_CONNECTABLE;
658 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
659 settings |= MGMT_SETTING_DISCOVERABLE;
661 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
662 settings |= MGMT_SETTING_BONDABLE;
664 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
665 settings |= MGMT_SETTING_BREDR;
667 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
668 settings |= MGMT_SETTING_LE;
670 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
671 settings |= MGMT_SETTING_LINK_SECURITY;
673 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
674 settings |= MGMT_SETTING_SSP;
676 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
677 settings |= MGMT_SETTING_HS;
679 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
680 settings |= MGMT_SETTING_ADVERTISING;
682 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
683 settings |= MGMT_SETTING_SECURE_CONN;
685 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
686 settings |= MGMT_SETTING_DEBUG_KEYS;
688 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
689 settings |= MGMT_SETTING_PRIVACY;
691 /* The current setting for static address has two purposes. The
692 * first is to indicate if the static address will be used and
693 * the second is to indicate if it is actually set.
695 * This means if the static address is not configured, this flag
696 * will never be set. If the address is configured, then if the
697 * address is actually used decides if the flag is set or not.
699 * For single mode LE only controllers and dual-mode controllers
700 * with BR/EDR disabled, the existence of the static address will
703 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
704 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
705 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
706 if (bacmp(&hdev->static_addr, BDADDR_ANY))
707 settings |= MGMT_SETTING_STATIC_ADDRESS;
713 #define PNP_INFO_SVCLASS_ID 0x1200
715 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
717 u8 *ptr = data, *uuids_start = NULL;
718 struct bt_uuid *uuid;
723 list_for_each_entry(uuid, &hdev->uuids, list) {
726 if (uuid->size != 16)
729 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
733 if (uuid16 == PNP_INFO_SVCLASS_ID)
739 uuids_start[1] = EIR_UUID16_ALL;
743 /* Stop if not enough space to put next UUID */
744 if ((ptr - data) + sizeof(u16) > len) {
745 uuids_start[1] = EIR_UUID16_SOME;
749 *ptr++ = (uuid16 & 0x00ff);
750 *ptr++ = (uuid16 & 0xff00) >> 8;
751 uuids_start[0] += sizeof(uuid16);
757 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
759 u8 *ptr = data, *uuids_start = NULL;
760 struct bt_uuid *uuid;
765 list_for_each_entry(uuid, &hdev->uuids, list) {
766 if (uuid->size != 32)
772 uuids_start[1] = EIR_UUID32_ALL;
776 /* Stop if not enough space to put next UUID */
777 if ((ptr - data) + sizeof(u32) > len) {
778 uuids_start[1] = EIR_UUID32_SOME;
782 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
784 uuids_start[0] += sizeof(u32);
790 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
792 u8 *ptr = data, *uuids_start = NULL;
793 struct bt_uuid *uuid;
798 list_for_each_entry(uuid, &hdev->uuids, list) {
799 if (uuid->size != 128)
805 uuids_start[1] = EIR_UUID128_ALL;
809 /* Stop if not enough space to put next UUID */
810 if ((ptr - data) + 16 > len) {
811 uuids_start[1] = EIR_UUID128_SOME;
815 memcpy(ptr, uuid->uuid, 16);
817 uuids_start[0] += 16;
823 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
825 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
828 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
829 struct hci_dev *hdev,
832 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
835 static u8 get_current_adv_instance(struct hci_dev *hdev)
837 /* The "Set Advertising" setting supersedes the "Add Advertising"
838 * setting. Here we set the advertising data based on which
839 * setting was set. When neither apply, default to the global settings,
840 * represented by instance "0".
842 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
843 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
844 return hdev->cur_adv_instance;
849 static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
854 name_len = strlen(hdev->dev_name);
856 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
858 if (name_len > max_len) {
860 ptr[1] = EIR_NAME_SHORT;
862 ptr[1] = EIR_NAME_COMPLETE;
864 ptr[0] = name_len + 1;
866 memcpy(ptr + 2, hdev->dev_name, name_len);
868 ad_len += (name_len + 2);
869 ptr += (name_len + 2);
875 static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance,
878 struct adv_info *adv_instance;
880 adv_instance = hci_find_adv_instance(hdev, instance);
884 /* TODO: Set the appropriate entries based on advertising instance flags
885 * here once flags other than 0 are supported.
887 memcpy(ptr, adv_instance->scan_rsp_data,
888 adv_instance->scan_rsp_len);
890 return adv_instance->scan_rsp_len;
893 static void update_inst_scan_rsp_data(struct hci_request *req, u8 instance)
895 struct hci_dev *hdev = req->hdev;
896 struct hci_cp_le_set_scan_rsp_data cp;
899 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
902 memset(&cp, 0, sizeof(cp));
905 len = create_instance_scan_rsp_data(hdev, instance, cp.data);
907 len = create_default_scan_rsp_data(hdev, cp.data);
909 if (hdev->scan_rsp_data_len == len &&
910 !memcmp(cp.data, hdev->scan_rsp_data, len))
913 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
914 hdev->scan_rsp_data_len = len;
918 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
921 static void update_scan_rsp_data(struct hci_request *req)
923 update_inst_scan_rsp_data(req, get_current_adv_instance(req->hdev));
926 static u8 get_adv_discov_flags(struct hci_dev *hdev)
928 struct mgmt_pending_cmd *cmd;
930 /* If there's a pending mgmt command the flags will not yet have
931 * their final values, so check for this first.
933 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
935 struct mgmt_mode *cp = cmd->param;
937 return LE_AD_GENERAL;
938 else if (cp->val == 0x02)
939 return LE_AD_LIMITED;
941 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
942 return LE_AD_LIMITED;
943 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
944 return LE_AD_GENERAL;
950 static bool get_connectable(struct hci_dev *hdev)
952 struct mgmt_pending_cmd *cmd;
954 /* If there's a pending mgmt command the flag will not yet have
955 * it's final value, so check for this first.
957 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
959 struct mgmt_mode *cp = cmd->param;
964 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
967 static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
970 struct adv_info *adv_instance;
972 if (instance == 0x00) {
973 /* Instance 0 always manages the "Tx Power" and "Flags"
976 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
978 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting
979 * corresponds to the "connectable" instance flag.
981 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
982 flags |= MGMT_ADV_FLAG_CONNECTABLE;
987 adv_instance = hci_find_adv_instance(hdev, instance);
989 /* Return 0 when we got an invalid instance identifier. */
993 return adv_instance->flags;
996 static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev)
998 u8 instance = get_current_adv_instance(hdev);
999 struct adv_info *adv_instance;
1001 /* Ignore instance 0 */
1002 if (instance == 0x00)
1005 adv_instance = hci_find_adv_instance(hdev, instance);
1009 /* TODO: Take into account the "appearance" and "local-name" flags here.
1010 * These are currently being ignored as they are not supported.
1012 return adv_instance->scan_rsp_len;
1015 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
1017 struct adv_info *adv_instance = NULL;
1018 u8 ad_len = 0, flags = 0;
1021 /* Return 0 when the current instance identifier is invalid. */
1023 adv_instance = hci_find_adv_instance(hdev, instance);
1028 instance_flags = get_adv_instance_flags(hdev, instance);
1030 /* The Add Advertising command allows userspace to set both the general
1031 * and limited discoverable flags.
1033 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
1034 flags |= LE_AD_GENERAL;
1036 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
1037 flags |= LE_AD_LIMITED;
1039 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
1040 /* If a discovery flag wasn't provided, simply use the global
1044 flags |= get_adv_discov_flags(hdev);
1046 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1047 flags |= LE_AD_NO_BREDR;
1049 /* If flags would still be empty, then there is no need to
1050 * include the "Flags" AD field".
1063 memcpy(ptr, adv_instance->adv_data,
1064 adv_instance->adv_data_len);
1065 ad_len += adv_instance->adv_data_len;
1066 ptr += adv_instance->adv_data_len;
1069 /* Provide Tx Power only if we can provide a valid value for it */
1070 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
1071 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
1073 ptr[1] = EIR_TX_POWER;
1074 ptr[2] = (u8)hdev->adv_tx_power;
1083 static void update_inst_adv_data(struct hci_request *req, u8 instance)
1085 struct hci_dev *hdev = req->hdev;
1086 struct hci_cp_le_set_adv_data cp;
1089 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1092 memset(&cp, 0, sizeof(cp));
1094 len = create_instance_adv_data(hdev, instance, cp.data);
1096 /* There's nothing to do if the data hasn't changed */
1097 if (hdev->adv_data_len == len &&
1098 memcmp(cp.data, hdev->adv_data, len) == 0)
1101 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1102 hdev->adv_data_len = len;
1106 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1109 static void update_adv_data(struct hci_request *req)
1111 update_inst_adv_data(req, get_current_adv_instance(req->hdev));
1114 int mgmt_update_adv_data(struct hci_dev *hdev)
1116 struct hci_request req;
1118 hci_req_init(&req, hdev);
1119 update_adv_data(&req);
1121 return hci_req_run(&req, NULL);
1124 static void create_eir(struct hci_dev *hdev, u8 *data)
1129 name_len = strlen(hdev->dev_name);
1133 if (name_len > 48) {
1135 ptr[1] = EIR_NAME_SHORT;
1137 ptr[1] = EIR_NAME_COMPLETE;
1139 /* EIR Data length */
1140 ptr[0] = name_len + 1;
1142 memcpy(ptr + 2, hdev->dev_name, name_len);
1144 ptr += (name_len + 2);
1147 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
1149 ptr[1] = EIR_TX_POWER;
1150 ptr[2] = (u8) hdev->inq_tx_power;
1155 if (hdev->devid_source > 0) {
1157 ptr[1] = EIR_DEVICE_ID;
1159 put_unaligned_le16(hdev->devid_source, ptr + 2);
1160 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1161 put_unaligned_le16(hdev->devid_product, ptr + 6);
1162 put_unaligned_le16(hdev->devid_version, ptr + 8);
1167 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1168 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1169 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1172 static void update_eir(struct hci_request *req)
1174 struct hci_dev *hdev = req->hdev;
1175 struct hci_cp_write_eir cp;
1177 if (!hdev_is_powered(hdev))
1180 if (!lmp_ext_inq_capable(hdev))
1183 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1186 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1189 memset(&cp, 0, sizeof(cp));
1191 create_eir(hdev, cp.data);
1193 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
1196 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1198 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1201 static u8 get_service_classes(struct hci_dev *hdev)
1203 struct bt_uuid *uuid;
1206 list_for_each_entry(uuid, &hdev->uuids, list)
1207 val |= uuid->svc_hint;
1212 static void update_class(struct hci_request *req)
1214 struct hci_dev *hdev = req->hdev;
1217 BT_DBG("%s", hdev->name);
1219 if (!hdev_is_powered(hdev))
1222 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1225 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1228 cod[0] = hdev->minor_class;
1229 cod[1] = hdev->major_class;
1230 cod[2] = get_service_classes(hdev);
1232 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1235 if (memcmp(cod, hdev->dev_class, 3) == 0)
1238 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1241 static void disable_advertising(struct hci_request *req)
1245 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1248 static void enable_advertising(struct hci_request *req)
1250 struct hci_dev *hdev = req->hdev;
1251 struct hci_cp_le_set_adv_param cp;
1252 u8 own_addr_type, enable = 0x01;
1257 if (hci_conn_num(hdev, LE_LINK) > 0)
1260 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1261 disable_advertising(req);
1263 /* Clear the HCI_LE_ADV bit temporarily so that the
1264 * hci_update_random_address knows that it's safe to go ahead
1265 * and write a new random address. The flag will be set back on
1266 * as soon as the SET_ADV_ENABLE HCI command completes.
1268 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1270 instance = get_current_adv_instance(hdev);
1271 flags = get_adv_instance_flags(hdev, instance);
1273 /* If the "connectable" instance flag was not set, then choose between
1274 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1276 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1277 get_connectable(hdev);
1279 /* Set require_privacy to true only when non-connectable
1280 * advertising is used. In that case it is fine to use a
1281 * non-resolvable private address.
1283 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1286 memset(&cp, 0, sizeof(cp));
1287 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1288 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1291 cp.type = LE_ADV_IND;
1292 else if (get_cur_adv_instance_scan_rsp_len(hdev))
1293 cp.type = LE_ADV_SCAN_IND;
1295 cp.type = LE_ADV_NONCONN_IND;
1297 cp.own_address_type = own_addr_type;
1298 cp.channel_map = hdev->le_adv_channel_map;
1300 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1302 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1305 static void service_cache_off(struct work_struct *work)
1307 struct hci_dev *hdev = container_of(work, struct hci_dev,
1308 service_cache.work);
1309 struct hci_request req;
1311 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1314 hci_req_init(&req, hdev);
1321 hci_dev_unlock(hdev);
1323 hci_req_run(&req, NULL);
1326 static void rpa_expired(struct work_struct *work)
1328 struct hci_dev *hdev = container_of(work, struct hci_dev,
1330 struct hci_request req;
1334 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1336 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1339 /* The generation of a new RPA and programming it into the
1340 * controller happens in the enable_advertising() function.
1342 hci_req_init(&req, hdev);
1343 enable_advertising(&req);
1344 hci_req_run(&req, NULL);
1347 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1349 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
1352 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1353 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1355 /* Non-mgmt controlled devices get this bit set
1356 * implicitly so that pairing works for them, however
1357 * for mgmt we require user-space to explicitly enable
1360 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1363 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1364 void *data, u16 data_len)
1366 struct mgmt_rp_read_info rp;
1368 BT_DBG("sock %p %s", sk, hdev->name);
1372 memset(&rp, 0, sizeof(rp));
1374 bacpy(&rp.bdaddr, &hdev->bdaddr);
1376 rp.version = hdev->hci_ver;
1377 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1379 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1380 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1382 memcpy(rp.dev_class, hdev->dev_class, 3);
1384 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1385 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1387 hci_dev_unlock(hdev);
1389 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1393 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1395 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1397 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1401 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1403 BT_DBG("%s status 0x%02x", hdev->name, status);
1405 if (hci_conn_count(hdev) == 0) {
1406 cancel_delayed_work(&hdev->power_off);
1407 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1411 static bool hci_stop_discovery(struct hci_request *req)
1413 struct hci_dev *hdev = req->hdev;
1414 struct hci_cp_remote_name_req_cancel cp;
1415 struct inquiry_entry *e;
1417 switch (hdev->discovery.state) {
1418 case DISCOVERY_FINDING:
1419 if (test_bit(HCI_INQUIRY, &hdev->flags))
1420 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1422 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1423 cancel_delayed_work(&hdev->le_scan_disable);
1424 hci_req_add_le_scan_disable(req);
1429 case DISCOVERY_RESOLVING:
1430 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1435 bacpy(&cp.bdaddr, &e->data.bdaddr);
1436 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1442 /* Passive scanning */
1443 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1444 hci_req_add_le_scan_disable(req);
1454 static void advertising_added(struct sock *sk, struct hci_dev *hdev,
1457 struct mgmt_ev_advertising_added ev;
1459 ev.instance = instance;
1461 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1464 static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
1467 struct mgmt_ev_advertising_removed ev;
1469 ev.instance = instance;
1471 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1474 static int schedule_adv_instance(struct hci_request *req, u8 instance,
1476 struct hci_dev *hdev = req->hdev;
1477 struct adv_info *adv_instance = NULL;
1480 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1481 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1484 if (hdev->adv_instance_timeout)
1487 adv_instance = hci_find_adv_instance(hdev, instance);
1491 /* A zero timeout means unlimited advertising. As long as there is
1492 * only one instance, duration should be ignored. We still set a timeout
1493 * in case further instances are being added later on.
1495 * If the remaining lifetime of the instance is more than the duration
1496 * then the timeout corresponds to the duration, otherwise it will be
1497 * reduced to the remaining instance lifetime.
1499 if (adv_instance->timeout == 0 ||
1500 adv_instance->duration <= adv_instance->remaining_time)
1501 timeout = adv_instance->duration;
1503 timeout = adv_instance->remaining_time;
1505 /* The remaining time is being reduced unless the instance is being
1506 * advertised without time limit.
1508 if (adv_instance->timeout)
1509 adv_instance->remaining_time =
1510 adv_instance->remaining_time - timeout;
1512 hdev->adv_instance_timeout = timeout;
1513 queue_delayed_work(hdev->workqueue,
1514 &hdev->adv_instance_expire,
1515 msecs_to_jiffies(timeout * 1000));
1517 /* If we're just re-scheduling the same instance again then do not
1518 * execute any HCI commands. This happens when a single instance is
1521 if (!force && hdev->cur_adv_instance == instance &&
1522 hci_dev_test_flag(hdev, HCI_LE_ADV))
1525 hdev->cur_adv_instance = instance;
1526 update_adv_data(req);
1527 update_scan_rsp_data(req);
1528 enable_advertising(req);
1533 static void cancel_adv_timeout(struct hci_dev *hdev)
1535 if (hdev->adv_instance_timeout) {
1536 hdev->adv_instance_timeout = 0;
1537 cancel_delayed_work(&hdev->adv_instance_expire);
1541 /* For a single instance:
1542 * - force == true: The instance will be removed even when its remaining
1543 * lifetime is not zero.
1544 * - force == false: the instance will be deactivated but kept stored unless
1545 * the remaining lifetime is zero.
1547 * For instance == 0x00:
1548 * - force == true: All instances will be removed regardless of their timeout
1550 * - force == false: Only instances that have a timeout will be removed.
1552 static void clear_adv_instance(struct hci_dev *hdev, struct hci_request *req,
1553 u8 instance, bool force)
1555 struct adv_info *adv_instance, *n, *next_instance = NULL;
1559 /* Cancel any timeout concerning the removed instance(s). */
1560 if (!instance || hdev->cur_adv_instance == instance)
1561 cancel_adv_timeout(hdev);
1563 /* Get the next instance to advertise BEFORE we remove
1564 * the current one. This can be the same instance again
1565 * if there is only one instance.
1567 if (instance && hdev->cur_adv_instance == instance)
1568 next_instance = hci_get_next_instance(hdev, instance);
1570 if (instance == 0x00) {
1571 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances,
1573 if (!(force || adv_instance->timeout))
1576 rem_inst = adv_instance->instance;
1577 err = hci_remove_adv_instance(hdev, rem_inst);
1579 advertising_removed(NULL, hdev, rem_inst);
1581 hdev->cur_adv_instance = 0x00;
1583 adv_instance = hci_find_adv_instance(hdev, instance);
1585 if (force || (adv_instance && adv_instance->timeout &&
1586 !adv_instance->remaining_time)) {
1587 /* Don't advertise a removed instance. */
1588 if (next_instance &&
1589 next_instance->instance == instance)
1590 next_instance = NULL;
1592 err = hci_remove_adv_instance(hdev, instance);
1594 advertising_removed(NULL, hdev, instance);
1598 if (list_empty(&hdev->adv_instances)) {
1599 hdev->cur_adv_instance = 0x00;
1600 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
1603 if (!req || !hdev_is_powered(hdev) ||
1604 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1608 schedule_adv_instance(req, next_instance->instance, false);
1611 static int clean_up_hci_state(struct hci_dev *hdev)
1613 struct hci_request req;
1614 struct hci_conn *conn;
1615 bool discov_stopped;
1618 hci_req_init(&req, hdev);
1620 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1621 test_bit(HCI_PSCAN, &hdev->flags)) {
1623 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1626 clear_adv_instance(hdev, NULL, 0x00, false);
1628 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1629 disable_advertising(&req);
1631 discov_stopped = hci_stop_discovery(&req);
1633 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1634 struct hci_cp_disconnect dc;
1635 struct hci_cp_reject_conn_req rej;
1637 switch (conn->state) {
1640 dc.handle = cpu_to_le16(conn->handle);
1641 dc.reason = 0x15; /* Terminated due to Power Off */
1642 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1645 if (conn->type == LE_LINK)
1646 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1648 else if (conn->type == ACL_LINK)
1649 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1653 bacpy(&rej.bdaddr, &conn->dst);
1654 rej.reason = 0x15; /* Terminated due to Power Off */
1655 if (conn->type == ACL_LINK)
1656 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1658 else if (conn->type == SCO_LINK)
1659 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1665 err = hci_req_run(&req, clean_up_hci_complete);
1666 if (!err && discov_stopped)
1667 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1672 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1675 struct mgmt_mode *cp = data;
1676 struct mgmt_pending_cmd *cmd;
1679 BT_DBG("request for %s", hdev->name);
1681 if (cp->val != 0x00 && cp->val != 0x01)
1682 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1683 MGMT_STATUS_INVALID_PARAMS);
1687 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1688 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1693 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
1694 cancel_delayed_work(&hdev->power_off);
1697 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1699 err = mgmt_powered(hdev, 1);
1704 if (!!cp->val == hdev_is_powered(hdev)) {
1705 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1709 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1716 queue_work(hdev->req_workqueue, &hdev->power_on);
1719 /* Disconnect connections, stop scans, etc */
1720 err = clean_up_hci_state(hdev);
1722 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1723 HCI_POWER_OFF_TIMEOUT);
1725 /* ENODATA means there were no HCI commands queued */
1726 if (err == -ENODATA) {
1727 cancel_delayed_work(&hdev->power_off);
1728 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1734 hci_dev_unlock(hdev);
1738 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1740 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1742 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1746 int mgmt_new_settings(struct hci_dev *hdev)
1748 return new_settings(hdev, NULL);
1753 struct hci_dev *hdev;
1757 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1759 struct cmd_lookup *match = data;
1761 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1763 list_del(&cmd->list);
1765 if (match->sk == NULL) {
1766 match->sk = cmd->sk;
1767 sock_hold(match->sk);
1770 mgmt_pending_free(cmd);
1773 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1777 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1778 mgmt_pending_remove(cmd);
1781 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1783 if (cmd->cmd_complete) {
1786 cmd->cmd_complete(cmd, *status);
1787 mgmt_pending_remove(cmd);
1792 cmd_status_rsp(cmd, data);
1795 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1797 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1798 cmd->param, cmd->param_len);
1801 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1803 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1804 cmd->param, sizeof(struct mgmt_addr_info));
1807 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1809 if (!lmp_bredr_capable(hdev))
1810 return MGMT_STATUS_NOT_SUPPORTED;
1811 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1812 return MGMT_STATUS_REJECTED;
1814 return MGMT_STATUS_SUCCESS;
1817 static u8 mgmt_le_support(struct hci_dev *hdev)
1819 if (!lmp_le_capable(hdev))
1820 return MGMT_STATUS_NOT_SUPPORTED;
1821 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1822 return MGMT_STATUS_REJECTED;
1824 return MGMT_STATUS_SUCCESS;
1827 static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1830 struct mgmt_pending_cmd *cmd;
1831 struct mgmt_mode *cp;
1832 struct hci_request req;
1835 BT_DBG("status 0x%02x", status);
1839 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1844 u8 mgmt_err = mgmt_status(status);
1845 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1846 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1852 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
1854 if (hdev->discov_timeout > 0) {
1855 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1856 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1860 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
1863 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1866 new_settings(hdev, cmd->sk);
1868 /* When the discoverable mode gets changed, make sure
1869 * that class of device has the limited discoverable
1870 * bit correctly set. Also update page scan based on whitelist
1873 hci_req_init(&req, hdev);
1874 __hci_update_page_scan(&req);
1876 hci_req_run(&req, NULL);
1879 mgmt_pending_remove(cmd);
1882 hci_dev_unlock(hdev);
1885 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1888 struct mgmt_cp_set_discoverable *cp = data;
1889 struct mgmt_pending_cmd *cmd;
1890 struct hci_request req;
1895 BT_DBG("request for %s", hdev->name);
1897 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1898 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1899 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1900 MGMT_STATUS_REJECTED);
1902 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1903 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1904 MGMT_STATUS_INVALID_PARAMS);
1906 timeout = __le16_to_cpu(cp->timeout);
1908 /* Disabling discoverable requires that no timeout is set,
1909 * and enabling limited discoverable requires a timeout.
1911 if ((cp->val == 0x00 && timeout > 0) ||
1912 (cp->val == 0x02 && timeout == 0))
1913 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1914 MGMT_STATUS_INVALID_PARAMS);
1918 if (!hdev_is_powered(hdev) && timeout > 0) {
1919 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1920 MGMT_STATUS_NOT_POWERED);
1924 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1925 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1926 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1931 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1932 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1933 MGMT_STATUS_REJECTED);
1937 if (!hdev_is_powered(hdev)) {
1938 bool changed = false;
1940 /* Setting limited discoverable when powered off is
1941 * not a valid operation since it requires a timeout
1942 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1944 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1945 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1949 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1954 err = new_settings(hdev, sk);
1959 /* If the current mode is the same, then just update the timeout
1960 * value with the new value. And if only the timeout gets updated,
1961 * then no need for any HCI transactions.
1963 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1964 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1965 HCI_LIMITED_DISCOVERABLE)) {
1966 cancel_delayed_work(&hdev->discov_off);
1967 hdev->discov_timeout = timeout;
1969 if (cp->val && hdev->discov_timeout > 0) {
1970 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1971 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1975 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1979 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1985 /* Cancel any potential discoverable timeout that might be
1986 * still active and store new timeout value. The arming of
1987 * the timeout happens in the complete handler.
1989 cancel_delayed_work(&hdev->discov_off);
1990 hdev->discov_timeout = timeout;
1992 /* Limited discoverable mode */
1993 if (cp->val == 0x02)
1994 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1996 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1998 hci_req_init(&req, hdev);
2000 /* The procedure for LE-only controllers is much simpler - just
2001 * update the advertising data.
2003 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2009 struct hci_cp_write_current_iac_lap hci_cp;
2011 if (cp->val == 0x02) {
2012 /* Limited discoverable mode */
2013 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
2014 hci_cp.iac_lap[0] = 0x00; /* LIAC */
2015 hci_cp.iac_lap[1] = 0x8b;
2016 hci_cp.iac_lap[2] = 0x9e;
2017 hci_cp.iac_lap[3] = 0x33; /* GIAC */
2018 hci_cp.iac_lap[4] = 0x8b;
2019 hci_cp.iac_lap[5] = 0x9e;
2021 /* General discoverable mode */
2023 hci_cp.iac_lap[0] = 0x33; /* GIAC */
2024 hci_cp.iac_lap[1] = 0x8b;
2025 hci_cp.iac_lap[2] = 0x9e;
2028 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
2029 (hci_cp.num_iac * 3) + 1, &hci_cp);
2031 scan |= SCAN_INQUIRY;
2033 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2036 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
2039 update_adv_data(&req);
2041 err = hci_req_run(&req, set_discoverable_complete);
2043 mgmt_pending_remove(cmd);
2046 hci_dev_unlock(hdev);
2050 static void write_fast_connectable(struct hci_request *req, bool enable)
2052 struct hci_dev *hdev = req->hdev;
2053 struct hci_cp_write_page_scan_activity acp;
2056 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2059 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
2063 type = PAGE_SCAN_TYPE_INTERLACED;
2065 /* 160 msec page scan interval */
2066 acp.interval = cpu_to_le16(0x0100);
2068 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2070 /* default 1.28 sec page scan */
2071 acp.interval = cpu_to_le16(0x0800);
2074 acp.window = cpu_to_le16(0x0012);
2076 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
2077 __cpu_to_le16(hdev->page_scan_window) != acp.window)
2078 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2081 if (hdev->page_scan_type != type)
2082 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2085 static void set_connectable_complete(struct hci_dev *hdev, u8 status,
2088 struct mgmt_pending_cmd *cmd;
2089 struct mgmt_mode *cp;
2090 bool conn_changed, discov_changed;
2092 BT_DBG("status 0x%02x", status);
2096 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2101 u8 mgmt_err = mgmt_status(status);
2102 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
2108 conn_changed = !hci_dev_test_and_set_flag(hdev,
2110 discov_changed = false;
2112 conn_changed = hci_dev_test_and_clear_flag(hdev,
2114 discov_changed = hci_dev_test_and_clear_flag(hdev,
2118 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
2120 if (conn_changed || discov_changed) {
2121 new_settings(hdev, cmd->sk);
2122 hci_update_page_scan(hdev);
2124 mgmt_update_adv_data(hdev);
2125 hci_update_background_scan(hdev);
2129 mgmt_pending_remove(cmd);
2132 hci_dev_unlock(hdev);
2135 static int set_connectable_update_settings(struct hci_dev *hdev,
2136 struct sock *sk, u8 val)
2138 bool changed = false;
2141 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
2145 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
2147 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
2148 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2151 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
2156 hci_update_page_scan(hdev);
2157 hci_update_background_scan(hdev);
2158 return new_settings(hdev, sk);
2164 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
2167 struct mgmt_mode *cp = data;
2168 struct mgmt_pending_cmd *cmd;
2169 struct hci_request req;
2173 BT_DBG("request for %s", hdev->name);
2175 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2176 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2177 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2178 MGMT_STATUS_REJECTED);
2180 if (cp->val != 0x00 && cp->val != 0x01)
2181 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2182 MGMT_STATUS_INVALID_PARAMS);
2186 if (!hdev_is_powered(hdev)) {
2187 err = set_connectable_update_settings(hdev, sk, cp->val);
2191 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
2192 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
2193 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2198 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
2204 hci_req_init(&req, hdev);
2206 /* If BR/EDR is not enabled and we disable advertising as a
2207 * by-product of disabling connectable, we need to update the
2208 * advertising flags.
2210 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2212 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2213 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2215 update_adv_data(&req);
2216 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
2220 /* If we don't have any whitelist entries just
2221 * disable all scanning. If there are entries
2222 * and we had both page and inquiry scanning
2223 * enabled then fall back to only page scanning.
2224 * Otherwise no changes are needed.
2226 if (list_empty(&hdev->whitelist))
2227 scan = SCAN_DISABLED;
2228 else if (test_bit(HCI_ISCAN, &hdev->flags))
2231 goto no_scan_update;
2233 if (test_bit(HCI_ISCAN, &hdev->flags) &&
2234 hdev->discov_timeout > 0)
2235 cancel_delayed_work(&hdev->discov_off);
2238 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2242 /* Update the advertising parameters if necessary */
2243 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2244 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
2245 enable_advertising(&req);
2247 err = hci_req_run(&req, set_connectable_complete);
2249 mgmt_pending_remove(cmd);
2250 if (err == -ENODATA)
2251 err = set_connectable_update_settings(hdev, sk,
2257 hci_dev_unlock(hdev);
2261 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
2264 struct mgmt_mode *cp = data;
2268 BT_DBG("request for %s", hdev->name);
2270 if (cp->val != 0x00 && cp->val != 0x01)
2271 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2272 MGMT_STATUS_INVALID_PARAMS);
2277 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
2279 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
2281 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
2286 err = new_settings(hdev, sk);
2289 hci_dev_unlock(hdev);
2293 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2296 struct mgmt_mode *cp = data;
2297 struct mgmt_pending_cmd *cmd;
2301 BT_DBG("request for %s", hdev->name);
2303 status = mgmt_bredr_support(hdev);
2305 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2308 if (cp->val != 0x00 && cp->val != 0x01)
2309 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2310 MGMT_STATUS_INVALID_PARAMS);
2314 if (!hdev_is_powered(hdev)) {
2315 bool changed = false;
2317 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
2318 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
2322 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2327 err = new_settings(hdev, sk);
2332 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2333 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2340 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2341 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2345 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2351 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2353 mgmt_pending_remove(cmd);
2358 hci_dev_unlock(hdev);
2362 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2364 struct mgmt_mode *cp = data;
2365 struct mgmt_pending_cmd *cmd;
2369 BT_DBG("request for %s", hdev->name);
2371 status = mgmt_bredr_support(hdev);
2373 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2375 if (!lmp_ssp_capable(hdev))
2376 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2377 MGMT_STATUS_NOT_SUPPORTED);
2379 if (cp->val != 0x00 && cp->val != 0x01)
2380 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2381 MGMT_STATUS_INVALID_PARAMS);
2385 if (!hdev_is_powered(hdev)) {
2389 changed = !hci_dev_test_and_set_flag(hdev,
2392 changed = hci_dev_test_and_clear_flag(hdev,
2395 changed = hci_dev_test_and_clear_flag(hdev,
2398 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
2401 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2406 err = new_settings(hdev, sk);
2411 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2412 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2417 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2418 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2422 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2428 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
2429 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2430 sizeof(cp->val), &cp->val);
2432 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2434 mgmt_pending_remove(cmd);
2439 hci_dev_unlock(hdev);
2443 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2445 struct mgmt_mode *cp = data;
2450 BT_DBG("request for %s", hdev->name);
2452 status = mgmt_bredr_support(hdev);
2454 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2456 if (!lmp_ssp_capable(hdev))
2457 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2458 MGMT_STATUS_NOT_SUPPORTED);
2460 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
2461 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2462 MGMT_STATUS_REJECTED);
2464 if (cp->val != 0x00 && cp->val != 0x01)
2465 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2466 MGMT_STATUS_INVALID_PARAMS);
2470 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2471 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2477 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2479 if (hdev_is_powered(hdev)) {
2480 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2481 MGMT_STATUS_REJECTED);
2485 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2488 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2493 err = new_settings(hdev, sk);
2496 hci_dev_unlock(hdev);
2500 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2502 struct cmd_lookup match = { NULL, hdev };
2507 u8 mgmt_err = mgmt_status(status);
2509 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2514 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2516 new_settings(hdev, match.sk);
2521 /* Make sure the controller has a good default for
2522 * advertising data. Restrict the update to when LE
2523 * has actually been enabled. During power on, the
2524 * update in powered_update_hci will take care of it.
2526 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2527 struct hci_request req;
2529 hci_req_init(&req, hdev);
2530 update_adv_data(&req);
2531 update_scan_rsp_data(&req);
2532 __hci_update_background_scan(&req);
2533 hci_req_run(&req, NULL);
2537 hci_dev_unlock(hdev);
2540 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2542 struct mgmt_mode *cp = data;
2543 struct hci_cp_write_le_host_supported hci_cp;
2544 struct mgmt_pending_cmd *cmd;
2545 struct hci_request req;
2549 BT_DBG("request for %s", hdev->name);
2551 if (!lmp_le_capable(hdev))
2552 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2553 MGMT_STATUS_NOT_SUPPORTED);
2555 if (cp->val != 0x00 && cp->val != 0x01)
2556 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2557 MGMT_STATUS_INVALID_PARAMS);
2559 /* Bluetooth single mode LE only controllers or dual-mode
2560 * controllers configured as LE only devices, do not allow
2561 * switching LE off. These have either LE enabled explicitly
2562 * or BR/EDR has been previously switched off.
2564 * When trying to enable an already enabled LE, then gracefully
2565 * send a positive response. Trying to disable it however will
2566 * result into rejection.
2568 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2569 if (cp->val == 0x01)
2570 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2573 MGMT_STATUS_REJECTED);
2579 enabled = lmp_host_le_capable(hdev);
2582 clear_adv_instance(hdev, NULL, 0x00, true);
2584 if (!hdev_is_powered(hdev) || val == enabled) {
2585 bool changed = false;
2587 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2588 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2592 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2593 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2597 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2602 err = new_settings(hdev, sk);
2607 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2608 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2609 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2614 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2620 hci_req_init(&req, hdev);
2622 memset(&hci_cp, 0, sizeof(hci_cp));
2626 hci_cp.simul = 0x00;
2628 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2629 disable_advertising(&req);
2632 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2635 err = hci_req_run(&req, le_enable_complete);
2637 mgmt_pending_remove(cmd);
2640 hci_dev_unlock(hdev);
2644 /* This is a helper function to test for pending mgmt commands that can
2645 * cause CoD or EIR HCI commands. We can only allow one such pending
2646 * mgmt command at a time since otherwise we cannot easily track what
2647 * the current values are, will be, and based on that calculate if a new
2648 * HCI command needs to be sent and if yes with what value.
2650 static bool pending_eir_or_class(struct hci_dev *hdev)
2652 struct mgmt_pending_cmd *cmd;
2654 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2655 switch (cmd->opcode) {
2656 case MGMT_OP_ADD_UUID:
2657 case MGMT_OP_REMOVE_UUID:
2658 case MGMT_OP_SET_DEV_CLASS:
2659 case MGMT_OP_SET_POWERED:
2667 static const u8 bluetooth_base_uuid[] = {
2668 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2669 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2672 static u8 get_uuid_size(const u8 *uuid)
2676 if (memcmp(uuid, bluetooth_base_uuid, 12))
2679 val = get_unaligned_le32(&uuid[12]);
2686 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2688 struct mgmt_pending_cmd *cmd;
2692 cmd = pending_find(mgmt_op, hdev);
2696 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2697 mgmt_status(status), hdev->dev_class, 3);
2699 mgmt_pending_remove(cmd);
2702 hci_dev_unlock(hdev);
2705 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2707 BT_DBG("status 0x%02x", status);
2709 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2712 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2714 struct mgmt_cp_add_uuid *cp = data;
2715 struct mgmt_pending_cmd *cmd;
2716 struct hci_request req;
2717 struct bt_uuid *uuid;
2720 BT_DBG("request for %s", hdev->name);
2724 if (pending_eir_or_class(hdev)) {
2725 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2730 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2736 memcpy(uuid->uuid, cp->uuid, 16);
2737 uuid->svc_hint = cp->svc_hint;
2738 uuid->size = get_uuid_size(cp->uuid);
2740 list_add_tail(&uuid->list, &hdev->uuids);
2742 hci_req_init(&req, hdev);
2747 err = hci_req_run(&req, add_uuid_complete);
2749 if (err != -ENODATA)
2752 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2753 hdev->dev_class, 3);
2757 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2766 hci_dev_unlock(hdev);
2770 static bool enable_service_cache(struct hci_dev *hdev)
2772 if (!hdev_is_powered(hdev))
2775 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2776 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2784 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2786 BT_DBG("status 0x%02x", status);
2788 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2791 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2794 struct mgmt_cp_remove_uuid *cp = data;
2795 struct mgmt_pending_cmd *cmd;
2796 struct bt_uuid *match, *tmp;
2797 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2798 struct hci_request req;
2801 BT_DBG("request for %s", hdev->name);
2805 if (pending_eir_or_class(hdev)) {
2806 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2811 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2812 hci_uuids_clear(hdev);
2814 if (enable_service_cache(hdev)) {
2815 err = mgmt_cmd_complete(sk, hdev->id,
2816 MGMT_OP_REMOVE_UUID,
2817 0, hdev->dev_class, 3);
2826 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2827 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2830 list_del(&match->list);
2836 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2837 MGMT_STATUS_INVALID_PARAMS);
2842 hci_req_init(&req, hdev);
2847 err = hci_req_run(&req, remove_uuid_complete);
2849 if (err != -ENODATA)
2852 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2853 hdev->dev_class, 3);
2857 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2866 hci_dev_unlock(hdev);
2870 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2872 BT_DBG("status 0x%02x", status);
2874 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2877 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2880 struct mgmt_cp_set_dev_class *cp = data;
2881 struct mgmt_pending_cmd *cmd;
2882 struct hci_request req;
2885 BT_DBG("request for %s", hdev->name);
2887 if (!lmp_bredr_capable(hdev))
2888 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2889 MGMT_STATUS_NOT_SUPPORTED);
2893 if (pending_eir_or_class(hdev)) {
2894 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2899 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2900 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2901 MGMT_STATUS_INVALID_PARAMS);
2905 hdev->major_class = cp->major;
2906 hdev->minor_class = cp->minor;
2908 if (!hdev_is_powered(hdev)) {
2909 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2910 hdev->dev_class, 3);
2914 hci_req_init(&req, hdev);
2916 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2917 hci_dev_unlock(hdev);
2918 cancel_delayed_work_sync(&hdev->service_cache);
2925 err = hci_req_run(&req, set_class_complete);
2927 if (err != -ENODATA)
2930 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2931 hdev->dev_class, 3);
2935 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2944 hci_dev_unlock(hdev);
2948 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2951 struct mgmt_cp_load_link_keys *cp = data;
2952 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2953 sizeof(struct mgmt_link_key_info));
2954 u16 key_count, expected_len;
2958 BT_DBG("request for %s", hdev->name);
2960 if (!lmp_bredr_capable(hdev))
2961 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2962 MGMT_STATUS_NOT_SUPPORTED);
2964 key_count = __le16_to_cpu(cp->key_count);
2965 if (key_count > max_key_count) {
2966 BT_ERR("load_link_keys: too big key_count value %u",
2968 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2969 MGMT_STATUS_INVALID_PARAMS);
2972 expected_len = sizeof(*cp) + key_count *
2973 sizeof(struct mgmt_link_key_info);
2974 if (expected_len != len) {
2975 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2977 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2978 MGMT_STATUS_INVALID_PARAMS);
2981 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2982 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2983 MGMT_STATUS_INVALID_PARAMS);
2985 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2988 for (i = 0; i < key_count; i++) {
2989 struct mgmt_link_key_info *key = &cp->keys[i];
2991 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2992 return mgmt_cmd_status(sk, hdev->id,
2993 MGMT_OP_LOAD_LINK_KEYS,
2994 MGMT_STATUS_INVALID_PARAMS);
2999 hci_link_keys_clear(hdev);
3002 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
3004 changed = hci_dev_test_and_clear_flag(hdev,
3005 HCI_KEEP_DEBUG_KEYS);
3008 new_settings(hdev, NULL);
3010 for (i = 0; i < key_count; i++) {
3011 struct mgmt_link_key_info *key = &cp->keys[i];
3013 /* Always ignore debug keys and require a new pairing if
3014 * the user wants to use them.
3016 if (key->type == HCI_LK_DEBUG_COMBINATION)
3019 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
3020 key->type, key->pin_len, NULL);
3023 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
3025 hci_dev_unlock(hdev);
3030 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
3031 u8 addr_type, struct sock *skip_sk)
3033 struct mgmt_ev_device_unpaired ev;
3035 bacpy(&ev.addr.bdaddr, bdaddr);
3036 ev.addr.type = addr_type;
3038 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
3042 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3045 struct mgmt_cp_unpair_device *cp = data;
3046 struct mgmt_rp_unpair_device rp;
3047 struct hci_cp_disconnect dc;
3048 struct mgmt_pending_cmd *cmd;
3049 struct hci_conn *conn;
3052 memset(&rp, 0, sizeof(rp));
3053 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3054 rp.addr.type = cp->addr.type;
3056 if (!bdaddr_type_is_valid(cp->addr.type))
3057 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3058 MGMT_STATUS_INVALID_PARAMS,
3061 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
3062 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3063 MGMT_STATUS_INVALID_PARAMS,
3068 if (!hdev_is_powered(hdev)) {
3069 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3070 MGMT_STATUS_NOT_POWERED, &rp,
3075 if (cp->addr.type == BDADDR_BREDR) {
3076 /* If disconnection is requested, then look up the
3077 * connection. If the remote device is connected, it
3078 * will be later used to terminate the link.
3080 * Setting it to NULL explicitly will cause no
3081 * termination of the link.
3084 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3089 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
3093 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
3096 /* Defer clearing up the connection parameters
3097 * until closing to give a chance of keeping
3098 * them if a repairing happens.
3100 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3102 /* If disconnection is not requested, then
3103 * clear the connection variable so that the
3104 * link is not terminated.
3106 if (!cp->disconnect)
3110 if (cp->addr.type == BDADDR_LE_PUBLIC)
3111 addr_type = ADDR_LE_DEV_PUBLIC;
3113 addr_type = ADDR_LE_DEV_RANDOM;
3115 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
3117 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
3121 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3122 MGMT_STATUS_NOT_PAIRED, &rp,
3127 /* If the connection variable is set, then termination of the
3128 * link is requested.
3131 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3133 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
3137 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
3144 cmd->cmd_complete = addr_cmd_complete;
3146 dc.handle = cpu_to_le16(conn->handle);
3147 dc.reason = 0x13; /* Remote User Terminated Connection */
3148 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
3150 mgmt_pending_remove(cmd);
3153 hci_dev_unlock(hdev);
3157 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
3160 struct mgmt_cp_disconnect *cp = data;
3161 struct mgmt_rp_disconnect rp;
3162 struct mgmt_pending_cmd *cmd;
3163 struct hci_conn *conn;
3168 memset(&rp, 0, sizeof(rp));
3169 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3170 rp.addr.type = cp->addr.type;
3172 if (!bdaddr_type_is_valid(cp->addr.type))
3173 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3174 MGMT_STATUS_INVALID_PARAMS,
3179 if (!test_bit(HCI_UP, &hdev->flags)) {
3180 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3181 MGMT_STATUS_NOT_POWERED, &rp,
3186 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
3187 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3188 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3192 if (cp->addr.type == BDADDR_BREDR)
3193 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3196 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
3198 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
3199 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3200 MGMT_STATUS_NOT_CONNECTED, &rp,
3205 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
3211 cmd->cmd_complete = generic_cmd_complete;
3213 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3215 mgmt_pending_remove(cmd);
3218 hci_dev_unlock(hdev);
3222 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3224 switch (link_type) {
3226 switch (addr_type) {
3227 case ADDR_LE_DEV_PUBLIC:
3228 return BDADDR_LE_PUBLIC;
3231 /* Fallback to LE Random address type */
3232 return BDADDR_LE_RANDOM;
3236 /* Fallback to BR/EDR type */
3237 return BDADDR_BREDR;
3241 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3244 struct mgmt_rp_get_connections *rp;
3254 if (!hdev_is_powered(hdev)) {
3255 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3256 MGMT_STATUS_NOT_POWERED);
3261 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3262 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3266 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3267 rp = kmalloc(rp_len, GFP_KERNEL);
3274 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3275 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3277 bacpy(&rp->addr[i].bdaddr, &c->dst);
3278 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3279 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3284 rp->conn_count = cpu_to_le16(i);
3286 /* Recalculate length in case of filtered SCO connections, etc */
3287 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3289 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3295 hci_dev_unlock(hdev);
3299 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3300 struct mgmt_cp_pin_code_neg_reply *cp)
3302 struct mgmt_pending_cmd *cmd;
3305 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3310 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3311 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3313 mgmt_pending_remove(cmd);
3318 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3321 struct hci_conn *conn;
3322 struct mgmt_cp_pin_code_reply *cp = data;
3323 struct hci_cp_pin_code_reply reply;
3324 struct mgmt_pending_cmd *cmd;
3331 if (!hdev_is_powered(hdev)) {
3332 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3333 MGMT_STATUS_NOT_POWERED);
3337 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3339 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3340 MGMT_STATUS_NOT_CONNECTED);
3344 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3345 struct mgmt_cp_pin_code_neg_reply ncp;
3347 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3349 BT_ERR("PIN code is not 16 bytes long");
3351 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3353 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3354 MGMT_STATUS_INVALID_PARAMS);
3359 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3365 cmd->cmd_complete = addr_cmd_complete;
3367 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3368 reply.pin_len = cp->pin_len;
3369 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3371 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3373 mgmt_pending_remove(cmd);
3376 hci_dev_unlock(hdev);
3380 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3383 struct mgmt_cp_set_io_capability *cp = data;
3387 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3388 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3389 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3393 hdev->io_capability = cp->io_capability;
3395 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3396 hdev->io_capability);
3398 hci_dev_unlock(hdev);
3400 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3404 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
3406 struct hci_dev *hdev = conn->hdev;
3407 struct mgmt_pending_cmd *cmd;
3409 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3410 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3413 if (cmd->user_data != conn)
3422 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
3424 struct mgmt_rp_pair_device rp;
3425 struct hci_conn *conn = cmd->user_data;
3428 bacpy(&rp.addr.bdaddr, &conn->dst);
3429 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3431 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3432 status, &rp, sizeof(rp));
3434 /* So we don't get further callbacks for this connection */
3435 conn->connect_cfm_cb = NULL;
3436 conn->security_cfm_cb = NULL;
3437 conn->disconn_cfm_cb = NULL;
3439 hci_conn_drop(conn);
3441 /* The device is paired so there is no need to remove
3442 * its connection parameters anymore.
3444 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3451 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3453 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3454 struct mgmt_pending_cmd *cmd;
3456 cmd = find_pairing(conn);
3458 cmd->cmd_complete(cmd, status);
3459 mgmt_pending_remove(cmd);
3463 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3465 struct mgmt_pending_cmd *cmd;
3467 BT_DBG("status %u", status);
3469 cmd = find_pairing(conn);
3471 BT_DBG("Unable to find a pending command");
3475 cmd->cmd_complete(cmd, mgmt_status(status));
3476 mgmt_pending_remove(cmd);
3479 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3481 struct mgmt_pending_cmd *cmd;
3483 BT_DBG("status %u", status);
3488 cmd = find_pairing(conn);
3490 BT_DBG("Unable to find a pending command");
3494 cmd->cmd_complete(cmd, mgmt_status(status));
3495 mgmt_pending_remove(cmd);
3498 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3501 struct mgmt_cp_pair_device *cp = data;
3502 struct mgmt_rp_pair_device rp;
3503 struct mgmt_pending_cmd *cmd;
3504 u8 sec_level, auth_type;
3505 struct hci_conn *conn;
3510 memset(&rp, 0, sizeof(rp));
3511 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3512 rp.addr.type = cp->addr.type;
3514 if (!bdaddr_type_is_valid(cp->addr.type))
3515 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3516 MGMT_STATUS_INVALID_PARAMS,
3519 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3520 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3521 MGMT_STATUS_INVALID_PARAMS,
3526 if (!hdev_is_powered(hdev)) {
3527 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3528 MGMT_STATUS_NOT_POWERED, &rp,
3533 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3534 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3535 MGMT_STATUS_ALREADY_PAIRED, &rp,
3540 sec_level = BT_SECURITY_MEDIUM;
3541 auth_type = HCI_AT_DEDICATED_BONDING;
3543 if (cp->addr.type == BDADDR_BREDR) {
3544 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3548 struct hci_conn_params *p;
3550 /* Convert from L2CAP channel address type to HCI address type
3552 if (cp->addr.type == BDADDR_LE_PUBLIC)
3553 addr_type = ADDR_LE_DEV_PUBLIC;
3555 addr_type = ADDR_LE_DEV_RANDOM;
3557 /* When pairing a new device, it is expected to remember
3558 * this device for future connections. Adding the connection
3559 * parameter information ahead of time allows tracking
3560 * of the slave preferred values and will speed up any
3561 * further connection establishment.
3563 * If connection parameters already exist, then they
3564 * will be kept and this function does nothing.
3566 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3568 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
3569 p->auto_connect = HCI_AUTO_CONN_DISABLED;
3571 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
3572 addr_type, sec_level,
3573 HCI_LE_CONN_TIMEOUT,
3580 if (PTR_ERR(conn) == -EBUSY)
3581 status = MGMT_STATUS_BUSY;
3582 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3583 status = MGMT_STATUS_NOT_SUPPORTED;
3584 else if (PTR_ERR(conn) == -ECONNREFUSED)
3585 status = MGMT_STATUS_REJECTED;
3587 status = MGMT_STATUS_CONNECT_FAILED;
3589 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3590 status, &rp, sizeof(rp));
3594 if (conn->connect_cfm_cb) {
3595 hci_conn_drop(conn);
3596 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3597 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3601 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3604 hci_conn_drop(conn);
3608 cmd->cmd_complete = pairing_complete;
3610 /* For LE, just connecting isn't a proof that the pairing finished */
3611 if (cp->addr.type == BDADDR_BREDR) {
3612 conn->connect_cfm_cb = pairing_complete_cb;
3613 conn->security_cfm_cb = pairing_complete_cb;
3614 conn->disconn_cfm_cb = pairing_complete_cb;
3616 conn->connect_cfm_cb = le_pairing_complete_cb;
3617 conn->security_cfm_cb = le_pairing_complete_cb;
3618 conn->disconn_cfm_cb = le_pairing_complete_cb;
3621 conn->io_capability = cp->io_cap;
3622 cmd->user_data = hci_conn_get(conn);
3624 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3625 hci_conn_security(conn, sec_level, auth_type, true)) {
3626 cmd->cmd_complete(cmd, 0);
3627 mgmt_pending_remove(cmd);
3633 hci_dev_unlock(hdev);
3637 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3640 struct mgmt_addr_info *addr = data;
3641 struct mgmt_pending_cmd *cmd;
3642 struct hci_conn *conn;
3649 if (!hdev_is_powered(hdev)) {
3650 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3651 MGMT_STATUS_NOT_POWERED);
3655 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3657 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3658 MGMT_STATUS_INVALID_PARAMS);
3662 conn = cmd->user_data;
3664 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3665 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3666 MGMT_STATUS_INVALID_PARAMS);
3670 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3671 mgmt_pending_remove(cmd);
3673 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3674 addr, sizeof(*addr));
3676 hci_dev_unlock(hdev);
3680 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3681 struct mgmt_addr_info *addr, u16 mgmt_op,
3682 u16 hci_op, __le32 passkey)
3684 struct mgmt_pending_cmd *cmd;
3685 struct hci_conn *conn;
3690 if (!hdev_is_powered(hdev)) {
3691 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3692 MGMT_STATUS_NOT_POWERED, addr,
3697 if (addr->type == BDADDR_BREDR)
3698 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3700 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3703 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3704 MGMT_STATUS_NOT_CONNECTED, addr,
3709 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3710 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3712 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3713 MGMT_STATUS_SUCCESS, addr,
3716 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3717 MGMT_STATUS_FAILED, addr,
3723 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3729 cmd->cmd_complete = addr_cmd_complete;
3731 /* Continue with pairing via HCI */
3732 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3733 struct hci_cp_user_passkey_reply cp;
3735 bacpy(&cp.bdaddr, &addr->bdaddr);
3736 cp.passkey = passkey;
3737 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3739 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3743 mgmt_pending_remove(cmd);
3746 hci_dev_unlock(hdev);
3750 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3751 void *data, u16 len)
3753 struct mgmt_cp_pin_code_neg_reply *cp = data;
3757 return user_pairing_resp(sk, hdev, &cp->addr,
3758 MGMT_OP_PIN_CODE_NEG_REPLY,
3759 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3762 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3765 struct mgmt_cp_user_confirm_reply *cp = data;
3769 if (len != sizeof(*cp))
3770 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3771 MGMT_STATUS_INVALID_PARAMS);
3773 return user_pairing_resp(sk, hdev, &cp->addr,
3774 MGMT_OP_USER_CONFIRM_REPLY,
3775 HCI_OP_USER_CONFIRM_REPLY, 0);
3778 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3779 void *data, u16 len)
3781 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3785 return user_pairing_resp(sk, hdev, &cp->addr,
3786 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3787 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3790 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3793 struct mgmt_cp_user_passkey_reply *cp = data;
3797 return user_pairing_resp(sk, hdev, &cp->addr,
3798 MGMT_OP_USER_PASSKEY_REPLY,
3799 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3802 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3803 void *data, u16 len)
3805 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3809 return user_pairing_resp(sk, hdev, &cp->addr,
3810 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3811 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3814 static void update_name(struct hci_request *req)
3816 struct hci_dev *hdev = req->hdev;
3817 struct hci_cp_write_local_name cp;
3819 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3821 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3824 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3826 struct mgmt_cp_set_local_name *cp;
3827 struct mgmt_pending_cmd *cmd;
3829 BT_DBG("status 0x%02x", status);
3833 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3840 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3841 mgmt_status(status));
3843 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3846 mgmt_pending_remove(cmd);
3849 hci_dev_unlock(hdev);
3852 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3855 struct mgmt_cp_set_local_name *cp = data;
3856 struct mgmt_pending_cmd *cmd;
3857 struct hci_request req;
3864 /* If the old values are the same as the new ones just return a
3865 * direct command complete event.
3867 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3868 !memcmp(hdev->short_name, cp->short_name,
3869 sizeof(hdev->short_name))) {
3870 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3875 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3877 if (!hdev_is_powered(hdev)) {
3878 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3880 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3885 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3891 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3897 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3899 hci_req_init(&req, hdev);
3901 if (lmp_bredr_capable(hdev)) {
3906 /* The name is stored in the scan response data and so
3907 * no need to udpate the advertising data here.
3909 if (lmp_le_capable(hdev))
3910 update_scan_rsp_data(&req);
3912 err = hci_req_run(&req, set_name_complete);
3914 mgmt_pending_remove(cmd);
3917 hci_dev_unlock(hdev);
3921 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3922 u16 opcode, struct sk_buff *skb)
3924 struct mgmt_rp_read_local_oob_data mgmt_rp;
3925 size_t rp_size = sizeof(mgmt_rp);
3926 struct mgmt_pending_cmd *cmd;
3928 BT_DBG("%s status %u", hdev->name, status);
3930 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3934 if (status || !skb) {
3935 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3936 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3940 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3942 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3943 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3945 if (skb->len < sizeof(*rp)) {
3946 mgmt_cmd_status(cmd->sk, hdev->id,
3947 MGMT_OP_READ_LOCAL_OOB_DATA,
3948 MGMT_STATUS_FAILED);
3952 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3953 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3955 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3957 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3959 if (skb->len < sizeof(*rp)) {
3960 mgmt_cmd_status(cmd->sk, hdev->id,
3961 MGMT_OP_READ_LOCAL_OOB_DATA,
3962 MGMT_STATUS_FAILED);
3966 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3967 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3969 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3970 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3973 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3974 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3977 mgmt_pending_remove(cmd);
3980 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3981 void *data, u16 data_len)
3983 struct mgmt_pending_cmd *cmd;
3984 struct hci_request req;
3987 BT_DBG("%s", hdev->name);
3991 if (!hdev_is_powered(hdev)) {
3992 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3993 MGMT_STATUS_NOT_POWERED);
3997 if (!lmp_ssp_capable(hdev)) {
3998 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3999 MGMT_STATUS_NOT_SUPPORTED);
4003 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
4004 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4009 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
4015 hci_req_init(&req, hdev);
4017 if (bredr_sc_enabled(hdev))
4018 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4020 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4022 err = hci_req_run_skb(&req, read_local_oob_data_complete);
4024 mgmt_pending_remove(cmd);
4027 hci_dev_unlock(hdev);
4031 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4032 void *data, u16 len)
4034 struct mgmt_addr_info *addr = data;
4037 BT_DBG("%s ", hdev->name);
4039 if (!bdaddr_type_is_valid(addr->type))
4040 return mgmt_cmd_complete(sk, hdev->id,
4041 MGMT_OP_ADD_REMOTE_OOB_DATA,
4042 MGMT_STATUS_INVALID_PARAMS,
4043 addr, sizeof(*addr));
4047 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
4048 struct mgmt_cp_add_remote_oob_data *cp = data;
4051 if (cp->addr.type != BDADDR_BREDR) {
4052 err = mgmt_cmd_complete(sk, hdev->id,
4053 MGMT_OP_ADD_REMOTE_OOB_DATA,
4054 MGMT_STATUS_INVALID_PARAMS,
4055 &cp->addr, sizeof(cp->addr));
4059 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4060 cp->addr.type, cp->hash,
4061 cp->rand, NULL, NULL);
4063 status = MGMT_STATUS_FAILED;
4065 status = MGMT_STATUS_SUCCESS;
4067 err = mgmt_cmd_complete(sk, hdev->id,
4068 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
4069 &cp->addr, sizeof(cp->addr));
4070 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
4071 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
4072 u8 *rand192, *hash192, *rand256, *hash256;
4075 if (bdaddr_type_is_le(cp->addr.type)) {
4076 /* Enforce zero-valued 192-bit parameters as
4077 * long as legacy SMP OOB isn't implemented.
4079 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
4080 memcmp(cp->hash192, ZERO_KEY, 16)) {
4081 err = mgmt_cmd_complete(sk, hdev->id,
4082 MGMT_OP_ADD_REMOTE_OOB_DATA,
4083 MGMT_STATUS_INVALID_PARAMS,
4084 addr, sizeof(*addr));
4091 /* In case one of the P-192 values is set to zero,
4092 * then just disable OOB data for P-192.
4094 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
4095 !memcmp(cp->hash192, ZERO_KEY, 16)) {
4099 rand192 = cp->rand192;
4100 hash192 = cp->hash192;
4104 /* In case one of the P-256 values is set to zero, then just
4105 * disable OOB data for P-256.
4107 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
4108 !memcmp(cp->hash256, ZERO_KEY, 16)) {
4112 rand256 = cp->rand256;
4113 hash256 = cp->hash256;
4116 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4117 cp->addr.type, hash192, rand192,
4120 status = MGMT_STATUS_FAILED;
4122 status = MGMT_STATUS_SUCCESS;
4124 err = mgmt_cmd_complete(sk, hdev->id,
4125 MGMT_OP_ADD_REMOTE_OOB_DATA,
4126 status, &cp->addr, sizeof(cp->addr));
4128 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
4129 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
4130 MGMT_STATUS_INVALID_PARAMS);
4134 hci_dev_unlock(hdev);
4138 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4139 void *data, u16 len)
4141 struct mgmt_cp_remove_remote_oob_data *cp = data;
4145 BT_DBG("%s", hdev->name);
4147 if (cp->addr.type != BDADDR_BREDR)
4148 return mgmt_cmd_complete(sk, hdev->id,
4149 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4150 MGMT_STATUS_INVALID_PARAMS,
4151 &cp->addr, sizeof(cp->addr));
4155 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4156 hci_remote_oob_data_clear(hdev);
4157 status = MGMT_STATUS_SUCCESS;
4161 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
4163 status = MGMT_STATUS_INVALID_PARAMS;
4165 status = MGMT_STATUS_SUCCESS;
4168 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4169 status, &cp->addr, sizeof(cp->addr));
4171 hci_dev_unlock(hdev);
4175 static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
4177 struct hci_dev *hdev = req->hdev;
4178 struct hci_cp_inquiry cp;
4179 /* General inquiry access code (GIAC) */
4180 u8 lap[3] = { 0x33, 0x8b, 0x9e };
4182 *status = mgmt_bredr_support(hdev);
4186 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
4187 *status = MGMT_STATUS_BUSY;
4191 hci_inquiry_cache_flush(hdev);
4193 memset(&cp, 0, sizeof(cp));
4194 memcpy(&cp.lap, lap, sizeof(cp.lap));
4195 cp.length = DISCOV_BREDR_INQUIRY_LEN;
4197 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
4202 static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
4204 struct hci_dev *hdev = req->hdev;
4205 struct hci_cp_le_set_scan_param param_cp;
4206 struct hci_cp_le_set_scan_enable enable_cp;
4210 *status = mgmt_le_support(hdev);
4214 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
4215 /* Don't let discovery abort an outgoing connection attempt
4216 * that's using directed advertising.
4218 if (hci_lookup_le_connect(hdev)) {
4219 *status = MGMT_STATUS_REJECTED;
4223 cancel_adv_timeout(hdev);
4224 disable_advertising(req);
4227 /* If controller is scanning, it means the background scanning is
4228 * running. Thus, we should temporarily stop it in order to set the
4229 * discovery scanning parameters.
4231 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
4232 hci_req_add_le_scan_disable(req);
4234 /* All active scans will be done with either a resolvable private
4235 * address (when privacy feature has been enabled) or non-resolvable
4238 err = hci_update_random_address(req, true, &own_addr_type);
4240 *status = MGMT_STATUS_FAILED;
4244 memset(¶m_cp, 0, sizeof(param_cp));
4245 param_cp.type = LE_SCAN_ACTIVE;
4246 param_cp.interval = cpu_to_le16(interval);
4247 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
4248 param_cp.own_address_type = own_addr_type;
4250 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
4253 memset(&enable_cp, 0, sizeof(enable_cp));
4254 enable_cp.enable = LE_SCAN_ENABLE;
4255 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
4257 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
4263 static bool trigger_discovery(struct hci_request *req, u8 *status)
4265 struct hci_dev *hdev = req->hdev;
4267 switch (hdev->discovery.type) {
4268 case DISCOV_TYPE_BREDR:
4269 if (!trigger_bredr_inquiry(req, status))
4273 case DISCOV_TYPE_INTERLEAVED:
4274 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
4276 /* During simultaneous discovery, we double LE scan
4277 * interval. We must leave some time for the controller
4278 * to do BR/EDR inquiry.
4280 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
4284 if (!trigger_bredr_inquiry(req, status))
4290 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4291 *status = MGMT_STATUS_NOT_SUPPORTED;
4296 case DISCOV_TYPE_LE:
4297 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
4302 *status = MGMT_STATUS_INVALID_PARAMS;
4309 static void start_discovery_complete(struct hci_dev *hdev, u8 status,
4312 struct mgmt_pending_cmd *cmd;
4313 unsigned long timeout;
4315 BT_DBG("status %d", status);
4319 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
4321 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4324 cmd->cmd_complete(cmd, mgmt_status(status));
4325 mgmt_pending_remove(cmd);
4329 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4333 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
4335 /* If the scan involves LE scan, pick proper timeout to schedule
4336 * hdev->le_scan_disable that will stop it.
4338 switch (hdev->discovery.type) {
4339 case DISCOV_TYPE_LE:
4340 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4342 case DISCOV_TYPE_INTERLEAVED:
4343 /* When running simultaneous discovery, the LE scanning time
4344 * should occupy the whole discovery time sine BR/EDR inquiry
4345 * and LE scanning are scheduled by the controller.
4347 * For interleaving discovery in comparison, BR/EDR inquiry
4348 * and LE scanning are done sequentially with separate
4351 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
4352 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4354 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
4356 case DISCOV_TYPE_BREDR:
4360 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
4366 /* When service discovery is used and the controller has
4367 * a strict duplicate filter, it is important to remember
4368 * the start and duration of the scan. This is required
4369 * for restarting scanning during the discovery phase.
4371 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4373 hdev->discovery.result_filtering) {
4374 hdev->discovery.scan_start = jiffies;
4375 hdev->discovery.scan_duration = timeout;
4378 queue_delayed_work(hdev->workqueue,
4379 &hdev->le_scan_disable, timeout);
4383 hci_dev_unlock(hdev);
4386 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4387 void *data, u16 len)
4389 struct mgmt_cp_start_discovery *cp = data;
4390 struct mgmt_pending_cmd *cmd;
4391 struct hci_request req;
4395 BT_DBG("%s", hdev->name);
4399 if (!hdev_is_powered(hdev)) {
4400 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4401 MGMT_STATUS_NOT_POWERED,
4402 &cp->type, sizeof(cp->type));
4406 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4407 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4408 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4409 MGMT_STATUS_BUSY, &cp->type,
4414 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4420 cmd->cmd_complete = generic_cmd_complete;
4422 /* Clear the discovery filter first to free any previously
4423 * allocated memory for the UUID list.
4425 hci_discovery_filter_clear(hdev);
4427 hdev->discovery.type = cp->type;
4428 hdev->discovery.report_invalid_rssi = false;
4430 hci_req_init(&req, hdev);
4432 if (!trigger_discovery(&req, &status)) {
4433 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4434 status, &cp->type, sizeof(cp->type));
4435 mgmt_pending_remove(cmd);
4439 err = hci_req_run(&req, start_discovery_complete);
4441 mgmt_pending_remove(cmd);
4445 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4448 hci_dev_unlock(hdev);
4452 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4455 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4459 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4460 void *data, u16 len)
4462 struct mgmt_cp_start_service_discovery *cp = data;
4463 struct mgmt_pending_cmd *cmd;
4464 struct hci_request req;
4465 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4466 u16 uuid_count, expected_len;
4470 BT_DBG("%s", hdev->name);
4474 if (!hdev_is_powered(hdev)) {
4475 err = mgmt_cmd_complete(sk, hdev->id,
4476 MGMT_OP_START_SERVICE_DISCOVERY,
4477 MGMT_STATUS_NOT_POWERED,
4478 &cp->type, sizeof(cp->type));
4482 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4483 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4484 err = mgmt_cmd_complete(sk, hdev->id,
4485 MGMT_OP_START_SERVICE_DISCOVERY,
4486 MGMT_STATUS_BUSY, &cp->type,
4491 uuid_count = __le16_to_cpu(cp->uuid_count);
4492 if (uuid_count > max_uuid_count) {
4493 BT_ERR("service_discovery: too big uuid_count value %u",
4495 err = mgmt_cmd_complete(sk, hdev->id,
4496 MGMT_OP_START_SERVICE_DISCOVERY,
4497 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4502 expected_len = sizeof(*cp) + uuid_count * 16;
4503 if (expected_len != len) {
4504 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4506 err = mgmt_cmd_complete(sk, hdev->id,
4507 MGMT_OP_START_SERVICE_DISCOVERY,
4508 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4513 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4520 cmd->cmd_complete = service_discovery_cmd_complete;
4522 /* Clear the discovery filter first to free any previously
4523 * allocated memory for the UUID list.
4525 hci_discovery_filter_clear(hdev);
4527 hdev->discovery.result_filtering = true;
4528 hdev->discovery.type = cp->type;
4529 hdev->discovery.rssi = cp->rssi;
4530 hdev->discovery.uuid_count = uuid_count;
4532 if (uuid_count > 0) {
4533 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4535 if (!hdev->discovery.uuids) {
4536 err = mgmt_cmd_complete(sk, hdev->id,
4537 MGMT_OP_START_SERVICE_DISCOVERY,
4539 &cp->type, sizeof(cp->type));
4540 mgmt_pending_remove(cmd);
4545 hci_req_init(&req, hdev);
4547 if (!trigger_discovery(&req, &status)) {
4548 err = mgmt_cmd_complete(sk, hdev->id,
4549 MGMT_OP_START_SERVICE_DISCOVERY,
4550 status, &cp->type, sizeof(cp->type));
4551 mgmt_pending_remove(cmd);
4555 err = hci_req_run(&req, start_discovery_complete);
4557 mgmt_pending_remove(cmd);
4561 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4564 hci_dev_unlock(hdev);
4568 static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4570 struct mgmt_pending_cmd *cmd;
4572 BT_DBG("status %d", status);
4576 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4578 cmd->cmd_complete(cmd, mgmt_status(status));
4579 mgmt_pending_remove(cmd);
4583 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4585 hci_dev_unlock(hdev);
4588 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4591 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4592 struct mgmt_pending_cmd *cmd;
4593 struct hci_request req;
4596 BT_DBG("%s", hdev->name);
4600 if (!hci_discovery_active(hdev)) {
4601 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4602 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4603 sizeof(mgmt_cp->type));
4607 if (hdev->discovery.type != mgmt_cp->type) {
4608 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4609 MGMT_STATUS_INVALID_PARAMS,
4610 &mgmt_cp->type, sizeof(mgmt_cp->type));
4614 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4620 cmd->cmd_complete = generic_cmd_complete;
4622 hci_req_init(&req, hdev);
4624 hci_stop_discovery(&req);
4626 err = hci_req_run(&req, stop_discovery_complete);
4628 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4632 mgmt_pending_remove(cmd);
4634 /* If no HCI commands were sent we're done */
4635 if (err == -ENODATA) {
4636 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4637 &mgmt_cp->type, sizeof(mgmt_cp->type));
4638 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4642 hci_dev_unlock(hdev);
4646 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4649 struct mgmt_cp_confirm_name *cp = data;
4650 struct inquiry_entry *e;
4653 BT_DBG("%s", hdev->name);
4657 if (!hci_discovery_active(hdev)) {
4658 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4659 MGMT_STATUS_FAILED, &cp->addr,
4664 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4666 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4667 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4672 if (cp->name_known) {
4673 e->name_state = NAME_KNOWN;
4676 e->name_state = NAME_NEEDED;
4677 hci_inquiry_cache_update_resolve(hdev, e);
4680 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4681 &cp->addr, sizeof(cp->addr));
4684 hci_dev_unlock(hdev);
4688 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4691 struct mgmt_cp_block_device *cp = data;
4695 BT_DBG("%s", hdev->name);
4697 if (!bdaddr_type_is_valid(cp->addr.type))
4698 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4699 MGMT_STATUS_INVALID_PARAMS,
4700 &cp->addr, sizeof(cp->addr));
4704 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4707 status = MGMT_STATUS_FAILED;
4711 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4713 status = MGMT_STATUS_SUCCESS;
4716 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4717 &cp->addr, sizeof(cp->addr));
4719 hci_dev_unlock(hdev);
4724 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4727 struct mgmt_cp_unblock_device *cp = data;
4731 BT_DBG("%s", hdev->name);
4733 if (!bdaddr_type_is_valid(cp->addr.type))
4734 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4735 MGMT_STATUS_INVALID_PARAMS,
4736 &cp->addr, sizeof(cp->addr));
4740 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4743 status = MGMT_STATUS_INVALID_PARAMS;
4747 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4749 status = MGMT_STATUS_SUCCESS;
4752 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4753 &cp->addr, sizeof(cp->addr));
4755 hci_dev_unlock(hdev);
4760 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4763 struct mgmt_cp_set_device_id *cp = data;
4764 struct hci_request req;
4768 BT_DBG("%s", hdev->name);
4770 source = __le16_to_cpu(cp->source);
4772 if (source > 0x0002)
4773 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4774 MGMT_STATUS_INVALID_PARAMS);
4778 hdev->devid_source = source;
4779 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4780 hdev->devid_product = __le16_to_cpu(cp->product);
4781 hdev->devid_version = __le16_to_cpu(cp->version);
4783 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4786 hci_req_init(&req, hdev);
4788 hci_req_run(&req, NULL);
4790 hci_dev_unlock(hdev);
4795 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4798 BT_DBG("status %d", status);
4801 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4804 struct cmd_lookup match = { NULL, hdev };
4805 struct hci_request req;
4807 struct adv_info *adv_instance;
4813 u8 mgmt_err = mgmt_status(status);
4815 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4816 cmd_status_rsp, &mgmt_err);
4820 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4821 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4823 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4825 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4828 new_settings(hdev, match.sk);
4833 /* If "Set Advertising" was just disabled and instance advertising was
4834 * set up earlier, then re-enable multi-instance advertising.
4836 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4837 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) ||
4838 list_empty(&hdev->adv_instances))
4841 instance = hdev->cur_adv_instance;
4843 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4844 struct adv_info, list);
4848 instance = adv_instance->instance;
4851 hci_req_init(&req, hdev);
4853 err = schedule_adv_instance(&req, instance, true);
4856 err = hci_req_run(&req, enable_advertising_instance);
4859 BT_ERR("Failed to re-configure advertising");
4862 hci_dev_unlock(hdev);
4865 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4868 struct mgmt_mode *cp = data;
4869 struct mgmt_pending_cmd *cmd;
4870 struct hci_request req;
4874 BT_DBG("request for %s", hdev->name);
4876 status = mgmt_le_support(hdev);
4878 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4881 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4882 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4883 MGMT_STATUS_INVALID_PARAMS);
4889 /* The following conditions are ones which mean that we should
4890 * not do any HCI communication but directly send a mgmt
4891 * response to user space (after toggling the flag if
4894 if (!hdev_is_powered(hdev) ||
4895 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4896 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4897 hci_conn_num(hdev, LE_LINK) > 0 ||
4898 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4899 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4903 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4904 if (cp->val == 0x02)
4905 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4907 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4909 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4910 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4913 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4918 err = new_settings(hdev, sk);
4923 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4924 pending_find(MGMT_OP_SET_LE, hdev)) {
4925 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4930 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4936 hci_req_init(&req, hdev);
4938 if (cp->val == 0x02)
4939 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4941 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4943 cancel_adv_timeout(hdev);
4946 /* Switch to instance "0" for the Set Advertising setting.
4947 * We cannot use update_[adv|scan_rsp]_data() here as the
4948 * HCI_ADVERTISING flag is not yet set.
4950 update_inst_adv_data(&req, 0x00);
4951 update_inst_scan_rsp_data(&req, 0x00);
4952 enable_advertising(&req);
4954 disable_advertising(&req);
4957 err = hci_req_run(&req, set_advertising_complete);
4959 mgmt_pending_remove(cmd);
4962 hci_dev_unlock(hdev);
4966 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4967 void *data, u16 len)
4969 struct mgmt_cp_set_static_address *cp = data;
4972 BT_DBG("%s", hdev->name);
4974 if (!lmp_le_capable(hdev))
4975 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4976 MGMT_STATUS_NOT_SUPPORTED);
4978 if (hdev_is_powered(hdev))
4979 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4980 MGMT_STATUS_REJECTED);
4982 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4983 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4984 return mgmt_cmd_status(sk, hdev->id,
4985 MGMT_OP_SET_STATIC_ADDRESS,
4986 MGMT_STATUS_INVALID_PARAMS);
4988 /* Two most significant bits shall be set */
4989 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4990 return mgmt_cmd_status(sk, hdev->id,
4991 MGMT_OP_SET_STATIC_ADDRESS,
4992 MGMT_STATUS_INVALID_PARAMS);
4997 bacpy(&hdev->static_addr, &cp->bdaddr);
4999 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
5003 err = new_settings(hdev, sk);
5006 hci_dev_unlock(hdev);
5010 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
5011 void *data, u16 len)
5013 struct mgmt_cp_set_scan_params *cp = data;
5014 __u16 interval, window;
5017 BT_DBG("%s", hdev->name);
5019 if (!lmp_le_capable(hdev))
5020 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5021 MGMT_STATUS_NOT_SUPPORTED);
5023 interval = __le16_to_cpu(cp->interval);
5025 if (interval < 0x0004 || interval > 0x4000)
5026 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5027 MGMT_STATUS_INVALID_PARAMS);
5029 window = __le16_to_cpu(cp->window);
5031 if (window < 0x0004 || window > 0x4000)
5032 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5033 MGMT_STATUS_INVALID_PARAMS);
5035 if (window > interval)
5036 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5037 MGMT_STATUS_INVALID_PARAMS);
5041 hdev->le_scan_interval = interval;
5042 hdev->le_scan_window = window;
5044 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
5047 /* If background scan is running, restart it so new parameters are
5050 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
5051 hdev->discovery.state == DISCOVERY_STOPPED) {
5052 struct hci_request req;
5054 hci_req_init(&req, hdev);
5056 hci_req_add_le_scan_disable(&req);
5057 hci_req_add_le_passive_scan(&req);
5059 hci_req_run(&req, NULL);
5062 hci_dev_unlock(hdev);
5067 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
5070 struct mgmt_pending_cmd *cmd;
5072 BT_DBG("status 0x%02x", status);
5076 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5081 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5082 mgmt_status(status));
5084 struct mgmt_mode *cp = cmd->param;
5087 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
5089 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5091 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5092 new_settings(hdev, cmd->sk);
5095 mgmt_pending_remove(cmd);
5098 hci_dev_unlock(hdev);
5101 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
5102 void *data, u16 len)
5104 struct mgmt_mode *cp = data;
5105 struct mgmt_pending_cmd *cmd;
5106 struct hci_request req;
5109 BT_DBG("%s", hdev->name);
5111 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
5112 hdev->hci_ver < BLUETOOTH_VER_1_2)
5113 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5114 MGMT_STATUS_NOT_SUPPORTED);
5116 if (cp->val != 0x00 && cp->val != 0x01)
5117 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5118 MGMT_STATUS_INVALID_PARAMS);
5122 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
5123 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5128 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
5129 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5134 if (!hdev_is_powered(hdev)) {
5135 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
5136 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5138 new_settings(hdev, sk);
5142 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
5149 hci_req_init(&req, hdev);
5151 write_fast_connectable(&req, cp->val);
5153 err = hci_req_run(&req, fast_connectable_complete);
5155 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5156 MGMT_STATUS_FAILED);
5157 mgmt_pending_remove(cmd);
5161 hci_dev_unlock(hdev);
5166 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5168 struct mgmt_pending_cmd *cmd;
5170 BT_DBG("status 0x%02x", status);
5174 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
5179 u8 mgmt_err = mgmt_status(status);
5181 /* We need to restore the flag if related HCI commands
5184 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
5186 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
5188 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5189 new_settings(hdev, cmd->sk);
5192 mgmt_pending_remove(cmd);
5195 hci_dev_unlock(hdev);
5198 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5200 struct mgmt_mode *cp = data;
5201 struct mgmt_pending_cmd *cmd;
5202 struct hci_request req;
5205 BT_DBG("request for %s", hdev->name);
5207 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
5208 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5209 MGMT_STATUS_NOT_SUPPORTED);
5211 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5212 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5213 MGMT_STATUS_REJECTED);
5215 if (cp->val != 0x00 && cp->val != 0x01)
5216 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5217 MGMT_STATUS_INVALID_PARAMS);
5221 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5222 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5226 if (!hdev_is_powered(hdev)) {
5228 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
5229 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
5230 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
5231 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5232 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
5235 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
5237 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5241 err = new_settings(hdev, sk);
5245 /* Reject disabling when powered on */
5247 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5248 MGMT_STATUS_REJECTED);
5251 /* When configuring a dual-mode controller to operate
5252 * with LE only and using a static address, then switching
5253 * BR/EDR back on is not allowed.
5255 * Dual-mode controllers shall operate with the public
5256 * address as its identity address for BR/EDR and LE. So
5257 * reject the attempt to create an invalid configuration.
5259 * The same restrictions applies when secure connections
5260 * has been enabled. For BR/EDR this is a controller feature
5261 * while for LE it is a host stack feature. This means that
5262 * switching BR/EDR back on when secure connections has been
5263 * enabled is not a supported transaction.
5265 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5266 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5267 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
5268 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5269 MGMT_STATUS_REJECTED);
5274 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
5275 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5280 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5286 /* We need to flip the bit already here so that update_adv_data
5287 * generates the correct flags.
5289 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
5291 hci_req_init(&req, hdev);
5293 write_fast_connectable(&req, false);
5294 __hci_update_page_scan(&req);
5296 /* Since only the advertising data flags will change, there
5297 * is no need to update the scan response data.
5299 update_adv_data(&req);
5301 err = hci_req_run(&req, set_bredr_complete);
5303 mgmt_pending_remove(cmd);
5306 hci_dev_unlock(hdev);
5310 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5312 struct mgmt_pending_cmd *cmd;
5313 struct mgmt_mode *cp;
5315 BT_DBG("%s status %u", hdev->name, status);
5319 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5324 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5325 mgmt_status(status));
5333 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5334 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5337 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5338 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5341 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5342 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5346 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5347 new_settings(hdev, cmd->sk);
5350 mgmt_pending_remove(cmd);
5352 hci_dev_unlock(hdev);
5355 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5356 void *data, u16 len)
5358 struct mgmt_mode *cp = data;
5359 struct mgmt_pending_cmd *cmd;
5360 struct hci_request req;
5364 BT_DBG("request for %s", hdev->name);
5366 if (!lmp_sc_capable(hdev) &&
5367 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5368 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5369 MGMT_STATUS_NOT_SUPPORTED);
5371 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5372 lmp_sc_capable(hdev) &&
5373 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
5374 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5375 MGMT_STATUS_REJECTED);
5377 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5378 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5379 MGMT_STATUS_INVALID_PARAMS);
5383 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5384 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5388 changed = !hci_dev_test_and_set_flag(hdev,
5390 if (cp->val == 0x02)
5391 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5393 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5395 changed = hci_dev_test_and_clear_flag(hdev,
5397 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5400 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5405 err = new_settings(hdev, sk);
5410 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5411 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5418 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5419 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5420 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5424 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5430 hci_req_init(&req, hdev);
5431 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5432 err = hci_req_run(&req, sc_enable_complete);
5434 mgmt_pending_remove(cmd);
5439 hci_dev_unlock(hdev);
5443 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5444 void *data, u16 len)
5446 struct mgmt_mode *cp = data;
5447 bool changed, use_changed;
5450 BT_DBG("request for %s", hdev->name);
5452 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5453 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5454 MGMT_STATUS_INVALID_PARAMS);
5459 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5461 changed = hci_dev_test_and_clear_flag(hdev,
5462 HCI_KEEP_DEBUG_KEYS);
5464 if (cp->val == 0x02)
5465 use_changed = !hci_dev_test_and_set_flag(hdev,
5466 HCI_USE_DEBUG_KEYS);
5468 use_changed = hci_dev_test_and_clear_flag(hdev,
5469 HCI_USE_DEBUG_KEYS);
5471 if (hdev_is_powered(hdev) && use_changed &&
5472 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5473 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5474 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5475 sizeof(mode), &mode);
5478 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5483 err = new_settings(hdev, sk);
5486 hci_dev_unlock(hdev);
5490 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5493 struct mgmt_cp_set_privacy *cp = cp_data;
5497 BT_DBG("request for %s", hdev->name);
5499 if (!lmp_le_capable(hdev))
5500 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5501 MGMT_STATUS_NOT_SUPPORTED);
5503 if (cp->privacy != 0x00 && cp->privacy != 0x01)
5504 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5505 MGMT_STATUS_INVALID_PARAMS);
5507 if (hdev_is_powered(hdev))
5508 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5509 MGMT_STATUS_REJECTED);
5513 /* If user space supports this command it is also expected to
5514 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5516 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5519 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
5520 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5521 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5523 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
5524 memset(hdev->irk, 0, sizeof(hdev->irk));
5525 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
5528 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5533 err = new_settings(hdev, sk);
5536 hci_dev_unlock(hdev);
5540 static bool irk_is_valid(struct mgmt_irk_info *irk)
5542 switch (irk->addr.type) {
5543 case BDADDR_LE_PUBLIC:
5546 case BDADDR_LE_RANDOM:
5547 /* Two most significant bits shall be set */
5548 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5556 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5559 struct mgmt_cp_load_irks *cp = cp_data;
5560 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5561 sizeof(struct mgmt_irk_info));
5562 u16 irk_count, expected_len;
5565 BT_DBG("request for %s", hdev->name);
5567 if (!lmp_le_capable(hdev))
5568 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5569 MGMT_STATUS_NOT_SUPPORTED);
5571 irk_count = __le16_to_cpu(cp->irk_count);
5572 if (irk_count > max_irk_count) {
5573 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5574 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5575 MGMT_STATUS_INVALID_PARAMS);
5578 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5579 if (expected_len != len) {
5580 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5582 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5583 MGMT_STATUS_INVALID_PARAMS);
5586 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5588 for (i = 0; i < irk_count; i++) {
5589 struct mgmt_irk_info *key = &cp->irks[i];
5591 if (!irk_is_valid(key))
5592 return mgmt_cmd_status(sk, hdev->id,
5594 MGMT_STATUS_INVALID_PARAMS);
5599 hci_smp_irks_clear(hdev);
5601 for (i = 0; i < irk_count; i++) {
5602 struct mgmt_irk_info *irk = &cp->irks[i];
5605 if (irk->addr.type == BDADDR_LE_PUBLIC)
5606 addr_type = ADDR_LE_DEV_PUBLIC;
5608 addr_type = ADDR_LE_DEV_RANDOM;
5610 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5614 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5616 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5618 hci_dev_unlock(hdev);
5623 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5625 if (key->master != 0x00 && key->master != 0x01)
5628 switch (key->addr.type) {
5629 case BDADDR_LE_PUBLIC:
5632 case BDADDR_LE_RANDOM:
5633 /* Two most significant bits shall be set */
5634 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5642 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5643 void *cp_data, u16 len)
5645 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5646 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5647 sizeof(struct mgmt_ltk_info));
5648 u16 key_count, expected_len;
5651 BT_DBG("request for %s", hdev->name);
5653 if (!lmp_le_capable(hdev))
5654 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5655 MGMT_STATUS_NOT_SUPPORTED);
5657 key_count = __le16_to_cpu(cp->key_count);
5658 if (key_count > max_key_count) {
5659 BT_ERR("load_ltks: too big key_count value %u", key_count);
5660 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5661 MGMT_STATUS_INVALID_PARAMS);
5664 expected_len = sizeof(*cp) + key_count *
5665 sizeof(struct mgmt_ltk_info);
5666 if (expected_len != len) {
5667 BT_ERR("load_keys: expected %u bytes, got %u bytes",
5669 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5670 MGMT_STATUS_INVALID_PARAMS);
5673 BT_DBG("%s key_count %u", hdev->name, key_count);
5675 for (i = 0; i < key_count; i++) {
5676 struct mgmt_ltk_info *key = &cp->keys[i];
5678 if (!ltk_is_valid(key))
5679 return mgmt_cmd_status(sk, hdev->id,
5680 MGMT_OP_LOAD_LONG_TERM_KEYS,
5681 MGMT_STATUS_INVALID_PARAMS);
5686 hci_smp_ltks_clear(hdev);
5688 for (i = 0; i < key_count; i++) {
5689 struct mgmt_ltk_info *key = &cp->keys[i];
5690 u8 type, addr_type, authenticated;
5692 if (key->addr.type == BDADDR_LE_PUBLIC)
5693 addr_type = ADDR_LE_DEV_PUBLIC;
5695 addr_type = ADDR_LE_DEV_RANDOM;
5697 switch (key->type) {
5698 case MGMT_LTK_UNAUTHENTICATED:
5699 authenticated = 0x00;
5700 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5702 case MGMT_LTK_AUTHENTICATED:
5703 authenticated = 0x01;
5704 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5706 case MGMT_LTK_P256_UNAUTH:
5707 authenticated = 0x00;
5708 type = SMP_LTK_P256;
5710 case MGMT_LTK_P256_AUTH:
5711 authenticated = 0x01;
5712 type = SMP_LTK_P256;
5714 case MGMT_LTK_P256_DEBUG:
5715 authenticated = 0x00;
5716 type = SMP_LTK_P256_DEBUG;
5721 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
5722 authenticated, key->val, key->enc_size, key->ediv,
5726 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5729 hci_dev_unlock(hdev);
5734 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5736 struct hci_conn *conn = cmd->user_data;
5737 struct mgmt_rp_get_conn_info rp;
5740 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5742 if (status == MGMT_STATUS_SUCCESS) {
5743 rp.rssi = conn->rssi;
5744 rp.tx_power = conn->tx_power;
5745 rp.max_tx_power = conn->max_tx_power;
5747 rp.rssi = HCI_RSSI_INVALID;
5748 rp.tx_power = HCI_TX_POWER_INVALID;
5749 rp.max_tx_power = HCI_TX_POWER_INVALID;
5752 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5753 status, &rp, sizeof(rp));
5755 hci_conn_drop(conn);
5761 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5764 struct hci_cp_read_rssi *cp;
5765 struct mgmt_pending_cmd *cmd;
5766 struct hci_conn *conn;
5770 BT_DBG("status 0x%02x", hci_status);
5774 /* Commands sent in request are either Read RSSI or Read Transmit Power
5775 * Level so we check which one was last sent to retrieve connection
5776 * handle. Both commands have handle as first parameter so it's safe to
5777 * cast data on the same command struct.
5779 * First command sent is always Read RSSI and we fail only if it fails.
5780 * In other case we simply override error to indicate success as we
5781 * already remembered if TX power value is actually valid.
5783 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5785 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5786 status = MGMT_STATUS_SUCCESS;
5788 status = mgmt_status(hci_status);
5792 BT_ERR("invalid sent_cmd in conn_info response");
5796 handle = __le16_to_cpu(cp->handle);
5797 conn = hci_conn_hash_lookup_handle(hdev, handle);
5799 BT_ERR("unknown handle (%d) in conn_info response", handle);
5803 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5807 cmd->cmd_complete(cmd, status);
5808 mgmt_pending_remove(cmd);
5811 hci_dev_unlock(hdev);
5814 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5817 struct mgmt_cp_get_conn_info *cp = data;
5818 struct mgmt_rp_get_conn_info rp;
5819 struct hci_conn *conn;
5820 unsigned long conn_info_age;
5823 BT_DBG("%s", hdev->name);
5825 memset(&rp, 0, sizeof(rp));
5826 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5827 rp.addr.type = cp->addr.type;
5829 if (!bdaddr_type_is_valid(cp->addr.type))
5830 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5831 MGMT_STATUS_INVALID_PARAMS,
5836 if (!hdev_is_powered(hdev)) {
5837 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5838 MGMT_STATUS_NOT_POWERED, &rp,
5843 if (cp->addr.type == BDADDR_BREDR)
5844 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5847 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5849 if (!conn || conn->state != BT_CONNECTED) {
5850 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5851 MGMT_STATUS_NOT_CONNECTED, &rp,
5856 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5857 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5858 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5862 /* To avoid client trying to guess when to poll again for information we
5863 * calculate conn info age as random value between min/max set in hdev.
5865 conn_info_age = hdev->conn_info_min_age +
5866 prandom_u32_max(hdev->conn_info_max_age -
5867 hdev->conn_info_min_age);
5869 /* Query controller to refresh cached values if they are too old or were
5872 if (time_after(jiffies, conn->conn_info_timestamp +
5873 msecs_to_jiffies(conn_info_age)) ||
5874 !conn->conn_info_timestamp) {
5875 struct hci_request req;
5876 struct hci_cp_read_tx_power req_txp_cp;
5877 struct hci_cp_read_rssi req_rssi_cp;
5878 struct mgmt_pending_cmd *cmd;
5880 hci_req_init(&req, hdev);
5881 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5882 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5885 /* For LE links TX power does not change thus we don't need to
5886 * query for it once value is known.
5888 if (!bdaddr_type_is_le(cp->addr.type) ||
5889 conn->tx_power == HCI_TX_POWER_INVALID) {
5890 req_txp_cp.handle = cpu_to_le16(conn->handle);
5891 req_txp_cp.type = 0x00;
5892 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5893 sizeof(req_txp_cp), &req_txp_cp);
5896 /* Max TX power needs to be read only once per connection */
5897 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5898 req_txp_cp.handle = cpu_to_le16(conn->handle);
5899 req_txp_cp.type = 0x01;
5900 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5901 sizeof(req_txp_cp), &req_txp_cp);
5904 err = hci_req_run(&req, conn_info_refresh_complete);
5908 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5915 hci_conn_hold(conn);
5916 cmd->user_data = hci_conn_get(conn);
5917 cmd->cmd_complete = conn_info_cmd_complete;
5919 conn->conn_info_timestamp = jiffies;
5921 /* Cache is valid, just reply with values cached in hci_conn */
5922 rp.rssi = conn->rssi;
5923 rp.tx_power = conn->tx_power;
5924 rp.max_tx_power = conn->max_tx_power;
5926 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5927 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5931 hci_dev_unlock(hdev);
5935 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5937 struct hci_conn *conn = cmd->user_data;
5938 struct mgmt_rp_get_clock_info rp;
5939 struct hci_dev *hdev;
5942 memset(&rp, 0, sizeof(rp));
5943 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5948 hdev = hci_dev_get(cmd->index);
5950 rp.local_clock = cpu_to_le32(hdev->clock);
5955 rp.piconet_clock = cpu_to_le32(conn->clock);
5956 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5960 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5964 hci_conn_drop(conn);
5971 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5973 struct hci_cp_read_clock *hci_cp;
5974 struct mgmt_pending_cmd *cmd;
5975 struct hci_conn *conn;
5977 BT_DBG("%s status %u", hdev->name, status);
5981 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5985 if (hci_cp->which) {
5986 u16 handle = __le16_to_cpu(hci_cp->handle);
5987 conn = hci_conn_hash_lookup_handle(hdev, handle);
5992 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5996 cmd->cmd_complete(cmd, mgmt_status(status));
5997 mgmt_pending_remove(cmd);
6000 hci_dev_unlock(hdev);
6003 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
6006 struct mgmt_cp_get_clock_info *cp = data;
6007 struct mgmt_rp_get_clock_info rp;
6008 struct hci_cp_read_clock hci_cp;
6009 struct mgmt_pending_cmd *cmd;
6010 struct hci_request req;
6011 struct hci_conn *conn;
6014 BT_DBG("%s", hdev->name);
6016 memset(&rp, 0, sizeof(rp));
6017 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6018 rp.addr.type = cp->addr.type;
6020 if (cp->addr.type != BDADDR_BREDR)
6021 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6022 MGMT_STATUS_INVALID_PARAMS,
6027 if (!hdev_is_powered(hdev)) {
6028 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6029 MGMT_STATUS_NOT_POWERED, &rp,
6034 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6035 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6037 if (!conn || conn->state != BT_CONNECTED) {
6038 err = mgmt_cmd_complete(sk, hdev->id,
6039 MGMT_OP_GET_CLOCK_INFO,
6040 MGMT_STATUS_NOT_CONNECTED,
6048 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
6054 cmd->cmd_complete = clock_info_cmd_complete;
6056 hci_req_init(&req, hdev);
6058 memset(&hci_cp, 0, sizeof(hci_cp));
6059 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6062 hci_conn_hold(conn);
6063 cmd->user_data = hci_conn_get(conn);
6065 hci_cp.handle = cpu_to_le16(conn->handle);
6066 hci_cp.which = 0x01; /* Piconet clock */
6067 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6070 err = hci_req_run(&req, get_clock_info_complete);
6072 mgmt_pending_remove(cmd);
6075 hci_dev_unlock(hdev);
6079 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
6081 struct hci_conn *conn;
6083 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
6087 if (conn->dst_type != type)
6090 if (conn->state != BT_CONNECTED)
6096 /* This function requires the caller holds hdev->lock */
6097 static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
6098 u8 addr_type, u8 auto_connect)
6100 struct hci_dev *hdev = req->hdev;
6101 struct hci_conn_params *params;
6103 params = hci_conn_params_add(hdev, addr, addr_type);
6107 if (params->auto_connect == auto_connect)
6110 list_del_init(¶ms->action);
6112 switch (auto_connect) {
6113 case HCI_AUTO_CONN_DISABLED:
6114 case HCI_AUTO_CONN_LINK_LOSS:
6115 /* If auto connect is being disabled when we're trying to
6116 * connect to device, keep connecting.
6118 if (params->explicit_connect)
6119 list_add(¶ms->action, &hdev->pend_le_conns);
6121 __hci_update_background_scan(req);
6123 case HCI_AUTO_CONN_REPORT:
6124 if (params->explicit_connect)
6125 list_add(¶ms->action, &hdev->pend_le_conns);
6127 list_add(¶ms->action, &hdev->pend_le_reports);
6128 __hci_update_background_scan(req);
6130 case HCI_AUTO_CONN_DIRECT:
6131 case HCI_AUTO_CONN_ALWAYS:
6132 if (!is_connected(hdev, addr, addr_type)) {
6133 list_add(¶ms->action, &hdev->pend_le_conns);
6134 /* If we are in scan phase of connecting, we were
6135 * already added to pend_le_conns and scanning.
6137 if (params->auto_connect != HCI_AUTO_CONN_EXPLICIT)
6138 __hci_update_background_scan(req);
6143 params->auto_connect = auto_connect;
6145 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
6151 static void device_added(struct sock *sk, struct hci_dev *hdev,
6152 bdaddr_t *bdaddr, u8 type, u8 action)
6154 struct mgmt_ev_device_added ev;
6156 bacpy(&ev.addr.bdaddr, bdaddr);
6157 ev.addr.type = type;
6160 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
6163 static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6165 struct mgmt_pending_cmd *cmd;
6167 BT_DBG("status 0x%02x", status);
6171 cmd = pending_find(MGMT_OP_ADD_DEVICE, hdev);
6175 cmd->cmd_complete(cmd, mgmt_status(status));
6176 mgmt_pending_remove(cmd);
6179 hci_dev_unlock(hdev);
6182 static int add_device(struct sock *sk, struct hci_dev *hdev,
6183 void *data, u16 len)
6185 struct mgmt_cp_add_device *cp = data;
6186 struct mgmt_pending_cmd *cmd;
6187 struct hci_request req;
6188 u8 auto_conn, addr_type;
6191 BT_DBG("%s", hdev->name);
6193 if (!bdaddr_type_is_valid(cp->addr.type) ||
6194 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
6195 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6196 MGMT_STATUS_INVALID_PARAMS,
6197 &cp->addr, sizeof(cp->addr));
6199 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
6200 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6201 MGMT_STATUS_INVALID_PARAMS,
6202 &cp->addr, sizeof(cp->addr));
6204 hci_req_init(&req, hdev);
6208 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
6214 cmd->cmd_complete = addr_cmd_complete;
6216 if (cp->addr.type == BDADDR_BREDR) {
6217 /* Only incoming connections action is supported for now */
6218 if (cp->action != 0x01) {
6219 err = cmd->cmd_complete(cmd,
6220 MGMT_STATUS_INVALID_PARAMS);
6221 mgmt_pending_remove(cmd);
6225 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
6230 __hci_update_page_scan(&req);
6235 if (cp->addr.type == BDADDR_LE_PUBLIC)
6236 addr_type = ADDR_LE_DEV_PUBLIC;
6238 addr_type = ADDR_LE_DEV_RANDOM;
6240 if (cp->action == 0x02)
6241 auto_conn = HCI_AUTO_CONN_ALWAYS;
6242 else if (cp->action == 0x01)
6243 auto_conn = HCI_AUTO_CONN_DIRECT;
6245 auto_conn = HCI_AUTO_CONN_REPORT;
6247 /* Kernel internally uses conn_params with resolvable private
6248 * address, but Add Device allows only identity addresses.
6249 * Make sure it is enforced before calling
6250 * hci_conn_params_lookup.
6252 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
6253 err = cmd->cmd_complete(cmd, MGMT_STATUS_INVALID_PARAMS);
6254 mgmt_pending_remove(cmd);
6258 /* If the connection parameters don't exist for this device,
6259 * they will be created and configured with defaults.
6261 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
6263 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
6264 mgmt_pending_remove(cmd);
6269 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
6271 err = hci_req_run(&req, add_device_complete);
6273 /* ENODATA means no HCI commands were needed (e.g. if
6274 * the adapter is powered off).
6276 if (err == -ENODATA)
6277 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6278 mgmt_pending_remove(cmd);
6282 hci_dev_unlock(hdev);
6286 static void device_removed(struct sock *sk, struct hci_dev *hdev,
6287 bdaddr_t *bdaddr, u8 type)
6289 struct mgmt_ev_device_removed ev;
6291 bacpy(&ev.addr.bdaddr, bdaddr);
6292 ev.addr.type = type;
6294 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6297 static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6299 struct mgmt_pending_cmd *cmd;
6301 BT_DBG("status 0x%02x", status);
6305 cmd = pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
6309 cmd->cmd_complete(cmd, mgmt_status(status));
6310 mgmt_pending_remove(cmd);
6313 hci_dev_unlock(hdev);
6316 static int remove_device(struct sock *sk, struct hci_dev *hdev,
6317 void *data, u16 len)
6319 struct mgmt_cp_remove_device *cp = data;
6320 struct mgmt_pending_cmd *cmd;
6321 struct hci_request req;
6324 BT_DBG("%s", hdev->name);
6326 hci_req_init(&req, hdev);
6330 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
6336 cmd->cmd_complete = addr_cmd_complete;
6338 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6339 struct hci_conn_params *params;
6342 if (!bdaddr_type_is_valid(cp->addr.type)) {
6343 err = cmd->cmd_complete(cmd,
6344 MGMT_STATUS_INVALID_PARAMS);
6345 mgmt_pending_remove(cmd);
6349 if (cp->addr.type == BDADDR_BREDR) {
6350 err = hci_bdaddr_list_del(&hdev->whitelist,
6354 err = cmd->cmd_complete(cmd,
6355 MGMT_STATUS_INVALID_PARAMS);
6356 mgmt_pending_remove(cmd);
6360 __hci_update_page_scan(&req);
6362 device_removed(sk, hdev, &cp->addr.bdaddr,
6367 if (cp->addr.type == BDADDR_LE_PUBLIC)
6368 addr_type = ADDR_LE_DEV_PUBLIC;
6370 addr_type = ADDR_LE_DEV_RANDOM;
6372 /* Kernel internally uses conn_params with resolvable private
6373 * address, but Remove Device allows only identity addresses.
6374 * Make sure it is enforced before calling
6375 * hci_conn_params_lookup.
6377 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
6378 err = cmd->cmd_complete(cmd,
6379 MGMT_STATUS_INVALID_PARAMS);
6380 mgmt_pending_remove(cmd);
6384 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6387 err = cmd->cmd_complete(cmd,
6388 MGMT_STATUS_INVALID_PARAMS);
6389 mgmt_pending_remove(cmd);
6393 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
6394 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
6395 err = cmd->cmd_complete(cmd,
6396 MGMT_STATUS_INVALID_PARAMS);
6397 mgmt_pending_remove(cmd);
6401 list_del(¶ms->action);
6402 list_del(¶ms->list);
6404 __hci_update_background_scan(&req);
6406 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
6408 struct hci_conn_params *p, *tmp;
6409 struct bdaddr_list *b, *btmp;
6411 if (cp->addr.type) {
6412 err = cmd->cmd_complete(cmd,
6413 MGMT_STATUS_INVALID_PARAMS);
6414 mgmt_pending_remove(cmd);
6418 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6419 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6424 __hci_update_page_scan(&req);
6426 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6427 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6429 device_removed(sk, hdev, &p->addr, p->addr_type);
6430 if (p->explicit_connect) {
6431 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
6434 list_del(&p->action);
6439 BT_DBG("All LE connection parameters were removed");
6441 __hci_update_background_scan(&req);
6445 err = hci_req_run(&req, remove_device_complete);
6447 /* ENODATA means no HCI commands were needed (e.g. if
6448 * the adapter is powered off).
6450 if (err == -ENODATA)
6451 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6452 mgmt_pending_remove(cmd);
6456 hci_dev_unlock(hdev);
6460 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6463 struct mgmt_cp_load_conn_param *cp = data;
6464 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6465 sizeof(struct mgmt_conn_param));
6466 u16 param_count, expected_len;
6469 if (!lmp_le_capable(hdev))
6470 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6471 MGMT_STATUS_NOT_SUPPORTED);
6473 param_count = __le16_to_cpu(cp->param_count);
6474 if (param_count > max_param_count) {
6475 BT_ERR("load_conn_param: too big param_count value %u",
6477 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6478 MGMT_STATUS_INVALID_PARAMS);
6481 expected_len = sizeof(*cp) + param_count *
6482 sizeof(struct mgmt_conn_param);
6483 if (expected_len != len) {
6484 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6486 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6487 MGMT_STATUS_INVALID_PARAMS);
6490 BT_DBG("%s param_count %u", hdev->name, param_count);
6494 hci_conn_params_clear_disabled(hdev);
6496 for (i = 0; i < param_count; i++) {
6497 struct mgmt_conn_param *param = &cp->params[i];
6498 struct hci_conn_params *hci_param;
6499 u16 min, max, latency, timeout;
6502 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
6505 if (param->addr.type == BDADDR_LE_PUBLIC) {
6506 addr_type = ADDR_LE_DEV_PUBLIC;
6507 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6508 addr_type = ADDR_LE_DEV_RANDOM;
6510 BT_ERR("Ignoring invalid connection parameters");
6514 min = le16_to_cpu(param->min_interval);
6515 max = le16_to_cpu(param->max_interval);
6516 latency = le16_to_cpu(param->latency);
6517 timeout = le16_to_cpu(param->timeout);
6519 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6520 min, max, latency, timeout);
6522 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6523 BT_ERR("Ignoring invalid connection parameters");
6527 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
6530 BT_ERR("Failed to add connection parameters");
6534 hci_param->conn_min_interval = min;
6535 hci_param->conn_max_interval = max;
6536 hci_param->conn_latency = latency;
6537 hci_param->supervision_timeout = timeout;
6540 hci_dev_unlock(hdev);
6542 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6546 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6547 void *data, u16 len)
6549 struct mgmt_cp_set_external_config *cp = data;
6553 BT_DBG("%s", hdev->name);
6555 if (hdev_is_powered(hdev))
6556 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6557 MGMT_STATUS_REJECTED);
6559 if (cp->config != 0x00 && cp->config != 0x01)
6560 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6561 MGMT_STATUS_INVALID_PARAMS);
6563 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6565 MGMT_STATUS_NOT_SUPPORTED);
6570 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6572 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6574 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6581 err = new_options(hdev, sk);
6583 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6584 mgmt_index_removed(hdev);
6586 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6587 hci_dev_set_flag(hdev, HCI_CONFIG);
6588 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6590 queue_work(hdev->req_workqueue, &hdev->power_on);
6592 set_bit(HCI_RAW, &hdev->flags);
6593 mgmt_index_added(hdev);
6598 hci_dev_unlock(hdev);
6602 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6603 void *data, u16 len)
6605 struct mgmt_cp_set_public_address *cp = data;
6609 BT_DBG("%s", hdev->name);
6611 if (hdev_is_powered(hdev))
6612 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6613 MGMT_STATUS_REJECTED);
6615 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6616 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6617 MGMT_STATUS_INVALID_PARAMS);
6619 if (!hdev->set_bdaddr)
6620 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6621 MGMT_STATUS_NOT_SUPPORTED);
6625 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6626 bacpy(&hdev->public_addr, &cp->bdaddr);
6628 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6635 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6636 err = new_options(hdev, sk);
6638 if (is_configured(hdev)) {
6639 mgmt_index_removed(hdev);
6641 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6643 hci_dev_set_flag(hdev, HCI_CONFIG);
6644 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6646 queue_work(hdev->req_workqueue, &hdev->power_on);
6650 hci_dev_unlock(hdev);
6654 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6657 eir[eir_len++] = sizeof(type) + data_len;
6658 eir[eir_len++] = type;
6659 memcpy(&eir[eir_len], data, data_len);
6660 eir_len += data_len;
6665 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6666 u16 opcode, struct sk_buff *skb)
6668 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6669 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6670 u8 *h192, *r192, *h256, *r256;
6671 struct mgmt_pending_cmd *cmd;
6675 BT_DBG("%s status %u", hdev->name, status);
6677 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6681 mgmt_cp = cmd->param;
6684 status = mgmt_status(status);
6691 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6692 struct hci_rp_read_local_oob_data *rp;
6694 if (skb->len != sizeof(*rp)) {
6695 status = MGMT_STATUS_FAILED;
6698 status = MGMT_STATUS_SUCCESS;
6699 rp = (void *)skb->data;
6701 eir_len = 5 + 18 + 18;
6708 struct hci_rp_read_local_oob_ext_data *rp;
6710 if (skb->len != sizeof(*rp)) {
6711 status = MGMT_STATUS_FAILED;
6714 status = MGMT_STATUS_SUCCESS;
6715 rp = (void *)skb->data;
6717 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6718 eir_len = 5 + 18 + 18;
6722 eir_len = 5 + 18 + 18 + 18 + 18;
6732 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6739 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6740 hdev->dev_class, 3);
6743 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6744 EIR_SSP_HASH_C192, h192, 16);
6745 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6746 EIR_SSP_RAND_R192, r192, 16);
6750 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6751 EIR_SSP_HASH_C256, h256, 16);
6752 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6753 EIR_SSP_RAND_R256, r256, 16);
6757 mgmt_rp->type = mgmt_cp->type;
6758 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6760 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6761 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6762 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6763 if (err < 0 || status)
6766 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6768 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6769 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6770 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6773 mgmt_pending_remove(cmd);
6776 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6777 struct mgmt_cp_read_local_oob_ext_data *cp)
6779 struct mgmt_pending_cmd *cmd;
6780 struct hci_request req;
6783 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6788 hci_req_init(&req, hdev);
6790 if (bredr_sc_enabled(hdev))
6791 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6793 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6795 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6797 mgmt_pending_remove(cmd);
6804 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6805 void *data, u16 data_len)
6807 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6808 struct mgmt_rp_read_local_oob_ext_data *rp;
6811 u8 status, flags, role, addr[7], hash[16], rand[16];
6814 BT_DBG("%s", hdev->name);
6816 if (hdev_is_powered(hdev)) {
6818 case BIT(BDADDR_BREDR):
6819 status = mgmt_bredr_support(hdev);
6825 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6826 status = mgmt_le_support(hdev);
6830 eir_len = 9 + 3 + 18 + 18 + 3;
6833 status = MGMT_STATUS_INVALID_PARAMS;
6838 status = MGMT_STATUS_NOT_POWERED;
6842 rp_len = sizeof(*rp) + eir_len;
6843 rp = kmalloc(rp_len, GFP_ATOMIC);
6854 case BIT(BDADDR_BREDR):
6855 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6856 err = read_local_ssp_oob_req(hdev, sk, cp);
6857 hci_dev_unlock(hdev);
6861 status = MGMT_STATUS_FAILED;
6864 eir_len = eir_append_data(rp->eir, eir_len,
6866 hdev->dev_class, 3);
6869 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6870 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6871 smp_generate_oob(hdev, hash, rand) < 0) {
6872 hci_dev_unlock(hdev);
6873 status = MGMT_STATUS_FAILED;
6877 /* This should return the active RPA, but since the RPA
6878 * is only programmed on demand, it is really hard to fill
6879 * this in at the moment. For now disallow retrieving
6880 * local out-of-band data when privacy is in use.
6882 * Returning the identity address will not help here since
6883 * pairing happens before the identity resolving key is
6884 * known and thus the connection establishment happens
6885 * based on the RPA and not the identity address.
6887 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6888 hci_dev_unlock(hdev);
6889 status = MGMT_STATUS_REJECTED;
6893 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6894 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6895 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6896 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6897 memcpy(addr, &hdev->static_addr, 6);
6900 memcpy(addr, &hdev->bdaddr, 6);
6904 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6905 addr, sizeof(addr));
6907 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6912 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6913 &role, sizeof(role));
6915 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6916 eir_len = eir_append_data(rp->eir, eir_len,
6918 hash, sizeof(hash));
6920 eir_len = eir_append_data(rp->eir, eir_len,
6922 rand, sizeof(rand));
6925 flags = get_adv_discov_flags(hdev);
6927 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6928 flags |= LE_AD_NO_BREDR;
6930 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6931 &flags, sizeof(flags));
6935 hci_dev_unlock(hdev);
6937 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6939 status = MGMT_STATUS_SUCCESS;
6942 rp->type = cp->type;
6943 rp->eir_len = cpu_to_le16(eir_len);
6945 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6946 status, rp, sizeof(*rp) + eir_len);
6947 if (err < 0 || status)
6950 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6951 rp, sizeof(*rp) + eir_len,
6952 HCI_MGMT_OOB_DATA_EVENTS, sk);
6960 static u32 get_supported_adv_flags(struct hci_dev *hdev)
6964 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6965 flags |= MGMT_ADV_FLAG_DISCOV;
6966 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6967 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6969 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
6970 flags |= MGMT_ADV_FLAG_TX_POWER;
6975 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6976 void *data, u16 data_len)
6978 struct mgmt_rp_read_adv_features *rp;
6982 struct adv_info *adv_instance;
6983 u32 supported_flags;
6985 BT_DBG("%s", hdev->name);
6987 if (!lmp_le_capable(hdev))
6988 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6989 MGMT_STATUS_REJECTED);
6993 rp_len = sizeof(*rp);
6995 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6997 rp_len += hdev->adv_instance_cnt;
6999 rp = kmalloc(rp_len, GFP_ATOMIC);
7001 hci_dev_unlock(hdev);
7005 supported_flags = get_supported_adv_flags(hdev);
7007 rp->supported_flags = cpu_to_le32(supported_flags);
7008 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
7009 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
7010 rp->max_instances = HCI_MAX_ADV_INSTANCES;
7014 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
7015 if (i >= hdev->adv_instance_cnt)
7018 rp->instance[i] = adv_instance->instance;
7021 rp->num_instances = hdev->adv_instance_cnt;
7023 rp->num_instances = 0;
7026 hci_dev_unlock(hdev);
7028 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7029 MGMT_STATUS_SUCCESS, rp, rp_len);
7036 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
7037 u8 len, bool is_adv_data)
7039 u8 max_len = HCI_MAX_AD_LENGTH;
7041 bool flags_managed = false;
7042 bool tx_power_managed = false;
7043 u32 flags_params = MGMT_ADV_FLAG_DISCOV | MGMT_ADV_FLAG_LIMITED_DISCOV |
7044 MGMT_ADV_FLAG_MANAGED_FLAGS;
7046 if (is_adv_data && (adv_flags & flags_params)) {
7047 flags_managed = true;
7051 if (is_adv_data && (adv_flags & MGMT_ADV_FLAG_TX_POWER)) {
7052 tx_power_managed = true;
7059 /* Make sure that the data is correctly formatted. */
7060 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
7063 if (flags_managed && data[i + 1] == EIR_FLAGS)
7066 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
7069 /* If the current field length would exceed the total data
7070 * length, then it's invalid.
7072 if (i + cur_len >= len)
7079 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
7082 struct mgmt_pending_cmd *cmd;
7083 struct mgmt_cp_add_advertising *cp;
7084 struct mgmt_rp_add_advertising rp;
7085 struct adv_info *adv_instance, *n;
7088 BT_DBG("status %d", status);
7092 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
7095 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
7097 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
7098 if (!adv_instance->pending)
7102 adv_instance->pending = false;
7106 instance = adv_instance->instance;
7108 if (hdev->cur_adv_instance == instance)
7109 cancel_adv_timeout(hdev);
7111 hci_remove_adv_instance(hdev, instance);
7112 advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
7119 rp.instance = cp->instance;
7122 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
7123 mgmt_status(status));
7125 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
7126 mgmt_status(status), &rp, sizeof(rp));
7128 mgmt_pending_remove(cmd);
7131 hci_dev_unlock(hdev);
7134 void mgmt_adv_timeout_expired(struct hci_dev *hdev)
7137 struct hci_request req;
7139 hdev->adv_instance_timeout = 0;
7141 instance = get_current_adv_instance(hdev);
7142 if (instance == 0x00)
7146 hci_req_init(&req, hdev);
7148 clear_adv_instance(hdev, &req, instance, false);
7150 if (list_empty(&hdev->adv_instances))
7151 disable_advertising(&req);
7153 if (!skb_queue_empty(&req.cmd_q))
7154 hci_req_run(&req, NULL);
7156 hci_dev_unlock(hdev);
7159 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
7160 void *data, u16 data_len)
7162 struct mgmt_cp_add_advertising *cp = data;
7163 struct mgmt_rp_add_advertising rp;
7165 u32 supported_flags;
7167 u16 timeout, duration;
7168 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
7169 u8 schedule_instance = 0;
7170 struct adv_info *next_instance;
7172 struct mgmt_pending_cmd *cmd;
7173 struct hci_request req;
7175 BT_DBG("%s", hdev->name);
7177 status = mgmt_le_support(hdev);
7179 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7182 flags = __le32_to_cpu(cp->flags);
7183 timeout = __le16_to_cpu(cp->timeout);
7184 duration = __le16_to_cpu(cp->duration);
7186 /* The current implementation only supports a subset of the specified
7189 supported_flags = get_supported_adv_flags(hdev);
7190 if (flags & ~supported_flags)
7191 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7192 MGMT_STATUS_INVALID_PARAMS);
7196 if (timeout && !hdev_is_powered(hdev)) {
7197 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7198 MGMT_STATUS_REJECTED);
7202 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7203 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7204 pending_find(MGMT_OP_SET_LE, hdev)) {
7205 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7210 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
7211 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
7212 cp->scan_rsp_len, false)) {
7213 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7214 MGMT_STATUS_INVALID_PARAMS);
7218 err = hci_add_adv_instance(hdev, cp->instance, flags,
7219 cp->adv_data_len, cp->data,
7221 cp->data + cp->adv_data_len,
7224 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7225 MGMT_STATUS_FAILED);
7229 /* Only trigger an advertising added event if a new instance was
7232 if (hdev->adv_instance_cnt > prev_instance_cnt)
7233 advertising_added(sk, hdev, cp->instance);
7235 hci_dev_set_flag(hdev, HCI_ADVERTISING_INSTANCE);
7237 if (hdev->cur_adv_instance == cp->instance) {
7238 /* If the currently advertised instance is being changed then
7239 * cancel the current advertising and schedule the next
7240 * instance. If there is only one instance then the overridden
7241 * advertising data will be visible right away.
7243 cancel_adv_timeout(hdev);
7245 next_instance = hci_get_next_instance(hdev, cp->instance);
7247 schedule_instance = next_instance->instance;
7248 } else if (!hdev->adv_instance_timeout) {
7249 /* Immediately advertise the new instance if no other
7250 * instance is currently being advertised.
7252 schedule_instance = cp->instance;
7255 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
7256 * there is no instance to be advertised then we have no HCI
7257 * communication to make. Simply return.
7259 if (!hdev_is_powered(hdev) ||
7260 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7261 !schedule_instance) {
7262 rp.instance = cp->instance;
7263 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7264 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7268 /* We're good to go, update advertising data, parameters, and start
7271 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
7278 hci_req_init(&req, hdev);
7280 err = schedule_adv_instance(&req, schedule_instance, true);
7283 err = hci_req_run(&req, add_advertising_complete);
7286 mgmt_pending_remove(cmd);
7289 hci_dev_unlock(hdev);
7294 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
7297 struct mgmt_pending_cmd *cmd;
7298 struct mgmt_cp_remove_advertising *cp;
7299 struct mgmt_rp_remove_advertising rp;
7301 BT_DBG("status %d", status);
7305 /* A failure status here only means that we failed to disable
7306 * advertising. Otherwise, the advertising instance has been removed,
7307 * so report success.
7309 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
7314 rp.instance = cp->instance;
7316 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
7318 mgmt_pending_remove(cmd);
7321 hci_dev_unlock(hdev);
7324 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
7325 void *data, u16 data_len)
7327 struct mgmt_cp_remove_advertising *cp = data;
7328 struct mgmt_rp_remove_advertising rp;
7329 struct mgmt_pending_cmd *cmd;
7330 struct hci_request req;
7333 BT_DBG("%s", hdev->name);
7337 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
7338 err = mgmt_cmd_status(sk, hdev->id,
7339 MGMT_OP_REMOVE_ADVERTISING,
7340 MGMT_STATUS_INVALID_PARAMS);
7344 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7345 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7346 pending_find(MGMT_OP_SET_LE, hdev)) {
7347 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7352 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
7353 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7354 MGMT_STATUS_INVALID_PARAMS);
7358 hci_req_init(&req, hdev);
7360 clear_adv_instance(hdev, &req, cp->instance, true);
7362 if (list_empty(&hdev->adv_instances))
7363 disable_advertising(&req);
7365 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
7366 * flag is set or the device isn't powered then we have no HCI
7367 * communication to make. Simply return.
7369 if (skb_queue_empty(&req.cmd_q) ||
7370 !hdev_is_powered(hdev) ||
7371 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
7372 rp.instance = cp->instance;
7373 err = mgmt_cmd_complete(sk, hdev->id,
7374 MGMT_OP_REMOVE_ADVERTISING,
7375 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7379 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
7386 err = hci_req_run(&req, remove_advertising_complete);
7388 mgmt_pending_remove(cmd);
7391 hci_dev_unlock(hdev);
7396 static const struct hci_mgmt_handler mgmt_handlers[] = {
7397 { NULL }, /* 0x0000 (no command) */
7398 { read_version, MGMT_READ_VERSION_SIZE,
7400 HCI_MGMT_UNTRUSTED },
7401 { read_commands, MGMT_READ_COMMANDS_SIZE,
7403 HCI_MGMT_UNTRUSTED },
7404 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
7406 HCI_MGMT_UNTRUSTED },
7407 { read_controller_info, MGMT_READ_INFO_SIZE,
7408 HCI_MGMT_UNTRUSTED },
7409 { set_powered, MGMT_SETTING_SIZE },
7410 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
7411 { set_connectable, MGMT_SETTING_SIZE },
7412 { set_fast_connectable, MGMT_SETTING_SIZE },
7413 { set_bondable, MGMT_SETTING_SIZE },
7414 { set_link_security, MGMT_SETTING_SIZE },
7415 { set_ssp, MGMT_SETTING_SIZE },
7416 { set_hs, MGMT_SETTING_SIZE },
7417 { set_le, MGMT_SETTING_SIZE },
7418 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
7419 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
7420 { add_uuid, MGMT_ADD_UUID_SIZE },
7421 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
7422 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
7424 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
7426 { disconnect, MGMT_DISCONNECT_SIZE },
7427 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
7428 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
7429 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7430 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
7431 { pair_device, MGMT_PAIR_DEVICE_SIZE },
7432 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7433 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
7434 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
7435 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7436 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
7437 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
7438 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7439 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
7441 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7442 { start_discovery, MGMT_START_DISCOVERY_SIZE },
7443 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
7444 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
7445 { block_device, MGMT_BLOCK_DEVICE_SIZE },
7446 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
7447 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
7448 { set_advertising, MGMT_SETTING_SIZE },
7449 { set_bredr, MGMT_SETTING_SIZE },
7450 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
7451 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
7452 { set_secure_conn, MGMT_SETTING_SIZE },
7453 { set_debug_keys, MGMT_SETTING_SIZE },
7454 { set_privacy, MGMT_SET_PRIVACY_SIZE },
7455 { load_irks, MGMT_LOAD_IRKS_SIZE,
7457 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
7458 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
7459 { add_device, MGMT_ADD_DEVICE_SIZE },
7460 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
7461 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
7463 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
7465 HCI_MGMT_UNTRUSTED },
7466 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
7467 HCI_MGMT_UNCONFIGURED |
7468 HCI_MGMT_UNTRUSTED },
7469 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
7470 HCI_MGMT_UNCONFIGURED },
7471 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
7472 HCI_MGMT_UNCONFIGURED },
7473 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7475 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
7476 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
7478 HCI_MGMT_UNTRUSTED },
7479 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
7480 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7482 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
7485 void mgmt_index_added(struct hci_dev *hdev)
7487 struct mgmt_ev_ext_index ev;
7489 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7492 switch (hdev->dev_type) {
7494 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7495 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7496 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7499 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7500 HCI_MGMT_INDEX_EVENTS);
7513 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7514 HCI_MGMT_EXT_INDEX_EVENTS);
7517 void mgmt_index_removed(struct hci_dev *hdev)
7519 struct mgmt_ev_ext_index ev;
7520 u8 status = MGMT_STATUS_INVALID_INDEX;
7522 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7525 switch (hdev->dev_type) {
7527 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7529 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7530 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7531 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7534 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7535 HCI_MGMT_INDEX_EVENTS);
7548 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7549 HCI_MGMT_EXT_INDEX_EVENTS);
7552 /* This function requires the caller holds hdev->lock */
7553 static void restart_le_actions(struct hci_request *req)
7555 struct hci_dev *hdev = req->hdev;
7556 struct hci_conn_params *p;
7558 list_for_each_entry(p, &hdev->le_conn_params, list) {
7559 /* Needed for AUTO_OFF case where might not "really"
7560 * have been powered off.
7562 list_del_init(&p->action);
7564 switch (p->auto_connect) {
7565 case HCI_AUTO_CONN_DIRECT:
7566 case HCI_AUTO_CONN_ALWAYS:
7567 list_add(&p->action, &hdev->pend_le_conns);
7569 case HCI_AUTO_CONN_REPORT:
7570 list_add(&p->action, &hdev->pend_le_reports);
7577 __hci_update_background_scan(req);
7580 static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7582 struct cmd_lookup match = { NULL, hdev };
7584 BT_DBG("status 0x%02x", status);
7587 /* Register the available SMP channels (BR/EDR and LE) only
7588 * when successfully powering on the controller. This late
7589 * registration is required so that LE SMP can clearly
7590 * decide if the public address or static address is used.
7597 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7599 new_settings(hdev, match.sk);
7601 hci_dev_unlock(hdev);
7607 static int powered_update_hci(struct hci_dev *hdev)
7609 struct hci_request req;
7610 struct adv_info *adv_instance;
7613 hci_req_init(&req, hdev);
7615 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
7616 !lmp_host_ssp_capable(hdev)) {
7619 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
7621 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
7624 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
7625 sizeof(support), &support);
7629 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
7630 lmp_bredr_capable(hdev)) {
7631 struct hci_cp_write_le_host_supported cp;
7636 /* Check first if we already have the right
7637 * host state (host features set)
7639 if (cp.le != lmp_host_le_capable(hdev) ||
7640 cp.simul != lmp_host_le_br_capable(hdev))
7641 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
7645 if (lmp_le_capable(hdev)) {
7646 /* Make sure the controller has a good default for
7647 * advertising data. This also applies to the case
7648 * where BR/EDR was toggled during the AUTO_OFF phase.
7650 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
7651 (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7652 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))) {
7653 update_adv_data(&req);
7654 update_scan_rsp_data(&req);
7657 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
7658 hdev->cur_adv_instance == 0x00 &&
7659 !list_empty(&hdev->adv_instances)) {
7660 adv_instance = list_first_entry(&hdev->adv_instances,
7661 struct adv_info, list);
7662 hdev->cur_adv_instance = adv_instance->instance;
7665 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7666 enable_advertising(&req);
7667 else if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
7668 hdev->cur_adv_instance)
7669 schedule_adv_instance(&req, hdev->cur_adv_instance,
7672 restart_le_actions(&req);
7675 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
7676 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
7677 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
7678 sizeof(link_sec), &link_sec);
7680 if (lmp_bredr_capable(hdev)) {
7681 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
7682 write_fast_connectable(&req, true);
7684 write_fast_connectable(&req, false);
7685 __hci_update_page_scan(&req);
7691 return hci_req_run(&req, powered_complete);
7694 int mgmt_powered(struct hci_dev *hdev, u8 powered)
7696 struct cmd_lookup match = { NULL, hdev };
7697 u8 status, zero_cod[] = { 0, 0, 0 };
7700 if (!hci_dev_test_flag(hdev, HCI_MGMT))
7704 if (powered_update_hci(hdev) == 0)
7707 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
7712 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7714 /* If the power off is because of hdev unregistration let
7715 * use the appropriate INVALID_INDEX status. Otherwise use
7716 * NOT_POWERED. We cover both scenarios here since later in
7717 * mgmt_index_removed() any hci_conn callbacks will have already
7718 * been triggered, potentially causing misleading DISCONNECTED
7721 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7722 status = MGMT_STATUS_INVALID_INDEX;
7724 status = MGMT_STATUS_NOT_POWERED;
7726 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7728 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
7729 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7730 zero_cod, sizeof(zero_cod), NULL);
7733 err = new_settings(hdev, match.sk);
7741 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7743 struct mgmt_pending_cmd *cmd;
7746 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7750 if (err == -ERFKILL)
7751 status = MGMT_STATUS_RFKILLED;
7753 status = MGMT_STATUS_FAILED;
7755 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7757 mgmt_pending_remove(cmd);
7760 void mgmt_discoverable_timeout(struct hci_dev *hdev)
7762 struct hci_request req;
7766 /* When discoverable timeout triggers, then just make sure
7767 * the limited discoverable flag is cleared. Even in the case
7768 * of a timeout triggered from general discoverable, it is
7769 * safe to unconditionally clear the flag.
7771 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7772 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
7774 hci_req_init(&req, hdev);
7775 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
7776 u8 scan = SCAN_PAGE;
7777 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7778 sizeof(scan), &scan);
7782 /* Advertising instances don't use the global discoverable setting, so
7783 * only update AD if advertising was enabled using Set Advertising.
7785 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7786 update_adv_data(&req);
7788 hci_req_run(&req, NULL);
7790 hdev->discov_timeout = 0;
7792 new_settings(hdev, NULL);
7794 hci_dev_unlock(hdev);
7797 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7800 struct mgmt_ev_new_link_key ev;
7802 memset(&ev, 0, sizeof(ev));
7804 ev.store_hint = persistent;
7805 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7806 ev.key.addr.type = BDADDR_BREDR;
7807 ev.key.type = key->type;
7808 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7809 ev.key.pin_len = key->pin_len;
7811 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7814 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7816 switch (ltk->type) {
7819 if (ltk->authenticated)
7820 return MGMT_LTK_AUTHENTICATED;
7821 return MGMT_LTK_UNAUTHENTICATED;
7823 if (ltk->authenticated)
7824 return MGMT_LTK_P256_AUTH;
7825 return MGMT_LTK_P256_UNAUTH;
7826 case SMP_LTK_P256_DEBUG:
7827 return MGMT_LTK_P256_DEBUG;
7830 return MGMT_LTK_UNAUTHENTICATED;
7833 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7835 struct mgmt_ev_new_long_term_key ev;
7837 memset(&ev, 0, sizeof(ev));
7839 /* Devices using resolvable or non-resolvable random addresses
7840 * without providing an identity resolving key don't require
7841 * to store long term keys. Their addresses will change the
7844 * Only when a remote device provides an identity address
7845 * make sure the long term key is stored. If the remote
7846 * identity is known, the long term keys are internally
7847 * mapped to the identity address. So allow static random
7848 * and public addresses here.
7850 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7851 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7852 ev.store_hint = 0x00;
7854 ev.store_hint = persistent;
7856 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7857 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7858 ev.key.type = mgmt_ltk_type(key);
7859 ev.key.enc_size = key->enc_size;
7860 ev.key.ediv = key->ediv;
7861 ev.key.rand = key->rand;
7863 if (key->type == SMP_LTK)
7866 /* Make sure we copy only the significant bytes based on the
7867 * encryption key size, and set the rest of the value to zeroes.
7869 memcpy(ev.key.val, key->val, key->enc_size);
7870 memset(ev.key.val + key->enc_size, 0,
7871 sizeof(ev.key.val) - key->enc_size);
7873 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7876 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
7878 struct mgmt_ev_new_irk ev;
7880 memset(&ev, 0, sizeof(ev));
7882 /* For identity resolving keys from devices that are already
7883 * using a public address or static random address, do not
7884 * ask for storing this key. The identity resolving key really
7885 * is only mandatory for devices using resolvable random
7888 * Storing all identity resolving keys has the downside that
7889 * they will be also loaded on next boot of they system. More
7890 * identity resolving keys, means more time during scanning is
7891 * needed to actually resolve these addresses.
7893 if (bacmp(&irk->rpa, BDADDR_ANY))
7894 ev.store_hint = 0x01;
7896 ev.store_hint = 0x00;
7898 bacpy(&ev.rpa, &irk->rpa);
7899 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7900 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7901 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7903 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7906 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7909 struct mgmt_ev_new_csrk ev;
7911 memset(&ev, 0, sizeof(ev));
7913 /* Devices using resolvable or non-resolvable random addresses
7914 * without providing an identity resolving key don't require
7915 * to store signature resolving keys. Their addresses will change
7916 * the next time around.
7918 * Only when a remote device provides an identity address
7919 * make sure the signature resolving key is stored. So allow
7920 * static random and public addresses here.
7922 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7923 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7924 ev.store_hint = 0x00;
7926 ev.store_hint = persistent;
7928 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7929 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7930 ev.key.type = csrk->type;
7931 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7933 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7936 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7937 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7938 u16 max_interval, u16 latency, u16 timeout)
7940 struct mgmt_ev_new_conn_param ev;
7942 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7945 memset(&ev, 0, sizeof(ev));
7946 bacpy(&ev.addr.bdaddr, bdaddr);
7947 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7948 ev.store_hint = store_hint;
7949 ev.min_interval = cpu_to_le16(min_interval);
7950 ev.max_interval = cpu_to_le16(max_interval);
7951 ev.latency = cpu_to_le16(latency);
7952 ev.timeout = cpu_to_le16(timeout);
7954 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7957 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7958 u32 flags, u8 *name, u8 name_len)
7961 struct mgmt_ev_device_connected *ev = (void *) buf;
7964 bacpy(&ev->addr.bdaddr, &conn->dst);
7965 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7967 ev->flags = __cpu_to_le32(flags);
7969 /* We must ensure that the EIR Data fields are ordered and
7970 * unique. Keep it simple for now and avoid the problem by not
7971 * adding any BR/EDR data to the LE adv.
7973 if (conn->le_adv_data_len > 0) {
7974 memcpy(&ev->eir[eir_len],
7975 conn->le_adv_data, conn->le_adv_data_len);
7976 eir_len = conn->le_adv_data_len;
7979 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7982 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7983 eir_len = eir_append_data(ev->eir, eir_len,
7985 conn->dev_class, 3);
7988 ev->eir_len = cpu_to_le16(eir_len);
7990 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7991 sizeof(*ev) + eir_len, NULL);
7994 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7996 struct sock **sk = data;
7998 cmd->cmd_complete(cmd, 0);
8003 mgmt_pending_remove(cmd);
8006 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
8008 struct hci_dev *hdev = data;
8009 struct mgmt_cp_unpair_device *cp = cmd->param;
8011 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
8013 cmd->cmd_complete(cmd, 0);
8014 mgmt_pending_remove(cmd);
8017 bool mgmt_powering_down(struct hci_dev *hdev)
8019 struct mgmt_pending_cmd *cmd;
8020 struct mgmt_mode *cp;
8022 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
8033 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
8034 u8 link_type, u8 addr_type, u8 reason,
8035 bool mgmt_connected)
8037 struct mgmt_ev_device_disconnected ev;
8038 struct sock *sk = NULL;
8040 /* The connection is still in hci_conn_hash so test for 1
8041 * instead of 0 to know if this is the last one.
8043 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8044 cancel_delayed_work(&hdev->power_off);
8045 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8048 if (!mgmt_connected)
8051 if (link_type != ACL_LINK && link_type != LE_LINK)
8054 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
8056 bacpy(&ev.addr.bdaddr, bdaddr);
8057 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8060 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8065 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8069 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
8070 u8 link_type, u8 addr_type, u8 status)
8072 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
8073 struct mgmt_cp_disconnect *cp;
8074 struct mgmt_pending_cmd *cmd;
8076 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8079 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8085 if (bacmp(bdaddr, &cp->addr.bdaddr))
8088 if (cp->addr.type != bdaddr_type)
8091 cmd->cmd_complete(cmd, mgmt_status(status));
8092 mgmt_pending_remove(cmd);
8095 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8096 u8 addr_type, u8 status)
8098 struct mgmt_ev_connect_failed ev;
8100 /* The connection is still in hci_conn_hash so test for 1
8101 * instead of 0 to know if this is the last one.
8103 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8104 cancel_delayed_work(&hdev->power_off);
8105 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8108 bacpy(&ev.addr.bdaddr, bdaddr);
8109 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8110 ev.status = mgmt_status(status);
8112 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
8115 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
8117 struct mgmt_ev_pin_code_request ev;
8119 bacpy(&ev.addr.bdaddr, bdaddr);
8120 ev.addr.type = BDADDR_BREDR;
8123 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
8126 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8129 struct mgmt_pending_cmd *cmd;
8131 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
8135 cmd->cmd_complete(cmd, mgmt_status(status));
8136 mgmt_pending_remove(cmd);
8139 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8142 struct mgmt_pending_cmd *cmd;
8144 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
8148 cmd->cmd_complete(cmd, mgmt_status(status));
8149 mgmt_pending_remove(cmd);
8152 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8153 u8 link_type, u8 addr_type, u32 value,
8156 struct mgmt_ev_user_confirm_request ev;
8158 BT_DBG("%s", hdev->name);
8160 bacpy(&ev.addr.bdaddr, bdaddr);
8161 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8162 ev.confirm_hint = confirm_hint;
8163 ev.value = cpu_to_le32(value);
8165 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
8169 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8170 u8 link_type, u8 addr_type)
8172 struct mgmt_ev_user_passkey_request ev;
8174 BT_DBG("%s", hdev->name);
8176 bacpy(&ev.addr.bdaddr, bdaddr);
8177 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8179 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
8183 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8184 u8 link_type, u8 addr_type, u8 status,
8187 struct mgmt_pending_cmd *cmd;
8189 cmd = pending_find(opcode, hdev);
8193 cmd->cmd_complete(cmd, mgmt_status(status));
8194 mgmt_pending_remove(cmd);
8199 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8200 u8 link_type, u8 addr_type, u8 status)
8202 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8203 status, MGMT_OP_USER_CONFIRM_REPLY);
8206 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8207 u8 link_type, u8 addr_type, u8 status)
8209 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8211 MGMT_OP_USER_CONFIRM_NEG_REPLY);
8214 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8215 u8 link_type, u8 addr_type, u8 status)
8217 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8218 status, MGMT_OP_USER_PASSKEY_REPLY);
8221 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8222 u8 link_type, u8 addr_type, u8 status)
8224 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8226 MGMT_OP_USER_PASSKEY_NEG_REPLY);
8229 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
8230 u8 link_type, u8 addr_type, u32 passkey,
8233 struct mgmt_ev_passkey_notify ev;
8235 BT_DBG("%s", hdev->name);
8237 bacpy(&ev.addr.bdaddr, bdaddr);
8238 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8239 ev.passkey = __cpu_to_le32(passkey);
8240 ev.entered = entered;
8242 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
8245 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
8247 struct mgmt_ev_auth_failed ev;
8248 struct mgmt_pending_cmd *cmd;
8249 u8 status = mgmt_status(hci_status);
8251 bacpy(&ev.addr.bdaddr, &conn->dst);
8252 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8255 cmd = find_pairing(conn);
8257 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
8258 cmd ? cmd->sk : NULL);
8261 cmd->cmd_complete(cmd, status);
8262 mgmt_pending_remove(cmd);
8266 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
8268 struct cmd_lookup match = { NULL, hdev };
8272 u8 mgmt_err = mgmt_status(status);
8273 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
8274 cmd_status_rsp, &mgmt_err);
8278 if (test_bit(HCI_AUTH, &hdev->flags))
8279 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
8281 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
8283 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
8287 new_settings(hdev, match.sk);
8293 static void clear_eir(struct hci_request *req)
8295 struct hci_dev *hdev = req->hdev;
8296 struct hci_cp_write_eir cp;
8298 if (!lmp_ext_inq_capable(hdev))
8301 memset(hdev->eir, 0, sizeof(hdev->eir));
8303 memset(&cp, 0, sizeof(cp));
8305 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
8308 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
8310 struct cmd_lookup match = { NULL, hdev };
8311 struct hci_request req;
8312 bool changed = false;
8315 u8 mgmt_err = mgmt_status(status);
8317 if (enable && hci_dev_test_and_clear_flag(hdev,
8319 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
8320 new_settings(hdev, NULL);
8323 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
8329 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
8331 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
8333 changed = hci_dev_test_and_clear_flag(hdev,
8336 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
8339 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
8342 new_settings(hdev, match.sk);
8347 hci_req_init(&req, hdev);
8349 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
8350 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
8351 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
8352 sizeof(enable), &enable);
8358 hci_req_run(&req, NULL);
8361 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
8363 struct cmd_lookup *match = data;
8365 if (match->sk == NULL) {
8366 match->sk = cmd->sk;
8367 sock_hold(match->sk);
8371 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
8374 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
8376 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
8377 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
8378 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
8381 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8382 dev_class, 3, NULL);
8388 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
8390 struct mgmt_cp_set_local_name ev;
8391 struct mgmt_pending_cmd *cmd;
8396 memset(&ev, 0, sizeof(ev));
8397 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
8398 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
8400 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
8402 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
8404 /* If this is a HCI command related to powering on the
8405 * HCI dev don't send any mgmt signals.
8407 if (pending_find(MGMT_OP_SET_POWERED, hdev))
8411 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
8412 cmd ? cmd->sk : NULL);
8415 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
8419 for (i = 0; i < uuid_count; i++) {
8420 if (!memcmp(uuid, uuids[i], 16))
8427 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
8431 while (parsed < eir_len) {
8432 u8 field_len = eir[0];
8439 if (eir_len - parsed < field_len + 1)
8443 case EIR_UUID16_ALL:
8444 case EIR_UUID16_SOME:
8445 for (i = 0; i + 3 <= field_len; i += 2) {
8446 memcpy(uuid, bluetooth_base_uuid, 16);
8447 uuid[13] = eir[i + 3];
8448 uuid[12] = eir[i + 2];
8449 if (has_uuid(uuid, uuid_count, uuids))
8453 case EIR_UUID32_ALL:
8454 case EIR_UUID32_SOME:
8455 for (i = 0; i + 5 <= field_len; i += 4) {
8456 memcpy(uuid, bluetooth_base_uuid, 16);
8457 uuid[15] = eir[i + 5];
8458 uuid[14] = eir[i + 4];
8459 uuid[13] = eir[i + 3];
8460 uuid[12] = eir[i + 2];
8461 if (has_uuid(uuid, uuid_count, uuids))
8465 case EIR_UUID128_ALL:
8466 case EIR_UUID128_SOME:
8467 for (i = 0; i + 17 <= field_len; i += 16) {
8468 memcpy(uuid, eir + i + 2, 16);
8469 if (has_uuid(uuid, uuid_count, uuids))
8475 parsed += field_len + 1;
8476 eir += field_len + 1;
8482 static void restart_le_scan(struct hci_dev *hdev)
8484 /* If controller is not scanning we are done. */
8485 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
8488 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8489 hdev->discovery.scan_start +
8490 hdev->discovery.scan_duration))
8493 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
8494 DISCOV_LE_RESTART_DELAY);
8497 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8498 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8500 /* If a RSSI threshold has been specified, and
8501 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
8502 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
8503 * is set, let it through for further processing, as we might need to
8506 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
8507 * the results are also dropped.
8509 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8510 (rssi == HCI_RSSI_INVALID ||
8511 (rssi < hdev->discovery.rssi &&
8512 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
8515 if (hdev->discovery.uuid_count != 0) {
8516 /* If a list of UUIDs is provided in filter, results with no
8517 * matching UUID should be dropped.
8519 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8520 hdev->discovery.uuids) &&
8521 !eir_has_uuids(scan_rsp, scan_rsp_len,
8522 hdev->discovery.uuid_count,
8523 hdev->discovery.uuids))
8527 /* If duplicate filtering does not report RSSI changes, then restart
8528 * scanning to ensure updated result with updated RSSI values.
8530 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8531 restart_le_scan(hdev);
8533 /* Validate RSSI value against the RSSI threshold once more. */
8534 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8535 rssi < hdev->discovery.rssi)
8542 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8543 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8544 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8547 struct mgmt_ev_device_found *ev = (void *)buf;
8550 /* Don't send events for a non-kernel initiated discovery. With
8551 * LE one exception is if we have pend_le_reports > 0 in which
8552 * case we're doing passive scanning and want these events.
8554 if (!hci_discovery_active(hdev)) {
8555 if (link_type == ACL_LINK)
8557 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8561 if (hdev->discovery.result_filtering) {
8562 /* We are using service discovery */
8563 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8568 /* Make sure that the buffer is big enough. The 5 extra bytes
8569 * are for the potential CoD field.
8571 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
8574 memset(buf, 0, sizeof(buf));
8576 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8577 * RSSI value was reported as 0 when not available. This behavior
8578 * is kept when using device discovery. This is required for full
8579 * backwards compatibility with the API.
8581 * However when using service discovery, the value 127 will be
8582 * returned when the RSSI is not available.
8584 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8585 link_type == ACL_LINK)
8588 bacpy(&ev->addr.bdaddr, bdaddr);
8589 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8591 ev->flags = cpu_to_le32(flags);
8594 /* Copy EIR or advertising data into event */
8595 memcpy(ev->eir, eir, eir_len);
8597 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
8598 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8601 if (scan_rsp_len > 0)
8602 /* Append scan response data to event */
8603 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8605 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8606 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
8608 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
8611 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8612 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
8614 struct mgmt_ev_device_found *ev;
8615 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8618 ev = (struct mgmt_ev_device_found *) buf;
8620 memset(buf, 0, sizeof(buf));
8622 bacpy(&ev->addr.bdaddr, bdaddr);
8623 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8626 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8629 ev->eir_len = cpu_to_le16(eir_len);
8631 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
8634 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
8636 struct mgmt_ev_discovering ev;
8638 BT_DBG("%s discovering %u", hdev->name, discovering);
8640 memset(&ev, 0, sizeof(ev));
8641 ev.type = hdev->discovery.type;
8642 ev.discovering = discovering;
8644 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8647 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8649 BT_DBG("%s status %u", hdev->name, status);
8652 void mgmt_reenable_advertising(struct hci_dev *hdev)
8654 struct hci_request req;
8657 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
8658 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
8661 instance = get_current_adv_instance(hdev);
8663 hci_req_init(&req, hdev);
8666 schedule_adv_instance(&req, instance, true);
8668 update_adv_data(&req);
8669 update_scan_rsp_data(&req);
8670 enable_advertising(&req);
8673 hci_req_run(&req, adv_enable_complete);
8676 static struct hci_mgmt_chan chan = {
8677 .channel = HCI_CHANNEL_CONTROL,
8678 .handler_count = ARRAY_SIZE(mgmt_handlers),
8679 .handlers = mgmt_handlers,
8680 .hdev_init = mgmt_init_hdev,
8685 return hci_mgmt_chan_register(&chan);
8688 void mgmt_exit(void)
8690 hci_mgmt_chan_unregister(&chan);
projects / karo-tx-linux.git / blob