2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include <net/bluetooth/mgmt_tizen.h>
39 #include "hci_request.h"
41 #include "mgmt_util.h"
42 #include "mgmt_config.h"
47 #define MGMT_VERSION 1
48 #define MGMT_REVISION 22
50 static const u16 mgmt_commands[] = {
51 MGMT_OP_READ_INDEX_LIST,
54 MGMT_OP_SET_DISCOVERABLE,
55 MGMT_OP_SET_CONNECTABLE,
56 MGMT_OP_SET_FAST_CONNECTABLE,
58 MGMT_OP_SET_LINK_SECURITY,
62 MGMT_OP_SET_DEV_CLASS,
63 MGMT_OP_SET_LOCAL_NAME,
66 MGMT_OP_LOAD_LINK_KEYS,
67 MGMT_OP_LOAD_LONG_TERM_KEYS,
69 MGMT_OP_GET_CONNECTIONS,
70 MGMT_OP_PIN_CODE_REPLY,
71 MGMT_OP_PIN_CODE_NEG_REPLY,
72 MGMT_OP_SET_IO_CAPABILITY,
74 MGMT_OP_CANCEL_PAIR_DEVICE,
75 MGMT_OP_UNPAIR_DEVICE,
76 MGMT_OP_USER_CONFIRM_REPLY,
77 MGMT_OP_USER_CONFIRM_NEG_REPLY,
78 MGMT_OP_USER_PASSKEY_REPLY,
79 MGMT_OP_USER_PASSKEY_NEG_REPLY,
80 MGMT_OP_READ_LOCAL_OOB_DATA,
81 MGMT_OP_ADD_REMOTE_OOB_DATA,
82 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
83 MGMT_OP_START_DISCOVERY,
84 MGMT_OP_STOP_DISCOVERY,
87 MGMT_OP_UNBLOCK_DEVICE,
88 MGMT_OP_SET_DEVICE_ID,
89 MGMT_OP_SET_ADVERTISING,
91 MGMT_OP_SET_STATIC_ADDRESS,
92 MGMT_OP_SET_SCAN_PARAMS,
93 MGMT_OP_SET_SECURE_CONN,
94 MGMT_OP_SET_DEBUG_KEYS,
97 MGMT_OP_GET_CONN_INFO,
98 MGMT_OP_GET_CLOCK_INFO,
100 MGMT_OP_REMOVE_DEVICE,
101 MGMT_OP_LOAD_CONN_PARAM,
102 MGMT_OP_READ_UNCONF_INDEX_LIST,
103 MGMT_OP_READ_CONFIG_INFO,
104 MGMT_OP_SET_EXTERNAL_CONFIG,
105 MGMT_OP_SET_PUBLIC_ADDRESS,
106 MGMT_OP_START_SERVICE_DISCOVERY,
107 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
108 MGMT_OP_READ_EXT_INDEX_LIST,
109 MGMT_OP_READ_ADV_FEATURES,
110 MGMT_OP_ADD_ADVERTISING,
111 MGMT_OP_REMOVE_ADVERTISING,
112 MGMT_OP_GET_ADV_SIZE_INFO,
113 MGMT_OP_START_LIMITED_DISCOVERY,
114 MGMT_OP_READ_EXT_INFO,
115 MGMT_OP_SET_APPEARANCE,
116 MGMT_OP_GET_PHY_CONFIGURATION,
117 MGMT_OP_SET_PHY_CONFIGURATION,
118 MGMT_OP_SET_BLOCKED_KEYS,
119 MGMT_OP_SET_WIDEBAND_SPEECH,
120 MGMT_OP_READ_CONTROLLER_CAP,
121 MGMT_OP_READ_EXP_FEATURES_INFO,
122 MGMT_OP_SET_EXP_FEATURE,
123 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
124 MGMT_OP_SET_DEF_SYSTEM_CONFIG,
125 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
126 MGMT_OP_SET_DEF_RUNTIME_CONFIG,
127 MGMT_OP_GET_DEVICE_FLAGS,
128 MGMT_OP_SET_DEVICE_FLAGS,
129 MGMT_OP_READ_ADV_MONITOR_FEATURES,
130 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
131 MGMT_OP_REMOVE_ADV_MONITOR,
132 MGMT_OP_ADD_EXT_ADV_PARAMS,
133 MGMT_OP_ADD_EXT_ADV_DATA,
134 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI,
135 MGMT_OP_SET_MESH_RECEIVER,
136 MGMT_OP_MESH_READ_FEATURES,
138 MGMT_OP_MESH_SEND_CANCEL,
141 static const u16 mgmt_events[] = {
142 MGMT_EV_CONTROLLER_ERROR,
144 MGMT_EV_INDEX_REMOVED,
145 MGMT_EV_NEW_SETTINGS,
146 MGMT_EV_CLASS_OF_DEV_CHANGED,
147 MGMT_EV_LOCAL_NAME_CHANGED,
148 MGMT_EV_NEW_LINK_KEY,
149 MGMT_EV_NEW_LONG_TERM_KEY,
150 MGMT_EV_DEVICE_CONNECTED,
151 MGMT_EV_DEVICE_DISCONNECTED,
152 MGMT_EV_CONNECT_FAILED,
153 MGMT_EV_PIN_CODE_REQUEST,
154 MGMT_EV_USER_CONFIRM_REQUEST,
155 MGMT_EV_USER_PASSKEY_REQUEST,
157 MGMT_EV_DEVICE_FOUND,
159 MGMT_EV_DEVICE_BLOCKED,
160 MGMT_EV_DEVICE_UNBLOCKED,
161 MGMT_EV_DEVICE_UNPAIRED,
162 MGMT_EV_PASSKEY_NOTIFY,
165 MGMT_EV_DEVICE_ADDED,
166 MGMT_EV_DEVICE_REMOVED,
167 MGMT_EV_NEW_CONN_PARAM,
168 MGMT_EV_UNCONF_INDEX_ADDED,
169 MGMT_EV_UNCONF_INDEX_REMOVED,
170 MGMT_EV_NEW_CONFIG_OPTIONS,
171 MGMT_EV_EXT_INDEX_ADDED,
172 MGMT_EV_EXT_INDEX_REMOVED,
173 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
174 MGMT_EV_ADVERTISING_ADDED,
175 MGMT_EV_ADVERTISING_REMOVED,
176 MGMT_EV_EXT_INFO_CHANGED,
177 MGMT_EV_PHY_CONFIGURATION_CHANGED,
178 MGMT_EV_EXP_FEATURE_CHANGED,
179 MGMT_EV_DEVICE_FLAGS_CHANGED,
180 MGMT_EV_ADV_MONITOR_ADDED,
181 MGMT_EV_ADV_MONITOR_REMOVED,
182 MGMT_EV_CONTROLLER_SUSPEND,
183 MGMT_EV_CONTROLLER_RESUME,
184 MGMT_EV_ADV_MONITOR_DEVICE_FOUND,
185 MGMT_EV_ADV_MONITOR_DEVICE_LOST,
188 static const u16 mgmt_untrusted_commands[] = {
189 MGMT_OP_READ_INDEX_LIST,
191 MGMT_OP_READ_UNCONF_INDEX_LIST,
192 MGMT_OP_READ_CONFIG_INFO,
193 MGMT_OP_READ_EXT_INDEX_LIST,
194 MGMT_OP_READ_EXT_INFO,
195 MGMT_OP_READ_CONTROLLER_CAP,
196 MGMT_OP_READ_EXP_FEATURES_INFO,
197 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
198 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
201 static const u16 mgmt_untrusted_events[] = {
203 MGMT_EV_INDEX_REMOVED,
204 MGMT_EV_NEW_SETTINGS,
205 MGMT_EV_CLASS_OF_DEV_CHANGED,
206 MGMT_EV_LOCAL_NAME_CHANGED,
207 MGMT_EV_UNCONF_INDEX_ADDED,
208 MGMT_EV_UNCONF_INDEX_REMOVED,
209 MGMT_EV_NEW_CONFIG_OPTIONS,
210 MGMT_EV_EXT_INDEX_ADDED,
211 MGMT_EV_EXT_INDEX_REMOVED,
212 MGMT_EV_EXT_INFO_CHANGED,
213 MGMT_EV_EXP_FEATURE_CHANGED,
216 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
218 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
219 "\x00\x00\x00\x00\x00\x00\x00\x00"
221 /* HCI to MGMT error code conversion table */
222 static const u8 mgmt_status_table[] = {
224 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
225 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
226 MGMT_STATUS_FAILED, /* Hardware Failure */
227 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
228 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
229 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
230 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
231 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
232 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
233 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
234 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
235 MGMT_STATUS_BUSY, /* Command Disallowed */
236 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
237 MGMT_STATUS_REJECTED, /* Rejected Security */
238 MGMT_STATUS_REJECTED, /* Rejected Personal */
239 MGMT_STATUS_TIMEOUT, /* Host Timeout */
240 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
241 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
242 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
243 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
244 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
245 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
246 MGMT_STATUS_BUSY, /* Repeated Attempts */
247 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
248 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
249 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
250 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
251 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
252 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
253 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
254 MGMT_STATUS_FAILED, /* Unspecified Error */
255 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
256 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
257 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
258 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
259 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
260 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
261 MGMT_STATUS_FAILED, /* Unit Link Key Used */
262 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
263 MGMT_STATUS_TIMEOUT, /* Instant Passed */
264 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
265 MGMT_STATUS_FAILED, /* Transaction Collision */
266 MGMT_STATUS_FAILED, /* Reserved for future use */
267 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
268 MGMT_STATUS_REJECTED, /* QoS Rejected */
269 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
270 MGMT_STATUS_REJECTED, /* Insufficient Security */
271 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
272 MGMT_STATUS_FAILED, /* Reserved for future use */
273 MGMT_STATUS_BUSY, /* Role Switch Pending */
274 MGMT_STATUS_FAILED, /* Reserved for future use */
275 MGMT_STATUS_FAILED, /* Slot Violation */
276 MGMT_STATUS_FAILED, /* Role Switch Failed */
277 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
278 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
279 MGMT_STATUS_BUSY, /* Host Busy Pairing */
280 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
281 MGMT_STATUS_BUSY, /* Controller Busy */
282 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
283 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
284 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
285 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
286 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
289 static u8 mgmt_errno_status(int err)
293 return MGMT_STATUS_SUCCESS;
295 return MGMT_STATUS_REJECTED;
297 return MGMT_STATUS_INVALID_PARAMS;
299 return MGMT_STATUS_NOT_SUPPORTED;
301 return MGMT_STATUS_BUSY;
303 return MGMT_STATUS_AUTH_FAILED;
305 return MGMT_STATUS_NO_RESOURCES;
307 return MGMT_STATUS_ALREADY_CONNECTED;
309 return MGMT_STATUS_DISCONNECTED;
312 return MGMT_STATUS_FAILED;
315 static u8 mgmt_status(int err)
318 return mgmt_errno_status(err);
320 if (err < ARRAY_SIZE(mgmt_status_table))
321 return mgmt_status_table[err];
323 return MGMT_STATUS_FAILED;
326 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
329 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
333 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
334 u16 len, int flag, struct sock *skip_sk)
336 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
340 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
341 struct sock *skip_sk)
343 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
344 HCI_SOCK_TRUSTED, skip_sk);
347 static int mgmt_event_skb(struct sk_buff *skb, struct sock *skip_sk)
349 return mgmt_send_event_skb(HCI_CHANNEL_CONTROL, skb, HCI_SOCK_TRUSTED,
353 static u8 le_addr_type(u8 mgmt_addr_type)
355 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
356 return ADDR_LE_DEV_PUBLIC;
358 return ADDR_LE_DEV_RANDOM;
361 void mgmt_fill_version_info(void *ver)
363 struct mgmt_rp_read_version *rp = ver;
365 rp->version = MGMT_VERSION;
366 rp->revision = cpu_to_le16(MGMT_REVISION);
369 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
372 struct mgmt_rp_read_version rp;
374 bt_dev_dbg(hdev, "sock %p", sk);
376 mgmt_fill_version_info(&rp);
378 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
382 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
385 struct mgmt_rp_read_commands *rp;
386 u16 num_commands, num_events;
390 bt_dev_dbg(hdev, "sock %p", sk);
392 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
393 num_commands = ARRAY_SIZE(mgmt_commands);
394 num_events = ARRAY_SIZE(mgmt_events);
396 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
397 num_events = ARRAY_SIZE(mgmt_untrusted_events);
400 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
402 rp = kmalloc(rp_size, GFP_KERNEL);
406 rp->num_commands = cpu_to_le16(num_commands);
407 rp->num_events = cpu_to_le16(num_events);
409 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
410 __le16 *opcode = rp->opcodes;
412 for (i = 0; i < num_commands; i++, opcode++)
413 put_unaligned_le16(mgmt_commands[i], opcode);
415 for (i = 0; i < num_events; i++, opcode++)
416 put_unaligned_le16(mgmt_events[i], opcode);
418 __le16 *opcode = rp->opcodes;
420 for (i = 0; i < num_commands; i++, opcode++)
421 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
423 for (i = 0; i < num_events; i++, opcode++)
424 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
427 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
434 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
437 struct mgmt_rp_read_index_list *rp;
443 bt_dev_dbg(hdev, "sock %p", sk);
445 read_lock(&hci_dev_list_lock);
448 list_for_each_entry(d, &hci_dev_list, list) {
449 if (d->dev_type == HCI_PRIMARY &&
450 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
454 rp_len = sizeof(*rp) + (2 * count);
455 rp = kmalloc(rp_len, GFP_ATOMIC);
457 read_unlock(&hci_dev_list_lock);
462 list_for_each_entry(d, &hci_dev_list, list) {
463 if (hci_dev_test_flag(d, HCI_SETUP) ||
464 hci_dev_test_flag(d, HCI_CONFIG) ||
465 hci_dev_test_flag(d, HCI_USER_CHANNEL))
468 /* Devices marked as raw-only are neither configured
469 * nor unconfigured controllers.
471 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
474 if (d->dev_type == HCI_PRIMARY &&
475 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
476 rp->index[count++] = cpu_to_le16(d->id);
477 bt_dev_dbg(hdev, "Added hci%u", d->id);
481 rp->num_controllers = cpu_to_le16(count);
482 rp_len = sizeof(*rp) + (2 * count);
484 read_unlock(&hci_dev_list_lock);
486 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
494 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
495 void *data, u16 data_len)
497 struct mgmt_rp_read_unconf_index_list *rp;
503 bt_dev_dbg(hdev, "sock %p", sk);
505 read_lock(&hci_dev_list_lock);
508 list_for_each_entry(d, &hci_dev_list, list) {
509 if (d->dev_type == HCI_PRIMARY &&
510 hci_dev_test_flag(d, HCI_UNCONFIGURED))
514 rp_len = sizeof(*rp) + (2 * count);
515 rp = kmalloc(rp_len, GFP_ATOMIC);
517 read_unlock(&hci_dev_list_lock);
522 list_for_each_entry(d, &hci_dev_list, list) {
523 if (hci_dev_test_flag(d, HCI_SETUP) ||
524 hci_dev_test_flag(d, HCI_CONFIG) ||
525 hci_dev_test_flag(d, HCI_USER_CHANNEL))
528 /* Devices marked as raw-only are neither configured
529 * nor unconfigured controllers.
531 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
534 if (d->dev_type == HCI_PRIMARY &&
535 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
536 rp->index[count++] = cpu_to_le16(d->id);
537 bt_dev_dbg(hdev, "Added hci%u", d->id);
541 rp->num_controllers = cpu_to_le16(count);
542 rp_len = sizeof(*rp) + (2 * count);
544 read_unlock(&hci_dev_list_lock);
546 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
547 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
554 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
555 void *data, u16 data_len)
557 struct mgmt_rp_read_ext_index_list *rp;
562 bt_dev_dbg(hdev, "sock %p", sk);
564 read_lock(&hci_dev_list_lock);
567 list_for_each_entry(d, &hci_dev_list, list) {
568 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
572 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
574 read_unlock(&hci_dev_list_lock);
579 list_for_each_entry(d, &hci_dev_list, list) {
580 if (hci_dev_test_flag(d, HCI_SETUP) ||
581 hci_dev_test_flag(d, HCI_CONFIG) ||
582 hci_dev_test_flag(d, HCI_USER_CHANNEL))
585 /* Devices marked as raw-only are neither configured
586 * nor unconfigured controllers.
588 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
591 if (d->dev_type == HCI_PRIMARY) {
592 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
593 rp->entry[count].type = 0x01;
595 rp->entry[count].type = 0x00;
596 } else if (d->dev_type == HCI_AMP) {
597 rp->entry[count].type = 0x02;
602 rp->entry[count].bus = d->bus;
603 rp->entry[count++].index = cpu_to_le16(d->id);
604 bt_dev_dbg(hdev, "Added hci%u", d->id);
607 rp->num_controllers = cpu_to_le16(count);
609 read_unlock(&hci_dev_list_lock);
611 /* If this command is called at least once, then all the
612 * default index and unconfigured index events are disabled
613 * and from now on only extended index events are used.
615 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
616 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
617 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
619 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
620 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
621 struct_size(rp, entry, count));
628 static bool is_configured(struct hci_dev *hdev)
630 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
631 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
634 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
635 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
636 !bacmp(&hdev->public_addr, BDADDR_ANY))
642 static __le32 get_missing_options(struct hci_dev *hdev)
646 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
647 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
648 options |= MGMT_OPTION_EXTERNAL_CONFIG;
650 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
651 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
652 !bacmp(&hdev->public_addr, BDADDR_ANY))
653 options |= MGMT_OPTION_PUBLIC_ADDRESS;
655 return cpu_to_le32(options);
658 static int new_options(struct hci_dev *hdev, struct sock *skip)
660 __le32 options = get_missing_options(hdev);
662 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
663 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
666 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
668 __le32 options = get_missing_options(hdev);
670 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
674 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
675 void *data, u16 data_len)
677 struct mgmt_rp_read_config_info rp;
680 bt_dev_dbg(hdev, "sock %p", sk);
684 memset(&rp, 0, sizeof(rp));
685 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
687 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
688 options |= MGMT_OPTION_EXTERNAL_CONFIG;
690 if (hdev->set_bdaddr)
691 options |= MGMT_OPTION_PUBLIC_ADDRESS;
693 rp.supported_options = cpu_to_le32(options);
694 rp.missing_options = get_missing_options(hdev);
696 hci_dev_unlock(hdev);
698 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
702 static u32 get_supported_phys(struct hci_dev *hdev)
704 u32 supported_phys = 0;
706 if (lmp_bredr_capable(hdev)) {
707 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
709 if (hdev->features[0][0] & LMP_3SLOT)
710 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
712 if (hdev->features[0][0] & LMP_5SLOT)
713 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
715 if (lmp_edr_2m_capable(hdev)) {
716 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
718 if (lmp_edr_3slot_capable(hdev))
719 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
721 if (lmp_edr_5slot_capable(hdev))
722 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
724 if (lmp_edr_3m_capable(hdev)) {
725 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
727 if (lmp_edr_3slot_capable(hdev))
728 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
730 if (lmp_edr_5slot_capable(hdev))
731 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
736 if (lmp_le_capable(hdev)) {
737 supported_phys |= MGMT_PHY_LE_1M_TX;
738 supported_phys |= MGMT_PHY_LE_1M_RX;
740 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
741 supported_phys |= MGMT_PHY_LE_2M_TX;
742 supported_phys |= MGMT_PHY_LE_2M_RX;
745 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
746 supported_phys |= MGMT_PHY_LE_CODED_TX;
747 supported_phys |= MGMT_PHY_LE_CODED_RX;
751 return supported_phys;
754 static u32 get_selected_phys(struct hci_dev *hdev)
756 u32 selected_phys = 0;
758 if (lmp_bredr_capable(hdev)) {
759 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
761 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
762 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
764 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
765 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
767 if (lmp_edr_2m_capable(hdev)) {
768 if (!(hdev->pkt_type & HCI_2DH1))
769 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
771 if (lmp_edr_3slot_capable(hdev) &&
772 !(hdev->pkt_type & HCI_2DH3))
773 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
775 if (lmp_edr_5slot_capable(hdev) &&
776 !(hdev->pkt_type & HCI_2DH5))
777 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
779 if (lmp_edr_3m_capable(hdev)) {
780 if (!(hdev->pkt_type & HCI_3DH1))
781 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
783 if (lmp_edr_3slot_capable(hdev) &&
784 !(hdev->pkt_type & HCI_3DH3))
785 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
787 if (lmp_edr_5slot_capable(hdev) &&
788 !(hdev->pkt_type & HCI_3DH5))
789 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
794 if (lmp_le_capable(hdev)) {
795 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
796 selected_phys |= MGMT_PHY_LE_1M_TX;
798 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
799 selected_phys |= MGMT_PHY_LE_1M_RX;
801 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
802 selected_phys |= MGMT_PHY_LE_2M_TX;
804 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
805 selected_phys |= MGMT_PHY_LE_2M_RX;
807 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
808 selected_phys |= MGMT_PHY_LE_CODED_TX;
810 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
811 selected_phys |= MGMT_PHY_LE_CODED_RX;
814 return selected_phys;
817 static u32 get_configurable_phys(struct hci_dev *hdev)
819 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
820 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
823 static u32 get_supported_settings(struct hci_dev *hdev)
827 settings |= MGMT_SETTING_POWERED;
828 settings |= MGMT_SETTING_BONDABLE;
829 settings |= MGMT_SETTING_DEBUG_KEYS;
830 settings |= MGMT_SETTING_CONNECTABLE;
831 settings |= MGMT_SETTING_DISCOVERABLE;
833 if (lmp_bredr_capable(hdev)) {
834 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
835 settings |= MGMT_SETTING_FAST_CONNECTABLE;
836 settings |= MGMT_SETTING_BREDR;
837 settings |= MGMT_SETTING_LINK_SECURITY;
839 if (lmp_ssp_capable(hdev)) {
840 settings |= MGMT_SETTING_SSP;
841 if (IS_ENABLED(CONFIG_BT_HS))
842 settings |= MGMT_SETTING_HS;
845 if (lmp_sc_capable(hdev))
846 settings |= MGMT_SETTING_SECURE_CONN;
848 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
850 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
853 if (lmp_le_capable(hdev)) {
854 settings |= MGMT_SETTING_LE;
855 settings |= MGMT_SETTING_SECURE_CONN;
856 settings |= MGMT_SETTING_PRIVACY;
857 settings |= MGMT_SETTING_STATIC_ADDRESS;
858 settings |= MGMT_SETTING_ADVERTISING;
861 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
863 settings |= MGMT_SETTING_CONFIGURATION;
865 if (cis_central_capable(hdev))
866 settings |= MGMT_SETTING_CIS_CENTRAL;
868 if (cis_peripheral_capable(hdev))
869 settings |= MGMT_SETTING_CIS_PERIPHERAL;
871 settings |= MGMT_SETTING_PHY_CONFIGURATION;
876 static u32 get_current_settings(struct hci_dev *hdev)
880 if (hdev_is_powered(hdev))
881 settings |= MGMT_SETTING_POWERED;
883 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
884 settings |= MGMT_SETTING_CONNECTABLE;
886 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
887 settings |= MGMT_SETTING_FAST_CONNECTABLE;
889 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
890 settings |= MGMT_SETTING_DISCOVERABLE;
892 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
893 settings |= MGMT_SETTING_BONDABLE;
895 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
896 settings |= MGMT_SETTING_BREDR;
898 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
899 settings |= MGMT_SETTING_LE;
901 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
902 settings |= MGMT_SETTING_LINK_SECURITY;
904 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
905 settings |= MGMT_SETTING_SSP;
907 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
908 settings |= MGMT_SETTING_HS;
910 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
911 settings |= MGMT_SETTING_ADVERTISING;
913 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
914 settings |= MGMT_SETTING_SECURE_CONN;
916 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
917 settings |= MGMT_SETTING_DEBUG_KEYS;
919 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
920 settings |= MGMT_SETTING_PRIVACY;
922 /* The current setting for static address has two purposes. The
923 * first is to indicate if the static address will be used and
924 * the second is to indicate if it is actually set.
926 * This means if the static address is not configured, this flag
927 * will never be set. If the address is configured, then if the
928 * address is actually used decides if the flag is set or not.
930 * For single mode LE only controllers and dual-mode controllers
931 * with BR/EDR disabled, the existence of the static address will
934 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
935 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
936 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
937 if (bacmp(&hdev->static_addr, BDADDR_ANY))
938 settings |= MGMT_SETTING_STATIC_ADDRESS;
941 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
942 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
944 if (cis_central_capable(hdev))
945 settings |= MGMT_SETTING_CIS_CENTRAL;
947 if (cis_peripheral_capable(hdev))
948 settings |= MGMT_SETTING_CIS_PERIPHERAL;
953 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
955 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
958 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
960 struct mgmt_pending_cmd *cmd;
962 /* If there's a pending mgmt command the flags will not yet have
963 * their final values, so check for this first.
965 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
967 struct mgmt_mode *cp = cmd->param;
969 return LE_AD_GENERAL;
970 else if (cp->val == 0x02)
971 return LE_AD_LIMITED;
973 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
974 return LE_AD_LIMITED;
975 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
976 return LE_AD_GENERAL;
982 bool mgmt_get_connectable(struct hci_dev *hdev)
984 struct mgmt_pending_cmd *cmd;
986 /* If there's a pending mgmt command the flag will not yet have
987 * it's final value, so check for this first.
989 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
991 struct mgmt_mode *cp = cmd->param;
996 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
999 static int service_cache_sync(struct hci_dev *hdev, void *data)
1001 hci_update_eir_sync(hdev);
1002 hci_update_class_sync(hdev);
1007 static void service_cache_off(struct work_struct *work)
1009 struct hci_dev *hdev = container_of(work, struct hci_dev,
1010 service_cache.work);
1012 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1015 hci_cmd_sync_queue(hdev, service_cache_sync, NULL, NULL);
1018 static int rpa_expired_sync(struct hci_dev *hdev, void *data)
1020 /* The generation of a new RPA and programming it into the
1021 * controller happens in the hci_req_enable_advertising()
1024 if (ext_adv_capable(hdev))
1025 return hci_start_ext_adv_sync(hdev, hdev->cur_adv_instance);
1027 return hci_enable_advertising_sync(hdev);
1030 static void rpa_expired(struct work_struct *work)
1032 struct hci_dev *hdev = container_of(work, struct hci_dev,
1035 bt_dev_dbg(hdev, "");
1037 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1039 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1042 hci_cmd_sync_queue(hdev, rpa_expired_sync, NULL, NULL);
1045 static void discov_off(struct work_struct *work)
1047 struct hci_dev *hdev = container_of(work, struct hci_dev,
1050 bt_dev_dbg(hdev, "");
1054 /* When discoverable timeout triggers, then just make sure
1055 * the limited discoverable flag is cleared. Even in the case
1056 * of a timeout triggered from general discoverable, it is
1057 * safe to unconditionally clear the flag.
1059 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1060 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1061 hdev->discov_timeout = 0;
1063 hci_update_discoverable(hdev);
1065 mgmt_new_settings(hdev);
1067 hci_dev_unlock(hdev);
1070 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev);
1072 static void mesh_send_complete(struct hci_dev *hdev,
1073 struct mgmt_mesh_tx *mesh_tx, bool silent)
1075 u8 handle = mesh_tx->handle;
1078 mgmt_event(MGMT_EV_MESH_PACKET_CMPLT, hdev, &handle,
1079 sizeof(handle), NULL);
1081 mgmt_mesh_remove(mesh_tx);
1084 static int mesh_send_done_sync(struct hci_dev *hdev, void *data)
1086 struct mgmt_mesh_tx *mesh_tx;
1088 hci_dev_clear_flag(hdev, HCI_MESH_SENDING);
1089 hci_disable_advertising_sync(hdev);
1090 mesh_tx = mgmt_mesh_next(hdev, NULL);
1093 mesh_send_complete(hdev, mesh_tx, false);
1098 static int mesh_send_sync(struct hci_dev *hdev, void *data);
1099 static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err);
1100 static void mesh_next(struct hci_dev *hdev, void *data, int err)
1102 struct mgmt_mesh_tx *mesh_tx = mgmt_mesh_next(hdev, NULL);
1107 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx,
1108 mesh_send_start_complete);
1111 mesh_send_complete(hdev, mesh_tx, false);
1113 hci_dev_set_flag(hdev, HCI_MESH_SENDING);
1116 static void mesh_send_done(struct work_struct *work)
1118 struct hci_dev *hdev = container_of(work, struct hci_dev,
1119 mesh_send_done.work);
1121 if (!hci_dev_test_flag(hdev, HCI_MESH_SENDING))
1124 hci_cmd_sync_queue(hdev, mesh_send_done_sync, NULL, mesh_next);
1127 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1129 if (hci_dev_test_flag(hdev, HCI_MGMT))
1132 BT_INFO("MGMT ver %d.%d", MGMT_VERSION, MGMT_REVISION);
1134 INIT_DELAYED_WORK(&hdev->discov_off, discov_off);
1135 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1136 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1137 INIT_DELAYED_WORK(&hdev->mesh_send_done, mesh_send_done);
1139 /* Non-mgmt controlled devices get this bit set
1140 * implicitly so that pairing works for them, however
1141 * for mgmt we require user-space to explicitly enable
1144 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1146 hci_dev_set_flag(hdev, HCI_MGMT);
1149 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1150 void *data, u16 data_len)
1152 struct mgmt_rp_read_info rp;
1154 bt_dev_dbg(hdev, "sock %p", sk);
1158 memset(&rp, 0, sizeof(rp));
1160 bacpy(&rp.bdaddr, &hdev->bdaddr);
1162 rp.version = hdev->hci_ver;
1163 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1165 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1166 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1168 memcpy(rp.dev_class, hdev->dev_class, 3);
1170 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1171 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1173 hci_dev_unlock(hdev);
1175 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1179 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1184 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1185 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1186 hdev->dev_class, 3);
1188 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1189 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1192 name_len = strnlen(hdev->dev_name, sizeof(hdev->dev_name));
1193 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1194 hdev->dev_name, name_len);
1196 name_len = strnlen(hdev->short_name, sizeof(hdev->short_name));
1197 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1198 hdev->short_name, name_len);
1203 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1204 void *data, u16 data_len)
1207 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1210 bt_dev_dbg(hdev, "sock %p", sk);
1212 memset(&buf, 0, sizeof(buf));
1216 bacpy(&rp->bdaddr, &hdev->bdaddr);
1218 rp->version = hdev->hci_ver;
1219 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1221 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1222 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1225 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1226 rp->eir_len = cpu_to_le16(eir_len);
1228 hci_dev_unlock(hdev);
1230 /* If this command is called at least once, then the events
1231 * for class of device and local name changes are disabled
1232 * and only the new extended controller information event
1235 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1236 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1237 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1239 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1240 sizeof(*rp) + eir_len);
1243 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1246 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1249 memset(buf, 0, sizeof(buf));
1251 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1252 ev->eir_len = cpu_to_le16(eir_len);
1254 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1255 sizeof(*ev) + eir_len,
1256 HCI_MGMT_EXT_INFO_EVENTS, skip);
1259 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1261 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1263 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1267 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1269 struct mgmt_ev_advertising_added ev;
1271 ev.instance = instance;
1273 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1276 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1279 struct mgmt_ev_advertising_removed ev;
1281 ev.instance = instance;
1283 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1286 static void cancel_adv_timeout(struct hci_dev *hdev)
1288 if (hdev->adv_instance_timeout) {
1289 hdev->adv_instance_timeout = 0;
1290 cancel_delayed_work(&hdev->adv_instance_expire);
1294 /* This function requires the caller holds hdev->lock */
1295 static void restart_le_actions(struct hci_dev *hdev)
1297 struct hci_conn_params *p;
1299 list_for_each_entry(p, &hdev->le_conn_params, list) {
1300 /* Needed for AUTO_OFF case where might not "really"
1301 * have been powered off.
1303 list_del_init(&p->action);
1305 switch (p->auto_connect) {
1306 case HCI_AUTO_CONN_DIRECT:
1307 case HCI_AUTO_CONN_ALWAYS:
1308 list_add(&p->action, &hdev->pend_le_conns);
1310 case HCI_AUTO_CONN_REPORT:
1311 list_add(&p->action, &hdev->pend_le_reports);
1319 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1321 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1323 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1324 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1327 static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err)
1329 struct mgmt_pending_cmd *cmd = data;
1330 struct mgmt_mode *cp;
1332 /* Make sure cmd still outstanding. */
1333 if (cmd != pending_find(MGMT_OP_SET_POWERED, hdev))
1338 bt_dev_dbg(hdev, "err %d", err);
1343 restart_le_actions(hdev);
1344 hci_update_passive_scan(hdev);
1345 hci_dev_unlock(hdev);
1348 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
1350 /* Only call new_setting for power on as power off is deferred
1351 * to hdev->power_off work which does call hci_dev_do_close.
1354 new_settings(hdev, cmd->sk);
1356 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED,
1360 mgmt_pending_remove(cmd);
1363 static int set_powered_sync(struct hci_dev *hdev, void *data)
1365 struct mgmt_pending_cmd *cmd = data;
1366 struct mgmt_mode *cp = cmd->param;
1368 BT_DBG("%s", hdev->name);
1370 return hci_set_powered_sync(hdev, cp->val);
1373 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1376 struct mgmt_mode *cp = data;
1377 struct mgmt_pending_cmd *cmd;
1380 bt_dev_dbg(hdev, "sock %p", sk);
1382 if (cp->val != 0x00 && cp->val != 0x01)
1383 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1384 MGMT_STATUS_INVALID_PARAMS);
1388 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1389 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1394 if (!!cp->val == hdev_is_powered(hdev)) {
1395 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1399 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1405 err = hci_cmd_sync_queue(hdev, set_powered_sync, cmd,
1406 mgmt_set_powered_complete);
1409 mgmt_pending_remove(cmd);
1412 hci_dev_unlock(hdev);
1416 int mgmt_new_settings(struct hci_dev *hdev)
1418 return new_settings(hdev, NULL);
1423 struct hci_dev *hdev;
1427 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1429 struct cmd_lookup *match = data;
1431 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1433 list_del(&cmd->list);
1435 if (match->sk == NULL) {
1436 match->sk = cmd->sk;
1437 sock_hold(match->sk);
1440 mgmt_pending_free(cmd);
1443 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1447 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1448 mgmt_pending_remove(cmd);
1451 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1453 if (cmd->cmd_complete) {
1456 cmd->cmd_complete(cmd, *status);
1457 mgmt_pending_remove(cmd);
1462 cmd_status_rsp(cmd, data);
1465 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1467 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1468 cmd->param, cmd->param_len);
1471 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1473 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1474 cmd->param, sizeof(struct mgmt_addr_info));
1477 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1479 if (!lmp_bredr_capable(hdev))
1480 return MGMT_STATUS_NOT_SUPPORTED;
1481 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1482 return MGMT_STATUS_REJECTED;
1484 return MGMT_STATUS_SUCCESS;
1487 static u8 mgmt_le_support(struct hci_dev *hdev)
1489 if (!lmp_le_capable(hdev))
1490 return MGMT_STATUS_NOT_SUPPORTED;
1491 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1492 return MGMT_STATUS_REJECTED;
1494 return MGMT_STATUS_SUCCESS;
1497 static void mgmt_set_discoverable_complete(struct hci_dev *hdev, void *data,
1500 struct mgmt_pending_cmd *cmd = data;
1502 bt_dev_dbg(hdev, "err %d", err);
1504 /* Make sure cmd still outstanding. */
1505 if (cmd != pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
1511 u8 mgmt_err = mgmt_status(err);
1512 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1513 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1517 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1518 hdev->discov_timeout > 0) {
1519 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1520 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1523 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1524 new_settings(hdev, cmd->sk);
1527 mgmt_pending_remove(cmd);
1528 hci_dev_unlock(hdev);
1531 static int set_discoverable_sync(struct hci_dev *hdev, void *data)
1533 BT_DBG("%s", hdev->name);
1535 return hci_update_discoverable_sync(hdev);
1538 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1541 struct mgmt_cp_set_discoverable *cp = data;
1542 struct mgmt_pending_cmd *cmd;
1546 bt_dev_dbg(hdev, "sock %p", sk);
1548 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1549 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1550 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1551 MGMT_STATUS_REJECTED);
1553 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1554 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1555 MGMT_STATUS_INVALID_PARAMS);
1557 timeout = __le16_to_cpu(cp->timeout);
1559 /* Disabling discoverable requires that no timeout is set,
1560 * and enabling limited discoverable requires a timeout.
1562 if ((cp->val == 0x00 && timeout > 0) ||
1563 (cp->val == 0x02 && timeout == 0))
1564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1565 MGMT_STATUS_INVALID_PARAMS);
1569 if (!hdev_is_powered(hdev) && timeout > 0) {
1570 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1571 MGMT_STATUS_NOT_POWERED);
1575 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1576 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1577 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1582 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1583 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1584 MGMT_STATUS_REJECTED);
1588 if (hdev->advertising_paused) {
1589 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1594 if (!hdev_is_powered(hdev)) {
1595 bool changed = false;
1597 /* Setting limited discoverable when powered off is
1598 * not a valid operation since it requires a timeout
1599 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1601 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1602 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1606 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1611 err = new_settings(hdev, sk);
1616 /* If the current mode is the same, then just update the timeout
1617 * value with the new value. And if only the timeout gets updated,
1618 * then no need for any HCI transactions.
1620 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1621 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1622 HCI_LIMITED_DISCOVERABLE)) {
1623 cancel_delayed_work(&hdev->discov_off);
1624 hdev->discov_timeout = timeout;
1626 if (cp->val && hdev->discov_timeout > 0) {
1627 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1628 queue_delayed_work(hdev->req_workqueue,
1629 &hdev->discov_off, to);
1632 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1636 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1642 /* Cancel any potential discoverable timeout that might be
1643 * still active and store new timeout value. The arming of
1644 * the timeout happens in the complete handler.
1646 cancel_delayed_work(&hdev->discov_off);
1647 hdev->discov_timeout = timeout;
1650 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1652 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1654 /* Limited discoverable mode */
1655 if (cp->val == 0x02)
1656 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1658 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1660 err = hci_cmd_sync_queue(hdev, set_discoverable_sync, cmd,
1661 mgmt_set_discoverable_complete);
1664 mgmt_pending_remove(cmd);
1667 hci_dev_unlock(hdev);
1671 static void mgmt_set_connectable_complete(struct hci_dev *hdev, void *data,
1674 struct mgmt_pending_cmd *cmd = data;
1676 bt_dev_dbg(hdev, "err %d", err);
1678 /* Make sure cmd still outstanding. */
1679 if (cmd != pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
1685 u8 mgmt_err = mgmt_status(err);
1686 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1690 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1691 new_settings(hdev, cmd->sk);
1695 mgmt_pending_remove(cmd);
1697 hci_dev_unlock(hdev);
1700 static int set_connectable_update_settings(struct hci_dev *hdev,
1701 struct sock *sk, u8 val)
1703 bool changed = false;
1706 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1710 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1712 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1713 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1716 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1721 hci_update_scan(hdev);
1722 hci_update_passive_scan(hdev);
1723 return new_settings(hdev, sk);
1729 static int set_connectable_sync(struct hci_dev *hdev, void *data)
1731 BT_DBG("%s", hdev->name);
1733 return hci_update_connectable_sync(hdev);
1736 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1739 struct mgmt_mode *cp = data;
1740 struct mgmt_pending_cmd *cmd;
1743 bt_dev_dbg(hdev, "sock %p", sk);
1745 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1746 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1747 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1748 MGMT_STATUS_REJECTED);
1750 if (cp->val != 0x00 && cp->val != 0x01)
1751 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1752 MGMT_STATUS_INVALID_PARAMS);
1756 if (!hdev_is_powered(hdev)) {
1757 err = set_connectable_update_settings(hdev, sk, cp->val);
1761 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1762 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1763 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1768 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1775 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1777 if (hdev->discov_timeout > 0)
1778 cancel_delayed_work(&hdev->discov_off);
1780 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1781 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1782 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1785 err = hci_cmd_sync_queue(hdev, set_connectable_sync, cmd,
1786 mgmt_set_connectable_complete);
1789 mgmt_pending_remove(cmd);
1792 hci_dev_unlock(hdev);
1796 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1799 struct mgmt_mode *cp = data;
1803 bt_dev_dbg(hdev, "sock %p", sk);
1805 if (cp->val != 0x00 && cp->val != 0x01)
1806 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1807 MGMT_STATUS_INVALID_PARAMS);
1812 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1814 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1816 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1821 /* In limited privacy mode the change of bondable mode
1822 * may affect the local advertising address.
1824 hci_update_discoverable(hdev);
1826 err = new_settings(hdev, sk);
1830 hci_dev_unlock(hdev);
1834 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1837 struct mgmt_mode *cp = data;
1838 struct mgmt_pending_cmd *cmd;
1842 bt_dev_dbg(hdev, "sock %p", sk);
1844 status = mgmt_bredr_support(hdev);
1846 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1849 if (cp->val != 0x00 && cp->val != 0x01)
1850 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1851 MGMT_STATUS_INVALID_PARAMS);
1855 if (!hdev_is_powered(hdev)) {
1856 bool changed = false;
1858 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1859 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1863 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1868 err = new_settings(hdev, sk);
1873 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1874 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1881 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1882 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1886 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1892 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1894 mgmt_pending_remove(cmd);
1899 hci_dev_unlock(hdev);
1903 static void set_ssp_complete(struct hci_dev *hdev, void *data, int err)
1905 struct cmd_lookup match = { NULL, hdev };
1906 struct mgmt_pending_cmd *cmd = data;
1907 struct mgmt_mode *cp = cmd->param;
1908 u8 enable = cp->val;
1911 /* Make sure cmd still outstanding. */
1912 if (cmd != pending_find(MGMT_OP_SET_SSP, hdev))
1916 u8 mgmt_err = mgmt_status(err);
1918 if (enable && hci_dev_test_and_clear_flag(hdev,
1920 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1921 new_settings(hdev, NULL);
1924 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
1930 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1932 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
1935 changed = hci_dev_test_and_clear_flag(hdev,
1938 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1941 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
1944 new_settings(hdev, match.sk);
1949 hci_update_eir_sync(hdev);
1952 static int set_ssp_sync(struct hci_dev *hdev, void *data)
1954 struct mgmt_pending_cmd *cmd = data;
1955 struct mgmt_mode *cp = cmd->param;
1956 bool changed = false;
1960 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1962 err = hci_write_ssp_mode_sync(hdev, cp->val);
1964 if (!err && changed)
1965 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
1970 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1972 struct mgmt_mode *cp = data;
1973 struct mgmt_pending_cmd *cmd;
1977 bt_dev_dbg(hdev, "sock %p", sk);
1979 status = mgmt_bredr_support(hdev);
1981 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1983 if (!lmp_ssp_capable(hdev))
1984 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1985 MGMT_STATUS_NOT_SUPPORTED);
1987 if (cp->val != 0x00 && cp->val != 0x01)
1988 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1989 MGMT_STATUS_INVALID_PARAMS);
1993 if (!hdev_is_powered(hdev)) {
1997 changed = !hci_dev_test_and_set_flag(hdev,
2000 changed = hci_dev_test_and_clear_flag(hdev,
2003 changed = hci_dev_test_and_clear_flag(hdev,
2006 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
2009 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2014 err = new_settings(hdev, sk);
2019 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2020 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2025 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2026 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2030 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2034 err = hci_cmd_sync_queue(hdev, set_ssp_sync, cmd,
2038 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2039 MGMT_STATUS_FAILED);
2042 mgmt_pending_remove(cmd);
2046 hci_dev_unlock(hdev);
2050 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2052 struct mgmt_mode *cp = data;
2057 bt_dev_dbg(hdev, "sock %p", sk);
2059 if (!IS_ENABLED(CONFIG_BT_HS))
2060 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2061 MGMT_STATUS_NOT_SUPPORTED);
2063 status = mgmt_bredr_support(hdev);
2065 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2067 if (!lmp_ssp_capable(hdev))
2068 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2069 MGMT_STATUS_NOT_SUPPORTED);
2071 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
2072 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2073 MGMT_STATUS_REJECTED);
2075 if (cp->val != 0x00 && cp->val != 0x01)
2076 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2077 MGMT_STATUS_INVALID_PARAMS);
2081 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2082 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2088 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2090 if (hdev_is_powered(hdev)) {
2091 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2092 MGMT_STATUS_REJECTED);
2096 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2099 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2104 err = new_settings(hdev, sk);
2107 hci_dev_unlock(hdev);
2111 static void set_le_complete(struct hci_dev *hdev, void *data, int err)
2113 struct cmd_lookup match = { NULL, hdev };
2114 u8 status = mgmt_status(err);
2116 bt_dev_dbg(hdev, "err %d", err);
2119 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2124 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2126 new_settings(hdev, match.sk);
2132 static int set_le_sync(struct hci_dev *hdev, void *data)
2134 struct mgmt_pending_cmd *cmd = data;
2135 struct mgmt_mode *cp = cmd->param;
2140 hci_clear_adv_instance_sync(hdev, NULL, 0x00, true);
2142 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2143 hci_disable_advertising_sync(hdev);
2145 if (ext_adv_capable(hdev))
2146 hci_remove_ext_adv_instance_sync(hdev, 0, cmd->sk);
2148 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
2151 err = hci_write_le_host_supported_sync(hdev, val, 0);
2153 /* Make sure the controller has a good default for
2154 * advertising data. Restrict the update to when LE
2155 * has actually been enabled. During power on, the
2156 * update in powered_update_hci will take care of it.
2158 if (!err && hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2159 if (ext_adv_capable(hdev)) {
2162 status = hci_setup_ext_adv_instance_sync(hdev, 0x00);
2164 hci_update_scan_rsp_data_sync(hdev, 0x00);
2166 hci_update_adv_data_sync(hdev, 0x00);
2167 hci_update_scan_rsp_data_sync(hdev, 0x00);
2170 hci_update_passive_scan(hdev);
2176 static void set_mesh_complete(struct hci_dev *hdev, void *data, int err)
2178 struct mgmt_pending_cmd *cmd = data;
2179 u8 status = mgmt_status(err);
2180 struct sock *sk = cmd->sk;
2183 mgmt_pending_foreach(MGMT_OP_SET_MESH_RECEIVER, hdev,
2184 cmd_status_rsp, &status);
2188 mgmt_pending_remove(cmd);
2189 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 0, NULL, 0);
2192 static int set_mesh_sync(struct hci_dev *hdev, void *data)
2194 struct mgmt_pending_cmd *cmd = data;
2195 struct mgmt_cp_set_mesh *cp = cmd->param;
2196 size_t len = cmd->param_len;
2198 memset(hdev->mesh_ad_types, 0, sizeof(hdev->mesh_ad_types));
2201 hci_dev_set_flag(hdev, HCI_MESH);
2203 hci_dev_clear_flag(hdev, HCI_MESH);
2207 /* If filters don't fit, forward all adv pkts */
2208 if (len <= sizeof(hdev->mesh_ad_types))
2209 memcpy(hdev->mesh_ad_types, cp->ad_types, len);
2211 hci_update_passive_scan_sync(hdev);
2215 static int set_mesh(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2217 struct mgmt_cp_set_mesh *cp = data;
2218 struct mgmt_pending_cmd *cmd;
2221 bt_dev_dbg(hdev, "sock %p", sk);
2223 if (!lmp_le_capable(hdev) ||
2224 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2225 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2226 MGMT_STATUS_NOT_SUPPORTED);
2228 if (cp->enable != 0x00 && cp->enable != 0x01)
2229 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2230 MGMT_STATUS_INVALID_PARAMS);
2234 cmd = mgmt_pending_add(sk, MGMT_OP_SET_MESH_RECEIVER, hdev, data, len);
2238 err = hci_cmd_sync_queue(hdev, set_mesh_sync, cmd,
2242 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2243 MGMT_STATUS_FAILED);
2246 mgmt_pending_remove(cmd);
2249 hci_dev_unlock(hdev);
2253 static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err)
2255 struct mgmt_mesh_tx *mesh_tx = data;
2256 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param;
2257 unsigned long mesh_send_interval;
2258 u8 mgmt_err = mgmt_status(err);
2260 /* Report any errors here, but don't report completion */
2263 hci_dev_clear_flag(hdev, HCI_MESH_SENDING);
2264 /* Send Complete Error Code for handle */
2265 mesh_send_complete(hdev, mesh_tx, false);
2269 mesh_send_interval = msecs_to_jiffies((send->cnt) * 25);
2270 queue_delayed_work(hdev->req_workqueue, &hdev->mesh_send_done,
2271 mesh_send_interval);
2274 static int mesh_send_sync(struct hci_dev *hdev, void *data)
2276 struct mgmt_mesh_tx *mesh_tx = data;
2277 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param;
2278 struct adv_info *adv, *next_instance;
2279 u8 instance = hdev->le_num_of_adv_sets + 1;
2280 u16 timeout, duration;
2283 if (hdev->le_num_of_adv_sets <= hdev->adv_instance_cnt)
2284 return MGMT_STATUS_BUSY;
2287 duration = send->cnt * INTERVAL_TO_MS(hdev->le_adv_max_interval);
2288 adv = hci_add_adv_instance(hdev, instance, 0,
2289 send->adv_data_len, send->adv_data,
2292 HCI_ADV_TX_POWER_NO_PREFERENCE,
2293 hdev->le_adv_min_interval,
2294 hdev->le_adv_max_interval,
2298 mesh_tx->instance = instance;
2302 if (hdev->cur_adv_instance == instance) {
2303 /* If the currently advertised instance is being changed then
2304 * cancel the current advertising and schedule the next
2305 * instance. If there is only one instance then the overridden
2306 * advertising data will be visible right away.
2308 cancel_adv_timeout(hdev);
2310 next_instance = hci_get_next_instance(hdev, instance);
2312 instance = next_instance->instance;
2315 } else if (hdev->adv_instance_timeout) {
2316 /* Immediately advertise the new instance if no other, or
2317 * let it go naturally from queue if ADV is already happening
2323 return hci_schedule_adv_instance_sync(hdev, instance, true);
2328 static void send_count(struct mgmt_mesh_tx *mesh_tx, void *data)
2330 struct mgmt_rp_mesh_read_features *rp = data;
2332 if (rp->used_handles >= rp->max_handles)
2335 rp->handles[rp->used_handles++] = mesh_tx->handle;
2338 static int mesh_features(struct sock *sk, struct hci_dev *hdev,
2339 void *data, u16 len)
2341 struct mgmt_rp_mesh_read_features rp;
2343 if (!lmp_le_capable(hdev) ||
2344 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2345 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES,
2346 MGMT_STATUS_NOT_SUPPORTED);
2348 memset(&rp, 0, sizeof(rp));
2349 rp.index = cpu_to_le16(hdev->id);
2350 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2351 rp.max_handles = MESH_HANDLES_MAX;
2356 mgmt_mesh_foreach(hdev, send_count, &rp, sk);
2358 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES, 0, &rp,
2359 rp.used_handles + sizeof(rp) - MESH_HANDLES_MAX);
2361 hci_dev_unlock(hdev);
2365 static int send_cancel(struct hci_dev *hdev, void *data)
2367 struct mgmt_pending_cmd *cmd = data;
2368 struct mgmt_cp_mesh_send_cancel *cancel = (void *)cmd->param;
2369 struct mgmt_mesh_tx *mesh_tx;
2371 if (!cancel->handle) {
2373 mesh_tx = mgmt_mesh_next(hdev, cmd->sk);
2376 mesh_send_complete(hdev, mesh_tx, false);
2379 mesh_tx = mgmt_mesh_find(hdev, cancel->handle);
2381 if (mesh_tx && mesh_tx->sk == cmd->sk)
2382 mesh_send_complete(hdev, mesh_tx, false);
2385 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2387 mgmt_pending_free(cmd);
2392 static int mesh_send_cancel(struct sock *sk, struct hci_dev *hdev,
2393 void *data, u16 len)
2395 struct mgmt_pending_cmd *cmd;
2398 if (!lmp_le_capable(hdev) ||
2399 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2401 MGMT_STATUS_NOT_SUPPORTED);
2403 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2405 MGMT_STATUS_REJECTED);
2408 cmd = mgmt_pending_new(sk, MGMT_OP_MESH_SEND_CANCEL, hdev, data, len);
2412 err = hci_cmd_sync_queue(hdev, send_cancel, cmd, NULL);
2415 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2416 MGMT_STATUS_FAILED);
2419 mgmt_pending_free(cmd);
2422 hci_dev_unlock(hdev);
2426 static int mesh_send(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2428 struct mgmt_mesh_tx *mesh_tx;
2429 struct mgmt_cp_mesh_send *send = data;
2430 struct mgmt_rp_mesh_read_features rp;
2434 if (!lmp_le_capable(hdev) ||
2435 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2436 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2437 MGMT_STATUS_NOT_SUPPORTED);
2438 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) ||
2439 len <= MGMT_MESH_SEND_SIZE ||
2440 len > (MGMT_MESH_SEND_SIZE + 31))
2441 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2442 MGMT_STATUS_REJECTED);
2446 memset(&rp, 0, sizeof(rp));
2447 rp.max_handles = MESH_HANDLES_MAX;
2449 mgmt_mesh_foreach(hdev, send_count, &rp, sk);
2451 if (rp.max_handles <= rp.used_handles) {
2452 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2457 sending = hci_dev_test_flag(hdev, HCI_MESH_SENDING);
2458 mesh_tx = mgmt_mesh_add(sk, hdev, send, len);
2463 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx,
2464 mesh_send_start_complete);
2467 bt_dev_err(hdev, "Send Mesh Failed %d", err);
2468 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2469 MGMT_STATUS_FAILED);
2473 mgmt_mesh_remove(mesh_tx);
2476 hci_dev_set_flag(hdev, HCI_MESH_SENDING);
2478 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_SEND, 0,
2479 &mesh_tx->handle, 1);
2483 hci_dev_unlock(hdev);
2487 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2489 struct mgmt_mode *cp = data;
2490 struct mgmt_pending_cmd *cmd;
2494 bt_dev_dbg(hdev, "sock %p", sk);
2496 if (!lmp_le_capable(hdev))
2497 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2498 MGMT_STATUS_NOT_SUPPORTED);
2500 if (cp->val != 0x00 && cp->val != 0x01)
2501 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2502 MGMT_STATUS_INVALID_PARAMS);
2504 /* Bluetooth single mode LE only controllers or dual-mode
2505 * controllers configured as LE only devices, do not allow
2506 * switching LE off. These have either LE enabled explicitly
2507 * or BR/EDR has been previously switched off.
2509 * When trying to enable an already enabled LE, then gracefully
2510 * send a positive response. Trying to disable it however will
2511 * result into rejection.
2513 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2514 if (cp->val == 0x01)
2515 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2517 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2518 MGMT_STATUS_REJECTED);
2524 enabled = lmp_host_le_capable(hdev);
2526 if (!hdev_is_powered(hdev) || val == enabled) {
2527 bool changed = false;
2529 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2530 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2534 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2535 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2539 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2544 err = new_settings(hdev, sk);
2549 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2550 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2551 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2556 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2560 err = hci_cmd_sync_queue(hdev, set_le_sync, cmd,
2564 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2565 MGMT_STATUS_FAILED);
2568 mgmt_pending_remove(cmd);
2572 hci_dev_unlock(hdev);
2576 /* This is a helper function to test for pending mgmt commands that can
2577 * cause CoD or EIR HCI commands. We can only allow one such pending
2578 * mgmt command at a time since otherwise we cannot easily track what
2579 * the current values are, will be, and based on that calculate if a new
2580 * HCI command needs to be sent and if yes with what value.
2582 static bool pending_eir_or_class(struct hci_dev *hdev)
2584 struct mgmt_pending_cmd *cmd;
2586 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2587 switch (cmd->opcode) {
2588 case MGMT_OP_ADD_UUID:
2589 case MGMT_OP_REMOVE_UUID:
2590 case MGMT_OP_SET_DEV_CLASS:
2591 case MGMT_OP_SET_POWERED:
2599 static const u8 bluetooth_base_uuid[] = {
2600 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2601 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2604 static u8 get_uuid_size(const u8 *uuid)
2608 if (memcmp(uuid, bluetooth_base_uuid, 12))
2611 val = get_unaligned_le32(&uuid[12]);
2618 static void mgmt_class_complete(struct hci_dev *hdev, void *data, int err)
2620 struct mgmt_pending_cmd *cmd = data;
2622 bt_dev_dbg(hdev, "err %d", err);
2624 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2625 mgmt_status(err), hdev->dev_class, 3);
2627 mgmt_pending_free(cmd);
2630 static int add_uuid_sync(struct hci_dev *hdev, void *data)
2634 err = hci_update_class_sync(hdev);
2638 return hci_update_eir_sync(hdev);
2641 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2643 struct mgmt_cp_add_uuid *cp = data;
2644 struct mgmt_pending_cmd *cmd;
2645 struct bt_uuid *uuid;
2648 bt_dev_dbg(hdev, "sock %p", sk);
2652 if (pending_eir_or_class(hdev)) {
2653 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2658 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2664 memcpy(uuid->uuid, cp->uuid, 16);
2665 uuid->svc_hint = cp->svc_hint;
2666 uuid->size = get_uuid_size(cp->uuid);
2668 list_add_tail(&uuid->list, &hdev->uuids);
2670 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2676 err = hci_cmd_sync_queue(hdev, add_uuid_sync, cmd, mgmt_class_complete);
2678 mgmt_pending_free(cmd);
2683 hci_dev_unlock(hdev);
2687 static bool enable_service_cache(struct hci_dev *hdev)
2689 if (!hdev_is_powered(hdev))
2692 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2693 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2701 static int remove_uuid_sync(struct hci_dev *hdev, void *data)
2705 err = hci_update_class_sync(hdev);
2709 return hci_update_eir_sync(hdev);
2712 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2715 struct mgmt_cp_remove_uuid *cp = data;
2716 struct mgmt_pending_cmd *cmd;
2717 struct bt_uuid *match, *tmp;
2718 static const u8 bt_uuid_any[] = {
2719 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
2723 bt_dev_dbg(hdev, "sock %p", sk);
2727 if (pending_eir_or_class(hdev)) {
2728 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2733 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2734 hci_uuids_clear(hdev);
2736 if (enable_service_cache(hdev)) {
2737 err = mgmt_cmd_complete(sk, hdev->id,
2738 MGMT_OP_REMOVE_UUID,
2739 0, hdev->dev_class, 3);
2748 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2749 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2752 list_del(&match->list);
2758 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2759 MGMT_STATUS_INVALID_PARAMS);
2764 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2770 err = hci_cmd_sync_queue(hdev, remove_uuid_sync, cmd,
2771 mgmt_class_complete);
2773 mgmt_pending_free(cmd);
2776 hci_dev_unlock(hdev);
2780 static int set_class_sync(struct hci_dev *hdev, void *data)
2784 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2785 cancel_delayed_work_sync(&hdev->service_cache);
2786 err = hci_update_eir_sync(hdev);
2792 return hci_update_class_sync(hdev);
2795 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2798 struct mgmt_cp_set_dev_class *cp = data;
2799 struct mgmt_pending_cmd *cmd;
2802 bt_dev_dbg(hdev, "sock %p", sk);
2804 if (!lmp_bredr_capable(hdev))
2805 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2806 MGMT_STATUS_NOT_SUPPORTED);
2810 if (pending_eir_or_class(hdev)) {
2811 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2816 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2817 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2818 MGMT_STATUS_INVALID_PARAMS);
2822 hdev->major_class = cp->major;
2823 hdev->minor_class = cp->minor;
2825 if (!hdev_is_powered(hdev)) {
2826 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2827 hdev->dev_class, 3);
2831 cmd = mgmt_pending_new(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2837 err = hci_cmd_sync_queue(hdev, set_class_sync, cmd,
2838 mgmt_class_complete);
2840 mgmt_pending_free(cmd);
2843 hci_dev_unlock(hdev);
2847 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2850 struct mgmt_cp_load_link_keys *cp = data;
2851 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2852 sizeof(struct mgmt_link_key_info));
2853 u16 key_count, expected_len;
2857 bt_dev_dbg(hdev, "sock %p", sk);
2859 if (!lmp_bredr_capable(hdev))
2860 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2861 MGMT_STATUS_NOT_SUPPORTED);
2863 key_count = __le16_to_cpu(cp->key_count);
2864 if (key_count > max_key_count) {
2865 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2867 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2868 MGMT_STATUS_INVALID_PARAMS);
2871 expected_len = struct_size(cp, keys, key_count);
2872 if (expected_len != len) {
2873 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2875 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2876 MGMT_STATUS_INVALID_PARAMS);
2879 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2880 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2881 MGMT_STATUS_INVALID_PARAMS);
2883 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2886 for (i = 0; i < key_count; i++) {
2887 struct mgmt_link_key_info *key = &cp->keys[i];
2889 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2890 return mgmt_cmd_status(sk, hdev->id,
2891 MGMT_OP_LOAD_LINK_KEYS,
2892 MGMT_STATUS_INVALID_PARAMS);
2897 hci_link_keys_clear(hdev);
2900 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2902 changed = hci_dev_test_and_clear_flag(hdev,
2903 HCI_KEEP_DEBUG_KEYS);
2906 new_settings(hdev, NULL);
2908 for (i = 0; i < key_count; i++) {
2909 struct mgmt_link_key_info *key = &cp->keys[i];
2911 if (hci_is_blocked_key(hdev,
2912 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2914 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2919 /* Always ignore debug keys and require a new pairing if
2920 * the user wants to use them.
2922 if (key->type == HCI_LK_DEBUG_COMBINATION)
2925 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2926 key->type, key->pin_len, NULL);
2929 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2931 hci_dev_unlock(hdev);
2936 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2937 u8 addr_type, struct sock *skip_sk)
2939 struct mgmt_ev_device_unpaired ev;
2941 bacpy(&ev.addr.bdaddr, bdaddr);
2942 ev.addr.type = addr_type;
2944 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2948 static void unpair_device_complete(struct hci_dev *hdev, void *data, int err)
2950 struct mgmt_pending_cmd *cmd = data;
2951 struct mgmt_cp_unpair_device *cp = cmd->param;
2954 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2956 cmd->cmd_complete(cmd, err);
2957 mgmt_pending_free(cmd);
2960 static int unpair_device_sync(struct hci_dev *hdev, void *data)
2962 struct mgmt_pending_cmd *cmd = data;
2963 struct mgmt_cp_unpair_device *cp = cmd->param;
2964 struct hci_conn *conn;
2966 if (cp->addr.type == BDADDR_BREDR)
2967 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2970 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2971 le_addr_type(cp->addr.type));
2976 return hci_abort_conn_sync(hdev, conn, HCI_ERROR_REMOTE_USER_TERM);
2979 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2982 struct mgmt_cp_unpair_device *cp = data;
2983 struct mgmt_rp_unpair_device rp;
2984 struct hci_conn_params *params;
2985 struct mgmt_pending_cmd *cmd;
2986 struct hci_conn *conn;
2990 memset(&rp, 0, sizeof(rp));
2991 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2992 rp.addr.type = cp->addr.type;
2994 if (!bdaddr_type_is_valid(cp->addr.type))
2995 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2996 MGMT_STATUS_INVALID_PARAMS,
2999 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
3000 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3001 MGMT_STATUS_INVALID_PARAMS,
3006 if (!hdev_is_powered(hdev)) {
3007 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3008 MGMT_STATUS_NOT_POWERED, &rp,
3013 if (cp->addr.type == BDADDR_BREDR) {
3014 /* If disconnection is requested, then look up the
3015 * connection. If the remote device is connected, it
3016 * will be later used to terminate the link.
3018 * Setting it to NULL explicitly will cause no
3019 * termination of the link.
3022 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3027 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
3029 err = mgmt_cmd_complete(sk, hdev->id,
3030 MGMT_OP_UNPAIR_DEVICE,
3031 MGMT_STATUS_NOT_PAIRED, &rp,
3039 /* LE address type */
3040 addr_type = le_addr_type(cp->addr.type);
3042 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
3043 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
3045 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3046 MGMT_STATUS_NOT_PAIRED, &rp,
3051 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
3053 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
3058 /* Defer clearing up the connection parameters until closing to
3059 * give a chance of keeping them if a repairing happens.
3061 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3063 /* Disable auto-connection parameters if present */
3064 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
3066 if (params->explicit_connect)
3067 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3069 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3072 /* If disconnection is not requested, then clear the connection
3073 * variable so that the link is not terminated.
3075 if (!cp->disconnect)
3079 /* If the connection variable is set, then termination of the
3080 * link is requested.
3083 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3085 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
3089 cmd = mgmt_pending_new(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
3096 cmd->cmd_complete = addr_cmd_complete;
3098 err = hci_cmd_sync_queue(hdev, unpair_device_sync, cmd,
3099 unpair_device_complete);
3101 mgmt_pending_free(cmd);
3104 hci_dev_unlock(hdev);
3108 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
3111 struct mgmt_cp_disconnect *cp = data;
3112 struct mgmt_rp_disconnect rp;
3113 struct mgmt_pending_cmd *cmd;
3114 struct hci_conn *conn;
3117 bt_dev_dbg(hdev, "sock %p", sk);
3119 memset(&rp, 0, sizeof(rp));
3120 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3121 rp.addr.type = cp->addr.type;
3123 if (!bdaddr_type_is_valid(cp->addr.type))
3124 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3125 MGMT_STATUS_INVALID_PARAMS,
3130 if (!test_bit(HCI_UP, &hdev->flags)) {
3131 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3132 MGMT_STATUS_NOT_POWERED, &rp,
3137 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
3138 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3139 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3143 if (cp->addr.type == BDADDR_BREDR)
3144 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3147 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
3148 le_addr_type(cp->addr.type));
3150 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
3151 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3152 MGMT_STATUS_NOT_CONNECTED, &rp,
3157 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
3163 cmd->cmd_complete = generic_cmd_complete;
3165 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3167 mgmt_pending_remove(cmd);
3170 hci_dev_unlock(hdev);
3174 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3176 switch (link_type) {
3178 switch (addr_type) {
3179 case ADDR_LE_DEV_PUBLIC:
3180 return BDADDR_LE_PUBLIC;
3183 /* Fallback to LE Random address type */
3184 return BDADDR_LE_RANDOM;
3188 /* Fallback to BR/EDR type */
3189 return BDADDR_BREDR;
3193 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3196 struct mgmt_rp_get_connections *rp;
3201 bt_dev_dbg(hdev, "sock %p", sk);
3205 if (!hdev_is_powered(hdev)) {
3206 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3207 MGMT_STATUS_NOT_POWERED);
3212 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3213 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3217 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
3224 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3225 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3227 bacpy(&rp->addr[i].bdaddr, &c->dst);
3228 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3229 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3234 rp->conn_count = cpu_to_le16(i);
3236 /* Recalculate length in case of filtered SCO connections, etc */
3237 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3238 struct_size(rp, addr, i));
3243 hci_dev_unlock(hdev);
3247 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3248 struct mgmt_cp_pin_code_neg_reply *cp)
3250 struct mgmt_pending_cmd *cmd;
3253 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3258 cmd->cmd_complete = addr_cmd_complete;
3260 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3261 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3263 mgmt_pending_remove(cmd);
3268 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3271 struct hci_conn *conn;
3272 struct mgmt_cp_pin_code_reply *cp = data;
3273 struct hci_cp_pin_code_reply reply;
3274 struct mgmt_pending_cmd *cmd;
3277 bt_dev_dbg(hdev, "sock %p", sk);
3281 if (!hdev_is_powered(hdev)) {
3282 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3283 MGMT_STATUS_NOT_POWERED);
3287 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3289 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3290 MGMT_STATUS_NOT_CONNECTED);
3294 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3295 struct mgmt_cp_pin_code_neg_reply ncp;
3297 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3299 bt_dev_err(hdev, "PIN code is not 16 bytes long");
3301 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3303 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3304 MGMT_STATUS_INVALID_PARAMS);
3309 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3315 cmd->cmd_complete = addr_cmd_complete;
3317 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3318 reply.pin_len = cp->pin_len;
3319 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3321 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3323 mgmt_pending_remove(cmd);
3326 hci_dev_unlock(hdev);
3330 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3333 struct mgmt_cp_set_io_capability *cp = data;
3335 bt_dev_dbg(hdev, "sock %p", sk);
3337 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3338 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3339 MGMT_STATUS_INVALID_PARAMS);
3343 hdev->io_capability = cp->io_capability;
3345 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
3347 hci_dev_unlock(hdev);
3349 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3353 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
3355 struct hci_dev *hdev = conn->hdev;
3356 struct mgmt_pending_cmd *cmd;
3358 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3359 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3362 if (cmd->user_data != conn)
3371 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
3373 struct mgmt_rp_pair_device rp;
3374 struct hci_conn *conn = cmd->user_data;
3377 bacpy(&rp.addr.bdaddr, &conn->dst);
3378 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3380 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3381 status, &rp, sizeof(rp));
3383 /* So we don't get further callbacks for this connection */
3384 conn->connect_cfm_cb = NULL;
3385 conn->security_cfm_cb = NULL;
3386 conn->disconn_cfm_cb = NULL;
3388 hci_conn_drop(conn);
3390 /* The device is paired so there is no need to remove
3391 * its connection parameters anymore.
3393 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3400 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3402 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3403 struct mgmt_pending_cmd *cmd;
3405 cmd = find_pairing(conn);
3407 cmd->cmd_complete(cmd, status);
3408 mgmt_pending_remove(cmd);
3412 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3414 struct mgmt_pending_cmd *cmd;
3416 BT_DBG("status %u", status);
3418 cmd = find_pairing(conn);
3420 BT_DBG("Unable to find a pending command");
3424 cmd->cmd_complete(cmd, mgmt_status(status));
3425 mgmt_pending_remove(cmd);
3428 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3430 struct mgmt_pending_cmd *cmd;
3432 BT_DBG("status %u", status);
3437 cmd = find_pairing(conn);
3439 BT_DBG("Unable to find a pending command");
3443 cmd->cmd_complete(cmd, mgmt_status(status));
3444 mgmt_pending_remove(cmd);
3447 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3450 struct mgmt_cp_pair_device *cp = data;
3451 struct mgmt_rp_pair_device rp;
3452 struct mgmt_pending_cmd *cmd;
3453 u8 sec_level, auth_type;
3454 struct hci_conn *conn;
3457 bt_dev_dbg(hdev, "sock %p", sk);
3459 memset(&rp, 0, sizeof(rp));
3460 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3461 rp.addr.type = cp->addr.type;
3463 if (!bdaddr_type_is_valid(cp->addr.type))
3464 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3465 MGMT_STATUS_INVALID_PARAMS,
3468 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3469 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3470 MGMT_STATUS_INVALID_PARAMS,
3475 if (!hdev_is_powered(hdev)) {
3476 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3477 MGMT_STATUS_NOT_POWERED, &rp,
3482 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3483 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3484 MGMT_STATUS_ALREADY_PAIRED, &rp,
3489 sec_level = BT_SECURITY_MEDIUM;
3490 auth_type = HCI_AT_DEDICATED_BONDING;
3492 if (cp->addr.type == BDADDR_BREDR) {
3493 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3494 auth_type, CONN_REASON_PAIR_DEVICE);
3496 u8 addr_type = le_addr_type(cp->addr.type);
3497 struct hci_conn_params *p;
3499 /* When pairing a new device, it is expected to remember
3500 * this device for future connections. Adding the connection
3501 * parameter information ahead of time allows tracking
3502 * of the peripheral preferred values and will speed up any
3503 * further connection establishment.
3505 * If connection parameters already exist, then they
3506 * will be kept and this function does nothing.
3508 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3510 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
3511 p->auto_connect = HCI_AUTO_CONN_DISABLED;
3513 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type,
3514 sec_level, HCI_LE_CONN_TIMEOUT,
3515 CONN_REASON_PAIR_DEVICE);
3521 if (PTR_ERR(conn) == -EBUSY)
3522 status = MGMT_STATUS_BUSY;
3523 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3524 status = MGMT_STATUS_NOT_SUPPORTED;
3525 else if (PTR_ERR(conn) == -ECONNREFUSED)
3526 status = MGMT_STATUS_REJECTED;
3528 status = MGMT_STATUS_CONNECT_FAILED;
3530 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3531 status, &rp, sizeof(rp));
3535 if (conn->connect_cfm_cb) {
3536 hci_conn_drop(conn);
3537 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3538 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3542 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3545 hci_conn_drop(conn);
3549 cmd->cmd_complete = pairing_complete;
3551 /* For LE, just connecting isn't a proof that the pairing finished */
3552 if (cp->addr.type == BDADDR_BREDR) {
3553 conn->connect_cfm_cb = pairing_complete_cb;
3554 conn->security_cfm_cb = pairing_complete_cb;
3555 conn->disconn_cfm_cb = pairing_complete_cb;
3557 conn->connect_cfm_cb = le_pairing_complete_cb;
3558 conn->security_cfm_cb = le_pairing_complete_cb;
3559 conn->disconn_cfm_cb = le_pairing_complete_cb;
3562 conn->io_capability = cp->io_cap;
3563 cmd->user_data = hci_conn_get(conn);
3565 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3566 hci_conn_security(conn, sec_level, auth_type, true)) {
3567 cmd->cmd_complete(cmd, 0);
3568 mgmt_pending_remove(cmd);
3574 hci_dev_unlock(hdev);
3578 static int abort_conn_sync(struct hci_dev *hdev, void *data)
3580 struct hci_conn *conn;
3581 u16 handle = PTR_ERR(data);
3583 conn = hci_conn_hash_lookup_handle(hdev, handle);
3587 return hci_abort_conn_sync(hdev, conn, HCI_ERROR_REMOTE_USER_TERM);
3590 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3593 struct mgmt_addr_info *addr = data;
3594 struct mgmt_pending_cmd *cmd;
3595 struct hci_conn *conn;
3598 bt_dev_dbg(hdev, "sock %p", sk);
3602 if (!hdev_is_powered(hdev)) {
3603 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3604 MGMT_STATUS_NOT_POWERED);
3608 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3610 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3611 MGMT_STATUS_INVALID_PARAMS);
3615 conn = cmd->user_data;
3617 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3618 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3619 MGMT_STATUS_INVALID_PARAMS);
3623 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3624 mgmt_pending_remove(cmd);
3626 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3627 addr, sizeof(*addr));
3629 /* Since user doesn't want to proceed with the connection, abort any
3630 * ongoing pairing and then terminate the link if it was created
3631 * because of the pair device action.
3633 if (addr->type == BDADDR_BREDR)
3634 hci_remove_link_key(hdev, &addr->bdaddr);
3636 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr,
3637 le_addr_type(addr->type));
3639 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE)
3640 hci_cmd_sync_queue(hdev, abort_conn_sync, ERR_PTR(conn->handle),
3644 hci_dev_unlock(hdev);
3648 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3649 struct mgmt_addr_info *addr, u16 mgmt_op,
3650 u16 hci_op, __le32 passkey)
3652 struct mgmt_pending_cmd *cmd;
3653 struct hci_conn *conn;
3658 if (!hdev_is_powered(hdev)) {
3659 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3660 MGMT_STATUS_NOT_POWERED, addr,
3665 if (addr->type == BDADDR_BREDR)
3666 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3668 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3669 le_addr_type(addr->type));
3672 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3673 MGMT_STATUS_NOT_CONNECTED, addr,
3678 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3679 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3681 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3682 MGMT_STATUS_SUCCESS, addr,
3685 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3686 MGMT_STATUS_FAILED, addr,
3692 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3698 cmd->cmd_complete = addr_cmd_complete;
3700 /* Continue with pairing via HCI */
3701 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3702 struct hci_cp_user_passkey_reply cp;
3704 bacpy(&cp.bdaddr, &addr->bdaddr);
3705 cp.passkey = passkey;
3706 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3708 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3712 mgmt_pending_remove(cmd);
3715 hci_dev_unlock(hdev);
3719 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3720 void *data, u16 len)
3722 struct mgmt_cp_pin_code_neg_reply *cp = data;
3724 bt_dev_dbg(hdev, "sock %p", sk);
3726 return user_pairing_resp(sk, hdev, &cp->addr,
3727 MGMT_OP_PIN_CODE_NEG_REPLY,
3728 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3731 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3734 struct mgmt_cp_user_confirm_reply *cp = data;
3736 bt_dev_dbg(hdev, "sock %p", sk);
3738 if (len != sizeof(*cp))
3739 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3740 MGMT_STATUS_INVALID_PARAMS);
3742 return user_pairing_resp(sk, hdev, &cp->addr,
3743 MGMT_OP_USER_CONFIRM_REPLY,
3744 HCI_OP_USER_CONFIRM_REPLY, 0);
3747 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3748 void *data, u16 len)
3750 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3752 bt_dev_dbg(hdev, "sock %p", sk);
3754 return user_pairing_resp(sk, hdev, &cp->addr,
3755 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3756 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3759 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3762 struct mgmt_cp_user_passkey_reply *cp = data;
3764 bt_dev_dbg(hdev, "sock %p", sk);
3766 return user_pairing_resp(sk, hdev, &cp->addr,
3767 MGMT_OP_USER_PASSKEY_REPLY,
3768 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3771 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3772 void *data, u16 len)
3774 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3776 bt_dev_dbg(hdev, "sock %p", sk);
3778 return user_pairing_resp(sk, hdev, &cp->addr,
3779 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3780 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3783 static int adv_expire_sync(struct hci_dev *hdev, u32 flags)
3785 struct adv_info *adv_instance;
3787 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3791 /* stop if current instance doesn't need to be changed */
3792 if (!(adv_instance->flags & flags))
3795 cancel_adv_timeout(hdev);
3797 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3801 hci_schedule_adv_instance_sync(hdev, adv_instance->instance, true);
3806 static int name_changed_sync(struct hci_dev *hdev, void *data)
3808 return adv_expire_sync(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3811 static void set_name_complete(struct hci_dev *hdev, void *data, int err)
3813 struct mgmt_pending_cmd *cmd = data;
3814 struct mgmt_cp_set_local_name *cp = cmd->param;
3815 u8 status = mgmt_status(err);
3817 bt_dev_dbg(hdev, "err %d", err);
3819 if (cmd != pending_find(MGMT_OP_SET_LOCAL_NAME, hdev))
3823 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3826 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3829 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3830 hci_cmd_sync_queue(hdev, name_changed_sync, NULL, NULL);
3833 mgmt_pending_remove(cmd);
3836 static int set_name_sync(struct hci_dev *hdev, void *data)
3838 if (lmp_bredr_capable(hdev)) {
3839 hci_update_name_sync(hdev);
3840 hci_update_eir_sync(hdev);
3843 /* The name is stored in the scan response data and so
3844 * no need to update the advertising data here.
3846 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3847 hci_update_scan_rsp_data_sync(hdev, hdev->cur_adv_instance);
3852 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3855 struct mgmt_cp_set_local_name *cp = data;
3856 struct mgmt_pending_cmd *cmd;
3859 bt_dev_dbg(hdev, "sock %p", sk);
3863 /* If the old values are the same as the new ones just return a
3864 * direct command complete event.
3866 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3867 !memcmp(hdev->short_name, cp->short_name,
3868 sizeof(hdev->short_name))) {
3869 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3874 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3876 if (!hdev_is_powered(hdev)) {
3877 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3879 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3884 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3885 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3886 ext_info_changed(hdev, sk);
3891 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3895 err = hci_cmd_sync_queue(hdev, set_name_sync, cmd,
3899 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3900 MGMT_STATUS_FAILED);
3903 mgmt_pending_remove(cmd);
3908 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3911 hci_dev_unlock(hdev);
3915 static int appearance_changed_sync(struct hci_dev *hdev, void *data)
3917 return adv_expire_sync(hdev, MGMT_ADV_FLAG_APPEARANCE);
3920 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3923 struct mgmt_cp_set_appearance *cp = data;
3927 bt_dev_dbg(hdev, "sock %p", sk);
3929 if (!lmp_le_capable(hdev))
3930 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3931 MGMT_STATUS_NOT_SUPPORTED);
3933 appearance = le16_to_cpu(cp->appearance);
3937 if (hdev->appearance != appearance) {
3938 hdev->appearance = appearance;
3940 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3941 hci_cmd_sync_queue(hdev, appearance_changed_sync, NULL,
3944 ext_info_changed(hdev, sk);
3947 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3950 hci_dev_unlock(hdev);
3955 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3956 void *data, u16 len)
3958 struct mgmt_rp_get_phy_configuration rp;
3960 bt_dev_dbg(hdev, "sock %p", sk);
3964 memset(&rp, 0, sizeof(rp));
3966 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3967 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3968 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3970 hci_dev_unlock(hdev);
3972 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3976 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3978 struct mgmt_ev_phy_configuration_changed ev;
3980 memset(&ev, 0, sizeof(ev));
3982 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3984 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3988 static void set_default_phy_complete(struct hci_dev *hdev, void *data, int err)
3990 struct mgmt_pending_cmd *cmd = data;
3991 struct sk_buff *skb = cmd->skb;
3992 u8 status = mgmt_status(err);
3994 if (cmd != pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev))
3999 status = MGMT_STATUS_FAILED;
4000 else if (IS_ERR(skb))
4001 status = mgmt_status(PTR_ERR(skb));
4003 status = mgmt_status(skb->data[0]);
4006 bt_dev_dbg(hdev, "status %d", status);
4009 mgmt_cmd_status(cmd->sk, hdev->id,
4010 MGMT_OP_SET_PHY_CONFIGURATION, status);
4012 mgmt_cmd_complete(cmd->sk, hdev->id,
4013 MGMT_OP_SET_PHY_CONFIGURATION, 0,
4016 mgmt_phy_configuration_changed(hdev, cmd->sk);
4019 if (skb && !IS_ERR(skb))
4022 mgmt_pending_remove(cmd);
4025 static int set_default_phy_sync(struct hci_dev *hdev, void *data)
4027 struct mgmt_pending_cmd *cmd = data;
4028 struct mgmt_cp_set_phy_configuration *cp = cmd->param;
4029 struct hci_cp_le_set_default_phy cp_phy;
4030 u32 selected_phys = __le32_to_cpu(cp->selected_phys);
4032 memset(&cp_phy, 0, sizeof(cp_phy));
4034 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
4035 cp_phy.all_phys |= 0x01;
4037 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
4038 cp_phy.all_phys |= 0x02;
4040 if (selected_phys & MGMT_PHY_LE_1M_TX)
4041 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
4043 if (selected_phys & MGMT_PHY_LE_2M_TX)
4044 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
4046 if (selected_phys & MGMT_PHY_LE_CODED_TX)
4047 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
4049 if (selected_phys & MGMT_PHY_LE_1M_RX)
4050 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
4052 if (selected_phys & MGMT_PHY_LE_2M_RX)
4053 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
4055 if (selected_phys & MGMT_PHY_LE_CODED_RX)
4056 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
4058 cmd->skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_DEFAULT_PHY,
4059 sizeof(cp_phy), &cp_phy, HCI_CMD_TIMEOUT);
4064 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
4065 void *data, u16 len)
4067 struct mgmt_cp_set_phy_configuration *cp = data;
4068 struct mgmt_pending_cmd *cmd;
4069 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
4070 u16 pkt_type = (HCI_DH1 | HCI_DM1);
4071 bool changed = false;
4074 bt_dev_dbg(hdev, "sock %p", sk);
4076 configurable_phys = get_configurable_phys(hdev);
4077 supported_phys = get_supported_phys(hdev);
4078 selected_phys = __le32_to_cpu(cp->selected_phys);
4080 if (selected_phys & ~supported_phys)
4081 return mgmt_cmd_status(sk, hdev->id,
4082 MGMT_OP_SET_PHY_CONFIGURATION,
4083 MGMT_STATUS_INVALID_PARAMS);
4085 unconfigure_phys = supported_phys & ~configurable_phys;
4087 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
4088 return mgmt_cmd_status(sk, hdev->id,
4089 MGMT_OP_SET_PHY_CONFIGURATION,
4090 MGMT_STATUS_INVALID_PARAMS);
4092 if (selected_phys == get_selected_phys(hdev))
4093 return mgmt_cmd_complete(sk, hdev->id,
4094 MGMT_OP_SET_PHY_CONFIGURATION,
4099 if (!hdev_is_powered(hdev)) {
4100 err = mgmt_cmd_status(sk, hdev->id,
4101 MGMT_OP_SET_PHY_CONFIGURATION,
4102 MGMT_STATUS_REJECTED);
4106 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
4107 err = mgmt_cmd_status(sk, hdev->id,
4108 MGMT_OP_SET_PHY_CONFIGURATION,
4113 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
4114 pkt_type |= (HCI_DH3 | HCI_DM3);
4116 pkt_type &= ~(HCI_DH3 | HCI_DM3);
4118 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
4119 pkt_type |= (HCI_DH5 | HCI_DM5);
4121 pkt_type &= ~(HCI_DH5 | HCI_DM5);
4123 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
4124 pkt_type &= ~HCI_2DH1;
4126 pkt_type |= HCI_2DH1;
4128 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
4129 pkt_type &= ~HCI_2DH3;
4131 pkt_type |= HCI_2DH3;
4133 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
4134 pkt_type &= ~HCI_2DH5;
4136 pkt_type |= HCI_2DH5;
4138 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
4139 pkt_type &= ~HCI_3DH1;
4141 pkt_type |= HCI_3DH1;
4143 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
4144 pkt_type &= ~HCI_3DH3;
4146 pkt_type |= HCI_3DH3;
4148 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
4149 pkt_type &= ~HCI_3DH5;
4151 pkt_type |= HCI_3DH5;
4153 if (pkt_type != hdev->pkt_type) {
4154 hdev->pkt_type = pkt_type;
4158 if ((selected_phys & MGMT_PHY_LE_MASK) ==
4159 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
4161 mgmt_phy_configuration_changed(hdev, sk);
4163 err = mgmt_cmd_complete(sk, hdev->id,
4164 MGMT_OP_SET_PHY_CONFIGURATION,
4170 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
4175 err = hci_cmd_sync_queue(hdev, set_default_phy_sync, cmd,
4176 set_default_phy_complete);
4179 err = mgmt_cmd_status(sk, hdev->id,
4180 MGMT_OP_SET_PHY_CONFIGURATION,
4181 MGMT_STATUS_FAILED);
4184 mgmt_pending_remove(cmd);
4188 hci_dev_unlock(hdev);
4193 static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
4196 int err = MGMT_STATUS_SUCCESS;
4197 struct mgmt_cp_set_blocked_keys *keys = data;
4198 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
4199 sizeof(struct mgmt_blocked_key_info));
4200 u16 key_count, expected_len;
4203 bt_dev_dbg(hdev, "sock %p", sk);
4205 key_count = __le16_to_cpu(keys->key_count);
4206 if (key_count > max_key_count) {
4207 bt_dev_err(hdev, "too big key_count value %u", key_count);
4208 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4209 MGMT_STATUS_INVALID_PARAMS);
4212 expected_len = struct_size(keys, keys, key_count);
4213 if (expected_len != len) {
4214 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
4216 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4217 MGMT_STATUS_INVALID_PARAMS);
4222 hci_blocked_keys_clear(hdev);
4224 for (i = 0; i < key_count; ++i) {
4225 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
4228 err = MGMT_STATUS_NO_RESOURCES;
4232 b->type = keys->keys[i].type;
4233 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
4234 list_add_rcu(&b->list, &hdev->blocked_keys);
4236 hci_dev_unlock(hdev);
4238 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4242 static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
4243 void *data, u16 len)
4245 struct mgmt_mode *cp = data;
4247 bool changed = false;
4249 bt_dev_dbg(hdev, "sock %p", sk);
4251 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
4252 return mgmt_cmd_status(sk, hdev->id,
4253 MGMT_OP_SET_WIDEBAND_SPEECH,
4254 MGMT_STATUS_NOT_SUPPORTED);
4256 if (cp->val != 0x00 && cp->val != 0x01)
4257 return mgmt_cmd_status(sk, hdev->id,
4258 MGMT_OP_SET_WIDEBAND_SPEECH,
4259 MGMT_STATUS_INVALID_PARAMS);
4263 if (hdev_is_powered(hdev) &&
4264 !!cp->val != hci_dev_test_flag(hdev,
4265 HCI_WIDEBAND_SPEECH_ENABLED)) {
4266 err = mgmt_cmd_status(sk, hdev->id,
4267 MGMT_OP_SET_WIDEBAND_SPEECH,
4268 MGMT_STATUS_REJECTED);
4273 changed = !hci_dev_test_and_set_flag(hdev,
4274 HCI_WIDEBAND_SPEECH_ENABLED);
4276 changed = hci_dev_test_and_clear_flag(hdev,
4277 HCI_WIDEBAND_SPEECH_ENABLED);
4279 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
4284 err = new_settings(hdev, sk);
4287 hci_dev_unlock(hdev);
4291 static int read_controller_cap(struct sock *sk, struct hci_dev *hdev,
4292 void *data, u16 data_len)
4295 struct mgmt_rp_read_controller_cap *rp = (void *)buf;
4298 u8 tx_power_range[2];
4300 bt_dev_dbg(hdev, "sock %p", sk);
4302 memset(&buf, 0, sizeof(buf));
4306 /* When the Read Simple Pairing Options command is supported, then
4307 * the remote public key validation is supported.
4309 * Alternatively, when Microsoft extensions are available, they can
4310 * indicate support for public key validation as well.
4312 if ((hdev->commands[41] & 0x08) || msft_curve_validity(hdev))
4313 flags |= 0x01; /* Remote public key validation (BR/EDR) */
4315 flags |= 0x02; /* Remote public key validation (LE) */
4317 /* When the Read Encryption Key Size command is supported, then the
4318 * encryption key size is enforced.
4320 if (hdev->commands[20] & 0x10)
4321 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
4323 flags |= 0x08; /* Encryption key size enforcement (LE) */
4325 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS,
4328 /* When the Read Simple Pairing Options command is supported, then
4329 * also max encryption key size information is provided.
4331 if (hdev->commands[41] & 0x08)
4332 cap_len = eir_append_le16(rp->cap, cap_len,
4333 MGMT_CAP_MAX_ENC_KEY_SIZE,
4334 hdev->max_enc_key_size);
4336 cap_len = eir_append_le16(rp->cap, cap_len,
4337 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE,
4338 SMP_MAX_ENC_KEY_SIZE);
4340 /* Append the min/max LE tx power parameters if we were able to fetch
4341 * it from the controller
4343 if (hdev->commands[38] & 0x80) {
4344 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1);
4345 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1);
4346 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR,
4350 rp->cap_len = cpu_to_le16(cap_len);
4352 hci_dev_unlock(hdev);
4354 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0,
4355 rp, sizeof(*rp) + cap_len);
4358 #ifdef CONFIG_BT_FEATURE_DEBUG
4359 /* d4992530-b9ec-469f-ab01-6c481c47da1c */
4360 static const u8 debug_uuid[16] = {
4361 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab,
4362 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4,
4366 /* 330859bc-7506-492d-9370-9a6f0614037f */
4367 static const u8 quality_report_uuid[16] = {
4368 0x7f, 0x03, 0x14, 0x06, 0x6f, 0x9a, 0x70, 0x93,
4369 0x2d, 0x49, 0x06, 0x75, 0xbc, 0x59, 0x08, 0x33,
4372 /* a6695ace-ee7f-4fb9-881a-5fac66c629af */
4373 static const u8 offload_codecs_uuid[16] = {
4374 0xaf, 0x29, 0xc6, 0x66, 0xac, 0x5f, 0x1a, 0x88,
4375 0xb9, 0x4f, 0x7f, 0xee, 0xce, 0x5a, 0x69, 0xa6,
4378 /* 671b10b5-42c0-4696-9227-eb28d1b049d6 */
4379 static const u8 le_simultaneous_roles_uuid[16] = {
4380 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92,
4381 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67,
4384 /* 15c0a148-c273-11ea-b3de-0242ac130004 */
4385 static const u8 rpa_resolution_uuid[16] = {
4386 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3,
4387 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15,
4390 /* 6fbaf188-05e0-496a-9885-d6ddfdb4e03e */
4391 static const u8 iso_socket_uuid[16] = {
4392 0x3e, 0xe0, 0xb4, 0xfd, 0xdd, 0xd6, 0x85, 0x98,
4393 0x6a, 0x49, 0xe0, 0x05, 0x88, 0xf1, 0xba, 0x6f,
4396 /* 2ce463d7-7a03-4d8d-bf05-5f24e8f36e76 */
4397 static const u8 mgmt_mesh_uuid[16] = {
4398 0x76, 0x6e, 0xf3, 0xe8, 0x24, 0x5f, 0x05, 0xbf,
4399 0x8d, 0x4d, 0x03, 0x7a, 0xd7, 0x63, 0xe4, 0x2c,
4402 static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
4403 void *data, u16 data_len)
4405 struct mgmt_rp_read_exp_features_info *rp;
4411 bt_dev_dbg(hdev, "sock %p", sk);
4413 /* Enough space for 7 features */
4414 len = sizeof(*rp) + (sizeof(rp->features[0]) * 7);
4415 rp = kzalloc(len, GFP_KERNEL);
4419 #ifdef CONFIG_BT_FEATURE_DEBUG
4421 flags = bt_dbg_get() ? BIT(0) : 0;
4423 memcpy(rp->features[idx].uuid, debug_uuid, 16);
4424 rp->features[idx].flags = cpu_to_le32(flags);
4429 if (hdev && hci_dev_le_state_simultaneous(hdev)) {
4430 if (hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES))
4435 memcpy(rp->features[idx].uuid, le_simultaneous_roles_uuid, 16);
4436 rp->features[idx].flags = cpu_to_le32(flags);
4440 if (hdev && ll_privacy_capable(hdev)) {
4441 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
4442 flags = BIT(0) | BIT(1);
4446 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16);
4447 rp->features[idx].flags = cpu_to_le32(flags);
4451 if (hdev && (aosp_has_quality_report(hdev) ||
4452 hdev->set_quality_report)) {
4453 if (hci_dev_test_flag(hdev, HCI_QUALITY_REPORT))
4458 memcpy(rp->features[idx].uuid, quality_report_uuid, 16);
4459 rp->features[idx].flags = cpu_to_le32(flags);
4463 if (hdev && hdev->get_data_path_id) {
4464 if (hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED))
4469 memcpy(rp->features[idx].uuid, offload_codecs_uuid, 16);
4470 rp->features[idx].flags = cpu_to_le32(flags);
4474 if (IS_ENABLED(CONFIG_BT_LE)) {
4475 flags = iso_enabled() ? BIT(0) : 0;
4476 memcpy(rp->features[idx].uuid, iso_socket_uuid, 16);
4477 rp->features[idx].flags = cpu_to_le32(flags);
4481 if (hdev && lmp_le_capable(hdev)) {
4482 if (hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
4487 memcpy(rp->features[idx].uuid, mgmt_mesh_uuid, 16);
4488 rp->features[idx].flags = cpu_to_le32(flags);
4492 rp->feature_count = cpu_to_le16(idx);
4494 /* After reading the experimental features information, enable
4495 * the events to update client on any future change.
4497 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4499 status = mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4500 MGMT_OP_READ_EXP_FEATURES_INFO,
4501 0, rp, sizeof(*rp) + (20 * idx));
4507 static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev,
4510 struct mgmt_ev_exp_feature_changed ev;
4512 memset(&ev, 0, sizeof(ev));
4513 memcpy(ev.uuid, rpa_resolution_uuid, 16);
4514 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1));
4516 // Do we need to be atomic with the conn_flags?
4517 if (enabled && privacy_mode_capable(hdev))
4518 hdev->conn_flags |= HCI_CONN_FLAG_DEVICE_PRIVACY;
4520 hdev->conn_flags &= ~HCI_CONN_FLAG_DEVICE_PRIVACY;
4522 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
4524 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4528 static int exp_feature_changed(struct hci_dev *hdev, const u8 *uuid,
4529 bool enabled, struct sock *skip)
4531 struct mgmt_ev_exp_feature_changed ev;
4533 memset(&ev, 0, sizeof(ev));
4534 memcpy(ev.uuid, uuid, 16);
4535 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
4537 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
4539 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4542 #define EXP_FEAT(_uuid, _set_func) \
4545 .set_func = _set_func, \
4548 /* The zero key uuid is special. Multiple exp features are set through it. */
4549 static int set_zero_key_func(struct sock *sk, struct hci_dev *hdev,
4550 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4552 struct mgmt_rp_set_exp_feature rp;
4554 memset(rp.uuid, 0, 16);
4555 rp.flags = cpu_to_le32(0);
4557 #ifdef CONFIG_BT_FEATURE_DEBUG
4559 bool changed = bt_dbg_get();
4564 exp_feature_changed(NULL, ZERO_KEY, false, sk);
4568 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) {
4571 changed = hci_dev_test_and_clear_flag(hdev,
4572 HCI_ENABLE_LL_PRIVACY);
4574 exp_feature_changed(hdev, rpa_resolution_uuid, false,
4578 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4580 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4581 MGMT_OP_SET_EXP_FEATURE, 0,
4585 #ifdef CONFIG_BT_FEATURE_DEBUG
4586 static int set_debug_func(struct sock *sk, struct hci_dev *hdev,
4587 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4589 struct mgmt_rp_set_exp_feature rp;
4594 /* Command requires to use the non-controller index */
4596 return mgmt_cmd_status(sk, hdev->id,
4597 MGMT_OP_SET_EXP_FEATURE,
4598 MGMT_STATUS_INVALID_INDEX);
4600 /* Parameters are limited to a single octet */
4601 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4602 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4603 MGMT_OP_SET_EXP_FEATURE,
4604 MGMT_STATUS_INVALID_PARAMS);
4606 /* Only boolean on/off is supported */
4607 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4608 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4609 MGMT_OP_SET_EXP_FEATURE,
4610 MGMT_STATUS_INVALID_PARAMS);
4612 val = !!cp->param[0];
4613 changed = val ? !bt_dbg_get() : bt_dbg_get();
4616 memcpy(rp.uuid, debug_uuid, 16);
4617 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4619 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4621 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4622 MGMT_OP_SET_EXP_FEATURE, 0,
4626 exp_feature_changed(hdev, debug_uuid, val, sk);
4632 static int set_mgmt_mesh_func(struct sock *sk, struct hci_dev *hdev,
4633 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4635 struct mgmt_rp_set_exp_feature rp;
4639 /* Command requires to use the controller index */
4641 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4642 MGMT_OP_SET_EXP_FEATURE,
4643 MGMT_STATUS_INVALID_INDEX);
4645 /* Parameters are limited to a single octet */
4646 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4647 return mgmt_cmd_status(sk, hdev->id,
4648 MGMT_OP_SET_EXP_FEATURE,
4649 MGMT_STATUS_INVALID_PARAMS);
4651 /* Only boolean on/off is supported */
4652 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4653 return mgmt_cmd_status(sk, hdev->id,
4654 MGMT_OP_SET_EXP_FEATURE,
4655 MGMT_STATUS_INVALID_PARAMS);
4657 val = !!cp->param[0];
4660 changed = !hci_dev_test_and_set_flag(hdev,
4661 HCI_MESH_EXPERIMENTAL);
4663 hci_dev_clear_flag(hdev, HCI_MESH);
4664 changed = hci_dev_test_and_clear_flag(hdev,
4665 HCI_MESH_EXPERIMENTAL);
4668 memcpy(rp.uuid, mgmt_mesh_uuid, 16);
4669 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4671 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4673 err = mgmt_cmd_complete(sk, hdev->id,
4674 MGMT_OP_SET_EXP_FEATURE, 0,
4678 exp_feature_changed(hdev, mgmt_mesh_uuid, val, sk);
4683 static int set_rpa_resolution_func(struct sock *sk, struct hci_dev *hdev,
4684 struct mgmt_cp_set_exp_feature *cp,
4687 struct mgmt_rp_set_exp_feature rp;
4692 /* Command requires to use the controller index */
4694 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4695 MGMT_OP_SET_EXP_FEATURE,
4696 MGMT_STATUS_INVALID_INDEX);
4698 /* Changes can only be made when controller is powered down */
4699 if (hdev_is_powered(hdev))
4700 return mgmt_cmd_status(sk, hdev->id,
4701 MGMT_OP_SET_EXP_FEATURE,
4702 MGMT_STATUS_REJECTED);
4704 /* Parameters are limited to a single octet */
4705 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4706 return mgmt_cmd_status(sk, hdev->id,
4707 MGMT_OP_SET_EXP_FEATURE,
4708 MGMT_STATUS_INVALID_PARAMS);
4710 /* Only boolean on/off is supported */
4711 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4712 return mgmt_cmd_status(sk, hdev->id,
4713 MGMT_OP_SET_EXP_FEATURE,
4714 MGMT_STATUS_INVALID_PARAMS);
4716 val = !!cp->param[0];
4719 changed = !hci_dev_test_and_set_flag(hdev,
4720 HCI_ENABLE_LL_PRIVACY);
4721 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4723 /* Enable LL privacy + supported settings changed */
4724 flags = BIT(0) | BIT(1);
4726 changed = hci_dev_test_and_clear_flag(hdev,
4727 HCI_ENABLE_LL_PRIVACY);
4729 /* Disable LL privacy + supported settings changed */
4733 memcpy(rp.uuid, rpa_resolution_uuid, 16);
4734 rp.flags = cpu_to_le32(flags);
4736 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4738 err = mgmt_cmd_complete(sk, hdev->id,
4739 MGMT_OP_SET_EXP_FEATURE, 0,
4743 exp_ll_privacy_feature_changed(val, hdev, sk);
4748 static int set_quality_report_func(struct sock *sk, struct hci_dev *hdev,
4749 struct mgmt_cp_set_exp_feature *cp,
4752 struct mgmt_rp_set_exp_feature rp;
4756 /* Command requires to use a valid controller index */
4758 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4759 MGMT_OP_SET_EXP_FEATURE,
4760 MGMT_STATUS_INVALID_INDEX);
4762 /* Parameters are limited to a single octet */
4763 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4764 return mgmt_cmd_status(sk, hdev->id,
4765 MGMT_OP_SET_EXP_FEATURE,
4766 MGMT_STATUS_INVALID_PARAMS);
4768 /* Only boolean on/off is supported */
4769 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4770 return mgmt_cmd_status(sk, hdev->id,
4771 MGMT_OP_SET_EXP_FEATURE,
4772 MGMT_STATUS_INVALID_PARAMS);
4774 hci_req_sync_lock(hdev);
4776 val = !!cp->param[0];
4777 changed = (val != hci_dev_test_flag(hdev, HCI_QUALITY_REPORT));
4779 if (!aosp_has_quality_report(hdev) && !hdev->set_quality_report) {
4780 err = mgmt_cmd_status(sk, hdev->id,
4781 MGMT_OP_SET_EXP_FEATURE,
4782 MGMT_STATUS_NOT_SUPPORTED);
4783 goto unlock_quality_report;
4787 if (hdev->set_quality_report)
4788 err = hdev->set_quality_report(hdev, val);
4790 err = aosp_set_quality_report(hdev, val);
4793 err = mgmt_cmd_status(sk, hdev->id,
4794 MGMT_OP_SET_EXP_FEATURE,
4795 MGMT_STATUS_FAILED);
4796 goto unlock_quality_report;
4800 hci_dev_set_flag(hdev, HCI_QUALITY_REPORT);
4802 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
4805 bt_dev_dbg(hdev, "quality report enable %d changed %d", val, changed);
4807 memcpy(rp.uuid, quality_report_uuid, 16);
4808 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4809 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4811 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_EXP_FEATURE, 0,
4815 exp_feature_changed(hdev, quality_report_uuid, val, sk);
4817 unlock_quality_report:
4818 hci_req_sync_unlock(hdev);
4822 static int set_offload_codec_func(struct sock *sk, struct hci_dev *hdev,
4823 struct mgmt_cp_set_exp_feature *cp,
4828 struct mgmt_rp_set_exp_feature rp;
4830 /* Command requires to use a valid controller index */
4832 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4833 MGMT_OP_SET_EXP_FEATURE,
4834 MGMT_STATUS_INVALID_INDEX);
4836 /* Parameters are limited to a single octet */
4837 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4838 return mgmt_cmd_status(sk, hdev->id,
4839 MGMT_OP_SET_EXP_FEATURE,
4840 MGMT_STATUS_INVALID_PARAMS);
4842 /* Only boolean on/off is supported */
4843 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4844 return mgmt_cmd_status(sk, hdev->id,
4845 MGMT_OP_SET_EXP_FEATURE,
4846 MGMT_STATUS_INVALID_PARAMS);
4848 val = !!cp->param[0];
4849 changed = (val != hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED));
4851 if (!hdev->get_data_path_id) {
4852 return mgmt_cmd_status(sk, hdev->id,
4853 MGMT_OP_SET_EXP_FEATURE,
4854 MGMT_STATUS_NOT_SUPPORTED);
4859 hci_dev_set_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4861 hci_dev_clear_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4864 bt_dev_info(hdev, "offload codecs enable %d changed %d",
4867 memcpy(rp.uuid, offload_codecs_uuid, 16);
4868 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4869 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4870 err = mgmt_cmd_complete(sk, hdev->id,
4871 MGMT_OP_SET_EXP_FEATURE, 0,
4875 exp_feature_changed(hdev, offload_codecs_uuid, val, sk);
4880 static int set_le_simultaneous_roles_func(struct sock *sk, struct hci_dev *hdev,
4881 struct mgmt_cp_set_exp_feature *cp,
4886 struct mgmt_rp_set_exp_feature rp;
4888 /* Command requires to use a valid controller index */
4890 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4891 MGMT_OP_SET_EXP_FEATURE,
4892 MGMT_STATUS_INVALID_INDEX);
4894 /* Parameters are limited to a single octet */
4895 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4896 return mgmt_cmd_status(sk, hdev->id,
4897 MGMT_OP_SET_EXP_FEATURE,
4898 MGMT_STATUS_INVALID_PARAMS);
4900 /* Only boolean on/off is supported */
4901 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4902 return mgmt_cmd_status(sk, hdev->id,
4903 MGMT_OP_SET_EXP_FEATURE,
4904 MGMT_STATUS_INVALID_PARAMS);
4906 val = !!cp->param[0];
4907 changed = (val != hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES));
4909 if (!hci_dev_le_state_simultaneous(hdev)) {
4910 return mgmt_cmd_status(sk, hdev->id,
4911 MGMT_OP_SET_EXP_FEATURE,
4912 MGMT_STATUS_NOT_SUPPORTED);
4917 hci_dev_set_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES);
4919 hci_dev_clear_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES);
4922 bt_dev_info(hdev, "LE simultaneous roles enable %d changed %d",
4925 memcpy(rp.uuid, le_simultaneous_roles_uuid, 16);
4926 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4927 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4928 err = mgmt_cmd_complete(sk, hdev->id,
4929 MGMT_OP_SET_EXP_FEATURE, 0,
4933 exp_feature_changed(hdev, le_simultaneous_roles_uuid, val, sk);
4939 static int set_iso_socket_func(struct sock *sk, struct hci_dev *hdev,
4940 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4942 struct mgmt_rp_set_exp_feature rp;
4943 bool val, changed = false;
4946 /* Command requires to use the non-controller index */
4948 return mgmt_cmd_status(sk, hdev->id,
4949 MGMT_OP_SET_EXP_FEATURE,
4950 MGMT_STATUS_INVALID_INDEX);
4952 /* Parameters are limited to a single octet */
4953 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4954 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4955 MGMT_OP_SET_EXP_FEATURE,
4956 MGMT_STATUS_INVALID_PARAMS);
4958 /* Only boolean on/off is supported */
4959 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4960 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4961 MGMT_OP_SET_EXP_FEATURE,
4962 MGMT_STATUS_INVALID_PARAMS);
4964 val = cp->param[0] ? true : false;
4973 memcpy(rp.uuid, iso_socket_uuid, 16);
4974 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4976 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4978 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4979 MGMT_OP_SET_EXP_FEATURE, 0,
4983 exp_feature_changed(hdev, iso_socket_uuid, val, sk);
4989 static const struct mgmt_exp_feature {
4991 int (*set_func)(struct sock *sk, struct hci_dev *hdev,
4992 struct mgmt_cp_set_exp_feature *cp, u16 data_len);
4993 } exp_features[] = {
4994 EXP_FEAT(ZERO_KEY, set_zero_key_func),
4995 #ifdef CONFIG_BT_FEATURE_DEBUG
4996 EXP_FEAT(debug_uuid, set_debug_func),
4998 EXP_FEAT(mgmt_mesh_uuid, set_mgmt_mesh_func),
4999 EXP_FEAT(rpa_resolution_uuid, set_rpa_resolution_func),
5000 EXP_FEAT(quality_report_uuid, set_quality_report_func),
5001 EXP_FEAT(offload_codecs_uuid, set_offload_codec_func),
5002 EXP_FEAT(le_simultaneous_roles_uuid, set_le_simultaneous_roles_func),
5004 EXP_FEAT(iso_socket_uuid, set_iso_socket_func),
5007 /* end with a null feature */
5008 EXP_FEAT(NULL, NULL)
5011 static int set_exp_feature(struct sock *sk, struct hci_dev *hdev,
5012 void *data, u16 data_len)
5014 struct mgmt_cp_set_exp_feature *cp = data;
5017 bt_dev_dbg(hdev, "sock %p", sk);
5019 for (i = 0; exp_features[i].uuid; i++) {
5020 if (!memcmp(cp->uuid, exp_features[i].uuid, 16))
5021 return exp_features[i].set_func(sk, hdev, cp, data_len);
5024 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
5025 MGMT_OP_SET_EXP_FEATURE,
5026 MGMT_STATUS_NOT_SUPPORTED);
5029 static u32 get_params_flags(struct hci_dev *hdev,
5030 struct hci_conn_params *params)
5032 u32 flags = hdev->conn_flags;
5034 /* Devices using RPAs can only be programmed in the acceptlist if
5035 * LL Privacy has been enable otherwise they cannot mark
5036 * HCI_CONN_FLAG_REMOTE_WAKEUP.
5038 if ((flags & HCI_CONN_FLAG_REMOTE_WAKEUP) && !use_ll_privacy(hdev) &&
5039 hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type))
5040 flags &= ~HCI_CONN_FLAG_REMOTE_WAKEUP;
5045 static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
5048 struct mgmt_cp_get_device_flags *cp = data;
5049 struct mgmt_rp_get_device_flags rp;
5050 struct bdaddr_list_with_flags *br_params;
5051 struct hci_conn_params *params;
5052 u32 supported_flags;
5053 u32 current_flags = 0;
5054 u8 status = MGMT_STATUS_INVALID_PARAMS;
5056 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n",
5057 &cp->addr.bdaddr, cp->addr.type);
5061 supported_flags = hdev->conn_flags;
5063 memset(&rp, 0, sizeof(rp));
5065 if (cp->addr.type == BDADDR_BREDR) {
5066 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
5072 current_flags = br_params->flags;
5074 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5075 le_addr_type(cp->addr.type));
5079 supported_flags = get_params_flags(hdev, params);
5080 current_flags = params->flags;
5083 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5084 rp.addr.type = cp->addr.type;
5085 rp.supported_flags = cpu_to_le32(supported_flags);
5086 rp.current_flags = cpu_to_le32(current_flags);
5088 status = MGMT_STATUS_SUCCESS;
5091 hci_dev_unlock(hdev);
5093 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status,
5097 static void device_flags_changed(struct sock *sk, struct hci_dev *hdev,
5098 bdaddr_t *bdaddr, u8 bdaddr_type,
5099 u32 supported_flags, u32 current_flags)
5101 struct mgmt_ev_device_flags_changed ev;
5103 bacpy(&ev.addr.bdaddr, bdaddr);
5104 ev.addr.type = bdaddr_type;
5105 ev.supported_flags = cpu_to_le32(supported_flags);
5106 ev.current_flags = cpu_to_le32(current_flags);
5108 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk);
5111 static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
5114 struct mgmt_cp_set_device_flags *cp = data;
5115 struct bdaddr_list_with_flags *br_params;
5116 struct hci_conn_params *params;
5117 u8 status = MGMT_STATUS_INVALID_PARAMS;
5118 u32 supported_flags;
5119 u32 current_flags = __le32_to_cpu(cp->current_flags);
5121 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x",
5122 &cp->addr.bdaddr, cp->addr.type, current_flags);
5124 // We should take hci_dev_lock() early, I think.. conn_flags can change
5125 supported_flags = hdev->conn_flags;
5127 if ((supported_flags | current_flags) != supported_flags) {
5128 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
5129 current_flags, supported_flags);
5135 if (cp->addr.type == BDADDR_BREDR) {
5136 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
5141 br_params->flags = current_flags;
5142 status = MGMT_STATUS_SUCCESS;
5144 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)",
5145 &cp->addr.bdaddr, cp->addr.type);
5151 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5152 le_addr_type(cp->addr.type));
5154 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)",
5155 &cp->addr.bdaddr, le_addr_type(cp->addr.type));
5159 supported_flags = get_params_flags(hdev, params);
5161 if ((supported_flags | current_flags) != supported_flags) {
5162 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
5163 current_flags, supported_flags);
5167 params->flags = current_flags;
5168 status = MGMT_STATUS_SUCCESS;
5170 /* Update passive scan if HCI_CONN_FLAG_DEVICE_PRIVACY
5173 if (params->flags & HCI_CONN_FLAG_DEVICE_PRIVACY)
5174 hci_update_passive_scan(hdev);
5177 hci_dev_unlock(hdev);
5180 if (status == MGMT_STATUS_SUCCESS)
5181 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
5182 supported_flags, current_flags);
5184 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status,
5185 &cp->addr, sizeof(cp->addr));
5188 static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev,
5191 struct mgmt_ev_adv_monitor_added ev;
5193 ev.monitor_handle = cpu_to_le16(handle);
5195 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk);
5198 void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle)
5200 struct mgmt_ev_adv_monitor_removed ev;
5201 struct mgmt_pending_cmd *cmd;
5202 struct sock *sk_skip = NULL;
5203 struct mgmt_cp_remove_adv_monitor *cp;
5205 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
5209 if (cp->monitor_handle)
5213 ev.monitor_handle = cpu_to_le16(handle);
5215 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip);
5218 static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
5219 void *data, u16 len)
5221 struct adv_monitor *monitor = NULL;
5222 struct mgmt_rp_read_adv_monitor_features *rp = NULL;
5225 __u32 supported = 0;
5227 __u16 num_handles = 0;
5228 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES];
5230 BT_DBG("request for %s", hdev->name);
5234 if (msft_monitor_supported(hdev))
5235 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS;
5237 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle)
5238 handles[num_handles++] = monitor->handle;
5240 hci_dev_unlock(hdev);
5242 rp_size = sizeof(*rp) + (num_handles * sizeof(u16));
5243 rp = kmalloc(rp_size, GFP_KERNEL);
5247 /* All supported features are currently enabled */
5248 enabled = supported;
5250 rp->supported_features = cpu_to_le32(supported);
5251 rp->enabled_features = cpu_to_le32(enabled);
5252 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES);
5253 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS;
5254 rp->num_handles = cpu_to_le16(num_handles);
5256 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
5258 err = mgmt_cmd_complete(sk, hdev->id,
5259 MGMT_OP_READ_ADV_MONITOR_FEATURES,
5260 MGMT_STATUS_SUCCESS, rp, rp_size);
5267 static void mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev,
5268 void *data, int status)
5270 struct mgmt_rp_add_adv_patterns_monitor rp;
5271 struct mgmt_pending_cmd *cmd = data;
5272 struct adv_monitor *monitor = cmd->user_data;
5276 rp.monitor_handle = cpu_to_le16(monitor->handle);
5279 mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle);
5280 hdev->adv_monitors_cnt++;
5281 if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED)
5282 monitor->state = ADV_MONITOR_STATE_REGISTERED;
5283 hci_update_passive_scan(hdev);
5286 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5287 mgmt_status(status), &rp, sizeof(rp));
5288 mgmt_pending_remove(cmd);
5290 hci_dev_unlock(hdev);
5291 bt_dev_dbg(hdev, "add monitor %d complete, status %d",
5292 rp.monitor_handle, status);
5295 static int mgmt_add_adv_patterns_monitor_sync(struct hci_dev *hdev, void *data)
5297 struct mgmt_pending_cmd *cmd = data;
5298 struct adv_monitor *monitor = cmd->user_data;
5300 return hci_add_adv_monitor(hdev, monitor);
5303 static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
5304 struct adv_monitor *m, u8 status,
5305 void *data, u16 len, u16 op)
5307 struct mgmt_pending_cmd *cmd;
5315 if (pending_find(MGMT_OP_SET_LE, hdev) ||
5316 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
5317 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) ||
5318 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) {
5319 status = MGMT_STATUS_BUSY;
5323 cmd = mgmt_pending_add(sk, op, hdev, data, len);
5325 status = MGMT_STATUS_NO_RESOURCES;
5330 err = hci_cmd_sync_queue(hdev, mgmt_add_adv_patterns_monitor_sync, cmd,
5331 mgmt_add_adv_patterns_monitor_complete);
5334 status = MGMT_STATUS_NO_RESOURCES;
5336 status = MGMT_STATUS_FAILED;
5341 hci_dev_unlock(hdev);
5346 hci_free_adv_monitor(hdev, m);
5347 hci_dev_unlock(hdev);
5348 return mgmt_cmd_status(sk, hdev->id, op, status);
5351 static void parse_adv_monitor_rssi(struct adv_monitor *m,
5352 struct mgmt_adv_rssi_thresholds *rssi)
5355 m->rssi.low_threshold = rssi->low_threshold;
5356 m->rssi.low_threshold_timeout =
5357 __le16_to_cpu(rssi->low_threshold_timeout);
5358 m->rssi.high_threshold = rssi->high_threshold;
5359 m->rssi.high_threshold_timeout =
5360 __le16_to_cpu(rssi->high_threshold_timeout);
5361 m->rssi.sampling_period = rssi->sampling_period;
5363 /* Default values. These numbers are the least constricting
5364 * parameters for MSFT API to work, so it behaves as if there
5365 * are no rssi parameter to consider. May need to be changed
5366 * if other API are to be supported.
5368 m->rssi.low_threshold = -127;
5369 m->rssi.low_threshold_timeout = 60;
5370 m->rssi.high_threshold = -127;
5371 m->rssi.high_threshold_timeout = 0;
5372 m->rssi.sampling_period = 0;
5376 static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count,
5377 struct mgmt_adv_pattern *patterns)
5379 u8 offset = 0, length = 0;
5380 struct adv_pattern *p = NULL;
5383 for (i = 0; i < pattern_count; i++) {
5384 offset = patterns[i].offset;
5385 length = patterns[i].length;
5386 if (offset >= HCI_MAX_AD_LENGTH ||
5387 length > HCI_MAX_AD_LENGTH ||
5388 (offset + length) > HCI_MAX_AD_LENGTH)
5389 return MGMT_STATUS_INVALID_PARAMS;
5391 p = kmalloc(sizeof(*p), GFP_KERNEL);
5393 return MGMT_STATUS_NO_RESOURCES;
5395 p->ad_type = patterns[i].ad_type;
5396 p->offset = patterns[i].offset;
5397 p->length = patterns[i].length;
5398 memcpy(p->value, patterns[i].value, p->length);
5400 INIT_LIST_HEAD(&p->list);
5401 list_add(&p->list, &m->patterns);
5404 return MGMT_STATUS_SUCCESS;
5407 static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
5408 void *data, u16 len)
5410 struct mgmt_cp_add_adv_patterns_monitor *cp = data;
5411 struct adv_monitor *m = NULL;
5412 u8 status = MGMT_STATUS_SUCCESS;
5413 size_t expected_size = sizeof(*cp);
5415 BT_DBG("request for %s", hdev->name);
5417 if (len <= sizeof(*cp)) {
5418 status = MGMT_STATUS_INVALID_PARAMS;
5422 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
5423 if (len != expected_size) {
5424 status = MGMT_STATUS_INVALID_PARAMS;
5428 m = kzalloc(sizeof(*m), GFP_KERNEL);
5430 status = MGMT_STATUS_NO_RESOURCES;
5434 INIT_LIST_HEAD(&m->patterns);
5436 parse_adv_monitor_rssi(m, NULL);
5437 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
5440 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
5441 MGMT_OP_ADD_ADV_PATTERNS_MONITOR);
5444 static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev,
5445 void *data, u16 len)
5447 struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data;
5448 struct adv_monitor *m = NULL;
5449 u8 status = MGMT_STATUS_SUCCESS;
5450 size_t expected_size = sizeof(*cp);
5452 BT_DBG("request for %s", hdev->name);
5454 if (len <= sizeof(*cp)) {
5455 status = MGMT_STATUS_INVALID_PARAMS;
5459 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
5460 if (len != expected_size) {
5461 status = MGMT_STATUS_INVALID_PARAMS;
5465 m = kzalloc(sizeof(*m), GFP_KERNEL);
5467 status = MGMT_STATUS_NO_RESOURCES;
5471 INIT_LIST_HEAD(&m->patterns);
5473 parse_adv_monitor_rssi(m, &cp->rssi);
5474 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
5477 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
5478 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI);
5481 static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev,
5482 void *data, int status)
5484 struct mgmt_rp_remove_adv_monitor rp;
5485 struct mgmt_pending_cmd *cmd = data;
5486 struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
5490 rp.monitor_handle = cp->monitor_handle;
5493 hci_update_passive_scan(hdev);
5495 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5496 mgmt_status(status), &rp, sizeof(rp));
5497 mgmt_pending_remove(cmd);
5499 hci_dev_unlock(hdev);
5500 bt_dev_dbg(hdev, "remove monitor %d complete, status %d",
5501 rp.monitor_handle, status);
5504 static int mgmt_remove_adv_monitor_sync(struct hci_dev *hdev, void *data)
5506 struct mgmt_pending_cmd *cmd = data;
5507 struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
5508 u16 handle = __le16_to_cpu(cp->monitor_handle);
5511 return hci_remove_all_adv_monitor(hdev);
5513 return hci_remove_single_adv_monitor(hdev, handle);
5516 static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev,
5517 void *data, u16 len)
5519 struct mgmt_pending_cmd *cmd;
5524 if (pending_find(MGMT_OP_SET_LE, hdev) ||
5525 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) ||
5526 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
5527 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) {
5528 status = MGMT_STATUS_BUSY;
5532 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len);
5534 status = MGMT_STATUS_NO_RESOURCES;
5538 err = hci_cmd_sync_queue(hdev, mgmt_remove_adv_monitor_sync, cmd,
5539 mgmt_remove_adv_monitor_complete);
5542 mgmt_pending_remove(cmd);
5545 status = MGMT_STATUS_NO_RESOURCES;
5547 status = MGMT_STATUS_FAILED;
5552 hci_dev_unlock(hdev);
5557 hci_dev_unlock(hdev);
5558 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
5562 static void read_local_oob_data_complete(struct hci_dev *hdev, void *data, int err)
5564 struct mgmt_rp_read_local_oob_data mgmt_rp;
5565 size_t rp_size = sizeof(mgmt_rp);
5566 struct mgmt_pending_cmd *cmd = data;
5567 struct sk_buff *skb = cmd->skb;
5568 u8 status = mgmt_status(err);
5572 status = MGMT_STATUS_FAILED;
5573 else if (IS_ERR(skb))
5574 status = mgmt_status(PTR_ERR(skb));
5576 status = mgmt_status(skb->data[0]);
5579 bt_dev_dbg(hdev, "status %d", status);
5582 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, status);
5586 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
5588 if (!bredr_sc_enabled(hdev)) {
5589 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
5591 if (skb->len < sizeof(*rp)) {
5592 mgmt_cmd_status(cmd->sk, hdev->id,
5593 MGMT_OP_READ_LOCAL_OOB_DATA,
5594 MGMT_STATUS_FAILED);
5598 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
5599 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
5601 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
5603 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
5605 if (skb->len < sizeof(*rp)) {
5606 mgmt_cmd_status(cmd->sk, hdev->id,
5607 MGMT_OP_READ_LOCAL_OOB_DATA,
5608 MGMT_STATUS_FAILED);
5612 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
5613 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
5615 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
5616 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
5619 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5620 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
5623 if (skb && !IS_ERR(skb))
5626 mgmt_pending_free(cmd);
5629 static int read_local_oob_data_sync(struct hci_dev *hdev, void *data)
5631 struct mgmt_pending_cmd *cmd = data;
5633 if (bredr_sc_enabled(hdev))
5634 cmd->skb = hci_read_local_oob_data_sync(hdev, true, cmd->sk);
5636 cmd->skb = hci_read_local_oob_data_sync(hdev, false, cmd->sk);
5638 if (IS_ERR(cmd->skb))
5639 return PTR_ERR(cmd->skb);
5644 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
5645 void *data, u16 data_len)
5647 struct mgmt_pending_cmd *cmd;
5650 bt_dev_dbg(hdev, "sock %p", sk);
5654 if (!hdev_is_powered(hdev)) {
5655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5656 MGMT_STATUS_NOT_POWERED);
5660 if (!lmp_ssp_capable(hdev)) {
5661 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5662 MGMT_STATUS_NOT_SUPPORTED);
5666 cmd = mgmt_pending_new(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
5670 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
5671 read_local_oob_data_complete);
5674 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5675 MGMT_STATUS_FAILED);
5678 mgmt_pending_free(cmd);
5682 hci_dev_unlock(hdev);
5686 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
5687 void *data, u16 len)
5689 struct mgmt_addr_info *addr = data;
5692 bt_dev_dbg(hdev, "sock %p", sk);
5694 if (!bdaddr_type_is_valid(addr->type))
5695 return mgmt_cmd_complete(sk, hdev->id,
5696 MGMT_OP_ADD_REMOTE_OOB_DATA,
5697 MGMT_STATUS_INVALID_PARAMS,
5698 addr, sizeof(*addr));
5702 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
5703 struct mgmt_cp_add_remote_oob_data *cp = data;
5706 if (cp->addr.type != BDADDR_BREDR) {
5707 err = mgmt_cmd_complete(sk, hdev->id,
5708 MGMT_OP_ADD_REMOTE_OOB_DATA,
5709 MGMT_STATUS_INVALID_PARAMS,
5710 &cp->addr, sizeof(cp->addr));
5714 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
5715 cp->addr.type, cp->hash,
5716 cp->rand, NULL, NULL);
5718 status = MGMT_STATUS_FAILED;
5720 status = MGMT_STATUS_SUCCESS;
5722 err = mgmt_cmd_complete(sk, hdev->id,
5723 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
5724 &cp->addr, sizeof(cp->addr));
5725 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
5726 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
5727 u8 *rand192, *hash192, *rand256, *hash256;
5730 if (bdaddr_type_is_le(cp->addr.type)) {
5731 /* Enforce zero-valued 192-bit parameters as
5732 * long as legacy SMP OOB isn't implemented.
5734 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
5735 memcmp(cp->hash192, ZERO_KEY, 16)) {
5736 err = mgmt_cmd_complete(sk, hdev->id,
5737 MGMT_OP_ADD_REMOTE_OOB_DATA,
5738 MGMT_STATUS_INVALID_PARAMS,
5739 addr, sizeof(*addr));
5746 /* In case one of the P-192 values is set to zero,
5747 * then just disable OOB data for P-192.
5749 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
5750 !memcmp(cp->hash192, ZERO_KEY, 16)) {
5754 rand192 = cp->rand192;
5755 hash192 = cp->hash192;
5759 /* In case one of the P-256 values is set to zero, then just
5760 * disable OOB data for P-256.
5762 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
5763 !memcmp(cp->hash256, ZERO_KEY, 16)) {
5767 rand256 = cp->rand256;
5768 hash256 = cp->hash256;
5771 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
5772 cp->addr.type, hash192, rand192,
5775 status = MGMT_STATUS_FAILED;
5777 status = MGMT_STATUS_SUCCESS;
5779 err = mgmt_cmd_complete(sk, hdev->id,
5780 MGMT_OP_ADD_REMOTE_OOB_DATA,
5781 status, &cp->addr, sizeof(cp->addr));
5783 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
5785 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
5786 MGMT_STATUS_INVALID_PARAMS);
5790 hci_dev_unlock(hdev);
5794 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
5795 void *data, u16 len)
5797 struct mgmt_cp_remove_remote_oob_data *cp = data;
5801 bt_dev_dbg(hdev, "sock %p", sk);
5803 if (cp->addr.type != BDADDR_BREDR)
5804 return mgmt_cmd_complete(sk, hdev->id,
5805 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5806 MGMT_STATUS_INVALID_PARAMS,
5807 &cp->addr, sizeof(cp->addr));
5811 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5812 hci_remote_oob_data_clear(hdev);
5813 status = MGMT_STATUS_SUCCESS;
5817 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
5819 status = MGMT_STATUS_INVALID_PARAMS;
5821 status = MGMT_STATUS_SUCCESS;
5824 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5825 status, &cp->addr, sizeof(cp->addr));
5827 hci_dev_unlock(hdev);
5831 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
5833 struct mgmt_pending_cmd *cmd;
5835 bt_dev_dbg(hdev, "status %u", status);
5839 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
5841 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
5844 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
5847 cmd->cmd_complete(cmd, mgmt_status(status));
5848 mgmt_pending_remove(cmd);
5851 hci_dev_unlock(hdev);
5854 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
5855 uint8_t *mgmt_status)
5858 case DISCOV_TYPE_LE:
5859 *mgmt_status = mgmt_le_support(hdev);
5863 case DISCOV_TYPE_INTERLEAVED:
5864 *mgmt_status = mgmt_le_support(hdev);
5868 case DISCOV_TYPE_BREDR:
5869 *mgmt_status = mgmt_bredr_support(hdev);
5874 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
5881 static void start_discovery_complete(struct hci_dev *hdev, void *data, int err)
5883 struct mgmt_pending_cmd *cmd = data;
5885 if (cmd != pending_find(MGMT_OP_START_DISCOVERY, hdev) &&
5886 cmd != pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev) &&
5887 cmd != pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev))
5890 bt_dev_dbg(hdev, "err %d", err);
5892 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
5894 mgmt_pending_remove(cmd);
5896 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED:
5900 static int start_discovery_sync(struct hci_dev *hdev, void *data)
5902 return hci_start_discovery_sync(hdev);
5905 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
5906 u16 op, void *data, u16 len)
5908 struct mgmt_cp_start_discovery *cp = data;
5909 struct mgmt_pending_cmd *cmd;
5913 bt_dev_dbg(hdev, "sock %p", sk);
5917 if (!hdev_is_powered(hdev)) {
5918 err = mgmt_cmd_complete(sk, hdev->id, op,
5919 MGMT_STATUS_NOT_POWERED,
5920 &cp->type, sizeof(cp->type));
5924 if (hdev->discovery.state != DISCOVERY_STOPPED ||
5925 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
5926 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5927 &cp->type, sizeof(cp->type));
5931 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
5932 err = mgmt_cmd_complete(sk, hdev->id, op, status,
5933 &cp->type, sizeof(cp->type));
5937 /* Can't start discovery when it is paused */
5938 if (hdev->discovery_paused) {
5939 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5940 &cp->type, sizeof(cp->type));
5944 /* Clear the discovery filter first to free any previously
5945 * allocated memory for the UUID list.
5947 hci_discovery_filter_clear(hdev);
5949 hdev->discovery.type = cp->type;
5950 hdev->discovery.report_invalid_rssi = false;
5951 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
5952 hdev->discovery.limited = true;
5954 hdev->discovery.limited = false;
5956 cmd = mgmt_pending_add(sk, op, hdev, data, len);
5962 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
5963 start_discovery_complete);
5965 mgmt_pending_remove(cmd);
5969 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
5972 hci_dev_unlock(hdev);
5976 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
5977 void *data, u16 len)
5979 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
5983 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
5984 void *data, u16 len)
5986 return start_discovery_internal(sk, hdev,
5987 MGMT_OP_START_LIMITED_DISCOVERY,
5991 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
5992 void *data, u16 len)
5994 struct mgmt_cp_start_service_discovery *cp = data;
5995 struct mgmt_pending_cmd *cmd;
5996 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
5997 u16 uuid_count, expected_len;
6001 bt_dev_dbg(hdev, "sock %p", sk);
6005 if (!hdev_is_powered(hdev)) {
6006 err = mgmt_cmd_complete(sk, hdev->id,
6007 MGMT_OP_START_SERVICE_DISCOVERY,
6008 MGMT_STATUS_NOT_POWERED,
6009 &cp->type, sizeof(cp->type));
6013 if (hdev->discovery.state != DISCOVERY_STOPPED ||
6014 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
6015 err = mgmt_cmd_complete(sk, hdev->id,
6016 MGMT_OP_START_SERVICE_DISCOVERY,
6017 MGMT_STATUS_BUSY, &cp->type,
6022 if (hdev->discovery_paused) {
6023 err = mgmt_cmd_complete(sk, hdev->id,
6024 MGMT_OP_START_SERVICE_DISCOVERY,
6025 MGMT_STATUS_BUSY, &cp->type,
6030 uuid_count = __le16_to_cpu(cp->uuid_count);
6031 if (uuid_count > max_uuid_count) {
6032 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
6034 err = mgmt_cmd_complete(sk, hdev->id,
6035 MGMT_OP_START_SERVICE_DISCOVERY,
6036 MGMT_STATUS_INVALID_PARAMS, &cp->type,
6041 expected_len = sizeof(*cp) + uuid_count * 16;
6042 if (expected_len != len) {
6043 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
6045 err = mgmt_cmd_complete(sk, hdev->id,
6046 MGMT_OP_START_SERVICE_DISCOVERY,
6047 MGMT_STATUS_INVALID_PARAMS, &cp->type,
6052 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
6053 err = mgmt_cmd_complete(sk, hdev->id,
6054 MGMT_OP_START_SERVICE_DISCOVERY,
6055 status, &cp->type, sizeof(cp->type));
6059 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
6066 /* Clear the discovery filter first to free any previously
6067 * allocated memory for the UUID list.
6069 hci_discovery_filter_clear(hdev);
6071 hdev->discovery.result_filtering = true;
6072 hdev->discovery.type = cp->type;
6073 hdev->discovery.rssi = cp->rssi;
6074 hdev->discovery.uuid_count = uuid_count;
6076 if (uuid_count > 0) {
6077 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
6079 if (!hdev->discovery.uuids) {
6080 err = mgmt_cmd_complete(sk, hdev->id,
6081 MGMT_OP_START_SERVICE_DISCOVERY,
6083 &cp->type, sizeof(cp->type));
6084 mgmt_pending_remove(cmd);
6089 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
6090 start_discovery_complete);
6092 mgmt_pending_remove(cmd);
6096 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
6099 hci_dev_unlock(hdev);
6103 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
6105 struct mgmt_pending_cmd *cmd;
6107 bt_dev_dbg(hdev, "status %u", status);
6111 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
6113 cmd->cmd_complete(cmd, mgmt_status(status));
6114 mgmt_pending_remove(cmd);
6117 hci_dev_unlock(hdev);
6120 static void stop_discovery_complete(struct hci_dev *hdev, void *data, int err)
6122 struct mgmt_pending_cmd *cmd = data;
6124 if (cmd != pending_find(MGMT_OP_STOP_DISCOVERY, hdev))
6127 bt_dev_dbg(hdev, "err %d", err);
6129 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
6131 mgmt_pending_remove(cmd);
6134 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
6137 static int stop_discovery_sync(struct hci_dev *hdev, void *data)
6139 return hci_stop_discovery_sync(hdev);
6142 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
6145 struct mgmt_cp_stop_discovery *mgmt_cp = data;
6146 struct mgmt_pending_cmd *cmd;
6149 bt_dev_dbg(hdev, "sock %p", sk);
6153 if (!hci_discovery_active(hdev)) {
6154 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
6155 MGMT_STATUS_REJECTED, &mgmt_cp->type,
6156 sizeof(mgmt_cp->type));
6160 if (hdev->discovery.type != mgmt_cp->type) {
6161 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
6162 MGMT_STATUS_INVALID_PARAMS,
6163 &mgmt_cp->type, sizeof(mgmt_cp->type));
6167 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
6173 err = hci_cmd_sync_queue(hdev, stop_discovery_sync, cmd,
6174 stop_discovery_complete);
6176 mgmt_pending_remove(cmd);
6180 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
6183 hci_dev_unlock(hdev);
6187 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
6190 struct mgmt_cp_confirm_name *cp = data;
6191 struct inquiry_entry *e;
6194 bt_dev_dbg(hdev, "sock %p", sk);
6198 if (!hci_discovery_active(hdev)) {
6199 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
6200 MGMT_STATUS_FAILED, &cp->addr,
6205 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
6207 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
6208 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
6213 if (cp->name_known) {
6214 e->name_state = NAME_KNOWN;
6217 e->name_state = NAME_NEEDED;
6218 hci_inquiry_cache_update_resolve(hdev, e);
6221 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
6222 &cp->addr, sizeof(cp->addr));
6225 hci_dev_unlock(hdev);
6229 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
6232 struct mgmt_cp_block_device *cp = data;
6236 bt_dev_dbg(hdev, "sock %p", sk);
6238 if (!bdaddr_type_is_valid(cp->addr.type))
6239 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
6240 MGMT_STATUS_INVALID_PARAMS,
6241 &cp->addr, sizeof(cp->addr));
6245 err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr,
6248 status = MGMT_STATUS_FAILED;
6252 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
6254 status = MGMT_STATUS_SUCCESS;
6257 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
6258 &cp->addr, sizeof(cp->addr));
6260 hci_dev_unlock(hdev);
6265 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
6268 struct mgmt_cp_unblock_device *cp = data;
6272 bt_dev_dbg(hdev, "sock %p", sk);
6274 if (!bdaddr_type_is_valid(cp->addr.type))
6275 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
6276 MGMT_STATUS_INVALID_PARAMS,
6277 &cp->addr, sizeof(cp->addr));
6281 err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr,
6284 status = MGMT_STATUS_INVALID_PARAMS;
6288 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
6290 status = MGMT_STATUS_SUCCESS;
6293 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
6294 &cp->addr, sizeof(cp->addr));
6296 hci_dev_unlock(hdev);
6301 static int set_device_id_sync(struct hci_dev *hdev, void *data)
6303 return hci_update_eir_sync(hdev);
6306 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
6309 struct mgmt_cp_set_device_id *cp = data;
6313 bt_dev_dbg(hdev, "sock %p", sk);
6315 source = __le16_to_cpu(cp->source);
6317 if (source > 0x0002)
6318 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
6319 MGMT_STATUS_INVALID_PARAMS);
6323 hdev->devid_source = source;
6324 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
6325 hdev->devid_product = __le16_to_cpu(cp->product);
6326 hdev->devid_version = __le16_to_cpu(cp->version);
6328 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
6331 hci_cmd_sync_queue(hdev, set_device_id_sync, NULL, NULL);
6333 hci_dev_unlock(hdev);
6338 static void enable_advertising_instance(struct hci_dev *hdev, int err)
6341 bt_dev_err(hdev, "failed to re-configure advertising %d", err);
6343 bt_dev_dbg(hdev, "status %d", err);
6346 static void set_advertising_complete(struct hci_dev *hdev, void *data, int err)
6348 struct cmd_lookup match = { NULL, hdev };
6350 struct adv_info *adv_instance;
6351 u8 status = mgmt_status(err);
6354 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
6355 cmd_status_rsp, &status);
6359 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
6360 hci_dev_set_flag(hdev, HCI_ADVERTISING);
6362 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
6364 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
6367 new_settings(hdev, match.sk);
6372 /* If "Set Advertising" was just disabled and instance advertising was
6373 * set up earlier, then re-enable multi-instance advertising.
6375 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6376 list_empty(&hdev->adv_instances))
6379 instance = hdev->cur_adv_instance;
6381 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
6382 struct adv_info, list);
6386 instance = adv_instance->instance;
6389 err = hci_schedule_adv_instance_sync(hdev, instance, true);
6391 enable_advertising_instance(hdev, err);
6394 static int set_adv_sync(struct hci_dev *hdev, void *data)
6396 struct mgmt_pending_cmd *cmd = data;
6397 struct mgmt_mode *cp = cmd->param;
6400 if (cp->val == 0x02)
6401 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6403 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6405 cancel_adv_timeout(hdev);
6408 /* Switch to instance "0" for the Set Advertising setting.
6409 * We cannot use update_[adv|scan_rsp]_data() here as the
6410 * HCI_ADVERTISING flag is not yet set.
6412 hdev->cur_adv_instance = 0x00;
6414 if (ext_adv_capable(hdev)) {
6415 hci_start_ext_adv_sync(hdev, 0x00);
6417 hci_update_adv_data_sync(hdev, 0x00);
6418 hci_update_scan_rsp_data_sync(hdev, 0x00);
6419 hci_enable_advertising_sync(hdev);
6422 hci_disable_advertising_sync(hdev);
6428 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
6431 struct mgmt_mode *cp = data;
6432 struct mgmt_pending_cmd *cmd;
6436 bt_dev_dbg(hdev, "sock %p", sk);
6438 status = mgmt_le_support(hdev);
6440 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6443 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6444 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6445 MGMT_STATUS_INVALID_PARAMS);
6447 if (hdev->advertising_paused)
6448 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6455 /* The following conditions are ones which mean that we should
6456 * not do any HCI communication but directly send a mgmt
6457 * response to user space (after toggling the flag if
6460 if (!hdev_is_powered(hdev) ||
6461 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
6462 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
6463 hci_dev_test_flag(hdev, HCI_MESH) ||
6464 hci_conn_num(hdev, LE_LINK) > 0 ||
6465 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
6466 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
6470 hdev->cur_adv_instance = 0x00;
6471 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
6472 if (cp->val == 0x02)
6473 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6475 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6477 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
6478 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6481 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
6486 err = new_settings(hdev, sk);
6491 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
6492 pending_find(MGMT_OP_SET_LE, hdev)) {
6493 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6498 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
6502 err = hci_cmd_sync_queue(hdev, set_adv_sync, cmd,
6503 set_advertising_complete);
6506 mgmt_pending_remove(cmd);
6509 hci_dev_unlock(hdev);
6513 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
6514 void *data, u16 len)
6516 struct mgmt_cp_set_static_address *cp = data;
6519 bt_dev_dbg(hdev, "sock %p", sk);
6521 if (!lmp_le_capable(hdev))
6522 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
6523 MGMT_STATUS_NOT_SUPPORTED);
6525 if (hdev_is_powered(hdev))
6526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
6527 MGMT_STATUS_REJECTED);
6529 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
6530 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
6531 return mgmt_cmd_status(sk, hdev->id,
6532 MGMT_OP_SET_STATIC_ADDRESS,
6533 MGMT_STATUS_INVALID_PARAMS);
6535 /* Two most significant bits shall be set */
6536 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
6537 return mgmt_cmd_status(sk, hdev->id,
6538 MGMT_OP_SET_STATIC_ADDRESS,
6539 MGMT_STATUS_INVALID_PARAMS);
6544 bacpy(&hdev->static_addr, &cp->bdaddr);
6546 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
6550 err = new_settings(hdev, sk);
6553 hci_dev_unlock(hdev);
6557 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
6558 void *data, u16 len)
6560 struct mgmt_cp_set_scan_params *cp = data;
6561 __u16 interval, window;
6564 bt_dev_dbg(hdev, "sock %p", sk);
6566 if (!lmp_le_capable(hdev))
6567 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6568 MGMT_STATUS_NOT_SUPPORTED);
6570 interval = __le16_to_cpu(cp->interval);
6572 if (interval < 0x0004 || interval > 0x4000)
6573 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6574 MGMT_STATUS_INVALID_PARAMS);
6576 window = __le16_to_cpu(cp->window);
6578 if (window < 0x0004 || window > 0x4000)
6579 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6580 MGMT_STATUS_INVALID_PARAMS);
6582 if (window > interval)
6583 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6584 MGMT_STATUS_INVALID_PARAMS);
6588 hdev->le_scan_interval = interval;
6589 hdev->le_scan_window = window;
6591 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
6594 /* If background scan is running, restart it so new parameters are
6597 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
6598 hdev->discovery.state == DISCOVERY_STOPPED)
6599 hci_update_passive_scan(hdev);
6601 hci_dev_unlock(hdev);
6606 static void fast_connectable_complete(struct hci_dev *hdev, void *data, int err)
6608 struct mgmt_pending_cmd *cmd = data;
6610 bt_dev_dbg(hdev, "err %d", err);
6613 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
6616 struct mgmt_mode *cp = cmd->param;
6619 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
6621 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
6623 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6624 new_settings(hdev, cmd->sk);
6627 mgmt_pending_free(cmd);
6630 static int write_fast_connectable_sync(struct hci_dev *hdev, void *data)
6632 struct mgmt_pending_cmd *cmd = data;
6633 struct mgmt_mode *cp = cmd->param;
6635 return hci_write_fast_connectable_sync(hdev, cp->val);
6638 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
6639 void *data, u16 len)
6641 struct mgmt_mode *cp = data;
6642 struct mgmt_pending_cmd *cmd;
6645 bt_dev_dbg(hdev, "sock %p", sk);
6647 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
6648 hdev->hci_ver < BLUETOOTH_VER_1_2)
6649 return mgmt_cmd_status(sk, hdev->id,
6650 MGMT_OP_SET_FAST_CONNECTABLE,
6651 MGMT_STATUS_NOT_SUPPORTED);
6653 if (cp->val != 0x00 && cp->val != 0x01)
6654 return mgmt_cmd_status(sk, hdev->id,
6655 MGMT_OP_SET_FAST_CONNECTABLE,
6656 MGMT_STATUS_INVALID_PARAMS);
6660 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
6661 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6665 if (!hdev_is_powered(hdev)) {
6666 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
6667 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6668 new_settings(hdev, sk);
6672 cmd = mgmt_pending_new(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, data,
6677 err = hci_cmd_sync_queue(hdev, write_fast_connectable_sync, cmd,
6678 fast_connectable_complete);
6681 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
6682 MGMT_STATUS_FAILED);
6685 mgmt_pending_free(cmd);
6689 hci_dev_unlock(hdev);
6694 static void set_bredr_complete(struct hci_dev *hdev, void *data, int err)
6696 struct mgmt_pending_cmd *cmd = data;
6698 bt_dev_dbg(hdev, "err %d", err);
6701 u8 mgmt_err = mgmt_status(err);
6703 /* We need to restore the flag if related HCI commands
6706 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
6708 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
6710 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
6711 new_settings(hdev, cmd->sk);
6714 mgmt_pending_free(cmd);
6717 static int set_bredr_sync(struct hci_dev *hdev, void *data)
6721 status = hci_write_fast_connectable_sync(hdev, false);
6724 status = hci_update_scan_sync(hdev);
6726 /* Since only the advertising data flags will change, there
6727 * is no need to update the scan response data.
6730 status = hci_update_adv_data_sync(hdev, hdev->cur_adv_instance);
6735 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6737 struct mgmt_mode *cp = data;
6738 struct mgmt_pending_cmd *cmd;
6741 bt_dev_dbg(hdev, "sock %p", sk);
6743 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
6744 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6745 MGMT_STATUS_NOT_SUPPORTED);
6747 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
6748 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6749 MGMT_STATUS_REJECTED);
6751 if (cp->val != 0x00 && cp->val != 0x01)
6752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6753 MGMT_STATUS_INVALID_PARAMS);
6757 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
6758 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6762 if (!hdev_is_powered(hdev)) {
6764 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
6765 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
6766 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
6767 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
6768 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
6771 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
6773 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6777 err = new_settings(hdev, sk);
6781 /* Reject disabling when powered on */
6783 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6784 MGMT_STATUS_REJECTED);
6787 /* When configuring a dual-mode controller to operate
6788 * with LE only and using a static address, then switching
6789 * BR/EDR back on is not allowed.
6791 * Dual-mode controllers shall operate with the public
6792 * address as its identity address for BR/EDR and LE. So
6793 * reject the attempt to create an invalid configuration.
6795 * The same restrictions applies when secure connections
6796 * has been enabled. For BR/EDR this is a controller feature
6797 * while for LE it is a host stack feature. This means that
6798 * switching BR/EDR back on when secure connections has been
6799 * enabled is not a supported transaction.
6801 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6802 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
6803 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
6804 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6805 MGMT_STATUS_REJECTED);
6810 cmd = mgmt_pending_new(sk, MGMT_OP_SET_BREDR, hdev, data, len);
6814 err = hci_cmd_sync_queue(hdev, set_bredr_sync, cmd,
6815 set_bredr_complete);
6818 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6819 MGMT_STATUS_FAILED);
6821 mgmt_pending_free(cmd);
6826 /* We need to flip the bit already here so that
6827 * hci_req_update_adv_data generates the correct flags.
6829 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
6832 hci_dev_unlock(hdev);
6836 static void set_secure_conn_complete(struct hci_dev *hdev, void *data, int err)
6838 struct mgmt_pending_cmd *cmd = data;
6839 struct mgmt_mode *cp;
6841 bt_dev_dbg(hdev, "err %d", err);
6844 u8 mgmt_err = mgmt_status(err);
6846 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
6854 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
6855 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6858 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6859 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6862 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6863 hci_dev_set_flag(hdev, HCI_SC_ONLY);
6867 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
6868 new_settings(hdev, cmd->sk);
6871 mgmt_pending_free(cmd);
6874 static int set_secure_conn_sync(struct hci_dev *hdev, void *data)
6876 struct mgmt_pending_cmd *cmd = data;
6877 struct mgmt_mode *cp = cmd->param;
6880 /* Force write of val */
6881 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6883 return hci_write_sc_support_sync(hdev, val);
6886 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
6887 void *data, u16 len)
6889 struct mgmt_mode *cp = data;
6890 struct mgmt_pending_cmd *cmd;
6894 bt_dev_dbg(hdev, "sock %p", sk);
6896 if (!lmp_sc_capable(hdev) &&
6897 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
6898 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6899 MGMT_STATUS_NOT_SUPPORTED);
6901 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6902 lmp_sc_capable(hdev) &&
6903 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
6904 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6905 MGMT_STATUS_REJECTED);
6907 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6908 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6909 MGMT_STATUS_INVALID_PARAMS);
6913 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
6914 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
6918 changed = !hci_dev_test_and_set_flag(hdev,
6920 if (cp->val == 0x02)
6921 hci_dev_set_flag(hdev, HCI_SC_ONLY);
6923 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6925 changed = hci_dev_test_and_clear_flag(hdev,
6927 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6930 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6935 err = new_settings(hdev, sk);
6942 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6943 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6944 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6948 cmd = mgmt_pending_new(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
6952 err = hci_cmd_sync_queue(hdev, set_secure_conn_sync, cmd,
6953 set_secure_conn_complete);
6956 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6957 MGMT_STATUS_FAILED);
6959 mgmt_pending_free(cmd);
6963 hci_dev_unlock(hdev);
6967 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
6968 void *data, u16 len)
6970 struct mgmt_mode *cp = data;
6971 bool changed, use_changed;
6974 bt_dev_dbg(hdev, "sock %p", sk);
6976 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6977 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
6978 MGMT_STATUS_INVALID_PARAMS);
6983 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
6985 changed = hci_dev_test_and_clear_flag(hdev,
6986 HCI_KEEP_DEBUG_KEYS);
6988 if (cp->val == 0x02)
6989 use_changed = !hci_dev_test_and_set_flag(hdev,
6990 HCI_USE_DEBUG_KEYS);
6992 use_changed = hci_dev_test_and_clear_flag(hdev,
6993 HCI_USE_DEBUG_KEYS);
6995 if (hdev_is_powered(hdev) && use_changed &&
6996 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6997 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
6998 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
6999 sizeof(mode), &mode);
7002 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
7007 err = new_settings(hdev, sk);
7010 hci_dev_unlock(hdev);
7014 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
7017 struct mgmt_cp_set_privacy *cp = cp_data;
7021 bt_dev_dbg(hdev, "sock %p", sk);
7023 if (!lmp_le_capable(hdev))
7024 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7025 MGMT_STATUS_NOT_SUPPORTED);
7027 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
7028 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7029 MGMT_STATUS_INVALID_PARAMS);
7031 if (hdev_is_powered(hdev))
7032 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7033 MGMT_STATUS_REJECTED);
7037 /* If user space supports this command it is also expected to
7038 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
7040 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
7043 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
7044 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
7045 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
7046 hci_adv_instances_set_rpa_expired(hdev, true);
7047 if (cp->privacy == 0x02)
7048 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
7050 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
7052 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
7053 memset(hdev->irk, 0, sizeof(hdev->irk));
7054 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
7055 hci_adv_instances_set_rpa_expired(hdev, false);
7056 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
7059 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
7064 err = new_settings(hdev, sk);
7067 hci_dev_unlock(hdev);
7071 static bool irk_is_valid(struct mgmt_irk_info *irk)
7073 switch (irk->addr.type) {
7074 case BDADDR_LE_PUBLIC:
7077 case BDADDR_LE_RANDOM:
7078 /* Two most significant bits shall be set */
7079 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
7087 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
7090 struct mgmt_cp_load_irks *cp = cp_data;
7091 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
7092 sizeof(struct mgmt_irk_info));
7093 u16 irk_count, expected_len;
7096 bt_dev_dbg(hdev, "sock %p", sk);
7098 if (!lmp_le_capable(hdev))
7099 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7100 MGMT_STATUS_NOT_SUPPORTED);
7102 irk_count = __le16_to_cpu(cp->irk_count);
7103 if (irk_count > max_irk_count) {
7104 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
7106 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7107 MGMT_STATUS_INVALID_PARAMS);
7110 expected_len = struct_size(cp, irks, irk_count);
7111 if (expected_len != len) {
7112 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
7114 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7115 MGMT_STATUS_INVALID_PARAMS);
7118 bt_dev_dbg(hdev, "irk_count %u", irk_count);
7120 for (i = 0; i < irk_count; i++) {
7121 struct mgmt_irk_info *key = &cp->irks[i];
7123 if (!irk_is_valid(key))
7124 return mgmt_cmd_status(sk, hdev->id,
7126 MGMT_STATUS_INVALID_PARAMS);
7131 hci_smp_irks_clear(hdev);
7133 for (i = 0; i < irk_count; i++) {
7134 struct mgmt_irk_info *irk = &cp->irks[i];
7136 if (hci_is_blocked_key(hdev,
7137 HCI_BLOCKED_KEY_TYPE_IRK,
7139 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
7144 hci_add_irk(hdev, &irk->addr.bdaddr,
7145 le_addr_type(irk->addr.type), irk->val,
7149 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
7151 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
7153 hci_dev_unlock(hdev);
7159 static int set_advertising_params(struct sock *sk, struct hci_dev *hdev,
7160 void *data, u16 len)
7162 struct mgmt_cp_set_advertising_params *cp = data;
7167 BT_DBG("%s", hdev->name);
7169 if (!lmp_le_capable(hdev))
7170 return mgmt_cmd_status(sk, hdev->id,
7171 MGMT_OP_SET_ADVERTISING_PARAMS,
7172 MGMT_STATUS_NOT_SUPPORTED);
7174 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7175 return mgmt_cmd_status(sk, hdev->id,
7176 MGMT_OP_SET_ADVERTISING_PARAMS,
7179 min_interval = __le16_to_cpu(cp->interval_min);
7180 max_interval = __le16_to_cpu(cp->interval_max);
7182 if (min_interval > max_interval ||
7183 min_interval < 0x0020 || max_interval > 0x4000)
7184 return mgmt_cmd_status(sk, hdev->id,
7185 MGMT_OP_SET_ADVERTISING_PARAMS,
7186 MGMT_STATUS_INVALID_PARAMS);
7190 hdev->le_adv_min_interval = min_interval;
7191 hdev->le_adv_max_interval = max_interval;
7192 hdev->adv_filter_policy = cp->filter_policy;
7193 hdev->adv_type = cp->type;
7195 err = mgmt_cmd_complete(sk, hdev->id,
7196 MGMT_OP_SET_ADVERTISING_PARAMS, 0, NULL, 0);
7198 hci_dev_unlock(hdev);
7203 static void set_advertising_data_complete(struct hci_dev *hdev,
7204 u8 status, u16 opcode)
7206 struct mgmt_cp_set_advertising_data *cp;
7207 struct mgmt_pending_cmd *cmd;
7209 BT_DBG("status 0x%02x", status);
7213 cmd = pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev);
7220 mgmt_cmd_status(cmd->sk, hdev->id,
7221 MGMT_OP_SET_ADVERTISING_DATA,
7222 mgmt_status(status));
7224 mgmt_cmd_complete(cmd->sk, hdev->id,
7225 MGMT_OP_SET_ADVERTISING_DATA, 0,
7228 mgmt_pending_remove(cmd);
7231 hci_dev_unlock(hdev);
7234 static int set_advertising_data(struct sock *sk, struct hci_dev *hdev,
7235 void *data, u16 len)
7237 struct mgmt_pending_cmd *cmd;
7238 struct hci_request req;
7239 struct mgmt_cp_set_advertising_data *cp = data;
7240 struct hci_cp_le_set_adv_data adv;
7243 BT_DBG("%s", hdev->name);
7245 if (!lmp_le_capable(hdev)) {
7246 return mgmt_cmd_status(sk, hdev->id,
7247 MGMT_OP_SET_ADVERTISING_DATA,
7248 MGMT_STATUS_NOT_SUPPORTED);
7253 if (pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev)) {
7254 err = mgmt_cmd_status(sk, hdev->id,
7255 MGMT_OP_SET_ADVERTISING_DATA,
7260 if (len > HCI_MAX_AD_LENGTH) {
7261 err = mgmt_cmd_status(sk, hdev->id,
7262 MGMT_OP_SET_ADVERTISING_DATA,
7263 MGMT_STATUS_INVALID_PARAMS);
7267 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING_DATA,
7274 hci_req_init(&req, hdev);
7276 memset(&adv, 0, sizeof(adv));
7277 memcpy(adv.data, cp->data, len);
7280 hci_req_add(&req, HCI_OP_LE_SET_ADV_DATA, sizeof(adv), &adv);
7282 err = hci_req_run(&req, set_advertising_data_complete);
7284 mgmt_pending_remove(cmd);
7287 hci_dev_unlock(hdev);
7292 /* Adv White List feature */
7293 static void add_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7295 struct mgmt_cp_add_dev_white_list *cp;
7296 struct mgmt_pending_cmd *cmd;
7298 BT_DBG("status 0x%02x", status);
7302 cmd = pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev);
7309 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
7310 mgmt_status(status));
7312 mgmt_cmd_complete(cmd->sk, hdev->id,
7313 MGMT_OP_ADD_DEV_WHITE_LIST, 0, cp, sizeof(*cp));
7315 mgmt_pending_remove(cmd);
7318 hci_dev_unlock(hdev);
7321 static int add_white_list(struct sock *sk, struct hci_dev *hdev,
7322 void *data, u16 len)
7324 struct mgmt_pending_cmd *cmd;
7325 struct mgmt_cp_add_dev_white_list *cp = data;
7326 struct hci_request req;
7329 BT_DBG("%s", hdev->name);
7331 if (!lmp_le_capable(hdev))
7332 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
7333 MGMT_STATUS_NOT_SUPPORTED);
7335 if (!hdev_is_powered(hdev))
7336 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
7337 MGMT_STATUS_REJECTED);
7341 if (pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev)) {
7342 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
7347 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEV_WHITE_LIST, hdev, data, len);
7353 hci_req_init(&req, hdev);
7355 hci_req_add(&req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(*cp), cp);
7357 err = hci_req_run(&req, add_white_list_complete);
7359 mgmt_pending_remove(cmd);
7364 hci_dev_unlock(hdev);
7369 static void remove_from_white_list_complete(struct hci_dev *hdev,
7370 u8 status, u16 opcode)
7372 struct mgmt_cp_remove_dev_from_white_list *cp;
7373 struct mgmt_pending_cmd *cmd;
7375 BT_DBG("status 0x%02x", status);
7379 cmd = pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev);
7386 mgmt_cmd_status(cmd->sk, hdev->id,
7387 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7388 mgmt_status(status));
7390 mgmt_cmd_complete(cmd->sk, hdev->id,
7391 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, 0,
7394 mgmt_pending_remove(cmd);
7397 hci_dev_unlock(hdev);
7400 static int remove_from_white_list(struct sock *sk, struct hci_dev *hdev,
7401 void *data, u16 len)
7403 struct mgmt_pending_cmd *cmd;
7404 struct mgmt_cp_remove_dev_from_white_list *cp = data;
7405 struct hci_request req;
7408 BT_DBG("%s", hdev->name);
7410 if (!lmp_le_capable(hdev))
7411 return mgmt_cmd_status(sk, hdev->id,
7412 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7413 MGMT_STATUS_NOT_SUPPORTED);
7415 if (!hdev_is_powered(hdev))
7416 return mgmt_cmd_status(sk, hdev->id,
7417 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7418 MGMT_STATUS_REJECTED);
7422 if (pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev)) {
7423 err = mgmt_cmd_status(sk, hdev->id,
7424 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7429 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7436 hci_req_init(&req, hdev);
7438 hci_req_add(&req, HCI_OP_LE_DEL_FROM_WHITE_LIST, sizeof(*cp), cp);
7440 err = hci_req_run(&req, remove_from_white_list_complete);
7442 mgmt_pending_remove(cmd);
7447 hci_dev_unlock(hdev);
7452 static void clear_white_list_complete(struct hci_dev *hdev, u8 status,
7455 struct mgmt_pending_cmd *cmd;
7457 BT_DBG("status 0x%02x", status);
7461 cmd = pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev);
7466 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
7467 mgmt_status(status));
7469 mgmt_cmd_complete(cmd->sk, hdev->id,
7470 MGMT_OP_CLEAR_DEV_WHITE_LIST,
7473 mgmt_pending_remove(cmd);
7476 hci_dev_unlock(hdev);
7479 static int clear_white_list(struct sock *sk, struct hci_dev *hdev,
7480 void *data, u16 len)
7482 struct mgmt_pending_cmd *cmd;
7483 struct hci_request req;
7486 BT_DBG("%s", hdev->name);
7488 if (!lmp_le_capable(hdev))
7489 return mgmt_cmd_status(sk, hdev->id,
7490 MGMT_OP_CLEAR_DEV_WHITE_LIST,
7491 MGMT_STATUS_NOT_SUPPORTED);
7493 if (!hdev_is_powered(hdev))
7494 return mgmt_cmd_status(sk, hdev->id,
7495 MGMT_OP_CLEAR_DEV_WHITE_LIST,
7496 MGMT_STATUS_REJECTED);
7500 if (pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev)) {
7501 err = mgmt_cmd_status(sk, hdev->id,
7502 MGMT_OP_CLEAR_DEV_WHITE_LIST,
7507 cmd = mgmt_pending_add(sk, MGMT_OP_CLEAR_DEV_WHITE_LIST,
7514 hci_req_init(&req, hdev);
7516 hci_req_add(&req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
7518 err = hci_req_run(&req, clear_white_list_complete);
7520 mgmt_pending_remove(cmd);
7525 hci_dev_unlock(hdev);
7530 static void set_scan_rsp_data_complete(struct hci_dev *hdev, u8 status,
7533 struct mgmt_cp_set_scan_rsp_data *cp;
7534 struct mgmt_pending_cmd *cmd;
7536 BT_DBG("status 0x%02x", status);
7540 cmd = pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev);
7547 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
7548 mgmt_status(status));
7550 mgmt_cmd_complete(cmd->sk, hdev->id,
7551 MGMT_OP_SET_SCAN_RSP_DATA, 0,
7554 mgmt_pending_remove(cmd);
7557 hci_dev_unlock(hdev);
7560 static int set_scan_rsp_data(struct sock *sk, struct hci_dev *hdev, void *data,
7563 struct mgmt_pending_cmd *cmd;
7564 struct hci_request req;
7565 struct mgmt_cp_set_scan_rsp_data *cp = data;
7566 struct hci_cp_le_set_scan_rsp_data rsp;
7569 BT_DBG("%s", hdev->name);
7571 if (!lmp_le_capable(hdev))
7572 return mgmt_cmd_status(sk, hdev->id,
7573 MGMT_OP_SET_SCAN_RSP_DATA,
7574 MGMT_STATUS_NOT_SUPPORTED);
7578 if (pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev)) {
7579 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
7584 if (len > HCI_MAX_AD_LENGTH) {
7585 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
7586 MGMT_STATUS_INVALID_PARAMS);
7590 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SCAN_RSP_DATA, hdev, data, len);
7596 hci_req_init(&req, hdev);
7598 memset(&rsp, 0, sizeof(rsp));
7599 memcpy(rsp.data, cp->data, len);
7602 hci_req_add(&req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(rsp), &rsp);
7604 err = hci_req_run(&req, set_scan_rsp_data_complete);
7606 mgmt_pending_remove(cmd);
7609 hci_dev_unlock(hdev);
7614 static void set_rssi_threshold_complete(struct hci_dev *hdev,
7615 u8 status, u16 opcode)
7617 struct mgmt_pending_cmd *cmd;
7619 BT_DBG("status 0x%02x", status);
7623 cmd = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7628 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7629 mgmt_status(status));
7631 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, 0,
7634 mgmt_pending_remove(cmd);
7637 hci_dev_unlock(hdev);
7640 static void set_rssi_disable_complete(struct hci_dev *hdev,
7641 u8 status, u16 opcode)
7643 struct mgmt_pending_cmd *cmd;
7645 BT_DBG("status 0x%02x", status);
7649 cmd = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
7654 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7655 mgmt_status(status));
7657 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7660 mgmt_pending_remove(cmd);
7663 hci_dev_unlock(hdev);
7666 int mgmt_set_rssi_threshold(struct sock *sk, struct hci_dev *hdev,
7667 void *data, u16 len)
7670 struct hci_cp_set_rssi_threshold th = { 0, };
7671 struct mgmt_cp_set_enable_rssi *cp = data;
7672 struct hci_conn *conn;
7673 struct mgmt_pending_cmd *cmd;
7674 struct hci_request req;
7679 cmd = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7681 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7682 MGMT_STATUS_FAILED);
7686 if (!lmp_le_capable(hdev)) {
7687 mgmt_pending_remove(cmd);
7688 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7689 MGMT_STATUS_NOT_SUPPORTED);
7693 if (!hdev_is_powered(hdev)) {
7694 BT_DBG("%s", hdev->name);
7695 mgmt_pending_remove(cmd);
7696 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7697 MGMT_STATUS_NOT_POWERED);
7701 if (cp->link_type == 0x01)
7702 dest_type = LE_LINK;
7704 dest_type = ACL_LINK;
7706 /* Get LE/ACL link handle info */
7707 conn = hci_conn_hash_lookup_ba(hdev,
7708 dest_type, &cp->bdaddr);
7711 err = mgmt_cmd_complete(sk, hdev->id,
7712 MGMT_OP_SET_RSSI_ENABLE, 1, NULL, 0);
7713 mgmt_pending_remove(cmd);
7717 hci_req_init(&req, hdev);
7719 th.hci_le_ext_opcode = 0x0B;
7721 th.conn_handle = conn->handle;
7722 th.alert_mask = 0x07;
7723 th.low_th = cp->low_th;
7724 th.in_range_th = cp->in_range_th;
7725 th.high_th = cp->high_th;
7727 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
7728 err = hci_req_run(&req, set_rssi_threshold_complete);
7731 mgmt_pending_remove(cmd);
7732 BT_ERR("Error in requesting hci_req_run");
7737 hci_dev_unlock(hdev);
7741 void mgmt_rssi_enable_success(struct sock *sk, struct hci_dev *hdev,
7742 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
7744 struct mgmt_cc_rsp_enable_rssi mgmt_rp = { 0, };
7745 struct mgmt_cp_set_enable_rssi *cp = data;
7746 struct mgmt_pending_cmd *cmd;
7751 mgmt_rp.status = rp->status;
7752 mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
7753 mgmt_rp.bt_address = cp->bdaddr;
7754 mgmt_rp.link_type = cp->link_type;
7756 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7757 MGMT_STATUS_SUCCESS, &mgmt_rp,
7758 sizeof(struct mgmt_cc_rsp_enable_rssi));
7760 mgmt_event(MGMT_EV_RSSI_ENABLED, hdev, &mgmt_rp,
7761 sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
7763 hci_conn_rssi_unset_all(hdev, mgmt_rp.link_type);
7764 hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
7765 &mgmt_rp.bt_address, true);
7769 cmd = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7771 mgmt_pending_remove(cmd);
7773 hci_dev_unlock(hdev);
7776 void mgmt_rssi_disable_success(struct sock *sk, struct hci_dev *hdev,
7777 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
7779 struct mgmt_cc_rp_disable_rssi mgmt_rp = { 0, };
7780 struct mgmt_cp_disable_rssi *cp = data;
7781 struct mgmt_pending_cmd *cmd;
7786 mgmt_rp.status = rp->status;
7787 mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
7788 mgmt_rp.bt_address = cp->bdaddr;
7789 mgmt_rp.link_type = cp->link_type;
7791 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7792 MGMT_STATUS_SUCCESS, &mgmt_rp,
7793 sizeof(struct mgmt_cc_rsp_enable_rssi));
7795 mgmt_event(MGMT_EV_RSSI_DISABLED, hdev, &mgmt_rp,
7796 sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
7798 hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
7799 &mgmt_rp.bt_address, false);
7803 cmd = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
7805 mgmt_pending_remove(cmd);
7807 hci_dev_unlock(hdev);
7810 static int mgmt_set_disable_rssi(struct sock *sk, struct hci_dev *hdev,
7811 void *data, u16 len)
7813 struct mgmt_pending_cmd *cmd;
7814 struct hci_request req;
7815 struct hci_cp_set_enable_rssi cp_en = { 0, };
7818 BT_DBG("Set Disable RSSI.");
7820 cp_en.hci_le_ext_opcode = 0x01;
7821 cp_en.le_enable_cs_Features = 0x00;
7822 cp_en.data[0] = 0x00;
7823 cp_en.data[1] = 0x00;
7824 cp_en.data[2] = 0x00;
7828 cmd = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
7830 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7831 MGMT_STATUS_FAILED);
7835 if (!lmp_le_capable(hdev)) {
7836 mgmt_pending_remove(cmd);
7837 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7838 MGMT_STATUS_NOT_SUPPORTED);
7842 if (!hdev_is_powered(hdev)) {
7843 BT_DBG("%s", hdev->name);
7844 mgmt_pending_remove(cmd);
7845 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7846 MGMT_STATUS_NOT_POWERED);
7850 hci_req_init(&req, hdev);
7852 BT_DBG("Enable Len: %zu [%2.2X %2.2X %2.2X %2.2X %2.2X]",
7853 sizeof(struct hci_cp_set_enable_rssi),
7854 cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
7855 cp_en.data[0], cp_en.data[1], cp_en.data[2]);
7857 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
7858 err = hci_req_run(&req, set_rssi_disable_complete);
7861 mgmt_pending_remove(cmd);
7862 BT_ERR("Error in requesting hci_req_run");
7867 hci_dev_unlock(hdev);
7871 void mgmt_enable_rssi_cc(struct hci_dev *hdev, void *response, u8 status)
7873 struct hci_cc_rsp_enable_rssi *rp = response;
7874 struct mgmt_pending_cmd *cmd_enable = NULL;
7875 struct mgmt_pending_cmd *cmd_disable = NULL;
7876 struct mgmt_cp_set_enable_rssi *cp_en;
7877 struct mgmt_cp_disable_rssi *cp_dis;
7880 cmd_enable = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7881 cmd_disable = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
7882 hci_dev_unlock(hdev);
7885 BT_DBG("Enable Request");
7888 BT_DBG("Disable Request");
7891 cp_en = cmd_enable->param;
7896 switch (rp->le_ext_opcode) {
7898 BT_DBG("RSSI enabled.. Setting Threshold...");
7899 mgmt_set_rssi_threshold(cmd_enable->sk, hdev,
7900 cp_en, sizeof(*cp_en));
7904 BT_DBG("Sending RSSI enable success");
7905 mgmt_rssi_enable_success(cmd_enable->sk, hdev,
7906 cp_en, rp, rp->status);
7910 } else if (cmd_disable) {
7911 cp_dis = cmd_disable->param;
7916 switch (rp->le_ext_opcode) {
7918 BT_DBG("Sending RSSI disable success");
7919 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
7920 cp_dis, rp, rp->status);
7925 * Only unset RSSI Threshold values for the Link if
7926 * RSSI is monitored for other BREDR or LE Links
7928 if (hci_conn_hash_lookup_rssi_count(hdev) > 1) {
7929 BT_DBG("Unset Threshold. Other links being monitored");
7930 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
7931 cp_dis, rp, rp->status);
7933 BT_DBG("Unset Threshold. Disabling...");
7934 mgmt_set_disable_rssi(cmd_disable->sk, hdev,
7935 cp_dis, sizeof(*cp_dis));
7942 static void set_rssi_enable_complete(struct hci_dev *hdev, u8 status,
7945 struct mgmt_pending_cmd *cmd;
7947 BT_DBG("status 0x%02x", status);
7951 cmd = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7956 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7957 mgmt_status(status));
7959 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, 0,
7962 mgmt_pending_remove(cmd);
7965 hci_dev_unlock(hdev);
7968 static int set_enable_rssi(struct sock *sk, struct hci_dev *hdev,
7969 void *data, u16 len)
7971 struct mgmt_pending_cmd *cmd;
7972 struct hci_request req;
7973 struct mgmt_cp_set_enable_rssi *cp = data;
7974 struct hci_cp_set_enable_rssi cp_en = { 0, };
7977 BT_DBG("Set Enable RSSI.");
7979 cp_en.hci_le_ext_opcode = 0x01;
7980 cp_en.le_enable_cs_Features = 0x04;
7981 cp_en.data[0] = 0x00;
7982 cp_en.data[1] = 0x00;
7983 cp_en.data[2] = 0x00;
7987 if (!lmp_le_capable(hdev)) {
7988 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7989 MGMT_STATUS_NOT_SUPPORTED);
7993 if (!hdev_is_powered(hdev)) {
7994 BT_DBG("%s", hdev->name);
7995 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7996 MGMT_STATUS_NOT_POWERED);
8000 if (pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev)) {
8001 BT_DBG("%s", hdev->name);
8002 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
8007 cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_ENABLE, hdev, cp,
8010 BT_DBG("%s", hdev->name);
8015 /* If RSSI is already enabled directly set Threshold values */
8016 if (hci_conn_hash_lookup_rssi_count(hdev) > 0) {
8017 hci_dev_unlock(hdev);
8018 BT_DBG("RSSI Enabled. Directly set Threshold");
8019 err = mgmt_set_rssi_threshold(sk, hdev, cp, sizeof(*cp));
8023 hci_req_init(&req, hdev);
8025 BT_DBG("Enable Len: %zu [%2.2X %2.2X %2.2X %2.2X %2.2X]",
8026 sizeof(struct hci_cp_set_enable_rssi),
8027 cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
8028 cp_en.data[0], cp_en.data[1], cp_en.data[2]);
8030 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
8031 err = hci_req_run(&req, set_rssi_enable_complete);
8034 mgmt_pending_remove(cmd);
8035 BT_ERR("Error in requesting hci_req_run");
8040 hci_dev_unlock(hdev);
8045 static void get_raw_rssi_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8047 struct mgmt_pending_cmd *cmd;
8049 BT_DBG("status 0x%02x", status);
8053 cmd = pending_find(MGMT_OP_GET_RAW_RSSI, hdev);
8057 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8058 MGMT_STATUS_SUCCESS, &status, 1);
8060 mgmt_pending_remove(cmd);
8063 hci_dev_unlock(hdev);
8066 static int get_raw_rssi(struct sock *sk, struct hci_dev *hdev, void *data,
8069 struct mgmt_pending_cmd *cmd;
8070 struct hci_request req;
8071 struct mgmt_cp_get_raw_rssi *cp = data;
8072 struct hci_cp_get_raw_rssi hci_cp;
8074 struct hci_conn *conn;
8078 BT_DBG("Get Raw RSSI.");
8082 if (!lmp_le_capable(hdev)) {
8083 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8084 MGMT_STATUS_NOT_SUPPORTED);
8088 if (cp->link_type == 0x01)
8089 dest_type = LE_LINK;
8091 dest_type = ACL_LINK;
8093 /* Get LE/BREDR link handle info */
8094 conn = hci_conn_hash_lookup_ba(hdev,
8095 dest_type, &cp->bt_address);
8097 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8098 MGMT_STATUS_NOT_CONNECTED);
8101 hci_cp.conn_handle = conn->handle;
8103 if (!hdev_is_powered(hdev)) {
8104 BT_DBG("%s", hdev->name);
8105 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8106 MGMT_STATUS_NOT_POWERED);
8110 if (pending_find(MGMT_OP_GET_RAW_RSSI, hdev)) {
8111 BT_DBG("%s", hdev->name);
8112 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8117 cmd = mgmt_pending_add(sk, MGMT_OP_GET_RAW_RSSI, hdev, data, len);
8119 BT_DBG("%s", hdev->name);
8124 hci_req_init(&req, hdev);
8126 BT_DBG("Connection Handle [%d]", hci_cp.conn_handle);
8127 hci_req_add(&req, HCI_OP_GET_RAW_RSSI, sizeof(hci_cp), &hci_cp);
8128 err = hci_req_run(&req, get_raw_rssi_complete);
8131 mgmt_pending_remove(cmd);
8132 BT_ERR("Error in requesting hci_req_run");
8136 hci_dev_unlock(hdev);
8141 void mgmt_raw_rssi_response(struct hci_dev *hdev,
8142 struct hci_cc_rp_get_raw_rssi *rp, int success)
8144 struct mgmt_cc_rp_get_raw_rssi mgmt_rp = { 0, };
8145 struct hci_conn *conn;
8147 mgmt_rp.status = rp->status;
8148 mgmt_rp.rssi_dbm = rp->rssi_dbm;
8150 conn = hci_conn_hash_lookup_handle(hdev, rp->conn_handle);
8154 bacpy(&mgmt_rp.bt_address, &conn->dst);
8155 if (conn->type == LE_LINK)
8156 mgmt_rp.link_type = 0x01;
8158 mgmt_rp.link_type = 0x00;
8160 mgmt_event(MGMT_EV_RAW_RSSI, hdev, &mgmt_rp,
8161 sizeof(struct mgmt_cc_rp_get_raw_rssi), NULL);
8164 static void set_disable_threshold_complete(struct hci_dev *hdev,
8165 u8 status, u16 opcode)
8167 struct mgmt_pending_cmd *cmd;
8169 BT_DBG("status 0x%02x", status);
8173 cmd = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
8177 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
8178 MGMT_STATUS_SUCCESS, &status, 1);
8180 mgmt_pending_remove(cmd);
8183 hci_dev_unlock(hdev);
8186 /** Removes monitoring for a link*/
8187 static int set_disable_threshold(struct sock *sk, struct hci_dev *hdev,
8188 void *data, u16 len)
8191 struct hci_cp_set_rssi_threshold th = { 0, };
8192 struct mgmt_cp_disable_rssi *cp = data;
8193 struct hci_conn *conn;
8194 struct mgmt_pending_cmd *cmd;
8195 struct hci_request req;
8198 BT_DBG("Set Disable RSSI.");
8202 if (!lmp_le_capable(hdev)) {
8203 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
8204 MGMT_STATUS_NOT_SUPPORTED);
8208 /* Get LE/ACL link handle info*/
8209 if (cp->link_type == 0x01)
8210 dest_type = LE_LINK;
8212 dest_type = ACL_LINK;
8214 conn = hci_conn_hash_lookup_ba(hdev, dest_type, &cp->bdaddr);
8216 err = mgmt_cmd_complete(sk, hdev->id,
8217 MGMT_OP_SET_RSSI_DISABLE, 1, NULL, 0);
8221 th.hci_le_ext_opcode = 0x0B;
8223 th.conn_handle = conn->handle;
8224 th.alert_mask = 0x00;
8226 th.in_range_th = 0x00;
8229 if (!hdev_is_powered(hdev)) {
8230 BT_DBG("%s", hdev->name);
8231 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
8236 if (pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev)) {
8237 BT_DBG("%s", hdev->name);
8238 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
8243 cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_DISABLE, hdev, cp,
8246 BT_DBG("%s", hdev->name);
8251 hci_req_init(&req, hdev);
8253 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
8254 err = hci_req_run(&req, set_disable_threshold_complete);
8256 mgmt_pending_remove(cmd);
8257 BT_ERR("Error in requesting hci_req_run");
8262 hci_dev_unlock(hdev);
8267 void mgmt_rssi_alert_evt(struct hci_dev *hdev, struct sk_buff *skb)
8269 struct hci_ev_vendor_specific_rssi_alert *ev = (void *)skb->data;
8270 struct mgmt_ev_vendor_specific_rssi_alert mgmt_ev;
8271 struct hci_conn *conn;
8273 BT_DBG("RSSI alert [%2.2X %2.2X %2.2X]",
8274 ev->conn_handle, ev->alert_type, ev->rssi_dbm);
8276 conn = hci_conn_hash_lookup_handle(hdev, ev->conn_handle);
8279 BT_ERR("RSSI alert Error: Device not found for handle");
8282 bacpy(&mgmt_ev.bdaddr, &conn->dst);
8284 if (conn->type == LE_LINK)
8285 mgmt_ev.link_type = 0x01;
8287 mgmt_ev.link_type = 0x00;
8289 mgmt_ev.alert_type = ev->alert_type;
8290 mgmt_ev.rssi_dbm = ev->rssi_dbm;
8292 mgmt_event(MGMT_EV_RSSI_ALERT, hdev, &mgmt_ev,
8293 sizeof(struct mgmt_ev_vendor_specific_rssi_alert),
8297 static int mgmt_start_le_discovery_failed(struct hci_dev *hdev, u8 status)
8299 struct mgmt_pending_cmd *cmd;
8303 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
8305 cmd = pending_find(MGMT_OP_START_LE_DISCOVERY, hdev);
8309 type = hdev->le_discovery.type;
8311 err = mgmt_cmd_complete(cmd->sk, hdev->id, cmd->opcode,
8312 mgmt_status(status), &type, sizeof(type));
8313 mgmt_pending_remove(cmd);
8318 static void start_le_discovery_complete(struct hci_dev *hdev, u8 status,
8321 unsigned long timeout = 0;
8323 BT_DBG("status %d", status);
8327 mgmt_start_le_discovery_failed(hdev, status);
8328 hci_dev_unlock(hdev);
8333 hci_le_discovery_set_state(hdev, DISCOVERY_FINDING);
8334 hci_dev_unlock(hdev);
8336 if (hdev->le_discovery.type != DISCOV_TYPE_LE)
8337 BT_ERR("Invalid discovery type %d", hdev->le_discovery.type);
8342 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
8345 static int start_le_discovery(struct sock *sk, struct hci_dev *hdev,
8346 void *data, u16 len)
8348 struct mgmt_cp_start_le_discovery *cp = data;
8349 struct mgmt_pending_cmd *cmd;
8350 struct hci_cp_le_set_scan_param param_cp;
8351 struct hci_cp_le_set_scan_enable enable_cp;
8352 struct hci_request req;
8353 u8 status, own_addr_type;
8356 BT_DBG("%s", hdev->name);
8358 if (!hdev_is_powered(hdev)) {
8359 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
8360 MGMT_STATUS_NOT_POWERED);
8364 if (hdev->le_discovery.state != DISCOVERY_STOPPED) {
8365 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
8370 if (cp->type != DISCOV_TYPE_LE) {
8371 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
8372 MGMT_STATUS_INVALID_PARAMS);
8376 cmd = mgmt_pending_add(sk, MGMT_OP_START_LE_DISCOVERY, hdev, NULL, 0);
8382 hdev->le_discovery.type = cp->type;
8384 hci_req_init(&req, hdev);
8386 status = mgmt_le_support(hdev);
8388 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
8390 mgmt_pending_remove(cmd);
8394 /* If controller is scanning, it means the background scanning
8395 * is running. Thus, we should temporarily stop it in order to
8396 * set the discovery scanning parameters.
8398 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
8399 hci_req_add_le_scan_disable(&req, false);
8401 memset(¶m_cp, 0, sizeof(param_cp));
8403 /* All active scans will be done with either a resolvable
8404 * private address (when privacy feature has been enabled)
8405 * or unresolvable private address.
8407 err = hci_update_random_address_sync(hdev, true, hci_dev_test_flag(hdev, HCI_PRIVACY), &own_addr_type);
8409 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
8410 MGMT_STATUS_FAILED);
8411 mgmt_pending_remove(cmd);
8415 param_cp.type = hdev->le_scan_type;
8416 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
8417 param_cp.window = cpu_to_le16(hdev->le_scan_window);
8418 param_cp.own_address_type = own_addr_type;
8419 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
8422 memset(&enable_cp, 0, sizeof(enable_cp));
8423 enable_cp.enable = LE_SCAN_ENABLE;
8424 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_DISABLE;
8426 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
8429 err = hci_req_run(&req, start_le_discovery_complete);
8431 mgmt_pending_remove(cmd);
8433 hci_le_discovery_set_state(hdev, DISCOVERY_STARTING);
8439 static int mgmt_stop_le_discovery_failed(struct hci_dev *hdev, u8 status)
8441 struct mgmt_pending_cmd *cmd;
8444 cmd = pending_find(MGMT_OP_STOP_LE_DISCOVERY, hdev);
8448 err = mgmt_cmd_complete(cmd->sk, hdev->id, cmd->opcode,
8449 mgmt_status(status), &hdev->le_discovery.type,
8450 sizeof(hdev->le_discovery.type));
8451 mgmt_pending_remove(cmd);
8456 static void stop_le_discovery_complete(struct hci_dev *hdev, u8 status,
8459 BT_DBG("status %d", status);
8464 mgmt_stop_le_discovery_failed(hdev, status);
8468 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
8471 hci_dev_unlock(hdev);
8474 static int stop_le_discovery(struct sock *sk, struct hci_dev *hdev,
8475 void *data, u16 len)
8477 struct mgmt_cp_stop_le_discovery *mgmt_cp = data;
8478 struct mgmt_pending_cmd *cmd;
8479 struct hci_request req;
8482 BT_DBG("%s", hdev->name);
8486 if (!hci_le_discovery_active(hdev)) {
8487 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
8488 MGMT_STATUS_REJECTED, &mgmt_cp->type,
8489 sizeof(mgmt_cp->type));
8493 if (hdev->le_discovery.type != mgmt_cp->type) {
8494 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
8495 MGMT_STATUS_INVALID_PARAMS,
8496 &mgmt_cp->type, sizeof(mgmt_cp->type));
8500 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_LE_DISCOVERY, hdev, NULL, 0);
8506 hci_req_init(&req, hdev);
8508 if (hdev->le_discovery.state != DISCOVERY_FINDING) {
8509 BT_DBG("unknown le discovery state %u",
8510 hdev->le_discovery.state);
8512 mgmt_pending_remove(cmd);
8513 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
8514 MGMT_STATUS_FAILED, &mgmt_cp->type,
8515 sizeof(mgmt_cp->type));
8519 cancel_delayed_work(&hdev->le_scan_disable);
8520 hci_req_add_le_scan_disable(&req, false);
8522 err = hci_req_run(&req, stop_le_discovery_complete);
8524 mgmt_pending_remove(cmd);
8526 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPING);
8529 hci_dev_unlock(hdev);
8533 /* Separate LE discovery */
8534 void mgmt_le_discovering(struct hci_dev *hdev, u8 discovering)
8536 struct mgmt_ev_discovering ev;
8537 struct mgmt_pending_cmd *cmd;
8539 BT_DBG("%s le discovering %u", hdev->name, discovering);
8542 cmd = pending_find(MGMT_OP_START_LE_DISCOVERY, hdev);
8544 cmd = pending_find(MGMT_OP_STOP_LE_DISCOVERY, hdev);
8547 u8 type = hdev->le_discovery.type;
8549 mgmt_cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
8551 mgmt_pending_remove(cmd);
8554 memset(&ev, 0, sizeof(ev));
8555 ev.type = hdev->le_discovery.type;
8556 ev.discovering = discovering;
8558 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8561 static int disable_le_auto_connect(struct sock *sk, struct hci_dev *hdev,
8562 void *data, u16 len)
8566 BT_DBG("%s", hdev->name);
8570 err = hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
8572 BT_ERR("HCI_OP_LE_CREATE_CONN_CANCEL is failed");
8574 hci_dev_unlock(hdev);
8579 static inline int check_le_conn_update_param(u16 min, u16 max, u16 latency,
8584 if (min > max || min < 6 || max > 3200)
8587 if (to_multiplier < 10 || to_multiplier > 3200)
8590 if (max >= to_multiplier * 8)
8593 max_latency = (to_multiplier * 8 / max) - 1;
8595 if (latency > 499 || latency > max_latency)
8601 static int le_conn_update(struct sock *sk, struct hci_dev *hdev, void *data,
8604 struct mgmt_cp_le_conn_update *cp = data;
8606 struct hci_conn *conn;
8607 u16 min, max, latency, supervision_timeout;
8610 if (!hdev_is_powered(hdev))
8611 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
8612 MGMT_STATUS_NOT_POWERED);
8614 min = __le16_to_cpu(cp->conn_interval_min);
8615 max = __le16_to_cpu(cp->conn_interval_max);
8616 latency = __le16_to_cpu(cp->conn_latency);
8617 supervision_timeout = __le16_to_cpu(cp->supervision_timeout);
8619 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x supervision_timeout: 0x%4.4x",
8620 min, max, latency, supervision_timeout);
8622 err = check_le_conn_update_param(min, max, latency,
8623 supervision_timeout);
8626 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
8627 MGMT_STATUS_INVALID_PARAMS);
8631 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
8633 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
8634 MGMT_STATUS_NOT_CONNECTED);
8635 hci_dev_unlock(hdev);
8639 hci_dev_unlock(hdev);
8641 hci_le_conn_update(conn, min, max, latency, supervision_timeout);
8643 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE, 0,
8646 #endif /* TIZEN_BT */
8648 static bool ltk_is_valid(struct mgmt_ltk_info *key)
8650 if (key->initiator != 0x00 && key->initiator != 0x01)
8653 switch (key->addr.type) {
8654 case BDADDR_LE_PUBLIC:
8657 case BDADDR_LE_RANDOM:
8658 /* Two most significant bits shall be set */
8659 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
8667 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
8668 void *cp_data, u16 len)
8670 struct mgmt_cp_load_long_term_keys *cp = cp_data;
8671 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
8672 sizeof(struct mgmt_ltk_info));
8673 u16 key_count, expected_len;
8676 bt_dev_dbg(hdev, "sock %p", sk);
8678 if (!lmp_le_capable(hdev))
8679 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
8680 MGMT_STATUS_NOT_SUPPORTED);
8682 key_count = __le16_to_cpu(cp->key_count);
8683 if (key_count > max_key_count) {
8684 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
8686 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
8687 MGMT_STATUS_INVALID_PARAMS);
8690 expected_len = struct_size(cp, keys, key_count);
8691 if (expected_len != len) {
8692 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
8694 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
8695 MGMT_STATUS_INVALID_PARAMS);
8698 bt_dev_dbg(hdev, "key_count %u", key_count);
8700 for (i = 0; i < key_count; i++) {
8701 struct mgmt_ltk_info *key = &cp->keys[i];
8703 if (!ltk_is_valid(key))
8704 return mgmt_cmd_status(sk, hdev->id,
8705 MGMT_OP_LOAD_LONG_TERM_KEYS,
8706 MGMT_STATUS_INVALID_PARAMS);
8711 hci_smp_ltks_clear(hdev);
8713 for (i = 0; i < key_count; i++) {
8714 struct mgmt_ltk_info *key = &cp->keys[i];
8715 u8 type, authenticated;
8717 if (hci_is_blocked_key(hdev,
8718 HCI_BLOCKED_KEY_TYPE_LTK,
8720 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
8725 switch (key->type) {
8726 case MGMT_LTK_UNAUTHENTICATED:
8727 authenticated = 0x00;
8728 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
8730 case MGMT_LTK_AUTHENTICATED:
8731 authenticated = 0x01;
8732 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
8734 case MGMT_LTK_P256_UNAUTH:
8735 authenticated = 0x00;
8736 type = SMP_LTK_P256;
8738 case MGMT_LTK_P256_AUTH:
8739 authenticated = 0x01;
8740 type = SMP_LTK_P256;
8742 case MGMT_LTK_P256_DEBUG:
8743 authenticated = 0x00;
8744 type = SMP_LTK_P256_DEBUG;
8750 hci_add_ltk(hdev, &key->addr.bdaddr,
8751 le_addr_type(key->addr.type), type, authenticated,
8752 key->val, key->enc_size, key->ediv, key->rand);
8755 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
8758 hci_dev_unlock(hdev);
8763 static void get_conn_info_complete(struct hci_dev *hdev, void *data, int err)
8765 struct mgmt_pending_cmd *cmd = data;
8766 struct hci_conn *conn = cmd->user_data;
8767 struct mgmt_cp_get_conn_info *cp = cmd->param;
8768 struct mgmt_rp_get_conn_info rp;
8771 bt_dev_dbg(hdev, "err %d", err);
8773 memcpy(&rp.addr, &cp->addr.bdaddr, sizeof(rp.addr));
8775 status = mgmt_status(err);
8776 if (status == MGMT_STATUS_SUCCESS) {
8777 rp.rssi = conn->rssi;
8778 rp.tx_power = conn->tx_power;
8779 rp.max_tx_power = conn->max_tx_power;
8781 rp.rssi = HCI_RSSI_INVALID;
8782 rp.tx_power = HCI_TX_POWER_INVALID;
8783 rp.max_tx_power = HCI_TX_POWER_INVALID;
8786 mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
8789 mgmt_pending_free(cmd);
8792 static int get_conn_info_sync(struct hci_dev *hdev, void *data)
8794 struct mgmt_pending_cmd *cmd = data;
8795 struct mgmt_cp_get_conn_info *cp = cmd->param;
8796 struct hci_conn *conn;
8800 /* Make sure we are still connected */
8801 if (cp->addr.type == BDADDR_BREDR)
8802 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8805 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
8807 if (!conn || conn->state != BT_CONNECTED)
8808 return MGMT_STATUS_NOT_CONNECTED;
8810 cmd->user_data = conn;
8811 handle = cpu_to_le16(conn->handle);
8813 /* Refresh RSSI each time */
8814 err = hci_read_rssi_sync(hdev, handle);
8816 /* For LE links TX power does not change thus we don't need to
8817 * query for it once value is known.
8819 if (!err && (!bdaddr_type_is_le(cp->addr.type) ||
8820 conn->tx_power == HCI_TX_POWER_INVALID))
8821 err = hci_read_tx_power_sync(hdev, handle, 0x00);
8823 /* Max TX power needs to be read only once per connection */
8824 if (!err && conn->max_tx_power == HCI_TX_POWER_INVALID)
8825 err = hci_read_tx_power_sync(hdev, handle, 0x01);
8830 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
8833 struct mgmt_cp_get_conn_info *cp = data;
8834 struct mgmt_rp_get_conn_info rp;
8835 struct hci_conn *conn;
8836 unsigned long conn_info_age;
8839 bt_dev_dbg(hdev, "sock %p", sk);
8841 memset(&rp, 0, sizeof(rp));
8842 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
8843 rp.addr.type = cp->addr.type;
8845 if (!bdaddr_type_is_valid(cp->addr.type))
8846 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
8847 MGMT_STATUS_INVALID_PARAMS,
8852 if (!hdev_is_powered(hdev)) {
8853 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
8854 MGMT_STATUS_NOT_POWERED, &rp,
8859 if (cp->addr.type == BDADDR_BREDR)
8860 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8863 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
8865 if (!conn || conn->state != BT_CONNECTED) {
8866 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
8867 MGMT_STATUS_NOT_CONNECTED, &rp,
8872 /* To avoid client trying to guess when to poll again for information we
8873 * calculate conn info age as random value between min/max set in hdev.
8875 conn_info_age = hdev->conn_info_min_age +
8876 prandom_u32_max(hdev->conn_info_max_age -
8877 hdev->conn_info_min_age);
8879 /* Query controller to refresh cached values if they are too old or were
8882 if (time_after(jiffies, conn->conn_info_timestamp +
8883 msecs_to_jiffies(conn_info_age)) ||
8884 !conn->conn_info_timestamp) {
8885 struct mgmt_pending_cmd *cmd;
8887 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CONN_INFO, hdev, data,
8892 err = hci_cmd_sync_queue(hdev, get_conn_info_sync,
8893 cmd, get_conn_info_complete);
8897 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
8898 MGMT_STATUS_FAILED, &rp, sizeof(rp));
8901 mgmt_pending_free(cmd);
8906 conn->conn_info_timestamp = jiffies;
8908 /* Cache is valid, just reply with values cached in hci_conn */
8909 rp.rssi = conn->rssi;
8910 rp.tx_power = conn->tx_power;
8911 rp.max_tx_power = conn->max_tx_power;
8913 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
8914 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8918 hci_dev_unlock(hdev);
8922 static void get_clock_info_complete(struct hci_dev *hdev, void *data, int err)
8924 struct mgmt_pending_cmd *cmd = data;
8925 struct mgmt_cp_get_clock_info *cp = cmd->param;
8926 struct mgmt_rp_get_clock_info rp;
8927 struct hci_conn *conn = cmd->user_data;
8928 u8 status = mgmt_status(err);
8930 bt_dev_dbg(hdev, "err %d", err);
8932 memset(&rp, 0, sizeof(rp));
8933 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
8934 rp.addr.type = cp->addr.type;
8939 rp.local_clock = cpu_to_le32(hdev->clock);
8942 rp.piconet_clock = cpu_to_le32(conn->clock);
8943 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
8947 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
8950 mgmt_pending_free(cmd);
8953 static int get_clock_info_sync(struct hci_dev *hdev, void *data)
8955 struct mgmt_pending_cmd *cmd = data;
8956 struct mgmt_cp_get_clock_info *cp = cmd->param;
8957 struct hci_cp_read_clock hci_cp;
8958 struct hci_conn *conn;
8960 memset(&hci_cp, 0, sizeof(hci_cp));
8961 hci_read_clock_sync(hdev, &hci_cp);
8963 /* Make sure connection still exists */
8964 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
8965 if (!conn || conn->state != BT_CONNECTED)
8966 return MGMT_STATUS_NOT_CONNECTED;
8968 cmd->user_data = conn;
8969 hci_cp.handle = cpu_to_le16(conn->handle);
8970 hci_cp.which = 0x01; /* Piconet clock */
8972 return hci_read_clock_sync(hdev, &hci_cp);
8975 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
8978 struct mgmt_cp_get_clock_info *cp = data;
8979 struct mgmt_rp_get_clock_info rp;
8980 struct mgmt_pending_cmd *cmd;
8981 struct hci_conn *conn;
8984 bt_dev_dbg(hdev, "sock %p", sk);
8986 memset(&rp, 0, sizeof(rp));
8987 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
8988 rp.addr.type = cp->addr.type;
8990 if (cp->addr.type != BDADDR_BREDR)
8991 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
8992 MGMT_STATUS_INVALID_PARAMS,
8997 if (!hdev_is_powered(hdev)) {
8998 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
8999 MGMT_STATUS_NOT_POWERED, &rp,
9004 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
9005 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
9007 if (!conn || conn->state != BT_CONNECTED) {
9008 err = mgmt_cmd_complete(sk, hdev->id,
9009 MGMT_OP_GET_CLOCK_INFO,
9010 MGMT_STATUS_NOT_CONNECTED,
9018 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
9022 err = hci_cmd_sync_queue(hdev, get_clock_info_sync, cmd,
9023 get_clock_info_complete);
9026 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
9027 MGMT_STATUS_FAILED, &rp, sizeof(rp));
9030 mgmt_pending_free(cmd);
9035 hci_dev_unlock(hdev);
9039 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
9041 struct hci_conn *conn;
9043 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
9047 if (conn->dst_type != type)
9050 if (conn->state != BT_CONNECTED)
9056 /* This function requires the caller holds hdev->lock */
9057 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
9058 u8 addr_type, u8 auto_connect)
9060 struct hci_conn_params *params;
9062 params = hci_conn_params_add(hdev, addr, addr_type);
9066 if (params->auto_connect == auto_connect)
9069 list_del_init(¶ms->action);
9071 switch (auto_connect) {
9072 case HCI_AUTO_CONN_DISABLED:
9073 case HCI_AUTO_CONN_LINK_LOSS:
9074 /* If auto connect is being disabled when we're trying to
9075 * connect to device, keep connecting.
9077 if (params->explicit_connect)
9078 list_add(¶ms->action, &hdev->pend_le_conns);
9080 case HCI_AUTO_CONN_REPORT:
9081 if (params->explicit_connect)
9082 list_add(¶ms->action, &hdev->pend_le_conns);
9084 list_add(¶ms->action, &hdev->pend_le_reports);
9086 case HCI_AUTO_CONN_DIRECT:
9087 case HCI_AUTO_CONN_ALWAYS:
9088 if (!is_connected(hdev, addr, addr_type))
9089 list_add(¶ms->action, &hdev->pend_le_conns);
9093 params->auto_connect = auto_connect;
9095 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
9096 addr, addr_type, auto_connect);
9101 static void device_added(struct sock *sk, struct hci_dev *hdev,
9102 bdaddr_t *bdaddr, u8 type, u8 action)
9104 struct mgmt_ev_device_added ev;
9106 bacpy(&ev.addr.bdaddr, bdaddr);
9107 ev.addr.type = type;
9110 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
9113 static int add_device_sync(struct hci_dev *hdev, void *data)
9115 return hci_update_passive_scan_sync(hdev);
9118 static int add_device(struct sock *sk, struct hci_dev *hdev,
9119 void *data, u16 len)
9121 struct mgmt_cp_add_device *cp = data;
9122 u8 auto_conn, addr_type;
9123 struct hci_conn_params *params;
9125 u32 current_flags = 0;
9126 u32 supported_flags;
9128 bt_dev_dbg(hdev, "sock %p", sk);
9130 if (!bdaddr_type_is_valid(cp->addr.type) ||
9131 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
9132 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
9133 MGMT_STATUS_INVALID_PARAMS,
9134 &cp->addr, sizeof(cp->addr));
9136 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
9137 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
9138 MGMT_STATUS_INVALID_PARAMS,
9139 &cp->addr, sizeof(cp->addr));
9143 if (cp->addr.type == BDADDR_BREDR) {
9144 /* Only incoming connections action is supported for now */
9145 if (cp->action != 0x01) {
9146 err = mgmt_cmd_complete(sk, hdev->id,
9148 MGMT_STATUS_INVALID_PARAMS,
9149 &cp->addr, sizeof(cp->addr));
9153 err = hci_bdaddr_list_add_with_flags(&hdev->accept_list,
9159 hci_update_scan(hdev);
9164 addr_type = le_addr_type(cp->addr.type);
9166 if (cp->action == 0x02)
9167 auto_conn = HCI_AUTO_CONN_ALWAYS;
9168 else if (cp->action == 0x01)
9169 auto_conn = HCI_AUTO_CONN_DIRECT;
9171 auto_conn = HCI_AUTO_CONN_REPORT;
9173 /* Kernel internally uses conn_params with resolvable private
9174 * address, but Add Device allows only identity addresses.
9175 * Make sure it is enforced before calling
9176 * hci_conn_params_lookup.
9178 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
9179 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
9180 MGMT_STATUS_INVALID_PARAMS,
9181 &cp->addr, sizeof(cp->addr));
9185 /* If the connection parameters don't exist for this device,
9186 * they will be created and configured with defaults.
9188 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
9190 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
9191 MGMT_STATUS_FAILED, &cp->addr,
9195 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
9198 current_flags = params->flags;
9201 err = hci_cmd_sync_queue(hdev, add_device_sync, NULL, NULL);
9206 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
9207 supported_flags = hdev->conn_flags;
9208 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type,
9209 supported_flags, current_flags);
9211 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
9212 MGMT_STATUS_SUCCESS, &cp->addr,
9216 hci_dev_unlock(hdev);
9220 static void device_removed(struct sock *sk, struct hci_dev *hdev,
9221 bdaddr_t *bdaddr, u8 type)
9223 struct mgmt_ev_device_removed ev;
9225 bacpy(&ev.addr.bdaddr, bdaddr);
9226 ev.addr.type = type;
9228 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
9231 static int remove_device_sync(struct hci_dev *hdev, void *data)
9233 return hci_update_passive_scan_sync(hdev);
9236 static int remove_device(struct sock *sk, struct hci_dev *hdev,
9237 void *data, u16 len)
9239 struct mgmt_cp_remove_device *cp = data;
9242 bt_dev_dbg(hdev, "sock %p", sk);
9246 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
9247 struct hci_conn_params *params;
9250 if (!bdaddr_type_is_valid(cp->addr.type)) {
9251 err = mgmt_cmd_complete(sk, hdev->id,
9252 MGMT_OP_REMOVE_DEVICE,
9253 MGMT_STATUS_INVALID_PARAMS,
9254 &cp->addr, sizeof(cp->addr));
9258 if (cp->addr.type == BDADDR_BREDR) {
9259 err = hci_bdaddr_list_del(&hdev->accept_list,
9263 err = mgmt_cmd_complete(sk, hdev->id,
9264 MGMT_OP_REMOVE_DEVICE,
9265 MGMT_STATUS_INVALID_PARAMS,
9271 hci_update_scan(hdev);
9273 device_removed(sk, hdev, &cp->addr.bdaddr,
9278 addr_type = le_addr_type(cp->addr.type);
9280 /* Kernel internally uses conn_params with resolvable private
9281 * address, but Remove Device allows only identity addresses.
9282 * Make sure it is enforced before calling
9283 * hci_conn_params_lookup.
9285 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
9286 err = mgmt_cmd_complete(sk, hdev->id,
9287 MGMT_OP_REMOVE_DEVICE,
9288 MGMT_STATUS_INVALID_PARAMS,
9289 &cp->addr, sizeof(cp->addr));
9293 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
9296 err = mgmt_cmd_complete(sk, hdev->id,
9297 MGMT_OP_REMOVE_DEVICE,
9298 MGMT_STATUS_INVALID_PARAMS,
9299 &cp->addr, sizeof(cp->addr));
9303 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
9304 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
9305 err = mgmt_cmd_complete(sk, hdev->id,
9306 MGMT_OP_REMOVE_DEVICE,
9307 MGMT_STATUS_INVALID_PARAMS,
9308 &cp->addr, sizeof(cp->addr));
9312 list_del(¶ms->action);
9313 list_del(¶ms->list);
9316 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
9318 struct hci_conn_params *p, *tmp;
9319 struct bdaddr_list *b, *btmp;
9321 if (cp->addr.type) {
9322 err = mgmt_cmd_complete(sk, hdev->id,
9323 MGMT_OP_REMOVE_DEVICE,
9324 MGMT_STATUS_INVALID_PARAMS,
9325 &cp->addr, sizeof(cp->addr));
9329 list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) {
9330 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
9335 hci_update_scan(hdev);
9337 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
9338 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
9340 device_removed(sk, hdev, &p->addr, p->addr_type);
9341 if (p->explicit_connect) {
9342 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
9345 list_del(&p->action);
9350 bt_dev_dbg(hdev, "All LE connection parameters were removed");
9353 hci_cmd_sync_queue(hdev, remove_device_sync, NULL, NULL);
9356 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
9357 MGMT_STATUS_SUCCESS, &cp->addr,
9360 hci_dev_unlock(hdev);
9364 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
9367 struct mgmt_cp_load_conn_param *cp = data;
9368 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
9369 sizeof(struct mgmt_conn_param));
9370 u16 param_count, expected_len;
9373 if (!lmp_le_capable(hdev))
9374 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
9375 MGMT_STATUS_NOT_SUPPORTED);
9377 param_count = __le16_to_cpu(cp->param_count);
9378 if (param_count > max_param_count) {
9379 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
9381 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
9382 MGMT_STATUS_INVALID_PARAMS);
9385 expected_len = struct_size(cp, params, param_count);
9386 if (expected_len != len) {
9387 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
9389 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
9390 MGMT_STATUS_INVALID_PARAMS);
9393 bt_dev_dbg(hdev, "param_count %u", param_count);
9397 hci_conn_params_clear_disabled(hdev);
9399 for (i = 0; i < param_count; i++) {
9400 struct mgmt_conn_param *param = &cp->params[i];
9401 struct hci_conn_params *hci_param;
9402 u16 min, max, latency, timeout;
9405 bt_dev_dbg(hdev, "Adding %pMR (type %u)", ¶m->addr.bdaddr,
9408 if (param->addr.type == BDADDR_LE_PUBLIC) {
9409 addr_type = ADDR_LE_DEV_PUBLIC;
9410 } else if (param->addr.type == BDADDR_LE_RANDOM) {
9411 addr_type = ADDR_LE_DEV_RANDOM;
9413 bt_dev_err(hdev, "ignoring invalid connection parameters");
9417 min = le16_to_cpu(param->min_interval);
9418 max = le16_to_cpu(param->max_interval);
9419 latency = le16_to_cpu(param->latency);
9420 timeout = le16_to_cpu(param->timeout);
9422 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
9423 min, max, latency, timeout);
9425 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
9426 bt_dev_err(hdev, "ignoring invalid connection parameters");
9430 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
9433 bt_dev_err(hdev, "failed to add connection parameters");
9437 hci_param->conn_min_interval = min;
9438 hci_param->conn_max_interval = max;
9439 hci_param->conn_latency = latency;
9440 hci_param->supervision_timeout = timeout;
9443 hci_dev_unlock(hdev);
9445 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
9449 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
9450 void *data, u16 len)
9452 struct mgmt_cp_set_external_config *cp = data;
9456 bt_dev_dbg(hdev, "sock %p", sk);
9458 if (hdev_is_powered(hdev))
9459 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
9460 MGMT_STATUS_REJECTED);
9462 if (cp->config != 0x00 && cp->config != 0x01)
9463 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
9464 MGMT_STATUS_INVALID_PARAMS);
9466 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
9467 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
9468 MGMT_STATUS_NOT_SUPPORTED);
9473 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
9475 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
9477 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
9484 err = new_options(hdev, sk);
9486 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
9487 mgmt_index_removed(hdev);
9489 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
9490 hci_dev_set_flag(hdev, HCI_CONFIG);
9491 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9493 queue_work(hdev->req_workqueue, &hdev->power_on);
9495 set_bit(HCI_RAW, &hdev->flags);
9496 mgmt_index_added(hdev);
9501 hci_dev_unlock(hdev);
9505 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
9506 void *data, u16 len)
9508 struct mgmt_cp_set_public_address *cp = data;
9512 bt_dev_dbg(hdev, "sock %p", sk);
9514 if (hdev_is_powered(hdev))
9515 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
9516 MGMT_STATUS_REJECTED);
9518 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
9519 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
9520 MGMT_STATUS_INVALID_PARAMS);
9522 if (!hdev->set_bdaddr)
9523 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
9524 MGMT_STATUS_NOT_SUPPORTED);
9528 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
9529 bacpy(&hdev->public_addr, &cp->bdaddr);
9531 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
9538 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9539 err = new_options(hdev, sk);
9541 if (is_configured(hdev)) {
9542 mgmt_index_removed(hdev);
9544 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9546 hci_dev_set_flag(hdev, HCI_CONFIG);
9547 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9549 queue_work(hdev->req_workqueue, &hdev->power_on);
9553 hci_dev_unlock(hdev);
9558 int mgmt_device_name_update(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name,
9562 struct mgmt_ev_device_name_update *ev = (void *)buf;
9568 bacpy(&ev->addr.bdaddr, bdaddr);
9569 ev->addr.type = BDADDR_BREDR;
9571 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
9574 ev->eir_len = cpu_to_le16(eir_len);
9576 return mgmt_event(MGMT_EV_DEVICE_NAME_UPDATE, hdev, buf,
9577 sizeof(*ev) + eir_len, NULL);
9580 int mgmt_le_conn_update_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
9581 u8 link_type, u8 addr_type, u8 status)
9583 struct mgmt_ev_conn_update_failed ev;
9585 bacpy(&ev.addr.bdaddr, bdaddr);
9586 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9589 return mgmt_event(MGMT_EV_CONN_UPDATE_FAILED, hdev,
9590 &ev, sizeof(ev), NULL);
9593 int mgmt_le_conn_updated(struct hci_dev *hdev, bdaddr_t *bdaddr,
9594 u8 link_type, u8 addr_type, u16 conn_interval,
9595 u16 conn_latency, u16 supervision_timeout)
9597 struct mgmt_ev_conn_updated ev;
9599 bacpy(&ev.addr.bdaddr, bdaddr);
9600 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9601 ev.conn_interval = cpu_to_le16(conn_interval);
9602 ev.conn_latency = cpu_to_le16(conn_latency);
9603 ev.supervision_timeout = cpu_to_le16(supervision_timeout);
9605 return mgmt_event(MGMT_EV_CONN_UPDATED, hdev,
9606 &ev, sizeof(ev), NULL);
9610 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, void *data,
9613 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
9614 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
9615 u8 *h192, *r192, *h256, *r256;
9616 struct mgmt_pending_cmd *cmd = data;
9617 struct sk_buff *skb = cmd->skb;
9618 u8 status = mgmt_status(err);
9621 if (cmd != pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev))
9626 status = MGMT_STATUS_FAILED;
9627 else if (IS_ERR(skb))
9628 status = mgmt_status(PTR_ERR(skb));
9630 status = mgmt_status(skb->data[0]);
9633 bt_dev_dbg(hdev, "status %u", status);
9635 mgmt_cp = cmd->param;
9638 status = mgmt_status(status);
9645 } else if (!bredr_sc_enabled(hdev)) {
9646 struct hci_rp_read_local_oob_data *rp;
9648 if (skb->len != sizeof(*rp)) {
9649 status = MGMT_STATUS_FAILED;
9652 status = MGMT_STATUS_SUCCESS;
9653 rp = (void *)skb->data;
9655 eir_len = 5 + 18 + 18;
9662 struct hci_rp_read_local_oob_ext_data *rp;
9664 if (skb->len != sizeof(*rp)) {
9665 status = MGMT_STATUS_FAILED;
9668 status = MGMT_STATUS_SUCCESS;
9669 rp = (void *)skb->data;
9671 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
9672 eir_len = 5 + 18 + 18;
9676 eir_len = 5 + 18 + 18 + 18 + 18;
9686 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
9693 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
9694 hdev->dev_class, 3);
9697 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
9698 EIR_SSP_HASH_C192, h192, 16);
9699 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
9700 EIR_SSP_RAND_R192, r192, 16);
9704 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
9705 EIR_SSP_HASH_C256, h256, 16);
9706 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
9707 EIR_SSP_RAND_R256, r256, 16);
9711 mgmt_rp->type = mgmt_cp->type;
9712 mgmt_rp->eir_len = cpu_to_le16(eir_len);
9714 err = mgmt_cmd_complete(cmd->sk, hdev->id,
9715 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
9716 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
9717 if (err < 0 || status)
9720 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
9722 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
9723 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
9724 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
9726 if (skb && !IS_ERR(skb))
9730 mgmt_pending_remove(cmd);
9733 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
9734 struct mgmt_cp_read_local_oob_ext_data *cp)
9736 struct mgmt_pending_cmd *cmd;
9739 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
9744 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
9745 read_local_oob_ext_data_complete);
9748 mgmt_pending_remove(cmd);
9755 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
9756 void *data, u16 data_len)
9758 struct mgmt_cp_read_local_oob_ext_data *cp = data;
9759 struct mgmt_rp_read_local_oob_ext_data *rp;
9762 u8 status, flags, role, addr[7], hash[16], rand[16];
9765 bt_dev_dbg(hdev, "sock %p", sk);
9767 if (hdev_is_powered(hdev)) {
9769 case BIT(BDADDR_BREDR):
9770 status = mgmt_bredr_support(hdev);
9776 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
9777 status = mgmt_le_support(hdev);
9781 eir_len = 9 + 3 + 18 + 18 + 3;
9784 status = MGMT_STATUS_INVALID_PARAMS;
9789 status = MGMT_STATUS_NOT_POWERED;
9793 rp_len = sizeof(*rp) + eir_len;
9794 rp = kmalloc(rp_len, GFP_ATOMIC);
9798 if (!status && !lmp_ssp_capable(hdev)) {
9799 status = MGMT_STATUS_NOT_SUPPORTED;
9810 case BIT(BDADDR_BREDR):
9811 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
9812 err = read_local_ssp_oob_req(hdev, sk, cp);
9813 hci_dev_unlock(hdev);
9817 status = MGMT_STATUS_FAILED;
9820 eir_len = eir_append_data(rp->eir, eir_len,
9822 hdev->dev_class, 3);
9825 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
9826 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
9827 smp_generate_oob(hdev, hash, rand) < 0) {
9828 hci_dev_unlock(hdev);
9829 status = MGMT_STATUS_FAILED;
9833 /* This should return the active RPA, but since the RPA
9834 * is only programmed on demand, it is really hard to fill
9835 * this in at the moment. For now disallow retrieving
9836 * local out-of-band data when privacy is in use.
9838 * Returning the identity address will not help here since
9839 * pairing happens before the identity resolving key is
9840 * known and thus the connection establishment happens
9841 * based on the RPA and not the identity address.
9843 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
9844 hci_dev_unlock(hdev);
9845 status = MGMT_STATUS_REJECTED;
9849 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
9850 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
9851 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
9852 bacmp(&hdev->static_addr, BDADDR_ANY))) {
9853 memcpy(addr, &hdev->static_addr, 6);
9856 memcpy(addr, &hdev->bdaddr, 6);
9860 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
9861 addr, sizeof(addr));
9863 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
9868 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
9869 &role, sizeof(role));
9871 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
9872 eir_len = eir_append_data(rp->eir, eir_len,
9874 hash, sizeof(hash));
9876 eir_len = eir_append_data(rp->eir, eir_len,
9878 rand, sizeof(rand));
9881 flags = mgmt_get_adv_discov_flags(hdev);
9883 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9884 flags |= LE_AD_NO_BREDR;
9886 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
9887 &flags, sizeof(flags));
9891 hci_dev_unlock(hdev);
9893 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
9895 status = MGMT_STATUS_SUCCESS;
9898 rp->type = cp->type;
9899 rp->eir_len = cpu_to_le16(eir_len);
9901 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
9902 status, rp, sizeof(*rp) + eir_len);
9903 if (err < 0 || status)
9906 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
9907 rp, sizeof(*rp) + eir_len,
9908 HCI_MGMT_OOB_DATA_EVENTS, sk);
9916 static u32 get_supported_adv_flags(struct hci_dev *hdev)
9920 flags |= MGMT_ADV_FLAG_CONNECTABLE;
9921 flags |= MGMT_ADV_FLAG_DISCOV;
9922 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
9923 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
9924 flags |= MGMT_ADV_FLAG_APPEARANCE;
9925 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
9926 flags |= MGMT_ADV_PARAM_DURATION;
9927 flags |= MGMT_ADV_PARAM_TIMEOUT;
9928 flags |= MGMT_ADV_PARAM_INTERVALS;
9929 flags |= MGMT_ADV_PARAM_TX_POWER;
9930 flags |= MGMT_ADV_PARAM_SCAN_RSP;
9932 /* In extended adv TX_POWER returned from Set Adv Param
9933 * will be always valid.
9935 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID || ext_adv_capable(hdev))
9936 flags |= MGMT_ADV_FLAG_TX_POWER;
9938 if (ext_adv_capable(hdev)) {
9939 flags |= MGMT_ADV_FLAG_SEC_1M;
9940 flags |= MGMT_ADV_FLAG_HW_OFFLOAD;
9941 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER;
9943 if (hdev->le_features[1] & HCI_LE_PHY_2M)
9944 flags |= MGMT_ADV_FLAG_SEC_2M;
9946 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
9947 flags |= MGMT_ADV_FLAG_SEC_CODED;
9953 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
9954 void *data, u16 data_len)
9956 struct mgmt_rp_read_adv_features *rp;
9959 struct adv_info *adv_instance;
9960 u32 supported_flags;
9963 bt_dev_dbg(hdev, "sock %p", sk);
9965 if (!lmp_le_capable(hdev))
9966 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
9967 MGMT_STATUS_REJECTED);
9971 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
9972 rp = kmalloc(rp_len, GFP_ATOMIC);
9974 hci_dev_unlock(hdev);
9978 supported_flags = get_supported_adv_flags(hdev);
9980 rp->supported_flags = cpu_to_le32(supported_flags);
9981 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
9982 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
9983 rp->max_instances = hdev->le_num_of_adv_sets;
9984 rp->num_instances = hdev->adv_instance_cnt;
9986 instance = rp->instance;
9987 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
9988 /* Only instances 1-le_num_of_adv_sets are externally visible */
9989 if (adv_instance->instance <= hdev->adv_instance_cnt) {
9990 *instance = adv_instance->instance;
9993 rp->num_instances--;
9998 hci_dev_unlock(hdev);
10000 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
10001 MGMT_STATUS_SUCCESS, rp, rp_len);
10008 static u8 calculate_name_len(struct hci_dev *hdev)
10010 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
10012 return eir_append_local_name(hdev, buf, 0);
10015 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
10018 u8 max_len = HCI_MAX_AD_LENGTH;
10021 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
10022 MGMT_ADV_FLAG_LIMITED_DISCOV |
10023 MGMT_ADV_FLAG_MANAGED_FLAGS))
10026 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
10029 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
10030 max_len -= calculate_name_len(hdev);
10032 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
10039 static bool flags_managed(u32 adv_flags)
10041 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
10042 MGMT_ADV_FLAG_LIMITED_DISCOV |
10043 MGMT_ADV_FLAG_MANAGED_FLAGS);
10046 static bool tx_power_managed(u32 adv_flags)
10048 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
10051 static bool name_managed(u32 adv_flags)
10053 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
10056 static bool appearance_managed(u32 adv_flags)
10058 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
10061 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
10062 u8 len, bool is_adv_data)
10067 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
10072 /* Make sure that the data is correctly formatted. */
10073 for (i = 0; i < len; i += (cur_len + 1)) {
10079 if (data[i + 1] == EIR_FLAGS &&
10080 (!is_adv_data || flags_managed(adv_flags)))
10083 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
10086 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
10089 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
10092 if (data[i + 1] == EIR_APPEARANCE &&
10093 appearance_managed(adv_flags))
10096 /* If the current field length would exceed the total data
10097 * length, then it's invalid.
10099 if (i + cur_len >= len)
10106 static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags)
10108 u32 supported_flags, phy_flags;
10110 /* The current implementation only supports a subset of the specified
10111 * flags. Also need to check mutual exclusiveness of sec flags.
10113 supported_flags = get_supported_adv_flags(hdev);
10114 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK;
10115 if (adv_flags & ~supported_flags ||
10116 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
10122 static bool adv_busy(struct hci_dev *hdev)
10124 return pending_find(MGMT_OP_SET_LE, hdev);
10127 static void add_adv_complete(struct hci_dev *hdev, struct sock *sk, u8 instance,
10130 struct adv_info *adv, *n;
10132 bt_dev_dbg(hdev, "err %d", err);
10134 hci_dev_lock(hdev);
10136 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) {
10143 adv->pending = false;
10147 instance = adv->instance;
10149 if (hdev->cur_adv_instance == instance)
10150 cancel_adv_timeout(hdev);
10152 hci_remove_adv_instance(hdev, instance);
10153 mgmt_advertising_removed(sk, hdev, instance);
10156 hci_dev_unlock(hdev);
10159 static void add_advertising_complete(struct hci_dev *hdev, void *data, int err)
10161 struct mgmt_pending_cmd *cmd = data;
10162 struct mgmt_cp_add_advertising *cp = cmd->param;
10163 struct mgmt_rp_add_advertising rp;
10165 memset(&rp, 0, sizeof(rp));
10167 rp.instance = cp->instance;
10170 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
10173 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
10174 mgmt_status(err), &rp, sizeof(rp));
10176 add_adv_complete(hdev, cmd->sk, cp->instance, err);
10178 mgmt_pending_free(cmd);
10181 static int add_advertising_sync(struct hci_dev *hdev, void *data)
10183 struct mgmt_pending_cmd *cmd = data;
10184 struct mgmt_cp_add_advertising *cp = cmd->param;
10186 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
10189 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
10190 void *data, u16 data_len)
10192 struct mgmt_cp_add_advertising *cp = data;
10193 struct mgmt_rp_add_advertising rp;
10196 u16 timeout, duration;
10197 unsigned int prev_instance_cnt;
10198 u8 schedule_instance = 0;
10199 struct adv_info *adv, *next_instance;
10201 struct mgmt_pending_cmd *cmd;
10203 bt_dev_dbg(hdev, "sock %p", sk);
10205 status = mgmt_le_support(hdev);
10207 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10210 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
10211 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10212 MGMT_STATUS_INVALID_PARAMS);
10214 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
10215 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10216 MGMT_STATUS_INVALID_PARAMS);
10218 flags = __le32_to_cpu(cp->flags);
10219 timeout = __le16_to_cpu(cp->timeout);
10220 duration = __le16_to_cpu(cp->duration);
10222 if (!requested_adv_flags_are_valid(hdev, flags))
10223 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10224 MGMT_STATUS_INVALID_PARAMS);
10226 hci_dev_lock(hdev);
10228 if (timeout && !hdev_is_powered(hdev)) {
10229 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10230 MGMT_STATUS_REJECTED);
10234 if (adv_busy(hdev)) {
10235 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10240 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
10241 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
10242 cp->scan_rsp_len, false)) {
10243 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10244 MGMT_STATUS_INVALID_PARAMS);
10248 prev_instance_cnt = hdev->adv_instance_cnt;
10250 adv = hci_add_adv_instance(hdev, cp->instance, flags,
10251 cp->adv_data_len, cp->data,
10253 cp->data + cp->adv_data_len,
10255 HCI_ADV_TX_POWER_NO_PREFERENCE,
10256 hdev->le_adv_min_interval,
10257 hdev->le_adv_max_interval, 0);
10259 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10260 MGMT_STATUS_FAILED);
10264 /* Only trigger an advertising added event if a new instance was
10267 if (hdev->adv_instance_cnt > prev_instance_cnt)
10268 mgmt_advertising_added(sk, hdev, cp->instance);
10270 if (hdev->cur_adv_instance == cp->instance) {
10271 /* If the currently advertised instance is being changed then
10272 * cancel the current advertising and schedule the next
10273 * instance. If there is only one instance then the overridden
10274 * advertising data will be visible right away.
10276 cancel_adv_timeout(hdev);
10278 next_instance = hci_get_next_instance(hdev, cp->instance);
10280 schedule_instance = next_instance->instance;
10281 } else if (!hdev->adv_instance_timeout) {
10282 /* Immediately advertise the new instance if no other
10283 * instance is currently being advertised.
10285 schedule_instance = cp->instance;
10288 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
10289 * there is no instance to be advertised then we have no HCI
10290 * communication to make. Simply return.
10292 if (!hdev_is_powered(hdev) ||
10293 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
10294 !schedule_instance) {
10295 rp.instance = cp->instance;
10296 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10297 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10301 /* We're good to go, update advertising data, parameters, and start
10304 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
10311 cp->instance = schedule_instance;
10313 err = hci_cmd_sync_queue(hdev, add_advertising_sync, cmd,
10314 add_advertising_complete);
10316 mgmt_pending_free(cmd);
10319 hci_dev_unlock(hdev);
10324 static void add_ext_adv_params_complete(struct hci_dev *hdev, void *data,
10327 struct mgmt_pending_cmd *cmd = data;
10328 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
10329 struct mgmt_rp_add_ext_adv_params rp;
10330 struct adv_info *adv;
10333 BT_DBG("%s", hdev->name);
10335 hci_dev_lock(hdev);
10337 adv = hci_find_adv_instance(hdev, cp->instance);
10341 rp.instance = cp->instance;
10342 rp.tx_power = adv->tx_power;
10344 /* While we're at it, inform userspace of the available space for this
10345 * advertisement, given the flags that will be used.
10347 flags = __le32_to_cpu(cp->flags);
10348 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
10349 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
10352 /* If this advertisement was previously advertising and we
10353 * failed to update it, we signal that it has been removed and
10354 * delete its structure
10357 mgmt_advertising_removed(cmd->sk, hdev, cp->instance);
10359 hci_remove_adv_instance(hdev, cp->instance);
10361 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
10364 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
10365 mgmt_status(err), &rp, sizeof(rp));
10370 mgmt_pending_free(cmd);
10372 hci_dev_unlock(hdev);
10375 static int add_ext_adv_params_sync(struct hci_dev *hdev, void *data)
10377 struct mgmt_pending_cmd *cmd = data;
10378 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
10380 return hci_setup_ext_adv_instance_sync(hdev, cp->instance);
10383 static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev,
10384 void *data, u16 data_len)
10386 struct mgmt_cp_add_ext_adv_params *cp = data;
10387 struct mgmt_rp_add_ext_adv_params rp;
10388 struct mgmt_pending_cmd *cmd = NULL;
10389 struct adv_info *adv;
10390 u32 flags, min_interval, max_interval;
10391 u16 timeout, duration;
10396 BT_DBG("%s", hdev->name);
10398 status = mgmt_le_support(hdev);
10400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10403 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
10404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10405 MGMT_STATUS_INVALID_PARAMS);
10407 /* The purpose of breaking add_advertising into two separate MGMT calls
10408 * for params and data is to allow more parameters to be added to this
10409 * structure in the future. For this reason, we verify that we have the
10410 * bare minimum structure we know of when the interface was defined. Any
10411 * extra parameters we don't know about will be ignored in this request.
10413 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE)
10414 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10415 MGMT_STATUS_INVALID_PARAMS);
10417 flags = __le32_to_cpu(cp->flags);
10419 if (!requested_adv_flags_are_valid(hdev, flags))
10420 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10421 MGMT_STATUS_INVALID_PARAMS);
10423 hci_dev_lock(hdev);
10425 /* In new interface, we require that we are powered to register */
10426 if (!hdev_is_powered(hdev)) {
10427 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10428 MGMT_STATUS_REJECTED);
10432 if (adv_busy(hdev)) {
10433 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10438 /* Parse defined parameters from request, use defaults otherwise */
10439 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ?
10440 __le16_to_cpu(cp->timeout) : 0;
10442 duration = (flags & MGMT_ADV_PARAM_DURATION) ?
10443 __le16_to_cpu(cp->duration) :
10444 hdev->def_multi_adv_rotation_duration;
10446 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
10447 __le32_to_cpu(cp->min_interval) :
10448 hdev->le_adv_min_interval;
10450 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
10451 __le32_to_cpu(cp->max_interval) :
10452 hdev->le_adv_max_interval;
10454 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ?
10456 HCI_ADV_TX_POWER_NO_PREFERENCE;
10458 /* Create advertising instance with no advertising or response data */
10459 adv = hci_add_adv_instance(hdev, cp->instance, flags, 0, NULL, 0, NULL,
10460 timeout, duration, tx_power, min_interval,
10464 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10465 MGMT_STATUS_FAILED);
10469 /* Submit request for advertising params if ext adv available */
10470 if (ext_adv_capable(hdev)) {
10471 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_PARAMS, hdev,
10475 hci_remove_adv_instance(hdev, cp->instance);
10479 err = hci_cmd_sync_queue(hdev, add_ext_adv_params_sync, cmd,
10480 add_ext_adv_params_complete);
10482 mgmt_pending_free(cmd);
10484 rp.instance = cp->instance;
10485 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE;
10486 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
10487 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
10488 err = mgmt_cmd_complete(sk, hdev->id,
10489 MGMT_OP_ADD_EXT_ADV_PARAMS,
10490 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10494 hci_dev_unlock(hdev);
10499 static void add_ext_adv_data_complete(struct hci_dev *hdev, void *data, int err)
10501 struct mgmt_pending_cmd *cmd = data;
10502 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
10503 struct mgmt_rp_add_advertising rp;
10505 add_adv_complete(hdev, cmd->sk, cp->instance, err);
10507 memset(&rp, 0, sizeof(rp));
10509 rp.instance = cp->instance;
10512 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
10515 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
10516 mgmt_status(err), &rp, sizeof(rp));
10518 mgmt_pending_free(cmd);
10521 static int add_ext_adv_data_sync(struct hci_dev *hdev, void *data)
10523 struct mgmt_pending_cmd *cmd = data;
10524 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
10527 if (ext_adv_capable(hdev)) {
10528 err = hci_update_adv_data_sync(hdev, cp->instance);
10532 err = hci_update_scan_rsp_data_sync(hdev, cp->instance);
10536 return hci_enable_ext_advertising_sync(hdev, cp->instance);
10539 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
10542 static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data,
10545 struct mgmt_cp_add_ext_adv_data *cp = data;
10546 struct mgmt_rp_add_ext_adv_data rp;
10547 u8 schedule_instance = 0;
10548 struct adv_info *next_instance;
10549 struct adv_info *adv_instance;
10551 struct mgmt_pending_cmd *cmd;
10553 BT_DBG("%s", hdev->name);
10555 hci_dev_lock(hdev);
10557 adv_instance = hci_find_adv_instance(hdev, cp->instance);
10559 if (!adv_instance) {
10560 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10561 MGMT_STATUS_INVALID_PARAMS);
10565 /* In new interface, we require that we are powered to register */
10566 if (!hdev_is_powered(hdev)) {
10567 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10568 MGMT_STATUS_REJECTED);
10569 goto clear_new_instance;
10572 if (adv_busy(hdev)) {
10573 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10575 goto clear_new_instance;
10578 /* Validate new data */
10579 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data,
10580 cp->adv_data_len, true) ||
10581 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data +
10582 cp->adv_data_len, cp->scan_rsp_len, false)) {
10583 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10584 MGMT_STATUS_INVALID_PARAMS);
10585 goto clear_new_instance;
10588 /* Set the data in the advertising instance */
10589 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len,
10590 cp->data, cp->scan_rsp_len,
10591 cp->data + cp->adv_data_len);
10593 /* If using software rotation, determine next instance to use */
10594 if (hdev->cur_adv_instance == cp->instance) {
10595 /* If the currently advertised instance is being changed
10596 * then cancel the current advertising and schedule the
10597 * next instance. If there is only one instance then the
10598 * overridden advertising data will be visible right
10601 cancel_adv_timeout(hdev);
10603 next_instance = hci_get_next_instance(hdev, cp->instance);
10605 schedule_instance = next_instance->instance;
10606 } else if (!hdev->adv_instance_timeout) {
10607 /* Immediately advertise the new instance if no other
10608 * instance is currently being advertised.
10610 schedule_instance = cp->instance;
10613 /* If the HCI_ADVERTISING flag is set or there is no instance to
10614 * be advertised then we have no HCI communication to make.
10617 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || !schedule_instance) {
10618 if (adv_instance->pending) {
10619 mgmt_advertising_added(sk, hdev, cp->instance);
10620 adv_instance->pending = false;
10622 rp.instance = cp->instance;
10623 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10624 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10628 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data,
10632 goto clear_new_instance;
10635 err = hci_cmd_sync_queue(hdev, add_ext_adv_data_sync, cmd,
10636 add_ext_adv_data_complete);
10638 mgmt_pending_free(cmd);
10639 goto clear_new_instance;
10642 /* We were successful in updating data, so trigger advertising_added
10643 * event if this is an instance that wasn't previously advertising. If
10644 * a failure occurs in the requests we initiated, we will remove the
10645 * instance again in add_advertising_complete
10647 if (adv_instance->pending)
10648 mgmt_advertising_added(sk, hdev, cp->instance);
10652 clear_new_instance:
10653 hci_remove_adv_instance(hdev, cp->instance);
10656 hci_dev_unlock(hdev);
10661 static void remove_advertising_complete(struct hci_dev *hdev, void *data,
10664 struct mgmt_pending_cmd *cmd = data;
10665 struct mgmt_cp_remove_advertising *cp = cmd->param;
10666 struct mgmt_rp_remove_advertising rp;
10668 bt_dev_dbg(hdev, "err %d", err);
10670 memset(&rp, 0, sizeof(rp));
10671 rp.instance = cp->instance;
10674 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
10677 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
10678 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10680 mgmt_pending_free(cmd);
10683 static int remove_advertising_sync(struct hci_dev *hdev, void *data)
10685 struct mgmt_pending_cmd *cmd = data;
10686 struct mgmt_cp_remove_advertising *cp = cmd->param;
10689 err = hci_remove_advertising_sync(hdev, cmd->sk, cp->instance, true);
10693 if (list_empty(&hdev->adv_instances))
10694 err = hci_disable_advertising_sync(hdev);
10699 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
10700 void *data, u16 data_len)
10702 struct mgmt_cp_remove_advertising *cp = data;
10703 struct mgmt_pending_cmd *cmd;
10706 bt_dev_dbg(hdev, "sock %p", sk);
10708 hci_dev_lock(hdev);
10710 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
10711 err = mgmt_cmd_status(sk, hdev->id,
10712 MGMT_OP_REMOVE_ADVERTISING,
10713 MGMT_STATUS_INVALID_PARAMS);
10717 if (pending_find(MGMT_OP_SET_LE, hdev)) {
10718 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
10723 if (list_empty(&hdev->adv_instances)) {
10724 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
10725 MGMT_STATUS_INVALID_PARAMS);
10729 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
10736 err = hci_cmd_sync_queue(hdev, remove_advertising_sync, cmd,
10737 remove_advertising_complete);
10739 mgmt_pending_free(cmd);
10742 hci_dev_unlock(hdev);
10747 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
10748 void *data, u16 data_len)
10750 struct mgmt_cp_get_adv_size_info *cp = data;
10751 struct mgmt_rp_get_adv_size_info rp;
10752 u32 flags, supported_flags;
10754 bt_dev_dbg(hdev, "sock %p", sk);
10756 if (!lmp_le_capable(hdev))
10757 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
10758 MGMT_STATUS_REJECTED);
10760 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
10761 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
10762 MGMT_STATUS_INVALID_PARAMS);
10764 flags = __le32_to_cpu(cp->flags);
10766 /* The current implementation only supports a subset of the specified
10769 supported_flags = get_supported_adv_flags(hdev);
10770 if (flags & ~supported_flags)
10771 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
10772 MGMT_STATUS_INVALID_PARAMS);
10774 rp.instance = cp->instance;
10775 rp.flags = cp->flags;
10776 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
10777 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
10779 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
10780 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10783 static const struct hci_mgmt_handler mgmt_handlers[] = {
10784 { NULL }, /* 0x0000 (no command) */
10785 { read_version, MGMT_READ_VERSION_SIZE,
10787 HCI_MGMT_UNTRUSTED },
10788 { read_commands, MGMT_READ_COMMANDS_SIZE,
10790 HCI_MGMT_UNTRUSTED },
10791 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
10793 HCI_MGMT_UNTRUSTED },
10794 { read_controller_info, MGMT_READ_INFO_SIZE,
10795 HCI_MGMT_UNTRUSTED },
10796 { set_powered, MGMT_SETTING_SIZE },
10797 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
10798 { set_connectable, MGMT_SETTING_SIZE },
10799 { set_fast_connectable, MGMT_SETTING_SIZE },
10800 { set_bondable, MGMT_SETTING_SIZE },
10801 { set_link_security, MGMT_SETTING_SIZE },
10802 { set_ssp, MGMT_SETTING_SIZE },
10803 { set_hs, MGMT_SETTING_SIZE },
10804 { set_le, MGMT_SETTING_SIZE },
10805 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
10806 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
10807 { add_uuid, MGMT_ADD_UUID_SIZE },
10808 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
10809 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
10810 HCI_MGMT_VAR_LEN },
10811 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
10812 HCI_MGMT_VAR_LEN },
10813 { disconnect, MGMT_DISCONNECT_SIZE },
10814 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
10815 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
10816 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
10817 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
10818 { pair_device, MGMT_PAIR_DEVICE_SIZE },
10819 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
10820 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
10821 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
10822 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
10823 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
10824 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
10825 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
10826 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
10827 HCI_MGMT_VAR_LEN },
10828 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
10829 { start_discovery, MGMT_START_DISCOVERY_SIZE },
10830 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
10831 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
10832 { block_device, MGMT_BLOCK_DEVICE_SIZE },
10833 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
10834 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
10835 { set_advertising, MGMT_SETTING_SIZE },
10836 { set_bredr, MGMT_SETTING_SIZE },
10837 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
10838 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
10839 { set_secure_conn, MGMT_SETTING_SIZE },
10840 { set_debug_keys, MGMT_SETTING_SIZE },
10841 { set_privacy, MGMT_SET_PRIVACY_SIZE },
10842 { load_irks, MGMT_LOAD_IRKS_SIZE,
10843 HCI_MGMT_VAR_LEN },
10844 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
10845 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
10846 { add_device, MGMT_ADD_DEVICE_SIZE },
10847 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
10848 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
10849 HCI_MGMT_VAR_LEN },
10850 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
10852 HCI_MGMT_UNTRUSTED },
10853 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
10854 HCI_MGMT_UNCONFIGURED |
10855 HCI_MGMT_UNTRUSTED },
10856 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
10857 HCI_MGMT_UNCONFIGURED },
10858 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
10859 HCI_MGMT_UNCONFIGURED },
10860 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
10861 HCI_MGMT_VAR_LEN },
10862 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
10863 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
10865 HCI_MGMT_UNTRUSTED },
10866 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
10867 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
10868 HCI_MGMT_VAR_LEN },
10869 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
10870 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
10871 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
10872 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
10873 HCI_MGMT_UNTRUSTED },
10874 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
10875 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
10876 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
10877 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
10878 HCI_MGMT_VAR_LEN },
10879 { set_wideband_speech, MGMT_SETTING_SIZE },
10880 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE,
10881 HCI_MGMT_UNTRUSTED },
10882 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE,
10883 HCI_MGMT_UNTRUSTED |
10884 HCI_MGMT_HDEV_OPTIONAL },
10885 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE,
10887 HCI_MGMT_HDEV_OPTIONAL },
10888 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE,
10889 HCI_MGMT_UNTRUSTED },
10890 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE,
10891 HCI_MGMT_VAR_LEN },
10892 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE,
10893 HCI_MGMT_UNTRUSTED },
10894 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE,
10895 HCI_MGMT_VAR_LEN },
10896 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE },
10897 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE },
10898 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE },
10899 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE,
10900 HCI_MGMT_VAR_LEN },
10901 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE },
10902 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE,
10903 HCI_MGMT_VAR_LEN },
10904 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE,
10905 HCI_MGMT_VAR_LEN },
10906 { add_adv_patterns_monitor_rssi,
10907 MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE,
10908 HCI_MGMT_VAR_LEN },
10909 { set_mesh, MGMT_SET_MESH_RECEIVER_SIZE,
10910 HCI_MGMT_VAR_LEN },
10911 { mesh_features, MGMT_MESH_READ_FEATURES_SIZE },
10912 { mesh_send, MGMT_MESH_SEND_SIZE,
10913 HCI_MGMT_VAR_LEN },
10914 { mesh_send_cancel, MGMT_MESH_SEND_CANCEL_SIZE },
10918 static const struct hci_mgmt_handler tizen_mgmt_handlers[] = {
10919 { NULL }, /* 0x0000 (no command) */
10920 { set_advertising_params, MGMT_SET_ADVERTISING_PARAMS_SIZE },
10921 { set_advertising_data, MGMT_SET_ADV_MIN_APP_DATA_SIZE,
10922 HCI_MGMT_VAR_LEN },
10923 { set_scan_rsp_data, MGMT_SET_SCAN_RSP_MIN_APP_DATA_SIZE,
10924 HCI_MGMT_VAR_LEN },
10925 { add_white_list, MGMT_ADD_DEV_WHITE_LIST_SIZE },
10926 { remove_from_white_list, MGMT_REMOVE_DEV_FROM_WHITE_LIST_SIZE },
10927 { clear_white_list, MGMT_OP_CLEAR_DEV_WHITE_LIST_SIZE },
10928 { set_enable_rssi, MGMT_SET_RSSI_ENABLE_SIZE },
10929 { get_raw_rssi, MGMT_GET_RAW_RSSI_SIZE },
10930 { set_disable_threshold, MGMT_SET_RSSI_DISABLE_SIZE },
10931 { start_le_discovery, MGMT_START_LE_DISCOVERY_SIZE },
10932 { stop_le_discovery, MGMT_STOP_LE_DISCOVERY_SIZE },
10933 { disable_le_auto_connect, MGMT_DISABLE_LE_AUTO_CONNECT_SIZE },
10934 { le_conn_update, MGMT_LE_CONN_UPDATE_SIZE },
10938 void mgmt_index_added(struct hci_dev *hdev)
10940 struct mgmt_ev_ext_index ev;
10942 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
10945 switch (hdev->dev_type) {
10947 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
10948 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
10949 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
10952 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
10953 HCI_MGMT_INDEX_EVENTS);
10964 ev.bus = hdev->bus;
10966 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
10967 HCI_MGMT_EXT_INDEX_EVENTS);
10970 void mgmt_index_removed(struct hci_dev *hdev)
10972 struct mgmt_ev_ext_index ev;
10973 u8 status = MGMT_STATUS_INVALID_INDEX;
10975 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
10978 switch (hdev->dev_type) {
10980 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
10982 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
10983 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
10984 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
10987 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
10988 HCI_MGMT_INDEX_EVENTS);
10999 ev.bus = hdev->bus;
11001 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
11002 HCI_MGMT_EXT_INDEX_EVENTS);
11004 /* Cancel any remaining timed work */
11005 if (!hci_dev_test_flag(hdev, HCI_MGMT))
11007 cancel_delayed_work_sync(&hdev->discov_off);
11008 cancel_delayed_work_sync(&hdev->service_cache);
11009 cancel_delayed_work_sync(&hdev->rpa_expired);
11012 void mgmt_power_on(struct hci_dev *hdev, int err)
11014 struct cmd_lookup match = { NULL, hdev };
11016 bt_dev_dbg(hdev, "err %d", err);
11018 hci_dev_lock(hdev);
11021 restart_le_actions(hdev);
11022 hci_update_passive_scan(hdev);
11025 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
11027 new_settings(hdev, match.sk);
11030 sock_put(match.sk);
11032 hci_dev_unlock(hdev);
11035 void __mgmt_power_off(struct hci_dev *hdev)
11037 struct cmd_lookup match = { NULL, hdev };
11038 u8 status, zero_cod[] = { 0, 0, 0 };
11040 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
11042 /* If the power off is because of hdev unregistration let
11043 * use the appropriate INVALID_INDEX status. Otherwise use
11044 * NOT_POWERED. We cover both scenarios here since later in
11045 * mgmt_index_removed() any hci_conn callbacks will have already
11046 * been triggered, potentially causing misleading DISCONNECTED
11047 * status responses.
11049 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
11050 status = MGMT_STATUS_INVALID_INDEX;
11052 status = MGMT_STATUS_NOT_POWERED;
11054 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
11056 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
11057 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
11058 zero_cod, sizeof(zero_cod),
11059 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
11060 ext_info_changed(hdev, NULL);
11063 new_settings(hdev, match.sk);
11066 sock_put(match.sk);
11069 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
11071 struct mgmt_pending_cmd *cmd;
11074 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
11078 if (err == -ERFKILL)
11079 status = MGMT_STATUS_RFKILLED;
11081 status = MGMT_STATUS_FAILED;
11083 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
11085 mgmt_pending_remove(cmd);
11088 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
11091 struct mgmt_ev_new_link_key ev;
11093 memset(&ev, 0, sizeof(ev));
11095 ev.store_hint = persistent;
11096 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
11097 ev.key.addr.type = BDADDR_BREDR;
11098 ev.key.type = key->type;
11099 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
11100 ev.key.pin_len = key->pin_len;
11102 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
11105 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
11107 switch (ltk->type) {
11109 case SMP_LTK_RESPONDER:
11110 if (ltk->authenticated)
11111 return MGMT_LTK_AUTHENTICATED;
11112 return MGMT_LTK_UNAUTHENTICATED;
11114 if (ltk->authenticated)
11115 return MGMT_LTK_P256_AUTH;
11116 return MGMT_LTK_P256_UNAUTH;
11117 case SMP_LTK_P256_DEBUG:
11118 return MGMT_LTK_P256_DEBUG;
11121 return MGMT_LTK_UNAUTHENTICATED;
11124 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
11126 struct mgmt_ev_new_long_term_key ev;
11128 memset(&ev, 0, sizeof(ev));
11130 /* Devices using resolvable or non-resolvable random addresses
11131 * without providing an identity resolving key don't require
11132 * to store long term keys. Their addresses will change the
11133 * next time around.
11135 * Only when a remote device provides an identity address
11136 * make sure the long term key is stored. If the remote
11137 * identity is known, the long term keys are internally
11138 * mapped to the identity address. So allow static random
11139 * and public addresses here.
11141 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
11142 (key->bdaddr.b[5] & 0xc0) != 0xc0)
11143 ev.store_hint = 0x00;
11145 ev.store_hint = persistent;
11147 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
11148 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
11149 ev.key.type = mgmt_ltk_type(key);
11150 ev.key.enc_size = key->enc_size;
11151 ev.key.ediv = key->ediv;
11152 ev.key.rand = key->rand;
11154 if (key->type == SMP_LTK)
11155 ev.key.initiator = 1;
11157 /* Make sure we copy only the significant bytes based on the
11158 * encryption key size, and set the rest of the value to zeroes.
11160 memcpy(ev.key.val, key->val, key->enc_size);
11161 memset(ev.key.val + key->enc_size, 0,
11162 sizeof(ev.key.val) - key->enc_size);
11164 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
11167 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
11169 struct mgmt_ev_new_irk ev;
11171 memset(&ev, 0, sizeof(ev));
11173 ev.store_hint = persistent;
11175 bacpy(&ev.rpa, &irk->rpa);
11176 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
11177 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
11178 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
11180 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
11183 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
11186 struct mgmt_ev_new_csrk ev;
11188 memset(&ev, 0, sizeof(ev));
11190 /* Devices using resolvable or non-resolvable random addresses
11191 * without providing an identity resolving key don't require
11192 * to store signature resolving keys. Their addresses will change
11193 * the next time around.
11195 * Only when a remote device provides an identity address
11196 * make sure the signature resolving key is stored. So allow
11197 * static random and public addresses here.
11199 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
11200 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
11201 ev.store_hint = 0x00;
11203 ev.store_hint = persistent;
11205 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
11206 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
11207 ev.key.type = csrk->type;
11208 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
11210 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
11213 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
11214 u8 bdaddr_type, u8 store_hint, u16 min_interval,
11215 u16 max_interval, u16 latency, u16 timeout)
11217 struct mgmt_ev_new_conn_param ev;
11219 if (!hci_is_identity_address(bdaddr, bdaddr_type))
11222 memset(&ev, 0, sizeof(ev));
11223 bacpy(&ev.addr.bdaddr, bdaddr);
11224 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
11225 ev.store_hint = store_hint;
11226 ev.min_interval = cpu_to_le16(min_interval);
11227 ev.max_interval = cpu_to_le16(max_interval);
11228 ev.latency = cpu_to_le16(latency);
11229 ev.timeout = cpu_to_le16(timeout);
11231 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
11234 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
11235 u8 *name, u8 name_len)
11237 struct sk_buff *skb;
11238 struct mgmt_ev_device_connected *ev;
11242 /* allocate buff for LE or BR/EDR adv */
11243 if (conn->le_adv_data_len > 0)
11244 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
11245 sizeof(*ev) + conn->le_adv_data_len);
11247 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
11248 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0) +
11249 eir_precalc_len(sizeof(conn->dev_class)));
11251 ev = skb_put(skb, sizeof(*ev));
11252 bacpy(&ev->addr.bdaddr, &conn->dst);
11253 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
11256 flags |= MGMT_DEV_FOUND_INITIATED_CONN;
11258 ev->flags = __cpu_to_le32(flags);
11260 /* We must ensure that the EIR Data fields are ordered and
11261 * unique. Keep it simple for now and avoid the problem by not
11262 * adding any BR/EDR data to the LE adv.
11264 if (conn->le_adv_data_len > 0) {
11265 skb_put_data(skb, conn->le_adv_data, conn->le_adv_data_len);
11266 eir_len = conn->le_adv_data_len;
11269 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
11271 if (memcmp(conn->dev_class, "\0\0\0", sizeof(conn->dev_class)))
11272 eir_len += eir_skb_put_data(skb, EIR_CLASS_OF_DEV,
11273 conn->dev_class, sizeof(conn->dev_class));
11276 ev->eir_len = cpu_to_le16(eir_len);
11278 mgmt_event_skb(skb, NULL);
11281 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
11283 struct sock **sk = data;
11285 cmd->cmd_complete(cmd, 0);
11290 mgmt_pending_remove(cmd);
11293 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
11295 struct hci_dev *hdev = data;
11296 struct mgmt_cp_unpair_device *cp = cmd->param;
11298 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
11300 cmd->cmd_complete(cmd, 0);
11301 mgmt_pending_remove(cmd);
11304 bool mgmt_powering_down(struct hci_dev *hdev)
11306 struct mgmt_pending_cmd *cmd;
11307 struct mgmt_mode *cp;
11309 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
11320 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
11321 u8 link_type, u8 addr_type, u8 reason,
11322 bool mgmt_connected)
11324 struct mgmt_ev_device_disconnected ev;
11325 struct sock *sk = NULL;
11327 /* The connection is still in hci_conn_hash so test for 1
11328 * instead of 0 to know if this is the last one.
11330 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
11331 cancel_delayed_work(&hdev->power_off);
11332 queue_work(hdev->req_workqueue, &hdev->power_off.work);
11335 if (!mgmt_connected)
11338 if (link_type != ACL_LINK && link_type != LE_LINK)
11341 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
11343 bacpy(&ev.addr.bdaddr, bdaddr);
11344 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11345 ev.reason = reason;
11347 /* Report disconnects due to suspend */
11348 if (hdev->suspended)
11349 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND;
11351 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
11356 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
11360 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
11361 u8 link_type, u8 addr_type, u8 status)
11363 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
11364 struct mgmt_cp_disconnect *cp;
11365 struct mgmt_pending_cmd *cmd;
11367 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
11370 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
11376 if (bacmp(bdaddr, &cp->addr.bdaddr))
11379 if (cp->addr.type != bdaddr_type)
11382 cmd->cmd_complete(cmd, mgmt_status(status));
11383 mgmt_pending_remove(cmd);
11386 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
11387 u8 addr_type, u8 status)
11389 struct mgmt_ev_connect_failed ev;
11391 /* The connection is still in hci_conn_hash so test for 1
11392 * instead of 0 to know if this is the last one.
11394 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
11395 cancel_delayed_work(&hdev->power_off);
11396 queue_work(hdev->req_workqueue, &hdev->power_off.work);
11399 bacpy(&ev.addr.bdaddr, bdaddr);
11400 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11401 ev.status = mgmt_status(status);
11403 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
11406 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
11408 struct mgmt_ev_pin_code_request ev;
11410 bacpy(&ev.addr.bdaddr, bdaddr);
11411 ev.addr.type = BDADDR_BREDR;
11412 ev.secure = secure;
11414 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
11417 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11420 struct mgmt_pending_cmd *cmd;
11422 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
11426 cmd->cmd_complete(cmd, mgmt_status(status));
11427 mgmt_pending_remove(cmd);
11430 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11433 struct mgmt_pending_cmd *cmd;
11435 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
11439 cmd->cmd_complete(cmd, mgmt_status(status));
11440 mgmt_pending_remove(cmd);
11443 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
11444 u8 link_type, u8 addr_type, u32 value,
11447 struct mgmt_ev_user_confirm_request ev;
11449 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
11451 bacpy(&ev.addr.bdaddr, bdaddr);
11452 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11453 ev.confirm_hint = confirm_hint;
11454 ev.value = cpu_to_le32(value);
11456 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
11460 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
11461 u8 link_type, u8 addr_type)
11463 struct mgmt_ev_user_passkey_request ev;
11465 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
11467 bacpy(&ev.addr.bdaddr, bdaddr);
11468 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11470 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
11474 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11475 u8 link_type, u8 addr_type, u8 status,
11478 struct mgmt_pending_cmd *cmd;
11480 cmd = pending_find(opcode, hdev);
11484 cmd->cmd_complete(cmd, mgmt_status(status));
11485 mgmt_pending_remove(cmd);
11490 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11491 u8 link_type, u8 addr_type, u8 status)
11493 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
11494 status, MGMT_OP_USER_CONFIRM_REPLY);
11497 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11498 u8 link_type, u8 addr_type, u8 status)
11500 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
11502 MGMT_OP_USER_CONFIRM_NEG_REPLY);
11505 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11506 u8 link_type, u8 addr_type, u8 status)
11508 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
11509 status, MGMT_OP_USER_PASSKEY_REPLY);
11512 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11513 u8 link_type, u8 addr_type, u8 status)
11515 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
11517 MGMT_OP_USER_PASSKEY_NEG_REPLY);
11520 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
11521 u8 link_type, u8 addr_type, u32 passkey,
11524 struct mgmt_ev_passkey_notify ev;
11526 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
11528 bacpy(&ev.addr.bdaddr, bdaddr);
11529 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11530 ev.passkey = __cpu_to_le32(passkey);
11531 ev.entered = entered;
11533 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
11536 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
11538 struct mgmt_ev_auth_failed ev;
11539 struct mgmt_pending_cmd *cmd;
11540 u8 status = mgmt_status(hci_status);
11542 bacpy(&ev.addr.bdaddr, &conn->dst);
11543 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
11544 ev.status = status;
11546 cmd = find_pairing(conn);
11548 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
11549 cmd ? cmd->sk : NULL);
11552 cmd->cmd_complete(cmd, status);
11553 mgmt_pending_remove(cmd);
11557 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
11559 struct cmd_lookup match = { NULL, hdev };
11563 u8 mgmt_err = mgmt_status(status);
11564 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
11565 cmd_status_rsp, &mgmt_err);
11569 if (test_bit(HCI_AUTH, &hdev->flags))
11570 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
11572 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
11574 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
11578 new_settings(hdev, match.sk);
11581 sock_put(match.sk);
11584 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
11586 struct cmd_lookup *match = data;
11588 if (match->sk == NULL) {
11589 match->sk = cmd->sk;
11590 sock_hold(match->sk);
11594 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
11597 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
11599 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
11600 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
11601 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
11604 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
11605 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
11606 ext_info_changed(hdev, NULL);
11610 sock_put(match.sk);
11613 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
11615 struct mgmt_cp_set_local_name ev;
11616 struct mgmt_pending_cmd *cmd;
11621 memset(&ev, 0, sizeof(ev));
11622 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
11623 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
11625 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
11627 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
11629 /* If this is a HCI command related to powering on the
11630 * HCI dev don't send any mgmt signals.
11632 if (pending_find(MGMT_OP_SET_POWERED, hdev))
11636 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
11637 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
11638 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
11641 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
11645 for (i = 0; i < uuid_count; i++) {
11646 if (!memcmp(uuid, uuids[i], 16))
11653 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
11657 while (parsed < eir_len) {
11658 u8 field_len = eir[0];
11662 if (field_len == 0)
11665 if (eir_len - parsed < field_len + 1)
11669 case EIR_UUID16_ALL:
11670 case EIR_UUID16_SOME:
11671 for (i = 0; i + 3 <= field_len; i += 2) {
11672 memcpy(uuid, bluetooth_base_uuid, 16);
11673 uuid[13] = eir[i + 3];
11674 uuid[12] = eir[i + 2];
11675 if (has_uuid(uuid, uuid_count, uuids))
11679 case EIR_UUID32_ALL:
11680 case EIR_UUID32_SOME:
11681 for (i = 0; i + 5 <= field_len; i += 4) {
11682 memcpy(uuid, bluetooth_base_uuid, 16);
11683 uuid[15] = eir[i + 5];
11684 uuid[14] = eir[i + 4];
11685 uuid[13] = eir[i + 3];
11686 uuid[12] = eir[i + 2];
11687 if (has_uuid(uuid, uuid_count, uuids))
11691 case EIR_UUID128_ALL:
11692 case EIR_UUID128_SOME:
11693 for (i = 0; i + 17 <= field_len; i += 16) {
11694 memcpy(uuid, eir + i + 2, 16);
11695 if (has_uuid(uuid, uuid_count, uuids))
11701 parsed += field_len + 1;
11702 eir += field_len + 1;
11708 static void restart_le_scan(struct hci_dev *hdev)
11710 /* If controller is not scanning we are done. */
11711 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
11714 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
11715 hdev->discovery.scan_start +
11716 hdev->discovery.scan_duration))
11719 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
11720 DISCOV_LE_RESTART_DELAY);
11723 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
11724 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
11726 /* If a RSSI threshold has been specified, and
11727 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
11728 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
11729 * is set, let it through for further processing, as we might need to
11730 * restart the scan.
11732 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
11733 * the results are also dropped.
11735 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
11736 (rssi == HCI_RSSI_INVALID ||
11737 (rssi < hdev->discovery.rssi &&
11738 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
11741 if (hdev->discovery.uuid_count != 0) {
11742 /* If a list of UUIDs is provided in filter, results with no
11743 * matching UUID should be dropped.
11745 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
11746 hdev->discovery.uuids) &&
11747 !eir_has_uuids(scan_rsp, scan_rsp_len,
11748 hdev->discovery.uuid_count,
11749 hdev->discovery.uuids))
11753 /* If duplicate filtering does not report RSSI changes, then restart
11754 * scanning to ensure updated result with updated RSSI values.
11756 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
11757 restart_le_scan(hdev);
11759 /* Validate RSSI value against the RSSI threshold once more. */
11760 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
11761 rssi < hdev->discovery.rssi)
11768 void mgmt_adv_monitor_device_lost(struct hci_dev *hdev, u16 handle,
11769 bdaddr_t *bdaddr, u8 addr_type)
11771 struct mgmt_ev_adv_monitor_device_lost ev;
11773 ev.monitor_handle = cpu_to_le16(handle);
11774 bacpy(&ev.addr.bdaddr, bdaddr);
11775 ev.addr.type = addr_type;
11777 mgmt_event(MGMT_EV_ADV_MONITOR_DEVICE_LOST, hdev, &ev, sizeof(ev),
11781 static void mgmt_send_adv_monitor_device_found(struct hci_dev *hdev,
11782 struct sk_buff *skb,
11783 struct sock *skip_sk,
11786 struct sk_buff *advmon_skb;
11787 size_t advmon_skb_len;
11788 __le16 *monitor_handle;
11793 advmon_skb_len = (sizeof(struct mgmt_ev_adv_monitor_device_found) -
11794 sizeof(struct mgmt_ev_device_found)) + skb->len;
11795 advmon_skb = mgmt_alloc_skb(hdev, MGMT_EV_ADV_MONITOR_DEVICE_FOUND,
11800 /* ADV_MONITOR_DEVICE_FOUND is similar to DEVICE_FOUND event except
11801 * that it also has 'monitor_handle'. Make a copy of DEVICE_FOUND and
11802 * store monitor_handle of the matched monitor.
11804 monitor_handle = skb_put(advmon_skb, sizeof(*monitor_handle));
11805 *monitor_handle = cpu_to_le16(handle);
11806 skb_put_data(advmon_skb, skb->data, skb->len);
11808 mgmt_event_skb(advmon_skb, skip_sk);
11811 static void mgmt_adv_monitor_device_found(struct hci_dev *hdev,
11812 bdaddr_t *bdaddr, bool report_device,
11813 struct sk_buff *skb,
11814 struct sock *skip_sk)
11816 struct monitored_device *dev, *tmp;
11817 bool matched = false;
11818 bool notified = false;
11820 /* We have received the Advertisement Report because:
11821 * 1. the kernel has initiated active discovery
11822 * 2. if not, we have pend_le_reports > 0 in which case we are doing
11824 * 3. if none of the above is true, we have one or more active
11825 * Advertisement Monitor
11827 * For case 1 and 2, report all advertisements via MGMT_EV_DEVICE_FOUND
11828 * and report ONLY one advertisement per device for the matched Monitor
11829 * via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event.
11831 * For case 3, since we are not active scanning and all advertisements
11832 * received are due to a matched Advertisement Monitor, report all
11833 * advertisements ONLY via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event.
11835 if (report_device && !hdev->advmon_pend_notify) {
11836 mgmt_event_skb(skb, skip_sk);
11840 hdev->advmon_pend_notify = false;
11842 list_for_each_entry_safe(dev, tmp, &hdev->monitored_devices, list) {
11843 if (!bacmp(&dev->bdaddr, bdaddr)) {
11846 if (!dev->notified) {
11847 mgmt_send_adv_monitor_device_found(hdev, skb,
11851 dev->notified = true;
11855 if (!dev->notified)
11856 hdev->advmon_pend_notify = true;
11859 if (!report_device &&
11860 ((matched && !notified) || !msft_monitor_supported(hdev))) {
11861 /* Handle 0 indicates that we are not active scanning and this
11862 * is a subsequent advertisement report for an already matched
11863 * Advertisement Monitor or the controller offloading support
11864 * is not available.
11866 mgmt_send_adv_monitor_device_found(hdev, skb, skip_sk, 0);
11870 mgmt_event_skb(skb, skip_sk);
11875 static void mesh_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr,
11876 u8 addr_type, s8 rssi, u32 flags, u8 *eir,
11877 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len,
11880 struct sk_buff *skb;
11881 struct mgmt_ev_mesh_device_found *ev;
11884 if (!hdev->mesh_ad_types[0])
11887 /* Scan for requested AD types */
11889 for (i = 0; i + 1 < eir_len; i += eir[i] + 1) {
11890 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) {
11891 if (!hdev->mesh_ad_types[j])
11894 if (hdev->mesh_ad_types[j] == eir[i + 1])
11900 if (scan_rsp_len > 0) {
11901 for (i = 0; i + 1 < scan_rsp_len; i += scan_rsp[i] + 1) {
11902 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) {
11903 if (!hdev->mesh_ad_types[j])
11906 if (hdev->mesh_ad_types[j] == scan_rsp[i + 1])
11915 skb = mgmt_alloc_skb(hdev, MGMT_EV_MESH_DEVICE_FOUND,
11916 sizeof(*ev) + eir_len + scan_rsp_len);
11920 ev = skb_put(skb, sizeof(*ev));
11922 bacpy(&ev->addr.bdaddr, bdaddr);
11923 ev->addr.type = link_to_bdaddr(LE_LINK, addr_type);
11925 ev->flags = cpu_to_le32(flags);
11926 ev->instant = cpu_to_le64(instant);
11929 /* Copy EIR or advertising data into event */
11930 skb_put_data(skb, eir, eir_len);
11932 if (scan_rsp_len > 0)
11933 /* Append scan response data to event */
11934 skb_put_data(skb, scan_rsp, scan_rsp_len);
11936 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
11938 mgmt_event_skb(skb, NULL);
11941 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
11942 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
11943 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len,
11946 struct sk_buff *skb;
11947 struct mgmt_ev_device_found *ev;
11948 bool report_device = hci_discovery_active(hdev);
11950 if (hci_dev_test_flag(hdev, HCI_MESH) && link_type == LE_LINK)
11951 mesh_device_found(hdev, bdaddr, addr_type, rssi, flags,
11952 eir, eir_len, scan_rsp, scan_rsp_len,
11955 /* Don't send events for a non-kernel initiated discovery. With
11956 * LE one exception is if we have pend_le_reports > 0 in which
11957 * case we're doing passive scanning and want these events.
11959 if (!hci_discovery_active(hdev)) {
11960 if (link_type == ACL_LINK)
11962 if (link_type == LE_LINK && !list_empty(&hdev->pend_le_reports))
11963 report_device = true;
11964 else if (!hci_is_adv_monitoring(hdev))
11968 if (hdev->discovery.result_filtering) {
11969 /* We are using service discovery */
11970 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
11975 if (hdev->discovery.limited) {
11976 /* Check for limited discoverable bit */
11978 if (!(dev_class[1] & 0x20))
11981 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
11982 if (!flags || !(flags[0] & LE_AD_LIMITED))
11987 /* Allocate skb. The 5 extra bytes are for the potential CoD field */
11988 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
11989 sizeof(*ev) + eir_len + scan_rsp_len + 5);
11993 ev = skb_put(skb, sizeof(*ev));
11995 /* In case of device discovery with BR/EDR devices (pre 1.2), the
11996 * RSSI value was reported as 0 when not available. This behavior
11997 * is kept when using device discovery. This is required for full
11998 * backwards compatibility with the API.
12000 * However when using service discovery, the value 127 will be
12001 * returned when the RSSI is not available.
12003 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
12004 link_type == ACL_LINK)
12007 bacpy(&ev->addr.bdaddr, bdaddr);
12008 ev->addr.type = link_to_bdaddr(link_type, addr_type);
12010 ev->flags = cpu_to_le32(flags);
12013 /* Copy EIR or advertising data into event */
12014 skb_put_data(skb, eir, eir_len);
12016 if (dev_class && !eir_get_data(eir, eir_len, EIR_CLASS_OF_DEV, NULL)) {
12019 eir_len += eir_append_data(eir_cod, 0, EIR_CLASS_OF_DEV,
12021 skb_put_data(skb, eir_cod, sizeof(eir_cod));
12024 if (scan_rsp_len > 0)
12025 /* Append scan response data to event */
12026 skb_put_data(skb, scan_rsp, scan_rsp_len);
12028 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
12030 mgmt_adv_monitor_device_found(hdev, bdaddr, report_device, skb, NULL);
12033 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
12034 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
12036 struct sk_buff *skb;
12037 struct mgmt_ev_device_found *ev;
12041 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
12042 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0));
12044 ev = skb_put(skb, sizeof(*ev));
12045 bacpy(&ev->addr.bdaddr, bdaddr);
12046 ev->addr.type = link_to_bdaddr(link_type, addr_type);
12050 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
12052 flags = MGMT_DEV_FOUND_NAME_REQUEST_FAILED;
12054 ev->eir_len = cpu_to_le16(eir_len);
12055 ev->flags = cpu_to_le32(flags);
12057 mgmt_event_skb(skb, NULL);
12060 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
12062 struct mgmt_ev_discovering ev;
12064 bt_dev_dbg(hdev, "discovering %u", discovering);
12066 memset(&ev, 0, sizeof(ev));
12067 ev.type = hdev->discovery.type;
12068 ev.discovering = discovering;
12070 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
12073 void mgmt_suspending(struct hci_dev *hdev, u8 state)
12075 struct mgmt_ev_controller_suspend ev;
12077 ev.suspend_state = state;
12078 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL);
12081 void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr,
12084 struct mgmt_ev_controller_resume ev;
12086 ev.wake_reason = reason;
12088 bacpy(&ev.addr.bdaddr, bdaddr);
12089 ev.addr.type = addr_type;
12091 memset(&ev.addr, 0, sizeof(ev.addr));
12094 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL);
12097 static struct hci_mgmt_chan chan = {
12098 .channel = HCI_CHANNEL_CONTROL,
12099 .handler_count = ARRAY_SIZE(mgmt_handlers),
12100 .handlers = mgmt_handlers,
12102 .tizen_handler_count = ARRAY_SIZE(tizen_mgmt_handlers),
12103 .tizen_handlers = tizen_mgmt_handlers,
12105 .hdev_init = mgmt_init_hdev,
12108 int mgmt_init(void)
12110 return hci_mgmt_chan_register(&chan);
12113 void mgmt_exit(void)
12115 hci_mgmt_chan_unregister(&chan);
12118 void mgmt_cleanup(struct sock *sk)
12120 struct mgmt_mesh_tx *mesh_tx;
12121 struct hci_dev *hdev;
12123 read_lock(&hci_dev_list_lock);
12125 list_for_each_entry(hdev, &hci_dev_list, list) {
12127 mesh_tx = mgmt_mesh_next(hdev, sk);
12130 mesh_send_complete(hdev, mesh_tx, true);
12134 read_unlock(&hci_dev_list_lock);
projects / platform / kernel / linux-starfive.git / blob