2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 10
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
107 static const u16 mgmt_events[] = {
108 MGMT_EV_CONTROLLER_ERROR,
110 MGMT_EV_INDEX_REMOVED,
111 MGMT_EV_NEW_SETTINGS,
112 MGMT_EV_CLASS_OF_DEV_CHANGED,
113 MGMT_EV_LOCAL_NAME_CHANGED,
114 MGMT_EV_NEW_LINK_KEY,
115 MGMT_EV_NEW_LONG_TERM_KEY,
116 MGMT_EV_DEVICE_CONNECTED,
117 MGMT_EV_DEVICE_DISCONNECTED,
118 MGMT_EV_CONNECT_FAILED,
119 MGMT_EV_PIN_CODE_REQUEST,
120 MGMT_EV_USER_CONFIRM_REQUEST,
121 MGMT_EV_USER_PASSKEY_REQUEST,
123 MGMT_EV_DEVICE_FOUND,
125 MGMT_EV_DEVICE_BLOCKED,
126 MGMT_EV_DEVICE_UNBLOCKED,
127 MGMT_EV_DEVICE_UNPAIRED,
128 MGMT_EV_PASSKEY_NOTIFY,
131 MGMT_EV_DEVICE_ADDED,
132 MGMT_EV_DEVICE_REMOVED,
133 MGMT_EV_NEW_CONN_PARAM,
134 MGMT_EV_UNCONF_INDEX_ADDED,
135 MGMT_EV_UNCONF_INDEX_REMOVED,
136 MGMT_EV_NEW_CONFIG_OPTIONS,
137 MGMT_EV_EXT_INDEX_ADDED,
138 MGMT_EV_EXT_INDEX_REMOVED,
139 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
140 MGMT_EV_ADVERTISING_ADDED,
141 MGMT_EV_ADVERTISING_REMOVED,
144 static const u16 mgmt_untrusted_commands[] = {
145 MGMT_OP_READ_INDEX_LIST,
147 MGMT_OP_READ_UNCONF_INDEX_LIST,
148 MGMT_OP_READ_CONFIG_INFO,
149 MGMT_OP_READ_EXT_INDEX_LIST,
152 static const u16 mgmt_untrusted_events[] = {
154 MGMT_EV_INDEX_REMOVED,
155 MGMT_EV_NEW_SETTINGS,
156 MGMT_EV_CLASS_OF_DEV_CHANGED,
157 MGMT_EV_LOCAL_NAME_CHANGED,
158 MGMT_EV_UNCONF_INDEX_ADDED,
159 MGMT_EV_UNCONF_INDEX_REMOVED,
160 MGMT_EV_NEW_CONFIG_OPTIONS,
161 MGMT_EV_EXT_INDEX_ADDED,
162 MGMT_EV_EXT_INDEX_REMOVED,
165 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
167 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
168 "\x00\x00\x00\x00\x00\x00\x00\x00"
170 /* HCI to MGMT error code conversion table */
171 static u8 mgmt_status_table[] = {
173 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
174 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
175 MGMT_STATUS_FAILED, /* Hardware Failure */
176 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
177 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
178 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
179 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
180 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
181 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
183 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
184 MGMT_STATUS_BUSY, /* Command Disallowed */
185 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
186 MGMT_STATUS_REJECTED, /* Rejected Security */
187 MGMT_STATUS_REJECTED, /* Rejected Personal */
188 MGMT_STATUS_TIMEOUT, /* Host Timeout */
189 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
190 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
191 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
192 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
193 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
194 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
195 MGMT_STATUS_BUSY, /* Repeated Attempts */
196 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
197 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
198 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
199 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
200 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
201 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
202 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
203 MGMT_STATUS_FAILED, /* Unspecified Error */
204 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
205 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
206 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
207 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
208 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
209 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
210 MGMT_STATUS_FAILED, /* Unit Link Key Used */
211 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
212 MGMT_STATUS_TIMEOUT, /* Instant Passed */
213 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
214 MGMT_STATUS_FAILED, /* Transaction Collision */
215 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
216 MGMT_STATUS_REJECTED, /* QoS Rejected */
217 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
218 MGMT_STATUS_REJECTED, /* Insufficient Security */
219 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
220 MGMT_STATUS_BUSY, /* Role Switch Pending */
221 MGMT_STATUS_FAILED, /* Slot Violation */
222 MGMT_STATUS_FAILED, /* Role Switch Failed */
223 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
224 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
225 MGMT_STATUS_BUSY, /* Host Busy Pairing */
226 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
227 MGMT_STATUS_BUSY, /* Controller Busy */
228 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
229 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
230 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
231 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
232 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
235 static u8 mgmt_status(u8 hci_status)
237 if (hci_status < ARRAY_SIZE(mgmt_status_table))
238 return mgmt_status_table[hci_status];
240 return MGMT_STATUS_FAILED;
243 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
246 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
250 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag, struct sock *skip_sk)
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, struct sock *skip_sk)
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 HCI_MGMT_GENERIC_EVENTS, skip_sk);
264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
271 static u8 le_addr_type(u8 mgmt_addr_type)
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
276 return ADDR_LE_DEV_RANDOM;
279 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
282 struct mgmt_rp_read_version rp;
284 BT_DBG("sock %p", sk);
286 rp.version = MGMT_VERSION;
287 rp.revision = cpu_to_le16(MGMT_REVISION);
289 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
293 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
296 struct mgmt_rp_read_commands *rp;
297 u16 num_commands, num_events;
301 BT_DBG("sock %p", sk);
303 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
304 num_commands = ARRAY_SIZE(mgmt_commands);
305 num_events = ARRAY_SIZE(mgmt_events);
307 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
308 num_events = ARRAY_SIZE(mgmt_untrusted_events);
311 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
313 rp = kmalloc(rp_size, GFP_KERNEL);
317 rp->num_commands = cpu_to_le16(num_commands);
318 rp->num_events = cpu_to_le16(num_events);
320 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
321 __le16 *opcode = rp->opcodes;
323 for (i = 0; i < num_commands; i++, opcode++)
324 put_unaligned_le16(mgmt_commands[i], opcode);
326 for (i = 0; i < num_events; i++, opcode++)
327 put_unaligned_le16(mgmt_events[i], opcode);
329 __le16 *opcode = rp->opcodes;
331 for (i = 0; i < num_commands; i++, opcode++)
332 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
334 for (i = 0; i < num_events; i++, opcode++)
335 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
338 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
345 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
348 struct mgmt_rp_read_index_list *rp;
354 BT_DBG("sock %p", sk);
356 read_lock(&hci_dev_list_lock);
359 list_for_each_entry(d, &hci_dev_list, list) {
360 if (d->dev_type == HCI_BREDR &&
361 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
365 rp_len = sizeof(*rp) + (2 * count);
366 rp = kmalloc(rp_len, GFP_ATOMIC);
368 read_unlock(&hci_dev_list_lock);
373 list_for_each_entry(d, &hci_dev_list, list) {
374 if (hci_dev_test_flag(d, HCI_SETUP) ||
375 hci_dev_test_flag(d, HCI_CONFIG) ||
376 hci_dev_test_flag(d, HCI_USER_CHANNEL))
379 /* Devices marked as raw-only are neither configured
380 * nor unconfigured controllers.
382 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
385 if (d->dev_type == HCI_BREDR &&
386 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
387 rp->index[count++] = cpu_to_le16(d->id);
388 BT_DBG("Added hci%u", d->id);
392 rp->num_controllers = cpu_to_le16(count);
393 rp_len = sizeof(*rp) + (2 * count);
395 read_unlock(&hci_dev_list_lock);
397 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
405 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
406 void *data, u16 data_len)
408 struct mgmt_rp_read_unconf_index_list *rp;
414 BT_DBG("sock %p", sk);
416 read_lock(&hci_dev_list_lock);
419 list_for_each_entry(d, &hci_dev_list, list) {
420 if (d->dev_type == HCI_BREDR &&
421 hci_dev_test_flag(d, HCI_UNCONFIGURED))
425 rp_len = sizeof(*rp) + (2 * count);
426 rp = kmalloc(rp_len, GFP_ATOMIC);
428 read_unlock(&hci_dev_list_lock);
433 list_for_each_entry(d, &hci_dev_list, list) {
434 if (hci_dev_test_flag(d, HCI_SETUP) ||
435 hci_dev_test_flag(d, HCI_CONFIG) ||
436 hci_dev_test_flag(d, HCI_USER_CHANNEL))
439 /* Devices marked as raw-only are neither configured
440 * nor unconfigured controllers.
442 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
445 if (d->dev_type == HCI_BREDR &&
446 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
447 rp->index[count++] = cpu_to_le16(d->id);
448 BT_DBG("Added hci%u", d->id);
452 rp->num_controllers = cpu_to_le16(count);
453 rp_len = sizeof(*rp) + (2 * count);
455 read_unlock(&hci_dev_list_lock);
457 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
458 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
465 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
466 void *data, u16 data_len)
468 struct mgmt_rp_read_ext_index_list *rp;
474 BT_DBG("sock %p", sk);
476 read_lock(&hci_dev_list_lock);
479 list_for_each_entry(d, &hci_dev_list, list) {
480 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
484 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
485 rp = kmalloc(rp_len, GFP_ATOMIC);
487 read_unlock(&hci_dev_list_lock);
492 list_for_each_entry(d, &hci_dev_list, list) {
493 if (hci_dev_test_flag(d, HCI_SETUP) ||
494 hci_dev_test_flag(d, HCI_CONFIG) ||
495 hci_dev_test_flag(d, HCI_USER_CHANNEL))
498 /* Devices marked as raw-only are neither configured
499 * nor unconfigured controllers.
501 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
504 if (d->dev_type == HCI_BREDR) {
505 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
506 rp->entry[count].type = 0x01;
508 rp->entry[count].type = 0x00;
509 } else if (d->dev_type == HCI_AMP) {
510 rp->entry[count].type = 0x02;
515 rp->entry[count].bus = d->bus;
516 rp->entry[count++].index = cpu_to_le16(d->id);
517 BT_DBG("Added hci%u", d->id);
520 rp->num_controllers = cpu_to_le16(count);
521 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
523 read_unlock(&hci_dev_list_lock);
525 /* If this command is called at least once, then all the
526 * default index and unconfigured index events are disabled
527 * and from now on only extended index events are used.
529 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
530 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
531 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
533 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
534 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
541 static bool is_configured(struct hci_dev *hdev)
543 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
544 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
547 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
548 !bacmp(&hdev->public_addr, BDADDR_ANY))
554 static __le32 get_missing_options(struct hci_dev *hdev)
558 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
559 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
560 options |= MGMT_OPTION_EXTERNAL_CONFIG;
562 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
563 !bacmp(&hdev->public_addr, BDADDR_ANY))
564 options |= MGMT_OPTION_PUBLIC_ADDRESS;
566 return cpu_to_le32(options);
569 static int new_options(struct hci_dev *hdev, struct sock *skip)
571 __le32 options = get_missing_options(hdev);
573 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
574 sizeof(options), skip);
577 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
579 __le32 options = get_missing_options(hdev);
581 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
585 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
586 void *data, u16 data_len)
588 struct mgmt_rp_read_config_info rp;
591 BT_DBG("sock %p %s", sk, hdev->name);
595 memset(&rp, 0, sizeof(rp));
596 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
598 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
599 options |= MGMT_OPTION_EXTERNAL_CONFIG;
601 if (hdev->set_bdaddr)
602 options |= MGMT_OPTION_PUBLIC_ADDRESS;
604 rp.supported_options = cpu_to_le32(options);
605 rp.missing_options = get_missing_options(hdev);
607 hci_dev_unlock(hdev);
609 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
613 static u32 get_supported_settings(struct hci_dev *hdev)
617 settings |= MGMT_SETTING_POWERED;
618 settings |= MGMT_SETTING_BONDABLE;
619 settings |= MGMT_SETTING_DEBUG_KEYS;
620 settings |= MGMT_SETTING_CONNECTABLE;
621 settings |= MGMT_SETTING_DISCOVERABLE;
623 if (lmp_bredr_capable(hdev)) {
624 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
625 settings |= MGMT_SETTING_FAST_CONNECTABLE;
626 settings |= MGMT_SETTING_BREDR;
627 settings |= MGMT_SETTING_LINK_SECURITY;
629 if (lmp_ssp_capable(hdev)) {
630 settings |= MGMT_SETTING_SSP;
631 settings |= MGMT_SETTING_HS;
634 if (lmp_sc_capable(hdev))
635 settings |= MGMT_SETTING_SECURE_CONN;
638 if (lmp_le_capable(hdev)) {
639 settings |= MGMT_SETTING_LE;
640 settings |= MGMT_SETTING_ADVERTISING;
641 settings |= MGMT_SETTING_SECURE_CONN;
642 settings |= MGMT_SETTING_PRIVACY;
643 settings |= MGMT_SETTING_STATIC_ADDRESS;
646 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
648 settings |= MGMT_SETTING_CONFIGURATION;
653 static u32 get_current_settings(struct hci_dev *hdev)
657 if (hdev_is_powered(hdev))
658 settings |= MGMT_SETTING_POWERED;
660 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
661 settings |= MGMT_SETTING_CONNECTABLE;
663 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
664 settings |= MGMT_SETTING_FAST_CONNECTABLE;
666 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
667 settings |= MGMT_SETTING_DISCOVERABLE;
669 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
670 settings |= MGMT_SETTING_BONDABLE;
672 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
673 settings |= MGMT_SETTING_BREDR;
675 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
676 settings |= MGMT_SETTING_LE;
678 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
679 settings |= MGMT_SETTING_LINK_SECURITY;
681 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
682 settings |= MGMT_SETTING_SSP;
684 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
685 settings |= MGMT_SETTING_HS;
687 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
688 settings |= MGMT_SETTING_ADVERTISING;
690 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
691 settings |= MGMT_SETTING_SECURE_CONN;
693 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
694 settings |= MGMT_SETTING_DEBUG_KEYS;
696 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
697 settings |= MGMT_SETTING_PRIVACY;
699 /* The current setting for static address has two purposes. The
700 * first is to indicate if the static address will be used and
701 * the second is to indicate if it is actually set.
703 * This means if the static address is not configured, this flag
704 * will never be set. If the address is configured, then if the
705 * address is actually used decides if the flag is set or not.
707 * For single mode LE only controllers and dual-mode controllers
708 * with BR/EDR disabled, the existence of the static address will
711 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
712 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
713 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
714 if (bacmp(&hdev->static_addr, BDADDR_ANY))
715 settings |= MGMT_SETTING_STATIC_ADDRESS;
721 #define PNP_INFO_SVCLASS_ID 0x1200
723 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
725 u8 *ptr = data, *uuids_start = NULL;
726 struct bt_uuid *uuid;
731 list_for_each_entry(uuid, &hdev->uuids, list) {
734 if (uuid->size != 16)
737 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
741 if (uuid16 == PNP_INFO_SVCLASS_ID)
747 uuids_start[1] = EIR_UUID16_ALL;
751 /* Stop if not enough space to put next UUID */
752 if ((ptr - data) + sizeof(u16) > len) {
753 uuids_start[1] = EIR_UUID16_SOME;
757 *ptr++ = (uuid16 & 0x00ff);
758 *ptr++ = (uuid16 & 0xff00) >> 8;
759 uuids_start[0] += sizeof(uuid16);
765 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
767 u8 *ptr = data, *uuids_start = NULL;
768 struct bt_uuid *uuid;
773 list_for_each_entry(uuid, &hdev->uuids, list) {
774 if (uuid->size != 32)
780 uuids_start[1] = EIR_UUID32_ALL;
784 /* Stop if not enough space to put next UUID */
785 if ((ptr - data) + sizeof(u32) > len) {
786 uuids_start[1] = EIR_UUID32_SOME;
790 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
792 uuids_start[0] += sizeof(u32);
798 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
800 u8 *ptr = data, *uuids_start = NULL;
801 struct bt_uuid *uuid;
806 list_for_each_entry(uuid, &hdev->uuids, list) {
807 if (uuid->size != 128)
813 uuids_start[1] = EIR_UUID128_ALL;
817 /* Stop if not enough space to put next UUID */
818 if ((ptr - data) + 16 > len) {
819 uuids_start[1] = EIR_UUID128_SOME;
823 memcpy(ptr, uuid->uuid, 16);
825 uuids_start[0] += 16;
831 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
833 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
836 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
837 struct hci_dev *hdev,
840 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
843 static u8 get_current_adv_instance(struct hci_dev *hdev)
845 /* The "Set Advertising" setting supersedes the "Add Advertising"
846 * setting. Here we set the advertising data based on which
847 * setting was set. When neither apply, default to the global settings,
848 * represented by instance "0".
850 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
851 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
852 return hdev->cur_adv_instance;
857 static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
862 name_len = strlen(hdev->dev_name);
864 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
866 if (name_len > max_len) {
868 ptr[1] = EIR_NAME_SHORT;
870 ptr[1] = EIR_NAME_COMPLETE;
872 ptr[0] = name_len + 1;
874 memcpy(ptr + 2, hdev->dev_name, name_len);
876 ad_len += (name_len + 2);
877 ptr += (name_len + 2);
883 static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance,
886 struct adv_info *adv_instance;
888 adv_instance = hci_find_adv_instance(hdev, instance);
892 /* TODO: Set the appropriate entries based on advertising instance flags
893 * here once flags other than 0 are supported.
895 memcpy(ptr, adv_instance->scan_rsp_data,
896 adv_instance->scan_rsp_len);
898 return adv_instance->scan_rsp_len;
901 static void update_inst_scan_rsp_data(struct hci_request *req, u8 instance)
903 struct hci_dev *hdev = req->hdev;
904 struct hci_cp_le_set_scan_rsp_data cp;
907 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
910 memset(&cp, 0, sizeof(cp));
913 len = create_instance_scan_rsp_data(hdev, instance, cp.data);
915 len = create_default_scan_rsp_data(hdev, cp.data);
917 if (hdev->scan_rsp_data_len == len &&
918 !memcmp(cp.data, hdev->scan_rsp_data, len))
921 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
922 hdev->scan_rsp_data_len = len;
926 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
929 static void update_scan_rsp_data(struct hci_request *req)
931 update_inst_scan_rsp_data(req, get_current_adv_instance(req->hdev));
934 static u8 get_adv_discov_flags(struct hci_dev *hdev)
936 struct mgmt_pending_cmd *cmd;
938 /* If there's a pending mgmt command the flags will not yet have
939 * their final values, so check for this first.
941 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
943 struct mgmt_mode *cp = cmd->param;
945 return LE_AD_GENERAL;
946 else if (cp->val == 0x02)
947 return LE_AD_LIMITED;
949 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
950 return LE_AD_LIMITED;
951 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
952 return LE_AD_GENERAL;
958 static bool get_connectable(struct hci_dev *hdev)
960 struct mgmt_pending_cmd *cmd;
962 /* If there's a pending mgmt command the flag will not yet have
963 * it's final value, so check for this first.
965 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
967 struct mgmt_mode *cp = cmd->param;
972 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
975 static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
978 struct adv_info *adv_instance;
980 if (instance == 0x00) {
981 /* Instance 0 always manages the "Tx Power" and "Flags"
984 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
986 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting
987 * corresponds to the "connectable" instance flag.
989 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
990 flags |= MGMT_ADV_FLAG_CONNECTABLE;
995 adv_instance = hci_find_adv_instance(hdev, instance);
997 /* Return 0 when we got an invalid instance identifier. */
1001 return adv_instance->flags;
1004 static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev)
1006 u8 instance = get_current_adv_instance(hdev);
1007 struct adv_info *adv_instance;
1009 /* Ignore instance 0 */
1010 if (instance == 0x00)
1013 adv_instance = hci_find_adv_instance(hdev, instance);
1017 /* TODO: Take into account the "appearance" and "local-name" flags here.
1018 * These are currently being ignored as they are not supported.
1020 return adv_instance->scan_rsp_len;
1023 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
1025 struct adv_info *adv_instance = NULL;
1026 u8 ad_len = 0, flags = 0;
1029 /* Return 0 when the current instance identifier is invalid. */
1031 adv_instance = hci_find_adv_instance(hdev, instance);
1036 instance_flags = get_adv_instance_flags(hdev, instance);
1038 /* The Add Advertising command allows userspace to set both the general
1039 * and limited discoverable flags.
1041 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
1042 flags |= LE_AD_GENERAL;
1044 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
1045 flags |= LE_AD_LIMITED;
1047 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
1048 /* If a discovery flag wasn't provided, simply use the global
1052 flags |= get_adv_discov_flags(hdev);
1054 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1055 flags |= LE_AD_NO_BREDR;
1057 /* If flags would still be empty, then there is no need to
1058 * include the "Flags" AD field".
1071 memcpy(ptr, adv_instance->adv_data,
1072 adv_instance->adv_data_len);
1073 ad_len += adv_instance->adv_data_len;
1074 ptr += adv_instance->adv_data_len;
1077 /* Provide Tx Power only if we can provide a valid value for it */
1078 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
1079 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
1081 ptr[1] = EIR_TX_POWER;
1082 ptr[2] = (u8)hdev->adv_tx_power;
1091 static void update_inst_adv_data(struct hci_request *req, u8 instance)
1093 struct hci_dev *hdev = req->hdev;
1094 struct hci_cp_le_set_adv_data cp;
1097 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1100 memset(&cp, 0, sizeof(cp));
1102 len = create_instance_adv_data(hdev, instance, cp.data);
1104 /* There's nothing to do if the data hasn't changed */
1105 if (hdev->adv_data_len == len &&
1106 memcmp(cp.data, hdev->adv_data, len) == 0)
1109 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1110 hdev->adv_data_len = len;
1114 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1117 static void update_adv_data(struct hci_request *req)
1119 update_inst_adv_data(req, get_current_adv_instance(req->hdev));
1122 int mgmt_update_adv_data(struct hci_dev *hdev)
1124 struct hci_request req;
1126 hci_req_init(&req, hdev);
1127 update_adv_data(&req);
1129 return hci_req_run(&req, NULL);
1132 static void create_eir(struct hci_dev *hdev, u8 *data)
1137 name_len = strlen(hdev->dev_name);
1141 if (name_len > 48) {
1143 ptr[1] = EIR_NAME_SHORT;
1145 ptr[1] = EIR_NAME_COMPLETE;
1147 /* EIR Data length */
1148 ptr[0] = name_len + 1;
1150 memcpy(ptr + 2, hdev->dev_name, name_len);
1152 ptr += (name_len + 2);
1155 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
1157 ptr[1] = EIR_TX_POWER;
1158 ptr[2] = (u8) hdev->inq_tx_power;
1163 if (hdev->devid_source > 0) {
1165 ptr[1] = EIR_DEVICE_ID;
1167 put_unaligned_le16(hdev->devid_source, ptr + 2);
1168 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1169 put_unaligned_le16(hdev->devid_product, ptr + 6);
1170 put_unaligned_le16(hdev->devid_version, ptr + 8);
1175 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1176 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1177 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1180 static void update_eir(struct hci_request *req)
1182 struct hci_dev *hdev = req->hdev;
1183 struct hci_cp_write_eir cp;
1185 if (!hdev_is_powered(hdev))
1188 if (!lmp_ext_inq_capable(hdev))
1191 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1194 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1197 memset(&cp, 0, sizeof(cp));
1199 create_eir(hdev, cp.data);
1201 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
1204 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1206 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1209 static u8 get_service_classes(struct hci_dev *hdev)
1211 struct bt_uuid *uuid;
1214 list_for_each_entry(uuid, &hdev->uuids, list)
1215 val |= uuid->svc_hint;
1220 static void update_class(struct hci_request *req)
1222 struct hci_dev *hdev = req->hdev;
1225 BT_DBG("%s", hdev->name);
1227 if (!hdev_is_powered(hdev))
1230 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1233 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1236 cod[0] = hdev->minor_class;
1237 cod[1] = hdev->major_class;
1238 cod[2] = get_service_classes(hdev);
1240 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1243 if (memcmp(cod, hdev->dev_class, 3) == 0)
1246 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1249 static void disable_advertising(struct hci_request *req)
1253 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1256 static void enable_advertising(struct hci_request *req)
1258 struct hci_dev *hdev = req->hdev;
1259 struct hci_cp_le_set_adv_param cp;
1260 u8 own_addr_type, enable = 0x01;
1265 if (hci_conn_num(hdev, LE_LINK) > 0)
1268 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1269 disable_advertising(req);
1271 /* Clear the HCI_LE_ADV bit temporarily so that the
1272 * hci_update_random_address knows that it's safe to go ahead
1273 * and write a new random address. The flag will be set back on
1274 * as soon as the SET_ADV_ENABLE HCI command completes.
1276 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1278 instance = get_current_adv_instance(hdev);
1279 flags = get_adv_instance_flags(hdev, instance);
1281 /* If the "connectable" instance flag was not set, then choose between
1282 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1284 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1285 get_connectable(hdev);
1287 /* Set require_privacy to true only when non-connectable
1288 * advertising is used. In that case it is fine to use a
1289 * non-resolvable private address.
1291 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1294 memset(&cp, 0, sizeof(cp));
1295 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1296 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1299 cp.type = LE_ADV_IND;
1300 else if (get_cur_adv_instance_scan_rsp_len(hdev))
1301 cp.type = LE_ADV_SCAN_IND;
1303 cp.type = LE_ADV_NONCONN_IND;
1305 cp.own_address_type = own_addr_type;
1306 cp.channel_map = hdev->le_adv_channel_map;
1308 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1310 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1313 static void service_cache_off(struct work_struct *work)
1315 struct hci_dev *hdev = container_of(work, struct hci_dev,
1316 service_cache.work);
1317 struct hci_request req;
1319 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1322 hci_req_init(&req, hdev);
1329 hci_dev_unlock(hdev);
1331 hci_req_run(&req, NULL);
1334 static void rpa_expired(struct work_struct *work)
1336 struct hci_dev *hdev = container_of(work, struct hci_dev,
1338 struct hci_request req;
1342 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1344 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1347 /* The generation of a new RPA and programming it into the
1348 * controller happens in the enable_advertising() function.
1350 hci_req_init(&req, hdev);
1351 enable_advertising(&req);
1352 hci_req_run(&req, NULL);
1355 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1357 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
1360 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1361 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1363 /* Non-mgmt controlled devices get this bit set
1364 * implicitly so that pairing works for them, however
1365 * for mgmt we require user-space to explicitly enable
1368 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1371 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1372 void *data, u16 data_len)
1374 struct mgmt_rp_read_info rp;
1376 BT_DBG("sock %p %s", sk, hdev->name);
1380 memset(&rp, 0, sizeof(rp));
1382 bacpy(&rp.bdaddr, &hdev->bdaddr);
1384 rp.version = hdev->hci_ver;
1385 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1387 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1388 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1390 memcpy(rp.dev_class, hdev->dev_class, 3);
1392 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1393 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1395 hci_dev_unlock(hdev);
1397 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1401 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1403 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1405 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1409 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1411 BT_DBG("%s status 0x%02x", hdev->name, status);
1413 if (hci_conn_count(hdev) == 0) {
1414 cancel_delayed_work(&hdev->power_off);
1415 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1419 static bool hci_stop_discovery(struct hci_request *req)
1421 struct hci_dev *hdev = req->hdev;
1422 struct hci_cp_remote_name_req_cancel cp;
1423 struct inquiry_entry *e;
1425 switch (hdev->discovery.state) {
1426 case DISCOVERY_FINDING:
1427 if (test_bit(HCI_INQUIRY, &hdev->flags))
1428 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1430 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1431 cancel_delayed_work(&hdev->le_scan_disable);
1432 hci_req_add_le_scan_disable(req);
1437 case DISCOVERY_RESOLVING:
1438 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1443 bacpy(&cp.bdaddr, &e->data.bdaddr);
1444 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1450 /* Passive scanning */
1451 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1452 hci_req_add_le_scan_disable(req);
1462 static void advertising_added(struct sock *sk, struct hci_dev *hdev,
1465 struct mgmt_ev_advertising_added ev;
1467 ev.instance = instance;
1469 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1472 static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
1475 struct mgmt_ev_advertising_removed ev;
1477 ev.instance = instance;
1479 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1482 static int schedule_adv_instance(struct hci_request *req, u8 instance,
1484 struct hci_dev *hdev = req->hdev;
1485 struct adv_info *adv_instance = NULL;
1488 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1489 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1492 if (hdev->adv_instance_timeout)
1495 adv_instance = hci_find_adv_instance(hdev, instance);
1499 /* A zero timeout means unlimited advertising. As long as there is
1500 * only one instance, duration should be ignored. We still set a timeout
1501 * in case further instances are being added later on.
1503 * If the remaining lifetime of the instance is more than the duration
1504 * then the timeout corresponds to the duration, otherwise it will be
1505 * reduced to the remaining instance lifetime.
1507 if (adv_instance->timeout == 0 ||
1508 adv_instance->duration <= adv_instance->remaining_time)
1509 timeout = adv_instance->duration;
1511 timeout = adv_instance->remaining_time;
1513 /* The remaining time is being reduced unless the instance is being
1514 * advertised without time limit.
1516 if (adv_instance->timeout)
1517 adv_instance->remaining_time =
1518 adv_instance->remaining_time - timeout;
1520 hdev->adv_instance_timeout = timeout;
1521 queue_delayed_work(hdev->workqueue,
1522 &hdev->adv_instance_expire,
1523 msecs_to_jiffies(timeout * 1000));
1525 /* If we're just re-scheduling the same instance again then do not
1526 * execute any HCI commands. This happens when a single instance is
1529 if (!force && hdev->cur_adv_instance == instance &&
1530 hci_dev_test_flag(hdev, HCI_LE_ADV))
1533 hdev->cur_adv_instance = instance;
1534 update_adv_data(req);
1535 update_scan_rsp_data(req);
1536 enable_advertising(req);
1541 static void cancel_adv_timeout(struct hci_dev *hdev)
1543 if (hdev->adv_instance_timeout) {
1544 hdev->adv_instance_timeout = 0;
1545 cancel_delayed_work(&hdev->adv_instance_expire);
1549 /* For a single instance:
1550 * - force == true: The instance will be removed even when its remaining
1551 * lifetime is not zero.
1552 * - force == false: the instance will be deactivated but kept stored unless
1553 * the remaining lifetime is zero.
1555 * For instance == 0x00:
1556 * - force == true: All instances will be removed regardless of their timeout
1558 * - force == false: Only instances that have a timeout will be removed.
1560 static void clear_adv_instance(struct hci_dev *hdev, struct hci_request *req,
1561 u8 instance, bool force)
1563 struct adv_info *adv_instance, *n, *next_instance = NULL;
1567 /* Cancel any timeout concerning the removed instance(s). */
1568 if (!instance || hdev->cur_adv_instance == instance)
1569 cancel_adv_timeout(hdev);
1571 /* Get the next instance to advertise BEFORE we remove
1572 * the current one. This can be the same instance again
1573 * if there is only one instance.
1575 if (instance && hdev->cur_adv_instance == instance)
1576 next_instance = hci_get_next_instance(hdev, instance);
1578 if (instance == 0x00) {
1579 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances,
1581 if (!(force || adv_instance->timeout))
1584 rem_inst = adv_instance->instance;
1585 err = hci_remove_adv_instance(hdev, rem_inst);
1587 advertising_removed(NULL, hdev, rem_inst);
1589 hdev->cur_adv_instance = 0x00;
1591 adv_instance = hci_find_adv_instance(hdev, instance);
1593 if (force || (adv_instance && adv_instance->timeout &&
1594 !adv_instance->remaining_time)) {
1595 /* Don't advertise a removed instance. */
1596 if (next_instance &&
1597 next_instance->instance == instance)
1598 next_instance = NULL;
1600 err = hci_remove_adv_instance(hdev, instance);
1602 advertising_removed(NULL, hdev, instance);
1606 if (list_empty(&hdev->adv_instances)) {
1607 hdev->cur_adv_instance = 0x00;
1608 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
1611 if (!req || !hdev_is_powered(hdev) ||
1612 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1616 schedule_adv_instance(req, next_instance->instance, false);
1619 static int clean_up_hci_state(struct hci_dev *hdev)
1621 struct hci_request req;
1622 struct hci_conn *conn;
1623 bool discov_stopped;
1626 hci_req_init(&req, hdev);
1628 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1629 test_bit(HCI_PSCAN, &hdev->flags)) {
1631 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1634 clear_adv_instance(hdev, NULL, 0x00, false);
1636 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1637 disable_advertising(&req);
1639 discov_stopped = hci_stop_discovery(&req);
1641 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1642 /* 0x15 == Terminated due to Power Off */
1643 __hci_abort_conn(&req, conn, 0x15);
1646 err = hci_req_run(&req, clean_up_hci_complete);
1647 if (!err && discov_stopped)
1648 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1653 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1656 struct mgmt_mode *cp = data;
1657 struct mgmt_pending_cmd *cmd;
1660 BT_DBG("request for %s", hdev->name);
1662 if (cp->val != 0x00 && cp->val != 0x01)
1663 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1664 MGMT_STATUS_INVALID_PARAMS);
1668 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1669 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1674 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
1675 cancel_delayed_work(&hdev->power_off);
1678 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1680 err = mgmt_powered(hdev, 1);
1685 if (!!cp->val == hdev_is_powered(hdev)) {
1686 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1690 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1697 queue_work(hdev->req_workqueue, &hdev->power_on);
1700 /* Disconnect connections, stop scans, etc */
1701 err = clean_up_hci_state(hdev);
1703 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1704 HCI_POWER_OFF_TIMEOUT);
1706 /* ENODATA means there were no HCI commands queued */
1707 if (err == -ENODATA) {
1708 cancel_delayed_work(&hdev->power_off);
1709 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1715 hci_dev_unlock(hdev);
1719 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1721 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1723 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1727 int mgmt_new_settings(struct hci_dev *hdev)
1729 return new_settings(hdev, NULL);
1734 struct hci_dev *hdev;
1738 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1740 struct cmd_lookup *match = data;
1742 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1744 list_del(&cmd->list);
1746 if (match->sk == NULL) {
1747 match->sk = cmd->sk;
1748 sock_hold(match->sk);
1751 mgmt_pending_free(cmd);
1754 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1758 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1759 mgmt_pending_remove(cmd);
1762 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1764 if (cmd->cmd_complete) {
1767 cmd->cmd_complete(cmd, *status);
1768 mgmt_pending_remove(cmd);
1773 cmd_status_rsp(cmd, data);
1776 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1778 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1779 cmd->param, cmd->param_len);
1782 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1784 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1785 cmd->param, sizeof(struct mgmt_addr_info));
1788 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1790 if (!lmp_bredr_capable(hdev))
1791 return MGMT_STATUS_NOT_SUPPORTED;
1792 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1793 return MGMT_STATUS_REJECTED;
1795 return MGMT_STATUS_SUCCESS;
1798 static u8 mgmt_le_support(struct hci_dev *hdev)
1800 if (!lmp_le_capable(hdev))
1801 return MGMT_STATUS_NOT_SUPPORTED;
1802 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1803 return MGMT_STATUS_REJECTED;
1805 return MGMT_STATUS_SUCCESS;
1808 static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1811 struct mgmt_pending_cmd *cmd;
1812 struct mgmt_mode *cp;
1813 struct hci_request req;
1816 BT_DBG("status 0x%02x", status);
1820 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1825 u8 mgmt_err = mgmt_status(status);
1826 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1827 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1833 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
1835 if (hdev->discov_timeout > 0) {
1836 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1837 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1841 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
1844 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1847 new_settings(hdev, cmd->sk);
1849 /* When the discoverable mode gets changed, make sure
1850 * that class of device has the limited discoverable
1851 * bit correctly set. Also update page scan based on whitelist
1854 hci_req_init(&req, hdev);
1855 __hci_update_page_scan(&req);
1857 hci_req_run(&req, NULL);
1860 mgmt_pending_remove(cmd);
1863 hci_dev_unlock(hdev);
1866 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1869 struct mgmt_cp_set_discoverable *cp = data;
1870 struct mgmt_pending_cmd *cmd;
1871 struct hci_request req;
1876 BT_DBG("request for %s", hdev->name);
1878 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1879 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1880 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1881 MGMT_STATUS_REJECTED);
1883 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1884 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1885 MGMT_STATUS_INVALID_PARAMS);
1887 timeout = __le16_to_cpu(cp->timeout);
1889 /* Disabling discoverable requires that no timeout is set,
1890 * and enabling limited discoverable requires a timeout.
1892 if ((cp->val == 0x00 && timeout > 0) ||
1893 (cp->val == 0x02 && timeout == 0))
1894 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1895 MGMT_STATUS_INVALID_PARAMS);
1899 if (!hdev_is_powered(hdev) && timeout > 0) {
1900 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1901 MGMT_STATUS_NOT_POWERED);
1905 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1906 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1907 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1912 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1913 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1914 MGMT_STATUS_REJECTED);
1918 if (!hdev_is_powered(hdev)) {
1919 bool changed = false;
1921 /* Setting limited discoverable when powered off is
1922 * not a valid operation since it requires a timeout
1923 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1925 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1926 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1930 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1935 err = new_settings(hdev, sk);
1940 /* If the current mode is the same, then just update the timeout
1941 * value with the new value. And if only the timeout gets updated,
1942 * then no need for any HCI transactions.
1944 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1945 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1946 HCI_LIMITED_DISCOVERABLE)) {
1947 cancel_delayed_work(&hdev->discov_off);
1948 hdev->discov_timeout = timeout;
1950 if (cp->val && hdev->discov_timeout > 0) {
1951 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1952 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1956 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1960 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1966 /* Cancel any potential discoverable timeout that might be
1967 * still active and store new timeout value. The arming of
1968 * the timeout happens in the complete handler.
1970 cancel_delayed_work(&hdev->discov_off);
1971 hdev->discov_timeout = timeout;
1973 /* Limited discoverable mode */
1974 if (cp->val == 0x02)
1975 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1977 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1979 hci_req_init(&req, hdev);
1981 /* The procedure for LE-only controllers is much simpler - just
1982 * update the advertising data.
1984 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1990 struct hci_cp_write_current_iac_lap hci_cp;
1992 if (cp->val == 0x02) {
1993 /* Limited discoverable mode */
1994 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1995 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1996 hci_cp.iac_lap[1] = 0x8b;
1997 hci_cp.iac_lap[2] = 0x9e;
1998 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1999 hci_cp.iac_lap[4] = 0x8b;
2000 hci_cp.iac_lap[5] = 0x9e;
2002 /* General discoverable mode */
2004 hci_cp.iac_lap[0] = 0x33; /* GIAC */
2005 hci_cp.iac_lap[1] = 0x8b;
2006 hci_cp.iac_lap[2] = 0x9e;
2009 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
2010 (hci_cp.num_iac * 3) + 1, &hci_cp);
2012 scan |= SCAN_INQUIRY;
2014 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2017 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
2020 update_adv_data(&req);
2022 err = hci_req_run(&req, set_discoverable_complete);
2024 mgmt_pending_remove(cmd);
2027 hci_dev_unlock(hdev);
2031 static void write_fast_connectable(struct hci_request *req, bool enable)
2033 struct hci_dev *hdev = req->hdev;
2034 struct hci_cp_write_page_scan_activity acp;
2037 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2040 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
2044 type = PAGE_SCAN_TYPE_INTERLACED;
2046 /* 160 msec page scan interval */
2047 acp.interval = cpu_to_le16(0x0100);
2049 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2051 /* default 1.28 sec page scan */
2052 acp.interval = cpu_to_le16(0x0800);
2055 acp.window = cpu_to_le16(0x0012);
2057 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
2058 __cpu_to_le16(hdev->page_scan_window) != acp.window)
2059 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2062 if (hdev->page_scan_type != type)
2063 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2066 static void set_connectable_complete(struct hci_dev *hdev, u8 status,
2069 struct mgmt_pending_cmd *cmd;
2070 struct mgmt_mode *cp;
2071 bool conn_changed, discov_changed;
2073 BT_DBG("status 0x%02x", status);
2077 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2082 u8 mgmt_err = mgmt_status(status);
2083 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
2089 conn_changed = !hci_dev_test_and_set_flag(hdev,
2091 discov_changed = false;
2093 conn_changed = hci_dev_test_and_clear_flag(hdev,
2095 discov_changed = hci_dev_test_and_clear_flag(hdev,
2099 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
2101 if (conn_changed || discov_changed) {
2102 new_settings(hdev, cmd->sk);
2103 hci_update_page_scan(hdev);
2105 mgmt_update_adv_data(hdev);
2106 hci_update_background_scan(hdev);
2110 mgmt_pending_remove(cmd);
2113 hci_dev_unlock(hdev);
2116 static int set_connectable_update_settings(struct hci_dev *hdev,
2117 struct sock *sk, u8 val)
2119 bool changed = false;
2122 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
2126 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
2128 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
2129 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2132 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
2137 hci_update_page_scan(hdev);
2138 hci_update_background_scan(hdev);
2139 return new_settings(hdev, sk);
2145 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
2148 struct mgmt_mode *cp = data;
2149 struct mgmt_pending_cmd *cmd;
2150 struct hci_request req;
2154 BT_DBG("request for %s", hdev->name);
2156 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2157 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2158 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2159 MGMT_STATUS_REJECTED);
2161 if (cp->val != 0x00 && cp->val != 0x01)
2162 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2163 MGMT_STATUS_INVALID_PARAMS);
2167 if (!hdev_is_powered(hdev)) {
2168 err = set_connectable_update_settings(hdev, sk, cp->val);
2172 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
2173 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
2174 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2179 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
2185 hci_req_init(&req, hdev);
2187 /* If BR/EDR is not enabled and we disable advertising as a
2188 * by-product of disabling connectable, we need to update the
2189 * advertising flags.
2191 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2193 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2194 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2196 update_adv_data(&req);
2197 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
2201 /* If we don't have any whitelist entries just
2202 * disable all scanning. If there are entries
2203 * and we had both page and inquiry scanning
2204 * enabled then fall back to only page scanning.
2205 * Otherwise no changes are needed.
2207 if (list_empty(&hdev->whitelist))
2208 scan = SCAN_DISABLED;
2209 else if (test_bit(HCI_ISCAN, &hdev->flags))
2212 goto no_scan_update;
2214 if (test_bit(HCI_ISCAN, &hdev->flags) &&
2215 hdev->discov_timeout > 0)
2216 cancel_delayed_work(&hdev->discov_off);
2219 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2223 /* Update the advertising parameters if necessary */
2224 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2225 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
2226 enable_advertising(&req);
2228 err = hci_req_run(&req, set_connectable_complete);
2230 mgmt_pending_remove(cmd);
2231 if (err == -ENODATA)
2232 err = set_connectable_update_settings(hdev, sk,
2238 hci_dev_unlock(hdev);
2242 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
2245 struct mgmt_mode *cp = data;
2249 BT_DBG("request for %s", hdev->name);
2251 if (cp->val != 0x00 && cp->val != 0x01)
2252 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2253 MGMT_STATUS_INVALID_PARAMS);
2258 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
2260 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
2262 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
2267 err = new_settings(hdev, sk);
2270 hci_dev_unlock(hdev);
2274 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2277 struct mgmt_mode *cp = data;
2278 struct mgmt_pending_cmd *cmd;
2282 BT_DBG("request for %s", hdev->name);
2284 status = mgmt_bredr_support(hdev);
2286 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2289 if (cp->val != 0x00 && cp->val != 0x01)
2290 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2291 MGMT_STATUS_INVALID_PARAMS);
2295 if (!hdev_is_powered(hdev)) {
2296 bool changed = false;
2298 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
2299 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
2303 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2308 err = new_settings(hdev, sk);
2313 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2314 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2321 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2322 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2326 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2332 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2334 mgmt_pending_remove(cmd);
2339 hci_dev_unlock(hdev);
2343 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2345 struct mgmt_mode *cp = data;
2346 struct mgmt_pending_cmd *cmd;
2350 BT_DBG("request for %s", hdev->name);
2352 status = mgmt_bredr_support(hdev);
2354 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2356 if (!lmp_ssp_capable(hdev))
2357 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2358 MGMT_STATUS_NOT_SUPPORTED);
2360 if (cp->val != 0x00 && cp->val != 0x01)
2361 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2362 MGMT_STATUS_INVALID_PARAMS);
2366 if (!hdev_is_powered(hdev)) {
2370 changed = !hci_dev_test_and_set_flag(hdev,
2373 changed = hci_dev_test_and_clear_flag(hdev,
2376 changed = hci_dev_test_and_clear_flag(hdev,
2379 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
2382 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2387 err = new_settings(hdev, sk);
2392 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2393 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2398 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2399 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2403 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2409 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
2410 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2411 sizeof(cp->val), &cp->val);
2413 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2415 mgmt_pending_remove(cmd);
2420 hci_dev_unlock(hdev);
2424 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2426 struct mgmt_mode *cp = data;
2431 BT_DBG("request for %s", hdev->name);
2433 status = mgmt_bredr_support(hdev);
2435 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2437 if (!lmp_ssp_capable(hdev))
2438 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2439 MGMT_STATUS_NOT_SUPPORTED);
2441 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
2442 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2443 MGMT_STATUS_REJECTED);
2445 if (cp->val != 0x00 && cp->val != 0x01)
2446 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2447 MGMT_STATUS_INVALID_PARAMS);
2451 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2452 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2458 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2460 if (hdev_is_powered(hdev)) {
2461 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2462 MGMT_STATUS_REJECTED);
2466 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2469 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2474 err = new_settings(hdev, sk);
2477 hci_dev_unlock(hdev);
2481 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2483 struct cmd_lookup match = { NULL, hdev };
2488 u8 mgmt_err = mgmt_status(status);
2490 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2495 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2497 new_settings(hdev, match.sk);
2502 /* Make sure the controller has a good default for
2503 * advertising data. Restrict the update to when LE
2504 * has actually been enabled. During power on, the
2505 * update in powered_update_hci will take care of it.
2507 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2508 struct hci_request req;
2510 hci_req_init(&req, hdev);
2511 update_adv_data(&req);
2512 update_scan_rsp_data(&req);
2513 __hci_update_background_scan(&req);
2514 hci_req_run(&req, NULL);
2518 hci_dev_unlock(hdev);
2521 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2523 struct mgmt_mode *cp = data;
2524 struct hci_cp_write_le_host_supported hci_cp;
2525 struct mgmt_pending_cmd *cmd;
2526 struct hci_request req;
2530 BT_DBG("request for %s", hdev->name);
2532 if (!lmp_le_capable(hdev))
2533 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2534 MGMT_STATUS_NOT_SUPPORTED);
2536 if (cp->val != 0x00 && cp->val != 0x01)
2537 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2538 MGMT_STATUS_INVALID_PARAMS);
2540 /* Bluetooth single mode LE only controllers or dual-mode
2541 * controllers configured as LE only devices, do not allow
2542 * switching LE off. These have either LE enabled explicitly
2543 * or BR/EDR has been previously switched off.
2545 * When trying to enable an already enabled LE, then gracefully
2546 * send a positive response. Trying to disable it however will
2547 * result into rejection.
2549 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2550 if (cp->val == 0x01)
2551 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2553 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2554 MGMT_STATUS_REJECTED);
2560 enabled = lmp_host_le_capable(hdev);
2563 clear_adv_instance(hdev, NULL, 0x00, true);
2565 if (!hdev_is_powered(hdev) || val == enabled) {
2566 bool changed = false;
2568 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2569 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2573 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2574 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2578 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2583 err = new_settings(hdev, sk);
2588 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2589 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2590 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2595 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2601 hci_req_init(&req, hdev);
2603 memset(&hci_cp, 0, sizeof(hci_cp));
2607 hci_cp.simul = 0x00;
2609 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2610 disable_advertising(&req);
2613 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2616 err = hci_req_run(&req, le_enable_complete);
2618 mgmt_pending_remove(cmd);
2621 hci_dev_unlock(hdev);
2625 /* This is a helper function to test for pending mgmt commands that can
2626 * cause CoD or EIR HCI commands. We can only allow one such pending
2627 * mgmt command at a time since otherwise we cannot easily track what
2628 * the current values are, will be, and based on that calculate if a new
2629 * HCI command needs to be sent and if yes with what value.
2631 static bool pending_eir_or_class(struct hci_dev *hdev)
2633 struct mgmt_pending_cmd *cmd;
2635 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2636 switch (cmd->opcode) {
2637 case MGMT_OP_ADD_UUID:
2638 case MGMT_OP_REMOVE_UUID:
2639 case MGMT_OP_SET_DEV_CLASS:
2640 case MGMT_OP_SET_POWERED:
2648 static const u8 bluetooth_base_uuid[] = {
2649 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2650 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2653 static u8 get_uuid_size(const u8 *uuid)
2657 if (memcmp(uuid, bluetooth_base_uuid, 12))
2660 val = get_unaligned_le32(&uuid[12]);
2667 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2669 struct mgmt_pending_cmd *cmd;
2673 cmd = pending_find(mgmt_op, hdev);
2677 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2678 mgmt_status(status), hdev->dev_class, 3);
2680 mgmt_pending_remove(cmd);
2683 hci_dev_unlock(hdev);
2686 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2688 BT_DBG("status 0x%02x", status);
2690 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2693 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2695 struct mgmt_cp_add_uuid *cp = data;
2696 struct mgmt_pending_cmd *cmd;
2697 struct hci_request req;
2698 struct bt_uuid *uuid;
2701 BT_DBG("request for %s", hdev->name);
2705 if (pending_eir_or_class(hdev)) {
2706 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2711 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2717 memcpy(uuid->uuid, cp->uuid, 16);
2718 uuid->svc_hint = cp->svc_hint;
2719 uuid->size = get_uuid_size(cp->uuid);
2721 list_add_tail(&uuid->list, &hdev->uuids);
2723 hci_req_init(&req, hdev);
2728 err = hci_req_run(&req, add_uuid_complete);
2730 if (err != -ENODATA)
2733 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2734 hdev->dev_class, 3);
2738 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2747 hci_dev_unlock(hdev);
2751 static bool enable_service_cache(struct hci_dev *hdev)
2753 if (!hdev_is_powered(hdev))
2756 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2757 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2765 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2767 BT_DBG("status 0x%02x", status);
2769 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2772 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2775 struct mgmt_cp_remove_uuid *cp = data;
2776 struct mgmt_pending_cmd *cmd;
2777 struct bt_uuid *match, *tmp;
2778 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2779 struct hci_request req;
2782 BT_DBG("request for %s", hdev->name);
2786 if (pending_eir_or_class(hdev)) {
2787 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2792 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2793 hci_uuids_clear(hdev);
2795 if (enable_service_cache(hdev)) {
2796 err = mgmt_cmd_complete(sk, hdev->id,
2797 MGMT_OP_REMOVE_UUID,
2798 0, hdev->dev_class, 3);
2807 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2808 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2811 list_del(&match->list);
2817 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2818 MGMT_STATUS_INVALID_PARAMS);
2823 hci_req_init(&req, hdev);
2828 err = hci_req_run(&req, remove_uuid_complete);
2830 if (err != -ENODATA)
2833 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2834 hdev->dev_class, 3);
2838 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2847 hci_dev_unlock(hdev);
2851 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2853 BT_DBG("status 0x%02x", status);
2855 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2858 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2861 struct mgmt_cp_set_dev_class *cp = data;
2862 struct mgmt_pending_cmd *cmd;
2863 struct hci_request req;
2866 BT_DBG("request for %s", hdev->name);
2868 if (!lmp_bredr_capable(hdev))
2869 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2870 MGMT_STATUS_NOT_SUPPORTED);
2874 if (pending_eir_or_class(hdev)) {
2875 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2880 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2881 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2882 MGMT_STATUS_INVALID_PARAMS);
2886 hdev->major_class = cp->major;
2887 hdev->minor_class = cp->minor;
2889 if (!hdev_is_powered(hdev)) {
2890 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2891 hdev->dev_class, 3);
2895 hci_req_init(&req, hdev);
2897 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2898 hci_dev_unlock(hdev);
2899 cancel_delayed_work_sync(&hdev->service_cache);
2906 err = hci_req_run(&req, set_class_complete);
2908 if (err != -ENODATA)
2911 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2912 hdev->dev_class, 3);
2916 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2925 hci_dev_unlock(hdev);
2929 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2932 struct mgmt_cp_load_link_keys *cp = data;
2933 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2934 sizeof(struct mgmt_link_key_info));
2935 u16 key_count, expected_len;
2939 BT_DBG("request for %s", hdev->name);
2941 if (!lmp_bredr_capable(hdev))
2942 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2943 MGMT_STATUS_NOT_SUPPORTED);
2945 key_count = __le16_to_cpu(cp->key_count);
2946 if (key_count > max_key_count) {
2947 BT_ERR("load_link_keys: too big key_count value %u",
2949 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2950 MGMT_STATUS_INVALID_PARAMS);
2953 expected_len = sizeof(*cp) + key_count *
2954 sizeof(struct mgmt_link_key_info);
2955 if (expected_len != len) {
2956 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2958 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2959 MGMT_STATUS_INVALID_PARAMS);
2962 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2963 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2964 MGMT_STATUS_INVALID_PARAMS);
2966 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2969 for (i = 0; i < key_count; i++) {
2970 struct mgmt_link_key_info *key = &cp->keys[i];
2972 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2973 return mgmt_cmd_status(sk, hdev->id,
2974 MGMT_OP_LOAD_LINK_KEYS,
2975 MGMT_STATUS_INVALID_PARAMS);
2980 hci_link_keys_clear(hdev);
2983 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2985 changed = hci_dev_test_and_clear_flag(hdev,
2986 HCI_KEEP_DEBUG_KEYS);
2989 new_settings(hdev, NULL);
2991 for (i = 0; i < key_count; i++) {
2992 struct mgmt_link_key_info *key = &cp->keys[i];
2994 /* Always ignore debug keys and require a new pairing if
2995 * the user wants to use them.
2997 if (key->type == HCI_LK_DEBUG_COMBINATION)
3000 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
3001 key->type, key->pin_len, NULL);
3004 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
3006 hci_dev_unlock(hdev);
3011 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
3012 u8 addr_type, struct sock *skip_sk)
3014 struct mgmt_ev_device_unpaired ev;
3016 bacpy(&ev.addr.bdaddr, bdaddr);
3017 ev.addr.type = addr_type;
3019 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
3023 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3026 struct mgmt_cp_unpair_device *cp = data;
3027 struct mgmt_rp_unpair_device rp;
3028 struct hci_conn_params *params;
3029 struct mgmt_pending_cmd *cmd;
3030 struct hci_conn *conn;
3034 memset(&rp, 0, sizeof(rp));
3035 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3036 rp.addr.type = cp->addr.type;
3038 if (!bdaddr_type_is_valid(cp->addr.type))
3039 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3040 MGMT_STATUS_INVALID_PARAMS,
3043 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
3044 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3045 MGMT_STATUS_INVALID_PARAMS,
3050 if (!hdev_is_powered(hdev)) {
3051 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3052 MGMT_STATUS_NOT_POWERED, &rp,
3057 if (cp->addr.type == BDADDR_BREDR) {
3058 /* If disconnection is requested, then look up the
3059 * connection. If the remote device is connected, it
3060 * will be later used to terminate the link.
3062 * Setting it to NULL explicitly will cause no
3063 * termination of the link.
3066 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3071 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
3073 err = mgmt_cmd_complete(sk, hdev->id,
3074 MGMT_OP_UNPAIR_DEVICE,
3075 MGMT_STATUS_NOT_PAIRED, &rp,
3083 /* LE address type */
3084 addr_type = le_addr_type(cp->addr.type);
3086 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
3087 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
3089 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3090 MGMT_STATUS_NOT_PAIRED, &rp,
3095 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
3097 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
3102 /* Defer clearing up the connection parameters until closing to
3103 * give a chance of keeping them if a repairing happens.
3105 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3107 /* Disable auto-connection parameters if present */
3108 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
3110 if (params->explicit_connect)
3111 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3113 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3116 /* If disconnection is not requested, then clear the connection
3117 * variable so that the link is not terminated.
3119 if (!cp->disconnect)
3123 /* If the connection variable is set, then termination of the
3124 * link is requested.
3127 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3129 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
3133 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
3140 cmd->cmd_complete = addr_cmd_complete;
3142 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
3144 mgmt_pending_remove(cmd);
3147 hci_dev_unlock(hdev);
3151 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
3154 struct mgmt_cp_disconnect *cp = data;
3155 struct mgmt_rp_disconnect rp;
3156 struct mgmt_pending_cmd *cmd;
3157 struct hci_conn *conn;
3162 memset(&rp, 0, sizeof(rp));
3163 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3164 rp.addr.type = cp->addr.type;
3166 if (!bdaddr_type_is_valid(cp->addr.type))
3167 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3168 MGMT_STATUS_INVALID_PARAMS,
3173 if (!test_bit(HCI_UP, &hdev->flags)) {
3174 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3175 MGMT_STATUS_NOT_POWERED, &rp,
3180 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
3181 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3182 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3186 if (cp->addr.type == BDADDR_BREDR)
3187 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3190 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
3191 le_addr_type(cp->addr.type));
3193 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
3194 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3195 MGMT_STATUS_NOT_CONNECTED, &rp,
3200 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
3206 cmd->cmd_complete = generic_cmd_complete;
3208 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3210 mgmt_pending_remove(cmd);
3213 hci_dev_unlock(hdev);
3217 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3219 switch (link_type) {
3221 switch (addr_type) {
3222 case ADDR_LE_DEV_PUBLIC:
3223 return BDADDR_LE_PUBLIC;
3226 /* Fallback to LE Random address type */
3227 return BDADDR_LE_RANDOM;
3231 /* Fallback to BR/EDR type */
3232 return BDADDR_BREDR;
3236 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3239 struct mgmt_rp_get_connections *rp;
3249 if (!hdev_is_powered(hdev)) {
3250 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3251 MGMT_STATUS_NOT_POWERED);
3256 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3257 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3261 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3262 rp = kmalloc(rp_len, GFP_KERNEL);
3269 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3270 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3272 bacpy(&rp->addr[i].bdaddr, &c->dst);
3273 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3274 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3279 rp->conn_count = cpu_to_le16(i);
3281 /* Recalculate length in case of filtered SCO connections, etc */
3282 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3284 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3290 hci_dev_unlock(hdev);
3294 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3295 struct mgmt_cp_pin_code_neg_reply *cp)
3297 struct mgmt_pending_cmd *cmd;
3300 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3305 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3306 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3308 mgmt_pending_remove(cmd);
3313 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3316 struct hci_conn *conn;
3317 struct mgmt_cp_pin_code_reply *cp = data;
3318 struct hci_cp_pin_code_reply reply;
3319 struct mgmt_pending_cmd *cmd;
3326 if (!hdev_is_powered(hdev)) {
3327 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3328 MGMT_STATUS_NOT_POWERED);
3332 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3334 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3335 MGMT_STATUS_NOT_CONNECTED);
3339 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3340 struct mgmt_cp_pin_code_neg_reply ncp;
3342 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3344 BT_ERR("PIN code is not 16 bytes long");
3346 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3348 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3349 MGMT_STATUS_INVALID_PARAMS);
3354 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3360 cmd->cmd_complete = addr_cmd_complete;
3362 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3363 reply.pin_len = cp->pin_len;
3364 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3366 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3368 mgmt_pending_remove(cmd);
3371 hci_dev_unlock(hdev);
3375 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3378 struct mgmt_cp_set_io_capability *cp = data;
3382 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3383 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3384 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3388 hdev->io_capability = cp->io_capability;
3390 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3391 hdev->io_capability);
3393 hci_dev_unlock(hdev);
3395 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3399 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
3401 struct hci_dev *hdev = conn->hdev;
3402 struct mgmt_pending_cmd *cmd;
3404 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3405 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3408 if (cmd->user_data != conn)
3417 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
3419 struct mgmt_rp_pair_device rp;
3420 struct hci_conn *conn = cmd->user_data;
3423 bacpy(&rp.addr.bdaddr, &conn->dst);
3424 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3426 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3427 status, &rp, sizeof(rp));
3429 /* So we don't get further callbacks for this connection */
3430 conn->connect_cfm_cb = NULL;
3431 conn->security_cfm_cb = NULL;
3432 conn->disconn_cfm_cb = NULL;
3434 hci_conn_drop(conn);
3436 /* The device is paired so there is no need to remove
3437 * its connection parameters anymore.
3439 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3446 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3448 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3449 struct mgmt_pending_cmd *cmd;
3451 cmd = find_pairing(conn);
3453 cmd->cmd_complete(cmd, status);
3454 mgmt_pending_remove(cmd);
3458 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3460 struct mgmt_pending_cmd *cmd;
3462 BT_DBG("status %u", status);
3464 cmd = find_pairing(conn);
3466 BT_DBG("Unable to find a pending command");
3470 cmd->cmd_complete(cmd, mgmt_status(status));
3471 mgmt_pending_remove(cmd);
3474 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3476 struct mgmt_pending_cmd *cmd;
3478 BT_DBG("status %u", status);
3483 cmd = find_pairing(conn);
3485 BT_DBG("Unable to find a pending command");
3489 cmd->cmd_complete(cmd, mgmt_status(status));
3490 mgmt_pending_remove(cmd);
3493 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3496 struct mgmt_cp_pair_device *cp = data;
3497 struct mgmt_rp_pair_device rp;
3498 struct mgmt_pending_cmd *cmd;
3499 u8 sec_level, auth_type;
3500 struct hci_conn *conn;
3505 memset(&rp, 0, sizeof(rp));
3506 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3507 rp.addr.type = cp->addr.type;
3509 if (!bdaddr_type_is_valid(cp->addr.type))
3510 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3511 MGMT_STATUS_INVALID_PARAMS,
3514 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3515 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3516 MGMT_STATUS_INVALID_PARAMS,
3521 if (!hdev_is_powered(hdev)) {
3522 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3523 MGMT_STATUS_NOT_POWERED, &rp,
3528 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3529 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3530 MGMT_STATUS_ALREADY_PAIRED, &rp,
3535 sec_level = BT_SECURITY_MEDIUM;
3536 auth_type = HCI_AT_DEDICATED_BONDING;
3538 if (cp->addr.type == BDADDR_BREDR) {
3539 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3542 u8 addr_type = le_addr_type(cp->addr.type);
3543 struct hci_conn_params *p;
3545 /* When pairing a new device, it is expected to remember
3546 * this device for future connections. Adding the connection
3547 * parameter information ahead of time allows tracking
3548 * of the slave preferred values and will speed up any
3549 * further connection establishment.
3551 * If connection parameters already exist, then they
3552 * will be kept and this function does nothing.
3554 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3556 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
3557 p->auto_connect = HCI_AUTO_CONN_DISABLED;
3559 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
3560 addr_type, sec_level,
3561 HCI_LE_CONN_TIMEOUT,
3568 if (PTR_ERR(conn) == -EBUSY)
3569 status = MGMT_STATUS_BUSY;
3570 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3571 status = MGMT_STATUS_NOT_SUPPORTED;
3572 else if (PTR_ERR(conn) == -ECONNREFUSED)
3573 status = MGMT_STATUS_REJECTED;
3575 status = MGMT_STATUS_CONNECT_FAILED;
3577 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3578 status, &rp, sizeof(rp));
3582 if (conn->connect_cfm_cb) {
3583 hci_conn_drop(conn);
3584 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3585 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3589 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3592 hci_conn_drop(conn);
3596 cmd->cmd_complete = pairing_complete;
3598 /* For LE, just connecting isn't a proof that the pairing finished */
3599 if (cp->addr.type == BDADDR_BREDR) {
3600 conn->connect_cfm_cb = pairing_complete_cb;
3601 conn->security_cfm_cb = pairing_complete_cb;
3602 conn->disconn_cfm_cb = pairing_complete_cb;
3604 conn->connect_cfm_cb = le_pairing_complete_cb;
3605 conn->security_cfm_cb = le_pairing_complete_cb;
3606 conn->disconn_cfm_cb = le_pairing_complete_cb;
3609 conn->io_capability = cp->io_cap;
3610 cmd->user_data = hci_conn_get(conn);
3612 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3613 hci_conn_security(conn, sec_level, auth_type, true)) {
3614 cmd->cmd_complete(cmd, 0);
3615 mgmt_pending_remove(cmd);
3621 hci_dev_unlock(hdev);
3625 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3628 struct mgmt_addr_info *addr = data;
3629 struct mgmt_pending_cmd *cmd;
3630 struct hci_conn *conn;
3637 if (!hdev_is_powered(hdev)) {
3638 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3639 MGMT_STATUS_NOT_POWERED);
3643 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3645 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3646 MGMT_STATUS_INVALID_PARAMS);
3650 conn = cmd->user_data;
3652 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3653 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3654 MGMT_STATUS_INVALID_PARAMS);
3658 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3659 mgmt_pending_remove(cmd);
3661 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3662 addr, sizeof(*addr));
3664 hci_dev_unlock(hdev);
3668 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3669 struct mgmt_addr_info *addr, u16 mgmt_op,
3670 u16 hci_op, __le32 passkey)
3672 struct mgmt_pending_cmd *cmd;
3673 struct hci_conn *conn;
3678 if (!hdev_is_powered(hdev)) {
3679 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3680 MGMT_STATUS_NOT_POWERED, addr,
3685 if (addr->type == BDADDR_BREDR)
3686 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3688 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3689 le_addr_type(addr->type));
3692 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3693 MGMT_STATUS_NOT_CONNECTED, addr,
3698 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3699 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3701 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3702 MGMT_STATUS_SUCCESS, addr,
3705 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3706 MGMT_STATUS_FAILED, addr,
3712 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3718 cmd->cmd_complete = addr_cmd_complete;
3720 /* Continue with pairing via HCI */
3721 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3722 struct hci_cp_user_passkey_reply cp;
3724 bacpy(&cp.bdaddr, &addr->bdaddr);
3725 cp.passkey = passkey;
3726 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3728 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3732 mgmt_pending_remove(cmd);
3735 hci_dev_unlock(hdev);
3739 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3740 void *data, u16 len)
3742 struct mgmt_cp_pin_code_neg_reply *cp = data;
3746 return user_pairing_resp(sk, hdev, &cp->addr,
3747 MGMT_OP_PIN_CODE_NEG_REPLY,
3748 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3751 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3754 struct mgmt_cp_user_confirm_reply *cp = data;
3758 if (len != sizeof(*cp))
3759 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3760 MGMT_STATUS_INVALID_PARAMS);
3762 return user_pairing_resp(sk, hdev, &cp->addr,
3763 MGMT_OP_USER_CONFIRM_REPLY,
3764 HCI_OP_USER_CONFIRM_REPLY, 0);
3767 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3768 void *data, u16 len)
3770 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3774 return user_pairing_resp(sk, hdev, &cp->addr,
3775 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3776 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3779 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3782 struct mgmt_cp_user_passkey_reply *cp = data;
3786 return user_pairing_resp(sk, hdev, &cp->addr,
3787 MGMT_OP_USER_PASSKEY_REPLY,
3788 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3791 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3792 void *data, u16 len)
3794 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3798 return user_pairing_resp(sk, hdev, &cp->addr,
3799 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3800 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3803 static void update_name(struct hci_request *req)
3805 struct hci_dev *hdev = req->hdev;
3806 struct hci_cp_write_local_name cp;
3808 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3810 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3813 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3815 struct mgmt_cp_set_local_name *cp;
3816 struct mgmt_pending_cmd *cmd;
3818 BT_DBG("status 0x%02x", status);
3822 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3829 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3830 mgmt_status(status));
3832 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3835 mgmt_pending_remove(cmd);
3838 hci_dev_unlock(hdev);
3841 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3844 struct mgmt_cp_set_local_name *cp = data;
3845 struct mgmt_pending_cmd *cmd;
3846 struct hci_request req;
3853 /* If the old values are the same as the new ones just return a
3854 * direct command complete event.
3856 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3857 !memcmp(hdev->short_name, cp->short_name,
3858 sizeof(hdev->short_name))) {
3859 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3864 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3866 if (!hdev_is_powered(hdev)) {
3867 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3869 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3874 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3880 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3886 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3888 hci_req_init(&req, hdev);
3890 if (lmp_bredr_capable(hdev)) {
3895 /* The name is stored in the scan response data and so
3896 * no need to udpate the advertising data here.
3898 if (lmp_le_capable(hdev))
3899 update_scan_rsp_data(&req);
3901 err = hci_req_run(&req, set_name_complete);
3903 mgmt_pending_remove(cmd);
3906 hci_dev_unlock(hdev);
3910 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3911 u16 opcode, struct sk_buff *skb)
3913 struct mgmt_rp_read_local_oob_data mgmt_rp;
3914 size_t rp_size = sizeof(mgmt_rp);
3915 struct mgmt_pending_cmd *cmd;
3917 BT_DBG("%s status %u", hdev->name, status);
3919 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3923 if (status || !skb) {
3924 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3925 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3929 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3931 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3932 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3934 if (skb->len < sizeof(*rp)) {
3935 mgmt_cmd_status(cmd->sk, hdev->id,
3936 MGMT_OP_READ_LOCAL_OOB_DATA,
3937 MGMT_STATUS_FAILED);
3941 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3942 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3944 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3946 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3948 if (skb->len < sizeof(*rp)) {
3949 mgmt_cmd_status(cmd->sk, hdev->id,
3950 MGMT_OP_READ_LOCAL_OOB_DATA,
3951 MGMT_STATUS_FAILED);
3955 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3956 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3958 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3959 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3962 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3963 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3966 mgmt_pending_remove(cmd);
3969 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3970 void *data, u16 data_len)
3972 struct mgmt_pending_cmd *cmd;
3973 struct hci_request req;
3976 BT_DBG("%s", hdev->name);
3980 if (!hdev_is_powered(hdev)) {
3981 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3982 MGMT_STATUS_NOT_POWERED);
3986 if (!lmp_ssp_capable(hdev)) {
3987 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3988 MGMT_STATUS_NOT_SUPPORTED);
3992 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3993 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3998 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
4004 hci_req_init(&req, hdev);
4006 if (bredr_sc_enabled(hdev))
4007 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4009 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4011 err = hci_req_run_skb(&req, read_local_oob_data_complete);
4013 mgmt_pending_remove(cmd);
4016 hci_dev_unlock(hdev);
4020 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4021 void *data, u16 len)
4023 struct mgmt_addr_info *addr = data;
4026 BT_DBG("%s ", hdev->name);
4028 if (!bdaddr_type_is_valid(addr->type))
4029 return mgmt_cmd_complete(sk, hdev->id,
4030 MGMT_OP_ADD_REMOTE_OOB_DATA,
4031 MGMT_STATUS_INVALID_PARAMS,
4032 addr, sizeof(*addr));
4036 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
4037 struct mgmt_cp_add_remote_oob_data *cp = data;
4040 if (cp->addr.type != BDADDR_BREDR) {
4041 err = mgmt_cmd_complete(sk, hdev->id,
4042 MGMT_OP_ADD_REMOTE_OOB_DATA,
4043 MGMT_STATUS_INVALID_PARAMS,
4044 &cp->addr, sizeof(cp->addr));
4048 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4049 cp->addr.type, cp->hash,
4050 cp->rand, NULL, NULL);
4052 status = MGMT_STATUS_FAILED;
4054 status = MGMT_STATUS_SUCCESS;
4056 err = mgmt_cmd_complete(sk, hdev->id,
4057 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
4058 &cp->addr, sizeof(cp->addr));
4059 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
4060 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
4061 u8 *rand192, *hash192, *rand256, *hash256;
4064 if (bdaddr_type_is_le(cp->addr.type)) {
4065 /* Enforce zero-valued 192-bit parameters as
4066 * long as legacy SMP OOB isn't implemented.
4068 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
4069 memcmp(cp->hash192, ZERO_KEY, 16)) {
4070 err = mgmt_cmd_complete(sk, hdev->id,
4071 MGMT_OP_ADD_REMOTE_OOB_DATA,
4072 MGMT_STATUS_INVALID_PARAMS,
4073 addr, sizeof(*addr));
4080 /* In case one of the P-192 values is set to zero,
4081 * then just disable OOB data for P-192.
4083 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
4084 !memcmp(cp->hash192, ZERO_KEY, 16)) {
4088 rand192 = cp->rand192;
4089 hash192 = cp->hash192;
4093 /* In case one of the P-256 values is set to zero, then just
4094 * disable OOB data for P-256.
4096 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
4097 !memcmp(cp->hash256, ZERO_KEY, 16)) {
4101 rand256 = cp->rand256;
4102 hash256 = cp->hash256;
4105 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4106 cp->addr.type, hash192, rand192,
4109 status = MGMT_STATUS_FAILED;
4111 status = MGMT_STATUS_SUCCESS;
4113 err = mgmt_cmd_complete(sk, hdev->id,
4114 MGMT_OP_ADD_REMOTE_OOB_DATA,
4115 status, &cp->addr, sizeof(cp->addr));
4117 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
4118 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
4119 MGMT_STATUS_INVALID_PARAMS);
4123 hci_dev_unlock(hdev);
4127 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4128 void *data, u16 len)
4130 struct mgmt_cp_remove_remote_oob_data *cp = data;
4134 BT_DBG("%s", hdev->name);
4136 if (cp->addr.type != BDADDR_BREDR)
4137 return mgmt_cmd_complete(sk, hdev->id,
4138 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4139 MGMT_STATUS_INVALID_PARAMS,
4140 &cp->addr, sizeof(cp->addr));
4144 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4145 hci_remote_oob_data_clear(hdev);
4146 status = MGMT_STATUS_SUCCESS;
4150 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
4152 status = MGMT_STATUS_INVALID_PARAMS;
4154 status = MGMT_STATUS_SUCCESS;
4157 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4158 status, &cp->addr, sizeof(cp->addr));
4160 hci_dev_unlock(hdev);
4164 static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
4166 struct hci_dev *hdev = req->hdev;
4167 struct hci_cp_inquiry cp;
4168 /* General inquiry access code (GIAC) */
4169 u8 lap[3] = { 0x33, 0x8b, 0x9e };
4171 *status = mgmt_bredr_support(hdev);
4175 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
4176 *status = MGMT_STATUS_BUSY;
4180 hci_inquiry_cache_flush(hdev);
4182 memset(&cp, 0, sizeof(cp));
4183 memcpy(&cp.lap, lap, sizeof(cp.lap));
4184 cp.length = DISCOV_BREDR_INQUIRY_LEN;
4186 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
4191 static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
4193 struct hci_dev *hdev = req->hdev;
4194 struct hci_cp_le_set_scan_param param_cp;
4195 struct hci_cp_le_set_scan_enable enable_cp;
4199 *status = mgmt_le_support(hdev);
4203 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
4204 /* Don't let discovery abort an outgoing connection attempt
4205 * that's using directed advertising.
4207 if (hci_lookup_le_connect(hdev)) {
4208 *status = MGMT_STATUS_REJECTED;
4212 cancel_adv_timeout(hdev);
4213 disable_advertising(req);
4216 /* If controller is scanning, it means the background scanning is
4217 * running. Thus, we should temporarily stop it in order to set the
4218 * discovery scanning parameters.
4220 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
4221 hci_req_add_le_scan_disable(req);
4223 /* All active scans will be done with either a resolvable private
4224 * address (when privacy feature has been enabled) or non-resolvable
4227 err = hci_update_random_address(req, true, &own_addr_type);
4229 *status = MGMT_STATUS_FAILED;
4233 memset(¶m_cp, 0, sizeof(param_cp));
4234 param_cp.type = LE_SCAN_ACTIVE;
4235 param_cp.interval = cpu_to_le16(interval);
4236 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
4237 param_cp.own_address_type = own_addr_type;
4239 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
4242 memset(&enable_cp, 0, sizeof(enable_cp));
4243 enable_cp.enable = LE_SCAN_ENABLE;
4244 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
4246 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
4252 static bool trigger_discovery(struct hci_request *req, u8 *status)
4254 struct hci_dev *hdev = req->hdev;
4256 switch (hdev->discovery.type) {
4257 case DISCOV_TYPE_BREDR:
4258 if (!trigger_bredr_inquiry(req, status))
4262 case DISCOV_TYPE_INTERLEAVED:
4263 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
4265 /* During simultaneous discovery, we double LE scan
4266 * interval. We must leave some time for the controller
4267 * to do BR/EDR inquiry.
4269 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
4273 if (!trigger_bredr_inquiry(req, status))
4279 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4280 *status = MGMT_STATUS_NOT_SUPPORTED;
4285 case DISCOV_TYPE_LE:
4286 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
4291 *status = MGMT_STATUS_INVALID_PARAMS;
4298 static void start_discovery_complete(struct hci_dev *hdev, u8 status,
4301 struct mgmt_pending_cmd *cmd;
4302 unsigned long timeout;
4304 BT_DBG("status %d", status);
4308 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
4310 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4313 cmd->cmd_complete(cmd, mgmt_status(status));
4314 mgmt_pending_remove(cmd);
4318 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4322 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
4324 /* If the scan involves LE scan, pick proper timeout to schedule
4325 * hdev->le_scan_disable that will stop it.
4327 switch (hdev->discovery.type) {
4328 case DISCOV_TYPE_LE:
4329 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4331 case DISCOV_TYPE_INTERLEAVED:
4332 /* When running simultaneous discovery, the LE scanning time
4333 * should occupy the whole discovery time sine BR/EDR inquiry
4334 * and LE scanning are scheduled by the controller.
4336 * For interleaving discovery in comparison, BR/EDR inquiry
4337 * and LE scanning are done sequentially with separate
4340 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
4341 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4343 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
4345 case DISCOV_TYPE_BREDR:
4349 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
4355 /* When service discovery is used and the controller has
4356 * a strict duplicate filter, it is important to remember
4357 * the start and duration of the scan. This is required
4358 * for restarting scanning during the discovery phase.
4360 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4362 hdev->discovery.result_filtering) {
4363 hdev->discovery.scan_start = jiffies;
4364 hdev->discovery.scan_duration = timeout;
4367 queue_delayed_work(hdev->workqueue,
4368 &hdev->le_scan_disable, timeout);
4372 hci_dev_unlock(hdev);
4375 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4376 void *data, u16 len)
4378 struct mgmt_cp_start_discovery *cp = data;
4379 struct mgmt_pending_cmd *cmd;
4380 struct hci_request req;
4384 BT_DBG("%s", hdev->name);
4388 if (!hdev_is_powered(hdev)) {
4389 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4390 MGMT_STATUS_NOT_POWERED,
4391 &cp->type, sizeof(cp->type));
4395 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4396 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4397 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4398 MGMT_STATUS_BUSY, &cp->type,
4403 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4409 cmd->cmd_complete = generic_cmd_complete;
4411 /* Clear the discovery filter first to free any previously
4412 * allocated memory for the UUID list.
4414 hci_discovery_filter_clear(hdev);
4416 hdev->discovery.type = cp->type;
4417 hdev->discovery.report_invalid_rssi = false;
4419 hci_req_init(&req, hdev);
4421 if (!trigger_discovery(&req, &status)) {
4422 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4423 status, &cp->type, sizeof(cp->type));
4424 mgmt_pending_remove(cmd);
4428 err = hci_req_run(&req, start_discovery_complete);
4430 mgmt_pending_remove(cmd);
4434 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4437 hci_dev_unlock(hdev);
4441 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4444 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4448 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4449 void *data, u16 len)
4451 struct mgmt_cp_start_service_discovery *cp = data;
4452 struct mgmt_pending_cmd *cmd;
4453 struct hci_request req;
4454 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4455 u16 uuid_count, expected_len;
4459 BT_DBG("%s", hdev->name);
4463 if (!hdev_is_powered(hdev)) {
4464 err = mgmt_cmd_complete(sk, hdev->id,
4465 MGMT_OP_START_SERVICE_DISCOVERY,
4466 MGMT_STATUS_NOT_POWERED,
4467 &cp->type, sizeof(cp->type));
4471 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4472 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4473 err = mgmt_cmd_complete(sk, hdev->id,
4474 MGMT_OP_START_SERVICE_DISCOVERY,
4475 MGMT_STATUS_BUSY, &cp->type,
4480 uuid_count = __le16_to_cpu(cp->uuid_count);
4481 if (uuid_count > max_uuid_count) {
4482 BT_ERR("service_discovery: too big uuid_count value %u",
4484 err = mgmt_cmd_complete(sk, hdev->id,
4485 MGMT_OP_START_SERVICE_DISCOVERY,
4486 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4491 expected_len = sizeof(*cp) + uuid_count * 16;
4492 if (expected_len != len) {
4493 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4495 err = mgmt_cmd_complete(sk, hdev->id,
4496 MGMT_OP_START_SERVICE_DISCOVERY,
4497 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4502 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4509 cmd->cmd_complete = service_discovery_cmd_complete;
4511 /* Clear the discovery filter first to free any previously
4512 * allocated memory for the UUID list.
4514 hci_discovery_filter_clear(hdev);
4516 hdev->discovery.result_filtering = true;
4517 hdev->discovery.type = cp->type;
4518 hdev->discovery.rssi = cp->rssi;
4519 hdev->discovery.uuid_count = uuid_count;
4521 if (uuid_count > 0) {
4522 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4524 if (!hdev->discovery.uuids) {
4525 err = mgmt_cmd_complete(sk, hdev->id,
4526 MGMT_OP_START_SERVICE_DISCOVERY,
4528 &cp->type, sizeof(cp->type));
4529 mgmt_pending_remove(cmd);
4534 hci_req_init(&req, hdev);
4536 if (!trigger_discovery(&req, &status)) {
4537 err = mgmt_cmd_complete(sk, hdev->id,
4538 MGMT_OP_START_SERVICE_DISCOVERY,
4539 status, &cp->type, sizeof(cp->type));
4540 mgmt_pending_remove(cmd);
4544 err = hci_req_run(&req, start_discovery_complete);
4546 mgmt_pending_remove(cmd);
4550 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4553 hci_dev_unlock(hdev);
4557 static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4559 struct mgmt_pending_cmd *cmd;
4561 BT_DBG("status %d", status);
4565 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4567 cmd->cmd_complete(cmd, mgmt_status(status));
4568 mgmt_pending_remove(cmd);
4572 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4574 hci_dev_unlock(hdev);
4577 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4580 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4581 struct mgmt_pending_cmd *cmd;
4582 struct hci_request req;
4585 BT_DBG("%s", hdev->name);
4589 if (!hci_discovery_active(hdev)) {
4590 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4591 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4592 sizeof(mgmt_cp->type));
4596 if (hdev->discovery.type != mgmt_cp->type) {
4597 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4598 MGMT_STATUS_INVALID_PARAMS,
4599 &mgmt_cp->type, sizeof(mgmt_cp->type));
4603 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4609 cmd->cmd_complete = generic_cmd_complete;
4611 hci_req_init(&req, hdev);
4613 hci_stop_discovery(&req);
4615 err = hci_req_run(&req, stop_discovery_complete);
4617 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4621 mgmt_pending_remove(cmd);
4623 /* If no HCI commands were sent we're done */
4624 if (err == -ENODATA) {
4625 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4626 &mgmt_cp->type, sizeof(mgmt_cp->type));
4627 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4631 hci_dev_unlock(hdev);
4635 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4638 struct mgmt_cp_confirm_name *cp = data;
4639 struct inquiry_entry *e;
4642 BT_DBG("%s", hdev->name);
4646 if (!hci_discovery_active(hdev)) {
4647 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4648 MGMT_STATUS_FAILED, &cp->addr,
4653 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4655 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4656 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4661 if (cp->name_known) {
4662 e->name_state = NAME_KNOWN;
4665 e->name_state = NAME_NEEDED;
4666 hci_inquiry_cache_update_resolve(hdev, e);
4669 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4670 &cp->addr, sizeof(cp->addr));
4673 hci_dev_unlock(hdev);
4677 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4680 struct mgmt_cp_block_device *cp = data;
4684 BT_DBG("%s", hdev->name);
4686 if (!bdaddr_type_is_valid(cp->addr.type))
4687 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4688 MGMT_STATUS_INVALID_PARAMS,
4689 &cp->addr, sizeof(cp->addr));
4693 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4696 status = MGMT_STATUS_FAILED;
4700 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4702 status = MGMT_STATUS_SUCCESS;
4705 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4706 &cp->addr, sizeof(cp->addr));
4708 hci_dev_unlock(hdev);
4713 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4716 struct mgmt_cp_unblock_device *cp = data;
4720 BT_DBG("%s", hdev->name);
4722 if (!bdaddr_type_is_valid(cp->addr.type))
4723 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4724 MGMT_STATUS_INVALID_PARAMS,
4725 &cp->addr, sizeof(cp->addr));
4729 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4732 status = MGMT_STATUS_INVALID_PARAMS;
4736 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4738 status = MGMT_STATUS_SUCCESS;
4741 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4742 &cp->addr, sizeof(cp->addr));
4744 hci_dev_unlock(hdev);
4749 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4752 struct mgmt_cp_set_device_id *cp = data;
4753 struct hci_request req;
4757 BT_DBG("%s", hdev->name);
4759 source = __le16_to_cpu(cp->source);
4761 if (source > 0x0002)
4762 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4763 MGMT_STATUS_INVALID_PARAMS);
4767 hdev->devid_source = source;
4768 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4769 hdev->devid_product = __le16_to_cpu(cp->product);
4770 hdev->devid_version = __le16_to_cpu(cp->version);
4772 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4775 hci_req_init(&req, hdev);
4777 hci_req_run(&req, NULL);
4779 hci_dev_unlock(hdev);
4784 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4787 BT_DBG("status %d", status);
4790 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4793 struct cmd_lookup match = { NULL, hdev };
4794 struct hci_request req;
4796 struct adv_info *adv_instance;
4802 u8 mgmt_err = mgmt_status(status);
4804 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4805 cmd_status_rsp, &mgmt_err);
4809 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4810 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4812 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4814 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4817 new_settings(hdev, match.sk);
4822 /* If "Set Advertising" was just disabled and instance advertising was
4823 * set up earlier, then re-enable multi-instance advertising.
4825 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4826 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) ||
4827 list_empty(&hdev->adv_instances))
4830 instance = hdev->cur_adv_instance;
4832 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4833 struct adv_info, list);
4837 instance = adv_instance->instance;
4840 hci_req_init(&req, hdev);
4842 err = schedule_adv_instance(&req, instance, true);
4845 err = hci_req_run(&req, enable_advertising_instance);
4848 BT_ERR("Failed to re-configure advertising");
4851 hci_dev_unlock(hdev);
4854 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4857 struct mgmt_mode *cp = data;
4858 struct mgmt_pending_cmd *cmd;
4859 struct hci_request req;
4863 BT_DBG("request for %s", hdev->name);
4865 status = mgmt_le_support(hdev);
4867 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4870 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4871 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4872 MGMT_STATUS_INVALID_PARAMS);
4878 /* The following conditions are ones which mean that we should
4879 * not do any HCI communication but directly send a mgmt
4880 * response to user space (after toggling the flag if
4883 if (!hdev_is_powered(hdev) ||
4884 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4885 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4886 hci_conn_num(hdev, LE_LINK) > 0 ||
4887 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4888 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4892 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4893 if (cp->val == 0x02)
4894 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4896 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4898 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4899 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4902 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4907 err = new_settings(hdev, sk);
4912 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4913 pending_find(MGMT_OP_SET_LE, hdev)) {
4914 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4919 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4925 hci_req_init(&req, hdev);
4927 if (cp->val == 0x02)
4928 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4930 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4932 cancel_adv_timeout(hdev);
4935 /* Switch to instance "0" for the Set Advertising setting.
4936 * We cannot use update_[adv|scan_rsp]_data() here as the
4937 * HCI_ADVERTISING flag is not yet set.
4939 update_inst_adv_data(&req, 0x00);
4940 update_inst_scan_rsp_data(&req, 0x00);
4941 enable_advertising(&req);
4943 disable_advertising(&req);
4946 err = hci_req_run(&req, set_advertising_complete);
4948 mgmt_pending_remove(cmd);
4951 hci_dev_unlock(hdev);
4955 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4956 void *data, u16 len)
4958 struct mgmt_cp_set_static_address *cp = data;
4961 BT_DBG("%s", hdev->name);
4963 if (!lmp_le_capable(hdev))
4964 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4965 MGMT_STATUS_NOT_SUPPORTED);
4967 if (hdev_is_powered(hdev))
4968 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4969 MGMT_STATUS_REJECTED);
4971 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4972 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4973 return mgmt_cmd_status(sk, hdev->id,
4974 MGMT_OP_SET_STATIC_ADDRESS,
4975 MGMT_STATUS_INVALID_PARAMS);
4977 /* Two most significant bits shall be set */
4978 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4979 return mgmt_cmd_status(sk, hdev->id,
4980 MGMT_OP_SET_STATIC_ADDRESS,
4981 MGMT_STATUS_INVALID_PARAMS);
4986 bacpy(&hdev->static_addr, &cp->bdaddr);
4988 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4992 err = new_settings(hdev, sk);
4995 hci_dev_unlock(hdev);
4999 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
5000 void *data, u16 len)
5002 struct mgmt_cp_set_scan_params *cp = data;
5003 __u16 interval, window;
5006 BT_DBG("%s", hdev->name);
5008 if (!lmp_le_capable(hdev))
5009 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5010 MGMT_STATUS_NOT_SUPPORTED);
5012 interval = __le16_to_cpu(cp->interval);
5014 if (interval < 0x0004 || interval > 0x4000)
5015 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5016 MGMT_STATUS_INVALID_PARAMS);
5018 window = __le16_to_cpu(cp->window);
5020 if (window < 0x0004 || window > 0x4000)
5021 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5022 MGMT_STATUS_INVALID_PARAMS);
5024 if (window > interval)
5025 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5026 MGMT_STATUS_INVALID_PARAMS);
5030 hdev->le_scan_interval = interval;
5031 hdev->le_scan_window = window;
5033 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
5036 /* If background scan is running, restart it so new parameters are
5039 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
5040 hdev->discovery.state == DISCOVERY_STOPPED) {
5041 struct hci_request req;
5043 hci_req_init(&req, hdev);
5045 hci_req_add_le_scan_disable(&req);
5046 hci_req_add_le_passive_scan(&req);
5048 hci_req_run(&req, NULL);
5051 hci_dev_unlock(hdev);
5056 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
5059 struct mgmt_pending_cmd *cmd;
5061 BT_DBG("status 0x%02x", status);
5065 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5070 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5071 mgmt_status(status));
5073 struct mgmt_mode *cp = cmd->param;
5076 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
5078 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5080 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5081 new_settings(hdev, cmd->sk);
5084 mgmt_pending_remove(cmd);
5087 hci_dev_unlock(hdev);
5090 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
5091 void *data, u16 len)
5093 struct mgmt_mode *cp = data;
5094 struct mgmt_pending_cmd *cmd;
5095 struct hci_request req;
5098 BT_DBG("%s", hdev->name);
5100 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
5101 hdev->hci_ver < BLUETOOTH_VER_1_2)
5102 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5103 MGMT_STATUS_NOT_SUPPORTED);
5105 if (cp->val != 0x00 && cp->val != 0x01)
5106 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5107 MGMT_STATUS_INVALID_PARAMS);
5111 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
5112 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5117 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
5118 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5123 if (!hdev_is_powered(hdev)) {
5124 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
5125 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5127 new_settings(hdev, sk);
5131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
5138 hci_req_init(&req, hdev);
5140 write_fast_connectable(&req, cp->val);
5142 err = hci_req_run(&req, fast_connectable_complete);
5144 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5145 MGMT_STATUS_FAILED);
5146 mgmt_pending_remove(cmd);
5150 hci_dev_unlock(hdev);
5155 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5157 struct mgmt_pending_cmd *cmd;
5159 BT_DBG("status 0x%02x", status);
5163 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
5168 u8 mgmt_err = mgmt_status(status);
5170 /* We need to restore the flag if related HCI commands
5173 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
5175 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
5177 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5178 new_settings(hdev, cmd->sk);
5181 mgmt_pending_remove(cmd);
5184 hci_dev_unlock(hdev);
5187 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5189 struct mgmt_mode *cp = data;
5190 struct mgmt_pending_cmd *cmd;
5191 struct hci_request req;
5194 BT_DBG("request for %s", hdev->name);
5196 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
5197 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5198 MGMT_STATUS_NOT_SUPPORTED);
5200 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5201 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5202 MGMT_STATUS_REJECTED);
5204 if (cp->val != 0x00 && cp->val != 0x01)
5205 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5206 MGMT_STATUS_INVALID_PARAMS);
5210 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5211 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5215 if (!hdev_is_powered(hdev)) {
5217 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
5218 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
5219 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
5220 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5221 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
5224 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
5226 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5230 err = new_settings(hdev, sk);
5234 /* Reject disabling when powered on */
5236 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5237 MGMT_STATUS_REJECTED);
5240 /* When configuring a dual-mode controller to operate
5241 * with LE only and using a static address, then switching
5242 * BR/EDR back on is not allowed.
5244 * Dual-mode controllers shall operate with the public
5245 * address as its identity address for BR/EDR and LE. So
5246 * reject the attempt to create an invalid configuration.
5248 * The same restrictions applies when secure connections
5249 * has been enabled. For BR/EDR this is a controller feature
5250 * while for LE it is a host stack feature. This means that
5251 * switching BR/EDR back on when secure connections has been
5252 * enabled is not a supported transaction.
5254 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5255 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5256 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
5257 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5258 MGMT_STATUS_REJECTED);
5263 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
5264 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5269 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5275 /* We need to flip the bit already here so that update_adv_data
5276 * generates the correct flags.
5278 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
5280 hci_req_init(&req, hdev);
5282 write_fast_connectable(&req, false);
5283 __hci_update_page_scan(&req);
5285 /* Since only the advertising data flags will change, there
5286 * is no need to update the scan response data.
5288 update_adv_data(&req);
5290 err = hci_req_run(&req, set_bredr_complete);
5292 mgmt_pending_remove(cmd);
5295 hci_dev_unlock(hdev);
5299 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5301 struct mgmt_pending_cmd *cmd;
5302 struct mgmt_mode *cp;
5304 BT_DBG("%s status %u", hdev->name, status);
5308 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5313 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5314 mgmt_status(status));
5322 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5323 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5326 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5327 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5330 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5331 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5335 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5336 new_settings(hdev, cmd->sk);
5339 mgmt_pending_remove(cmd);
5341 hci_dev_unlock(hdev);
5344 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5345 void *data, u16 len)
5347 struct mgmt_mode *cp = data;
5348 struct mgmt_pending_cmd *cmd;
5349 struct hci_request req;
5353 BT_DBG("request for %s", hdev->name);
5355 if (!lmp_sc_capable(hdev) &&
5356 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5357 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5358 MGMT_STATUS_NOT_SUPPORTED);
5360 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5361 lmp_sc_capable(hdev) &&
5362 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
5363 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5364 MGMT_STATUS_REJECTED);
5366 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5367 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5368 MGMT_STATUS_INVALID_PARAMS);
5372 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5373 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5377 changed = !hci_dev_test_and_set_flag(hdev,
5379 if (cp->val == 0x02)
5380 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5382 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5384 changed = hci_dev_test_and_clear_flag(hdev,
5386 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5389 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5394 err = new_settings(hdev, sk);
5399 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5400 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5407 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5408 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5409 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5413 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5419 hci_req_init(&req, hdev);
5420 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5421 err = hci_req_run(&req, sc_enable_complete);
5423 mgmt_pending_remove(cmd);
5428 hci_dev_unlock(hdev);
5432 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5433 void *data, u16 len)
5435 struct mgmt_mode *cp = data;
5436 bool changed, use_changed;
5439 BT_DBG("request for %s", hdev->name);
5441 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5442 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5443 MGMT_STATUS_INVALID_PARAMS);
5448 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5450 changed = hci_dev_test_and_clear_flag(hdev,
5451 HCI_KEEP_DEBUG_KEYS);
5453 if (cp->val == 0x02)
5454 use_changed = !hci_dev_test_and_set_flag(hdev,
5455 HCI_USE_DEBUG_KEYS);
5457 use_changed = hci_dev_test_and_clear_flag(hdev,
5458 HCI_USE_DEBUG_KEYS);
5460 if (hdev_is_powered(hdev) && use_changed &&
5461 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5462 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5463 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5464 sizeof(mode), &mode);
5467 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5472 err = new_settings(hdev, sk);
5475 hci_dev_unlock(hdev);
5479 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5482 struct mgmt_cp_set_privacy *cp = cp_data;
5486 BT_DBG("request for %s", hdev->name);
5488 if (!lmp_le_capable(hdev))
5489 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5490 MGMT_STATUS_NOT_SUPPORTED);
5492 if (cp->privacy != 0x00 && cp->privacy != 0x01)
5493 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5494 MGMT_STATUS_INVALID_PARAMS);
5496 if (hdev_is_powered(hdev))
5497 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5498 MGMT_STATUS_REJECTED);
5502 /* If user space supports this command it is also expected to
5503 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5505 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5508 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
5509 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5510 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5512 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
5513 memset(hdev->irk, 0, sizeof(hdev->irk));
5514 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
5517 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5522 err = new_settings(hdev, sk);
5525 hci_dev_unlock(hdev);
5529 static bool irk_is_valid(struct mgmt_irk_info *irk)
5531 switch (irk->addr.type) {
5532 case BDADDR_LE_PUBLIC:
5535 case BDADDR_LE_RANDOM:
5536 /* Two most significant bits shall be set */
5537 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5545 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5548 struct mgmt_cp_load_irks *cp = cp_data;
5549 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5550 sizeof(struct mgmt_irk_info));
5551 u16 irk_count, expected_len;
5554 BT_DBG("request for %s", hdev->name);
5556 if (!lmp_le_capable(hdev))
5557 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5558 MGMT_STATUS_NOT_SUPPORTED);
5560 irk_count = __le16_to_cpu(cp->irk_count);
5561 if (irk_count > max_irk_count) {
5562 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5563 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5564 MGMT_STATUS_INVALID_PARAMS);
5567 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5568 if (expected_len != len) {
5569 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5571 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5572 MGMT_STATUS_INVALID_PARAMS);
5575 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5577 for (i = 0; i < irk_count; i++) {
5578 struct mgmt_irk_info *key = &cp->irks[i];
5580 if (!irk_is_valid(key))
5581 return mgmt_cmd_status(sk, hdev->id,
5583 MGMT_STATUS_INVALID_PARAMS);
5588 hci_smp_irks_clear(hdev);
5590 for (i = 0; i < irk_count; i++) {
5591 struct mgmt_irk_info *irk = &cp->irks[i];
5593 hci_add_irk(hdev, &irk->addr.bdaddr,
5594 le_addr_type(irk->addr.type), irk->val,
5598 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5600 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5602 hci_dev_unlock(hdev);
5607 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5609 if (key->master != 0x00 && key->master != 0x01)
5612 switch (key->addr.type) {
5613 case BDADDR_LE_PUBLIC:
5616 case BDADDR_LE_RANDOM:
5617 /* Two most significant bits shall be set */
5618 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5626 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5627 void *cp_data, u16 len)
5629 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5630 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5631 sizeof(struct mgmt_ltk_info));
5632 u16 key_count, expected_len;
5635 BT_DBG("request for %s", hdev->name);
5637 if (!lmp_le_capable(hdev))
5638 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5639 MGMT_STATUS_NOT_SUPPORTED);
5641 key_count = __le16_to_cpu(cp->key_count);
5642 if (key_count > max_key_count) {
5643 BT_ERR("load_ltks: too big key_count value %u", key_count);
5644 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5645 MGMT_STATUS_INVALID_PARAMS);
5648 expected_len = sizeof(*cp) + key_count *
5649 sizeof(struct mgmt_ltk_info);
5650 if (expected_len != len) {
5651 BT_ERR("load_keys: expected %u bytes, got %u bytes",
5653 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5654 MGMT_STATUS_INVALID_PARAMS);
5657 BT_DBG("%s key_count %u", hdev->name, key_count);
5659 for (i = 0; i < key_count; i++) {
5660 struct mgmt_ltk_info *key = &cp->keys[i];
5662 if (!ltk_is_valid(key))
5663 return mgmt_cmd_status(sk, hdev->id,
5664 MGMT_OP_LOAD_LONG_TERM_KEYS,
5665 MGMT_STATUS_INVALID_PARAMS);
5670 hci_smp_ltks_clear(hdev);
5672 for (i = 0; i < key_count; i++) {
5673 struct mgmt_ltk_info *key = &cp->keys[i];
5674 u8 type, authenticated;
5676 switch (key->type) {
5677 case MGMT_LTK_UNAUTHENTICATED:
5678 authenticated = 0x00;
5679 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5681 case MGMT_LTK_AUTHENTICATED:
5682 authenticated = 0x01;
5683 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5685 case MGMT_LTK_P256_UNAUTH:
5686 authenticated = 0x00;
5687 type = SMP_LTK_P256;
5689 case MGMT_LTK_P256_AUTH:
5690 authenticated = 0x01;
5691 type = SMP_LTK_P256;
5693 case MGMT_LTK_P256_DEBUG:
5694 authenticated = 0x00;
5695 type = SMP_LTK_P256_DEBUG;
5700 hci_add_ltk(hdev, &key->addr.bdaddr,
5701 le_addr_type(key->addr.type), type, authenticated,
5702 key->val, key->enc_size, key->ediv, key->rand);
5705 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5708 hci_dev_unlock(hdev);
5713 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5715 struct hci_conn *conn = cmd->user_data;
5716 struct mgmt_rp_get_conn_info rp;
5719 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5721 if (status == MGMT_STATUS_SUCCESS) {
5722 rp.rssi = conn->rssi;
5723 rp.tx_power = conn->tx_power;
5724 rp.max_tx_power = conn->max_tx_power;
5726 rp.rssi = HCI_RSSI_INVALID;
5727 rp.tx_power = HCI_TX_POWER_INVALID;
5728 rp.max_tx_power = HCI_TX_POWER_INVALID;
5731 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5732 status, &rp, sizeof(rp));
5734 hci_conn_drop(conn);
5740 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5743 struct hci_cp_read_rssi *cp;
5744 struct mgmt_pending_cmd *cmd;
5745 struct hci_conn *conn;
5749 BT_DBG("status 0x%02x", hci_status);
5753 /* Commands sent in request are either Read RSSI or Read Transmit Power
5754 * Level so we check which one was last sent to retrieve connection
5755 * handle. Both commands have handle as first parameter so it's safe to
5756 * cast data on the same command struct.
5758 * First command sent is always Read RSSI and we fail only if it fails.
5759 * In other case we simply override error to indicate success as we
5760 * already remembered if TX power value is actually valid.
5762 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5764 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5765 status = MGMT_STATUS_SUCCESS;
5767 status = mgmt_status(hci_status);
5771 BT_ERR("invalid sent_cmd in conn_info response");
5775 handle = __le16_to_cpu(cp->handle);
5776 conn = hci_conn_hash_lookup_handle(hdev, handle);
5778 BT_ERR("unknown handle (%d) in conn_info response", handle);
5782 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5786 cmd->cmd_complete(cmd, status);
5787 mgmt_pending_remove(cmd);
5790 hci_dev_unlock(hdev);
5793 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5796 struct mgmt_cp_get_conn_info *cp = data;
5797 struct mgmt_rp_get_conn_info rp;
5798 struct hci_conn *conn;
5799 unsigned long conn_info_age;
5802 BT_DBG("%s", hdev->name);
5804 memset(&rp, 0, sizeof(rp));
5805 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5806 rp.addr.type = cp->addr.type;
5808 if (!bdaddr_type_is_valid(cp->addr.type))
5809 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5810 MGMT_STATUS_INVALID_PARAMS,
5815 if (!hdev_is_powered(hdev)) {
5816 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5817 MGMT_STATUS_NOT_POWERED, &rp,
5822 if (cp->addr.type == BDADDR_BREDR)
5823 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5826 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5828 if (!conn || conn->state != BT_CONNECTED) {
5829 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5830 MGMT_STATUS_NOT_CONNECTED, &rp,
5835 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5836 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5837 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5841 /* To avoid client trying to guess when to poll again for information we
5842 * calculate conn info age as random value between min/max set in hdev.
5844 conn_info_age = hdev->conn_info_min_age +
5845 prandom_u32_max(hdev->conn_info_max_age -
5846 hdev->conn_info_min_age);
5848 /* Query controller to refresh cached values if they are too old or were
5851 if (time_after(jiffies, conn->conn_info_timestamp +
5852 msecs_to_jiffies(conn_info_age)) ||
5853 !conn->conn_info_timestamp) {
5854 struct hci_request req;
5855 struct hci_cp_read_tx_power req_txp_cp;
5856 struct hci_cp_read_rssi req_rssi_cp;
5857 struct mgmt_pending_cmd *cmd;
5859 hci_req_init(&req, hdev);
5860 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5861 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5864 /* For LE links TX power does not change thus we don't need to
5865 * query for it once value is known.
5867 if (!bdaddr_type_is_le(cp->addr.type) ||
5868 conn->tx_power == HCI_TX_POWER_INVALID) {
5869 req_txp_cp.handle = cpu_to_le16(conn->handle);
5870 req_txp_cp.type = 0x00;
5871 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5872 sizeof(req_txp_cp), &req_txp_cp);
5875 /* Max TX power needs to be read only once per connection */
5876 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5877 req_txp_cp.handle = cpu_to_le16(conn->handle);
5878 req_txp_cp.type = 0x01;
5879 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5880 sizeof(req_txp_cp), &req_txp_cp);
5883 err = hci_req_run(&req, conn_info_refresh_complete);
5887 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5894 hci_conn_hold(conn);
5895 cmd->user_data = hci_conn_get(conn);
5896 cmd->cmd_complete = conn_info_cmd_complete;
5898 conn->conn_info_timestamp = jiffies;
5900 /* Cache is valid, just reply with values cached in hci_conn */
5901 rp.rssi = conn->rssi;
5902 rp.tx_power = conn->tx_power;
5903 rp.max_tx_power = conn->max_tx_power;
5905 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5906 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5910 hci_dev_unlock(hdev);
5914 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5916 struct hci_conn *conn = cmd->user_data;
5917 struct mgmt_rp_get_clock_info rp;
5918 struct hci_dev *hdev;
5921 memset(&rp, 0, sizeof(rp));
5922 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5927 hdev = hci_dev_get(cmd->index);
5929 rp.local_clock = cpu_to_le32(hdev->clock);
5934 rp.piconet_clock = cpu_to_le32(conn->clock);
5935 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5939 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5943 hci_conn_drop(conn);
5950 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5952 struct hci_cp_read_clock *hci_cp;
5953 struct mgmt_pending_cmd *cmd;
5954 struct hci_conn *conn;
5956 BT_DBG("%s status %u", hdev->name, status);
5960 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5964 if (hci_cp->which) {
5965 u16 handle = __le16_to_cpu(hci_cp->handle);
5966 conn = hci_conn_hash_lookup_handle(hdev, handle);
5971 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5975 cmd->cmd_complete(cmd, mgmt_status(status));
5976 mgmt_pending_remove(cmd);
5979 hci_dev_unlock(hdev);
5982 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5985 struct mgmt_cp_get_clock_info *cp = data;
5986 struct mgmt_rp_get_clock_info rp;
5987 struct hci_cp_read_clock hci_cp;
5988 struct mgmt_pending_cmd *cmd;
5989 struct hci_request req;
5990 struct hci_conn *conn;
5993 BT_DBG("%s", hdev->name);
5995 memset(&rp, 0, sizeof(rp));
5996 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5997 rp.addr.type = cp->addr.type;
5999 if (cp->addr.type != BDADDR_BREDR)
6000 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6001 MGMT_STATUS_INVALID_PARAMS,
6006 if (!hdev_is_powered(hdev)) {
6007 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6008 MGMT_STATUS_NOT_POWERED, &rp,
6013 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6014 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6016 if (!conn || conn->state != BT_CONNECTED) {
6017 err = mgmt_cmd_complete(sk, hdev->id,
6018 MGMT_OP_GET_CLOCK_INFO,
6019 MGMT_STATUS_NOT_CONNECTED,
6027 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
6033 cmd->cmd_complete = clock_info_cmd_complete;
6035 hci_req_init(&req, hdev);
6037 memset(&hci_cp, 0, sizeof(hci_cp));
6038 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6041 hci_conn_hold(conn);
6042 cmd->user_data = hci_conn_get(conn);
6044 hci_cp.handle = cpu_to_le16(conn->handle);
6045 hci_cp.which = 0x01; /* Piconet clock */
6046 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6049 err = hci_req_run(&req, get_clock_info_complete);
6051 mgmt_pending_remove(cmd);
6054 hci_dev_unlock(hdev);
6058 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
6060 struct hci_conn *conn;
6062 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
6066 if (conn->dst_type != type)
6069 if (conn->state != BT_CONNECTED)
6075 /* This function requires the caller holds hdev->lock */
6076 static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
6077 u8 addr_type, u8 auto_connect)
6079 struct hci_dev *hdev = req->hdev;
6080 struct hci_conn_params *params;
6082 params = hci_conn_params_add(hdev, addr, addr_type);
6086 if (params->auto_connect == auto_connect)
6089 list_del_init(¶ms->action);
6091 switch (auto_connect) {
6092 case HCI_AUTO_CONN_DISABLED:
6093 case HCI_AUTO_CONN_LINK_LOSS:
6094 /* If auto connect is being disabled when we're trying to
6095 * connect to device, keep connecting.
6097 if (params->explicit_connect)
6098 list_add(¶ms->action, &hdev->pend_le_conns);
6100 __hci_update_background_scan(req);
6102 case HCI_AUTO_CONN_REPORT:
6103 if (params->explicit_connect)
6104 list_add(¶ms->action, &hdev->pend_le_conns);
6106 list_add(¶ms->action, &hdev->pend_le_reports);
6107 __hci_update_background_scan(req);
6109 case HCI_AUTO_CONN_DIRECT:
6110 case HCI_AUTO_CONN_ALWAYS:
6111 if (!is_connected(hdev, addr, addr_type)) {
6112 list_add(¶ms->action, &hdev->pend_le_conns);
6113 /* If we are in scan phase of connecting, we were
6114 * already added to pend_le_conns and scanning.
6116 if (params->auto_connect != HCI_AUTO_CONN_EXPLICIT)
6117 __hci_update_background_scan(req);
6122 params->auto_connect = auto_connect;
6124 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
6130 static void device_added(struct sock *sk, struct hci_dev *hdev,
6131 bdaddr_t *bdaddr, u8 type, u8 action)
6133 struct mgmt_ev_device_added ev;
6135 bacpy(&ev.addr.bdaddr, bdaddr);
6136 ev.addr.type = type;
6139 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
6142 static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6144 struct mgmt_pending_cmd *cmd;
6146 BT_DBG("status 0x%02x", status);
6150 cmd = pending_find(MGMT_OP_ADD_DEVICE, hdev);
6154 cmd->cmd_complete(cmd, mgmt_status(status));
6155 mgmt_pending_remove(cmd);
6158 hci_dev_unlock(hdev);
6161 static int add_device(struct sock *sk, struct hci_dev *hdev,
6162 void *data, u16 len)
6164 struct mgmt_cp_add_device *cp = data;
6165 struct mgmt_pending_cmd *cmd;
6166 struct hci_request req;
6167 u8 auto_conn, addr_type;
6170 BT_DBG("%s", hdev->name);
6172 if (!bdaddr_type_is_valid(cp->addr.type) ||
6173 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
6174 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6175 MGMT_STATUS_INVALID_PARAMS,
6176 &cp->addr, sizeof(cp->addr));
6178 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
6179 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6180 MGMT_STATUS_INVALID_PARAMS,
6181 &cp->addr, sizeof(cp->addr));
6183 hci_req_init(&req, hdev);
6187 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
6193 cmd->cmd_complete = addr_cmd_complete;
6195 if (cp->addr.type == BDADDR_BREDR) {
6196 /* Only incoming connections action is supported for now */
6197 if (cp->action != 0x01) {
6198 err = cmd->cmd_complete(cmd,
6199 MGMT_STATUS_INVALID_PARAMS);
6200 mgmt_pending_remove(cmd);
6204 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
6209 __hci_update_page_scan(&req);
6214 addr_type = le_addr_type(cp->addr.type);
6216 if (cp->action == 0x02)
6217 auto_conn = HCI_AUTO_CONN_ALWAYS;
6218 else if (cp->action == 0x01)
6219 auto_conn = HCI_AUTO_CONN_DIRECT;
6221 auto_conn = HCI_AUTO_CONN_REPORT;
6223 /* Kernel internally uses conn_params with resolvable private
6224 * address, but Add Device allows only identity addresses.
6225 * Make sure it is enforced before calling
6226 * hci_conn_params_lookup.
6228 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
6229 err = cmd->cmd_complete(cmd, MGMT_STATUS_INVALID_PARAMS);
6230 mgmt_pending_remove(cmd);
6234 /* If the connection parameters don't exist for this device,
6235 * they will be created and configured with defaults.
6237 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
6239 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
6240 mgmt_pending_remove(cmd);
6245 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
6247 err = hci_req_run(&req, add_device_complete);
6249 /* ENODATA means no HCI commands were needed (e.g. if
6250 * the adapter is powered off).
6252 if (err == -ENODATA)
6253 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6254 mgmt_pending_remove(cmd);
6258 hci_dev_unlock(hdev);
6262 static void device_removed(struct sock *sk, struct hci_dev *hdev,
6263 bdaddr_t *bdaddr, u8 type)
6265 struct mgmt_ev_device_removed ev;
6267 bacpy(&ev.addr.bdaddr, bdaddr);
6268 ev.addr.type = type;
6270 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6273 static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6275 struct mgmt_pending_cmd *cmd;
6277 BT_DBG("status 0x%02x", status);
6281 cmd = pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
6285 cmd->cmd_complete(cmd, mgmt_status(status));
6286 mgmt_pending_remove(cmd);
6289 hci_dev_unlock(hdev);
6292 static int remove_device(struct sock *sk, struct hci_dev *hdev,
6293 void *data, u16 len)
6295 struct mgmt_cp_remove_device *cp = data;
6296 struct mgmt_pending_cmd *cmd;
6297 struct hci_request req;
6300 BT_DBG("%s", hdev->name);
6302 hci_req_init(&req, hdev);
6306 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
6312 cmd->cmd_complete = addr_cmd_complete;
6314 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6315 struct hci_conn_params *params;
6318 if (!bdaddr_type_is_valid(cp->addr.type)) {
6319 err = cmd->cmd_complete(cmd,
6320 MGMT_STATUS_INVALID_PARAMS);
6321 mgmt_pending_remove(cmd);
6325 if (cp->addr.type == BDADDR_BREDR) {
6326 err = hci_bdaddr_list_del(&hdev->whitelist,
6330 err = cmd->cmd_complete(cmd,
6331 MGMT_STATUS_INVALID_PARAMS);
6332 mgmt_pending_remove(cmd);
6336 __hci_update_page_scan(&req);
6338 device_removed(sk, hdev, &cp->addr.bdaddr,
6343 addr_type = le_addr_type(cp->addr.type);
6345 /* Kernel internally uses conn_params with resolvable private
6346 * address, but Remove Device allows only identity addresses.
6347 * Make sure it is enforced before calling
6348 * hci_conn_params_lookup.
6350 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
6351 err = cmd->cmd_complete(cmd,
6352 MGMT_STATUS_INVALID_PARAMS);
6353 mgmt_pending_remove(cmd);
6357 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6360 err = cmd->cmd_complete(cmd,
6361 MGMT_STATUS_INVALID_PARAMS);
6362 mgmt_pending_remove(cmd);
6366 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
6367 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
6368 err = cmd->cmd_complete(cmd,
6369 MGMT_STATUS_INVALID_PARAMS);
6370 mgmt_pending_remove(cmd);
6374 list_del(¶ms->action);
6375 list_del(¶ms->list);
6377 __hci_update_background_scan(&req);
6379 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
6381 struct hci_conn_params *p, *tmp;
6382 struct bdaddr_list *b, *btmp;
6384 if (cp->addr.type) {
6385 err = cmd->cmd_complete(cmd,
6386 MGMT_STATUS_INVALID_PARAMS);
6387 mgmt_pending_remove(cmd);
6391 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6392 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6397 __hci_update_page_scan(&req);
6399 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6400 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6402 device_removed(sk, hdev, &p->addr, p->addr_type);
6403 if (p->explicit_connect) {
6404 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
6407 list_del(&p->action);
6412 BT_DBG("All LE connection parameters were removed");
6414 __hci_update_background_scan(&req);
6418 err = hci_req_run(&req, remove_device_complete);
6420 /* ENODATA means no HCI commands were needed (e.g. if
6421 * the adapter is powered off).
6423 if (err == -ENODATA)
6424 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6425 mgmt_pending_remove(cmd);
6429 hci_dev_unlock(hdev);
6433 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6436 struct mgmt_cp_load_conn_param *cp = data;
6437 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6438 sizeof(struct mgmt_conn_param));
6439 u16 param_count, expected_len;
6442 if (!lmp_le_capable(hdev))
6443 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6444 MGMT_STATUS_NOT_SUPPORTED);
6446 param_count = __le16_to_cpu(cp->param_count);
6447 if (param_count > max_param_count) {
6448 BT_ERR("load_conn_param: too big param_count value %u",
6450 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6451 MGMT_STATUS_INVALID_PARAMS);
6454 expected_len = sizeof(*cp) + param_count *
6455 sizeof(struct mgmt_conn_param);
6456 if (expected_len != len) {
6457 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6459 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6460 MGMT_STATUS_INVALID_PARAMS);
6463 BT_DBG("%s param_count %u", hdev->name, param_count);
6467 hci_conn_params_clear_disabled(hdev);
6469 for (i = 0; i < param_count; i++) {
6470 struct mgmt_conn_param *param = &cp->params[i];
6471 struct hci_conn_params *hci_param;
6472 u16 min, max, latency, timeout;
6475 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
6478 if (param->addr.type == BDADDR_LE_PUBLIC) {
6479 addr_type = ADDR_LE_DEV_PUBLIC;
6480 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6481 addr_type = ADDR_LE_DEV_RANDOM;
6483 BT_ERR("Ignoring invalid connection parameters");
6487 min = le16_to_cpu(param->min_interval);
6488 max = le16_to_cpu(param->max_interval);
6489 latency = le16_to_cpu(param->latency);
6490 timeout = le16_to_cpu(param->timeout);
6492 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6493 min, max, latency, timeout);
6495 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6496 BT_ERR("Ignoring invalid connection parameters");
6500 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
6503 BT_ERR("Failed to add connection parameters");
6507 hci_param->conn_min_interval = min;
6508 hci_param->conn_max_interval = max;
6509 hci_param->conn_latency = latency;
6510 hci_param->supervision_timeout = timeout;
6513 hci_dev_unlock(hdev);
6515 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6519 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6520 void *data, u16 len)
6522 struct mgmt_cp_set_external_config *cp = data;
6526 BT_DBG("%s", hdev->name);
6528 if (hdev_is_powered(hdev))
6529 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6530 MGMT_STATUS_REJECTED);
6532 if (cp->config != 0x00 && cp->config != 0x01)
6533 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6534 MGMT_STATUS_INVALID_PARAMS);
6536 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6537 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6538 MGMT_STATUS_NOT_SUPPORTED);
6543 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6545 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6547 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6554 err = new_options(hdev, sk);
6556 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6557 mgmt_index_removed(hdev);
6559 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6560 hci_dev_set_flag(hdev, HCI_CONFIG);
6561 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6563 queue_work(hdev->req_workqueue, &hdev->power_on);
6565 set_bit(HCI_RAW, &hdev->flags);
6566 mgmt_index_added(hdev);
6571 hci_dev_unlock(hdev);
6575 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6576 void *data, u16 len)
6578 struct mgmt_cp_set_public_address *cp = data;
6582 BT_DBG("%s", hdev->name);
6584 if (hdev_is_powered(hdev))
6585 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6586 MGMT_STATUS_REJECTED);
6588 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6589 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6590 MGMT_STATUS_INVALID_PARAMS);
6592 if (!hdev->set_bdaddr)
6593 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6594 MGMT_STATUS_NOT_SUPPORTED);
6598 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6599 bacpy(&hdev->public_addr, &cp->bdaddr);
6601 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6608 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6609 err = new_options(hdev, sk);
6611 if (is_configured(hdev)) {
6612 mgmt_index_removed(hdev);
6614 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6616 hci_dev_set_flag(hdev, HCI_CONFIG);
6617 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6619 queue_work(hdev->req_workqueue, &hdev->power_on);
6623 hci_dev_unlock(hdev);
6627 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6630 eir[eir_len++] = sizeof(type) + data_len;
6631 eir[eir_len++] = type;
6632 memcpy(&eir[eir_len], data, data_len);
6633 eir_len += data_len;
6638 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6639 u16 opcode, struct sk_buff *skb)
6641 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6642 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6643 u8 *h192, *r192, *h256, *r256;
6644 struct mgmt_pending_cmd *cmd;
6648 BT_DBG("%s status %u", hdev->name, status);
6650 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6654 mgmt_cp = cmd->param;
6657 status = mgmt_status(status);
6664 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6665 struct hci_rp_read_local_oob_data *rp;
6667 if (skb->len != sizeof(*rp)) {
6668 status = MGMT_STATUS_FAILED;
6671 status = MGMT_STATUS_SUCCESS;
6672 rp = (void *)skb->data;
6674 eir_len = 5 + 18 + 18;
6681 struct hci_rp_read_local_oob_ext_data *rp;
6683 if (skb->len != sizeof(*rp)) {
6684 status = MGMT_STATUS_FAILED;
6687 status = MGMT_STATUS_SUCCESS;
6688 rp = (void *)skb->data;
6690 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6691 eir_len = 5 + 18 + 18;
6695 eir_len = 5 + 18 + 18 + 18 + 18;
6705 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6712 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6713 hdev->dev_class, 3);
6716 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6717 EIR_SSP_HASH_C192, h192, 16);
6718 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6719 EIR_SSP_RAND_R192, r192, 16);
6723 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6724 EIR_SSP_HASH_C256, h256, 16);
6725 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6726 EIR_SSP_RAND_R256, r256, 16);
6730 mgmt_rp->type = mgmt_cp->type;
6731 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6733 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6734 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6735 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6736 if (err < 0 || status)
6739 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6741 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6742 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6743 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6746 mgmt_pending_remove(cmd);
6749 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6750 struct mgmt_cp_read_local_oob_ext_data *cp)
6752 struct mgmt_pending_cmd *cmd;
6753 struct hci_request req;
6756 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6761 hci_req_init(&req, hdev);
6763 if (bredr_sc_enabled(hdev))
6764 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6766 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6768 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6770 mgmt_pending_remove(cmd);
6777 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6778 void *data, u16 data_len)
6780 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6781 struct mgmt_rp_read_local_oob_ext_data *rp;
6784 u8 status, flags, role, addr[7], hash[16], rand[16];
6787 BT_DBG("%s", hdev->name);
6789 if (hdev_is_powered(hdev)) {
6791 case BIT(BDADDR_BREDR):
6792 status = mgmt_bredr_support(hdev);
6798 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6799 status = mgmt_le_support(hdev);
6803 eir_len = 9 + 3 + 18 + 18 + 3;
6806 status = MGMT_STATUS_INVALID_PARAMS;
6811 status = MGMT_STATUS_NOT_POWERED;
6815 rp_len = sizeof(*rp) + eir_len;
6816 rp = kmalloc(rp_len, GFP_ATOMIC);
6827 case BIT(BDADDR_BREDR):
6828 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6829 err = read_local_ssp_oob_req(hdev, sk, cp);
6830 hci_dev_unlock(hdev);
6834 status = MGMT_STATUS_FAILED;
6837 eir_len = eir_append_data(rp->eir, eir_len,
6839 hdev->dev_class, 3);
6842 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6843 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6844 smp_generate_oob(hdev, hash, rand) < 0) {
6845 hci_dev_unlock(hdev);
6846 status = MGMT_STATUS_FAILED;
6850 /* This should return the active RPA, but since the RPA
6851 * is only programmed on demand, it is really hard to fill
6852 * this in at the moment. For now disallow retrieving
6853 * local out-of-band data when privacy is in use.
6855 * Returning the identity address will not help here since
6856 * pairing happens before the identity resolving key is
6857 * known and thus the connection establishment happens
6858 * based on the RPA and not the identity address.
6860 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6861 hci_dev_unlock(hdev);
6862 status = MGMT_STATUS_REJECTED;
6866 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6867 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6868 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6869 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6870 memcpy(addr, &hdev->static_addr, 6);
6873 memcpy(addr, &hdev->bdaddr, 6);
6877 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6878 addr, sizeof(addr));
6880 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6885 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6886 &role, sizeof(role));
6888 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6889 eir_len = eir_append_data(rp->eir, eir_len,
6891 hash, sizeof(hash));
6893 eir_len = eir_append_data(rp->eir, eir_len,
6895 rand, sizeof(rand));
6898 flags = get_adv_discov_flags(hdev);
6900 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6901 flags |= LE_AD_NO_BREDR;
6903 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6904 &flags, sizeof(flags));
6908 hci_dev_unlock(hdev);
6910 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6912 status = MGMT_STATUS_SUCCESS;
6915 rp->type = cp->type;
6916 rp->eir_len = cpu_to_le16(eir_len);
6918 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6919 status, rp, sizeof(*rp) + eir_len);
6920 if (err < 0 || status)
6923 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6924 rp, sizeof(*rp) + eir_len,
6925 HCI_MGMT_OOB_DATA_EVENTS, sk);
6933 static u32 get_supported_adv_flags(struct hci_dev *hdev)
6937 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6938 flags |= MGMT_ADV_FLAG_DISCOV;
6939 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6940 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6942 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
6943 flags |= MGMT_ADV_FLAG_TX_POWER;
6948 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6949 void *data, u16 data_len)
6951 struct mgmt_rp_read_adv_features *rp;
6955 struct adv_info *adv_instance;
6956 u32 supported_flags;
6958 BT_DBG("%s", hdev->name);
6960 if (!lmp_le_capable(hdev))
6961 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6962 MGMT_STATUS_REJECTED);
6966 rp_len = sizeof(*rp);
6968 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6970 rp_len += hdev->adv_instance_cnt;
6972 rp = kmalloc(rp_len, GFP_ATOMIC);
6974 hci_dev_unlock(hdev);
6978 supported_flags = get_supported_adv_flags(hdev);
6980 rp->supported_flags = cpu_to_le32(supported_flags);
6981 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6982 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6983 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6987 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6988 if (i >= hdev->adv_instance_cnt)
6991 rp->instance[i] = adv_instance->instance;
6994 rp->num_instances = hdev->adv_instance_cnt;
6996 rp->num_instances = 0;
6999 hci_dev_unlock(hdev);
7001 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7002 MGMT_STATUS_SUCCESS, rp, rp_len);
7009 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
7010 u8 len, bool is_adv_data)
7012 u8 max_len = HCI_MAX_AD_LENGTH;
7014 bool flags_managed = false;
7015 bool tx_power_managed = false;
7016 u32 flags_params = MGMT_ADV_FLAG_DISCOV | MGMT_ADV_FLAG_LIMITED_DISCOV |
7017 MGMT_ADV_FLAG_MANAGED_FLAGS;
7019 if (is_adv_data && (adv_flags & flags_params)) {
7020 flags_managed = true;
7024 if (is_adv_data && (adv_flags & MGMT_ADV_FLAG_TX_POWER)) {
7025 tx_power_managed = true;
7032 /* Make sure that the data is correctly formatted. */
7033 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
7036 if (flags_managed && data[i + 1] == EIR_FLAGS)
7039 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
7042 /* If the current field length would exceed the total data
7043 * length, then it's invalid.
7045 if (i + cur_len >= len)
7052 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
7055 struct mgmt_pending_cmd *cmd;
7056 struct mgmt_cp_add_advertising *cp;
7057 struct mgmt_rp_add_advertising rp;
7058 struct adv_info *adv_instance, *n;
7061 BT_DBG("status %d", status);
7065 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
7068 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
7070 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
7071 if (!adv_instance->pending)
7075 adv_instance->pending = false;
7079 instance = adv_instance->instance;
7081 if (hdev->cur_adv_instance == instance)
7082 cancel_adv_timeout(hdev);
7084 hci_remove_adv_instance(hdev, instance);
7085 advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
7092 rp.instance = cp->instance;
7095 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
7096 mgmt_status(status));
7098 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
7099 mgmt_status(status), &rp, sizeof(rp));
7101 mgmt_pending_remove(cmd);
7104 hci_dev_unlock(hdev);
7107 void mgmt_adv_timeout_expired(struct hci_dev *hdev)
7110 struct hci_request req;
7112 hdev->adv_instance_timeout = 0;
7114 instance = get_current_adv_instance(hdev);
7115 if (instance == 0x00)
7119 hci_req_init(&req, hdev);
7121 clear_adv_instance(hdev, &req, instance, false);
7123 if (list_empty(&hdev->adv_instances))
7124 disable_advertising(&req);
7126 if (!skb_queue_empty(&req.cmd_q))
7127 hci_req_run(&req, NULL);
7129 hci_dev_unlock(hdev);
7132 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
7133 void *data, u16 data_len)
7135 struct mgmt_cp_add_advertising *cp = data;
7136 struct mgmt_rp_add_advertising rp;
7138 u32 supported_flags;
7140 u16 timeout, duration;
7141 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
7142 u8 schedule_instance = 0;
7143 struct adv_info *next_instance;
7145 struct mgmt_pending_cmd *cmd;
7146 struct hci_request req;
7148 BT_DBG("%s", hdev->name);
7150 status = mgmt_le_support(hdev);
7152 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7155 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
7156 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7157 MGMT_STATUS_INVALID_PARAMS);
7159 flags = __le32_to_cpu(cp->flags);
7160 timeout = __le16_to_cpu(cp->timeout);
7161 duration = __le16_to_cpu(cp->duration);
7163 /* The current implementation only supports a subset of the specified
7166 supported_flags = get_supported_adv_flags(hdev);
7167 if (flags & ~supported_flags)
7168 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7169 MGMT_STATUS_INVALID_PARAMS);
7173 if (timeout && !hdev_is_powered(hdev)) {
7174 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7175 MGMT_STATUS_REJECTED);
7179 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7180 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7181 pending_find(MGMT_OP_SET_LE, hdev)) {
7182 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7187 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
7188 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
7189 cp->scan_rsp_len, false)) {
7190 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7191 MGMT_STATUS_INVALID_PARAMS);
7195 err = hci_add_adv_instance(hdev, cp->instance, flags,
7196 cp->adv_data_len, cp->data,
7198 cp->data + cp->adv_data_len,
7201 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7202 MGMT_STATUS_FAILED);
7206 /* Only trigger an advertising added event if a new instance was
7209 if (hdev->adv_instance_cnt > prev_instance_cnt)
7210 advertising_added(sk, hdev, cp->instance);
7212 hci_dev_set_flag(hdev, HCI_ADVERTISING_INSTANCE);
7214 if (hdev->cur_adv_instance == cp->instance) {
7215 /* If the currently advertised instance is being changed then
7216 * cancel the current advertising and schedule the next
7217 * instance. If there is only one instance then the overridden
7218 * advertising data will be visible right away.
7220 cancel_adv_timeout(hdev);
7222 next_instance = hci_get_next_instance(hdev, cp->instance);
7224 schedule_instance = next_instance->instance;
7225 } else if (!hdev->adv_instance_timeout) {
7226 /* Immediately advertise the new instance if no other
7227 * instance is currently being advertised.
7229 schedule_instance = cp->instance;
7232 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
7233 * there is no instance to be advertised then we have no HCI
7234 * communication to make. Simply return.
7236 if (!hdev_is_powered(hdev) ||
7237 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7238 !schedule_instance) {
7239 rp.instance = cp->instance;
7240 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7241 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7245 /* We're good to go, update advertising data, parameters, and start
7248 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
7255 hci_req_init(&req, hdev);
7257 err = schedule_adv_instance(&req, schedule_instance, true);
7260 err = hci_req_run(&req, add_advertising_complete);
7263 mgmt_pending_remove(cmd);
7266 hci_dev_unlock(hdev);
7271 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
7274 struct mgmt_pending_cmd *cmd;
7275 struct mgmt_cp_remove_advertising *cp;
7276 struct mgmt_rp_remove_advertising rp;
7278 BT_DBG("status %d", status);
7282 /* A failure status here only means that we failed to disable
7283 * advertising. Otherwise, the advertising instance has been removed,
7284 * so report success.
7286 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
7291 rp.instance = cp->instance;
7293 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
7295 mgmt_pending_remove(cmd);
7298 hci_dev_unlock(hdev);
7301 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
7302 void *data, u16 data_len)
7304 struct mgmt_cp_remove_advertising *cp = data;
7305 struct mgmt_rp_remove_advertising rp;
7306 struct mgmt_pending_cmd *cmd;
7307 struct hci_request req;
7310 BT_DBG("%s", hdev->name);
7314 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
7315 err = mgmt_cmd_status(sk, hdev->id,
7316 MGMT_OP_REMOVE_ADVERTISING,
7317 MGMT_STATUS_INVALID_PARAMS);
7321 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7322 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7323 pending_find(MGMT_OP_SET_LE, hdev)) {
7324 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7329 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
7330 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7331 MGMT_STATUS_INVALID_PARAMS);
7335 hci_req_init(&req, hdev);
7337 clear_adv_instance(hdev, &req, cp->instance, true);
7339 if (list_empty(&hdev->adv_instances))
7340 disable_advertising(&req);
7342 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
7343 * flag is set or the device isn't powered then we have no HCI
7344 * communication to make. Simply return.
7346 if (skb_queue_empty(&req.cmd_q) ||
7347 !hdev_is_powered(hdev) ||
7348 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
7349 rp.instance = cp->instance;
7350 err = mgmt_cmd_complete(sk, hdev->id,
7351 MGMT_OP_REMOVE_ADVERTISING,
7352 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7356 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
7363 err = hci_req_run(&req, remove_advertising_complete);
7365 mgmt_pending_remove(cmd);
7368 hci_dev_unlock(hdev);
7373 static const struct hci_mgmt_handler mgmt_handlers[] = {
7374 { NULL }, /* 0x0000 (no command) */
7375 { read_version, MGMT_READ_VERSION_SIZE,
7377 HCI_MGMT_UNTRUSTED },
7378 { read_commands, MGMT_READ_COMMANDS_SIZE,
7380 HCI_MGMT_UNTRUSTED },
7381 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
7383 HCI_MGMT_UNTRUSTED },
7384 { read_controller_info, MGMT_READ_INFO_SIZE,
7385 HCI_MGMT_UNTRUSTED },
7386 { set_powered, MGMT_SETTING_SIZE },
7387 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
7388 { set_connectable, MGMT_SETTING_SIZE },
7389 { set_fast_connectable, MGMT_SETTING_SIZE },
7390 { set_bondable, MGMT_SETTING_SIZE },
7391 { set_link_security, MGMT_SETTING_SIZE },
7392 { set_ssp, MGMT_SETTING_SIZE },
7393 { set_hs, MGMT_SETTING_SIZE },
7394 { set_le, MGMT_SETTING_SIZE },
7395 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
7396 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
7397 { add_uuid, MGMT_ADD_UUID_SIZE },
7398 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
7399 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
7401 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
7403 { disconnect, MGMT_DISCONNECT_SIZE },
7404 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
7405 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
7406 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7407 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
7408 { pair_device, MGMT_PAIR_DEVICE_SIZE },
7409 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7410 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
7411 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
7412 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7413 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
7414 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
7415 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7416 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
7418 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7419 { start_discovery, MGMT_START_DISCOVERY_SIZE },
7420 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
7421 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
7422 { block_device, MGMT_BLOCK_DEVICE_SIZE },
7423 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
7424 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
7425 { set_advertising, MGMT_SETTING_SIZE },
7426 { set_bredr, MGMT_SETTING_SIZE },
7427 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
7428 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
7429 { set_secure_conn, MGMT_SETTING_SIZE },
7430 { set_debug_keys, MGMT_SETTING_SIZE },
7431 { set_privacy, MGMT_SET_PRIVACY_SIZE },
7432 { load_irks, MGMT_LOAD_IRKS_SIZE,
7434 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
7435 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
7436 { add_device, MGMT_ADD_DEVICE_SIZE },
7437 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
7438 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
7440 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
7442 HCI_MGMT_UNTRUSTED },
7443 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
7444 HCI_MGMT_UNCONFIGURED |
7445 HCI_MGMT_UNTRUSTED },
7446 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
7447 HCI_MGMT_UNCONFIGURED },
7448 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
7449 HCI_MGMT_UNCONFIGURED },
7450 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7452 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
7453 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
7455 HCI_MGMT_UNTRUSTED },
7456 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
7457 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7459 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
7462 void mgmt_index_added(struct hci_dev *hdev)
7464 struct mgmt_ev_ext_index ev;
7466 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7469 switch (hdev->dev_type) {
7471 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7472 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7473 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7476 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7477 HCI_MGMT_INDEX_EVENTS);
7490 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7491 HCI_MGMT_EXT_INDEX_EVENTS);
7494 void mgmt_index_removed(struct hci_dev *hdev)
7496 struct mgmt_ev_ext_index ev;
7497 u8 status = MGMT_STATUS_INVALID_INDEX;
7499 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7502 switch (hdev->dev_type) {
7504 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7506 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7507 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7508 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7511 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7512 HCI_MGMT_INDEX_EVENTS);
7525 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7526 HCI_MGMT_EXT_INDEX_EVENTS);
7529 /* This function requires the caller holds hdev->lock */
7530 static void restart_le_actions(struct hci_request *req)
7532 struct hci_dev *hdev = req->hdev;
7533 struct hci_conn_params *p;
7535 list_for_each_entry(p, &hdev->le_conn_params, list) {
7536 /* Needed for AUTO_OFF case where might not "really"
7537 * have been powered off.
7539 list_del_init(&p->action);
7541 switch (p->auto_connect) {
7542 case HCI_AUTO_CONN_DIRECT:
7543 case HCI_AUTO_CONN_ALWAYS:
7544 list_add(&p->action, &hdev->pend_le_conns);
7546 case HCI_AUTO_CONN_REPORT:
7547 list_add(&p->action, &hdev->pend_le_reports);
7554 __hci_update_background_scan(req);
7557 static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7559 struct cmd_lookup match = { NULL, hdev };
7561 BT_DBG("status 0x%02x", status);
7564 /* Register the available SMP channels (BR/EDR and LE) only
7565 * when successfully powering on the controller. This late
7566 * registration is required so that LE SMP can clearly
7567 * decide if the public address or static address is used.
7574 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7576 new_settings(hdev, match.sk);
7578 hci_dev_unlock(hdev);
7584 static int powered_update_hci(struct hci_dev *hdev)
7586 struct hci_request req;
7587 struct adv_info *adv_instance;
7590 hci_req_init(&req, hdev);
7592 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
7593 !lmp_host_ssp_capable(hdev)) {
7596 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
7598 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
7601 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
7602 sizeof(support), &support);
7606 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
7607 lmp_bredr_capable(hdev)) {
7608 struct hci_cp_write_le_host_supported cp;
7613 /* Check first if we already have the right
7614 * host state (host features set)
7616 if (cp.le != lmp_host_le_capable(hdev) ||
7617 cp.simul != lmp_host_le_br_capable(hdev))
7618 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
7622 if (lmp_le_capable(hdev)) {
7623 /* Make sure the controller has a good default for
7624 * advertising data. This also applies to the case
7625 * where BR/EDR was toggled during the AUTO_OFF phase.
7627 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
7628 (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7629 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))) {
7630 update_adv_data(&req);
7631 update_scan_rsp_data(&req);
7634 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
7635 hdev->cur_adv_instance == 0x00 &&
7636 !list_empty(&hdev->adv_instances)) {
7637 adv_instance = list_first_entry(&hdev->adv_instances,
7638 struct adv_info, list);
7639 hdev->cur_adv_instance = adv_instance->instance;
7642 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7643 enable_advertising(&req);
7644 else if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
7645 hdev->cur_adv_instance)
7646 schedule_adv_instance(&req, hdev->cur_adv_instance,
7649 restart_le_actions(&req);
7652 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
7653 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
7654 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
7655 sizeof(link_sec), &link_sec);
7657 if (lmp_bredr_capable(hdev)) {
7658 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
7659 write_fast_connectable(&req, true);
7661 write_fast_connectable(&req, false);
7662 __hci_update_page_scan(&req);
7668 return hci_req_run(&req, powered_complete);
7671 int mgmt_powered(struct hci_dev *hdev, u8 powered)
7673 struct cmd_lookup match = { NULL, hdev };
7674 u8 status, zero_cod[] = { 0, 0, 0 };
7677 if (!hci_dev_test_flag(hdev, HCI_MGMT))
7681 if (powered_update_hci(hdev) == 0)
7684 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
7689 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7691 /* If the power off is because of hdev unregistration let
7692 * use the appropriate INVALID_INDEX status. Otherwise use
7693 * NOT_POWERED. We cover both scenarios here since later in
7694 * mgmt_index_removed() any hci_conn callbacks will have already
7695 * been triggered, potentially causing misleading DISCONNECTED
7698 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7699 status = MGMT_STATUS_INVALID_INDEX;
7701 status = MGMT_STATUS_NOT_POWERED;
7703 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7705 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
7706 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7707 zero_cod, sizeof(zero_cod), NULL);
7710 err = new_settings(hdev, match.sk);
7718 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7720 struct mgmt_pending_cmd *cmd;
7723 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7727 if (err == -ERFKILL)
7728 status = MGMT_STATUS_RFKILLED;
7730 status = MGMT_STATUS_FAILED;
7732 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7734 mgmt_pending_remove(cmd);
7737 void mgmt_discoverable_timeout(struct hci_dev *hdev)
7739 struct hci_request req;
7743 /* When discoverable timeout triggers, then just make sure
7744 * the limited discoverable flag is cleared. Even in the case
7745 * of a timeout triggered from general discoverable, it is
7746 * safe to unconditionally clear the flag.
7748 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7749 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
7751 hci_req_init(&req, hdev);
7752 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
7753 u8 scan = SCAN_PAGE;
7754 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7755 sizeof(scan), &scan);
7759 /* Advertising instances don't use the global discoverable setting, so
7760 * only update AD if advertising was enabled using Set Advertising.
7762 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7763 update_adv_data(&req);
7765 hci_req_run(&req, NULL);
7767 hdev->discov_timeout = 0;
7769 new_settings(hdev, NULL);
7771 hci_dev_unlock(hdev);
7774 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7777 struct mgmt_ev_new_link_key ev;
7779 memset(&ev, 0, sizeof(ev));
7781 ev.store_hint = persistent;
7782 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7783 ev.key.addr.type = BDADDR_BREDR;
7784 ev.key.type = key->type;
7785 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7786 ev.key.pin_len = key->pin_len;
7788 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7791 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7793 switch (ltk->type) {
7796 if (ltk->authenticated)
7797 return MGMT_LTK_AUTHENTICATED;
7798 return MGMT_LTK_UNAUTHENTICATED;
7800 if (ltk->authenticated)
7801 return MGMT_LTK_P256_AUTH;
7802 return MGMT_LTK_P256_UNAUTH;
7803 case SMP_LTK_P256_DEBUG:
7804 return MGMT_LTK_P256_DEBUG;
7807 return MGMT_LTK_UNAUTHENTICATED;
7810 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7812 struct mgmt_ev_new_long_term_key ev;
7814 memset(&ev, 0, sizeof(ev));
7816 /* Devices using resolvable or non-resolvable random addresses
7817 * without providing an identity resolving key don't require
7818 * to store long term keys. Their addresses will change the
7821 * Only when a remote device provides an identity address
7822 * make sure the long term key is stored. If the remote
7823 * identity is known, the long term keys are internally
7824 * mapped to the identity address. So allow static random
7825 * and public addresses here.
7827 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7828 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7829 ev.store_hint = 0x00;
7831 ev.store_hint = persistent;
7833 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7834 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7835 ev.key.type = mgmt_ltk_type(key);
7836 ev.key.enc_size = key->enc_size;
7837 ev.key.ediv = key->ediv;
7838 ev.key.rand = key->rand;
7840 if (key->type == SMP_LTK)
7843 /* Make sure we copy only the significant bytes based on the
7844 * encryption key size, and set the rest of the value to zeroes.
7846 memcpy(ev.key.val, key->val, key->enc_size);
7847 memset(ev.key.val + key->enc_size, 0,
7848 sizeof(ev.key.val) - key->enc_size);
7850 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7853 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
7855 struct mgmt_ev_new_irk ev;
7857 memset(&ev, 0, sizeof(ev));
7859 ev.store_hint = persistent;
7861 bacpy(&ev.rpa, &irk->rpa);
7862 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7863 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7864 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7866 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7869 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7872 struct mgmt_ev_new_csrk ev;
7874 memset(&ev, 0, sizeof(ev));
7876 /* Devices using resolvable or non-resolvable random addresses
7877 * without providing an identity resolving key don't require
7878 * to store signature resolving keys. Their addresses will change
7879 * the next time around.
7881 * Only when a remote device provides an identity address
7882 * make sure the signature resolving key is stored. So allow
7883 * static random and public addresses here.
7885 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7886 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7887 ev.store_hint = 0x00;
7889 ev.store_hint = persistent;
7891 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7892 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7893 ev.key.type = csrk->type;
7894 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7896 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7899 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7900 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7901 u16 max_interval, u16 latency, u16 timeout)
7903 struct mgmt_ev_new_conn_param ev;
7905 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7908 memset(&ev, 0, sizeof(ev));
7909 bacpy(&ev.addr.bdaddr, bdaddr);
7910 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7911 ev.store_hint = store_hint;
7912 ev.min_interval = cpu_to_le16(min_interval);
7913 ev.max_interval = cpu_to_le16(max_interval);
7914 ev.latency = cpu_to_le16(latency);
7915 ev.timeout = cpu_to_le16(timeout);
7917 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7920 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7921 u32 flags, u8 *name, u8 name_len)
7924 struct mgmt_ev_device_connected *ev = (void *) buf;
7927 bacpy(&ev->addr.bdaddr, &conn->dst);
7928 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7930 ev->flags = __cpu_to_le32(flags);
7932 /* We must ensure that the EIR Data fields are ordered and
7933 * unique. Keep it simple for now and avoid the problem by not
7934 * adding any BR/EDR data to the LE adv.
7936 if (conn->le_adv_data_len > 0) {
7937 memcpy(&ev->eir[eir_len],
7938 conn->le_adv_data, conn->le_adv_data_len);
7939 eir_len = conn->le_adv_data_len;
7942 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7945 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7946 eir_len = eir_append_data(ev->eir, eir_len,
7948 conn->dev_class, 3);
7951 ev->eir_len = cpu_to_le16(eir_len);
7953 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7954 sizeof(*ev) + eir_len, NULL);
7957 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7959 struct sock **sk = data;
7961 cmd->cmd_complete(cmd, 0);
7966 mgmt_pending_remove(cmd);
7969 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7971 struct hci_dev *hdev = data;
7972 struct mgmt_cp_unpair_device *cp = cmd->param;
7974 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7976 cmd->cmd_complete(cmd, 0);
7977 mgmt_pending_remove(cmd);
7980 bool mgmt_powering_down(struct hci_dev *hdev)
7982 struct mgmt_pending_cmd *cmd;
7983 struct mgmt_mode *cp;
7985 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7996 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7997 u8 link_type, u8 addr_type, u8 reason,
7998 bool mgmt_connected)
8000 struct mgmt_ev_device_disconnected ev;
8001 struct sock *sk = NULL;
8003 /* The connection is still in hci_conn_hash so test for 1
8004 * instead of 0 to know if this is the last one.
8006 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8007 cancel_delayed_work(&hdev->power_off);
8008 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8011 if (!mgmt_connected)
8014 if (link_type != ACL_LINK && link_type != LE_LINK)
8017 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
8019 bacpy(&ev.addr.bdaddr, bdaddr);
8020 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8023 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8028 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8032 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
8033 u8 link_type, u8 addr_type, u8 status)
8035 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
8036 struct mgmt_cp_disconnect *cp;
8037 struct mgmt_pending_cmd *cmd;
8039 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8042 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8048 if (bacmp(bdaddr, &cp->addr.bdaddr))
8051 if (cp->addr.type != bdaddr_type)
8054 cmd->cmd_complete(cmd, mgmt_status(status));
8055 mgmt_pending_remove(cmd);
8058 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8059 u8 addr_type, u8 status)
8061 struct mgmt_ev_connect_failed ev;
8063 /* The connection is still in hci_conn_hash so test for 1
8064 * instead of 0 to know if this is the last one.
8066 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8067 cancel_delayed_work(&hdev->power_off);
8068 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8071 bacpy(&ev.addr.bdaddr, bdaddr);
8072 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8073 ev.status = mgmt_status(status);
8075 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
8078 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
8080 struct mgmt_ev_pin_code_request ev;
8082 bacpy(&ev.addr.bdaddr, bdaddr);
8083 ev.addr.type = BDADDR_BREDR;
8086 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
8089 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8092 struct mgmt_pending_cmd *cmd;
8094 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
8098 cmd->cmd_complete(cmd, mgmt_status(status));
8099 mgmt_pending_remove(cmd);
8102 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8105 struct mgmt_pending_cmd *cmd;
8107 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
8111 cmd->cmd_complete(cmd, mgmt_status(status));
8112 mgmt_pending_remove(cmd);
8115 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8116 u8 link_type, u8 addr_type, u32 value,
8119 struct mgmt_ev_user_confirm_request ev;
8121 BT_DBG("%s", hdev->name);
8123 bacpy(&ev.addr.bdaddr, bdaddr);
8124 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8125 ev.confirm_hint = confirm_hint;
8126 ev.value = cpu_to_le32(value);
8128 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
8132 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8133 u8 link_type, u8 addr_type)
8135 struct mgmt_ev_user_passkey_request ev;
8137 BT_DBG("%s", hdev->name);
8139 bacpy(&ev.addr.bdaddr, bdaddr);
8140 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8142 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
8146 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8147 u8 link_type, u8 addr_type, u8 status,
8150 struct mgmt_pending_cmd *cmd;
8152 cmd = pending_find(opcode, hdev);
8156 cmd->cmd_complete(cmd, mgmt_status(status));
8157 mgmt_pending_remove(cmd);
8162 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8163 u8 link_type, u8 addr_type, u8 status)
8165 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8166 status, MGMT_OP_USER_CONFIRM_REPLY);
8169 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8170 u8 link_type, u8 addr_type, u8 status)
8172 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8174 MGMT_OP_USER_CONFIRM_NEG_REPLY);
8177 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8178 u8 link_type, u8 addr_type, u8 status)
8180 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8181 status, MGMT_OP_USER_PASSKEY_REPLY);
8184 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8185 u8 link_type, u8 addr_type, u8 status)
8187 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8189 MGMT_OP_USER_PASSKEY_NEG_REPLY);
8192 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
8193 u8 link_type, u8 addr_type, u32 passkey,
8196 struct mgmt_ev_passkey_notify ev;
8198 BT_DBG("%s", hdev->name);
8200 bacpy(&ev.addr.bdaddr, bdaddr);
8201 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8202 ev.passkey = __cpu_to_le32(passkey);
8203 ev.entered = entered;
8205 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
8208 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
8210 struct mgmt_ev_auth_failed ev;
8211 struct mgmt_pending_cmd *cmd;
8212 u8 status = mgmt_status(hci_status);
8214 bacpy(&ev.addr.bdaddr, &conn->dst);
8215 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8218 cmd = find_pairing(conn);
8220 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
8221 cmd ? cmd->sk : NULL);
8224 cmd->cmd_complete(cmd, status);
8225 mgmt_pending_remove(cmd);
8229 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
8231 struct cmd_lookup match = { NULL, hdev };
8235 u8 mgmt_err = mgmt_status(status);
8236 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
8237 cmd_status_rsp, &mgmt_err);
8241 if (test_bit(HCI_AUTH, &hdev->flags))
8242 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
8244 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
8246 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
8250 new_settings(hdev, match.sk);
8256 static void clear_eir(struct hci_request *req)
8258 struct hci_dev *hdev = req->hdev;
8259 struct hci_cp_write_eir cp;
8261 if (!lmp_ext_inq_capable(hdev))
8264 memset(hdev->eir, 0, sizeof(hdev->eir));
8266 memset(&cp, 0, sizeof(cp));
8268 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
8271 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
8273 struct cmd_lookup match = { NULL, hdev };
8274 struct hci_request req;
8275 bool changed = false;
8278 u8 mgmt_err = mgmt_status(status);
8280 if (enable && hci_dev_test_and_clear_flag(hdev,
8282 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
8283 new_settings(hdev, NULL);
8286 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
8292 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
8294 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
8296 changed = hci_dev_test_and_clear_flag(hdev,
8299 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
8302 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
8305 new_settings(hdev, match.sk);
8310 hci_req_init(&req, hdev);
8312 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
8313 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
8314 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
8315 sizeof(enable), &enable);
8321 hci_req_run(&req, NULL);
8324 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
8326 struct cmd_lookup *match = data;
8328 if (match->sk == NULL) {
8329 match->sk = cmd->sk;
8330 sock_hold(match->sk);
8334 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
8337 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
8339 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
8340 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
8341 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
8344 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8345 dev_class, 3, NULL);
8351 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
8353 struct mgmt_cp_set_local_name ev;
8354 struct mgmt_pending_cmd *cmd;
8359 memset(&ev, 0, sizeof(ev));
8360 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
8361 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
8363 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
8365 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
8367 /* If this is a HCI command related to powering on the
8368 * HCI dev don't send any mgmt signals.
8370 if (pending_find(MGMT_OP_SET_POWERED, hdev))
8374 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
8375 cmd ? cmd->sk : NULL);
8378 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
8382 for (i = 0; i < uuid_count; i++) {
8383 if (!memcmp(uuid, uuids[i], 16))
8390 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
8394 while (parsed < eir_len) {
8395 u8 field_len = eir[0];
8402 if (eir_len - parsed < field_len + 1)
8406 case EIR_UUID16_ALL:
8407 case EIR_UUID16_SOME:
8408 for (i = 0; i + 3 <= field_len; i += 2) {
8409 memcpy(uuid, bluetooth_base_uuid, 16);
8410 uuid[13] = eir[i + 3];
8411 uuid[12] = eir[i + 2];
8412 if (has_uuid(uuid, uuid_count, uuids))
8416 case EIR_UUID32_ALL:
8417 case EIR_UUID32_SOME:
8418 for (i = 0; i + 5 <= field_len; i += 4) {
8419 memcpy(uuid, bluetooth_base_uuid, 16);
8420 uuid[15] = eir[i + 5];
8421 uuid[14] = eir[i + 4];
8422 uuid[13] = eir[i + 3];
8423 uuid[12] = eir[i + 2];
8424 if (has_uuid(uuid, uuid_count, uuids))
8428 case EIR_UUID128_ALL:
8429 case EIR_UUID128_SOME:
8430 for (i = 0; i + 17 <= field_len; i += 16) {
8431 memcpy(uuid, eir + i + 2, 16);
8432 if (has_uuid(uuid, uuid_count, uuids))
8438 parsed += field_len + 1;
8439 eir += field_len + 1;
8445 static void restart_le_scan(struct hci_dev *hdev)
8447 /* If controller is not scanning we are done. */
8448 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
8451 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8452 hdev->discovery.scan_start +
8453 hdev->discovery.scan_duration))
8456 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
8457 DISCOV_LE_RESTART_DELAY);
8460 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8461 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8463 /* If a RSSI threshold has been specified, and
8464 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
8465 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
8466 * is set, let it through for further processing, as we might need to
8469 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
8470 * the results are also dropped.
8472 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8473 (rssi == HCI_RSSI_INVALID ||
8474 (rssi < hdev->discovery.rssi &&
8475 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
8478 if (hdev->discovery.uuid_count != 0) {
8479 /* If a list of UUIDs is provided in filter, results with no
8480 * matching UUID should be dropped.
8482 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8483 hdev->discovery.uuids) &&
8484 !eir_has_uuids(scan_rsp, scan_rsp_len,
8485 hdev->discovery.uuid_count,
8486 hdev->discovery.uuids))
8490 /* If duplicate filtering does not report RSSI changes, then restart
8491 * scanning to ensure updated result with updated RSSI values.
8493 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8494 restart_le_scan(hdev);
8496 /* Validate RSSI value against the RSSI threshold once more. */
8497 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8498 rssi < hdev->discovery.rssi)
8505 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8506 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8507 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8510 struct mgmt_ev_device_found *ev = (void *)buf;
8513 /* Don't send events for a non-kernel initiated discovery. With
8514 * LE one exception is if we have pend_le_reports > 0 in which
8515 * case we're doing passive scanning and want these events.
8517 if (!hci_discovery_active(hdev)) {
8518 if (link_type == ACL_LINK)
8520 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8524 if (hdev->discovery.result_filtering) {
8525 /* We are using service discovery */
8526 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8531 /* Make sure that the buffer is big enough. The 5 extra bytes
8532 * are for the potential CoD field.
8534 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
8537 memset(buf, 0, sizeof(buf));
8539 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8540 * RSSI value was reported as 0 when not available. This behavior
8541 * is kept when using device discovery. This is required for full
8542 * backwards compatibility with the API.
8544 * However when using service discovery, the value 127 will be
8545 * returned when the RSSI is not available.
8547 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8548 link_type == ACL_LINK)
8551 bacpy(&ev->addr.bdaddr, bdaddr);
8552 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8554 ev->flags = cpu_to_le32(flags);
8557 /* Copy EIR or advertising data into event */
8558 memcpy(ev->eir, eir, eir_len);
8560 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
8561 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8564 if (scan_rsp_len > 0)
8565 /* Append scan response data to event */
8566 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8568 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8569 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
8571 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
8574 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8575 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
8577 struct mgmt_ev_device_found *ev;
8578 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8581 ev = (struct mgmt_ev_device_found *) buf;
8583 memset(buf, 0, sizeof(buf));
8585 bacpy(&ev->addr.bdaddr, bdaddr);
8586 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8589 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8592 ev->eir_len = cpu_to_le16(eir_len);
8594 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
8597 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
8599 struct mgmt_ev_discovering ev;
8601 BT_DBG("%s discovering %u", hdev->name, discovering);
8603 memset(&ev, 0, sizeof(ev));
8604 ev.type = hdev->discovery.type;
8605 ev.discovering = discovering;
8607 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8610 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8612 BT_DBG("%s status %u", hdev->name, status);
8615 void mgmt_reenable_advertising(struct hci_dev *hdev)
8617 struct hci_request req;
8620 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
8621 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
8624 instance = get_current_adv_instance(hdev);
8626 hci_req_init(&req, hdev);
8629 schedule_adv_instance(&req, instance, true);
8631 update_adv_data(&req);
8632 update_scan_rsp_data(&req);
8633 enable_advertising(&req);
8636 hci_req_run(&req, adv_enable_complete);
8639 static struct hci_mgmt_chan chan = {
8640 .channel = HCI_CHANNEL_CONTROL,
8641 .handler_count = ARRAY_SIZE(mgmt_handlers),
8642 .handlers = mgmt_handlers,
8643 .hdev_init = mgmt_init_hdev,
8648 return hci_mgmt_chan_register(&chan);
8651 void mgmt_exit(void)
8653 hci_mgmt_chan_unregister(&chan);
OSDN Git Service
