2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 10
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
107 static const u16 mgmt_events[] = {
108 MGMT_EV_CONTROLLER_ERROR,
110 MGMT_EV_INDEX_REMOVED,
111 MGMT_EV_NEW_SETTINGS,
112 MGMT_EV_CLASS_OF_DEV_CHANGED,
113 MGMT_EV_LOCAL_NAME_CHANGED,
114 MGMT_EV_NEW_LINK_KEY,
115 MGMT_EV_NEW_LONG_TERM_KEY,
116 MGMT_EV_DEVICE_CONNECTED,
117 MGMT_EV_DEVICE_DISCONNECTED,
118 MGMT_EV_CONNECT_FAILED,
119 MGMT_EV_PIN_CODE_REQUEST,
120 MGMT_EV_USER_CONFIRM_REQUEST,
121 MGMT_EV_USER_PASSKEY_REQUEST,
123 MGMT_EV_DEVICE_FOUND,
125 MGMT_EV_DEVICE_BLOCKED,
126 MGMT_EV_DEVICE_UNBLOCKED,
127 MGMT_EV_DEVICE_UNPAIRED,
128 MGMT_EV_PASSKEY_NOTIFY,
131 MGMT_EV_DEVICE_ADDED,
132 MGMT_EV_DEVICE_REMOVED,
133 MGMT_EV_NEW_CONN_PARAM,
134 MGMT_EV_UNCONF_INDEX_ADDED,
135 MGMT_EV_UNCONF_INDEX_REMOVED,
136 MGMT_EV_NEW_CONFIG_OPTIONS,
137 MGMT_EV_EXT_INDEX_ADDED,
138 MGMT_EV_EXT_INDEX_REMOVED,
139 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
140 MGMT_EV_ADVERTISING_ADDED,
141 MGMT_EV_ADVERTISING_REMOVED,
144 static const u16 mgmt_untrusted_commands[] = {
145 MGMT_OP_READ_INDEX_LIST,
147 MGMT_OP_READ_UNCONF_INDEX_LIST,
148 MGMT_OP_READ_CONFIG_INFO,
149 MGMT_OP_READ_EXT_INDEX_LIST,
152 static const u16 mgmt_untrusted_events[] = {
154 MGMT_EV_INDEX_REMOVED,
155 MGMT_EV_NEW_SETTINGS,
156 MGMT_EV_CLASS_OF_DEV_CHANGED,
157 MGMT_EV_LOCAL_NAME_CHANGED,
158 MGMT_EV_UNCONF_INDEX_ADDED,
159 MGMT_EV_UNCONF_INDEX_REMOVED,
160 MGMT_EV_NEW_CONFIG_OPTIONS,
161 MGMT_EV_EXT_INDEX_ADDED,
162 MGMT_EV_EXT_INDEX_REMOVED,
165 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
167 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
168 "\x00\x00\x00\x00\x00\x00\x00\x00"
170 /* HCI to MGMT error code conversion table */
171 static u8 mgmt_status_table[] = {
173 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
174 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
175 MGMT_STATUS_FAILED, /* Hardware Failure */
176 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
177 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
178 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
179 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
180 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
181 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
183 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
184 MGMT_STATUS_BUSY, /* Command Disallowed */
185 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
186 MGMT_STATUS_REJECTED, /* Rejected Security */
187 MGMT_STATUS_REJECTED, /* Rejected Personal */
188 MGMT_STATUS_TIMEOUT, /* Host Timeout */
189 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
190 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
191 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
192 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
193 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
194 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
195 MGMT_STATUS_BUSY, /* Repeated Attempts */
196 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
197 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
198 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
199 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
200 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
201 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
202 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
203 MGMT_STATUS_FAILED, /* Unspecified Error */
204 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
205 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
206 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
207 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
208 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
209 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
210 MGMT_STATUS_FAILED, /* Unit Link Key Used */
211 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
212 MGMT_STATUS_TIMEOUT, /* Instant Passed */
213 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
214 MGMT_STATUS_FAILED, /* Transaction Collision */
215 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
216 MGMT_STATUS_REJECTED, /* QoS Rejected */
217 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
218 MGMT_STATUS_REJECTED, /* Insufficient Security */
219 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
220 MGMT_STATUS_BUSY, /* Role Switch Pending */
221 MGMT_STATUS_FAILED, /* Slot Violation */
222 MGMT_STATUS_FAILED, /* Role Switch Failed */
223 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
224 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
225 MGMT_STATUS_BUSY, /* Host Busy Pairing */
226 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
227 MGMT_STATUS_BUSY, /* Controller Busy */
228 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
229 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
230 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
231 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
232 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
235 static u8 mgmt_status(u8 hci_status)
237 if (hci_status < ARRAY_SIZE(mgmt_status_table))
238 return mgmt_status_table[hci_status];
240 return MGMT_STATUS_FAILED;
243 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
246 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
250 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag, struct sock *skip_sk)
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, struct sock *skip_sk)
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 HCI_MGMT_GENERIC_EVENTS, skip_sk);
264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
271 static u8 le_addr_type(u8 mgmt_addr_type)
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
276 return ADDR_LE_DEV_RANDOM;
279 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
282 struct mgmt_rp_read_version rp;
284 BT_DBG("sock %p", sk);
286 rp.version = MGMT_VERSION;
287 rp.revision = cpu_to_le16(MGMT_REVISION);
289 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
293 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
296 struct mgmt_rp_read_commands *rp;
297 u16 num_commands, num_events;
301 BT_DBG("sock %p", sk);
303 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
304 num_commands = ARRAY_SIZE(mgmt_commands);
305 num_events = ARRAY_SIZE(mgmt_events);
307 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
308 num_events = ARRAY_SIZE(mgmt_untrusted_events);
311 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
313 rp = kmalloc(rp_size, GFP_KERNEL);
317 rp->num_commands = cpu_to_le16(num_commands);
318 rp->num_events = cpu_to_le16(num_events);
320 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
321 __le16 *opcode = rp->opcodes;
323 for (i = 0; i < num_commands; i++, opcode++)
324 put_unaligned_le16(mgmt_commands[i], opcode);
326 for (i = 0; i < num_events; i++, opcode++)
327 put_unaligned_le16(mgmt_events[i], opcode);
329 __le16 *opcode = rp->opcodes;
331 for (i = 0; i < num_commands; i++, opcode++)
332 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
334 for (i = 0; i < num_events; i++, opcode++)
335 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
338 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
345 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
348 struct mgmt_rp_read_index_list *rp;
354 BT_DBG("sock %p", sk);
356 read_lock(&hci_dev_list_lock);
359 list_for_each_entry(d, &hci_dev_list, list) {
360 if (d->dev_type == HCI_BREDR &&
361 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
365 rp_len = sizeof(*rp) + (2 * count);
366 rp = kmalloc(rp_len, GFP_ATOMIC);
368 read_unlock(&hci_dev_list_lock);
373 list_for_each_entry(d, &hci_dev_list, list) {
374 if (hci_dev_test_flag(d, HCI_SETUP) ||
375 hci_dev_test_flag(d, HCI_CONFIG) ||
376 hci_dev_test_flag(d, HCI_USER_CHANNEL))
379 /* Devices marked as raw-only are neither configured
380 * nor unconfigured controllers.
382 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
385 if (d->dev_type == HCI_BREDR &&
386 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
387 rp->index[count++] = cpu_to_le16(d->id);
388 BT_DBG("Added hci%u", d->id);
392 rp->num_controllers = cpu_to_le16(count);
393 rp_len = sizeof(*rp) + (2 * count);
395 read_unlock(&hci_dev_list_lock);
397 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
405 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
406 void *data, u16 data_len)
408 struct mgmt_rp_read_unconf_index_list *rp;
414 BT_DBG("sock %p", sk);
416 read_lock(&hci_dev_list_lock);
419 list_for_each_entry(d, &hci_dev_list, list) {
420 if (d->dev_type == HCI_BREDR &&
421 hci_dev_test_flag(d, HCI_UNCONFIGURED))
425 rp_len = sizeof(*rp) + (2 * count);
426 rp = kmalloc(rp_len, GFP_ATOMIC);
428 read_unlock(&hci_dev_list_lock);
433 list_for_each_entry(d, &hci_dev_list, list) {
434 if (hci_dev_test_flag(d, HCI_SETUP) ||
435 hci_dev_test_flag(d, HCI_CONFIG) ||
436 hci_dev_test_flag(d, HCI_USER_CHANNEL))
439 /* Devices marked as raw-only are neither configured
440 * nor unconfigured controllers.
442 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
445 if (d->dev_type == HCI_BREDR &&
446 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
447 rp->index[count++] = cpu_to_le16(d->id);
448 BT_DBG("Added hci%u", d->id);
452 rp->num_controllers = cpu_to_le16(count);
453 rp_len = sizeof(*rp) + (2 * count);
455 read_unlock(&hci_dev_list_lock);
457 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
458 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
465 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
466 void *data, u16 data_len)
468 struct mgmt_rp_read_ext_index_list *rp;
474 BT_DBG("sock %p", sk);
476 read_lock(&hci_dev_list_lock);
479 list_for_each_entry(d, &hci_dev_list, list) {
480 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
484 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
485 rp = kmalloc(rp_len, GFP_ATOMIC);
487 read_unlock(&hci_dev_list_lock);
492 list_for_each_entry(d, &hci_dev_list, list) {
493 if (hci_dev_test_flag(d, HCI_SETUP) ||
494 hci_dev_test_flag(d, HCI_CONFIG) ||
495 hci_dev_test_flag(d, HCI_USER_CHANNEL))
498 /* Devices marked as raw-only are neither configured
499 * nor unconfigured controllers.
501 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
504 if (d->dev_type == HCI_BREDR) {
505 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
506 rp->entry[count].type = 0x01;
508 rp->entry[count].type = 0x00;
509 } else if (d->dev_type == HCI_AMP) {
510 rp->entry[count].type = 0x02;
515 rp->entry[count].bus = d->bus;
516 rp->entry[count++].index = cpu_to_le16(d->id);
517 BT_DBG("Added hci%u", d->id);
520 rp->num_controllers = cpu_to_le16(count);
521 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
523 read_unlock(&hci_dev_list_lock);
525 /* If this command is called at least once, then all the
526 * default index and unconfigured index events are disabled
527 * and from now on only extended index events are used.
529 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
530 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
531 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
533 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
534 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
541 static bool is_configured(struct hci_dev *hdev)
543 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
544 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
547 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
548 !bacmp(&hdev->public_addr, BDADDR_ANY))
554 static __le32 get_missing_options(struct hci_dev *hdev)
558 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
559 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
560 options |= MGMT_OPTION_EXTERNAL_CONFIG;
562 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
563 !bacmp(&hdev->public_addr, BDADDR_ANY))
564 options |= MGMT_OPTION_PUBLIC_ADDRESS;
566 return cpu_to_le32(options);
569 static int new_options(struct hci_dev *hdev, struct sock *skip)
571 __le32 options = get_missing_options(hdev);
573 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
574 sizeof(options), skip);
577 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
579 __le32 options = get_missing_options(hdev);
581 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
585 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
586 void *data, u16 data_len)
588 struct mgmt_rp_read_config_info rp;
591 BT_DBG("sock %p %s", sk, hdev->name);
595 memset(&rp, 0, sizeof(rp));
596 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
598 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
599 options |= MGMT_OPTION_EXTERNAL_CONFIG;
601 if (hdev->set_bdaddr)
602 options |= MGMT_OPTION_PUBLIC_ADDRESS;
604 rp.supported_options = cpu_to_le32(options);
605 rp.missing_options = get_missing_options(hdev);
607 hci_dev_unlock(hdev);
609 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
613 static u32 get_supported_settings(struct hci_dev *hdev)
617 settings |= MGMT_SETTING_POWERED;
618 settings |= MGMT_SETTING_BONDABLE;
619 settings |= MGMT_SETTING_DEBUG_KEYS;
620 settings |= MGMT_SETTING_CONNECTABLE;
621 settings |= MGMT_SETTING_DISCOVERABLE;
623 if (lmp_bredr_capable(hdev)) {
624 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
625 settings |= MGMT_SETTING_FAST_CONNECTABLE;
626 settings |= MGMT_SETTING_BREDR;
627 settings |= MGMT_SETTING_LINK_SECURITY;
629 if (lmp_ssp_capable(hdev)) {
630 settings |= MGMT_SETTING_SSP;
631 settings |= MGMT_SETTING_HS;
634 if (lmp_sc_capable(hdev))
635 settings |= MGMT_SETTING_SECURE_CONN;
638 if (lmp_le_capable(hdev)) {
639 settings |= MGMT_SETTING_LE;
640 settings |= MGMT_SETTING_ADVERTISING;
641 settings |= MGMT_SETTING_SECURE_CONN;
642 settings |= MGMT_SETTING_PRIVACY;
643 settings |= MGMT_SETTING_STATIC_ADDRESS;
646 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
648 settings |= MGMT_SETTING_CONFIGURATION;
653 static u32 get_current_settings(struct hci_dev *hdev)
657 if (hdev_is_powered(hdev))
658 settings |= MGMT_SETTING_POWERED;
660 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
661 settings |= MGMT_SETTING_CONNECTABLE;
663 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
664 settings |= MGMT_SETTING_FAST_CONNECTABLE;
666 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
667 settings |= MGMT_SETTING_DISCOVERABLE;
669 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
670 settings |= MGMT_SETTING_BONDABLE;
672 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
673 settings |= MGMT_SETTING_BREDR;
675 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
676 settings |= MGMT_SETTING_LE;
678 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
679 settings |= MGMT_SETTING_LINK_SECURITY;
681 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
682 settings |= MGMT_SETTING_SSP;
684 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
685 settings |= MGMT_SETTING_HS;
687 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
688 settings |= MGMT_SETTING_ADVERTISING;
690 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
691 settings |= MGMT_SETTING_SECURE_CONN;
693 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
694 settings |= MGMT_SETTING_DEBUG_KEYS;
696 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
697 settings |= MGMT_SETTING_PRIVACY;
699 /* The current setting for static address has two purposes. The
700 * first is to indicate if the static address will be used and
701 * the second is to indicate if it is actually set.
703 * This means if the static address is not configured, this flag
704 * will never be set. If the address is configured, then if the
705 * address is actually used decides if the flag is set or not.
707 * For single mode LE only controllers and dual-mode controllers
708 * with BR/EDR disabled, the existence of the static address will
711 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
712 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
713 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
714 if (bacmp(&hdev->static_addr, BDADDR_ANY))
715 settings |= MGMT_SETTING_STATIC_ADDRESS;
721 #define PNP_INFO_SVCLASS_ID 0x1200
723 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
725 u8 *ptr = data, *uuids_start = NULL;
726 struct bt_uuid *uuid;
731 list_for_each_entry(uuid, &hdev->uuids, list) {
734 if (uuid->size != 16)
737 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
741 if (uuid16 == PNP_INFO_SVCLASS_ID)
747 uuids_start[1] = EIR_UUID16_ALL;
751 /* Stop if not enough space to put next UUID */
752 if ((ptr - data) + sizeof(u16) > len) {
753 uuids_start[1] = EIR_UUID16_SOME;
757 *ptr++ = (uuid16 & 0x00ff);
758 *ptr++ = (uuid16 & 0xff00) >> 8;
759 uuids_start[0] += sizeof(uuid16);
765 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
767 u8 *ptr = data, *uuids_start = NULL;
768 struct bt_uuid *uuid;
773 list_for_each_entry(uuid, &hdev->uuids, list) {
774 if (uuid->size != 32)
780 uuids_start[1] = EIR_UUID32_ALL;
784 /* Stop if not enough space to put next UUID */
785 if ((ptr - data) + sizeof(u32) > len) {
786 uuids_start[1] = EIR_UUID32_SOME;
790 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
792 uuids_start[0] += sizeof(u32);
798 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
800 u8 *ptr = data, *uuids_start = NULL;
801 struct bt_uuid *uuid;
806 list_for_each_entry(uuid, &hdev->uuids, list) {
807 if (uuid->size != 128)
813 uuids_start[1] = EIR_UUID128_ALL;
817 /* Stop if not enough space to put next UUID */
818 if ((ptr - data) + 16 > len) {
819 uuids_start[1] = EIR_UUID128_SOME;
823 memcpy(ptr, uuid->uuid, 16);
825 uuids_start[0] += 16;
831 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
833 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
836 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
837 struct hci_dev *hdev,
840 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
843 static u8 get_current_adv_instance(struct hci_dev *hdev)
845 /* The "Set Advertising" setting supersedes the "Add Advertising"
846 * setting. Here we set the advertising data based on which
847 * setting was set. When neither apply, default to the global settings,
848 * represented by instance "0".
850 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
851 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
852 return hdev->cur_adv_instance;
857 static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
862 name_len = strlen(hdev->dev_name);
864 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
866 if (name_len > max_len) {
868 ptr[1] = EIR_NAME_SHORT;
870 ptr[1] = EIR_NAME_COMPLETE;
872 ptr[0] = name_len + 1;
874 memcpy(ptr + 2, hdev->dev_name, name_len);
876 ad_len += (name_len + 2);
877 ptr += (name_len + 2);
883 static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance,
886 struct adv_info *adv_instance;
888 adv_instance = hci_find_adv_instance(hdev, instance);
892 /* TODO: Set the appropriate entries based on advertising instance flags
893 * here once flags other than 0 are supported.
895 memcpy(ptr, adv_instance->scan_rsp_data,
896 adv_instance->scan_rsp_len);
898 return adv_instance->scan_rsp_len;
901 static void update_inst_scan_rsp_data(struct hci_request *req, u8 instance)
903 struct hci_dev *hdev = req->hdev;
904 struct hci_cp_le_set_scan_rsp_data cp;
907 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
910 memset(&cp, 0, sizeof(cp));
913 len = create_instance_scan_rsp_data(hdev, instance, cp.data);
915 len = create_default_scan_rsp_data(hdev, cp.data);
917 if (hdev->scan_rsp_data_len == len &&
918 !memcmp(cp.data, hdev->scan_rsp_data, len))
921 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
922 hdev->scan_rsp_data_len = len;
926 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
929 static void update_scan_rsp_data(struct hci_request *req)
931 update_inst_scan_rsp_data(req, get_current_adv_instance(req->hdev));
934 static u8 get_adv_discov_flags(struct hci_dev *hdev)
936 struct mgmt_pending_cmd *cmd;
938 /* If there's a pending mgmt command the flags will not yet have
939 * their final values, so check for this first.
941 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
943 struct mgmt_mode *cp = cmd->param;
945 return LE_AD_GENERAL;
946 else if (cp->val == 0x02)
947 return LE_AD_LIMITED;
949 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
950 return LE_AD_LIMITED;
951 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
952 return LE_AD_GENERAL;
958 static bool get_connectable(struct hci_dev *hdev)
960 struct mgmt_pending_cmd *cmd;
962 /* If there's a pending mgmt command the flag will not yet have
963 * it's final value, so check for this first.
965 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
967 struct mgmt_mode *cp = cmd->param;
972 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
975 static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
978 struct adv_info *adv_instance;
980 if (instance == 0x00) {
981 /* Instance 0 always manages the "Tx Power" and "Flags"
984 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
986 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting
987 * corresponds to the "connectable" instance flag.
989 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
990 flags |= MGMT_ADV_FLAG_CONNECTABLE;
995 adv_instance = hci_find_adv_instance(hdev, instance);
997 /* Return 0 when we got an invalid instance identifier. */
1001 return adv_instance->flags;
1004 static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev)
1006 u8 instance = get_current_adv_instance(hdev);
1007 struct adv_info *adv_instance;
1009 /* Ignore instance 0 */
1010 if (instance == 0x00)
1013 adv_instance = hci_find_adv_instance(hdev, instance);
1017 /* TODO: Take into account the "appearance" and "local-name" flags here.
1018 * These are currently being ignored as they are not supported.
1020 return adv_instance->scan_rsp_len;
1023 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
1025 struct adv_info *adv_instance = NULL;
1026 u8 ad_len = 0, flags = 0;
1029 /* Return 0 when the current instance identifier is invalid. */
1031 adv_instance = hci_find_adv_instance(hdev, instance);
1036 instance_flags = get_adv_instance_flags(hdev, instance);
1038 /* The Add Advertising command allows userspace to set both the general
1039 * and limited discoverable flags.
1041 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
1042 flags |= LE_AD_GENERAL;
1044 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
1045 flags |= LE_AD_LIMITED;
1047 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
1048 /* If a discovery flag wasn't provided, simply use the global
1052 flags |= get_adv_discov_flags(hdev);
1054 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1055 flags |= LE_AD_NO_BREDR;
1057 /* If flags would still be empty, then there is no need to
1058 * include the "Flags" AD field".
1071 memcpy(ptr, adv_instance->adv_data,
1072 adv_instance->adv_data_len);
1073 ad_len += adv_instance->adv_data_len;
1074 ptr += adv_instance->adv_data_len;
1077 /* Provide Tx Power only if we can provide a valid value for it */
1078 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
1079 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
1081 ptr[1] = EIR_TX_POWER;
1082 ptr[2] = (u8)hdev->adv_tx_power;
1091 static void update_inst_adv_data(struct hci_request *req, u8 instance)
1093 struct hci_dev *hdev = req->hdev;
1094 struct hci_cp_le_set_adv_data cp;
1097 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1100 memset(&cp, 0, sizeof(cp));
1102 len = create_instance_adv_data(hdev, instance, cp.data);
1104 /* There's nothing to do if the data hasn't changed */
1105 if (hdev->adv_data_len == len &&
1106 memcmp(cp.data, hdev->adv_data, len) == 0)
1109 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1110 hdev->adv_data_len = len;
1114 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1117 static void update_adv_data(struct hci_request *req)
1119 update_inst_adv_data(req, get_current_adv_instance(req->hdev));
1122 int mgmt_update_adv_data(struct hci_dev *hdev)
1124 struct hci_request req;
1126 hci_req_init(&req, hdev);
1127 update_adv_data(&req);
1129 return hci_req_run(&req, NULL);
1132 static void create_eir(struct hci_dev *hdev, u8 *data)
1137 name_len = strlen(hdev->dev_name);
1141 if (name_len > 48) {
1143 ptr[1] = EIR_NAME_SHORT;
1145 ptr[1] = EIR_NAME_COMPLETE;
1147 /* EIR Data length */
1148 ptr[0] = name_len + 1;
1150 memcpy(ptr + 2, hdev->dev_name, name_len);
1152 ptr += (name_len + 2);
1155 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
1157 ptr[1] = EIR_TX_POWER;
1158 ptr[2] = (u8) hdev->inq_tx_power;
1163 if (hdev->devid_source > 0) {
1165 ptr[1] = EIR_DEVICE_ID;
1167 put_unaligned_le16(hdev->devid_source, ptr + 2);
1168 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1169 put_unaligned_le16(hdev->devid_product, ptr + 6);
1170 put_unaligned_le16(hdev->devid_version, ptr + 8);
1175 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1176 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1177 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1180 static void update_eir(struct hci_request *req)
1182 struct hci_dev *hdev = req->hdev;
1183 struct hci_cp_write_eir cp;
1185 if (!hdev_is_powered(hdev))
1188 if (!lmp_ext_inq_capable(hdev))
1191 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1194 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1197 memset(&cp, 0, sizeof(cp));
1199 create_eir(hdev, cp.data);
1201 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
1204 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1206 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1209 static u8 get_service_classes(struct hci_dev *hdev)
1211 struct bt_uuid *uuid;
1214 list_for_each_entry(uuid, &hdev->uuids, list)
1215 val |= uuid->svc_hint;
1220 static void update_class(struct hci_request *req)
1222 struct hci_dev *hdev = req->hdev;
1225 BT_DBG("%s", hdev->name);
1227 if (!hdev_is_powered(hdev))
1230 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1233 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1236 cod[0] = hdev->minor_class;
1237 cod[1] = hdev->major_class;
1238 cod[2] = get_service_classes(hdev);
1240 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1243 if (memcmp(cod, hdev->dev_class, 3) == 0)
1246 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1249 static void disable_advertising(struct hci_request *req)
1253 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1256 static void enable_advertising(struct hci_request *req)
1258 struct hci_dev *hdev = req->hdev;
1259 struct hci_cp_le_set_adv_param cp;
1260 u8 own_addr_type, enable = 0x01;
1265 if (hci_conn_num(hdev, LE_LINK) > 0)
1268 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1269 disable_advertising(req);
1271 /* Clear the HCI_LE_ADV bit temporarily so that the
1272 * hci_update_random_address knows that it's safe to go ahead
1273 * and write a new random address. The flag will be set back on
1274 * as soon as the SET_ADV_ENABLE HCI command completes.
1276 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1278 instance = get_current_adv_instance(hdev);
1279 flags = get_adv_instance_flags(hdev, instance);
1281 /* If the "connectable" instance flag was not set, then choose between
1282 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1284 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1285 get_connectable(hdev);
1287 /* Set require_privacy to true only when non-connectable
1288 * advertising is used. In that case it is fine to use a
1289 * non-resolvable private address.
1291 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1294 memset(&cp, 0, sizeof(cp));
1295 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1296 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1299 cp.type = LE_ADV_IND;
1300 else if (get_cur_adv_instance_scan_rsp_len(hdev))
1301 cp.type = LE_ADV_SCAN_IND;
1303 cp.type = LE_ADV_NONCONN_IND;
1305 cp.own_address_type = own_addr_type;
1306 cp.channel_map = hdev->le_adv_channel_map;
1308 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1310 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1313 static void service_cache_off(struct work_struct *work)
1315 struct hci_dev *hdev = container_of(work, struct hci_dev,
1316 service_cache.work);
1317 struct hci_request req;
1319 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1322 hci_req_init(&req, hdev);
1329 hci_dev_unlock(hdev);
1331 hci_req_run(&req, NULL);
1334 static void rpa_expired(struct work_struct *work)
1336 struct hci_dev *hdev = container_of(work, struct hci_dev,
1338 struct hci_request req;
1342 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1344 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1347 /* The generation of a new RPA and programming it into the
1348 * controller happens in the enable_advertising() function.
1350 hci_req_init(&req, hdev);
1351 enable_advertising(&req);
1352 hci_req_run(&req, NULL);
1355 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1357 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
1360 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1361 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1363 /* Non-mgmt controlled devices get this bit set
1364 * implicitly so that pairing works for them, however
1365 * for mgmt we require user-space to explicitly enable
1368 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1371 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1372 void *data, u16 data_len)
1374 struct mgmt_rp_read_info rp;
1376 BT_DBG("sock %p %s", sk, hdev->name);
1380 memset(&rp, 0, sizeof(rp));
1382 bacpy(&rp.bdaddr, &hdev->bdaddr);
1384 rp.version = hdev->hci_ver;
1385 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1387 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1388 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1390 memcpy(rp.dev_class, hdev->dev_class, 3);
1392 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1393 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1395 hci_dev_unlock(hdev);
1397 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1401 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1403 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1405 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1409 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1411 BT_DBG("%s status 0x%02x", hdev->name, status);
1413 if (hci_conn_count(hdev) == 0) {
1414 cancel_delayed_work(&hdev->power_off);
1415 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1419 static bool hci_stop_discovery(struct hci_request *req)
1421 struct hci_dev *hdev = req->hdev;
1422 struct hci_cp_remote_name_req_cancel cp;
1423 struct inquiry_entry *e;
1425 switch (hdev->discovery.state) {
1426 case DISCOVERY_FINDING:
1427 if (test_bit(HCI_INQUIRY, &hdev->flags))
1428 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1430 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1431 cancel_delayed_work(&hdev->le_scan_disable);
1432 hci_req_add_le_scan_disable(req);
1437 case DISCOVERY_RESOLVING:
1438 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1443 bacpy(&cp.bdaddr, &e->data.bdaddr);
1444 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1450 /* Passive scanning */
1451 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1452 hci_req_add_le_scan_disable(req);
1462 static void advertising_added(struct sock *sk, struct hci_dev *hdev,
1465 struct mgmt_ev_advertising_added ev;
1467 ev.instance = instance;
1469 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1472 static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
1475 struct mgmt_ev_advertising_removed ev;
1477 ev.instance = instance;
1479 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1482 static int schedule_adv_instance(struct hci_request *req, u8 instance,
1484 struct hci_dev *hdev = req->hdev;
1485 struct adv_info *adv_instance = NULL;
1488 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1489 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1492 if (hdev->adv_instance_timeout)
1495 adv_instance = hci_find_adv_instance(hdev, instance);
1499 /* A zero timeout means unlimited advertising. As long as there is
1500 * only one instance, duration should be ignored. We still set a timeout
1501 * in case further instances are being added later on.
1503 * If the remaining lifetime of the instance is more than the duration
1504 * then the timeout corresponds to the duration, otherwise it will be
1505 * reduced to the remaining instance lifetime.
1507 if (adv_instance->timeout == 0 ||
1508 adv_instance->duration <= adv_instance->remaining_time)
1509 timeout = adv_instance->duration;
1511 timeout = adv_instance->remaining_time;
1513 /* The remaining time is being reduced unless the instance is being
1514 * advertised without time limit.
1516 if (adv_instance->timeout)
1517 adv_instance->remaining_time =
1518 adv_instance->remaining_time - timeout;
1520 hdev->adv_instance_timeout = timeout;
1521 queue_delayed_work(hdev->workqueue,
1522 &hdev->adv_instance_expire,
1523 msecs_to_jiffies(timeout * 1000));
1525 /* If we're just re-scheduling the same instance again then do not
1526 * execute any HCI commands. This happens when a single instance is
1529 if (!force && hdev->cur_adv_instance == instance &&
1530 hci_dev_test_flag(hdev, HCI_LE_ADV))
1533 hdev->cur_adv_instance = instance;
1534 update_adv_data(req);
1535 update_scan_rsp_data(req);
1536 enable_advertising(req);
1541 static void cancel_adv_timeout(struct hci_dev *hdev)
1543 if (hdev->adv_instance_timeout) {
1544 hdev->adv_instance_timeout = 0;
1545 cancel_delayed_work(&hdev->adv_instance_expire);
1549 /* For a single instance:
1550 * - force == true: The instance will be removed even when its remaining
1551 * lifetime is not zero.
1552 * - force == false: the instance will be deactivated but kept stored unless
1553 * the remaining lifetime is zero.
1555 * For instance == 0x00:
1556 * - force == true: All instances will be removed regardless of their timeout
1558 * - force == false: Only instances that have a timeout will be removed.
1560 static void clear_adv_instance(struct hci_dev *hdev, struct hci_request *req,
1561 u8 instance, bool force)
1563 struct adv_info *adv_instance, *n, *next_instance = NULL;
1567 /* Cancel any timeout concerning the removed instance(s). */
1568 if (!instance || hdev->cur_adv_instance == instance)
1569 cancel_adv_timeout(hdev);
1571 /* Get the next instance to advertise BEFORE we remove
1572 * the current one. This can be the same instance again
1573 * if there is only one instance.
1575 if (instance && hdev->cur_adv_instance == instance)
1576 next_instance = hci_get_next_instance(hdev, instance);
1578 if (instance == 0x00) {
1579 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances,
1581 if (!(force || adv_instance->timeout))
1584 rem_inst = adv_instance->instance;
1585 err = hci_remove_adv_instance(hdev, rem_inst);
1587 advertising_removed(NULL, hdev, rem_inst);
1589 hdev->cur_adv_instance = 0x00;
1591 adv_instance = hci_find_adv_instance(hdev, instance);
1593 if (force || (adv_instance && adv_instance->timeout &&
1594 !adv_instance->remaining_time)) {
1595 /* Don't advertise a removed instance. */
1596 if (next_instance &&
1597 next_instance->instance == instance)
1598 next_instance = NULL;
1600 err = hci_remove_adv_instance(hdev, instance);
1602 advertising_removed(NULL, hdev, instance);
1606 if (list_empty(&hdev->adv_instances)) {
1607 hdev->cur_adv_instance = 0x00;
1608 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
1611 if (!req || !hdev_is_powered(hdev) ||
1612 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1616 schedule_adv_instance(req, next_instance->instance, false);
1619 static int clean_up_hci_state(struct hci_dev *hdev)
1621 struct hci_request req;
1622 struct hci_conn *conn;
1623 bool discov_stopped;
1626 hci_req_init(&req, hdev);
1628 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1629 test_bit(HCI_PSCAN, &hdev->flags)) {
1631 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1634 clear_adv_instance(hdev, NULL, 0x00, false);
1636 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1637 disable_advertising(&req);
1639 discov_stopped = hci_stop_discovery(&req);
1641 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1642 struct hci_cp_disconnect dc;
1643 struct hci_cp_reject_conn_req rej;
1645 switch (conn->state) {
1648 dc.handle = cpu_to_le16(conn->handle);
1649 dc.reason = 0x15; /* Terminated due to Power Off */
1650 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1653 if (conn->type == LE_LINK)
1654 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1656 else if (conn->type == ACL_LINK)
1657 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1661 bacpy(&rej.bdaddr, &conn->dst);
1662 rej.reason = 0x15; /* Terminated due to Power Off */
1663 if (conn->type == ACL_LINK)
1664 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1666 else if (conn->type == SCO_LINK)
1667 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1673 err = hci_req_run(&req, clean_up_hci_complete);
1674 if (!err && discov_stopped)
1675 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1680 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1683 struct mgmt_mode *cp = data;
1684 struct mgmt_pending_cmd *cmd;
1687 BT_DBG("request for %s", hdev->name);
1689 if (cp->val != 0x00 && cp->val != 0x01)
1690 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1691 MGMT_STATUS_INVALID_PARAMS);
1695 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1696 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1701 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
1702 cancel_delayed_work(&hdev->power_off);
1705 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1707 err = mgmt_powered(hdev, 1);
1712 if (!!cp->val == hdev_is_powered(hdev)) {
1713 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1717 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1724 queue_work(hdev->req_workqueue, &hdev->power_on);
1727 /* Disconnect connections, stop scans, etc */
1728 err = clean_up_hci_state(hdev);
1730 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1731 HCI_POWER_OFF_TIMEOUT);
1733 /* ENODATA means there were no HCI commands queued */
1734 if (err == -ENODATA) {
1735 cancel_delayed_work(&hdev->power_off);
1736 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1742 hci_dev_unlock(hdev);
1746 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1748 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1750 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1754 int mgmt_new_settings(struct hci_dev *hdev)
1756 return new_settings(hdev, NULL);
1761 struct hci_dev *hdev;
1765 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1767 struct cmd_lookup *match = data;
1769 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1771 list_del(&cmd->list);
1773 if (match->sk == NULL) {
1774 match->sk = cmd->sk;
1775 sock_hold(match->sk);
1778 mgmt_pending_free(cmd);
1781 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1785 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1786 mgmt_pending_remove(cmd);
1789 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1791 if (cmd->cmd_complete) {
1794 cmd->cmd_complete(cmd, *status);
1795 mgmt_pending_remove(cmd);
1800 cmd_status_rsp(cmd, data);
1803 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1805 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1806 cmd->param, cmd->param_len);
1809 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1811 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1812 cmd->param, sizeof(struct mgmt_addr_info));
1815 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1817 if (!lmp_bredr_capable(hdev))
1818 return MGMT_STATUS_NOT_SUPPORTED;
1819 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1820 return MGMT_STATUS_REJECTED;
1822 return MGMT_STATUS_SUCCESS;
1825 static u8 mgmt_le_support(struct hci_dev *hdev)
1827 if (!lmp_le_capable(hdev))
1828 return MGMT_STATUS_NOT_SUPPORTED;
1829 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1830 return MGMT_STATUS_REJECTED;
1832 return MGMT_STATUS_SUCCESS;
1835 static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1838 struct mgmt_pending_cmd *cmd;
1839 struct mgmt_mode *cp;
1840 struct hci_request req;
1843 BT_DBG("status 0x%02x", status);
1847 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1852 u8 mgmt_err = mgmt_status(status);
1853 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1854 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1860 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
1862 if (hdev->discov_timeout > 0) {
1863 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1864 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1868 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
1871 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1874 new_settings(hdev, cmd->sk);
1876 /* When the discoverable mode gets changed, make sure
1877 * that class of device has the limited discoverable
1878 * bit correctly set. Also update page scan based on whitelist
1881 hci_req_init(&req, hdev);
1882 __hci_update_page_scan(&req);
1884 hci_req_run(&req, NULL);
1887 mgmt_pending_remove(cmd);
1890 hci_dev_unlock(hdev);
1893 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1896 struct mgmt_cp_set_discoverable *cp = data;
1897 struct mgmt_pending_cmd *cmd;
1898 struct hci_request req;
1903 BT_DBG("request for %s", hdev->name);
1905 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1906 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1907 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1908 MGMT_STATUS_REJECTED);
1910 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1911 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1912 MGMT_STATUS_INVALID_PARAMS);
1914 timeout = __le16_to_cpu(cp->timeout);
1916 /* Disabling discoverable requires that no timeout is set,
1917 * and enabling limited discoverable requires a timeout.
1919 if ((cp->val == 0x00 && timeout > 0) ||
1920 (cp->val == 0x02 && timeout == 0))
1921 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1922 MGMT_STATUS_INVALID_PARAMS);
1926 if (!hdev_is_powered(hdev) && timeout > 0) {
1927 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1928 MGMT_STATUS_NOT_POWERED);
1932 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1933 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1934 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1939 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1940 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1941 MGMT_STATUS_REJECTED);
1945 if (!hdev_is_powered(hdev)) {
1946 bool changed = false;
1948 /* Setting limited discoverable when powered off is
1949 * not a valid operation since it requires a timeout
1950 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1952 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1953 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1957 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1962 err = new_settings(hdev, sk);
1967 /* If the current mode is the same, then just update the timeout
1968 * value with the new value. And if only the timeout gets updated,
1969 * then no need for any HCI transactions.
1971 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1972 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1973 HCI_LIMITED_DISCOVERABLE)) {
1974 cancel_delayed_work(&hdev->discov_off);
1975 hdev->discov_timeout = timeout;
1977 if (cp->val && hdev->discov_timeout > 0) {
1978 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1979 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1983 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1987 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1993 /* Cancel any potential discoverable timeout that might be
1994 * still active and store new timeout value. The arming of
1995 * the timeout happens in the complete handler.
1997 cancel_delayed_work(&hdev->discov_off);
1998 hdev->discov_timeout = timeout;
2000 /* Limited discoverable mode */
2001 if (cp->val == 0x02)
2002 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2004 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2006 hci_req_init(&req, hdev);
2008 /* The procedure for LE-only controllers is much simpler - just
2009 * update the advertising data.
2011 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2017 struct hci_cp_write_current_iac_lap hci_cp;
2019 if (cp->val == 0x02) {
2020 /* Limited discoverable mode */
2021 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
2022 hci_cp.iac_lap[0] = 0x00; /* LIAC */
2023 hci_cp.iac_lap[1] = 0x8b;
2024 hci_cp.iac_lap[2] = 0x9e;
2025 hci_cp.iac_lap[3] = 0x33; /* GIAC */
2026 hci_cp.iac_lap[4] = 0x8b;
2027 hci_cp.iac_lap[5] = 0x9e;
2029 /* General discoverable mode */
2031 hci_cp.iac_lap[0] = 0x33; /* GIAC */
2032 hci_cp.iac_lap[1] = 0x8b;
2033 hci_cp.iac_lap[2] = 0x9e;
2036 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
2037 (hci_cp.num_iac * 3) + 1, &hci_cp);
2039 scan |= SCAN_INQUIRY;
2041 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2044 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
2047 update_adv_data(&req);
2049 err = hci_req_run(&req, set_discoverable_complete);
2051 mgmt_pending_remove(cmd);
2054 hci_dev_unlock(hdev);
2058 static void write_fast_connectable(struct hci_request *req, bool enable)
2060 struct hci_dev *hdev = req->hdev;
2061 struct hci_cp_write_page_scan_activity acp;
2064 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2067 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
2071 type = PAGE_SCAN_TYPE_INTERLACED;
2073 /* 160 msec page scan interval */
2074 acp.interval = cpu_to_le16(0x0100);
2076 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2078 /* default 1.28 sec page scan */
2079 acp.interval = cpu_to_le16(0x0800);
2082 acp.window = cpu_to_le16(0x0012);
2084 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
2085 __cpu_to_le16(hdev->page_scan_window) != acp.window)
2086 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2089 if (hdev->page_scan_type != type)
2090 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2093 static void set_connectable_complete(struct hci_dev *hdev, u8 status,
2096 struct mgmt_pending_cmd *cmd;
2097 struct mgmt_mode *cp;
2098 bool conn_changed, discov_changed;
2100 BT_DBG("status 0x%02x", status);
2104 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2109 u8 mgmt_err = mgmt_status(status);
2110 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
2116 conn_changed = !hci_dev_test_and_set_flag(hdev,
2118 discov_changed = false;
2120 conn_changed = hci_dev_test_and_clear_flag(hdev,
2122 discov_changed = hci_dev_test_and_clear_flag(hdev,
2126 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
2128 if (conn_changed || discov_changed) {
2129 new_settings(hdev, cmd->sk);
2130 hci_update_page_scan(hdev);
2132 mgmt_update_adv_data(hdev);
2133 hci_update_background_scan(hdev);
2137 mgmt_pending_remove(cmd);
2140 hci_dev_unlock(hdev);
2143 static int set_connectable_update_settings(struct hci_dev *hdev,
2144 struct sock *sk, u8 val)
2146 bool changed = false;
2149 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
2153 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
2155 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
2156 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2159 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
2164 hci_update_page_scan(hdev);
2165 hci_update_background_scan(hdev);
2166 return new_settings(hdev, sk);
2172 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
2175 struct mgmt_mode *cp = data;
2176 struct mgmt_pending_cmd *cmd;
2177 struct hci_request req;
2181 BT_DBG("request for %s", hdev->name);
2183 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2184 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2185 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2186 MGMT_STATUS_REJECTED);
2188 if (cp->val != 0x00 && cp->val != 0x01)
2189 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2190 MGMT_STATUS_INVALID_PARAMS);
2194 if (!hdev_is_powered(hdev)) {
2195 err = set_connectable_update_settings(hdev, sk, cp->val);
2199 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
2200 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
2201 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2206 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
2212 hci_req_init(&req, hdev);
2214 /* If BR/EDR is not enabled and we disable advertising as a
2215 * by-product of disabling connectable, we need to update the
2216 * advertising flags.
2218 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2220 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2221 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2223 update_adv_data(&req);
2224 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
2228 /* If we don't have any whitelist entries just
2229 * disable all scanning. If there are entries
2230 * and we had both page and inquiry scanning
2231 * enabled then fall back to only page scanning.
2232 * Otherwise no changes are needed.
2234 if (list_empty(&hdev->whitelist))
2235 scan = SCAN_DISABLED;
2236 else if (test_bit(HCI_ISCAN, &hdev->flags))
2239 goto no_scan_update;
2241 if (test_bit(HCI_ISCAN, &hdev->flags) &&
2242 hdev->discov_timeout > 0)
2243 cancel_delayed_work(&hdev->discov_off);
2246 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2250 /* Update the advertising parameters if necessary */
2251 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2252 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
2253 enable_advertising(&req);
2255 err = hci_req_run(&req, set_connectable_complete);
2257 mgmt_pending_remove(cmd);
2258 if (err == -ENODATA)
2259 err = set_connectable_update_settings(hdev, sk,
2265 hci_dev_unlock(hdev);
2269 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
2272 struct mgmt_mode *cp = data;
2276 BT_DBG("request for %s", hdev->name);
2278 if (cp->val != 0x00 && cp->val != 0x01)
2279 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2280 MGMT_STATUS_INVALID_PARAMS);
2285 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
2287 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
2289 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
2294 err = new_settings(hdev, sk);
2297 hci_dev_unlock(hdev);
2301 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2304 struct mgmt_mode *cp = data;
2305 struct mgmt_pending_cmd *cmd;
2309 BT_DBG("request for %s", hdev->name);
2311 status = mgmt_bredr_support(hdev);
2313 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2316 if (cp->val != 0x00 && cp->val != 0x01)
2317 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2318 MGMT_STATUS_INVALID_PARAMS);
2322 if (!hdev_is_powered(hdev)) {
2323 bool changed = false;
2325 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
2326 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
2330 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2335 err = new_settings(hdev, sk);
2340 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2341 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2348 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2349 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2353 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2359 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2361 mgmt_pending_remove(cmd);
2366 hci_dev_unlock(hdev);
2370 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2372 struct mgmt_mode *cp = data;
2373 struct mgmt_pending_cmd *cmd;
2377 BT_DBG("request for %s", hdev->name);
2379 status = mgmt_bredr_support(hdev);
2381 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2383 if (!lmp_ssp_capable(hdev))
2384 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2385 MGMT_STATUS_NOT_SUPPORTED);
2387 if (cp->val != 0x00 && cp->val != 0x01)
2388 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2389 MGMT_STATUS_INVALID_PARAMS);
2393 if (!hdev_is_powered(hdev)) {
2397 changed = !hci_dev_test_and_set_flag(hdev,
2400 changed = hci_dev_test_and_clear_flag(hdev,
2403 changed = hci_dev_test_and_clear_flag(hdev,
2406 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
2409 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2414 err = new_settings(hdev, sk);
2419 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2420 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2425 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2426 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2430 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2436 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
2437 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2438 sizeof(cp->val), &cp->val);
2440 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2442 mgmt_pending_remove(cmd);
2447 hci_dev_unlock(hdev);
2451 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2453 struct mgmt_mode *cp = data;
2458 BT_DBG("request for %s", hdev->name);
2460 status = mgmt_bredr_support(hdev);
2462 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2464 if (!lmp_ssp_capable(hdev))
2465 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2466 MGMT_STATUS_NOT_SUPPORTED);
2468 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
2469 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2470 MGMT_STATUS_REJECTED);
2472 if (cp->val != 0x00 && cp->val != 0x01)
2473 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2474 MGMT_STATUS_INVALID_PARAMS);
2478 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2479 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2485 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2487 if (hdev_is_powered(hdev)) {
2488 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2489 MGMT_STATUS_REJECTED);
2493 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2496 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2501 err = new_settings(hdev, sk);
2504 hci_dev_unlock(hdev);
2508 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2510 struct cmd_lookup match = { NULL, hdev };
2515 u8 mgmt_err = mgmt_status(status);
2517 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2522 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2524 new_settings(hdev, match.sk);
2529 /* Make sure the controller has a good default for
2530 * advertising data. Restrict the update to when LE
2531 * has actually been enabled. During power on, the
2532 * update in powered_update_hci will take care of it.
2534 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2535 struct hci_request req;
2537 hci_req_init(&req, hdev);
2538 update_adv_data(&req);
2539 update_scan_rsp_data(&req);
2540 __hci_update_background_scan(&req);
2541 hci_req_run(&req, NULL);
2545 hci_dev_unlock(hdev);
2548 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2550 struct mgmt_mode *cp = data;
2551 struct hci_cp_write_le_host_supported hci_cp;
2552 struct mgmt_pending_cmd *cmd;
2553 struct hci_request req;
2557 BT_DBG("request for %s", hdev->name);
2559 if (!lmp_le_capable(hdev))
2560 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2561 MGMT_STATUS_NOT_SUPPORTED);
2563 if (cp->val != 0x00 && cp->val != 0x01)
2564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2565 MGMT_STATUS_INVALID_PARAMS);
2567 /* Bluetooth single mode LE only controllers or dual-mode
2568 * controllers configured as LE only devices, do not allow
2569 * switching LE off. These have either LE enabled explicitly
2570 * or BR/EDR has been previously switched off.
2572 * When trying to enable an already enabled LE, then gracefully
2573 * send a positive response. Trying to disable it however will
2574 * result into rejection.
2576 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2577 if (cp->val == 0x01)
2578 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2580 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2581 MGMT_STATUS_REJECTED);
2587 enabled = lmp_host_le_capable(hdev);
2590 clear_adv_instance(hdev, NULL, 0x00, true);
2592 if (!hdev_is_powered(hdev) || val == enabled) {
2593 bool changed = false;
2595 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2596 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2600 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2601 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2605 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2610 err = new_settings(hdev, sk);
2615 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2616 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2617 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2622 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2628 hci_req_init(&req, hdev);
2630 memset(&hci_cp, 0, sizeof(hci_cp));
2634 hci_cp.simul = 0x00;
2636 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2637 disable_advertising(&req);
2640 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2643 err = hci_req_run(&req, le_enable_complete);
2645 mgmt_pending_remove(cmd);
2648 hci_dev_unlock(hdev);
2652 /* This is a helper function to test for pending mgmt commands that can
2653 * cause CoD or EIR HCI commands. We can only allow one such pending
2654 * mgmt command at a time since otherwise we cannot easily track what
2655 * the current values are, will be, and based on that calculate if a new
2656 * HCI command needs to be sent and if yes with what value.
2658 static bool pending_eir_or_class(struct hci_dev *hdev)
2660 struct mgmt_pending_cmd *cmd;
2662 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2663 switch (cmd->opcode) {
2664 case MGMT_OP_ADD_UUID:
2665 case MGMT_OP_REMOVE_UUID:
2666 case MGMT_OP_SET_DEV_CLASS:
2667 case MGMT_OP_SET_POWERED:
2675 static const u8 bluetooth_base_uuid[] = {
2676 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2677 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2680 static u8 get_uuid_size(const u8 *uuid)
2684 if (memcmp(uuid, bluetooth_base_uuid, 12))
2687 val = get_unaligned_le32(&uuid[12]);
2694 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2696 struct mgmt_pending_cmd *cmd;
2700 cmd = pending_find(mgmt_op, hdev);
2704 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2705 mgmt_status(status), hdev->dev_class, 3);
2707 mgmt_pending_remove(cmd);
2710 hci_dev_unlock(hdev);
2713 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2715 BT_DBG("status 0x%02x", status);
2717 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2720 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2722 struct mgmt_cp_add_uuid *cp = data;
2723 struct mgmt_pending_cmd *cmd;
2724 struct hci_request req;
2725 struct bt_uuid *uuid;
2728 BT_DBG("request for %s", hdev->name);
2732 if (pending_eir_or_class(hdev)) {
2733 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2738 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2744 memcpy(uuid->uuid, cp->uuid, 16);
2745 uuid->svc_hint = cp->svc_hint;
2746 uuid->size = get_uuid_size(cp->uuid);
2748 list_add_tail(&uuid->list, &hdev->uuids);
2750 hci_req_init(&req, hdev);
2755 err = hci_req_run(&req, add_uuid_complete);
2757 if (err != -ENODATA)
2760 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2761 hdev->dev_class, 3);
2765 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2774 hci_dev_unlock(hdev);
2778 static bool enable_service_cache(struct hci_dev *hdev)
2780 if (!hdev_is_powered(hdev))
2783 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2784 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2792 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2794 BT_DBG("status 0x%02x", status);
2796 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2799 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2802 struct mgmt_cp_remove_uuid *cp = data;
2803 struct mgmt_pending_cmd *cmd;
2804 struct bt_uuid *match, *tmp;
2805 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2806 struct hci_request req;
2809 BT_DBG("request for %s", hdev->name);
2813 if (pending_eir_or_class(hdev)) {
2814 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2819 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2820 hci_uuids_clear(hdev);
2822 if (enable_service_cache(hdev)) {
2823 err = mgmt_cmd_complete(sk, hdev->id,
2824 MGMT_OP_REMOVE_UUID,
2825 0, hdev->dev_class, 3);
2834 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2835 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2838 list_del(&match->list);
2844 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2845 MGMT_STATUS_INVALID_PARAMS);
2850 hci_req_init(&req, hdev);
2855 err = hci_req_run(&req, remove_uuid_complete);
2857 if (err != -ENODATA)
2860 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2861 hdev->dev_class, 3);
2865 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2874 hci_dev_unlock(hdev);
2878 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2880 BT_DBG("status 0x%02x", status);
2882 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2885 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2888 struct mgmt_cp_set_dev_class *cp = data;
2889 struct mgmt_pending_cmd *cmd;
2890 struct hci_request req;
2893 BT_DBG("request for %s", hdev->name);
2895 if (!lmp_bredr_capable(hdev))
2896 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2897 MGMT_STATUS_NOT_SUPPORTED);
2901 if (pending_eir_or_class(hdev)) {
2902 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2907 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2908 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2909 MGMT_STATUS_INVALID_PARAMS);
2913 hdev->major_class = cp->major;
2914 hdev->minor_class = cp->minor;
2916 if (!hdev_is_powered(hdev)) {
2917 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2918 hdev->dev_class, 3);
2922 hci_req_init(&req, hdev);
2924 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2925 hci_dev_unlock(hdev);
2926 cancel_delayed_work_sync(&hdev->service_cache);
2933 err = hci_req_run(&req, set_class_complete);
2935 if (err != -ENODATA)
2938 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2939 hdev->dev_class, 3);
2943 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2952 hci_dev_unlock(hdev);
2956 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2959 struct mgmt_cp_load_link_keys *cp = data;
2960 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2961 sizeof(struct mgmt_link_key_info));
2962 u16 key_count, expected_len;
2966 BT_DBG("request for %s", hdev->name);
2968 if (!lmp_bredr_capable(hdev))
2969 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2970 MGMT_STATUS_NOT_SUPPORTED);
2972 key_count = __le16_to_cpu(cp->key_count);
2973 if (key_count > max_key_count) {
2974 BT_ERR("load_link_keys: too big key_count value %u",
2976 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2977 MGMT_STATUS_INVALID_PARAMS);
2980 expected_len = sizeof(*cp) + key_count *
2981 sizeof(struct mgmt_link_key_info);
2982 if (expected_len != len) {
2983 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2985 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2986 MGMT_STATUS_INVALID_PARAMS);
2989 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2990 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2991 MGMT_STATUS_INVALID_PARAMS);
2993 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2996 for (i = 0; i < key_count; i++) {
2997 struct mgmt_link_key_info *key = &cp->keys[i];
2999 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
3000 return mgmt_cmd_status(sk, hdev->id,
3001 MGMT_OP_LOAD_LINK_KEYS,
3002 MGMT_STATUS_INVALID_PARAMS);
3007 hci_link_keys_clear(hdev);
3010 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
3012 changed = hci_dev_test_and_clear_flag(hdev,
3013 HCI_KEEP_DEBUG_KEYS);
3016 new_settings(hdev, NULL);
3018 for (i = 0; i < key_count; i++) {
3019 struct mgmt_link_key_info *key = &cp->keys[i];
3021 /* Always ignore debug keys and require a new pairing if
3022 * the user wants to use them.
3024 if (key->type == HCI_LK_DEBUG_COMBINATION)
3027 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
3028 key->type, key->pin_len, NULL);
3031 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
3033 hci_dev_unlock(hdev);
3038 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
3039 u8 addr_type, struct sock *skip_sk)
3041 struct mgmt_ev_device_unpaired ev;
3043 bacpy(&ev.addr.bdaddr, bdaddr);
3044 ev.addr.type = addr_type;
3046 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
3050 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3053 struct mgmt_cp_unpair_device *cp = data;
3054 struct mgmt_rp_unpair_device rp;
3055 struct hci_conn_params *params;
3056 struct hci_cp_disconnect dc;
3057 struct mgmt_pending_cmd *cmd;
3058 struct hci_conn *conn;
3062 memset(&rp, 0, sizeof(rp));
3063 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3064 rp.addr.type = cp->addr.type;
3066 if (!bdaddr_type_is_valid(cp->addr.type))
3067 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3068 MGMT_STATUS_INVALID_PARAMS,
3071 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
3072 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3073 MGMT_STATUS_INVALID_PARAMS,
3078 if (!hdev_is_powered(hdev)) {
3079 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3080 MGMT_STATUS_NOT_POWERED, &rp,
3085 if (cp->addr.type == BDADDR_BREDR) {
3086 /* If disconnection is requested, then look up the
3087 * connection. If the remote device is connected, it
3088 * will be later used to terminate the link.
3090 * Setting it to NULL explicitly will cause no
3091 * termination of the link.
3094 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3099 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
3101 err = mgmt_cmd_complete(sk, hdev->id,
3102 MGMT_OP_UNPAIR_DEVICE,
3103 MGMT_STATUS_NOT_PAIRED, &rp,
3111 /* LE address type */
3112 addr_type = le_addr_type(cp->addr.type);
3114 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
3116 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
3118 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3119 MGMT_STATUS_NOT_PAIRED, &rp,
3124 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
3126 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
3130 /* Abort any ongoing SMP pairing */
3131 smp_cancel_pairing(conn);
3133 /* Defer clearing up the connection parameters until closing to
3134 * give a chance of keeping them if a repairing happens.
3136 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3138 /* Disable auto-connection parameters if present */
3139 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
3141 if (params->explicit_connect)
3142 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3144 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3147 /* If disconnection is not requested, then clear the connection
3148 * variable so that the link is not terminated.
3150 if (!cp->disconnect)
3154 /* If the connection variable is set, then termination of the
3155 * link is requested.
3158 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3160 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
3164 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
3171 cmd->cmd_complete = addr_cmd_complete;
3173 dc.handle = cpu_to_le16(conn->handle);
3174 dc.reason = 0x13; /* Remote User Terminated Connection */
3175 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
3177 mgmt_pending_remove(cmd);
3180 hci_dev_unlock(hdev);
3184 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
3187 struct mgmt_cp_disconnect *cp = data;
3188 struct mgmt_rp_disconnect rp;
3189 struct mgmt_pending_cmd *cmd;
3190 struct hci_conn *conn;
3195 memset(&rp, 0, sizeof(rp));
3196 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3197 rp.addr.type = cp->addr.type;
3199 if (!bdaddr_type_is_valid(cp->addr.type))
3200 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3201 MGMT_STATUS_INVALID_PARAMS,
3206 if (!test_bit(HCI_UP, &hdev->flags)) {
3207 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3208 MGMT_STATUS_NOT_POWERED, &rp,
3213 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
3214 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3215 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3219 if (cp->addr.type == BDADDR_BREDR)
3220 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3223 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
3224 le_addr_type(cp->addr.type));
3226 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
3227 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3228 MGMT_STATUS_NOT_CONNECTED, &rp,
3233 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
3239 cmd->cmd_complete = generic_cmd_complete;
3241 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3243 mgmt_pending_remove(cmd);
3246 hci_dev_unlock(hdev);
3250 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3252 switch (link_type) {
3254 switch (addr_type) {
3255 case ADDR_LE_DEV_PUBLIC:
3256 return BDADDR_LE_PUBLIC;
3259 /* Fallback to LE Random address type */
3260 return BDADDR_LE_RANDOM;
3264 /* Fallback to BR/EDR type */
3265 return BDADDR_BREDR;
3269 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3272 struct mgmt_rp_get_connections *rp;
3282 if (!hdev_is_powered(hdev)) {
3283 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3284 MGMT_STATUS_NOT_POWERED);
3289 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3290 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3294 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3295 rp = kmalloc(rp_len, GFP_KERNEL);
3302 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3303 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3305 bacpy(&rp->addr[i].bdaddr, &c->dst);
3306 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3307 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3312 rp->conn_count = cpu_to_le16(i);
3314 /* Recalculate length in case of filtered SCO connections, etc */
3315 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3317 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3323 hci_dev_unlock(hdev);
3327 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3328 struct mgmt_cp_pin_code_neg_reply *cp)
3330 struct mgmt_pending_cmd *cmd;
3333 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3338 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3339 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3341 mgmt_pending_remove(cmd);
3346 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3349 struct hci_conn *conn;
3350 struct mgmt_cp_pin_code_reply *cp = data;
3351 struct hci_cp_pin_code_reply reply;
3352 struct mgmt_pending_cmd *cmd;
3359 if (!hdev_is_powered(hdev)) {
3360 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3361 MGMT_STATUS_NOT_POWERED);
3365 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3367 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3368 MGMT_STATUS_NOT_CONNECTED);
3372 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3373 struct mgmt_cp_pin_code_neg_reply ncp;
3375 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3377 BT_ERR("PIN code is not 16 bytes long");
3379 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3381 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3382 MGMT_STATUS_INVALID_PARAMS);
3387 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3393 cmd->cmd_complete = addr_cmd_complete;
3395 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3396 reply.pin_len = cp->pin_len;
3397 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3399 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3401 mgmt_pending_remove(cmd);
3404 hci_dev_unlock(hdev);
3408 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3411 struct mgmt_cp_set_io_capability *cp = data;
3415 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3416 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3417 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3421 hdev->io_capability = cp->io_capability;
3423 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3424 hdev->io_capability);
3426 hci_dev_unlock(hdev);
3428 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3432 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
3434 struct hci_dev *hdev = conn->hdev;
3435 struct mgmt_pending_cmd *cmd;
3437 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3438 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3441 if (cmd->user_data != conn)
3450 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
3452 struct mgmt_rp_pair_device rp;
3453 struct hci_conn *conn = cmd->user_data;
3456 bacpy(&rp.addr.bdaddr, &conn->dst);
3457 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3459 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3460 status, &rp, sizeof(rp));
3462 /* So we don't get further callbacks for this connection */
3463 conn->connect_cfm_cb = NULL;
3464 conn->security_cfm_cb = NULL;
3465 conn->disconn_cfm_cb = NULL;
3467 hci_conn_drop(conn);
3469 /* The device is paired so there is no need to remove
3470 * its connection parameters anymore.
3472 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3479 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3481 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3482 struct mgmt_pending_cmd *cmd;
3484 cmd = find_pairing(conn);
3486 cmd->cmd_complete(cmd, status);
3487 mgmt_pending_remove(cmd);
3491 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3493 struct mgmt_pending_cmd *cmd;
3495 BT_DBG("status %u", status);
3497 cmd = find_pairing(conn);
3499 BT_DBG("Unable to find a pending command");
3503 cmd->cmd_complete(cmd, mgmt_status(status));
3504 mgmt_pending_remove(cmd);
3507 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3509 struct mgmt_pending_cmd *cmd;
3511 BT_DBG("status %u", status);
3516 cmd = find_pairing(conn);
3518 BT_DBG("Unable to find a pending command");
3522 cmd->cmd_complete(cmd, mgmt_status(status));
3523 mgmt_pending_remove(cmd);
3526 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3529 struct mgmt_cp_pair_device *cp = data;
3530 struct mgmt_rp_pair_device rp;
3531 struct mgmt_pending_cmd *cmd;
3532 u8 sec_level, auth_type;
3533 struct hci_conn *conn;
3538 memset(&rp, 0, sizeof(rp));
3539 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3540 rp.addr.type = cp->addr.type;
3542 if (!bdaddr_type_is_valid(cp->addr.type))
3543 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3544 MGMT_STATUS_INVALID_PARAMS,
3547 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3548 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3549 MGMT_STATUS_INVALID_PARAMS,
3554 if (!hdev_is_powered(hdev)) {
3555 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3556 MGMT_STATUS_NOT_POWERED, &rp,
3561 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3562 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3563 MGMT_STATUS_ALREADY_PAIRED, &rp,
3568 sec_level = BT_SECURITY_MEDIUM;
3569 auth_type = HCI_AT_DEDICATED_BONDING;
3571 if (cp->addr.type == BDADDR_BREDR) {
3572 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3575 u8 addr_type = le_addr_type(cp->addr.type);
3576 struct hci_conn_params *p;
3578 /* When pairing a new device, it is expected to remember
3579 * this device for future connections. Adding the connection
3580 * parameter information ahead of time allows tracking
3581 * of the slave preferred values and will speed up any
3582 * further connection establishment.
3584 * If connection parameters already exist, then they
3585 * will be kept and this function does nothing.
3587 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3589 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
3590 p->auto_connect = HCI_AUTO_CONN_DISABLED;
3592 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
3593 addr_type, sec_level,
3594 HCI_LE_CONN_TIMEOUT,
3601 if (PTR_ERR(conn) == -EBUSY)
3602 status = MGMT_STATUS_BUSY;
3603 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3604 status = MGMT_STATUS_NOT_SUPPORTED;
3605 else if (PTR_ERR(conn) == -ECONNREFUSED)
3606 status = MGMT_STATUS_REJECTED;
3608 status = MGMT_STATUS_CONNECT_FAILED;
3610 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3611 status, &rp, sizeof(rp));
3615 if (conn->connect_cfm_cb) {
3616 hci_conn_drop(conn);
3617 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3618 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3622 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3625 hci_conn_drop(conn);
3629 cmd->cmd_complete = pairing_complete;
3631 /* For LE, just connecting isn't a proof that the pairing finished */
3632 if (cp->addr.type == BDADDR_BREDR) {
3633 conn->connect_cfm_cb = pairing_complete_cb;
3634 conn->security_cfm_cb = pairing_complete_cb;
3635 conn->disconn_cfm_cb = pairing_complete_cb;
3637 conn->connect_cfm_cb = le_pairing_complete_cb;
3638 conn->security_cfm_cb = le_pairing_complete_cb;
3639 conn->disconn_cfm_cb = le_pairing_complete_cb;
3642 conn->io_capability = cp->io_cap;
3643 cmd->user_data = hci_conn_get(conn);
3645 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3646 hci_conn_security(conn, sec_level, auth_type, true)) {
3647 cmd->cmd_complete(cmd, 0);
3648 mgmt_pending_remove(cmd);
3654 hci_dev_unlock(hdev);
3658 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3661 struct mgmt_addr_info *addr = data;
3662 struct mgmt_pending_cmd *cmd;
3663 struct hci_conn *conn;
3670 if (!hdev_is_powered(hdev)) {
3671 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3672 MGMT_STATUS_NOT_POWERED);
3676 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3678 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3679 MGMT_STATUS_INVALID_PARAMS);
3683 conn = cmd->user_data;
3685 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3686 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3687 MGMT_STATUS_INVALID_PARAMS);
3691 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3692 mgmt_pending_remove(cmd);
3694 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3695 addr, sizeof(*addr));
3697 hci_dev_unlock(hdev);
3701 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3702 struct mgmt_addr_info *addr, u16 mgmt_op,
3703 u16 hci_op, __le32 passkey)
3705 struct mgmt_pending_cmd *cmd;
3706 struct hci_conn *conn;
3711 if (!hdev_is_powered(hdev)) {
3712 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3713 MGMT_STATUS_NOT_POWERED, addr,
3718 if (addr->type == BDADDR_BREDR)
3719 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3721 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3722 le_addr_type(addr->type));
3725 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3726 MGMT_STATUS_NOT_CONNECTED, addr,
3731 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3732 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3734 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3735 MGMT_STATUS_SUCCESS, addr,
3738 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3739 MGMT_STATUS_FAILED, addr,
3745 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3751 cmd->cmd_complete = addr_cmd_complete;
3753 /* Continue with pairing via HCI */
3754 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3755 struct hci_cp_user_passkey_reply cp;
3757 bacpy(&cp.bdaddr, &addr->bdaddr);
3758 cp.passkey = passkey;
3759 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3761 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3765 mgmt_pending_remove(cmd);
3768 hci_dev_unlock(hdev);
3772 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3773 void *data, u16 len)
3775 struct mgmt_cp_pin_code_neg_reply *cp = data;
3779 return user_pairing_resp(sk, hdev, &cp->addr,
3780 MGMT_OP_PIN_CODE_NEG_REPLY,
3781 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3784 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3787 struct mgmt_cp_user_confirm_reply *cp = data;
3791 if (len != sizeof(*cp))
3792 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3793 MGMT_STATUS_INVALID_PARAMS);
3795 return user_pairing_resp(sk, hdev, &cp->addr,
3796 MGMT_OP_USER_CONFIRM_REPLY,
3797 HCI_OP_USER_CONFIRM_REPLY, 0);
3800 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3801 void *data, u16 len)
3803 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3807 return user_pairing_resp(sk, hdev, &cp->addr,
3808 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3809 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3812 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3815 struct mgmt_cp_user_passkey_reply *cp = data;
3819 return user_pairing_resp(sk, hdev, &cp->addr,
3820 MGMT_OP_USER_PASSKEY_REPLY,
3821 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3824 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3825 void *data, u16 len)
3827 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3831 return user_pairing_resp(sk, hdev, &cp->addr,
3832 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3833 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3836 static void update_name(struct hci_request *req)
3838 struct hci_dev *hdev = req->hdev;
3839 struct hci_cp_write_local_name cp;
3841 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3843 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3846 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3848 struct mgmt_cp_set_local_name *cp;
3849 struct mgmt_pending_cmd *cmd;
3851 BT_DBG("status 0x%02x", status);
3855 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3862 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3863 mgmt_status(status));
3865 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3868 mgmt_pending_remove(cmd);
3871 hci_dev_unlock(hdev);
3874 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3877 struct mgmt_cp_set_local_name *cp = data;
3878 struct mgmt_pending_cmd *cmd;
3879 struct hci_request req;
3886 /* If the old values are the same as the new ones just return a
3887 * direct command complete event.
3889 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3890 !memcmp(hdev->short_name, cp->short_name,
3891 sizeof(hdev->short_name))) {
3892 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3897 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3899 if (!hdev_is_powered(hdev)) {
3900 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3902 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3907 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3913 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3919 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3921 hci_req_init(&req, hdev);
3923 if (lmp_bredr_capable(hdev)) {
3928 /* The name is stored in the scan response data and so
3929 * no need to udpate the advertising data here.
3931 if (lmp_le_capable(hdev))
3932 update_scan_rsp_data(&req);
3934 err = hci_req_run(&req, set_name_complete);
3936 mgmt_pending_remove(cmd);
3939 hci_dev_unlock(hdev);
3943 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3944 u16 opcode, struct sk_buff *skb)
3946 struct mgmt_rp_read_local_oob_data mgmt_rp;
3947 size_t rp_size = sizeof(mgmt_rp);
3948 struct mgmt_pending_cmd *cmd;
3950 BT_DBG("%s status %u", hdev->name, status);
3952 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3956 if (status || !skb) {
3957 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3958 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3962 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3964 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3965 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3967 if (skb->len < sizeof(*rp)) {
3968 mgmt_cmd_status(cmd->sk, hdev->id,
3969 MGMT_OP_READ_LOCAL_OOB_DATA,
3970 MGMT_STATUS_FAILED);
3974 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3975 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3977 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3979 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3981 if (skb->len < sizeof(*rp)) {
3982 mgmt_cmd_status(cmd->sk, hdev->id,
3983 MGMT_OP_READ_LOCAL_OOB_DATA,
3984 MGMT_STATUS_FAILED);
3988 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3989 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3991 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3992 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3995 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3996 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3999 mgmt_pending_remove(cmd);
4002 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
4003 void *data, u16 data_len)
4005 struct mgmt_pending_cmd *cmd;
4006 struct hci_request req;
4009 BT_DBG("%s", hdev->name);
4013 if (!hdev_is_powered(hdev)) {
4014 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4015 MGMT_STATUS_NOT_POWERED);
4019 if (!lmp_ssp_capable(hdev)) {
4020 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4021 MGMT_STATUS_NOT_SUPPORTED);
4025 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
4026 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4031 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
4037 hci_req_init(&req, hdev);
4039 if (bredr_sc_enabled(hdev))
4040 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4042 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4044 err = hci_req_run_skb(&req, read_local_oob_data_complete);
4046 mgmt_pending_remove(cmd);
4049 hci_dev_unlock(hdev);
4053 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4054 void *data, u16 len)
4056 struct mgmt_addr_info *addr = data;
4059 BT_DBG("%s ", hdev->name);
4061 if (!bdaddr_type_is_valid(addr->type))
4062 return mgmt_cmd_complete(sk, hdev->id,
4063 MGMT_OP_ADD_REMOTE_OOB_DATA,
4064 MGMT_STATUS_INVALID_PARAMS,
4065 addr, sizeof(*addr));
4069 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
4070 struct mgmt_cp_add_remote_oob_data *cp = data;
4073 if (cp->addr.type != BDADDR_BREDR) {
4074 err = mgmt_cmd_complete(sk, hdev->id,
4075 MGMT_OP_ADD_REMOTE_OOB_DATA,
4076 MGMT_STATUS_INVALID_PARAMS,
4077 &cp->addr, sizeof(cp->addr));
4081 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4082 cp->addr.type, cp->hash,
4083 cp->rand, NULL, NULL);
4085 status = MGMT_STATUS_FAILED;
4087 status = MGMT_STATUS_SUCCESS;
4089 err = mgmt_cmd_complete(sk, hdev->id,
4090 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
4091 &cp->addr, sizeof(cp->addr));
4092 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
4093 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
4094 u8 *rand192, *hash192, *rand256, *hash256;
4097 if (bdaddr_type_is_le(cp->addr.type)) {
4098 /* Enforce zero-valued 192-bit parameters as
4099 * long as legacy SMP OOB isn't implemented.
4101 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
4102 memcmp(cp->hash192, ZERO_KEY, 16)) {
4103 err = mgmt_cmd_complete(sk, hdev->id,
4104 MGMT_OP_ADD_REMOTE_OOB_DATA,
4105 MGMT_STATUS_INVALID_PARAMS,
4106 addr, sizeof(*addr));
4113 /* In case one of the P-192 values is set to zero,
4114 * then just disable OOB data for P-192.
4116 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
4117 !memcmp(cp->hash192, ZERO_KEY, 16)) {
4121 rand192 = cp->rand192;
4122 hash192 = cp->hash192;
4126 /* In case one of the P-256 values is set to zero, then just
4127 * disable OOB data for P-256.
4129 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
4130 !memcmp(cp->hash256, ZERO_KEY, 16)) {
4134 rand256 = cp->rand256;
4135 hash256 = cp->hash256;
4138 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4139 cp->addr.type, hash192, rand192,
4142 status = MGMT_STATUS_FAILED;
4144 status = MGMT_STATUS_SUCCESS;
4146 err = mgmt_cmd_complete(sk, hdev->id,
4147 MGMT_OP_ADD_REMOTE_OOB_DATA,
4148 status, &cp->addr, sizeof(cp->addr));
4150 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
4151 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
4152 MGMT_STATUS_INVALID_PARAMS);
4156 hci_dev_unlock(hdev);
4160 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4161 void *data, u16 len)
4163 struct mgmt_cp_remove_remote_oob_data *cp = data;
4167 BT_DBG("%s", hdev->name);
4169 if (cp->addr.type != BDADDR_BREDR)
4170 return mgmt_cmd_complete(sk, hdev->id,
4171 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4172 MGMT_STATUS_INVALID_PARAMS,
4173 &cp->addr, sizeof(cp->addr));
4177 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4178 hci_remote_oob_data_clear(hdev);
4179 status = MGMT_STATUS_SUCCESS;
4183 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
4185 status = MGMT_STATUS_INVALID_PARAMS;
4187 status = MGMT_STATUS_SUCCESS;
4190 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4191 status, &cp->addr, sizeof(cp->addr));
4193 hci_dev_unlock(hdev);
4197 static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
4199 struct hci_dev *hdev = req->hdev;
4200 struct hci_cp_inquiry cp;
4201 /* General inquiry access code (GIAC) */
4202 u8 lap[3] = { 0x33, 0x8b, 0x9e };
4204 *status = mgmt_bredr_support(hdev);
4208 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
4209 *status = MGMT_STATUS_BUSY;
4213 hci_inquiry_cache_flush(hdev);
4215 memset(&cp, 0, sizeof(cp));
4216 memcpy(&cp.lap, lap, sizeof(cp.lap));
4217 cp.length = DISCOV_BREDR_INQUIRY_LEN;
4219 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
4224 static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
4226 struct hci_dev *hdev = req->hdev;
4227 struct hci_cp_le_set_scan_param param_cp;
4228 struct hci_cp_le_set_scan_enable enable_cp;
4232 *status = mgmt_le_support(hdev);
4236 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
4237 /* Don't let discovery abort an outgoing connection attempt
4238 * that's using directed advertising.
4240 if (hci_lookup_le_connect(hdev)) {
4241 *status = MGMT_STATUS_REJECTED;
4245 cancel_adv_timeout(hdev);
4246 disable_advertising(req);
4249 /* If controller is scanning, it means the background scanning is
4250 * running. Thus, we should temporarily stop it in order to set the
4251 * discovery scanning parameters.
4253 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
4254 hci_req_add_le_scan_disable(req);
4256 /* All active scans will be done with either a resolvable private
4257 * address (when privacy feature has been enabled) or non-resolvable
4260 err = hci_update_random_address(req, true, &own_addr_type);
4262 *status = MGMT_STATUS_FAILED;
4266 memset(¶m_cp, 0, sizeof(param_cp));
4267 param_cp.type = LE_SCAN_ACTIVE;
4268 param_cp.interval = cpu_to_le16(interval);
4269 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
4270 param_cp.own_address_type = own_addr_type;
4272 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
4275 memset(&enable_cp, 0, sizeof(enable_cp));
4276 enable_cp.enable = LE_SCAN_ENABLE;
4277 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
4279 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
4285 static bool trigger_discovery(struct hci_request *req, u8 *status)
4287 struct hci_dev *hdev = req->hdev;
4289 switch (hdev->discovery.type) {
4290 case DISCOV_TYPE_BREDR:
4291 if (!trigger_bredr_inquiry(req, status))
4295 case DISCOV_TYPE_INTERLEAVED:
4296 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
4298 /* During simultaneous discovery, we double LE scan
4299 * interval. We must leave some time for the controller
4300 * to do BR/EDR inquiry.
4302 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
4306 if (!trigger_bredr_inquiry(req, status))
4312 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4313 *status = MGMT_STATUS_NOT_SUPPORTED;
4318 case DISCOV_TYPE_LE:
4319 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
4324 *status = MGMT_STATUS_INVALID_PARAMS;
4331 static void start_discovery_complete(struct hci_dev *hdev, u8 status,
4334 struct mgmt_pending_cmd *cmd;
4335 unsigned long timeout;
4337 BT_DBG("status %d", status);
4341 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
4343 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4346 cmd->cmd_complete(cmd, mgmt_status(status));
4347 mgmt_pending_remove(cmd);
4351 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4355 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
4357 /* If the scan involves LE scan, pick proper timeout to schedule
4358 * hdev->le_scan_disable that will stop it.
4360 switch (hdev->discovery.type) {
4361 case DISCOV_TYPE_LE:
4362 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4364 case DISCOV_TYPE_INTERLEAVED:
4365 /* When running simultaneous discovery, the LE scanning time
4366 * should occupy the whole discovery time sine BR/EDR inquiry
4367 * and LE scanning are scheduled by the controller.
4369 * For interleaving discovery in comparison, BR/EDR inquiry
4370 * and LE scanning are done sequentially with separate
4373 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
4374 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4376 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
4378 case DISCOV_TYPE_BREDR:
4382 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
4388 /* When service discovery is used and the controller has
4389 * a strict duplicate filter, it is important to remember
4390 * the start and duration of the scan. This is required
4391 * for restarting scanning during the discovery phase.
4393 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4395 hdev->discovery.result_filtering) {
4396 hdev->discovery.scan_start = jiffies;
4397 hdev->discovery.scan_duration = timeout;
4400 queue_delayed_work(hdev->workqueue,
4401 &hdev->le_scan_disable, timeout);
4405 hci_dev_unlock(hdev);
4408 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4409 void *data, u16 len)
4411 struct mgmt_cp_start_discovery *cp = data;
4412 struct mgmt_pending_cmd *cmd;
4413 struct hci_request req;
4417 BT_DBG("%s", hdev->name);
4421 if (!hdev_is_powered(hdev)) {
4422 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4423 MGMT_STATUS_NOT_POWERED,
4424 &cp->type, sizeof(cp->type));
4428 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4429 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4430 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4431 MGMT_STATUS_BUSY, &cp->type,
4436 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4442 cmd->cmd_complete = generic_cmd_complete;
4444 /* Clear the discovery filter first to free any previously
4445 * allocated memory for the UUID list.
4447 hci_discovery_filter_clear(hdev);
4449 hdev->discovery.type = cp->type;
4450 hdev->discovery.report_invalid_rssi = false;
4452 hci_req_init(&req, hdev);
4454 if (!trigger_discovery(&req, &status)) {
4455 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4456 status, &cp->type, sizeof(cp->type));
4457 mgmt_pending_remove(cmd);
4461 err = hci_req_run(&req, start_discovery_complete);
4463 mgmt_pending_remove(cmd);
4467 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4470 hci_dev_unlock(hdev);
4474 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4477 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4481 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4482 void *data, u16 len)
4484 struct mgmt_cp_start_service_discovery *cp = data;
4485 struct mgmt_pending_cmd *cmd;
4486 struct hci_request req;
4487 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4488 u16 uuid_count, expected_len;
4492 BT_DBG("%s", hdev->name);
4496 if (!hdev_is_powered(hdev)) {
4497 err = mgmt_cmd_complete(sk, hdev->id,
4498 MGMT_OP_START_SERVICE_DISCOVERY,
4499 MGMT_STATUS_NOT_POWERED,
4500 &cp->type, sizeof(cp->type));
4504 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4505 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4506 err = mgmt_cmd_complete(sk, hdev->id,
4507 MGMT_OP_START_SERVICE_DISCOVERY,
4508 MGMT_STATUS_BUSY, &cp->type,
4513 uuid_count = __le16_to_cpu(cp->uuid_count);
4514 if (uuid_count > max_uuid_count) {
4515 BT_ERR("service_discovery: too big uuid_count value %u",
4517 err = mgmt_cmd_complete(sk, hdev->id,
4518 MGMT_OP_START_SERVICE_DISCOVERY,
4519 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4524 expected_len = sizeof(*cp) + uuid_count * 16;
4525 if (expected_len != len) {
4526 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4528 err = mgmt_cmd_complete(sk, hdev->id,
4529 MGMT_OP_START_SERVICE_DISCOVERY,
4530 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4535 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4542 cmd->cmd_complete = service_discovery_cmd_complete;
4544 /* Clear the discovery filter first to free any previously
4545 * allocated memory for the UUID list.
4547 hci_discovery_filter_clear(hdev);
4549 hdev->discovery.result_filtering = true;
4550 hdev->discovery.type = cp->type;
4551 hdev->discovery.rssi = cp->rssi;
4552 hdev->discovery.uuid_count = uuid_count;
4554 if (uuid_count > 0) {
4555 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4557 if (!hdev->discovery.uuids) {
4558 err = mgmt_cmd_complete(sk, hdev->id,
4559 MGMT_OP_START_SERVICE_DISCOVERY,
4561 &cp->type, sizeof(cp->type));
4562 mgmt_pending_remove(cmd);
4567 hci_req_init(&req, hdev);
4569 if (!trigger_discovery(&req, &status)) {
4570 err = mgmt_cmd_complete(sk, hdev->id,
4571 MGMT_OP_START_SERVICE_DISCOVERY,
4572 status, &cp->type, sizeof(cp->type));
4573 mgmt_pending_remove(cmd);
4577 err = hci_req_run(&req, start_discovery_complete);
4579 mgmt_pending_remove(cmd);
4583 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4586 hci_dev_unlock(hdev);
4590 static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4592 struct mgmt_pending_cmd *cmd;
4594 BT_DBG("status %d", status);
4598 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4600 cmd->cmd_complete(cmd, mgmt_status(status));
4601 mgmt_pending_remove(cmd);
4605 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4607 hci_dev_unlock(hdev);
4610 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4613 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4614 struct mgmt_pending_cmd *cmd;
4615 struct hci_request req;
4618 BT_DBG("%s", hdev->name);
4622 if (!hci_discovery_active(hdev)) {
4623 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4624 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4625 sizeof(mgmt_cp->type));
4629 if (hdev->discovery.type != mgmt_cp->type) {
4630 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4631 MGMT_STATUS_INVALID_PARAMS,
4632 &mgmt_cp->type, sizeof(mgmt_cp->type));
4636 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4642 cmd->cmd_complete = generic_cmd_complete;
4644 hci_req_init(&req, hdev);
4646 hci_stop_discovery(&req);
4648 err = hci_req_run(&req, stop_discovery_complete);
4650 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4654 mgmt_pending_remove(cmd);
4656 /* If no HCI commands were sent we're done */
4657 if (err == -ENODATA) {
4658 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4659 &mgmt_cp->type, sizeof(mgmt_cp->type));
4660 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4664 hci_dev_unlock(hdev);
4668 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4671 struct mgmt_cp_confirm_name *cp = data;
4672 struct inquiry_entry *e;
4675 BT_DBG("%s", hdev->name);
4679 if (!hci_discovery_active(hdev)) {
4680 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4681 MGMT_STATUS_FAILED, &cp->addr,
4686 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4688 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4689 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4694 if (cp->name_known) {
4695 e->name_state = NAME_KNOWN;
4698 e->name_state = NAME_NEEDED;
4699 hci_inquiry_cache_update_resolve(hdev, e);
4702 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4703 &cp->addr, sizeof(cp->addr));
4706 hci_dev_unlock(hdev);
4710 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4713 struct mgmt_cp_block_device *cp = data;
4717 BT_DBG("%s", hdev->name);
4719 if (!bdaddr_type_is_valid(cp->addr.type))
4720 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4721 MGMT_STATUS_INVALID_PARAMS,
4722 &cp->addr, sizeof(cp->addr));
4726 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4729 status = MGMT_STATUS_FAILED;
4733 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4735 status = MGMT_STATUS_SUCCESS;
4738 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4739 &cp->addr, sizeof(cp->addr));
4741 hci_dev_unlock(hdev);
4746 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4749 struct mgmt_cp_unblock_device *cp = data;
4753 BT_DBG("%s", hdev->name);
4755 if (!bdaddr_type_is_valid(cp->addr.type))
4756 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4757 MGMT_STATUS_INVALID_PARAMS,
4758 &cp->addr, sizeof(cp->addr));
4762 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4765 status = MGMT_STATUS_INVALID_PARAMS;
4769 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4771 status = MGMT_STATUS_SUCCESS;
4774 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4775 &cp->addr, sizeof(cp->addr));
4777 hci_dev_unlock(hdev);
4782 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4785 struct mgmt_cp_set_device_id *cp = data;
4786 struct hci_request req;
4790 BT_DBG("%s", hdev->name);
4792 source = __le16_to_cpu(cp->source);
4794 if (source > 0x0002)
4795 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4796 MGMT_STATUS_INVALID_PARAMS);
4800 hdev->devid_source = source;
4801 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4802 hdev->devid_product = __le16_to_cpu(cp->product);
4803 hdev->devid_version = __le16_to_cpu(cp->version);
4805 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4808 hci_req_init(&req, hdev);
4810 hci_req_run(&req, NULL);
4812 hci_dev_unlock(hdev);
4817 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4820 BT_DBG("status %d", status);
4823 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4826 struct cmd_lookup match = { NULL, hdev };
4827 struct hci_request req;
4829 struct adv_info *adv_instance;
4835 u8 mgmt_err = mgmt_status(status);
4837 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4838 cmd_status_rsp, &mgmt_err);
4842 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4843 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4845 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4847 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4850 new_settings(hdev, match.sk);
4855 /* If "Set Advertising" was just disabled and instance advertising was
4856 * set up earlier, then re-enable multi-instance advertising.
4858 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4859 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) ||
4860 list_empty(&hdev->adv_instances))
4863 instance = hdev->cur_adv_instance;
4865 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4866 struct adv_info, list);
4870 instance = adv_instance->instance;
4873 hci_req_init(&req, hdev);
4875 err = schedule_adv_instance(&req, instance, true);
4878 err = hci_req_run(&req, enable_advertising_instance);
4881 BT_ERR("Failed to re-configure advertising");
4884 hci_dev_unlock(hdev);
4887 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4890 struct mgmt_mode *cp = data;
4891 struct mgmt_pending_cmd *cmd;
4892 struct hci_request req;
4896 BT_DBG("request for %s", hdev->name);
4898 status = mgmt_le_support(hdev);
4900 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4903 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4904 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4905 MGMT_STATUS_INVALID_PARAMS);
4911 /* The following conditions are ones which mean that we should
4912 * not do any HCI communication but directly send a mgmt
4913 * response to user space (after toggling the flag if
4916 if (!hdev_is_powered(hdev) ||
4917 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4918 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4919 hci_conn_num(hdev, LE_LINK) > 0 ||
4920 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4921 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4925 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4926 if (cp->val == 0x02)
4927 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4929 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4931 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4932 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4935 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4940 err = new_settings(hdev, sk);
4945 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4946 pending_find(MGMT_OP_SET_LE, hdev)) {
4947 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4952 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4958 hci_req_init(&req, hdev);
4960 if (cp->val == 0x02)
4961 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4963 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4965 cancel_adv_timeout(hdev);
4968 /* Switch to instance "0" for the Set Advertising setting.
4969 * We cannot use update_[adv|scan_rsp]_data() here as the
4970 * HCI_ADVERTISING flag is not yet set.
4972 update_inst_adv_data(&req, 0x00);
4973 update_inst_scan_rsp_data(&req, 0x00);
4974 enable_advertising(&req);
4976 disable_advertising(&req);
4979 err = hci_req_run(&req, set_advertising_complete);
4981 mgmt_pending_remove(cmd);
4984 hci_dev_unlock(hdev);
4988 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4989 void *data, u16 len)
4991 struct mgmt_cp_set_static_address *cp = data;
4994 BT_DBG("%s", hdev->name);
4996 if (!lmp_le_capable(hdev))
4997 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4998 MGMT_STATUS_NOT_SUPPORTED);
5000 if (hdev_is_powered(hdev))
5001 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
5002 MGMT_STATUS_REJECTED);
5004 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
5005 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
5006 return mgmt_cmd_status(sk, hdev->id,
5007 MGMT_OP_SET_STATIC_ADDRESS,
5008 MGMT_STATUS_INVALID_PARAMS);
5010 /* Two most significant bits shall be set */
5011 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
5012 return mgmt_cmd_status(sk, hdev->id,
5013 MGMT_OP_SET_STATIC_ADDRESS,
5014 MGMT_STATUS_INVALID_PARAMS);
5019 bacpy(&hdev->static_addr, &cp->bdaddr);
5021 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
5025 err = new_settings(hdev, sk);
5028 hci_dev_unlock(hdev);
5032 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
5033 void *data, u16 len)
5035 struct mgmt_cp_set_scan_params *cp = data;
5036 __u16 interval, window;
5039 BT_DBG("%s", hdev->name);
5041 if (!lmp_le_capable(hdev))
5042 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5043 MGMT_STATUS_NOT_SUPPORTED);
5045 interval = __le16_to_cpu(cp->interval);
5047 if (interval < 0x0004 || interval > 0x4000)
5048 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5049 MGMT_STATUS_INVALID_PARAMS);
5051 window = __le16_to_cpu(cp->window);
5053 if (window < 0x0004 || window > 0x4000)
5054 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5055 MGMT_STATUS_INVALID_PARAMS);
5057 if (window > interval)
5058 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5059 MGMT_STATUS_INVALID_PARAMS);
5063 hdev->le_scan_interval = interval;
5064 hdev->le_scan_window = window;
5066 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
5069 /* If background scan is running, restart it so new parameters are
5072 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
5073 hdev->discovery.state == DISCOVERY_STOPPED) {
5074 struct hci_request req;
5076 hci_req_init(&req, hdev);
5078 hci_req_add_le_scan_disable(&req);
5079 hci_req_add_le_passive_scan(&req);
5081 hci_req_run(&req, NULL);
5084 hci_dev_unlock(hdev);
5089 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
5092 struct mgmt_pending_cmd *cmd;
5094 BT_DBG("status 0x%02x", status);
5098 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5103 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5104 mgmt_status(status));
5106 struct mgmt_mode *cp = cmd->param;
5109 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
5111 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5113 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5114 new_settings(hdev, cmd->sk);
5117 mgmt_pending_remove(cmd);
5120 hci_dev_unlock(hdev);
5123 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
5124 void *data, u16 len)
5126 struct mgmt_mode *cp = data;
5127 struct mgmt_pending_cmd *cmd;
5128 struct hci_request req;
5131 BT_DBG("%s", hdev->name);
5133 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
5134 hdev->hci_ver < BLUETOOTH_VER_1_2)
5135 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5136 MGMT_STATUS_NOT_SUPPORTED);
5138 if (cp->val != 0x00 && cp->val != 0x01)
5139 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5140 MGMT_STATUS_INVALID_PARAMS);
5144 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
5145 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5150 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
5151 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5156 if (!hdev_is_powered(hdev)) {
5157 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
5158 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5160 new_settings(hdev, sk);
5164 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
5171 hci_req_init(&req, hdev);
5173 write_fast_connectable(&req, cp->val);
5175 err = hci_req_run(&req, fast_connectable_complete);
5177 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5178 MGMT_STATUS_FAILED);
5179 mgmt_pending_remove(cmd);
5183 hci_dev_unlock(hdev);
5188 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5190 struct mgmt_pending_cmd *cmd;
5192 BT_DBG("status 0x%02x", status);
5196 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
5201 u8 mgmt_err = mgmt_status(status);
5203 /* We need to restore the flag if related HCI commands
5206 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
5208 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
5210 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5211 new_settings(hdev, cmd->sk);
5214 mgmt_pending_remove(cmd);
5217 hci_dev_unlock(hdev);
5220 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5222 struct mgmt_mode *cp = data;
5223 struct mgmt_pending_cmd *cmd;
5224 struct hci_request req;
5227 BT_DBG("request for %s", hdev->name);
5229 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
5230 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5231 MGMT_STATUS_NOT_SUPPORTED);
5233 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5234 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5235 MGMT_STATUS_REJECTED);
5237 if (cp->val != 0x00 && cp->val != 0x01)
5238 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5239 MGMT_STATUS_INVALID_PARAMS);
5243 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5244 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5248 if (!hdev_is_powered(hdev)) {
5250 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
5251 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
5252 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
5253 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5254 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
5257 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
5259 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5263 err = new_settings(hdev, sk);
5267 /* Reject disabling when powered on */
5269 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5270 MGMT_STATUS_REJECTED);
5273 /* When configuring a dual-mode controller to operate
5274 * with LE only and using a static address, then switching
5275 * BR/EDR back on is not allowed.
5277 * Dual-mode controllers shall operate with the public
5278 * address as its identity address for BR/EDR and LE. So
5279 * reject the attempt to create an invalid configuration.
5281 * The same restrictions applies when secure connections
5282 * has been enabled. For BR/EDR this is a controller feature
5283 * while for LE it is a host stack feature. This means that
5284 * switching BR/EDR back on when secure connections has been
5285 * enabled is not a supported transaction.
5287 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5288 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5289 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
5290 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5291 MGMT_STATUS_REJECTED);
5296 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
5297 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5302 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5308 /* We need to flip the bit already here so that update_adv_data
5309 * generates the correct flags.
5311 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
5313 hci_req_init(&req, hdev);
5315 write_fast_connectable(&req, false);
5316 __hci_update_page_scan(&req);
5318 /* Since only the advertising data flags will change, there
5319 * is no need to update the scan response data.
5321 update_adv_data(&req);
5323 err = hci_req_run(&req, set_bredr_complete);
5325 mgmt_pending_remove(cmd);
5328 hci_dev_unlock(hdev);
5332 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5334 struct mgmt_pending_cmd *cmd;
5335 struct mgmt_mode *cp;
5337 BT_DBG("%s status %u", hdev->name, status);
5341 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5346 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5347 mgmt_status(status));
5355 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5356 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5359 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5360 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5363 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5364 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5368 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5369 new_settings(hdev, cmd->sk);
5372 mgmt_pending_remove(cmd);
5374 hci_dev_unlock(hdev);
5377 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5378 void *data, u16 len)
5380 struct mgmt_mode *cp = data;
5381 struct mgmt_pending_cmd *cmd;
5382 struct hci_request req;
5386 BT_DBG("request for %s", hdev->name);
5388 if (!lmp_sc_capable(hdev) &&
5389 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5390 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5391 MGMT_STATUS_NOT_SUPPORTED);
5393 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5394 lmp_sc_capable(hdev) &&
5395 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
5396 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5397 MGMT_STATUS_REJECTED);
5399 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5401 MGMT_STATUS_INVALID_PARAMS);
5405 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5406 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5410 changed = !hci_dev_test_and_set_flag(hdev,
5412 if (cp->val == 0x02)
5413 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5415 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5417 changed = hci_dev_test_and_clear_flag(hdev,
5419 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5422 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5427 err = new_settings(hdev, sk);
5432 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5433 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5440 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5441 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5442 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5446 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5452 hci_req_init(&req, hdev);
5453 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5454 err = hci_req_run(&req, sc_enable_complete);
5456 mgmt_pending_remove(cmd);
5461 hci_dev_unlock(hdev);
5465 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5466 void *data, u16 len)
5468 struct mgmt_mode *cp = data;
5469 bool changed, use_changed;
5472 BT_DBG("request for %s", hdev->name);
5474 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5475 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5476 MGMT_STATUS_INVALID_PARAMS);
5481 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5483 changed = hci_dev_test_and_clear_flag(hdev,
5484 HCI_KEEP_DEBUG_KEYS);
5486 if (cp->val == 0x02)
5487 use_changed = !hci_dev_test_and_set_flag(hdev,
5488 HCI_USE_DEBUG_KEYS);
5490 use_changed = hci_dev_test_and_clear_flag(hdev,
5491 HCI_USE_DEBUG_KEYS);
5493 if (hdev_is_powered(hdev) && use_changed &&
5494 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5495 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5496 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5497 sizeof(mode), &mode);
5500 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5505 err = new_settings(hdev, sk);
5508 hci_dev_unlock(hdev);
5512 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5515 struct mgmt_cp_set_privacy *cp = cp_data;
5519 BT_DBG("request for %s", hdev->name);
5521 if (!lmp_le_capable(hdev))
5522 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5523 MGMT_STATUS_NOT_SUPPORTED);
5525 if (cp->privacy != 0x00 && cp->privacy != 0x01)
5526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5527 MGMT_STATUS_INVALID_PARAMS);
5529 if (hdev_is_powered(hdev))
5530 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5531 MGMT_STATUS_REJECTED);
5535 /* If user space supports this command it is also expected to
5536 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5538 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5541 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
5542 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5543 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5545 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
5546 memset(hdev->irk, 0, sizeof(hdev->irk));
5547 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
5550 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5555 err = new_settings(hdev, sk);
5558 hci_dev_unlock(hdev);
5562 static bool irk_is_valid(struct mgmt_irk_info *irk)
5564 switch (irk->addr.type) {
5565 case BDADDR_LE_PUBLIC:
5568 case BDADDR_LE_RANDOM:
5569 /* Two most significant bits shall be set */
5570 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5578 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5581 struct mgmt_cp_load_irks *cp = cp_data;
5582 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5583 sizeof(struct mgmt_irk_info));
5584 u16 irk_count, expected_len;
5587 BT_DBG("request for %s", hdev->name);
5589 if (!lmp_le_capable(hdev))
5590 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5591 MGMT_STATUS_NOT_SUPPORTED);
5593 irk_count = __le16_to_cpu(cp->irk_count);
5594 if (irk_count > max_irk_count) {
5595 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5596 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5597 MGMT_STATUS_INVALID_PARAMS);
5600 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5601 if (expected_len != len) {
5602 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5604 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5605 MGMT_STATUS_INVALID_PARAMS);
5608 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5610 for (i = 0; i < irk_count; i++) {
5611 struct mgmt_irk_info *key = &cp->irks[i];
5613 if (!irk_is_valid(key))
5614 return mgmt_cmd_status(sk, hdev->id,
5616 MGMT_STATUS_INVALID_PARAMS);
5621 hci_smp_irks_clear(hdev);
5623 for (i = 0; i < irk_count; i++) {
5624 struct mgmt_irk_info *irk = &cp->irks[i];
5626 hci_add_irk(hdev, &irk->addr.bdaddr,
5627 le_addr_type(irk->addr.type), irk->val,
5631 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5633 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5635 hci_dev_unlock(hdev);
5640 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5642 if (key->master != 0x00 && key->master != 0x01)
5645 switch (key->addr.type) {
5646 case BDADDR_LE_PUBLIC:
5649 case BDADDR_LE_RANDOM:
5650 /* Two most significant bits shall be set */
5651 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5659 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5660 void *cp_data, u16 len)
5662 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5663 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5664 sizeof(struct mgmt_ltk_info));
5665 u16 key_count, expected_len;
5668 BT_DBG("request for %s", hdev->name);
5670 if (!lmp_le_capable(hdev))
5671 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5672 MGMT_STATUS_NOT_SUPPORTED);
5674 key_count = __le16_to_cpu(cp->key_count);
5675 if (key_count > max_key_count) {
5676 BT_ERR("load_ltks: too big key_count value %u", key_count);
5677 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5678 MGMT_STATUS_INVALID_PARAMS);
5681 expected_len = sizeof(*cp) + key_count *
5682 sizeof(struct mgmt_ltk_info);
5683 if (expected_len != len) {
5684 BT_ERR("load_keys: expected %u bytes, got %u bytes",
5686 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5687 MGMT_STATUS_INVALID_PARAMS);
5690 BT_DBG("%s key_count %u", hdev->name, key_count);
5692 for (i = 0; i < key_count; i++) {
5693 struct mgmt_ltk_info *key = &cp->keys[i];
5695 if (!ltk_is_valid(key))
5696 return mgmt_cmd_status(sk, hdev->id,
5697 MGMT_OP_LOAD_LONG_TERM_KEYS,
5698 MGMT_STATUS_INVALID_PARAMS);
5703 hci_smp_ltks_clear(hdev);
5705 for (i = 0; i < key_count; i++) {
5706 struct mgmt_ltk_info *key = &cp->keys[i];
5707 u8 type, authenticated;
5709 switch (key->type) {
5710 case MGMT_LTK_UNAUTHENTICATED:
5711 authenticated = 0x00;
5712 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5714 case MGMT_LTK_AUTHENTICATED:
5715 authenticated = 0x01;
5716 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5718 case MGMT_LTK_P256_UNAUTH:
5719 authenticated = 0x00;
5720 type = SMP_LTK_P256;
5722 case MGMT_LTK_P256_AUTH:
5723 authenticated = 0x01;
5724 type = SMP_LTK_P256;
5726 case MGMT_LTK_P256_DEBUG:
5727 authenticated = 0x00;
5728 type = SMP_LTK_P256_DEBUG;
5733 hci_add_ltk(hdev, &key->addr.bdaddr,
5734 le_addr_type(key->addr.type), type, authenticated,
5735 key->val, key->enc_size, key->ediv, key->rand);
5738 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5741 hci_dev_unlock(hdev);
5746 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5748 struct hci_conn *conn = cmd->user_data;
5749 struct mgmt_rp_get_conn_info rp;
5752 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5754 if (status == MGMT_STATUS_SUCCESS) {
5755 rp.rssi = conn->rssi;
5756 rp.tx_power = conn->tx_power;
5757 rp.max_tx_power = conn->max_tx_power;
5759 rp.rssi = HCI_RSSI_INVALID;
5760 rp.tx_power = HCI_TX_POWER_INVALID;
5761 rp.max_tx_power = HCI_TX_POWER_INVALID;
5764 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5765 status, &rp, sizeof(rp));
5767 hci_conn_drop(conn);
5773 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5776 struct hci_cp_read_rssi *cp;
5777 struct mgmt_pending_cmd *cmd;
5778 struct hci_conn *conn;
5782 BT_DBG("status 0x%02x", hci_status);
5786 /* Commands sent in request are either Read RSSI or Read Transmit Power
5787 * Level so we check which one was last sent to retrieve connection
5788 * handle. Both commands have handle as first parameter so it's safe to
5789 * cast data on the same command struct.
5791 * First command sent is always Read RSSI and we fail only if it fails.
5792 * In other case we simply override error to indicate success as we
5793 * already remembered if TX power value is actually valid.
5795 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5797 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5798 status = MGMT_STATUS_SUCCESS;
5800 status = mgmt_status(hci_status);
5804 BT_ERR("invalid sent_cmd in conn_info response");
5808 handle = __le16_to_cpu(cp->handle);
5809 conn = hci_conn_hash_lookup_handle(hdev, handle);
5811 BT_ERR("unknown handle (%d) in conn_info response", handle);
5815 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5819 cmd->cmd_complete(cmd, status);
5820 mgmt_pending_remove(cmd);
5823 hci_dev_unlock(hdev);
5826 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5829 struct mgmt_cp_get_conn_info *cp = data;
5830 struct mgmt_rp_get_conn_info rp;
5831 struct hci_conn *conn;
5832 unsigned long conn_info_age;
5835 BT_DBG("%s", hdev->name);
5837 memset(&rp, 0, sizeof(rp));
5838 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5839 rp.addr.type = cp->addr.type;
5841 if (!bdaddr_type_is_valid(cp->addr.type))
5842 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5843 MGMT_STATUS_INVALID_PARAMS,
5848 if (!hdev_is_powered(hdev)) {
5849 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5850 MGMT_STATUS_NOT_POWERED, &rp,
5855 if (cp->addr.type == BDADDR_BREDR)
5856 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5859 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5861 if (!conn || conn->state != BT_CONNECTED) {
5862 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5863 MGMT_STATUS_NOT_CONNECTED, &rp,
5868 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5869 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5870 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5874 /* To avoid client trying to guess when to poll again for information we
5875 * calculate conn info age as random value between min/max set in hdev.
5877 conn_info_age = hdev->conn_info_min_age +
5878 prandom_u32_max(hdev->conn_info_max_age -
5879 hdev->conn_info_min_age);
5881 /* Query controller to refresh cached values if they are too old or were
5884 if (time_after(jiffies, conn->conn_info_timestamp +
5885 msecs_to_jiffies(conn_info_age)) ||
5886 !conn->conn_info_timestamp) {
5887 struct hci_request req;
5888 struct hci_cp_read_tx_power req_txp_cp;
5889 struct hci_cp_read_rssi req_rssi_cp;
5890 struct mgmt_pending_cmd *cmd;
5892 hci_req_init(&req, hdev);
5893 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5894 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5897 /* For LE links TX power does not change thus we don't need to
5898 * query for it once value is known.
5900 if (!bdaddr_type_is_le(cp->addr.type) ||
5901 conn->tx_power == HCI_TX_POWER_INVALID) {
5902 req_txp_cp.handle = cpu_to_le16(conn->handle);
5903 req_txp_cp.type = 0x00;
5904 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5905 sizeof(req_txp_cp), &req_txp_cp);
5908 /* Max TX power needs to be read only once per connection */
5909 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5910 req_txp_cp.handle = cpu_to_le16(conn->handle);
5911 req_txp_cp.type = 0x01;
5912 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5913 sizeof(req_txp_cp), &req_txp_cp);
5916 err = hci_req_run(&req, conn_info_refresh_complete);
5920 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5927 hci_conn_hold(conn);
5928 cmd->user_data = hci_conn_get(conn);
5929 cmd->cmd_complete = conn_info_cmd_complete;
5931 conn->conn_info_timestamp = jiffies;
5933 /* Cache is valid, just reply with values cached in hci_conn */
5934 rp.rssi = conn->rssi;
5935 rp.tx_power = conn->tx_power;
5936 rp.max_tx_power = conn->max_tx_power;
5938 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5939 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5943 hci_dev_unlock(hdev);
5947 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5949 struct hci_conn *conn = cmd->user_data;
5950 struct mgmt_rp_get_clock_info rp;
5951 struct hci_dev *hdev;
5954 memset(&rp, 0, sizeof(rp));
5955 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5960 hdev = hci_dev_get(cmd->index);
5962 rp.local_clock = cpu_to_le32(hdev->clock);
5967 rp.piconet_clock = cpu_to_le32(conn->clock);
5968 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5972 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5976 hci_conn_drop(conn);
5983 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5985 struct hci_cp_read_clock *hci_cp;
5986 struct mgmt_pending_cmd *cmd;
5987 struct hci_conn *conn;
5989 BT_DBG("%s status %u", hdev->name, status);
5993 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5997 if (hci_cp->which) {
5998 u16 handle = __le16_to_cpu(hci_cp->handle);
5999 conn = hci_conn_hash_lookup_handle(hdev, handle);
6004 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
6008 cmd->cmd_complete(cmd, mgmt_status(status));
6009 mgmt_pending_remove(cmd);
6012 hci_dev_unlock(hdev);
6015 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
6018 struct mgmt_cp_get_clock_info *cp = data;
6019 struct mgmt_rp_get_clock_info rp;
6020 struct hci_cp_read_clock hci_cp;
6021 struct mgmt_pending_cmd *cmd;
6022 struct hci_request req;
6023 struct hci_conn *conn;
6026 BT_DBG("%s", hdev->name);
6028 memset(&rp, 0, sizeof(rp));
6029 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6030 rp.addr.type = cp->addr.type;
6032 if (cp->addr.type != BDADDR_BREDR)
6033 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6034 MGMT_STATUS_INVALID_PARAMS,
6039 if (!hdev_is_powered(hdev)) {
6040 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6041 MGMT_STATUS_NOT_POWERED, &rp,
6046 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6047 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6049 if (!conn || conn->state != BT_CONNECTED) {
6050 err = mgmt_cmd_complete(sk, hdev->id,
6051 MGMT_OP_GET_CLOCK_INFO,
6052 MGMT_STATUS_NOT_CONNECTED,
6060 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
6066 cmd->cmd_complete = clock_info_cmd_complete;
6068 hci_req_init(&req, hdev);
6070 memset(&hci_cp, 0, sizeof(hci_cp));
6071 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6074 hci_conn_hold(conn);
6075 cmd->user_data = hci_conn_get(conn);
6077 hci_cp.handle = cpu_to_le16(conn->handle);
6078 hci_cp.which = 0x01; /* Piconet clock */
6079 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6082 err = hci_req_run(&req, get_clock_info_complete);
6084 mgmt_pending_remove(cmd);
6087 hci_dev_unlock(hdev);
6091 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
6093 struct hci_conn *conn;
6095 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
6099 if (conn->dst_type != type)
6102 if (conn->state != BT_CONNECTED)
6108 /* This function requires the caller holds hdev->lock */
6109 static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
6110 u8 addr_type, u8 auto_connect)
6112 struct hci_dev *hdev = req->hdev;
6113 struct hci_conn_params *params;
6115 params = hci_conn_params_add(hdev, addr, addr_type);
6119 if (params->auto_connect == auto_connect)
6122 list_del_init(¶ms->action);
6124 switch (auto_connect) {
6125 case HCI_AUTO_CONN_DISABLED:
6126 case HCI_AUTO_CONN_LINK_LOSS:
6127 /* If auto connect is being disabled when we're trying to
6128 * connect to device, keep connecting.
6130 if (params->explicit_connect)
6131 list_add(¶ms->action, &hdev->pend_le_conns);
6133 __hci_update_background_scan(req);
6135 case HCI_AUTO_CONN_REPORT:
6136 if (params->explicit_connect)
6137 list_add(¶ms->action, &hdev->pend_le_conns);
6139 list_add(¶ms->action, &hdev->pend_le_reports);
6140 __hci_update_background_scan(req);
6142 case HCI_AUTO_CONN_DIRECT:
6143 case HCI_AUTO_CONN_ALWAYS:
6144 if (!is_connected(hdev, addr, addr_type)) {
6145 list_add(¶ms->action, &hdev->pend_le_conns);
6146 /* If we are in scan phase of connecting, we were
6147 * already added to pend_le_conns and scanning.
6149 if (params->auto_connect != HCI_AUTO_CONN_EXPLICIT)
6150 __hci_update_background_scan(req);
6155 params->auto_connect = auto_connect;
6157 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
6163 static void device_added(struct sock *sk, struct hci_dev *hdev,
6164 bdaddr_t *bdaddr, u8 type, u8 action)
6166 struct mgmt_ev_device_added ev;
6168 bacpy(&ev.addr.bdaddr, bdaddr);
6169 ev.addr.type = type;
6172 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
6175 static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6177 struct mgmt_pending_cmd *cmd;
6179 BT_DBG("status 0x%02x", status);
6183 cmd = pending_find(MGMT_OP_ADD_DEVICE, hdev);
6187 cmd->cmd_complete(cmd, mgmt_status(status));
6188 mgmt_pending_remove(cmd);
6191 hci_dev_unlock(hdev);
6194 static int add_device(struct sock *sk, struct hci_dev *hdev,
6195 void *data, u16 len)
6197 struct mgmt_cp_add_device *cp = data;
6198 struct mgmt_pending_cmd *cmd;
6199 struct hci_request req;
6200 u8 auto_conn, addr_type;
6203 BT_DBG("%s", hdev->name);
6205 if (!bdaddr_type_is_valid(cp->addr.type) ||
6206 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
6207 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6208 MGMT_STATUS_INVALID_PARAMS,
6209 &cp->addr, sizeof(cp->addr));
6211 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
6212 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6213 MGMT_STATUS_INVALID_PARAMS,
6214 &cp->addr, sizeof(cp->addr));
6216 hci_req_init(&req, hdev);
6220 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
6226 cmd->cmd_complete = addr_cmd_complete;
6228 if (cp->addr.type == BDADDR_BREDR) {
6229 /* Only incoming connections action is supported for now */
6230 if (cp->action != 0x01) {
6231 err = cmd->cmd_complete(cmd,
6232 MGMT_STATUS_INVALID_PARAMS);
6233 mgmt_pending_remove(cmd);
6237 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
6242 __hci_update_page_scan(&req);
6247 addr_type = le_addr_type(cp->addr.type);
6249 if (cp->action == 0x02)
6250 auto_conn = HCI_AUTO_CONN_ALWAYS;
6251 else if (cp->action == 0x01)
6252 auto_conn = HCI_AUTO_CONN_DIRECT;
6254 auto_conn = HCI_AUTO_CONN_REPORT;
6256 /* Kernel internally uses conn_params with resolvable private
6257 * address, but Add Device allows only identity addresses.
6258 * Make sure it is enforced before calling
6259 * hci_conn_params_lookup.
6261 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
6262 err = cmd->cmd_complete(cmd, MGMT_STATUS_INVALID_PARAMS);
6263 mgmt_pending_remove(cmd);
6267 /* If the connection parameters don't exist for this device,
6268 * they will be created and configured with defaults.
6270 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
6272 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
6273 mgmt_pending_remove(cmd);
6278 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
6280 err = hci_req_run(&req, add_device_complete);
6282 /* ENODATA means no HCI commands were needed (e.g. if
6283 * the adapter is powered off).
6285 if (err == -ENODATA)
6286 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6287 mgmt_pending_remove(cmd);
6291 hci_dev_unlock(hdev);
6295 static void device_removed(struct sock *sk, struct hci_dev *hdev,
6296 bdaddr_t *bdaddr, u8 type)
6298 struct mgmt_ev_device_removed ev;
6300 bacpy(&ev.addr.bdaddr, bdaddr);
6301 ev.addr.type = type;
6303 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6306 static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6308 struct mgmt_pending_cmd *cmd;
6310 BT_DBG("status 0x%02x", status);
6314 cmd = pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
6318 cmd->cmd_complete(cmd, mgmt_status(status));
6319 mgmt_pending_remove(cmd);
6322 hci_dev_unlock(hdev);
6325 static int remove_device(struct sock *sk, struct hci_dev *hdev,
6326 void *data, u16 len)
6328 struct mgmt_cp_remove_device *cp = data;
6329 struct mgmt_pending_cmd *cmd;
6330 struct hci_request req;
6333 BT_DBG("%s", hdev->name);
6335 hci_req_init(&req, hdev);
6339 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
6345 cmd->cmd_complete = addr_cmd_complete;
6347 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6348 struct hci_conn_params *params;
6351 if (!bdaddr_type_is_valid(cp->addr.type)) {
6352 err = cmd->cmd_complete(cmd,
6353 MGMT_STATUS_INVALID_PARAMS);
6354 mgmt_pending_remove(cmd);
6358 if (cp->addr.type == BDADDR_BREDR) {
6359 err = hci_bdaddr_list_del(&hdev->whitelist,
6363 err = cmd->cmd_complete(cmd,
6364 MGMT_STATUS_INVALID_PARAMS);
6365 mgmt_pending_remove(cmd);
6369 __hci_update_page_scan(&req);
6371 device_removed(sk, hdev, &cp->addr.bdaddr,
6376 addr_type = le_addr_type(cp->addr.type);
6378 /* Kernel internally uses conn_params with resolvable private
6379 * address, but Remove Device allows only identity addresses.
6380 * Make sure it is enforced before calling
6381 * hci_conn_params_lookup.
6383 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
6384 err = cmd->cmd_complete(cmd,
6385 MGMT_STATUS_INVALID_PARAMS);
6386 mgmt_pending_remove(cmd);
6390 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6393 err = cmd->cmd_complete(cmd,
6394 MGMT_STATUS_INVALID_PARAMS);
6395 mgmt_pending_remove(cmd);
6399 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
6400 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
6401 err = cmd->cmd_complete(cmd,
6402 MGMT_STATUS_INVALID_PARAMS);
6403 mgmt_pending_remove(cmd);
6407 list_del(¶ms->action);
6408 list_del(¶ms->list);
6410 __hci_update_background_scan(&req);
6412 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
6414 struct hci_conn_params *p, *tmp;
6415 struct bdaddr_list *b, *btmp;
6417 if (cp->addr.type) {
6418 err = cmd->cmd_complete(cmd,
6419 MGMT_STATUS_INVALID_PARAMS);
6420 mgmt_pending_remove(cmd);
6424 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6425 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6430 __hci_update_page_scan(&req);
6432 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6433 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6435 device_removed(sk, hdev, &p->addr, p->addr_type);
6436 if (p->explicit_connect) {
6437 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
6440 list_del(&p->action);
6445 BT_DBG("All LE connection parameters were removed");
6447 __hci_update_background_scan(&req);
6451 err = hci_req_run(&req, remove_device_complete);
6453 /* ENODATA means no HCI commands were needed (e.g. if
6454 * the adapter is powered off).
6456 if (err == -ENODATA)
6457 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6458 mgmt_pending_remove(cmd);
6462 hci_dev_unlock(hdev);
6466 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6469 struct mgmt_cp_load_conn_param *cp = data;
6470 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6471 sizeof(struct mgmt_conn_param));
6472 u16 param_count, expected_len;
6475 if (!lmp_le_capable(hdev))
6476 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6477 MGMT_STATUS_NOT_SUPPORTED);
6479 param_count = __le16_to_cpu(cp->param_count);
6480 if (param_count > max_param_count) {
6481 BT_ERR("load_conn_param: too big param_count value %u",
6483 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6484 MGMT_STATUS_INVALID_PARAMS);
6487 expected_len = sizeof(*cp) + param_count *
6488 sizeof(struct mgmt_conn_param);
6489 if (expected_len != len) {
6490 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6492 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6493 MGMT_STATUS_INVALID_PARAMS);
6496 BT_DBG("%s param_count %u", hdev->name, param_count);
6500 hci_conn_params_clear_disabled(hdev);
6502 for (i = 0; i < param_count; i++) {
6503 struct mgmt_conn_param *param = &cp->params[i];
6504 struct hci_conn_params *hci_param;
6505 u16 min, max, latency, timeout;
6508 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
6511 if (param->addr.type == BDADDR_LE_PUBLIC) {
6512 addr_type = ADDR_LE_DEV_PUBLIC;
6513 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6514 addr_type = ADDR_LE_DEV_RANDOM;
6516 BT_ERR("Ignoring invalid connection parameters");
6520 min = le16_to_cpu(param->min_interval);
6521 max = le16_to_cpu(param->max_interval);
6522 latency = le16_to_cpu(param->latency);
6523 timeout = le16_to_cpu(param->timeout);
6525 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6526 min, max, latency, timeout);
6528 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6529 BT_ERR("Ignoring invalid connection parameters");
6533 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
6536 BT_ERR("Failed to add connection parameters");
6540 hci_param->conn_min_interval = min;
6541 hci_param->conn_max_interval = max;
6542 hci_param->conn_latency = latency;
6543 hci_param->supervision_timeout = timeout;
6546 hci_dev_unlock(hdev);
6548 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6552 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6553 void *data, u16 len)
6555 struct mgmt_cp_set_external_config *cp = data;
6559 BT_DBG("%s", hdev->name);
6561 if (hdev_is_powered(hdev))
6562 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6563 MGMT_STATUS_REJECTED);
6565 if (cp->config != 0x00 && cp->config != 0x01)
6566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6567 MGMT_STATUS_INVALID_PARAMS);
6569 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6570 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6571 MGMT_STATUS_NOT_SUPPORTED);
6576 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6578 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6580 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6587 err = new_options(hdev, sk);
6589 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6590 mgmt_index_removed(hdev);
6592 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6593 hci_dev_set_flag(hdev, HCI_CONFIG);
6594 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6596 queue_work(hdev->req_workqueue, &hdev->power_on);
6598 set_bit(HCI_RAW, &hdev->flags);
6599 mgmt_index_added(hdev);
6604 hci_dev_unlock(hdev);
6608 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6609 void *data, u16 len)
6611 struct mgmt_cp_set_public_address *cp = data;
6615 BT_DBG("%s", hdev->name);
6617 if (hdev_is_powered(hdev))
6618 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6619 MGMT_STATUS_REJECTED);
6621 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6622 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6623 MGMT_STATUS_INVALID_PARAMS);
6625 if (!hdev->set_bdaddr)
6626 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6627 MGMT_STATUS_NOT_SUPPORTED);
6631 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6632 bacpy(&hdev->public_addr, &cp->bdaddr);
6634 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6641 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6642 err = new_options(hdev, sk);
6644 if (is_configured(hdev)) {
6645 mgmt_index_removed(hdev);
6647 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6649 hci_dev_set_flag(hdev, HCI_CONFIG);
6650 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6652 queue_work(hdev->req_workqueue, &hdev->power_on);
6656 hci_dev_unlock(hdev);
6660 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6663 eir[eir_len++] = sizeof(type) + data_len;
6664 eir[eir_len++] = type;
6665 memcpy(&eir[eir_len], data, data_len);
6666 eir_len += data_len;
6671 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6672 u16 opcode, struct sk_buff *skb)
6674 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6675 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6676 u8 *h192, *r192, *h256, *r256;
6677 struct mgmt_pending_cmd *cmd;
6681 BT_DBG("%s status %u", hdev->name, status);
6683 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6687 mgmt_cp = cmd->param;
6690 status = mgmt_status(status);
6697 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6698 struct hci_rp_read_local_oob_data *rp;
6700 if (skb->len != sizeof(*rp)) {
6701 status = MGMT_STATUS_FAILED;
6704 status = MGMT_STATUS_SUCCESS;
6705 rp = (void *)skb->data;
6707 eir_len = 5 + 18 + 18;
6714 struct hci_rp_read_local_oob_ext_data *rp;
6716 if (skb->len != sizeof(*rp)) {
6717 status = MGMT_STATUS_FAILED;
6720 status = MGMT_STATUS_SUCCESS;
6721 rp = (void *)skb->data;
6723 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6724 eir_len = 5 + 18 + 18;
6728 eir_len = 5 + 18 + 18 + 18 + 18;
6738 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6745 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6746 hdev->dev_class, 3);
6749 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6750 EIR_SSP_HASH_C192, h192, 16);
6751 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6752 EIR_SSP_RAND_R192, r192, 16);
6756 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6757 EIR_SSP_HASH_C256, h256, 16);
6758 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6759 EIR_SSP_RAND_R256, r256, 16);
6763 mgmt_rp->type = mgmt_cp->type;
6764 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6766 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6767 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6768 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6769 if (err < 0 || status)
6772 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6774 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6775 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6776 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6779 mgmt_pending_remove(cmd);
6782 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6783 struct mgmt_cp_read_local_oob_ext_data *cp)
6785 struct mgmt_pending_cmd *cmd;
6786 struct hci_request req;
6789 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6794 hci_req_init(&req, hdev);
6796 if (bredr_sc_enabled(hdev))
6797 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6799 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6801 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6803 mgmt_pending_remove(cmd);
6810 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6811 void *data, u16 data_len)
6813 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6814 struct mgmt_rp_read_local_oob_ext_data *rp;
6817 u8 status, flags, role, addr[7], hash[16], rand[16];
6820 BT_DBG("%s", hdev->name);
6822 if (hdev_is_powered(hdev)) {
6824 case BIT(BDADDR_BREDR):
6825 status = mgmt_bredr_support(hdev);
6831 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6832 status = mgmt_le_support(hdev);
6836 eir_len = 9 + 3 + 18 + 18 + 3;
6839 status = MGMT_STATUS_INVALID_PARAMS;
6844 status = MGMT_STATUS_NOT_POWERED;
6848 rp_len = sizeof(*rp) + eir_len;
6849 rp = kmalloc(rp_len, GFP_ATOMIC);
6860 case BIT(BDADDR_BREDR):
6861 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6862 err = read_local_ssp_oob_req(hdev, sk, cp);
6863 hci_dev_unlock(hdev);
6867 status = MGMT_STATUS_FAILED;
6870 eir_len = eir_append_data(rp->eir, eir_len,
6872 hdev->dev_class, 3);
6875 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6876 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6877 smp_generate_oob(hdev, hash, rand) < 0) {
6878 hci_dev_unlock(hdev);
6879 status = MGMT_STATUS_FAILED;
6883 /* This should return the active RPA, but since the RPA
6884 * is only programmed on demand, it is really hard to fill
6885 * this in at the moment. For now disallow retrieving
6886 * local out-of-band data when privacy is in use.
6888 * Returning the identity address will not help here since
6889 * pairing happens before the identity resolving key is
6890 * known and thus the connection establishment happens
6891 * based on the RPA and not the identity address.
6893 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6894 hci_dev_unlock(hdev);
6895 status = MGMT_STATUS_REJECTED;
6899 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6900 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6901 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6902 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6903 memcpy(addr, &hdev->static_addr, 6);
6906 memcpy(addr, &hdev->bdaddr, 6);
6910 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6911 addr, sizeof(addr));
6913 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6918 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6919 &role, sizeof(role));
6921 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6922 eir_len = eir_append_data(rp->eir, eir_len,
6924 hash, sizeof(hash));
6926 eir_len = eir_append_data(rp->eir, eir_len,
6928 rand, sizeof(rand));
6931 flags = get_adv_discov_flags(hdev);
6933 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6934 flags |= LE_AD_NO_BREDR;
6936 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6937 &flags, sizeof(flags));
6941 hci_dev_unlock(hdev);
6943 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6945 status = MGMT_STATUS_SUCCESS;
6948 rp->type = cp->type;
6949 rp->eir_len = cpu_to_le16(eir_len);
6951 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6952 status, rp, sizeof(*rp) + eir_len);
6953 if (err < 0 || status)
6956 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6957 rp, sizeof(*rp) + eir_len,
6958 HCI_MGMT_OOB_DATA_EVENTS, sk);
6966 static u32 get_supported_adv_flags(struct hci_dev *hdev)
6970 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6971 flags |= MGMT_ADV_FLAG_DISCOV;
6972 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6973 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6975 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
6976 flags |= MGMT_ADV_FLAG_TX_POWER;
6981 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6982 void *data, u16 data_len)
6984 struct mgmt_rp_read_adv_features *rp;
6988 struct adv_info *adv_instance;
6989 u32 supported_flags;
6991 BT_DBG("%s", hdev->name);
6993 if (!lmp_le_capable(hdev))
6994 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6995 MGMT_STATUS_REJECTED);
6999 rp_len = sizeof(*rp);
7001 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
7003 rp_len += hdev->adv_instance_cnt;
7005 rp = kmalloc(rp_len, GFP_ATOMIC);
7007 hci_dev_unlock(hdev);
7011 supported_flags = get_supported_adv_flags(hdev);
7013 rp->supported_flags = cpu_to_le32(supported_flags);
7014 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
7015 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
7016 rp->max_instances = HCI_MAX_ADV_INSTANCES;
7020 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
7021 if (i >= hdev->adv_instance_cnt)
7024 rp->instance[i] = adv_instance->instance;
7027 rp->num_instances = hdev->adv_instance_cnt;
7029 rp->num_instances = 0;
7032 hci_dev_unlock(hdev);
7034 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7035 MGMT_STATUS_SUCCESS, rp, rp_len);
7042 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
7043 u8 len, bool is_adv_data)
7045 u8 max_len = HCI_MAX_AD_LENGTH;
7047 bool flags_managed = false;
7048 bool tx_power_managed = false;
7049 u32 flags_params = MGMT_ADV_FLAG_DISCOV | MGMT_ADV_FLAG_LIMITED_DISCOV |
7050 MGMT_ADV_FLAG_MANAGED_FLAGS;
7052 if (is_adv_data && (adv_flags & flags_params)) {
7053 flags_managed = true;
7057 if (is_adv_data && (adv_flags & MGMT_ADV_FLAG_TX_POWER)) {
7058 tx_power_managed = true;
7065 /* Make sure that the data is correctly formatted. */
7066 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
7069 if (flags_managed && data[i + 1] == EIR_FLAGS)
7072 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
7075 /* If the current field length would exceed the total data
7076 * length, then it's invalid.
7078 if (i + cur_len >= len)
7085 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
7088 struct mgmt_pending_cmd *cmd;
7089 struct mgmt_cp_add_advertising *cp;
7090 struct mgmt_rp_add_advertising rp;
7091 struct adv_info *adv_instance, *n;
7094 BT_DBG("status %d", status);
7098 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
7101 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
7103 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
7104 if (!adv_instance->pending)
7108 adv_instance->pending = false;
7112 instance = adv_instance->instance;
7114 if (hdev->cur_adv_instance == instance)
7115 cancel_adv_timeout(hdev);
7117 hci_remove_adv_instance(hdev, instance);
7118 advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
7125 rp.instance = cp->instance;
7128 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
7129 mgmt_status(status));
7131 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
7132 mgmt_status(status), &rp, sizeof(rp));
7134 mgmt_pending_remove(cmd);
7137 hci_dev_unlock(hdev);
7140 void mgmt_adv_timeout_expired(struct hci_dev *hdev)
7143 struct hci_request req;
7145 hdev->adv_instance_timeout = 0;
7147 instance = get_current_adv_instance(hdev);
7148 if (instance == 0x00)
7152 hci_req_init(&req, hdev);
7154 clear_adv_instance(hdev, &req, instance, false);
7156 if (list_empty(&hdev->adv_instances))
7157 disable_advertising(&req);
7159 if (!skb_queue_empty(&req.cmd_q))
7160 hci_req_run(&req, NULL);
7162 hci_dev_unlock(hdev);
7165 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
7166 void *data, u16 data_len)
7168 struct mgmt_cp_add_advertising *cp = data;
7169 struct mgmt_rp_add_advertising rp;
7171 u32 supported_flags;
7173 u16 timeout, duration;
7174 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
7175 u8 schedule_instance = 0;
7176 struct adv_info *next_instance;
7178 struct mgmt_pending_cmd *cmd;
7179 struct hci_request req;
7181 BT_DBG("%s", hdev->name);
7183 status = mgmt_le_support(hdev);
7185 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7188 flags = __le32_to_cpu(cp->flags);
7189 timeout = __le16_to_cpu(cp->timeout);
7190 duration = __le16_to_cpu(cp->duration);
7192 /* The current implementation only supports a subset of the specified
7195 supported_flags = get_supported_adv_flags(hdev);
7196 if (flags & ~supported_flags)
7197 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7198 MGMT_STATUS_INVALID_PARAMS);
7202 if (timeout && !hdev_is_powered(hdev)) {
7203 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7204 MGMT_STATUS_REJECTED);
7208 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7209 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7210 pending_find(MGMT_OP_SET_LE, hdev)) {
7211 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7216 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
7217 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
7218 cp->scan_rsp_len, false)) {
7219 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7220 MGMT_STATUS_INVALID_PARAMS);
7224 err = hci_add_adv_instance(hdev, cp->instance, flags,
7225 cp->adv_data_len, cp->data,
7227 cp->data + cp->adv_data_len,
7230 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7231 MGMT_STATUS_FAILED);
7235 /* Only trigger an advertising added event if a new instance was
7238 if (hdev->adv_instance_cnt > prev_instance_cnt)
7239 advertising_added(sk, hdev, cp->instance);
7241 hci_dev_set_flag(hdev, HCI_ADVERTISING_INSTANCE);
7243 if (hdev->cur_adv_instance == cp->instance) {
7244 /* If the currently advertised instance is being changed then
7245 * cancel the current advertising and schedule the next
7246 * instance. If there is only one instance then the overridden
7247 * advertising data will be visible right away.
7249 cancel_adv_timeout(hdev);
7251 next_instance = hci_get_next_instance(hdev, cp->instance);
7253 schedule_instance = next_instance->instance;
7254 } else if (!hdev->adv_instance_timeout) {
7255 /* Immediately advertise the new instance if no other
7256 * instance is currently being advertised.
7258 schedule_instance = cp->instance;
7261 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
7262 * there is no instance to be advertised then we have no HCI
7263 * communication to make. Simply return.
7265 if (!hdev_is_powered(hdev) ||
7266 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7267 !schedule_instance) {
7268 rp.instance = cp->instance;
7269 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7270 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7274 /* We're good to go, update advertising data, parameters, and start
7277 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
7284 hci_req_init(&req, hdev);
7286 err = schedule_adv_instance(&req, schedule_instance, true);
7289 err = hci_req_run(&req, add_advertising_complete);
7292 mgmt_pending_remove(cmd);
7295 hci_dev_unlock(hdev);
7300 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
7303 struct mgmt_pending_cmd *cmd;
7304 struct mgmt_cp_remove_advertising *cp;
7305 struct mgmt_rp_remove_advertising rp;
7307 BT_DBG("status %d", status);
7311 /* A failure status here only means that we failed to disable
7312 * advertising. Otherwise, the advertising instance has been removed,
7313 * so report success.
7315 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
7320 rp.instance = cp->instance;
7322 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
7324 mgmt_pending_remove(cmd);
7327 hci_dev_unlock(hdev);
7330 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
7331 void *data, u16 data_len)
7333 struct mgmt_cp_remove_advertising *cp = data;
7334 struct mgmt_rp_remove_advertising rp;
7335 struct mgmt_pending_cmd *cmd;
7336 struct hci_request req;
7339 BT_DBG("%s", hdev->name);
7343 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
7344 err = mgmt_cmd_status(sk, hdev->id,
7345 MGMT_OP_REMOVE_ADVERTISING,
7346 MGMT_STATUS_INVALID_PARAMS);
7350 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7351 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7352 pending_find(MGMT_OP_SET_LE, hdev)) {
7353 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7358 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
7359 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7360 MGMT_STATUS_INVALID_PARAMS);
7364 hci_req_init(&req, hdev);
7366 clear_adv_instance(hdev, &req, cp->instance, true);
7368 if (list_empty(&hdev->adv_instances))
7369 disable_advertising(&req);
7371 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
7372 * flag is set or the device isn't powered then we have no HCI
7373 * communication to make. Simply return.
7375 if (skb_queue_empty(&req.cmd_q) ||
7376 !hdev_is_powered(hdev) ||
7377 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
7378 rp.instance = cp->instance;
7379 err = mgmt_cmd_complete(sk, hdev->id,
7380 MGMT_OP_REMOVE_ADVERTISING,
7381 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7385 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
7392 err = hci_req_run(&req, remove_advertising_complete);
7394 mgmt_pending_remove(cmd);
7397 hci_dev_unlock(hdev);
7402 static const struct hci_mgmt_handler mgmt_handlers[] = {
7403 { NULL }, /* 0x0000 (no command) */
7404 { read_version, MGMT_READ_VERSION_SIZE,
7406 HCI_MGMT_UNTRUSTED },
7407 { read_commands, MGMT_READ_COMMANDS_SIZE,
7409 HCI_MGMT_UNTRUSTED },
7410 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
7412 HCI_MGMT_UNTRUSTED },
7413 { read_controller_info, MGMT_READ_INFO_SIZE,
7414 HCI_MGMT_UNTRUSTED },
7415 { set_powered, MGMT_SETTING_SIZE },
7416 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
7417 { set_connectable, MGMT_SETTING_SIZE },
7418 { set_fast_connectable, MGMT_SETTING_SIZE },
7419 { set_bondable, MGMT_SETTING_SIZE },
7420 { set_link_security, MGMT_SETTING_SIZE },
7421 { set_ssp, MGMT_SETTING_SIZE },
7422 { set_hs, MGMT_SETTING_SIZE },
7423 { set_le, MGMT_SETTING_SIZE },
7424 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
7425 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
7426 { add_uuid, MGMT_ADD_UUID_SIZE },
7427 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
7428 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
7430 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
7432 { disconnect, MGMT_DISCONNECT_SIZE },
7433 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
7434 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
7435 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7436 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
7437 { pair_device, MGMT_PAIR_DEVICE_SIZE },
7438 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7439 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
7440 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
7441 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7442 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
7443 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
7444 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7445 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
7447 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7448 { start_discovery, MGMT_START_DISCOVERY_SIZE },
7449 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
7450 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
7451 { block_device, MGMT_BLOCK_DEVICE_SIZE },
7452 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
7453 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
7454 { set_advertising, MGMT_SETTING_SIZE },
7455 { set_bredr, MGMT_SETTING_SIZE },
7456 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
7457 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
7458 { set_secure_conn, MGMT_SETTING_SIZE },
7459 { set_debug_keys, MGMT_SETTING_SIZE },
7460 { set_privacy, MGMT_SET_PRIVACY_SIZE },
7461 { load_irks, MGMT_LOAD_IRKS_SIZE,
7463 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
7464 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
7465 { add_device, MGMT_ADD_DEVICE_SIZE },
7466 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
7467 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
7469 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
7471 HCI_MGMT_UNTRUSTED },
7472 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
7473 HCI_MGMT_UNCONFIGURED |
7474 HCI_MGMT_UNTRUSTED },
7475 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
7476 HCI_MGMT_UNCONFIGURED },
7477 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
7478 HCI_MGMT_UNCONFIGURED },
7479 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7481 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
7482 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
7484 HCI_MGMT_UNTRUSTED },
7485 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
7486 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7488 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
7491 void mgmt_index_added(struct hci_dev *hdev)
7493 struct mgmt_ev_ext_index ev;
7495 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7498 switch (hdev->dev_type) {
7500 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7501 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7502 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7505 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7506 HCI_MGMT_INDEX_EVENTS);
7519 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7520 HCI_MGMT_EXT_INDEX_EVENTS);
7523 void mgmt_index_removed(struct hci_dev *hdev)
7525 struct mgmt_ev_ext_index ev;
7526 u8 status = MGMT_STATUS_INVALID_INDEX;
7528 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7531 switch (hdev->dev_type) {
7533 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7535 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7536 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7537 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7540 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7541 HCI_MGMT_INDEX_EVENTS);
7554 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7555 HCI_MGMT_EXT_INDEX_EVENTS);
7558 /* This function requires the caller holds hdev->lock */
7559 static void restart_le_actions(struct hci_request *req)
7561 struct hci_dev *hdev = req->hdev;
7562 struct hci_conn_params *p;
7564 list_for_each_entry(p, &hdev->le_conn_params, list) {
7565 /* Needed for AUTO_OFF case where might not "really"
7566 * have been powered off.
7568 list_del_init(&p->action);
7570 switch (p->auto_connect) {
7571 case HCI_AUTO_CONN_DIRECT:
7572 case HCI_AUTO_CONN_ALWAYS:
7573 list_add(&p->action, &hdev->pend_le_conns);
7575 case HCI_AUTO_CONN_REPORT:
7576 list_add(&p->action, &hdev->pend_le_reports);
7583 __hci_update_background_scan(req);
7586 static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7588 struct cmd_lookup match = { NULL, hdev };
7590 BT_DBG("status 0x%02x", status);
7593 /* Register the available SMP channels (BR/EDR and LE) only
7594 * when successfully powering on the controller. This late
7595 * registration is required so that LE SMP can clearly
7596 * decide if the public address or static address is used.
7603 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7605 new_settings(hdev, match.sk);
7607 hci_dev_unlock(hdev);
7613 static int powered_update_hci(struct hci_dev *hdev)
7615 struct hci_request req;
7616 struct adv_info *adv_instance;
7619 hci_req_init(&req, hdev);
7621 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
7622 !lmp_host_ssp_capable(hdev)) {
7625 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
7627 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
7630 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
7631 sizeof(support), &support);
7635 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
7636 lmp_bredr_capable(hdev)) {
7637 struct hci_cp_write_le_host_supported cp;
7642 /* Check first if we already have the right
7643 * host state (host features set)
7645 if (cp.le != lmp_host_le_capable(hdev) ||
7646 cp.simul != lmp_host_le_br_capable(hdev))
7647 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
7651 if (lmp_le_capable(hdev)) {
7652 /* Make sure the controller has a good default for
7653 * advertising data. This also applies to the case
7654 * where BR/EDR was toggled during the AUTO_OFF phase.
7656 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
7657 (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7658 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))) {
7659 update_adv_data(&req);
7660 update_scan_rsp_data(&req);
7663 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
7664 hdev->cur_adv_instance == 0x00 &&
7665 !list_empty(&hdev->adv_instances)) {
7666 adv_instance = list_first_entry(&hdev->adv_instances,
7667 struct adv_info, list);
7668 hdev->cur_adv_instance = adv_instance->instance;
7671 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7672 enable_advertising(&req);
7673 else if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
7674 hdev->cur_adv_instance)
7675 schedule_adv_instance(&req, hdev->cur_adv_instance,
7678 restart_le_actions(&req);
7681 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
7682 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
7683 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
7684 sizeof(link_sec), &link_sec);
7686 if (lmp_bredr_capable(hdev)) {
7687 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
7688 write_fast_connectable(&req, true);
7690 write_fast_connectable(&req, false);
7691 __hci_update_page_scan(&req);
7697 return hci_req_run(&req, powered_complete);
7700 int mgmt_powered(struct hci_dev *hdev, u8 powered)
7702 struct cmd_lookup match = { NULL, hdev };
7703 u8 status, zero_cod[] = { 0, 0, 0 };
7706 if (!hci_dev_test_flag(hdev, HCI_MGMT))
7710 if (powered_update_hci(hdev) == 0)
7713 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
7718 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7720 /* If the power off is because of hdev unregistration let
7721 * use the appropriate INVALID_INDEX status. Otherwise use
7722 * NOT_POWERED. We cover both scenarios here since later in
7723 * mgmt_index_removed() any hci_conn callbacks will have already
7724 * been triggered, potentially causing misleading DISCONNECTED
7727 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7728 status = MGMT_STATUS_INVALID_INDEX;
7730 status = MGMT_STATUS_NOT_POWERED;
7732 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7734 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
7735 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7736 zero_cod, sizeof(zero_cod), NULL);
7739 err = new_settings(hdev, match.sk);
7747 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7749 struct mgmt_pending_cmd *cmd;
7752 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7756 if (err == -ERFKILL)
7757 status = MGMT_STATUS_RFKILLED;
7759 status = MGMT_STATUS_FAILED;
7761 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7763 mgmt_pending_remove(cmd);
7766 void mgmt_discoverable_timeout(struct hci_dev *hdev)
7768 struct hci_request req;
7772 /* When discoverable timeout triggers, then just make sure
7773 * the limited discoverable flag is cleared. Even in the case
7774 * of a timeout triggered from general discoverable, it is
7775 * safe to unconditionally clear the flag.
7777 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7778 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
7780 hci_req_init(&req, hdev);
7781 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
7782 u8 scan = SCAN_PAGE;
7783 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7784 sizeof(scan), &scan);
7788 /* Advertising instances don't use the global discoverable setting, so
7789 * only update AD if advertising was enabled using Set Advertising.
7791 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7792 update_adv_data(&req);
7794 hci_req_run(&req, NULL);
7796 hdev->discov_timeout = 0;
7798 new_settings(hdev, NULL);
7800 hci_dev_unlock(hdev);
7803 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7806 struct mgmt_ev_new_link_key ev;
7808 memset(&ev, 0, sizeof(ev));
7810 ev.store_hint = persistent;
7811 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7812 ev.key.addr.type = BDADDR_BREDR;
7813 ev.key.type = key->type;
7814 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7815 ev.key.pin_len = key->pin_len;
7817 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7820 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7822 switch (ltk->type) {
7825 if (ltk->authenticated)
7826 return MGMT_LTK_AUTHENTICATED;
7827 return MGMT_LTK_UNAUTHENTICATED;
7829 if (ltk->authenticated)
7830 return MGMT_LTK_P256_AUTH;
7831 return MGMT_LTK_P256_UNAUTH;
7832 case SMP_LTK_P256_DEBUG:
7833 return MGMT_LTK_P256_DEBUG;
7836 return MGMT_LTK_UNAUTHENTICATED;
7839 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7841 struct mgmt_ev_new_long_term_key ev;
7843 memset(&ev, 0, sizeof(ev));
7845 /* Devices using resolvable or non-resolvable random addresses
7846 * without providing an identity resolving key don't require
7847 * to store long term keys. Their addresses will change the
7850 * Only when a remote device provides an identity address
7851 * make sure the long term key is stored. If the remote
7852 * identity is known, the long term keys are internally
7853 * mapped to the identity address. So allow static random
7854 * and public addresses here.
7856 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7857 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7858 ev.store_hint = 0x00;
7860 ev.store_hint = persistent;
7862 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7863 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7864 ev.key.type = mgmt_ltk_type(key);
7865 ev.key.enc_size = key->enc_size;
7866 ev.key.ediv = key->ediv;
7867 ev.key.rand = key->rand;
7869 if (key->type == SMP_LTK)
7872 /* Make sure we copy only the significant bytes based on the
7873 * encryption key size, and set the rest of the value to zeroes.
7875 memcpy(ev.key.val, key->val, key->enc_size);
7876 memset(ev.key.val + key->enc_size, 0,
7877 sizeof(ev.key.val) - key->enc_size);
7879 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7882 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
7884 struct mgmt_ev_new_irk ev;
7886 memset(&ev, 0, sizeof(ev));
7888 ev.store_hint = persistent;
7890 bacpy(&ev.rpa, &irk->rpa);
7891 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7892 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7893 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7895 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7898 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7901 struct mgmt_ev_new_csrk ev;
7903 memset(&ev, 0, sizeof(ev));
7905 /* Devices using resolvable or non-resolvable random addresses
7906 * without providing an identity resolving key don't require
7907 * to store signature resolving keys. Their addresses will change
7908 * the next time around.
7910 * Only when a remote device provides an identity address
7911 * make sure the signature resolving key is stored. So allow
7912 * static random and public addresses here.
7914 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7915 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7916 ev.store_hint = 0x00;
7918 ev.store_hint = persistent;
7920 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7921 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7922 ev.key.type = csrk->type;
7923 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7925 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7928 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7929 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7930 u16 max_interval, u16 latency, u16 timeout)
7932 struct mgmt_ev_new_conn_param ev;
7934 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7937 memset(&ev, 0, sizeof(ev));
7938 bacpy(&ev.addr.bdaddr, bdaddr);
7939 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7940 ev.store_hint = store_hint;
7941 ev.min_interval = cpu_to_le16(min_interval);
7942 ev.max_interval = cpu_to_le16(max_interval);
7943 ev.latency = cpu_to_le16(latency);
7944 ev.timeout = cpu_to_le16(timeout);
7946 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7949 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7950 u32 flags, u8 *name, u8 name_len)
7953 struct mgmt_ev_device_connected *ev = (void *) buf;
7956 bacpy(&ev->addr.bdaddr, &conn->dst);
7957 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7959 ev->flags = __cpu_to_le32(flags);
7961 /* We must ensure that the EIR Data fields are ordered and
7962 * unique. Keep it simple for now and avoid the problem by not
7963 * adding any BR/EDR data to the LE adv.
7965 if (conn->le_adv_data_len > 0) {
7966 memcpy(&ev->eir[eir_len],
7967 conn->le_adv_data, conn->le_adv_data_len);
7968 eir_len = conn->le_adv_data_len;
7971 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7974 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7975 eir_len = eir_append_data(ev->eir, eir_len,
7977 conn->dev_class, 3);
7980 ev->eir_len = cpu_to_le16(eir_len);
7982 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7983 sizeof(*ev) + eir_len, NULL);
7986 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7988 struct sock **sk = data;
7990 cmd->cmd_complete(cmd, 0);
7995 mgmt_pending_remove(cmd);
7998 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
8000 struct hci_dev *hdev = data;
8001 struct mgmt_cp_unpair_device *cp = cmd->param;
8003 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
8005 cmd->cmd_complete(cmd, 0);
8006 mgmt_pending_remove(cmd);
8009 bool mgmt_powering_down(struct hci_dev *hdev)
8011 struct mgmt_pending_cmd *cmd;
8012 struct mgmt_mode *cp;
8014 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
8025 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
8026 u8 link_type, u8 addr_type, u8 reason,
8027 bool mgmt_connected)
8029 struct mgmt_ev_device_disconnected ev;
8030 struct sock *sk = NULL;
8032 /* The connection is still in hci_conn_hash so test for 1
8033 * instead of 0 to know if this is the last one.
8035 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8036 cancel_delayed_work(&hdev->power_off);
8037 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8040 if (!mgmt_connected)
8043 if (link_type != ACL_LINK && link_type != LE_LINK)
8046 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
8048 bacpy(&ev.addr.bdaddr, bdaddr);
8049 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8052 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8057 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8061 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
8062 u8 link_type, u8 addr_type, u8 status)
8064 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
8065 struct mgmt_cp_disconnect *cp;
8066 struct mgmt_pending_cmd *cmd;
8068 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8071 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8077 if (bacmp(bdaddr, &cp->addr.bdaddr))
8080 if (cp->addr.type != bdaddr_type)
8083 cmd->cmd_complete(cmd, mgmt_status(status));
8084 mgmt_pending_remove(cmd);
8087 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8088 u8 addr_type, u8 status)
8090 struct mgmt_ev_connect_failed ev;
8092 /* The connection is still in hci_conn_hash so test for 1
8093 * instead of 0 to know if this is the last one.
8095 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8096 cancel_delayed_work(&hdev->power_off);
8097 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8100 bacpy(&ev.addr.bdaddr, bdaddr);
8101 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8102 ev.status = mgmt_status(status);
8104 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
8107 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
8109 struct mgmt_ev_pin_code_request ev;
8111 bacpy(&ev.addr.bdaddr, bdaddr);
8112 ev.addr.type = BDADDR_BREDR;
8115 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
8118 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8121 struct mgmt_pending_cmd *cmd;
8123 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
8127 cmd->cmd_complete(cmd, mgmt_status(status));
8128 mgmt_pending_remove(cmd);
8131 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8134 struct mgmt_pending_cmd *cmd;
8136 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
8140 cmd->cmd_complete(cmd, mgmt_status(status));
8141 mgmt_pending_remove(cmd);
8144 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8145 u8 link_type, u8 addr_type, u32 value,
8148 struct mgmt_ev_user_confirm_request ev;
8150 BT_DBG("%s", hdev->name);
8152 bacpy(&ev.addr.bdaddr, bdaddr);
8153 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8154 ev.confirm_hint = confirm_hint;
8155 ev.value = cpu_to_le32(value);
8157 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
8161 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8162 u8 link_type, u8 addr_type)
8164 struct mgmt_ev_user_passkey_request ev;
8166 BT_DBG("%s", hdev->name);
8168 bacpy(&ev.addr.bdaddr, bdaddr);
8169 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8171 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
8175 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8176 u8 link_type, u8 addr_type, u8 status,
8179 struct mgmt_pending_cmd *cmd;
8181 cmd = pending_find(opcode, hdev);
8185 cmd->cmd_complete(cmd, mgmt_status(status));
8186 mgmt_pending_remove(cmd);
8191 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8192 u8 link_type, u8 addr_type, u8 status)
8194 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8195 status, MGMT_OP_USER_CONFIRM_REPLY);
8198 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8199 u8 link_type, u8 addr_type, u8 status)
8201 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8203 MGMT_OP_USER_CONFIRM_NEG_REPLY);
8206 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8207 u8 link_type, u8 addr_type, u8 status)
8209 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8210 status, MGMT_OP_USER_PASSKEY_REPLY);
8213 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8214 u8 link_type, u8 addr_type, u8 status)
8216 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8218 MGMT_OP_USER_PASSKEY_NEG_REPLY);
8221 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
8222 u8 link_type, u8 addr_type, u32 passkey,
8225 struct mgmt_ev_passkey_notify ev;
8227 BT_DBG("%s", hdev->name);
8229 bacpy(&ev.addr.bdaddr, bdaddr);
8230 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8231 ev.passkey = __cpu_to_le32(passkey);
8232 ev.entered = entered;
8234 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
8237 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
8239 struct mgmt_ev_auth_failed ev;
8240 struct mgmt_pending_cmd *cmd;
8241 u8 status = mgmt_status(hci_status);
8243 bacpy(&ev.addr.bdaddr, &conn->dst);
8244 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8247 cmd = find_pairing(conn);
8249 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
8250 cmd ? cmd->sk : NULL);
8253 cmd->cmd_complete(cmd, status);
8254 mgmt_pending_remove(cmd);
8258 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
8260 struct cmd_lookup match = { NULL, hdev };
8264 u8 mgmt_err = mgmt_status(status);
8265 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
8266 cmd_status_rsp, &mgmt_err);
8270 if (test_bit(HCI_AUTH, &hdev->flags))
8271 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
8273 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
8275 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
8279 new_settings(hdev, match.sk);
8285 static void clear_eir(struct hci_request *req)
8287 struct hci_dev *hdev = req->hdev;
8288 struct hci_cp_write_eir cp;
8290 if (!lmp_ext_inq_capable(hdev))
8293 memset(hdev->eir, 0, sizeof(hdev->eir));
8295 memset(&cp, 0, sizeof(cp));
8297 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
8300 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
8302 struct cmd_lookup match = { NULL, hdev };
8303 struct hci_request req;
8304 bool changed = false;
8307 u8 mgmt_err = mgmt_status(status);
8309 if (enable && hci_dev_test_and_clear_flag(hdev,
8311 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
8312 new_settings(hdev, NULL);
8315 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
8321 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
8323 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
8325 changed = hci_dev_test_and_clear_flag(hdev,
8328 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
8331 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
8334 new_settings(hdev, match.sk);
8339 hci_req_init(&req, hdev);
8341 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
8342 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
8343 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
8344 sizeof(enable), &enable);
8350 hci_req_run(&req, NULL);
8353 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
8355 struct cmd_lookup *match = data;
8357 if (match->sk == NULL) {
8358 match->sk = cmd->sk;
8359 sock_hold(match->sk);
8363 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
8366 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
8368 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
8369 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
8370 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
8373 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8374 dev_class, 3, NULL);
8380 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
8382 struct mgmt_cp_set_local_name ev;
8383 struct mgmt_pending_cmd *cmd;
8388 memset(&ev, 0, sizeof(ev));
8389 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
8390 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
8392 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
8394 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
8396 /* If this is a HCI command related to powering on the
8397 * HCI dev don't send any mgmt signals.
8399 if (pending_find(MGMT_OP_SET_POWERED, hdev))
8403 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
8404 cmd ? cmd->sk : NULL);
8407 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
8411 for (i = 0; i < uuid_count; i++) {
8412 if (!memcmp(uuid, uuids[i], 16))
8419 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
8423 while (parsed < eir_len) {
8424 u8 field_len = eir[0];
8431 if (eir_len - parsed < field_len + 1)
8435 case EIR_UUID16_ALL:
8436 case EIR_UUID16_SOME:
8437 for (i = 0; i + 3 <= field_len; i += 2) {
8438 memcpy(uuid, bluetooth_base_uuid, 16);
8439 uuid[13] = eir[i + 3];
8440 uuid[12] = eir[i + 2];
8441 if (has_uuid(uuid, uuid_count, uuids))
8445 case EIR_UUID32_ALL:
8446 case EIR_UUID32_SOME:
8447 for (i = 0; i + 5 <= field_len; i += 4) {
8448 memcpy(uuid, bluetooth_base_uuid, 16);
8449 uuid[15] = eir[i + 5];
8450 uuid[14] = eir[i + 4];
8451 uuid[13] = eir[i + 3];
8452 uuid[12] = eir[i + 2];
8453 if (has_uuid(uuid, uuid_count, uuids))
8457 case EIR_UUID128_ALL:
8458 case EIR_UUID128_SOME:
8459 for (i = 0; i + 17 <= field_len; i += 16) {
8460 memcpy(uuid, eir + i + 2, 16);
8461 if (has_uuid(uuid, uuid_count, uuids))
8467 parsed += field_len + 1;
8468 eir += field_len + 1;
8474 static void restart_le_scan(struct hci_dev *hdev)
8476 /* If controller is not scanning we are done. */
8477 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
8480 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8481 hdev->discovery.scan_start +
8482 hdev->discovery.scan_duration))
8485 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
8486 DISCOV_LE_RESTART_DELAY);
8489 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8490 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8492 /* If a RSSI threshold has been specified, and
8493 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
8494 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
8495 * is set, let it through for further processing, as we might need to
8498 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
8499 * the results are also dropped.
8501 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8502 (rssi == HCI_RSSI_INVALID ||
8503 (rssi < hdev->discovery.rssi &&
8504 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
8507 if (hdev->discovery.uuid_count != 0) {
8508 /* If a list of UUIDs is provided in filter, results with no
8509 * matching UUID should be dropped.
8511 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8512 hdev->discovery.uuids) &&
8513 !eir_has_uuids(scan_rsp, scan_rsp_len,
8514 hdev->discovery.uuid_count,
8515 hdev->discovery.uuids))
8519 /* If duplicate filtering does not report RSSI changes, then restart
8520 * scanning to ensure updated result with updated RSSI values.
8522 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8523 restart_le_scan(hdev);
8525 /* Validate RSSI value against the RSSI threshold once more. */
8526 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8527 rssi < hdev->discovery.rssi)
8534 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8535 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8536 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8539 struct mgmt_ev_device_found *ev = (void *)buf;
8542 /* Don't send events for a non-kernel initiated discovery. With
8543 * LE one exception is if we have pend_le_reports > 0 in which
8544 * case we're doing passive scanning and want these events.
8546 if (!hci_discovery_active(hdev)) {
8547 if (link_type == ACL_LINK)
8549 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8553 if (hdev->discovery.result_filtering) {
8554 /* We are using service discovery */
8555 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8560 /* Make sure that the buffer is big enough. The 5 extra bytes
8561 * are for the potential CoD field.
8563 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
8566 memset(buf, 0, sizeof(buf));
8568 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8569 * RSSI value was reported as 0 when not available. This behavior
8570 * is kept when using device discovery. This is required for full
8571 * backwards compatibility with the API.
8573 * However when using service discovery, the value 127 will be
8574 * returned when the RSSI is not available.
8576 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8577 link_type == ACL_LINK)
8580 bacpy(&ev->addr.bdaddr, bdaddr);
8581 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8583 ev->flags = cpu_to_le32(flags);
8586 /* Copy EIR or advertising data into event */
8587 memcpy(ev->eir, eir, eir_len);
8589 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
8590 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8593 if (scan_rsp_len > 0)
8594 /* Append scan response data to event */
8595 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8597 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8598 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
8600 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
8603 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8604 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
8606 struct mgmt_ev_device_found *ev;
8607 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8610 ev = (struct mgmt_ev_device_found *) buf;
8612 memset(buf, 0, sizeof(buf));
8614 bacpy(&ev->addr.bdaddr, bdaddr);
8615 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8618 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8621 ev->eir_len = cpu_to_le16(eir_len);
8623 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
8626 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
8628 struct mgmt_ev_discovering ev;
8630 BT_DBG("%s discovering %u", hdev->name, discovering);
8632 memset(&ev, 0, sizeof(ev));
8633 ev.type = hdev->discovery.type;
8634 ev.discovering = discovering;
8636 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8639 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8641 BT_DBG("%s status %u", hdev->name, status);
8644 void mgmt_reenable_advertising(struct hci_dev *hdev)
8646 struct hci_request req;
8649 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
8650 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
8653 instance = get_current_adv_instance(hdev);
8655 hci_req_init(&req, hdev);
8658 schedule_adv_instance(&req, instance, true);
8660 update_adv_data(&req);
8661 update_scan_rsp_data(&req);
8662 enable_advertising(&req);
8665 hci_req_run(&req, adv_enable_complete);
8668 static struct hci_mgmt_chan chan = {
8669 .channel = HCI_CHANNEL_CONTROL,
8670 .handler_count = ARRAY_SIZE(mgmt_handlers),
8671 .handlers = mgmt_handlers,
8672 .hdev_init = mgmt_init_hdev,
8677 return hci_mgmt_chan_register(&chan);
8680 void mgmt_exit(void)
8682 hci_mgmt_chan_unregister(&chan);