2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include <net/bluetooth/mgmt_tizen.h>
39 #include "hci_request.h"
41 #include "mgmt_util.h"
42 #include "mgmt_config.h"
47 #define MGMT_VERSION 1
48 #define MGMT_REVISION 22
50 static const u16 mgmt_commands[] = {
51 MGMT_OP_READ_INDEX_LIST,
54 MGMT_OP_SET_DISCOVERABLE,
55 MGMT_OP_SET_CONNECTABLE,
56 MGMT_OP_SET_FAST_CONNECTABLE,
58 MGMT_OP_SET_LINK_SECURITY,
62 MGMT_OP_SET_DEV_CLASS,
63 MGMT_OP_SET_LOCAL_NAME,
66 MGMT_OP_LOAD_LINK_KEYS,
67 MGMT_OP_LOAD_LONG_TERM_KEYS,
69 MGMT_OP_GET_CONNECTIONS,
70 MGMT_OP_PIN_CODE_REPLY,
71 MGMT_OP_PIN_CODE_NEG_REPLY,
72 MGMT_OP_SET_IO_CAPABILITY,
74 MGMT_OP_CANCEL_PAIR_DEVICE,
75 MGMT_OP_UNPAIR_DEVICE,
76 MGMT_OP_USER_CONFIRM_REPLY,
77 MGMT_OP_USER_CONFIRM_NEG_REPLY,
78 MGMT_OP_USER_PASSKEY_REPLY,
79 MGMT_OP_USER_PASSKEY_NEG_REPLY,
80 MGMT_OP_READ_LOCAL_OOB_DATA,
81 MGMT_OP_ADD_REMOTE_OOB_DATA,
82 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
83 MGMT_OP_START_DISCOVERY,
84 MGMT_OP_STOP_DISCOVERY,
87 MGMT_OP_UNBLOCK_DEVICE,
88 MGMT_OP_SET_DEVICE_ID,
89 MGMT_OP_SET_ADVERTISING,
91 MGMT_OP_SET_STATIC_ADDRESS,
92 MGMT_OP_SET_SCAN_PARAMS,
93 MGMT_OP_SET_SECURE_CONN,
94 MGMT_OP_SET_DEBUG_KEYS,
97 MGMT_OP_GET_CONN_INFO,
98 MGMT_OP_GET_CLOCK_INFO,
100 MGMT_OP_REMOVE_DEVICE,
101 MGMT_OP_LOAD_CONN_PARAM,
102 MGMT_OP_READ_UNCONF_INDEX_LIST,
103 MGMT_OP_READ_CONFIG_INFO,
104 MGMT_OP_SET_EXTERNAL_CONFIG,
105 MGMT_OP_SET_PUBLIC_ADDRESS,
106 MGMT_OP_START_SERVICE_DISCOVERY,
107 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
108 MGMT_OP_READ_EXT_INDEX_LIST,
109 MGMT_OP_READ_ADV_FEATURES,
110 MGMT_OP_ADD_ADVERTISING,
111 MGMT_OP_REMOVE_ADVERTISING,
112 MGMT_OP_GET_ADV_SIZE_INFO,
113 MGMT_OP_START_LIMITED_DISCOVERY,
114 MGMT_OP_READ_EXT_INFO,
115 MGMT_OP_SET_APPEARANCE,
116 MGMT_OP_GET_PHY_CONFIGURATION,
117 MGMT_OP_SET_PHY_CONFIGURATION,
118 MGMT_OP_SET_BLOCKED_KEYS,
119 MGMT_OP_SET_WIDEBAND_SPEECH,
120 MGMT_OP_READ_CONTROLLER_CAP,
121 MGMT_OP_READ_EXP_FEATURES_INFO,
122 MGMT_OP_SET_EXP_FEATURE,
123 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
124 MGMT_OP_SET_DEF_SYSTEM_CONFIG,
125 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
126 MGMT_OP_SET_DEF_RUNTIME_CONFIG,
127 MGMT_OP_GET_DEVICE_FLAGS,
128 MGMT_OP_SET_DEVICE_FLAGS,
129 MGMT_OP_READ_ADV_MONITOR_FEATURES,
130 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
131 MGMT_OP_REMOVE_ADV_MONITOR,
132 MGMT_OP_ADD_EXT_ADV_PARAMS,
133 MGMT_OP_ADD_EXT_ADV_DATA,
134 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI,
135 MGMT_OP_SET_MESH_RECEIVER,
136 MGMT_OP_MESH_READ_FEATURES,
138 MGMT_OP_MESH_SEND_CANCEL,
141 static const u16 mgmt_events[] = {
142 MGMT_EV_CONTROLLER_ERROR,
144 MGMT_EV_INDEX_REMOVED,
145 MGMT_EV_NEW_SETTINGS,
146 MGMT_EV_CLASS_OF_DEV_CHANGED,
147 MGMT_EV_LOCAL_NAME_CHANGED,
148 MGMT_EV_NEW_LINK_KEY,
149 MGMT_EV_NEW_LONG_TERM_KEY,
150 MGMT_EV_DEVICE_CONNECTED,
151 MGMT_EV_DEVICE_DISCONNECTED,
152 MGMT_EV_CONNECT_FAILED,
153 MGMT_EV_PIN_CODE_REQUEST,
154 MGMT_EV_USER_CONFIRM_REQUEST,
155 MGMT_EV_USER_PASSKEY_REQUEST,
157 MGMT_EV_DEVICE_FOUND,
159 MGMT_EV_DEVICE_BLOCKED,
160 MGMT_EV_DEVICE_UNBLOCKED,
161 MGMT_EV_DEVICE_UNPAIRED,
162 MGMT_EV_PASSKEY_NOTIFY,
165 MGMT_EV_DEVICE_ADDED,
166 MGMT_EV_DEVICE_REMOVED,
167 MGMT_EV_NEW_CONN_PARAM,
168 MGMT_EV_UNCONF_INDEX_ADDED,
169 MGMT_EV_UNCONF_INDEX_REMOVED,
170 MGMT_EV_NEW_CONFIG_OPTIONS,
171 MGMT_EV_EXT_INDEX_ADDED,
172 MGMT_EV_EXT_INDEX_REMOVED,
173 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
174 MGMT_EV_ADVERTISING_ADDED,
175 MGMT_EV_ADVERTISING_REMOVED,
176 MGMT_EV_EXT_INFO_CHANGED,
177 MGMT_EV_PHY_CONFIGURATION_CHANGED,
178 MGMT_EV_EXP_FEATURE_CHANGED,
179 MGMT_EV_DEVICE_FLAGS_CHANGED,
180 MGMT_EV_ADV_MONITOR_ADDED,
181 MGMT_EV_ADV_MONITOR_REMOVED,
182 MGMT_EV_CONTROLLER_SUSPEND,
183 MGMT_EV_CONTROLLER_RESUME,
184 MGMT_EV_ADV_MONITOR_DEVICE_FOUND,
185 MGMT_EV_ADV_MONITOR_DEVICE_LOST,
188 static const u16 mgmt_untrusted_commands[] = {
189 MGMT_OP_READ_INDEX_LIST,
191 MGMT_OP_READ_UNCONF_INDEX_LIST,
192 MGMT_OP_READ_CONFIG_INFO,
193 MGMT_OP_READ_EXT_INDEX_LIST,
194 MGMT_OP_READ_EXT_INFO,
195 MGMT_OP_READ_CONTROLLER_CAP,
196 MGMT_OP_READ_EXP_FEATURES_INFO,
197 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
198 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
201 static const u16 mgmt_untrusted_events[] = {
203 MGMT_EV_INDEX_REMOVED,
204 MGMT_EV_NEW_SETTINGS,
205 MGMT_EV_CLASS_OF_DEV_CHANGED,
206 MGMT_EV_LOCAL_NAME_CHANGED,
207 MGMT_EV_UNCONF_INDEX_ADDED,
208 MGMT_EV_UNCONF_INDEX_REMOVED,
209 MGMT_EV_NEW_CONFIG_OPTIONS,
210 MGMT_EV_EXT_INDEX_ADDED,
211 MGMT_EV_EXT_INDEX_REMOVED,
212 MGMT_EV_EXT_INFO_CHANGED,
213 MGMT_EV_EXP_FEATURE_CHANGED,
216 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
218 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
219 "\x00\x00\x00\x00\x00\x00\x00\x00"
221 /* HCI to MGMT error code conversion table */
222 static const u8 mgmt_status_table[] = {
224 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
225 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
226 MGMT_STATUS_FAILED, /* Hardware Failure */
227 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
228 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
229 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
230 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
231 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
232 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
233 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
234 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
235 MGMT_STATUS_BUSY, /* Command Disallowed */
236 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
237 MGMT_STATUS_REJECTED, /* Rejected Security */
238 MGMT_STATUS_REJECTED, /* Rejected Personal */
239 MGMT_STATUS_TIMEOUT, /* Host Timeout */
240 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
241 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
242 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
243 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
244 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
245 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
246 MGMT_STATUS_BUSY, /* Repeated Attempts */
247 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
248 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
249 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
250 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
251 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
252 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
253 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
254 MGMT_STATUS_FAILED, /* Unspecified Error */
255 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
256 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
257 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
258 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
259 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
260 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
261 MGMT_STATUS_FAILED, /* Unit Link Key Used */
262 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
263 MGMT_STATUS_TIMEOUT, /* Instant Passed */
264 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
265 MGMT_STATUS_FAILED, /* Transaction Collision */
266 MGMT_STATUS_FAILED, /* Reserved for future use */
267 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
268 MGMT_STATUS_REJECTED, /* QoS Rejected */
269 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
270 MGMT_STATUS_REJECTED, /* Insufficient Security */
271 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
272 MGMT_STATUS_FAILED, /* Reserved for future use */
273 MGMT_STATUS_BUSY, /* Role Switch Pending */
274 MGMT_STATUS_FAILED, /* Reserved for future use */
275 MGMT_STATUS_FAILED, /* Slot Violation */
276 MGMT_STATUS_FAILED, /* Role Switch Failed */
277 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
278 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
279 MGMT_STATUS_BUSY, /* Host Busy Pairing */
280 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
281 MGMT_STATUS_BUSY, /* Controller Busy */
282 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
283 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
284 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
285 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
286 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
289 static u8 mgmt_errno_status(int err)
293 return MGMT_STATUS_SUCCESS;
295 return MGMT_STATUS_REJECTED;
297 return MGMT_STATUS_INVALID_PARAMS;
299 return MGMT_STATUS_NOT_SUPPORTED;
301 return MGMT_STATUS_BUSY;
303 return MGMT_STATUS_AUTH_FAILED;
305 return MGMT_STATUS_NO_RESOURCES;
307 return MGMT_STATUS_ALREADY_CONNECTED;
309 return MGMT_STATUS_DISCONNECTED;
312 return MGMT_STATUS_FAILED;
315 static u8 mgmt_status(int err)
318 return mgmt_errno_status(err);
320 if (err < ARRAY_SIZE(mgmt_status_table))
321 return mgmt_status_table[err];
323 return MGMT_STATUS_FAILED;
326 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
329 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
333 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
334 u16 len, int flag, struct sock *skip_sk)
336 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
340 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
341 struct sock *skip_sk)
343 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
344 HCI_SOCK_TRUSTED, skip_sk);
347 static int mgmt_event_skb(struct sk_buff *skb, struct sock *skip_sk)
349 return mgmt_send_event_skb(HCI_CHANNEL_CONTROL, skb, HCI_SOCK_TRUSTED,
353 static u8 le_addr_type(u8 mgmt_addr_type)
355 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
356 return ADDR_LE_DEV_PUBLIC;
358 return ADDR_LE_DEV_RANDOM;
361 void mgmt_fill_version_info(void *ver)
363 struct mgmt_rp_read_version *rp = ver;
365 rp->version = MGMT_VERSION;
366 rp->revision = cpu_to_le16(MGMT_REVISION);
369 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
372 struct mgmt_rp_read_version rp;
374 bt_dev_dbg(hdev, "sock %p", sk);
376 mgmt_fill_version_info(&rp);
378 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
382 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
385 struct mgmt_rp_read_commands *rp;
386 u16 num_commands, num_events;
390 bt_dev_dbg(hdev, "sock %p", sk);
392 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
393 num_commands = ARRAY_SIZE(mgmt_commands);
394 num_events = ARRAY_SIZE(mgmt_events);
396 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
397 num_events = ARRAY_SIZE(mgmt_untrusted_events);
400 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
402 rp = kmalloc(rp_size, GFP_KERNEL);
406 rp->num_commands = cpu_to_le16(num_commands);
407 rp->num_events = cpu_to_le16(num_events);
409 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
410 __le16 *opcode = rp->opcodes;
412 for (i = 0; i < num_commands; i++, opcode++)
413 put_unaligned_le16(mgmt_commands[i], opcode);
415 for (i = 0; i < num_events; i++, opcode++)
416 put_unaligned_le16(mgmt_events[i], opcode);
418 __le16 *opcode = rp->opcodes;
420 for (i = 0; i < num_commands; i++, opcode++)
421 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
423 for (i = 0; i < num_events; i++, opcode++)
424 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
427 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
434 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
437 struct mgmt_rp_read_index_list *rp;
443 bt_dev_dbg(hdev, "sock %p", sk);
445 read_lock(&hci_dev_list_lock);
448 list_for_each_entry(d, &hci_dev_list, list) {
449 if (d->dev_type == HCI_PRIMARY &&
450 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
454 rp_len = sizeof(*rp) + (2 * count);
455 rp = kmalloc(rp_len, GFP_ATOMIC);
457 read_unlock(&hci_dev_list_lock);
462 list_for_each_entry(d, &hci_dev_list, list) {
463 if (hci_dev_test_flag(d, HCI_SETUP) ||
464 hci_dev_test_flag(d, HCI_CONFIG) ||
465 hci_dev_test_flag(d, HCI_USER_CHANNEL))
468 /* Devices marked as raw-only are neither configured
469 * nor unconfigured controllers.
471 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
474 if (d->dev_type == HCI_PRIMARY &&
475 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
476 rp->index[count++] = cpu_to_le16(d->id);
477 bt_dev_dbg(hdev, "Added hci%u", d->id);
481 rp->num_controllers = cpu_to_le16(count);
482 rp_len = sizeof(*rp) + (2 * count);
484 read_unlock(&hci_dev_list_lock);
486 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
494 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
495 void *data, u16 data_len)
497 struct mgmt_rp_read_unconf_index_list *rp;
503 bt_dev_dbg(hdev, "sock %p", sk);
505 read_lock(&hci_dev_list_lock);
508 list_for_each_entry(d, &hci_dev_list, list) {
509 if (d->dev_type == HCI_PRIMARY &&
510 hci_dev_test_flag(d, HCI_UNCONFIGURED))
514 rp_len = sizeof(*rp) + (2 * count);
515 rp = kmalloc(rp_len, GFP_ATOMIC);
517 read_unlock(&hci_dev_list_lock);
522 list_for_each_entry(d, &hci_dev_list, list) {
523 if (hci_dev_test_flag(d, HCI_SETUP) ||
524 hci_dev_test_flag(d, HCI_CONFIG) ||
525 hci_dev_test_flag(d, HCI_USER_CHANNEL))
528 /* Devices marked as raw-only are neither configured
529 * nor unconfigured controllers.
531 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
534 if (d->dev_type == HCI_PRIMARY &&
535 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
536 rp->index[count++] = cpu_to_le16(d->id);
537 bt_dev_dbg(hdev, "Added hci%u", d->id);
541 rp->num_controllers = cpu_to_le16(count);
542 rp_len = sizeof(*rp) + (2 * count);
544 read_unlock(&hci_dev_list_lock);
546 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
547 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
554 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
555 void *data, u16 data_len)
557 struct mgmt_rp_read_ext_index_list *rp;
562 bt_dev_dbg(hdev, "sock %p", sk);
564 read_lock(&hci_dev_list_lock);
567 list_for_each_entry(d, &hci_dev_list, list) {
568 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
572 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
574 read_unlock(&hci_dev_list_lock);
579 list_for_each_entry(d, &hci_dev_list, list) {
580 if (hci_dev_test_flag(d, HCI_SETUP) ||
581 hci_dev_test_flag(d, HCI_CONFIG) ||
582 hci_dev_test_flag(d, HCI_USER_CHANNEL))
585 /* Devices marked as raw-only are neither configured
586 * nor unconfigured controllers.
588 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
591 if (d->dev_type == HCI_PRIMARY) {
592 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
593 rp->entry[count].type = 0x01;
595 rp->entry[count].type = 0x00;
596 } else if (d->dev_type == HCI_AMP) {
597 rp->entry[count].type = 0x02;
602 rp->entry[count].bus = d->bus;
603 rp->entry[count++].index = cpu_to_le16(d->id);
604 bt_dev_dbg(hdev, "Added hci%u", d->id);
607 rp->num_controllers = cpu_to_le16(count);
609 read_unlock(&hci_dev_list_lock);
611 /* If this command is called at least once, then all the
612 * default index and unconfigured index events are disabled
613 * and from now on only extended index events are used.
615 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
616 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
617 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
619 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
620 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
621 struct_size(rp, entry, count));
628 static bool is_configured(struct hci_dev *hdev)
630 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
631 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
634 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
635 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
636 !bacmp(&hdev->public_addr, BDADDR_ANY))
642 static __le32 get_missing_options(struct hci_dev *hdev)
646 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
647 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
648 options |= MGMT_OPTION_EXTERNAL_CONFIG;
650 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
651 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
652 !bacmp(&hdev->public_addr, BDADDR_ANY))
653 options |= MGMT_OPTION_PUBLIC_ADDRESS;
655 return cpu_to_le32(options);
658 static int new_options(struct hci_dev *hdev, struct sock *skip)
660 __le32 options = get_missing_options(hdev);
662 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
663 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
666 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
668 __le32 options = get_missing_options(hdev);
670 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
674 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
675 void *data, u16 data_len)
677 struct mgmt_rp_read_config_info rp;
680 bt_dev_dbg(hdev, "sock %p", sk);
684 memset(&rp, 0, sizeof(rp));
685 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
687 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
688 options |= MGMT_OPTION_EXTERNAL_CONFIG;
690 if (hdev->set_bdaddr)
691 options |= MGMT_OPTION_PUBLIC_ADDRESS;
693 rp.supported_options = cpu_to_le32(options);
694 rp.missing_options = get_missing_options(hdev);
696 hci_dev_unlock(hdev);
698 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
702 static u32 get_supported_phys(struct hci_dev *hdev)
704 u32 supported_phys = 0;
706 if (lmp_bredr_capable(hdev)) {
707 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
709 if (hdev->features[0][0] & LMP_3SLOT)
710 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
712 if (hdev->features[0][0] & LMP_5SLOT)
713 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
715 if (lmp_edr_2m_capable(hdev)) {
716 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
718 if (lmp_edr_3slot_capable(hdev))
719 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
721 if (lmp_edr_5slot_capable(hdev))
722 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
724 if (lmp_edr_3m_capable(hdev)) {
725 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
727 if (lmp_edr_3slot_capable(hdev))
728 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
730 if (lmp_edr_5slot_capable(hdev))
731 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
736 if (lmp_le_capable(hdev)) {
737 supported_phys |= MGMT_PHY_LE_1M_TX;
738 supported_phys |= MGMT_PHY_LE_1M_RX;
740 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
741 supported_phys |= MGMT_PHY_LE_2M_TX;
742 supported_phys |= MGMT_PHY_LE_2M_RX;
745 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
746 supported_phys |= MGMT_PHY_LE_CODED_TX;
747 supported_phys |= MGMT_PHY_LE_CODED_RX;
751 return supported_phys;
754 static u32 get_selected_phys(struct hci_dev *hdev)
756 u32 selected_phys = 0;
758 if (lmp_bredr_capable(hdev)) {
759 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
761 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
762 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
764 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
765 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
767 if (lmp_edr_2m_capable(hdev)) {
768 if (!(hdev->pkt_type & HCI_2DH1))
769 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
771 if (lmp_edr_3slot_capable(hdev) &&
772 !(hdev->pkt_type & HCI_2DH3))
773 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
775 if (lmp_edr_5slot_capable(hdev) &&
776 !(hdev->pkt_type & HCI_2DH5))
777 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
779 if (lmp_edr_3m_capable(hdev)) {
780 if (!(hdev->pkt_type & HCI_3DH1))
781 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
783 if (lmp_edr_3slot_capable(hdev) &&
784 !(hdev->pkt_type & HCI_3DH3))
785 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
787 if (lmp_edr_5slot_capable(hdev) &&
788 !(hdev->pkt_type & HCI_3DH5))
789 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
794 if (lmp_le_capable(hdev)) {
795 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
796 selected_phys |= MGMT_PHY_LE_1M_TX;
798 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
799 selected_phys |= MGMT_PHY_LE_1M_RX;
801 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
802 selected_phys |= MGMT_PHY_LE_2M_TX;
804 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
805 selected_phys |= MGMT_PHY_LE_2M_RX;
807 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
808 selected_phys |= MGMT_PHY_LE_CODED_TX;
810 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
811 selected_phys |= MGMT_PHY_LE_CODED_RX;
814 return selected_phys;
817 static u32 get_configurable_phys(struct hci_dev *hdev)
819 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
820 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
823 static u32 get_supported_settings(struct hci_dev *hdev)
827 settings |= MGMT_SETTING_POWERED;
828 settings |= MGMT_SETTING_BONDABLE;
829 settings |= MGMT_SETTING_DEBUG_KEYS;
830 settings |= MGMT_SETTING_CONNECTABLE;
831 settings |= MGMT_SETTING_DISCOVERABLE;
833 if (lmp_bredr_capable(hdev)) {
834 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
835 settings |= MGMT_SETTING_FAST_CONNECTABLE;
836 settings |= MGMT_SETTING_BREDR;
837 settings |= MGMT_SETTING_LINK_SECURITY;
839 if (lmp_ssp_capable(hdev)) {
840 settings |= MGMT_SETTING_SSP;
841 if (IS_ENABLED(CONFIG_BT_HS))
842 settings |= MGMT_SETTING_HS;
845 if (lmp_sc_capable(hdev))
846 settings |= MGMT_SETTING_SECURE_CONN;
848 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
850 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
853 if (lmp_le_capable(hdev)) {
854 settings |= MGMT_SETTING_LE;
855 settings |= MGMT_SETTING_SECURE_CONN;
856 settings |= MGMT_SETTING_PRIVACY;
857 settings |= MGMT_SETTING_STATIC_ADDRESS;
858 settings |= MGMT_SETTING_ADVERTISING;
861 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
863 settings |= MGMT_SETTING_CONFIGURATION;
865 if (cis_central_capable(hdev))
866 settings |= MGMT_SETTING_CIS_CENTRAL;
868 if (cis_peripheral_capable(hdev))
869 settings |= MGMT_SETTING_CIS_PERIPHERAL;
871 settings |= MGMT_SETTING_PHY_CONFIGURATION;
876 static u32 get_current_settings(struct hci_dev *hdev)
880 if (hdev_is_powered(hdev))
881 settings |= MGMT_SETTING_POWERED;
883 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
884 settings |= MGMT_SETTING_CONNECTABLE;
886 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
887 settings |= MGMT_SETTING_FAST_CONNECTABLE;
889 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
890 settings |= MGMT_SETTING_DISCOVERABLE;
892 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
893 settings |= MGMT_SETTING_BONDABLE;
895 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
896 settings |= MGMT_SETTING_BREDR;
898 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
899 settings |= MGMT_SETTING_LE;
901 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
902 settings |= MGMT_SETTING_LINK_SECURITY;
904 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
905 settings |= MGMT_SETTING_SSP;
907 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
908 settings |= MGMT_SETTING_HS;
910 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
911 settings |= MGMT_SETTING_ADVERTISING;
913 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
914 settings |= MGMT_SETTING_SECURE_CONN;
916 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
917 settings |= MGMT_SETTING_DEBUG_KEYS;
919 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
920 settings |= MGMT_SETTING_PRIVACY;
922 /* The current setting for static address has two purposes. The
923 * first is to indicate if the static address will be used and
924 * the second is to indicate if it is actually set.
926 * This means if the static address is not configured, this flag
927 * will never be set. If the address is configured, then if the
928 * address is actually used decides if the flag is set or not.
930 * For single mode LE only controllers and dual-mode controllers
931 * with BR/EDR disabled, the existence of the static address will
934 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
935 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
936 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
937 if (bacmp(&hdev->static_addr, BDADDR_ANY))
938 settings |= MGMT_SETTING_STATIC_ADDRESS;
941 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
942 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
944 if (cis_central_capable(hdev))
945 settings |= MGMT_SETTING_CIS_CENTRAL;
947 if (cis_peripheral_capable(hdev))
948 settings |= MGMT_SETTING_CIS_PERIPHERAL;
953 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
955 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
958 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
960 struct mgmt_pending_cmd *cmd;
962 /* If there's a pending mgmt command the flags will not yet have
963 * their final values, so check for this first.
965 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
967 struct mgmt_mode *cp = cmd->param;
969 return LE_AD_GENERAL;
970 else if (cp->val == 0x02)
971 return LE_AD_LIMITED;
973 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
974 return LE_AD_LIMITED;
975 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
976 return LE_AD_GENERAL;
982 bool mgmt_get_connectable(struct hci_dev *hdev)
984 struct mgmt_pending_cmd *cmd;
986 /* If there's a pending mgmt command the flag will not yet have
987 * it's final value, so check for this first.
989 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
991 struct mgmt_mode *cp = cmd->param;
996 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
999 static int service_cache_sync(struct hci_dev *hdev, void *data)
1001 hci_update_eir_sync(hdev);
1002 hci_update_class_sync(hdev);
1007 static void service_cache_off(struct work_struct *work)
1009 struct hci_dev *hdev = container_of(work, struct hci_dev,
1010 service_cache.work);
1012 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1015 hci_cmd_sync_queue(hdev, service_cache_sync, NULL, NULL);
1018 static int rpa_expired_sync(struct hci_dev *hdev, void *data)
1020 /* The generation of a new RPA and programming it into the
1021 * controller happens in the hci_req_enable_advertising()
1024 if (ext_adv_capable(hdev))
1025 return hci_start_ext_adv_sync(hdev, hdev->cur_adv_instance);
1027 return hci_enable_advertising_sync(hdev);
1030 static void rpa_expired(struct work_struct *work)
1032 struct hci_dev *hdev = container_of(work, struct hci_dev,
1035 bt_dev_dbg(hdev, "");
1037 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1039 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1042 hci_cmd_sync_queue(hdev, rpa_expired_sync, NULL, NULL);
1045 static void discov_off(struct work_struct *work)
1047 struct hci_dev *hdev = container_of(work, struct hci_dev,
1050 bt_dev_dbg(hdev, "");
1054 /* When discoverable timeout triggers, then just make sure
1055 * the limited discoverable flag is cleared. Even in the case
1056 * of a timeout triggered from general discoverable, it is
1057 * safe to unconditionally clear the flag.
1059 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1060 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1061 hdev->discov_timeout = 0;
1063 hci_update_discoverable(hdev);
1065 mgmt_new_settings(hdev);
1067 hci_dev_unlock(hdev);
1070 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev);
1072 static void mesh_send_complete(struct hci_dev *hdev,
1073 struct mgmt_mesh_tx *mesh_tx, bool silent)
1075 u8 handle = mesh_tx->handle;
1078 mgmt_event(MGMT_EV_MESH_PACKET_CMPLT, hdev, &handle,
1079 sizeof(handle), NULL);
1081 mgmt_mesh_remove(mesh_tx);
1084 static int mesh_send_done_sync(struct hci_dev *hdev, void *data)
1086 struct mgmt_mesh_tx *mesh_tx;
1088 hci_dev_clear_flag(hdev, HCI_MESH_SENDING);
1089 hci_disable_advertising_sync(hdev);
1090 mesh_tx = mgmt_mesh_next(hdev, NULL);
1093 mesh_send_complete(hdev, mesh_tx, false);
1098 static int mesh_send_sync(struct hci_dev *hdev, void *data);
1099 static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err);
1100 static void mesh_next(struct hci_dev *hdev, void *data, int err)
1102 struct mgmt_mesh_tx *mesh_tx = mgmt_mesh_next(hdev, NULL);
1107 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx,
1108 mesh_send_start_complete);
1111 mesh_send_complete(hdev, mesh_tx, false);
1113 hci_dev_set_flag(hdev, HCI_MESH_SENDING);
1116 static void mesh_send_done(struct work_struct *work)
1118 struct hci_dev *hdev = container_of(work, struct hci_dev,
1119 mesh_send_done.work);
1121 if (!hci_dev_test_flag(hdev, HCI_MESH_SENDING))
1124 hci_cmd_sync_queue(hdev, mesh_send_done_sync, NULL, mesh_next);
1127 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1129 if (hci_dev_test_flag(hdev, HCI_MGMT))
1132 BT_INFO("MGMT ver %d.%d", MGMT_VERSION, MGMT_REVISION);
1134 INIT_DELAYED_WORK(&hdev->discov_off, discov_off);
1135 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1136 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1137 INIT_DELAYED_WORK(&hdev->mesh_send_done, mesh_send_done);
1139 /* Non-mgmt controlled devices get this bit set
1140 * implicitly so that pairing works for them, however
1141 * for mgmt we require user-space to explicitly enable
1144 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1146 hci_dev_set_flag(hdev, HCI_MGMT);
1149 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1150 void *data, u16 data_len)
1152 struct mgmt_rp_read_info rp;
1154 bt_dev_dbg(hdev, "sock %p", sk);
1158 memset(&rp, 0, sizeof(rp));
1160 bacpy(&rp.bdaddr, &hdev->bdaddr);
1162 rp.version = hdev->hci_ver;
1163 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1165 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1166 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1168 memcpy(rp.dev_class, hdev->dev_class, 3);
1170 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1171 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1173 hci_dev_unlock(hdev);
1175 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1179 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1184 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1185 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1186 hdev->dev_class, 3);
1188 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1189 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1192 name_len = strnlen(hdev->dev_name, sizeof(hdev->dev_name));
1193 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1194 hdev->dev_name, name_len);
1196 name_len = strnlen(hdev->short_name, sizeof(hdev->short_name));
1197 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1198 hdev->short_name, name_len);
1203 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1204 void *data, u16 data_len)
1207 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1210 bt_dev_dbg(hdev, "sock %p", sk);
1212 memset(&buf, 0, sizeof(buf));
1216 bacpy(&rp->bdaddr, &hdev->bdaddr);
1218 rp->version = hdev->hci_ver;
1219 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1221 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1222 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1225 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1226 rp->eir_len = cpu_to_le16(eir_len);
1228 hci_dev_unlock(hdev);
1230 /* If this command is called at least once, then the events
1231 * for class of device and local name changes are disabled
1232 * and only the new extended controller information event
1235 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1236 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1237 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1239 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1240 sizeof(*rp) + eir_len);
1243 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1246 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1249 memset(buf, 0, sizeof(buf));
1251 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1252 ev->eir_len = cpu_to_le16(eir_len);
1254 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1255 sizeof(*ev) + eir_len,
1256 HCI_MGMT_EXT_INFO_EVENTS, skip);
1259 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1261 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1263 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1267 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1269 struct mgmt_ev_advertising_added ev;
1271 ev.instance = instance;
1273 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1276 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1279 struct mgmt_ev_advertising_removed ev;
1281 ev.instance = instance;
1283 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1286 static void cancel_adv_timeout(struct hci_dev *hdev)
1288 if (hdev->adv_instance_timeout) {
1289 hdev->adv_instance_timeout = 0;
1290 cancel_delayed_work(&hdev->adv_instance_expire);
1294 /* This function requires the caller holds hdev->lock */
1295 static void restart_le_actions(struct hci_dev *hdev)
1297 struct hci_conn_params *p;
1299 list_for_each_entry(p, &hdev->le_conn_params, list) {
1300 /* Needed for AUTO_OFF case where might not "really"
1301 * have been powered off.
1303 list_del_init(&p->action);
1305 switch (p->auto_connect) {
1306 case HCI_AUTO_CONN_DIRECT:
1307 case HCI_AUTO_CONN_ALWAYS:
1308 list_add(&p->action, &hdev->pend_le_conns);
1310 case HCI_AUTO_CONN_REPORT:
1311 list_add(&p->action, &hdev->pend_le_reports);
1319 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1321 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1323 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1324 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1327 static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err)
1329 struct mgmt_pending_cmd *cmd = data;
1330 struct mgmt_mode *cp;
1332 /* Make sure cmd still outstanding. */
1333 if (cmd != pending_find(MGMT_OP_SET_POWERED, hdev))
1338 bt_dev_dbg(hdev, "err %d", err);
1343 restart_le_actions(hdev);
1344 hci_update_passive_scan(hdev);
1345 hci_dev_unlock(hdev);
1348 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
1350 /* Only call new_setting for power on as power off is deferred
1351 * to hdev->power_off work which does call hci_dev_do_close.
1354 new_settings(hdev, cmd->sk);
1356 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED,
1360 mgmt_pending_remove(cmd);
1363 static int set_powered_sync(struct hci_dev *hdev, void *data)
1365 struct mgmt_pending_cmd *cmd = data;
1366 struct mgmt_mode *cp = cmd->param;
1368 BT_DBG("%s", hdev->name);
1370 return hci_set_powered_sync(hdev, cp->val);
1373 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1376 struct mgmt_mode *cp = data;
1377 struct mgmt_pending_cmd *cmd;
1380 bt_dev_dbg(hdev, "sock %p", sk);
1382 if (cp->val != 0x00 && cp->val != 0x01)
1383 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1384 MGMT_STATUS_INVALID_PARAMS);
1388 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1389 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1394 if (!!cp->val == hdev_is_powered(hdev)) {
1395 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1399 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1405 err = hci_cmd_sync_queue(hdev, set_powered_sync, cmd,
1406 mgmt_set_powered_complete);
1409 mgmt_pending_remove(cmd);
1412 hci_dev_unlock(hdev);
1416 int mgmt_new_settings(struct hci_dev *hdev)
1418 return new_settings(hdev, NULL);
1423 struct hci_dev *hdev;
1427 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1429 struct cmd_lookup *match = data;
1431 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1433 list_del(&cmd->list);
1435 if (match->sk == NULL) {
1436 match->sk = cmd->sk;
1437 sock_hold(match->sk);
1440 mgmt_pending_free(cmd);
1443 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1447 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1448 mgmt_pending_remove(cmd);
1451 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1453 if (cmd->cmd_complete) {
1456 cmd->cmd_complete(cmd, *status);
1457 mgmt_pending_remove(cmd);
1462 cmd_status_rsp(cmd, data);
1465 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1467 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1468 cmd->param, cmd->param_len);
1471 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1473 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1474 cmd->param, sizeof(struct mgmt_addr_info));
1477 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1479 if (!lmp_bredr_capable(hdev))
1480 return MGMT_STATUS_NOT_SUPPORTED;
1481 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1482 return MGMT_STATUS_REJECTED;
1484 return MGMT_STATUS_SUCCESS;
1487 static u8 mgmt_le_support(struct hci_dev *hdev)
1489 if (!lmp_le_capable(hdev))
1490 return MGMT_STATUS_NOT_SUPPORTED;
1491 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1492 return MGMT_STATUS_REJECTED;
1494 return MGMT_STATUS_SUCCESS;
1497 static void mgmt_set_discoverable_complete(struct hci_dev *hdev, void *data,
1500 struct mgmt_pending_cmd *cmd = data;
1502 bt_dev_dbg(hdev, "err %d", err);
1504 /* Make sure cmd still outstanding. */
1505 if (cmd != pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
1511 u8 mgmt_err = mgmt_status(err);
1512 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1513 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1517 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1518 hdev->discov_timeout > 0) {
1519 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1520 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1523 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1524 new_settings(hdev, cmd->sk);
1527 mgmt_pending_remove(cmd);
1528 hci_dev_unlock(hdev);
1531 static int set_discoverable_sync(struct hci_dev *hdev, void *data)
1533 BT_DBG("%s", hdev->name);
1535 return hci_update_discoverable_sync(hdev);
1538 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1541 struct mgmt_cp_set_discoverable *cp = data;
1542 struct mgmt_pending_cmd *cmd;
1546 bt_dev_dbg(hdev, "sock %p", sk);
1548 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1549 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1550 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1551 MGMT_STATUS_REJECTED);
1553 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1554 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1555 MGMT_STATUS_INVALID_PARAMS);
1557 timeout = __le16_to_cpu(cp->timeout);
1559 /* Disabling discoverable requires that no timeout is set,
1560 * and enabling limited discoverable requires a timeout.
1562 if ((cp->val == 0x00 && timeout > 0) ||
1563 (cp->val == 0x02 && timeout == 0))
1564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1565 MGMT_STATUS_INVALID_PARAMS);
1569 if (!hdev_is_powered(hdev) && timeout > 0) {
1570 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1571 MGMT_STATUS_NOT_POWERED);
1575 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1576 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1577 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1582 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1583 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1584 MGMT_STATUS_REJECTED);
1588 if (hdev->advertising_paused) {
1589 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1594 if (!hdev_is_powered(hdev)) {
1595 bool changed = false;
1597 /* Setting limited discoverable when powered off is
1598 * not a valid operation since it requires a timeout
1599 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1601 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1602 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1606 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1611 err = new_settings(hdev, sk);
1616 /* If the current mode is the same, then just update the timeout
1617 * value with the new value. And if only the timeout gets updated,
1618 * then no need for any HCI transactions.
1620 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1621 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1622 HCI_LIMITED_DISCOVERABLE)) {
1623 cancel_delayed_work(&hdev->discov_off);
1624 hdev->discov_timeout = timeout;
1626 if (cp->val && hdev->discov_timeout > 0) {
1627 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1628 queue_delayed_work(hdev->req_workqueue,
1629 &hdev->discov_off, to);
1632 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1636 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1642 /* Cancel any potential discoverable timeout that might be
1643 * still active and store new timeout value. The arming of
1644 * the timeout happens in the complete handler.
1646 cancel_delayed_work(&hdev->discov_off);
1647 hdev->discov_timeout = timeout;
1650 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1652 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1654 /* Limited discoverable mode */
1655 if (cp->val == 0x02)
1656 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1658 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1660 err = hci_cmd_sync_queue(hdev, set_discoverable_sync, cmd,
1661 mgmt_set_discoverable_complete);
1664 mgmt_pending_remove(cmd);
1667 hci_dev_unlock(hdev);
1671 static void mgmt_set_connectable_complete(struct hci_dev *hdev, void *data,
1674 struct mgmt_pending_cmd *cmd = data;
1676 bt_dev_dbg(hdev, "err %d", err);
1678 /* Make sure cmd still outstanding. */
1679 if (cmd != pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
1685 u8 mgmt_err = mgmt_status(err);
1686 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1690 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1691 new_settings(hdev, cmd->sk);
1695 mgmt_pending_remove(cmd);
1697 hci_dev_unlock(hdev);
1700 static int set_connectable_update_settings(struct hci_dev *hdev,
1701 struct sock *sk, u8 val)
1703 bool changed = false;
1706 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1710 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1712 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1713 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1716 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1721 hci_update_scan(hdev);
1722 hci_update_passive_scan(hdev);
1723 return new_settings(hdev, sk);
1729 static int set_connectable_sync(struct hci_dev *hdev, void *data)
1731 BT_DBG("%s", hdev->name);
1733 return hci_update_connectable_sync(hdev);
1736 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1739 struct mgmt_mode *cp = data;
1740 struct mgmt_pending_cmd *cmd;
1743 bt_dev_dbg(hdev, "sock %p", sk);
1745 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1746 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1747 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1748 MGMT_STATUS_REJECTED);
1750 if (cp->val != 0x00 && cp->val != 0x01)
1751 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1752 MGMT_STATUS_INVALID_PARAMS);
1756 if (!hdev_is_powered(hdev)) {
1757 err = set_connectable_update_settings(hdev, sk, cp->val);
1761 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1762 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1763 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1768 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1775 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1777 if (hdev->discov_timeout > 0)
1778 cancel_delayed_work(&hdev->discov_off);
1780 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1781 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1782 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1785 err = hci_cmd_sync_queue(hdev, set_connectable_sync, cmd,
1786 mgmt_set_connectable_complete);
1789 mgmt_pending_remove(cmd);
1792 hci_dev_unlock(hdev);
1796 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1799 struct mgmt_mode *cp = data;
1803 bt_dev_dbg(hdev, "sock %p", sk);
1805 if (cp->val != 0x00 && cp->val != 0x01)
1806 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1807 MGMT_STATUS_INVALID_PARAMS);
1812 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1814 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1816 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1821 /* In limited privacy mode the change of bondable mode
1822 * may affect the local advertising address.
1824 hci_update_discoverable(hdev);
1826 err = new_settings(hdev, sk);
1830 hci_dev_unlock(hdev);
1834 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1837 struct mgmt_mode *cp = data;
1838 struct mgmt_pending_cmd *cmd;
1842 bt_dev_dbg(hdev, "sock %p", sk);
1844 status = mgmt_bredr_support(hdev);
1846 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1849 if (cp->val != 0x00 && cp->val != 0x01)
1850 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1851 MGMT_STATUS_INVALID_PARAMS);
1855 if (!hdev_is_powered(hdev)) {
1856 bool changed = false;
1858 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1859 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1863 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1868 err = new_settings(hdev, sk);
1873 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1874 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1881 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1882 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1886 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1892 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1894 mgmt_pending_remove(cmd);
1899 hci_dev_unlock(hdev);
1903 static void set_ssp_complete(struct hci_dev *hdev, void *data, int err)
1905 struct cmd_lookup match = { NULL, hdev };
1906 struct mgmt_pending_cmd *cmd = data;
1907 struct mgmt_mode *cp = cmd->param;
1908 u8 enable = cp->val;
1911 /* Make sure cmd still outstanding. */
1912 if (cmd != pending_find(MGMT_OP_SET_SSP, hdev))
1916 u8 mgmt_err = mgmt_status(err);
1918 if (enable && hci_dev_test_and_clear_flag(hdev,
1920 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1921 new_settings(hdev, NULL);
1924 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
1930 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1932 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
1935 changed = hci_dev_test_and_clear_flag(hdev,
1938 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1941 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
1944 new_settings(hdev, match.sk);
1949 hci_update_eir_sync(hdev);
1952 static int set_ssp_sync(struct hci_dev *hdev, void *data)
1954 struct mgmt_pending_cmd *cmd = data;
1955 struct mgmt_mode *cp = cmd->param;
1956 bool changed = false;
1960 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1962 err = hci_write_ssp_mode_sync(hdev, cp->val);
1964 if (!err && changed)
1965 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
1970 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1972 struct mgmt_mode *cp = data;
1973 struct mgmt_pending_cmd *cmd;
1977 bt_dev_dbg(hdev, "sock %p", sk);
1979 status = mgmt_bredr_support(hdev);
1981 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1983 if (!lmp_ssp_capable(hdev))
1984 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1985 MGMT_STATUS_NOT_SUPPORTED);
1987 if (cp->val != 0x00 && cp->val != 0x01)
1988 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1989 MGMT_STATUS_INVALID_PARAMS);
1993 if (!hdev_is_powered(hdev)) {
1997 changed = !hci_dev_test_and_set_flag(hdev,
2000 changed = hci_dev_test_and_clear_flag(hdev,
2003 changed = hci_dev_test_and_clear_flag(hdev,
2006 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
2009 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2014 err = new_settings(hdev, sk);
2019 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2020 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2025 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2026 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2030 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2034 err = hci_cmd_sync_queue(hdev, set_ssp_sync, cmd,
2038 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2039 MGMT_STATUS_FAILED);
2042 mgmt_pending_remove(cmd);
2046 hci_dev_unlock(hdev);
2050 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2052 struct mgmt_mode *cp = data;
2057 bt_dev_dbg(hdev, "sock %p", sk);
2059 if (!IS_ENABLED(CONFIG_BT_HS))
2060 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2061 MGMT_STATUS_NOT_SUPPORTED);
2063 status = mgmt_bredr_support(hdev);
2065 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2067 if (!lmp_ssp_capable(hdev))
2068 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2069 MGMT_STATUS_NOT_SUPPORTED);
2071 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
2072 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2073 MGMT_STATUS_REJECTED);
2075 if (cp->val != 0x00 && cp->val != 0x01)
2076 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2077 MGMT_STATUS_INVALID_PARAMS);
2081 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2082 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2088 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2090 if (hdev_is_powered(hdev)) {
2091 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2092 MGMT_STATUS_REJECTED);
2096 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2099 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2104 err = new_settings(hdev, sk);
2107 hci_dev_unlock(hdev);
2111 static void set_le_complete(struct hci_dev *hdev, void *data, int err)
2113 struct cmd_lookup match = { NULL, hdev };
2114 u8 status = mgmt_status(err);
2116 bt_dev_dbg(hdev, "err %d", err);
2119 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2124 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2126 new_settings(hdev, match.sk);
2132 static int set_le_sync(struct hci_dev *hdev, void *data)
2134 struct mgmt_pending_cmd *cmd = data;
2135 struct mgmt_mode *cp = cmd->param;
2140 hci_clear_adv_instance_sync(hdev, NULL, 0x00, true);
2142 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2143 hci_disable_advertising_sync(hdev);
2145 if (ext_adv_capable(hdev))
2146 hci_remove_ext_adv_instance_sync(hdev, 0, cmd->sk);
2148 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
2151 err = hci_write_le_host_supported_sync(hdev, val, 0);
2153 /* Make sure the controller has a good default for
2154 * advertising data. Restrict the update to when LE
2155 * has actually been enabled. During power on, the
2156 * update in powered_update_hci will take care of it.
2158 if (!err && hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2159 if (ext_adv_capable(hdev)) {
2162 status = hci_setup_ext_adv_instance_sync(hdev, 0x00);
2164 hci_update_scan_rsp_data_sync(hdev, 0x00);
2166 hci_update_adv_data_sync(hdev, 0x00);
2167 hci_update_scan_rsp_data_sync(hdev, 0x00);
2170 hci_update_passive_scan(hdev);
2176 static void set_mesh_complete(struct hci_dev *hdev, void *data, int err)
2178 struct mgmt_pending_cmd *cmd = data;
2179 u8 status = mgmt_status(err);
2180 struct sock *sk = cmd->sk;
2183 mgmt_pending_foreach(MGMT_OP_SET_MESH_RECEIVER, hdev,
2184 cmd_status_rsp, &status);
2188 mgmt_pending_remove(cmd);
2189 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 0, NULL, 0);
2192 static int set_mesh_sync(struct hci_dev *hdev, void *data)
2194 struct mgmt_pending_cmd *cmd = data;
2195 struct mgmt_cp_set_mesh *cp = cmd->param;
2196 size_t len = cmd->param_len;
2198 memset(hdev->mesh_ad_types, 0, sizeof(hdev->mesh_ad_types));
2201 hci_dev_set_flag(hdev, HCI_MESH);
2203 hci_dev_clear_flag(hdev, HCI_MESH);
2207 /* If filters don't fit, forward all adv pkts */
2208 if (len <= sizeof(hdev->mesh_ad_types))
2209 memcpy(hdev->mesh_ad_types, cp->ad_types, len);
2211 hci_update_passive_scan_sync(hdev);
2215 static int set_mesh(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2217 struct mgmt_cp_set_mesh *cp = data;
2218 struct mgmt_pending_cmd *cmd;
2221 bt_dev_dbg(hdev, "sock %p", sk);
2223 if (!lmp_le_capable(hdev) ||
2224 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2225 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2226 MGMT_STATUS_NOT_SUPPORTED);
2228 if (cp->enable != 0x00 && cp->enable != 0x01)
2229 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2230 MGMT_STATUS_INVALID_PARAMS);
2234 cmd = mgmt_pending_add(sk, MGMT_OP_SET_MESH_RECEIVER, hdev, data, len);
2238 err = hci_cmd_sync_queue(hdev, set_mesh_sync, cmd,
2242 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2243 MGMT_STATUS_FAILED);
2246 mgmt_pending_remove(cmd);
2249 hci_dev_unlock(hdev);
2253 static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err)
2255 struct mgmt_mesh_tx *mesh_tx = data;
2256 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param;
2257 unsigned long mesh_send_interval;
2258 u8 mgmt_err = mgmt_status(err);
2260 /* Report any errors here, but don't report completion */
2263 hci_dev_clear_flag(hdev, HCI_MESH_SENDING);
2264 /* Send Complete Error Code for handle */
2265 mesh_send_complete(hdev, mesh_tx, false);
2269 mesh_send_interval = msecs_to_jiffies((send->cnt) * 25);
2270 queue_delayed_work(hdev->req_workqueue, &hdev->mesh_send_done,
2271 mesh_send_interval);
2274 static int mesh_send_sync(struct hci_dev *hdev, void *data)
2276 struct mgmt_mesh_tx *mesh_tx = data;
2277 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param;
2278 struct adv_info *adv, *next_instance;
2279 u8 instance = hdev->le_num_of_adv_sets + 1;
2280 u16 timeout, duration;
2283 if (hdev->le_num_of_adv_sets <= hdev->adv_instance_cnt)
2284 return MGMT_STATUS_BUSY;
2287 duration = send->cnt * INTERVAL_TO_MS(hdev->le_adv_max_interval);
2288 adv = hci_add_adv_instance(hdev, instance, 0,
2289 send->adv_data_len, send->adv_data,
2292 HCI_ADV_TX_POWER_NO_PREFERENCE,
2293 hdev->le_adv_min_interval,
2294 hdev->le_adv_max_interval,
2298 mesh_tx->instance = instance;
2302 if (hdev->cur_adv_instance == instance) {
2303 /* If the currently advertised instance is being changed then
2304 * cancel the current advertising and schedule the next
2305 * instance. If there is only one instance then the overridden
2306 * advertising data will be visible right away.
2308 cancel_adv_timeout(hdev);
2310 next_instance = hci_get_next_instance(hdev, instance);
2312 instance = next_instance->instance;
2315 } else if (hdev->adv_instance_timeout) {
2316 /* Immediately advertise the new instance if no other, or
2317 * let it go naturally from queue if ADV is already happening
2323 return hci_schedule_adv_instance_sync(hdev, instance, true);
2328 static void send_count(struct mgmt_mesh_tx *mesh_tx, void *data)
2330 struct mgmt_rp_mesh_read_features *rp = data;
2332 if (rp->used_handles >= rp->max_handles)
2335 rp->handles[rp->used_handles++] = mesh_tx->handle;
2338 static int mesh_features(struct sock *sk, struct hci_dev *hdev,
2339 void *data, u16 len)
2341 struct mgmt_rp_mesh_read_features rp;
2343 if (!lmp_le_capable(hdev) ||
2344 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2345 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES,
2346 MGMT_STATUS_NOT_SUPPORTED);
2348 memset(&rp, 0, sizeof(rp));
2349 rp.index = cpu_to_le16(hdev->id);
2350 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2351 rp.max_handles = MESH_HANDLES_MAX;
2356 mgmt_mesh_foreach(hdev, send_count, &rp, sk);
2358 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES, 0, &rp,
2359 rp.used_handles + sizeof(rp) - MESH_HANDLES_MAX);
2361 hci_dev_unlock(hdev);
2365 static int send_cancel(struct hci_dev *hdev, void *data)
2367 struct mgmt_pending_cmd *cmd = data;
2368 struct mgmt_cp_mesh_send_cancel *cancel = (void *)cmd->param;
2369 struct mgmt_mesh_tx *mesh_tx;
2371 if (!cancel->handle) {
2373 mesh_tx = mgmt_mesh_next(hdev, cmd->sk);
2376 mesh_send_complete(hdev, mesh_tx, false);
2379 mesh_tx = mgmt_mesh_find(hdev, cancel->handle);
2381 if (mesh_tx && mesh_tx->sk == cmd->sk)
2382 mesh_send_complete(hdev, mesh_tx, false);
2385 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2387 mgmt_pending_free(cmd);
2392 static int mesh_send_cancel(struct sock *sk, struct hci_dev *hdev,
2393 void *data, u16 len)
2395 struct mgmt_pending_cmd *cmd;
2398 if (!lmp_le_capable(hdev) ||
2399 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2401 MGMT_STATUS_NOT_SUPPORTED);
2403 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2405 MGMT_STATUS_REJECTED);
2408 cmd = mgmt_pending_new(sk, MGMT_OP_MESH_SEND_CANCEL, hdev, data, len);
2412 err = hci_cmd_sync_queue(hdev, send_cancel, cmd, NULL);
2415 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2416 MGMT_STATUS_FAILED);
2419 mgmt_pending_free(cmd);
2422 hci_dev_unlock(hdev);
2426 static int mesh_send(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2428 struct mgmt_mesh_tx *mesh_tx;
2429 struct mgmt_cp_mesh_send *send = data;
2430 struct mgmt_rp_mesh_read_features rp;
2434 if (!lmp_le_capable(hdev) ||
2435 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2436 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2437 MGMT_STATUS_NOT_SUPPORTED);
2438 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) ||
2439 len <= MGMT_MESH_SEND_SIZE ||
2440 len > (MGMT_MESH_SEND_SIZE + 31))
2441 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2442 MGMT_STATUS_REJECTED);
2446 memset(&rp, 0, sizeof(rp));
2447 rp.max_handles = MESH_HANDLES_MAX;
2449 mgmt_mesh_foreach(hdev, send_count, &rp, sk);
2451 if (rp.max_handles <= rp.used_handles) {
2452 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2457 sending = hci_dev_test_flag(hdev, HCI_MESH_SENDING);
2458 mesh_tx = mgmt_mesh_add(sk, hdev, send, len);
2463 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx,
2464 mesh_send_start_complete);
2467 bt_dev_err(hdev, "Send Mesh Failed %d", err);
2468 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2469 MGMT_STATUS_FAILED);
2473 mgmt_mesh_remove(mesh_tx);
2476 hci_dev_set_flag(hdev, HCI_MESH_SENDING);
2478 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_SEND, 0,
2479 &mesh_tx->handle, 1);
2483 hci_dev_unlock(hdev);
2487 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2489 struct mgmt_mode *cp = data;
2490 struct mgmt_pending_cmd *cmd;
2494 bt_dev_dbg(hdev, "sock %p", sk);
2496 if (!lmp_le_capable(hdev))
2497 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2498 MGMT_STATUS_NOT_SUPPORTED);
2500 if (cp->val != 0x00 && cp->val != 0x01)
2501 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2502 MGMT_STATUS_INVALID_PARAMS);
2504 /* Bluetooth single mode LE only controllers or dual-mode
2505 * controllers configured as LE only devices, do not allow
2506 * switching LE off. These have either LE enabled explicitly
2507 * or BR/EDR has been previously switched off.
2509 * When trying to enable an already enabled LE, then gracefully
2510 * send a positive response. Trying to disable it however will
2511 * result into rejection.
2513 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2514 if (cp->val == 0x01)
2515 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2517 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2518 MGMT_STATUS_REJECTED);
2524 enabled = lmp_host_le_capable(hdev);
2526 if (!hdev_is_powered(hdev) || val == enabled) {
2527 bool changed = false;
2529 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2530 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2534 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2535 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2539 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2544 err = new_settings(hdev, sk);
2549 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2550 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2551 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2556 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2560 err = hci_cmd_sync_queue(hdev, set_le_sync, cmd,
2564 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2565 MGMT_STATUS_FAILED);
2568 mgmt_pending_remove(cmd);
2572 hci_dev_unlock(hdev);
2576 /* This is a helper function to test for pending mgmt commands that can
2577 * cause CoD or EIR HCI commands. We can only allow one such pending
2578 * mgmt command at a time since otherwise we cannot easily track what
2579 * the current values are, will be, and based on that calculate if a new
2580 * HCI command needs to be sent and if yes with what value.
2582 static bool pending_eir_or_class(struct hci_dev *hdev)
2584 struct mgmt_pending_cmd *cmd;
2586 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2587 switch (cmd->opcode) {
2588 case MGMT_OP_ADD_UUID:
2589 case MGMT_OP_REMOVE_UUID:
2590 case MGMT_OP_SET_DEV_CLASS:
2591 case MGMT_OP_SET_POWERED:
2599 static const u8 bluetooth_base_uuid[] = {
2600 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2601 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2604 static u8 get_uuid_size(const u8 *uuid)
2608 if (memcmp(uuid, bluetooth_base_uuid, 12))
2611 val = get_unaligned_le32(&uuid[12]);
2618 static void mgmt_class_complete(struct hci_dev *hdev, void *data, int err)
2620 struct mgmt_pending_cmd *cmd = data;
2622 bt_dev_dbg(hdev, "err %d", err);
2624 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2625 mgmt_status(err), hdev->dev_class, 3);
2627 mgmt_pending_free(cmd);
2630 static int add_uuid_sync(struct hci_dev *hdev, void *data)
2634 err = hci_update_class_sync(hdev);
2638 return hci_update_eir_sync(hdev);
2641 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2643 struct mgmt_cp_add_uuid *cp = data;
2644 struct mgmt_pending_cmd *cmd;
2645 struct bt_uuid *uuid;
2648 bt_dev_dbg(hdev, "sock %p", sk);
2652 if (pending_eir_or_class(hdev)) {
2653 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2658 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2664 memcpy(uuid->uuid, cp->uuid, 16);
2665 uuid->svc_hint = cp->svc_hint;
2666 uuid->size = get_uuid_size(cp->uuid);
2668 list_add_tail(&uuid->list, &hdev->uuids);
2670 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2676 err = hci_cmd_sync_queue(hdev, add_uuid_sync, cmd, mgmt_class_complete);
2678 mgmt_pending_free(cmd);
2683 hci_dev_unlock(hdev);
2687 static bool enable_service_cache(struct hci_dev *hdev)
2689 if (!hdev_is_powered(hdev))
2692 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2693 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2701 static int remove_uuid_sync(struct hci_dev *hdev, void *data)
2705 err = hci_update_class_sync(hdev);
2709 return hci_update_eir_sync(hdev);
2712 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2715 struct mgmt_cp_remove_uuid *cp = data;
2716 struct mgmt_pending_cmd *cmd;
2717 struct bt_uuid *match, *tmp;
2718 static const u8 bt_uuid_any[] = {
2719 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
2723 bt_dev_dbg(hdev, "sock %p", sk);
2727 if (pending_eir_or_class(hdev)) {
2728 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2733 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2734 hci_uuids_clear(hdev);
2736 if (enable_service_cache(hdev)) {
2737 err = mgmt_cmd_complete(sk, hdev->id,
2738 MGMT_OP_REMOVE_UUID,
2739 0, hdev->dev_class, 3);
2748 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2749 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2752 list_del(&match->list);
2758 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2759 MGMT_STATUS_INVALID_PARAMS);
2764 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2770 err = hci_cmd_sync_queue(hdev, remove_uuid_sync, cmd,
2771 mgmt_class_complete);
2773 mgmt_pending_free(cmd);
2776 hci_dev_unlock(hdev);
2780 static int set_class_sync(struct hci_dev *hdev, void *data)
2784 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2785 cancel_delayed_work_sync(&hdev->service_cache);
2786 err = hci_update_eir_sync(hdev);
2792 return hci_update_class_sync(hdev);
2795 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2798 struct mgmt_cp_set_dev_class *cp = data;
2799 struct mgmt_pending_cmd *cmd;
2802 bt_dev_dbg(hdev, "sock %p", sk);
2804 if (!lmp_bredr_capable(hdev))
2805 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2806 MGMT_STATUS_NOT_SUPPORTED);
2810 if (pending_eir_or_class(hdev)) {
2811 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2816 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2817 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2818 MGMT_STATUS_INVALID_PARAMS);
2822 hdev->major_class = cp->major;
2823 hdev->minor_class = cp->minor;
2825 if (!hdev_is_powered(hdev)) {
2826 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2827 hdev->dev_class, 3);
2831 cmd = mgmt_pending_new(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2837 err = hci_cmd_sync_queue(hdev, set_class_sync, cmd,
2838 mgmt_class_complete);
2840 mgmt_pending_free(cmd);
2843 hci_dev_unlock(hdev);
2847 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2850 struct mgmt_cp_load_link_keys *cp = data;
2851 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2852 sizeof(struct mgmt_link_key_info));
2853 u16 key_count, expected_len;
2857 bt_dev_dbg(hdev, "sock %p", sk);
2859 if (!lmp_bredr_capable(hdev))
2860 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2861 MGMT_STATUS_NOT_SUPPORTED);
2863 key_count = __le16_to_cpu(cp->key_count);
2864 if (key_count > max_key_count) {
2865 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2867 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2868 MGMT_STATUS_INVALID_PARAMS);
2871 expected_len = struct_size(cp, keys, key_count);
2872 if (expected_len != len) {
2873 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2875 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2876 MGMT_STATUS_INVALID_PARAMS);
2879 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2880 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2881 MGMT_STATUS_INVALID_PARAMS);
2883 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2886 for (i = 0; i < key_count; i++) {
2887 struct mgmt_link_key_info *key = &cp->keys[i];
2889 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2890 return mgmt_cmd_status(sk, hdev->id,
2891 MGMT_OP_LOAD_LINK_KEYS,
2892 MGMT_STATUS_INVALID_PARAMS);
2897 hci_link_keys_clear(hdev);
2900 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2902 changed = hci_dev_test_and_clear_flag(hdev,
2903 HCI_KEEP_DEBUG_KEYS);
2906 new_settings(hdev, NULL);
2908 for (i = 0; i < key_count; i++) {
2909 struct mgmt_link_key_info *key = &cp->keys[i];
2911 if (hci_is_blocked_key(hdev,
2912 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2914 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2919 /* Always ignore debug keys and require a new pairing if
2920 * the user wants to use them.
2922 if (key->type == HCI_LK_DEBUG_COMBINATION)
2925 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2926 key->type, key->pin_len, NULL);
2929 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2931 hci_dev_unlock(hdev);
2936 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2937 u8 addr_type, struct sock *skip_sk)
2939 struct mgmt_ev_device_unpaired ev;
2941 bacpy(&ev.addr.bdaddr, bdaddr);
2942 ev.addr.type = addr_type;
2944 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2948 static void unpair_device_complete(struct hci_dev *hdev, void *data, int err)
2950 struct mgmt_pending_cmd *cmd = data;
2951 struct mgmt_cp_unpair_device *cp = cmd->param;
2954 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2956 cmd->cmd_complete(cmd, err);
2957 mgmt_pending_free(cmd);
2960 static int unpair_device_sync(struct hci_dev *hdev, void *data)
2962 struct mgmt_pending_cmd *cmd = data;
2963 struct mgmt_cp_unpair_device *cp = cmd->param;
2964 struct hci_conn *conn;
2966 if (cp->addr.type == BDADDR_BREDR)
2967 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2970 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2971 le_addr_type(cp->addr.type));
2976 return hci_abort_conn_sync(hdev, conn, HCI_ERROR_REMOTE_USER_TERM);
2979 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2982 struct mgmt_cp_unpair_device *cp = data;
2983 struct mgmt_rp_unpair_device rp;
2984 struct hci_conn_params *params;
2985 struct mgmt_pending_cmd *cmd;
2986 struct hci_conn *conn;
2990 memset(&rp, 0, sizeof(rp));
2991 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2992 rp.addr.type = cp->addr.type;
2994 if (!bdaddr_type_is_valid(cp->addr.type))
2995 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2996 MGMT_STATUS_INVALID_PARAMS,
2999 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
3000 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3001 MGMT_STATUS_INVALID_PARAMS,
3006 if (!hdev_is_powered(hdev)) {
3007 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3008 MGMT_STATUS_NOT_POWERED, &rp,
3013 if (cp->addr.type == BDADDR_BREDR) {
3014 /* If disconnection is requested, then look up the
3015 * connection. If the remote device is connected, it
3016 * will be later used to terminate the link.
3018 * Setting it to NULL explicitly will cause no
3019 * termination of the link.
3022 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3027 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
3029 err = mgmt_cmd_complete(sk, hdev->id,
3030 MGMT_OP_UNPAIR_DEVICE,
3031 MGMT_STATUS_NOT_PAIRED, &rp,
3039 /* LE address type */
3040 addr_type = le_addr_type(cp->addr.type);
3042 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
3043 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
3045 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3046 MGMT_STATUS_NOT_PAIRED, &rp,
3051 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
3053 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
3058 /* Defer clearing up the connection parameters until closing to
3059 * give a chance of keeping them if a repairing happens.
3061 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3063 /* Disable auto-connection parameters if present */
3064 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
3066 if (params->explicit_connect)
3067 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3069 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3072 /* If disconnection is not requested, then clear the connection
3073 * variable so that the link is not terminated.
3075 if (!cp->disconnect)
3079 /* If the connection variable is set, then termination of the
3080 * link is requested.
3083 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3085 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
3089 cmd = mgmt_pending_new(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
3096 cmd->cmd_complete = addr_cmd_complete;
3098 err = hci_cmd_sync_queue(hdev, unpair_device_sync, cmd,
3099 unpair_device_complete);
3101 mgmt_pending_free(cmd);
3104 hci_dev_unlock(hdev);
3108 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
3111 struct mgmt_cp_disconnect *cp = data;
3112 struct mgmt_rp_disconnect rp;
3113 struct mgmt_pending_cmd *cmd;
3114 struct hci_conn *conn;
3117 bt_dev_dbg(hdev, "sock %p", sk);
3119 memset(&rp, 0, sizeof(rp));
3120 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3121 rp.addr.type = cp->addr.type;
3123 if (!bdaddr_type_is_valid(cp->addr.type))
3124 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3125 MGMT_STATUS_INVALID_PARAMS,
3130 if (!test_bit(HCI_UP, &hdev->flags)) {
3131 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3132 MGMT_STATUS_NOT_POWERED, &rp,
3137 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
3138 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3139 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3143 if (cp->addr.type == BDADDR_BREDR)
3144 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3147 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
3148 le_addr_type(cp->addr.type));
3150 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
3151 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3152 MGMT_STATUS_NOT_CONNECTED, &rp,
3157 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
3163 cmd->cmd_complete = generic_cmd_complete;
3165 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3167 mgmt_pending_remove(cmd);
3170 hci_dev_unlock(hdev);
3174 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3176 switch (link_type) {
3178 switch (addr_type) {
3179 case ADDR_LE_DEV_PUBLIC:
3180 return BDADDR_LE_PUBLIC;
3183 /* Fallback to LE Random address type */
3184 return BDADDR_LE_RANDOM;
3188 /* Fallback to BR/EDR type */
3189 return BDADDR_BREDR;
3193 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3196 struct mgmt_rp_get_connections *rp;
3201 bt_dev_dbg(hdev, "sock %p", sk);
3205 if (!hdev_is_powered(hdev)) {
3206 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3207 MGMT_STATUS_NOT_POWERED);
3212 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3213 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3217 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
3224 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3225 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3227 bacpy(&rp->addr[i].bdaddr, &c->dst);
3228 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3229 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3234 rp->conn_count = cpu_to_le16(i);
3236 /* Recalculate length in case of filtered SCO connections, etc */
3237 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3238 struct_size(rp, addr, i));
3243 hci_dev_unlock(hdev);
3247 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3248 struct mgmt_cp_pin_code_neg_reply *cp)
3250 struct mgmt_pending_cmd *cmd;
3253 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3258 cmd->cmd_complete = addr_cmd_complete;
3260 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3261 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3263 mgmt_pending_remove(cmd);
3268 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3271 struct hci_conn *conn;
3272 struct mgmt_cp_pin_code_reply *cp = data;
3273 struct hci_cp_pin_code_reply reply;
3274 struct mgmt_pending_cmd *cmd;
3277 bt_dev_dbg(hdev, "sock %p", sk);
3281 if (!hdev_is_powered(hdev)) {
3282 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3283 MGMT_STATUS_NOT_POWERED);
3287 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3289 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3290 MGMT_STATUS_NOT_CONNECTED);
3294 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3295 struct mgmt_cp_pin_code_neg_reply ncp;
3297 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3299 bt_dev_err(hdev, "PIN code is not 16 bytes long");
3301 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3303 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3304 MGMT_STATUS_INVALID_PARAMS);
3309 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3315 cmd->cmd_complete = addr_cmd_complete;
3317 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3318 reply.pin_len = cp->pin_len;
3319 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3321 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3323 mgmt_pending_remove(cmd);
3326 hci_dev_unlock(hdev);
3330 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3333 struct mgmt_cp_set_io_capability *cp = data;
3335 bt_dev_dbg(hdev, "sock %p", sk);
3337 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3338 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3339 MGMT_STATUS_INVALID_PARAMS);
3343 hdev->io_capability = cp->io_capability;
3345 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
3347 hci_dev_unlock(hdev);
3349 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3353 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
3355 struct hci_dev *hdev = conn->hdev;
3356 struct mgmt_pending_cmd *cmd;
3358 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3359 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3362 if (cmd->user_data != conn)
3371 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
3373 struct mgmt_rp_pair_device rp;
3374 struct hci_conn *conn = cmd->user_data;
3377 bacpy(&rp.addr.bdaddr, &conn->dst);
3378 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3380 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3381 status, &rp, sizeof(rp));
3383 /* So we don't get further callbacks for this connection */
3384 conn->connect_cfm_cb = NULL;
3385 conn->security_cfm_cb = NULL;
3386 conn->disconn_cfm_cb = NULL;
3388 hci_conn_drop(conn);
3390 /* The device is paired so there is no need to remove
3391 * its connection parameters anymore.
3393 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3400 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3402 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3403 struct mgmt_pending_cmd *cmd;
3405 cmd = find_pairing(conn);
3407 cmd->cmd_complete(cmd, status);
3408 mgmt_pending_remove(cmd);
3412 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3414 struct mgmt_pending_cmd *cmd;
3416 BT_DBG("status %u", status);
3418 cmd = find_pairing(conn);
3420 BT_DBG("Unable to find a pending command");
3424 cmd->cmd_complete(cmd, mgmt_status(status));
3425 mgmt_pending_remove(cmd);
3428 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3430 struct mgmt_pending_cmd *cmd;
3432 BT_DBG("status %u", status);
3437 cmd = find_pairing(conn);
3439 BT_DBG("Unable to find a pending command");
3443 cmd->cmd_complete(cmd, mgmt_status(status));
3444 mgmt_pending_remove(cmd);
3447 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3450 struct mgmt_cp_pair_device *cp = data;
3451 struct mgmt_rp_pair_device rp;
3452 struct mgmt_pending_cmd *cmd;
3453 u8 sec_level, auth_type;
3454 struct hci_conn *conn;
3457 bt_dev_dbg(hdev, "sock %p", sk);
3459 memset(&rp, 0, sizeof(rp));
3460 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3461 rp.addr.type = cp->addr.type;
3463 if (!bdaddr_type_is_valid(cp->addr.type))
3464 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3465 MGMT_STATUS_INVALID_PARAMS,
3468 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3469 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3470 MGMT_STATUS_INVALID_PARAMS,
3475 if (!hdev_is_powered(hdev)) {
3476 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3477 MGMT_STATUS_NOT_POWERED, &rp,
3482 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3483 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3484 MGMT_STATUS_ALREADY_PAIRED, &rp,
3489 sec_level = BT_SECURITY_MEDIUM;
3490 auth_type = HCI_AT_DEDICATED_BONDING;
3492 if (cp->addr.type == BDADDR_BREDR) {
3493 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3494 auth_type, CONN_REASON_PAIR_DEVICE);
3496 u8 addr_type = le_addr_type(cp->addr.type);
3497 struct hci_conn_params *p;
3499 /* When pairing a new device, it is expected to remember
3500 * this device for future connections. Adding the connection
3501 * parameter information ahead of time allows tracking
3502 * of the peripheral preferred values and will speed up any
3503 * further connection establishment.
3505 * If connection parameters already exist, then they
3506 * will be kept and this function does nothing.
3508 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3510 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
3511 p->auto_connect = HCI_AUTO_CONN_DISABLED;
3513 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type,
3514 sec_level, HCI_LE_CONN_TIMEOUT,
3515 CONN_REASON_PAIR_DEVICE);
3521 if (PTR_ERR(conn) == -EBUSY)
3522 status = MGMT_STATUS_BUSY;
3523 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3524 status = MGMT_STATUS_NOT_SUPPORTED;
3525 else if (PTR_ERR(conn) == -ECONNREFUSED)
3526 status = MGMT_STATUS_REJECTED;
3528 status = MGMT_STATUS_CONNECT_FAILED;
3530 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3531 status, &rp, sizeof(rp));
3535 if (conn->connect_cfm_cb) {
3536 hci_conn_drop(conn);
3537 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3538 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3542 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3545 hci_conn_drop(conn);
3549 cmd->cmd_complete = pairing_complete;
3551 /* For LE, just connecting isn't a proof that the pairing finished */
3552 if (cp->addr.type == BDADDR_BREDR) {
3553 conn->connect_cfm_cb = pairing_complete_cb;
3554 conn->security_cfm_cb = pairing_complete_cb;
3555 conn->disconn_cfm_cb = pairing_complete_cb;
3557 conn->connect_cfm_cb = le_pairing_complete_cb;
3558 conn->security_cfm_cb = le_pairing_complete_cb;
3559 conn->disconn_cfm_cb = le_pairing_complete_cb;
3562 conn->io_capability = cp->io_cap;
3563 cmd->user_data = hci_conn_get(conn);
3565 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3566 hci_conn_security(conn, sec_level, auth_type, true)) {
3567 cmd->cmd_complete(cmd, 0);
3568 mgmt_pending_remove(cmd);
3574 hci_dev_unlock(hdev);
3578 static int abort_conn_sync(struct hci_dev *hdev, void *data)
3580 struct hci_conn *conn;
3581 u16 handle = PTR_ERR(data);
3583 conn = hci_conn_hash_lookup_handle(hdev, handle);
3587 return hci_abort_conn_sync(hdev, conn, HCI_ERROR_REMOTE_USER_TERM);
3590 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3593 struct mgmt_addr_info *addr = data;
3594 struct mgmt_pending_cmd *cmd;
3595 struct hci_conn *conn;
3598 bt_dev_dbg(hdev, "sock %p", sk);
3602 if (!hdev_is_powered(hdev)) {
3603 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3604 MGMT_STATUS_NOT_POWERED);
3608 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3610 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3611 MGMT_STATUS_INVALID_PARAMS);
3615 conn = cmd->user_data;
3617 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3618 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3619 MGMT_STATUS_INVALID_PARAMS);
3623 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3624 mgmt_pending_remove(cmd);
3626 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3627 addr, sizeof(*addr));
3629 /* Since user doesn't want to proceed with the connection, abort any
3630 * ongoing pairing and then terminate the link if it was created
3631 * because of the pair device action.
3633 if (addr->type == BDADDR_BREDR)
3634 hci_remove_link_key(hdev, &addr->bdaddr);
3636 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr,
3637 le_addr_type(addr->type));
3639 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE)
3640 hci_cmd_sync_queue(hdev, abort_conn_sync, ERR_PTR(conn->handle),
3644 hci_dev_unlock(hdev);
3648 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3649 struct mgmt_addr_info *addr, u16 mgmt_op,
3650 u16 hci_op, __le32 passkey)
3652 struct mgmt_pending_cmd *cmd;
3653 struct hci_conn *conn;
3658 if (!hdev_is_powered(hdev)) {
3659 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3660 MGMT_STATUS_NOT_POWERED, addr,
3665 if (addr->type == BDADDR_BREDR)
3666 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3668 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3669 le_addr_type(addr->type));
3672 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3673 MGMT_STATUS_NOT_CONNECTED, addr,
3678 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3679 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3681 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3682 MGMT_STATUS_SUCCESS, addr,
3685 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3686 MGMT_STATUS_FAILED, addr,
3692 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3698 cmd->cmd_complete = addr_cmd_complete;
3700 /* Continue with pairing via HCI */
3701 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3702 struct hci_cp_user_passkey_reply cp;
3704 bacpy(&cp.bdaddr, &addr->bdaddr);
3705 cp.passkey = passkey;
3706 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3708 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3712 mgmt_pending_remove(cmd);
3715 hci_dev_unlock(hdev);
3719 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3720 void *data, u16 len)
3722 struct mgmt_cp_pin_code_neg_reply *cp = data;
3724 bt_dev_dbg(hdev, "sock %p", sk);
3726 return user_pairing_resp(sk, hdev, &cp->addr,
3727 MGMT_OP_PIN_CODE_NEG_REPLY,
3728 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3731 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3734 struct mgmt_cp_user_confirm_reply *cp = data;
3736 bt_dev_dbg(hdev, "sock %p", sk);
3738 if (len != sizeof(*cp))
3739 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3740 MGMT_STATUS_INVALID_PARAMS);
3742 return user_pairing_resp(sk, hdev, &cp->addr,
3743 MGMT_OP_USER_CONFIRM_REPLY,
3744 HCI_OP_USER_CONFIRM_REPLY, 0);
3747 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3748 void *data, u16 len)
3750 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3752 bt_dev_dbg(hdev, "sock %p", sk);
3754 return user_pairing_resp(sk, hdev, &cp->addr,
3755 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3756 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3759 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3762 struct mgmt_cp_user_passkey_reply *cp = data;
3764 bt_dev_dbg(hdev, "sock %p", sk);
3766 return user_pairing_resp(sk, hdev, &cp->addr,
3767 MGMT_OP_USER_PASSKEY_REPLY,
3768 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3771 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3772 void *data, u16 len)
3774 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3776 bt_dev_dbg(hdev, "sock %p", sk);
3778 return user_pairing_resp(sk, hdev, &cp->addr,
3779 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3780 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3783 static int adv_expire_sync(struct hci_dev *hdev, u32 flags)
3785 struct adv_info *adv_instance;
3787 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3791 /* stop if current instance doesn't need to be changed */
3792 if (!(adv_instance->flags & flags))
3795 cancel_adv_timeout(hdev);
3797 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3801 hci_schedule_adv_instance_sync(hdev, adv_instance->instance, true);
3806 static int name_changed_sync(struct hci_dev *hdev, void *data)
3808 return adv_expire_sync(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3811 static void set_name_complete(struct hci_dev *hdev, void *data, int err)
3813 struct mgmt_pending_cmd *cmd = data;
3814 struct mgmt_cp_set_local_name *cp = cmd->param;
3815 u8 status = mgmt_status(err);
3817 bt_dev_dbg(hdev, "err %d", err);
3819 if (cmd != pending_find(MGMT_OP_SET_LOCAL_NAME, hdev))
3823 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3826 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3829 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3830 hci_cmd_sync_queue(hdev, name_changed_sync, NULL, NULL);
3833 mgmt_pending_remove(cmd);
3836 static int set_name_sync(struct hci_dev *hdev, void *data)
3838 if (lmp_bredr_capable(hdev)) {
3839 hci_update_name_sync(hdev);
3840 hci_update_eir_sync(hdev);
3843 /* The name is stored in the scan response data and so
3844 * no need to update the advertising data here.
3846 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3847 hci_update_scan_rsp_data_sync(hdev, hdev->cur_adv_instance);
3852 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3855 struct mgmt_cp_set_local_name *cp = data;
3856 struct mgmt_pending_cmd *cmd;
3859 bt_dev_dbg(hdev, "sock %p", sk);
3863 /* If the old values are the same as the new ones just return a
3864 * direct command complete event.
3866 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3867 !memcmp(hdev->short_name, cp->short_name,
3868 sizeof(hdev->short_name))) {
3869 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3874 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3876 if (!hdev_is_powered(hdev)) {
3877 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3879 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3884 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3885 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3886 ext_info_changed(hdev, sk);
3891 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3895 err = hci_cmd_sync_queue(hdev, set_name_sync, cmd,
3899 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3900 MGMT_STATUS_FAILED);
3903 mgmt_pending_remove(cmd);
3908 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3911 hci_dev_unlock(hdev);
3915 static int appearance_changed_sync(struct hci_dev *hdev, void *data)
3917 return adv_expire_sync(hdev, MGMT_ADV_FLAG_APPEARANCE);
3920 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3923 struct mgmt_cp_set_appearance *cp = data;
3927 bt_dev_dbg(hdev, "sock %p", sk);
3929 if (!lmp_le_capable(hdev))
3930 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3931 MGMT_STATUS_NOT_SUPPORTED);
3933 appearance = le16_to_cpu(cp->appearance);
3937 if (hdev->appearance != appearance) {
3938 hdev->appearance = appearance;
3940 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3941 hci_cmd_sync_queue(hdev, appearance_changed_sync, NULL,
3944 ext_info_changed(hdev, sk);
3947 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3950 hci_dev_unlock(hdev);
3955 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3956 void *data, u16 len)
3958 struct mgmt_rp_get_phy_configuration rp;
3960 bt_dev_dbg(hdev, "sock %p", sk);
3964 memset(&rp, 0, sizeof(rp));
3966 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3967 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3968 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3970 hci_dev_unlock(hdev);
3972 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3976 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3978 struct mgmt_ev_phy_configuration_changed ev;
3980 memset(&ev, 0, sizeof(ev));
3982 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3984 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3988 static void set_default_phy_complete(struct hci_dev *hdev, void *data, int err)
3990 struct mgmt_pending_cmd *cmd = data;
3991 struct sk_buff *skb = cmd->skb;
3992 u8 status = mgmt_status(err);
3994 if (cmd != pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev))
3999 status = MGMT_STATUS_FAILED;
4000 else if (IS_ERR(skb))
4001 status = mgmt_status(PTR_ERR(skb));
4003 status = mgmt_status(skb->data[0]);
4006 bt_dev_dbg(hdev, "status %d", status);
4009 mgmt_cmd_status(cmd->sk, hdev->id,
4010 MGMT_OP_SET_PHY_CONFIGURATION, status);
4012 mgmt_cmd_complete(cmd->sk, hdev->id,
4013 MGMT_OP_SET_PHY_CONFIGURATION, 0,
4016 mgmt_phy_configuration_changed(hdev, cmd->sk);
4019 if (skb && !IS_ERR(skb))
4022 mgmt_pending_remove(cmd);
4025 static int set_default_phy_sync(struct hci_dev *hdev, void *data)
4027 struct mgmt_pending_cmd *cmd = data;
4028 struct mgmt_cp_set_phy_configuration *cp = cmd->param;
4029 struct hci_cp_le_set_default_phy cp_phy;
4030 u32 selected_phys = __le32_to_cpu(cp->selected_phys);
4032 memset(&cp_phy, 0, sizeof(cp_phy));
4034 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
4035 cp_phy.all_phys |= 0x01;
4037 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
4038 cp_phy.all_phys |= 0x02;
4040 if (selected_phys & MGMT_PHY_LE_1M_TX)
4041 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
4043 if (selected_phys & MGMT_PHY_LE_2M_TX)
4044 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
4046 if (selected_phys & MGMT_PHY_LE_CODED_TX)
4047 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
4049 if (selected_phys & MGMT_PHY_LE_1M_RX)
4050 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
4052 if (selected_phys & MGMT_PHY_LE_2M_RX)
4053 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
4055 if (selected_phys & MGMT_PHY_LE_CODED_RX)
4056 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
4058 cmd->skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_DEFAULT_PHY,
4059 sizeof(cp_phy), &cp_phy, HCI_CMD_TIMEOUT);
4064 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
4065 void *data, u16 len)
4067 struct mgmt_cp_set_phy_configuration *cp = data;
4068 struct mgmt_pending_cmd *cmd;
4069 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
4070 u16 pkt_type = (HCI_DH1 | HCI_DM1);
4071 bool changed = false;
4074 bt_dev_dbg(hdev, "sock %p", sk);
4076 configurable_phys = get_configurable_phys(hdev);
4077 supported_phys = get_supported_phys(hdev);
4078 selected_phys = __le32_to_cpu(cp->selected_phys);
4080 if (selected_phys & ~supported_phys)
4081 return mgmt_cmd_status(sk, hdev->id,
4082 MGMT_OP_SET_PHY_CONFIGURATION,
4083 MGMT_STATUS_INVALID_PARAMS);
4085 unconfigure_phys = supported_phys & ~configurable_phys;
4087 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
4088 return mgmt_cmd_status(sk, hdev->id,
4089 MGMT_OP_SET_PHY_CONFIGURATION,
4090 MGMT_STATUS_INVALID_PARAMS);
4092 if (selected_phys == get_selected_phys(hdev))
4093 return mgmt_cmd_complete(sk, hdev->id,
4094 MGMT_OP_SET_PHY_CONFIGURATION,
4099 if (!hdev_is_powered(hdev)) {
4100 err = mgmt_cmd_status(sk, hdev->id,
4101 MGMT_OP_SET_PHY_CONFIGURATION,
4102 MGMT_STATUS_REJECTED);
4106 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
4107 err = mgmt_cmd_status(sk, hdev->id,
4108 MGMT_OP_SET_PHY_CONFIGURATION,
4113 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
4114 pkt_type |= (HCI_DH3 | HCI_DM3);
4116 pkt_type &= ~(HCI_DH3 | HCI_DM3);
4118 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
4119 pkt_type |= (HCI_DH5 | HCI_DM5);
4121 pkt_type &= ~(HCI_DH5 | HCI_DM5);
4123 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
4124 pkt_type &= ~HCI_2DH1;
4126 pkt_type |= HCI_2DH1;
4128 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
4129 pkt_type &= ~HCI_2DH3;
4131 pkt_type |= HCI_2DH3;
4133 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
4134 pkt_type &= ~HCI_2DH5;
4136 pkt_type |= HCI_2DH5;
4138 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
4139 pkt_type &= ~HCI_3DH1;
4141 pkt_type |= HCI_3DH1;
4143 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
4144 pkt_type &= ~HCI_3DH3;
4146 pkt_type |= HCI_3DH3;
4148 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
4149 pkt_type &= ~HCI_3DH5;
4151 pkt_type |= HCI_3DH5;
4153 if (pkt_type != hdev->pkt_type) {
4154 hdev->pkt_type = pkt_type;
4158 if ((selected_phys & MGMT_PHY_LE_MASK) ==
4159 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
4161 mgmt_phy_configuration_changed(hdev, sk);
4163 err = mgmt_cmd_complete(sk, hdev->id,
4164 MGMT_OP_SET_PHY_CONFIGURATION,
4170 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
4175 err = hci_cmd_sync_queue(hdev, set_default_phy_sync, cmd,
4176 set_default_phy_complete);
4179 err = mgmt_cmd_status(sk, hdev->id,
4180 MGMT_OP_SET_PHY_CONFIGURATION,
4181 MGMT_STATUS_FAILED);
4184 mgmt_pending_remove(cmd);
4188 hci_dev_unlock(hdev);
4193 static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
4196 int err = MGMT_STATUS_SUCCESS;
4197 struct mgmt_cp_set_blocked_keys *keys = data;
4198 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
4199 sizeof(struct mgmt_blocked_key_info));
4200 u16 key_count, expected_len;
4203 bt_dev_dbg(hdev, "sock %p", sk);
4205 key_count = __le16_to_cpu(keys->key_count);
4206 if (key_count > max_key_count) {
4207 bt_dev_err(hdev, "too big key_count value %u", key_count);
4208 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4209 MGMT_STATUS_INVALID_PARAMS);
4212 expected_len = struct_size(keys, keys, key_count);
4213 if (expected_len != len) {
4214 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
4216 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4217 MGMT_STATUS_INVALID_PARAMS);
4222 hci_blocked_keys_clear(hdev);
4224 for (i = 0; i < key_count; ++i) {
4225 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
4228 err = MGMT_STATUS_NO_RESOURCES;
4232 b->type = keys->keys[i].type;
4233 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
4234 list_add_rcu(&b->list, &hdev->blocked_keys);
4236 hci_dev_unlock(hdev);
4238 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4242 static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
4243 void *data, u16 len)
4245 struct mgmt_mode *cp = data;
4247 bool changed = false;
4249 bt_dev_dbg(hdev, "sock %p", sk);
4251 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
4252 return mgmt_cmd_status(sk, hdev->id,
4253 MGMT_OP_SET_WIDEBAND_SPEECH,
4254 MGMT_STATUS_NOT_SUPPORTED);
4256 if (cp->val != 0x00 && cp->val != 0x01)
4257 return mgmt_cmd_status(sk, hdev->id,
4258 MGMT_OP_SET_WIDEBAND_SPEECH,
4259 MGMT_STATUS_INVALID_PARAMS);
4263 if (hdev_is_powered(hdev) &&
4264 !!cp->val != hci_dev_test_flag(hdev,
4265 HCI_WIDEBAND_SPEECH_ENABLED)) {
4266 err = mgmt_cmd_status(sk, hdev->id,
4267 MGMT_OP_SET_WIDEBAND_SPEECH,
4268 MGMT_STATUS_REJECTED);
4273 changed = !hci_dev_test_and_set_flag(hdev,
4274 HCI_WIDEBAND_SPEECH_ENABLED);
4276 changed = hci_dev_test_and_clear_flag(hdev,
4277 HCI_WIDEBAND_SPEECH_ENABLED);
4279 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
4284 err = new_settings(hdev, sk);
4287 hci_dev_unlock(hdev);
4291 static int read_controller_cap(struct sock *sk, struct hci_dev *hdev,
4292 void *data, u16 data_len)
4295 struct mgmt_rp_read_controller_cap *rp = (void *)buf;
4298 u8 tx_power_range[2];
4300 bt_dev_dbg(hdev, "sock %p", sk);
4302 memset(&buf, 0, sizeof(buf));
4306 /* When the Read Simple Pairing Options command is supported, then
4307 * the remote public key validation is supported.
4309 * Alternatively, when Microsoft extensions are available, they can
4310 * indicate support for public key validation as well.
4312 if ((hdev->commands[41] & 0x08) || msft_curve_validity(hdev))
4313 flags |= 0x01; /* Remote public key validation (BR/EDR) */
4315 flags |= 0x02; /* Remote public key validation (LE) */
4317 /* When the Read Encryption Key Size command is supported, then the
4318 * encryption key size is enforced.
4320 if (hdev->commands[20] & 0x10)
4321 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
4323 flags |= 0x08; /* Encryption key size enforcement (LE) */
4325 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS,
4328 /* When the Read Simple Pairing Options command is supported, then
4329 * also max encryption key size information is provided.
4331 if (hdev->commands[41] & 0x08)
4332 cap_len = eir_append_le16(rp->cap, cap_len,
4333 MGMT_CAP_MAX_ENC_KEY_SIZE,
4334 hdev->max_enc_key_size);
4336 cap_len = eir_append_le16(rp->cap, cap_len,
4337 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE,
4338 SMP_MAX_ENC_KEY_SIZE);
4340 /* Append the min/max LE tx power parameters if we were able to fetch
4341 * it from the controller
4343 if (hdev->commands[38] & 0x80) {
4344 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1);
4345 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1);
4346 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR,
4350 rp->cap_len = cpu_to_le16(cap_len);
4352 hci_dev_unlock(hdev);
4354 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0,
4355 rp, sizeof(*rp) + cap_len);
4358 #ifdef CONFIG_BT_FEATURE_DEBUG
4359 /* d4992530-b9ec-469f-ab01-6c481c47da1c */
4360 static const u8 debug_uuid[16] = {
4361 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab,
4362 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4,
4366 /* 330859bc-7506-492d-9370-9a6f0614037f */
4367 static const u8 quality_report_uuid[16] = {
4368 0x7f, 0x03, 0x14, 0x06, 0x6f, 0x9a, 0x70, 0x93,
4369 0x2d, 0x49, 0x06, 0x75, 0xbc, 0x59, 0x08, 0x33,
4372 /* a6695ace-ee7f-4fb9-881a-5fac66c629af */
4373 static const u8 offload_codecs_uuid[16] = {
4374 0xaf, 0x29, 0xc6, 0x66, 0xac, 0x5f, 0x1a, 0x88,
4375 0xb9, 0x4f, 0x7f, 0xee, 0xce, 0x5a, 0x69, 0xa6,
4378 /* 671b10b5-42c0-4696-9227-eb28d1b049d6 */
4379 static const u8 le_simultaneous_roles_uuid[16] = {
4380 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92,
4381 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67,
4384 /* 15c0a148-c273-11ea-b3de-0242ac130004 */
4385 static const u8 rpa_resolution_uuid[16] = {
4386 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3,
4387 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15,
4390 /* 6fbaf188-05e0-496a-9885-d6ddfdb4e03e */
4391 static const u8 iso_socket_uuid[16] = {
4392 0x3e, 0xe0, 0xb4, 0xfd, 0xdd, 0xd6, 0x85, 0x98,
4393 0x6a, 0x49, 0xe0, 0x05, 0x88, 0xf1, 0xba, 0x6f,
4396 /* 2ce463d7-7a03-4d8d-bf05-5f24e8f36e76 */
4397 static const u8 mgmt_mesh_uuid[16] = {
4398 0x76, 0x6e, 0xf3, 0xe8, 0x24, 0x5f, 0x05, 0xbf,
4399 0x8d, 0x4d, 0x03, 0x7a, 0xd7, 0x63, 0xe4, 0x2c,
4402 static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
4403 void *data, u16 data_len)
4405 struct mgmt_rp_read_exp_features_info *rp;
4411 bt_dev_dbg(hdev, "sock %p", sk);
4413 /* Enough space for 7 features */
4414 len = sizeof(*rp) + (sizeof(rp->features[0]) * 7);
4415 rp = kzalloc(len, GFP_KERNEL);
4419 #ifdef CONFIG_BT_FEATURE_DEBUG
4421 flags = bt_dbg_get() ? BIT(0) : 0;
4423 memcpy(rp->features[idx].uuid, debug_uuid, 16);
4424 rp->features[idx].flags = cpu_to_le32(flags);
4429 if (hdev && hci_dev_le_state_simultaneous(hdev)) {
4430 if (hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES))
4435 memcpy(rp->features[idx].uuid, le_simultaneous_roles_uuid, 16);
4436 rp->features[idx].flags = cpu_to_le32(flags);
4440 if (hdev && ll_privacy_capable(hdev)) {
4441 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
4442 flags = BIT(0) | BIT(1);
4446 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16);
4447 rp->features[idx].flags = cpu_to_le32(flags);
4451 if (hdev && (aosp_has_quality_report(hdev) ||
4452 hdev->set_quality_report)) {
4453 if (hci_dev_test_flag(hdev, HCI_QUALITY_REPORT))
4458 memcpy(rp->features[idx].uuid, quality_report_uuid, 16);
4459 rp->features[idx].flags = cpu_to_le32(flags);
4463 if (hdev && hdev->get_data_path_id) {
4464 if (hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED))
4469 memcpy(rp->features[idx].uuid, offload_codecs_uuid, 16);
4470 rp->features[idx].flags = cpu_to_le32(flags);
4474 if (IS_ENABLED(CONFIG_BT_LE)) {
4475 flags = iso_enabled() ? BIT(0) : 0;
4476 memcpy(rp->features[idx].uuid, iso_socket_uuid, 16);
4477 rp->features[idx].flags = cpu_to_le32(flags);
4481 if (hdev && lmp_le_capable(hdev)) {
4482 if (hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
4487 memcpy(rp->features[idx].uuid, mgmt_mesh_uuid, 16);
4488 rp->features[idx].flags = cpu_to_le32(flags);
4492 rp->feature_count = cpu_to_le16(idx);
4494 /* After reading the experimental features information, enable
4495 * the events to update client on any future change.
4497 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4499 status = mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4500 MGMT_OP_READ_EXP_FEATURES_INFO,
4501 0, rp, sizeof(*rp) + (20 * idx));
4507 static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev,
4510 struct mgmt_ev_exp_feature_changed ev;
4512 memset(&ev, 0, sizeof(ev));
4513 memcpy(ev.uuid, rpa_resolution_uuid, 16);
4514 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1));
4516 // Do we need to be atomic with the conn_flags?
4517 if (enabled && privacy_mode_capable(hdev))
4518 hdev->conn_flags |= HCI_CONN_FLAG_DEVICE_PRIVACY;
4520 hdev->conn_flags &= ~HCI_CONN_FLAG_DEVICE_PRIVACY;
4522 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
4524 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4528 static int exp_feature_changed(struct hci_dev *hdev, const u8 *uuid,
4529 bool enabled, struct sock *skip)
4531 struct mgmt_ev_exp_feature_changed ev;
4533 memset(&ev, 0, sizeof(ev));
4534 memcpy(ev.uuid, uuid, 16);
4535 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
4537 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
4539 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4542 #define EXP_FEAT(_uuid, _set_func) \
4545 .set_func = _set_func, \
4548 /* The zero key uuid is special. Multiple exp features are set through it. */
4549 static int set_zero_key_func(struct sock *sk, struct hci_dev *hdev,
4550 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4552 struct mgmt_rp_set_exp_feature rp;
4554 memset(rp.uuid, 0, 16);
4555 rp.flags = cpu_to_le32(0);
4557 #ifdef CONFIG_BT_FEATURE_DEBUG
4559 bool changed = bt_dbg_get();
4564 exp_feature_changed(NULL, ZERO_KEY, false, sk);
4568 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) {
4571 changed = hci_dev_test_and_clear_flag(hdev,
4572 HCI_ENABLE_LL_PRIVACY);
4574 exp_feature_changed(hdev, rpa_resolution_uuid, false,
4578 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4580 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4581 MGMT_OP_SET_EXP_FEATURE, 0,
4585 #ifdef CONFIG_BT_FEATURE_DEBUG
4586 static int set_debug_func(struct sock *sk, struct hci_dev *hdev,
4587 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4589 struct mgmt_rp_set_exp_feature rp;
4594 /* Command requires to use the non-controller index */
4596 return mgmt_cmd_status(sk, hdev->id,
4597 MGMT_OP_SET_EXP_FEATURE,
4598 MGMT_STATUS_INVALID_INDEX);
4600 /* Parameters are limited to a single octet */
4601 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4602 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4603 MGMT_OP_SET_EXP_FEATURE,
4604 MGMT_STATUS_INVALID_PARAMS);
4606 /* Only boolean on/off is supported */
4607 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4608 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4609 MGMT_OP_SET_EXP_FEATURE,
4610 MGMT_STATUS_INVALID_PARAMS);
4612 val = !!cp->param[0];
4613 changed = val ? !bt_dbg_get() : bt_dbg_get();
4616 memcpy(rp.uuid, debug_uuid, 16);
4617 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4619 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4621 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4622 MGMT_OP_SET_EXP_FEATURE, 0,
4626 exp_feature_changed(hdev, debug_uuid, val, sk);
4632 static int set_mgmt_mesh_func(struct sock *sk, struct hci_dev *hdev,
4633 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4635 struct mgmt_rp_set_exp_feature rp;
4639 /* Command requires to use the controller index */
4641 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4642 MGMT_OP_SET_EXP_FEATURE,
4643 MGMT_STATUS_INVALID_INDEX);
4645 /* Parameters are limited to a single octet */
4646 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4647 return mgmt_cmd_status(sk, hdev->id,
4648 MGMT_OP_SET_EXP_FEATURE,
4649 MGMT_STATUS_INVALID_PARAMS);
4651 /* Only boolean on/off is supported */
4652 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4653 return mgmt_cmd_status(sk, hdev->id,
4654 MGMT_OP_SET_EXP_FEATURE,
4655 MGMT_STATUS_INVALID_PARAMS);
4657 val = !!cp->param[0];
4660 changed = !hci_dev_test_and_set_flag(hdev,
4661 HCI_MESH_EXPERIMENTAL);
4663 hci_dev_clear_flag(hdev, HCI_MESH);
4664 changed = hci_dev_test_and_clear_flag(hdev,
4665 HCI_MESH_EXPERIMENTAL);
4668 memcpy(rp.uuid, mgmt_mesh_uuid, 16);
4669 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4671 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4673 err = mgmt_cmd_complete(sk, hdev->id,
4674 MGMT_OP_SET_EXP_FEATURE, 0,
4678 exp_feature_changed(hdev, mgmt_mesh_uuid, val, sk);
4683 static int set_rpa_resolution_func(struct sock *sk, struct hci_dev *hdev,
4684 struct mgmt_cp_set_exp_feature *cp,
4687 struct mgmt_rp_set_exp_feature rp;
4692 /* Command requires to use the controller index */
4694 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4695 MGMT_OP_SET_EXP_FEATURE,
4696 MGMT_STATUS_INVALID_INDEX);
4698 /* Changes can only be made when controller is powered down */
4699 if (hdev_is_powered(hdev))
4700 return mgmt_cmd_status(sk, hdev->id,
4701 MGMT_OP_SET_EXP_FEATURE,
4702 MGMT_STATUS_REJECTED);
4704 /* Parameters are limited to a single octet */
4705 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4706 return mgmt_cmd_status(sk, hdev->id,
4707 MGMT_OP_SET_EXP_FEATURE,
4708 MGMT_STATUS_INVALID_PARAMS);
4710 /* Only boolean on/off is supported */
4711 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4712 return mgmt_cmd_status(sk, hdev->id,
4713 MGMT_OP_SET_EXP_FEATURE,
4714 MGMT_STATUS_INVALID_PARAMS);
4716 val = !!cp->param[0];
4719 changed = !hci_dev_test_and_set_flag(hdev,
4720 HCI_ENABLE_LL_PRIVACY);
4721 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4723 /* Enable LL privacy + supported settings changed */
4724 flags = BIT(0) | BIT(1);
4726 changed = hci_dev_test_and_clear_flag(hdev,
4727 HCI_ENABLE_LL_PRIVACY);
4729 /* Disable LL privacy + supported settings changed */
4733 memcpy(rp.uuid, rpa_resolution_uuid, 16);
4734 rp.flags = cpu_to_le32(flags);
4736 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4738 err = mgmt_cmd_complete(sk, hdev->id,
4739 MGMT_OP_SET_EXP_FEATURE, 0,
4743 exp_ll_privacy_feature_changed(val, hdev, sk);
4748 static int set_quality_report_func(struct sock *sk, struct hci_dev *hdev,
4749 struct mgmt_cp_set_exp_feature *cp,
4752 struct mgmt_rp_set_exp_feature rp;
4756 /* Command requires to use a valid controller index */
4758 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4759 MGMT_OP_SET_EXP_FEATURE,
4760 MGMT_STATUS_INVALID_INDEX);
4762 /* Parameters are limited to a single octet */
4763 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4764 return mgmt_cmd_status(sk, hdev->id,
4765 MGMT_OP_SET_EXP_FEATURE,
4766 MGMT_STATUS_INVALID_PARAMS);
4768 /* Only boolean on/off is supported */
4769 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4770 return mgmt_cmd_status(sk, hdev->id,
4771 MGMT_OP_SET_EXP_FEATURE,
4772 MGMT_STATUS_INVALID_PARAMS);
4774 hci_req_sync_lock(hdev);
4776 val = !!cp->param[0];
4777 changed = (val != hci_dev_test_flag(hdev, HCI_QUALITY_REPORT));
4779 if (!aosp_has_quality_report(hdev) && !hdev->set_quality_report) {
4780 err = mgmt_cmd_status(sk, hdev->id,
4781 MGMT_OP_SET_EXP_FEATURE,
4782 MGMT_STATUS_NOT_SUPPORTED);
4783 goto unlock_quality_report;
4787 if (hdev->set_quality_report)
4788 err = hdev->set_quality_report(hdev, val);
4790 err = aosp_set_quality_report(hdev, val);
4793 err = mgmt_cmd_status(sk, hdev->id,
4794 MGMT_OP_SET_EXP_FEATURE,
4795 MGMT_STATUS_FAILED);
4796 goto unlock_quality_report;
4800 hci_dev_set_flag(hdev, HCI_QUALITY_REPORT);
4802 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
4805 bt_dev_dbg(hdev, "quality report enable %d changed %d", val, changed);
4807 memcpy(rp.uuid, quality_report_uuid, 16);
4808 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4809 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4811 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_EXP_FEATURE, 0,
4815 exp_feature_changed(hdev, quality_report_uuid, val, sk);
4817 unlock_quality_report:
4818 hci_req_sync_unlock(hdev);
4822 static int set_offload_codec_func(struct sock *sk, struct hci_dev *hdev,
4823 struct mgmt_cp_set_exp_feature *cp,
4828 struct mgmt_rp_set_exp_feature rp;
4830 /* Command requires to use a valid controller index */
4832 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4833 MGMT_OP_SET_EXP_FEATURE,
4834 MGMT_STATUS_INVALID_INDEX);
4836 /* Parameters are limited to a single octet */
4837 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4838 return mgmt_cmd_status(sk, hdev->id,
4839 MGMT_OP_SET_EXP_FEATURE,
4840 MGMT_STATUS_INVALID_PARAMS);
4842 /* Only boolean on/off is supported */
4843 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4844 return mgmt_cmd_status(sk, hdev->id,
4845 MGMT_OP_SET_EXP_FEATURE,
4846 MGMT_STATUS_INVALID_PARAMS);
4848 val = !!cp->param[0];
4849 changed = (val != hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED));
4851 if (!hdev->get_data_path_id) {
4852 return mgmt_cmd_status(sk, hdev->id,
4853 MGMT_OP_SET_EXP_FEATURE,
4854 MGMT_STATUS_NOT_SUPPORTED);
4859 hci_dev_set_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4861 hci_dev_clear_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4864 bt_dev_info(hdev, "offload codecs enable %d changed %d",
4867 memcpy(rp.uuid, offload_codecs_uuid, 16);
4868 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4869 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4870 err = mgmt_cmd_complete(sk, hdev->id,
4871 MGMT_OP_SET_EXP_FEATURE, 0,
4875 exp_feature_changed(hdev, offload_codecs_uuid, val, sk);
4880 static int set_le_simultaneous_roles_func(struct sock *sk, struct hci_dev *hdev,
4881 struct mgmt_cp_set_exp_feature *cp,
4886 struct mgmt_rp_set_exp_feature rp;
4888 /* Command requires to use a valid controller index */
4890 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4891 MGMT_OP_SET_EXP_FEATURE,
4892 MGMT_STATUS_INVALID_INDEX);
4894 /* Parameters are limited to a single octet */
4895 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4896 return mgmt_cmd_status(sk, hdev->id,
4897 MGMT_OP_SET_EXP_FEATURE,
4898 MGMT_STATUS_INVALID_PARAMS);
4900 /* Only boolean on/off is supported */
4901 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4902 return mgmt_cmd_status(sk, hdev->id,
4903 MGMT_OP_SET_EXP_FEATURE,
4904 MGMT_STATUS_INVALID_PARAMS);
4906 val = !!cp->param[0];
4907 changed = (val != hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES));
4909 if (!hci_dev_le_state_simultaneous(hdev)) {
4910 return mgmt_cmd_status(sk, hdev->id,
4911 MGMT_OP_SET_EXP_FEATURE,
4912 MGMT_STATUS_NOT_SUPPORTED);
4917 hci_dev_set_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES);
4919 hci_dev_clear_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES);
4922 bt_dev_info(hdev, "LE simultaneous roles enable %d changed %d",
4925 memcpy(rp.uuid, le_simultaneous_roles_uuid, 16);
4926 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4927 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4928 err = mgmt_cmd_complete(sk, hdev->id,
4929 MGMT_OP_SET_EXP_FEATURE, 0,
4933 exp_feature_changed(hdev, le_simultaneous_roles_uuid, val, sk);
4939 static int set_iso_socket_func(struct sock *sk, struct hci_dev *hdev,
4940 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4942 struct mgmt_rp_set_exp_feature rp;
4943 bool val, changed = false;
4946 /* Command requires to use the non-controller index */
4948 return mgmt_cmd_status(sk, hdev->id,
4949 MGMT_OP_SET_EXP_FEATURE,
4950 MGMT_STATUS_INVALID_INDEX);
4952 /* Parameters are limited to a single octet */
4953 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4954 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4955 MGMT_OP_SET_EXP_FEATURE,
4956 MGMT_STATUS_INVALID_PARAMS);
4958 /* Only boolean on/off is supported */
4959 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4960 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4961 MGMT_OP_SET_EXP_FEATURE,
4962 MGMT_STATUS_INVALID_PARAMS);
4964 val = cp->param[0] ? true : false;
4973 memcpy(rp.uuid, iso_socket_uuid, 16);
4974 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4976 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4978 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4979 MGMT_OP_SET_EXP_FEATURE, 0,
4983 exp_feature_changed(hdev, iso_socket_uuid, val, sk);
4989 static const struct mgmt_exp_feature {
4991 int (*set_func)(struct sock *sk, struct hci_dev *hdev,
4992 struct mgmt_cp_set_exp_feature *cp, u16 data_len);
4993 } exp_features[] = {
4994 EXP_FEAT(ZERO_KEY, set_zero_key_func),
4995 #ifdef CONFIG_BT_FEATURE_DEBUG
4996 EXP_FEAT(debug_uuid, set_debug_func),
4998 EXP_FEAT(mgmt_mesh_uuid, set_mgmt_mesh_func),
4999 EXP_FEAT(rpa_resolution_uuid, set_rpa_resolution_func),
5000 EXP_FEAT(quality_report_uuid, set_quality_report_func),
5001 EXP_FEAT(offload_codecs_uuid, set_offload_codec_func),
5002 EXP_FEAT(le_simultaneous_roles_uuid, set_le_simultaneous_roles_func),
5004 EXP_FEAT(iso_socket_uuid, set_iso_socket_func),
5007 /* end with a null feature */
5008 EXP_FEAT(NULL, NULL)
5011 static int set_exp_feature(struct sock *sk, struct hci_dev *hdev,
5012 void *data, u16 data_len)
5014 struct mgmt_cp_set_exp_feature *cp = data;
5017 bt_dev_dbg(hdev, "sock %p", sk);
5019 for (i = 0; exp_features[i].uuid; i++) {
5020 if (!memcmp(cp->uuid, exp_features[i].uuid, 16))
5021 return exp_features[i].set_func(sk, hdev, cp, data_len);
5024 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
5025 MGMT_OP_SET_EXP_FEATURE,
5026 MGMT_STATUS_NOT_SUPPORTED);
5029 static u32 get_params_flags(struct hci_dev *hdev,
5030 struct hci_conn_params *params)
5032 u32 flags = hdev->conn_flags;
5034 /* Devices using RPAs can only be programmed in the acceptlist if
5035 * LL Privacy has been enable otherwise they cannot mark
5036 * HCI_CONN_FLAG_REMOTE_WAKEUP.
5038 if ((flags & HCI_CONN_FLAG_REMOTE_WAKEUP) && !use_ll_privacy(hdev) &&
5039 hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type))
5040 flags &= ~HCI_CONN_FLAG_REMOTE_WAKEUP;
5045 static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
5048 struct mgmt_cp_get_device_flags *cp = data;
5049 struct mgmt_rp_get_device_flags rp;
5050 struct bdaddr_list_with_flags *br_params;
5051 struct hci_conn_params *params;
5052 u32 supported_flags;
5053 u32 current_flags = 0;
5054 u8 status = MGMT_STATUS_INVALID_PARAMS;
5056 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n",
5057 &cp->addr.bdaddr, cp->addr.type);
5061 supported_flags = hdev->conn_flags;
5063 memset(&rp, 0, sizeof(rp));
5065 if (cp->addr.type == BDADDR_BREDR) {
5066 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
5072 current_flags = br_params->flags;
5074 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5075 le_addr_type(cp->addr.type));
5079 supported_flags = get_params_flags(hdev, params);
5080 current_flags = params->flags;
5083 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5084 rp.addr.type = cp->addr.type;
5085 rp.supported_flags = cpu_to_le32(supported_flags);
5086 rp.current_flags = cpu_to_le32(current_flags);
5088 status = MGMT_STATUS_SUCCESS;
5091 hci_dev_unlock(hdev);
5093 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status,
5097 static void device_flags_changed(struct sock *sk, struct hci_dev *hdev,
5098 bdaddr_t *bdaddr, u8 bdaddr_type,
5099 u32 supported_flags, u32 current_flags)
5101 struct mgmt_ev_device_flags_changed ev;
5103 bacpy(&ev.addr.bdaddr, bdaddr);
5104 ev.addr.type = bdaddr_type;
5105 ev.supported_flags = cpu_to_le32(supported_flags);
5106 ev.current_flags = cpu_to_le32(current_flags);
5108 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk);
5111 static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
5114 struct mgmt_cp_set_device_flags *cp = data;
5115 struct bdaddr_list_with_flags *br_params;
5116 struct hci_conn_params *params;
5117 u8 status = MGMT_STATUS_INVALID_PARAMS;
5118 u32 supported_flags;
5119 u32 current_flags = __le32_to_cpu(cp->current_flags);
5121 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x",
5122 &cp->addr.bdaddr, cp->addr.type, current_flags);
5124 // We should take hci_dev_lock() early, I think.. conn_flags can change
5125 supported_flags = hdev->conn_flags;
5127 if ((supported_flags | current_flags) != supported_flags) {
5128 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
5129 current_flags, supported_flags);
5135 if (cp->addr.type == BDADDR_BREDR) {
5136 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
5141 br_params->flags = current_flags;
5142 status = MGMT_STATUS_SUCCESS;
5144 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)",
5145 &cp->addr.bdaddr, cp->addr.type);
5151 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5152 le_addr_type(cp->addr.type));
5154 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)",
5155 &cp->addr.bdaddr, le_addr_type(cp->addr.type));
5159 supported_flags = get_params_flags(hdev, params);
5161 if ((supported_flags | current_flags) != supported_flags) {
5162 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
5163 current_flags, supported_flags);
5167 params->flags = current_flags;
5168 status = MGMT_STATUS_SUCCESS;
5170 /* Update passive scan if HCI_CONN_FLAG_DEVICE_PRIVACY
5173 if (params->flags & HCI_CONN_FLAG_DEVICE_PRIVACY)
5174 hci_update_passive_scan(hdev);
5177 hci_dev_unlock(hdev);
5180 if (status == MGMT_STATUS_SUCCESS)
5181 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
5182 supported_flags, current_flags);
5184 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status,
5185 &cp->addr, sizeof(cp->addr));
5188 static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev,
5191 struct mgmt_ev_adv_monitor_added ev;
5193 ev.monitor_handle = cpu_to_le16(handle);
5195 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk);
5198 void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle)
5200 struct mgmt_ev_adv_monitor_removed ev;
5201 struct mgmt_pending_cmd *cmd;
5202 struct sock *sk_skip = NULL;
5203 struct mgmt_cp_remove_adv_monitor *cp;
5205 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
5209 if (cp->monitor_handle)
5213 ev.monitor_handle = cpu_to_le16(handle);
5215 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip);
5218 static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
5219 void *data, u16 len)
5221 struct adv_monitor *monitor = NULL;
5222 struct mgmt_rp_read_adv_monitor_features *rp = NULL;
5225 __u32 supported = 0;
5227 __u16 num_handles = 0;
5228 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES];
5230 BT_DBG("request for %s", hdev->name);
5234 if (msft_monitor_supported(hdev))
5235 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS;
5237 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle)
5238 handles[num_handles++] = monitor->handle;
5240 hci_dev_unlock(hdev);
5242 rp_size = sizeof(*rp) + (num_handles * sizeof(u16));
5243 rp = kmalloc(rp_size, GFP_KERNEL);
5247 /* All supported features are currently enabled */
5248 enabled = supported;
5250 rp->supported_features = cpu_to_le32(supported);
5251 rp->enabled_features = cpu_to_le32(enabled);
5252 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES);
5253 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS;
5254 rp->num_handles = cpu_to_le16(num_handles);
5256 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
5258 err = mgmt_cmd_complete(sk, hdev->id,
5259 MGMT_OP_READ_ADV_MONITOR_FEATURES,
5260 MGMT_STATUS_SUCCESS, rp, rp_size);
5267 static void mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev,
5268 void *data, int status)
5270 struct mgmt_rp_add_adv_patterns_monitor rp;
5271 struct mgmt_pending_cmd *cmd = data;
5272 struct adv_monitor *monitor = cmd->user_data;
5276 rp.monitor_handle = cpu_to_le16(monitor->handle);
5279 mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle);
5280 hdev->adv_monitors_cnt++;
5281 if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED)
5282 monitor->state = ADV_MONITOR_STATE_REGISTERED;
5283 hci_update_passive_scan(hdev);
5286 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5287 mgmt_status(status), &rp, sizeof(rp));
5288 mgmt_pending_remove(cmd);
5290 hci_dev_unlock(hdev);
5291 bt_dev_dbg(hdev, "add monitor %d complete, status %d",
5292 rp.monitor_handle, status);
5295 static int mgmt_add_adv_patterns_monitor_sync(struct hci_dev *hdev, void *data)
5297 struct mgmt_pending_cmd *cmd = data;
5298 struct adv_monitor *monitor = cmd->user_data;
5300 return hci_add_adv_monitor(hdev, monitor);
5303 static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
5304 struct adv_monitor *m, u8 status,
5305 void *data, u16 len, u16 op)
5307 struct mgmt_pending_cmd *cmd;
5315 if (pending_find(MGMT_OP_SET_LE, hdev) ||
5316 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
5317 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) ||
5318 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) {
5319 status = MGMT_STATUS_BUSY;
5323 cmd = mgmt_pending_add(sk, op, hdev, data, len);
5325 status = MGMT_STATUS_NO_RESOURCES;
5330 err = hci_cmd_sync_queue(hdev, mgmt_add_adv_patterns_monitor_sync, cmd,
5331 mgmt_add_adv_patterns_monitor_complete);
5334 status = MGMT_STATUS_NO_RESOURCES;
5336 status = MGMT_STATUS_FAILED;
5341 hci_dev_unlock(hdev);
5346 hci_free_adv_monitor(hdev, m);
5347 hci_dev_unlock(hdev);
5348 return mgmt_cmd_status(sk, hdev->id, op, status);
5351 static void parse_adv_monitor_rssi(struct adv_monitor *m,
5352 struct mgmt_adv_rssi_thresholds *rssi)
5355 m->rssi.low_threshold = rssi->low_threshold;
5356 m->rssi.low_threshold_timeout =
5357 __le16_to_cpu(rssi->low_threshold_timeout);
5358 m->rssi.high_threshold = rssi->high_threshold;
5359 m->rssi.high_threshold_timeout =
5360 __le16_to_cpu(rssi->high_threshold_timeout);
5361 m->rssi.sampling_period = rssi->sampling_period;
5363 /* Default values. These numbers are the least constricting
5364 * parameters for MSFT API to work, so it behaves as if there
5365 * are no rssi parameter to consider. May need to be changed
5366 * if other API are to be supported.
5368 m->rssi.low_threshold = -127;
5369 m->rssi.low_threshold_timeout = 60;
5370 m->rssi.high_threshold = -127;
5371 m->rssi.high_threshold_timeout = 0;
5372 m->rssi.sampling_period = 0;
5376 static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count,
5377 struct mgmt_adv_pattern *patterns)
5379 u8 offset = 0, length = 0;
5380 struct adv_pattern *p = NULL;
5383 for (i = 0; i < pattern_count; i++) {
5384 offset = patterns[i].offset;
5385 length = patterns[i].length;
5386 if (offset >= HCI_MAX_AD_LENGTH ||
5387 length > HCI_MAX_AD_LENGTH ||
5388 (offset + length) > HCI_MAX_AD_LENGTH)
5389 return MGMT_STATUS_INVALID_PARAMS;
5391 p = kmalloc(sizeof(*p), GFP_KERNEL);
5393 return MGMT_STATUS_NO_RESOURCES;
5395 p->ad_type = patterns[i].ad_type;
5396 p->offset = patterns[i].offset;
5397 p->length = patterns[i].length;
5398 memcpy(p->value, patterns[i].value, p->length);
5400 INIT_LIST_HEAD(&p->list);
5401 list_add(&p->list, &m->patterns);
5404 return MGMT_STATUS_SUCCESS;
5407 static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
5408 void *data, u16 len)
5410 struct mgmt_cp_add_adv_patterns_monitor *cp = data;
5411 struct adv_monitor *m = NULL;
5412 u8 status = MGMT_STATUS_SUCCESS;
5413 size_t expected_size = sizeof(*cp);
5415 BT_DBG("request for %s", hdev->name);
5417 if (len <= sizeof(*cp)) {
5418 status = MGMT_STATUS_INVALID_PARAMS;
5422 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
5423 if (len != expected_size) {
5424 status = MGMT_STATUS_INVALID_PARAMS;
5428 m = kzalloc(sizeof(*m), GFP_KERNEL);
5430 status = MGMT_STATUS_NO_RESOURCES;
5434 INIT_LIST_HEAD(&m->patterns);
5436 parse_adv_monitor_rssi(m, NULL);
5437 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
5440 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
5441 MGMT_OP_ADD_ADV_PATTERNS_MONITOR);
5444 static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev,
5445 void *data, u16 len)
5447 struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data;
5448 struct adv_monitor *m = NULL;
5449 u8 status = MGMT_STATUS_SUCCESS;
5450 size_t expected_size = sizeof(*cp);
5452 BT_DBG("request for %s", hdev->name);
5454 if (len <= sizeof(*cp)) {
5455 status = MGMT_STATUS_INVALID_PARAMS;
5459 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
5460 if (len != expected_size) {
5461 status = MGMT_STATUS_INVALID_PARAMS;
5465 m = kzalloc(sizeof(*m), GFP_KERNEL);
5467 status = MGMT_STATUS_NO_RESOURCES;
5471 INIT_LIST_HEAD(&m->patterns);
5473 parse_adv_monitor_rssi(m, &cp->rssi);
5474 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
5477 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
5478 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI);
5481 static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev,
5482 void *data, int status)
5484 struct mgmt_rp_remove_adv_monitor rp;
5485 struct mgmt_pending_cmd *cmd = data;
5486 struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
5490 rp.monitor_handle = cp->monitor_handle;
5493 hci_update_passive_scan(hdev);
5495 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5496 mgmt_status(status), &rp, sizeof(rp));
5497 mgmt_pending_remove(cmd);
5499 hci_dev_unlock(hdev);
5500 bt_dev_dbg(hdev, "remove monitor %d complete, status %d",
5501 rp.monitor_handle, status);
5504 static int mgmt_remove_adv_monitor_sync(struct hci_dev *hdev, void *data)
5506 struct mgmt_pending_cmd *cmd = data;
5507 struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
5508 u16 handle = __le16_to_cpu(cp->monitor_handle);
5511 return hci_remove_all_adv_monitor(hdev);
5513 return hci_remove_single_adv_monitor(hdev, handle);
5516 static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev,
5517 void *data, u16 len)
5519 struct mgmt_pending_cmd *cmd;
5524 if (pending_find(MGMT_OP_SET_LE, hdev) ||
5525 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) ||
5526 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
5527 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) {
5528 status = MGMT_STATUS_BUSY;
5532 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len);
5534 status = MGMT_STATUS_NO_RESOURCES;
5538 err = hci_cmd_sync_queue(hdev, mgmt_remove_adv_monitor_sync, cmd,
5539 mgmt_remove_adv_monitor_complete);
5542 mgmt_pending_remove(cmd);
5545 status = MGMT_STATUS_NO_RESOURCES;
5547 status = MGMT_STATUS_FAILED;
5552 hci_dev_unlock(hdev);
5557 hci_dev_unlock(hdev);
5558 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
5562 static void read_local_oob_data_complete(struct hci_dev *hdev, void *data, int err)
5564 struct mgmt_rp_read_local_oob_data mgmt_rp;
5565 size_t rp_size = sizeof(mgmt_rp);
5566 struct mgmt_pending_cmd *cmd = data;
5567 struct sk_buff *skb = cmd->skb;
5568 u8 status = mgmt_status(err);
5572 status = MGMT_STATUS_FAILED;
5573 else if (IS_ERR(skb))
5574 status = mgmt_status(PTR_ERR(skb));
5576 status = mgmt_status(skb->data[0]);
5579 bt_dev_dbg(hdev, "status %d", status);
5582 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, status);
5586 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
5588 if (!bredr_sc_enabled(hdev)) {
5589 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
5591 if (skb->len < sizeof(*rp)) {
5592 mgmt_cmd_status(cmd->sk, hdev->id,
5593 MGMT_OP_READ_LOCAL_OOB_DATA,
5594 MGMT_STATUS_FAILED);
5598 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
5599 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
5601 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
5603 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
5605 if (skb->len < sizeof(*rp)) {
5606 mgmt_cmd_status(cmd->sk, hdev->id,
5607 MGMT_OP_READ_LOCAL_OOB_DATA,
5608 MGMT_STATUS_FAILED);
5612 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
5613 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
5615 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
5616 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
5619 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5620 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
5623 if (skb && !IS_ERR(skb))
5626 mgmt_pending_free(cmd);
5629 static int read_local_oob_data_sync(struct hci_dev *hdev, void *data)
5631 struct mgmt_pending_cmd *cmd = data;
5633 if (bredr_sc_enabled(hdev))
5634 cmd->skb = hci_read_local_oob_data_sync(hdev, true, cmd->sk);
5636 cmd->skb = hci_read_local_oob_data_sync(hdev, false, cmd->sk);
5638 if (IS_ERR(cmd->skb))
5639 return PTR_ERR(cmd->skb);
5644 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
5645 void *data, u16 data_len)
5647 struct mgmt_pending_cmd *cmd;
5650 bt_dev_dbg(hdev, "sock %p", sk);
5654 if (!hdev_is_powered(hdev)) {
5655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5656 MGMT_STATUS_NOT_POWERED);
5660 if (!lmp_ssp_capable(hdev)) {
5661 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5662 MGMT_STATUS_NOT_SUPPORTED);
5666 cmd = mgmt_pending_new(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
5670 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
5671 read_local_oob_data_complete);
5674 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5675 MGMT_STATUS_FAILED);
5678 mgmt_pending_free(cmd);
5682 hci_dev_unlock(hdev);
5686 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
5687 void *data, u16 len)
5689 struct mgmt_addr_info *addr = data;
5692 bt_dev_dbg(hdev, "sock %p", sk);
5694 if (!bdaddr_type_is_valid(addr->type))
5695 return mgmt_cmd_complete(sk, hdev->id,
5696 MGMT_OP_ADD_REMOTE_OOB_DATA,
5697 MGMT_STATUS_INVALID_PARAMS,
5698 addr, sizeof(*addr));
5702 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
5703 struct mgmt_cp_add_remote_oob_data *cp = data;
5706 if (cp->addr.type != BDADDR_BREDR) {
5707 err = mgmt_cmd_complete(sk, hdev->id,
5708 MGMT_OP_ADD_REMOTE_OOB_DATA,
5709 MGMT_STATUS_INVALID_PARAMS,
5710 &cp->addr, sizeof(cp->addr));
5714 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
5715 cp->addr.type, cp->hash,
5716 cp->rand, NULL, NULL);
5718 status = MGMT_STATUS_FAILED;
5720 status = MGMT_STATUS_SUCCESS;
5722 err = mgmt_cmd_complete(sk, hdev->id,
5723 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
5724 &cp->addr, sizeof(cp->addr));
5725 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
5726 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
5727 u8 *rand192, *hash192, *rand256, *hash256;
5730 if (bdaddr_type_is_le(cp->addr.type)) {
5731 /* Enforce zero-valued 192-bit parameters as
5732 * long as legacy SMP OOB isn't implemented.
5734 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
5735 memcmp(cp->hash192, ZERO_KEY, 16)) {
5736 err = mgmt_cmd_complete(sk, hdev->id,
5737 MGMT_OP_ADD_REMOTE_OOB_DATA,
5738 MGMT_STATUS_INVALID_PARAMS,
5739 addr, sizeof(*addr));
5746 /* In case one of the P-192 values is set to zero,
5747 * then just disable OOB data for P-192.
5749 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
5750 !memcmp(cp->hash192, ZERO_KEY, 16)) {
5754 rand192 = cp->rand192;
5755 hash192 = cp->hash192;
5759 /* In case one of the P-256 values is set to zero, then just
5760 * disable OOB data for P-256.
5762 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
5763 !memcmp(cp->hash256, ZERO_KEY, 16)) {
5767 rand256 = cp->rand256;
5768 hash256 = cp->hash256;
5771 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
5772 cp->addr.type, hash192, rand192,
5775 status = MGMT_STATUS_FAILED;
5777 status = MGMT_STATUS_SUCCESS;
5779 err = mgmt_cmd_complete(sk, hdev->id,
5780 MGMT_OP_ADD_REMOTE_OOB_DATA,
5781 status, &cp->addr, sizeof(cp->addr));
5783 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
5785 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
5786 MGMT_STATUS_INVALID_PARAMS);
5790 hci_dev_unlock(hdev);
5794 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
5795 void *data, u16 len)
5797 struct mgmt_cp_remove_remote_oob_data *cp = data;
5801 bt_dev_dbg(hdev, "sock %p", sk);
5803 if (cp->addr.type != BDADDR_BREDR)
5804 return mgmt_cmd_complete(sk, hdev->id,
5805 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5806 MGMT_STATUS_INVALID_PARAMS,
5807 &cp->addr, sizeof(cp->addr));
5811 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5812 hci_remote_oob_data_clear(hdev);
5813 status = MGMT_STATUS_SUCCESS;
5817 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
5819 status = MGMT_STATUS_INVALID_PARAMS;
5821 status = MGMT_STATUS_SUCCESS;
5824 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5825 status, &cp->addr, sizeof(cp->addr));
5827 hci_dev_unlock(hdev);
5831 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
5833 struct mgmt_pending_cmd *cmd;
5835 bt_dev_dbg(hdev, "status %u", status);
5839 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
5841 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
5844 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
5847 cmd->cmd_complete(cmd, mgmt_status(status));
5848 mgmt_pending_remove(cmd);
5851 hci_dev_unlock(hdev);
5854 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
5855 uint8_t *mgmt_status)
5858 case DISCOV_TYPE_LE:
5859 *mgmt_status = mgmt_le_support(hdev);
5863 case DISCOV_TYPE_INTERLEAVED:
5864 *mgmt_status = mgmt_le_support(hdev);
5868 case DISCOV_TYPE_BREDR:
5869 *mgmt_status = mgmt_bredr_support(hdev);
5874 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
5881 static void start_discovery_complete(struct hci_dev *hdev, void *data, int err)
5883 struct mgmt_pending_cmd *cmd = data;
5885 if (cmd != pending_find(MGMT_OP_START_DISCOVERY, hdev) &&
5886 cmd != pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev) &&
5887 cmd != pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev))
5890 bt_dev_dbg(hdev, "err %d", err);
5892 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
5894 mgmt_pending_remove(cmd);
5896 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED:
5900 static int start_discovery_sync(struct hci_dev *hdev, void *data)
5902 return hci_start_discovery_sync(hdev);
5905 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
5906 u16 op, void *data, u16 len)
5908 struct mgmt_cp_start_discovery *cp = data;
5909 struct mgmt_pending_cmd *cmd;
5913 bt_dev_dbg(hdev, "sock %p", sk);
5917 if (!hdev_is_powered(hdev)) {
5918 err = mgmt_cmd_complete(sk, hdev->id, op,
5919 MGMT_STATUS_NOT_POWERED,
5920 &cp->type, sizeof(cp->type));
5924 if (hdev->discovery.state != DISCOVERY_STOPPED ||
5925 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
5926 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5927 &cp->type, sizeof(cp->type));
5931 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
5932 err = mgmt_cmd_complete(sk, hdev->id, op, status,
5933 &cp->type, sizeof(cp->type));
5937 /* Can't start discovery when it is paused */
5938 if (hdev->discovery_paused) {
5939 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5940 &cp->type, sizeof(cp->type));
5944 /* Clear the discovery filter first to free any previously
5945 * allocated memory for the UUID list.
5947 hci_discovery_filter_clear(hdev);
5949 hdev->discovery.type = cp->type;
5950 hdev->discovery.report_invalid_rssi = false;
5951 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
5952 hdev->discovery.limited = true;
5954 hdev->discovery.limited = false;
5956 cmd = mgmt_pending_add(sk, op, hdev, data, len);
5962 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
5963 start_discovery_complete);
5965 mgmt_pending_remove(cmd);
5969 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
5972 hci_dev_unlock(hdev);
5976 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
5977 void *data, u16 len)
5979 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
5983 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
5984 void *data, u16 len)
5986 return start_discovery_internal(sk, hdev,
5987 MGMT_OP_START_LIMITED_DISCOVERY,
5991 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
5992 void *data, u16 len)
5994 struct mgmt_cp_start_service_discovery *cp = data;
5995 struct mgmt_pending_cmd *cmd;
5996 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
5997 u16 uuid_count, expected_len;
6001 bt_dev_dbg(hdev, "sock %p", sk);
6005 if (!hdev_is_powered(hdev)) {
6006 err = mgmt_cmd_complete(sk, hdev->id,
6007 MGMT_OP_START_SERVICE_DISCOVERY,
6008 MGMT_STATUS_NOT_POWERED,
6009 &cp->type, sizeof(cp->type));
6013 if (hdev->discovery.state != DISCOVERY_STOPPED ||
6014 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
6015 err = mgmt_cmd_complete(sk, hdev->id,
6016 MGMT_OP_START_SERVICE_DISCOVERY,
6017 MGMT_STATUS_BUSY, &cp->type,
6022 if (hdev->discovery_paused) {
6023 err = mgmt_cmd_complete(sk, hdev->id,
6024 MGMT_OP_START_SERVICE_DISCOVERY,
6025 MGMT_STATUS_BUSY, &cp->type,
6030 uuid_count = __le16_to_cpu(cp->uuid_count);
6031 if (uuid_count > max_uuid_count) {
6032 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
6034 err = mgmt_cmd_complete(sk, hdev->id,
6035 MGMT_OP_START_SERVICE_DISCOVERY,
6036 MGMT_STATUS_INVALID_PARAMS, &cp->type,
6041 expected_len = sizeof(*cp) + uuid_count * 16;
6042 if (expected_len != len) {
6043 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
6045 err = mgmt_cmd_complete(sk, hdev->id,
6046 MGMT_OP_START_SERVICE_DISCOVERY,
6047 MGMT_STATUS_INVALID_PARAMS, &cp->type,
6052 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
6053 err = mgmt_cmd_complete(sk, hdev->id,
6054 MGMT_OP_START_SERVICE_DISCOVERY,
6055 status, &cp->type, sizeof(cp->type));
6059 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
6066 /* Clear the discovery filter first to free any previously
6067 * allocated memory for the UUID list.
6069 hci_discovery_filter_clear(hdev);
6071 hdev->discovery.result_filtering = true;
6072 hdev->discovery.type = cp->type;
6073 hdev->discovery.rssi = cp->rssi;
6074 hdev->discovery.uuid_count = uuid_count;
6076 if (uuid_count > 0) {
6077 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
6079 if (!hdev->discovery.uuids) {
6080 err = mgmt_cmd_complete(sk, hdev->id,
6081 MGMT_OP_START_SERVICE_DISCOVERY,
6083 &cp->type, sizeof(cp->type));
6084 mgmt_pending_remove(cmd);
6089 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
6090 start_discovery_complete);
6092 mgmt_pending_remove(cmd);
6096 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
6099 hci_dev_unlock(hdev);
6103 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
6105 struct mgmt_pending_cmd *cmd;
6107 bt_dev_dbg(hdev, "status %u", status);
6111 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
6113 cmd->cmd_complete(cmd, mgmt_status(status));
6114 mgmt_pending_remove(cmd);
6117 hci_dev_unlock(hdev);
6120 static void stop_discovery_complete(struct hci_dev *hdev, void *data, int err)
6122 struct mgmt_pending_cmd *cmd = data;
6124 if (cmd != pending_find(MGMT_OP_STOP_DISCOVERY, hdev))
6127 bt_dev_dbg(hdev, "err %d", err);
6129 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
6131 mgmt_pending_remove(cmd);
6134 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
6137 static int stop_discovery_sync(struct hci_dev *hdev, void *data)
6139 return hci_stop_discovery_sync(hdev);
6142 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
6145 struct mgmt_cp_stop_discovery *mgmt_cp = data;
6146 struct mgmt_pending_cmd *cmd;
6149 bt_dev_dbg(hdev, "sock %p", sk);
6153 if (!hci_discovery_active(hdev)) {
6154 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
6155 MGMT_STATUS_REJECTED, &mgmt_cp->type,
6156 sizeof(mgmt_cp->type));
6160 if (hdev->discovery.type != mgmt_cp->type) {
6161 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
6162 MGMT_STATUS_INVALID_PARAMS,
6163 &mgmt_cp->type, sizeof(mgmt_cp->type));
6167 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
6173 err = hci_cmd_sync_queue(hdev, stop_discovery_sync, cmd,
6174 stop_discovery_complete);
6176 mgmt_pending_remove(cmd);
6180 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
6183 hci_dev_unlock(hdev);
6187 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
6190 struct mgmt_cp_confirm_name *cp = data;
6191 struct inquiry_entry *e;
6194 bt_dev_dbg(hdev, "sock %p", sk);
6198 if (!hci_discovery_active(hdev)) {
6199 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
6200 MGMT_STATUS_FAILED, &cp->addr,
6205 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
6207 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
6208 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
6213 if (cp->name_known) {
6214 e->name_state = NAME_KNOWN;
6217 e->name_state = NAME_NEEDED;
6218 hci_inquiry_cache_update_resolve(hdev, e);
6221 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
6222 &cp->addr, sizeof(cp->addr));
6225 hci_dev_unlock(hdev);
6229 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
6232 struct mgmt_cp_block_device *cp = data;
6236 bt_dev_dbg(hdev, "sock %p", sk);
6238 if (!bdaddr_type_is_valid(cp->addr.type))
6239 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
6240 MGMT_STATUS_INVALID_PARAMS,
6241 &cp->addr, sizeof(cp->addr));
6245 err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr,
6248 status = MGMT_STATUS_FAILED;
6252 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
6254 status = MGMT_STATUS_SUCCESS;
6257 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
6258 &cp->addr, sizeof(cp->addr));
6260 hci_dev_unlock(hdev);
6265 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
6268 struct mgmt_cp_unblock_device *cp = data;
6272 bt_dev_dbg(hdev, "sock %p", sk);
6274 if (!bdaddr_type_is_valid(cp->addr.type))
6275 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
6276 MGMT_STATUS_INVALID_PARAMS,
6277 &cp->addr, sizeof(cp->addr));
6281 err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr,
6284 status = MGMT_STATUS_INVALID_PARAMS;
6288 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
6290 status = MGMT_STATUS_SUCCESS;
6293 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
6294 &cp->addr, sizeof(cp->addr));
6296 hci_dev_unlock(hdev);
6301 static int set_device_id_sync(struct hci_dev *hdev, void *data)
6303 return hci_update_eir_sync(hdev);
6306 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
6309 struct mgmt_cp_set_device_id *cp = data;
6313 bt_dev_dbg(hdev, "sock %p", sk);
6315 source = __le16_to_cpu(cp->source);
6317 if (source > 0x0002)
6318 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
6319 MGMT_STATUS_INVALID_PARAMS);
6323 hdev->devid_source = source;
6324 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
6325 hdev->devid_product = __le16_to_cpu(cp->product);
6326 hdev->devid_version = __le16_to_cpu(cp->version);
6328 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
6331 hci_cmd_sync_queue(hdev, set_device_id_sync, NULL, NULL);
6333 hci_dev_unlock(hdev);
6338 static void enable_advertising_instance(struct hci_dev *hdev, int err)
6341 bt_dev_err(hdev, "failed to re-configure advertising %d", err);
6343 bt_dev_dbg(hdev, "status %d", err);
6346 static void set_advertising_complete(struct hci_dev *hdev, void *data, int err)
6348 struct cmd_lookup match = { NULL, hdev };
6350 struct adv_info *adv_instance;
6351 u8 status = mgmt_status(err);
6354 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
6355 cmd_status_rsp, &status);
6359 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
6360 hci_dev_set_flag(hdev, HCI_ADVERTISING);
6362 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
6364 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
6367 new_settings(hdev, match.sk);
6372 /* If "Set Advertising" was just disabled and instance advertising was
6373 * set up earlier, then re-enable multi-instance advertising.
6375 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6376 list_empty(&hdev->adv_instances))
6379 instance = hdev->cur_adv_instance;
6381 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
6382 struct adv_info, list);
6386 instance = adv_instance->instance;
6389 err = hci_schedule_adv_instance_sync(hdev, instance, true);
6391 enable_advertising_instance(hdev, err);
6394 static int set_adv_sync(struct hci_dev *hdev, void *data)
6396 struct mgmt_pending_cmd *cmd = data;
6397 struct mgmt_mode *cp = cmd->param;
6400 if (cp->val == 0x02)
6401 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6403 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6405 cancel_adv_timeout(hdev);
6408 /* Switch to instance "0" for the Set Advertising setting.
6409 * We cannot use update_[adv|scan_rsp]_data() here as the
6410 * HCI_ADVERTISING flag is not yet set.
6412 hdev->cur_adv_instance = 0x00;
6414 if (ext_adv_capable(hdev)) {
6415 hci_start_ext_adv_sync(hdev, 0x00);
6417 hci_update_adv_data_sync(hdev, 0x00);
6418 hci_update_scan_rsp_data_sync(hdev, 0x00);
6419 hci_enable_advertising_sync(hdev);
6422 hci_disable_advertising_sync(hdev);
6428 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
6431 struct mgmt_mode *cp = data;
6432 struct mgmt_pending_cmd *cmd;
6436 bt_dev_dbg(hdev, "sock %p", sk);
6438 status = mgmt_le_support(hdev);
6440 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6443 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6444 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6445 MGMT_STATUS_INVALID_PARAMS);
6447 if (hdev->advertising_paused)
6448 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6455 /* The following conditions are ones which mean that we should
6456 * not do any HCI communication but directly send a mgmt
6457 * response to user space (after toggling the flag if
6460 if (!hdev_is_powered(hdev) ||
6461 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
6462 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
6463 hci_dev_test_flag(hdev, HCI_MESH) ||
6464 hci_conn_num(hdev, LE_LINK) > 0 ||
6465 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
6466 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
6470 hdev->cur_adv_instance = 0x00;
6471 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
6472 if (cp->val == 0x02)
6473 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6475 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6477 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
6478 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6481 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
6486 err = new_settings(hdev, sk);
6491 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
6492 pending_find(MGMT_OP_SET_LE, hdev)) {
6493 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6498 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
6502 err = hci_cmd_sync_queue(hdev, set_adv_sync, cmd,
6503 set_advertising_complete);
6506 mgmt_pending_remove(cmd);
6509 hci_dev_unlock(hdev);
6513 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
6514 void *data, u16 len)
6516 struct mgmt_cp_set_static_address *cp = data;
6519 bt_dev_dbg(hdev, "sock %p", sk);
6521 if (!lmp_le_capable(hdev))
6522 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
6523 MGMT_STATUS_NOT_SUPPORTED);
6525 if (hdev_is_powered(hdev))
6526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
6527 MGMT_STATUS_REJECTED);
6529 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
6530 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
6531 return mgmt_cmd_status(sk, hdev->id,
6532 MGMT_OP_SET_STATIC_ADDRESS,
6533 MGMT_STATUS_INVALID_PARAMS);
6535 /* Two most significant bits shall be set */
6536 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
6537 return mgmt_cmd_status(sk, hdev->id,
6538 MGMT_OP_SET_STATIC_ADDRESS,
6539 MGMT_STATUS_INVALID_PARAMS);
6544 bacpy(&hdev->static_addr, &cp->bdaddr);
6546 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
6550 err = new_settings(hdev, sk);
6553 hci_dev_unlock(hdev);
6557 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
6558 void *data, u16 len)
6560 struct mgmt_cp_set_scan_params *cp = data;
6561 __u16 interval, window;
6564 bt_dev_dbg(hdev, "sock %p", sk);
6566 if (!lmp_le_capable(hdev))
6567 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6568 MGMT_STATUS_NOT_SUPPORTED);
6570 interval = __le16_to_cpu(cp->interval);
6572 if (interval < 0x0004 || interval > 0x4000)
6573 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6574 MGMT_STATUS_INVALID_PARAMS);
6576 window = __le16_to_cpu(cp->window);
6578 if (window < 0x0004 || window > 0x4000)
6579 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6580 MGMT_STATUS_INVALID_PARAMS);
6582 if (window > interval)
6583 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6584 MGMT_STATUS_INVALID_PARAMS);
6588 hdev->le_scan_interval = interval;
6589 hdev->le_scan_window = window;
6591 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
6594 /* If background scan is running, restart it so new parameters are
6597 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
6598 hdev->discovery.state == DISCOVERY_STOPPED)
6599 hci_update_passive_scan(hdev);
6601 hci_dev_unlock(hdev);
6606 static void fast_connectable_complete(struct hci_dev *hdev, void *data, int err)
6608 struct mgmt_pending_cmd *cmd = data;
6610 bt_dev_dbg(hdev, "err %d", err);
6613 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
6616 struct mgmt_mode *cp = cmd->param;
6619 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
6621 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
6623 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6624 new_settings(hdev, cmd->sk);
6627 mgmt_pending_free(cmd);
6630 static int write_fast_connectable_sync(struct hci_dev *hdev, void *data)
6632 struct mgmt_pending_cmd *cmd = data;
6633 struct mgmt_mode *cp = cmd->param;
6635 return hci_write_fast_connectable_sync(hdev, cp->val);
6638 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
6639 void *data, u16 len)
6641 struct mgmt_mode *cp = data;
6642 struct mgmt_pending_cmd *cmd;
6645 bt_dev_dbg(hdev, "sock %p", sk);
6647 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
6648 hdev->hci_ver < BLUETOOTH_VER_1_2)
6649 return mgmt_cmd_status(sk, hdev->id,
6650 MGMT_OP_SET_FAST_CONNECTABLE,
6651 MGMT_STATUS_NOT_SUPPORTED);
6653 if (cp->val != 0x00 && cp->val != 0x01)
6654 return mgmt_cmd_status(sk, hdev->id,
6655 MGMT_OP_SET_FAST_CONNECTABLE,
6656 MGMT_STATUS_INVALID_PARAMS);
6660 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
6661 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6665 if (!hdev_is_powered(hdev)) {
6666 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
6667 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6668 new_settings(hdev, sk);
6672 cmd = mgmt_pending_new(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, data,
6677 err = hci_cmd_sync_queue(hdev, write_fast_connectable_sync, cmd,
6678 fast_connectable_complete);
6681 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
6682 MGMT_STATUS_FAILED);
6685 mgmt_pending_free(cmd);
6689 hci_dev_unlock(hdev);
6694 static void set_bredr_complete(struct hci_dev *hdev, void *data, int err)
6696 struct mgmt_pending_cmd *cmd = data;
6698 bt_dev_dbg(hdev, "err %d", err);
6701 u8 mgmt_err = mgmt_status(err);
6703 /* We need to restore the flag if related HCI commands
6706 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
6708 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
6710 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
6711 new_settings(hdev, cmd->sk);
6714 mgmt_pending_free(cmd);
6717 static int set_bredr_sync(struct hci_dev *hdev, void *data)
6721 status = hci_write_fast_connectable_sync(hdev, false);
6724 status = hci_update_scan_sync(hdev);
6726 /* Since only the advertising data flags will change, there
6727 * is no need to update the scan response data.
6730 status = hci_update_adv_data_sync(hdev, hdev->cur_adv_instance);
6735 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6737 struct mgmt_mode *cp = data;
6738 struct mgmt_pending_cmd *cmd;
6741 bt_dev_dbg(hdev, "sock %p", sk);
6743 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
6744 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6745 MGMT_STATUS_NOT_SUPPORTED);
6747 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
6748 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6749 MGMT_STATUS_REJECTED);
6751 if (cp->val != 0x00 && cp->val != 0x01)
6752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6753 MGMT_STATUS_INVALID_PARAMS);
6757 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
6758 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6762 if (!hdev_is_powered(hdev)) {
6764 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
6765 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
6766 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
6767 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
6768 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
6771 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
6773 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6777 err = new_settings(hdev, sk);
6781 /* Reject disabling when powered on */
6783 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6784 MGMT_STATUS_REJECTED);
6787 /* When configuring a dual-mode controller to operate
6788 * with LE only and using a static address, then switching
6789 * BR/EDR back on is not allowed.
6791 * Dual-mode controllers shall operate with the public
6792 * address as its identity address for BR/EDR and LE. So
6793 * reject the attempt to create an invalid configuration.
6795 * The same restrictions applies when secure connections
6796 * has been enabled. For BR/EDR this is a controller feature
6797 * while for LE it is a host stack feature. This means that
6798 * switching BR/EDR back on when secure connections has been
6799 * enabled is not a supported transaction.
6801 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6802 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
6803 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
6804 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6805 MGMT_STATUS_REJECTED);
6810 cmd = mgmt_pending_new(sk, MGMT_OP_SET_BREDR, hdev, data, len);
6814 err = hci_cmd_sync_queue(hdev, set_bredr_sync, cmd,
6815 set_bredr_complete);
6818 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6819 MGMT_STATUS_FAILED);
6821 mgmt_pending_free(cmd);
6826 /* We need to flip the bit already here so that
6827 * hci_req_update_adv_data generates the correct flags.
6829 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
6832 hci_dev_unlock(hdev);
6836 static void set_secure_conn_complete(struct hci_dev *hdev, void *data, int err)
6838 struct mgmt_pending_cmd *cmd = data;
6839 struct mgmt_mode *cp;
6841 bt_dev_dbg(hdev, "err %d", err);
6844 u8 mgmt_err = mgmt_status(err);
6846 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
6854 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
6855 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6858 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6859 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6862 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6863 hci_dev_set_flag(hdev, HCI_SC_ONLY);
6867 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
6868 new_settings(hdev, cmd->sk);
6871 mgmt_pending_free(cmd);
6874 static int set_secure_conn_sync(struct hci_dev *hdev, void *data)
6876 struct mgmt_pending_cmd *cmd = data;
6877 struct mgmt_mode *cp = cmd->param;
6880 /* Force write of val */
6881 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6883 return hci_write_sc_support_sync(hdev, val);
6886 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
6887 void *data, u16 len)
6889 struct mgmt_mode *cp = data;
6890 struct mgmt_pending_cmd *cmd;
6894 bt_dev_dbg(hdev, "sock %p", sk);
6896 if (!lmp_sc_capable(hdev) &&
6897 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
6898 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6899 MGMT_STATUS_NOT_SUPPORTED);
6901 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6902 lmp_sc_capable(hdev) &&
6903 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
6904 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6905 MGMT_STATUS_REJECTED);
6907 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6908 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6909 MGMT_STATUS_INVALID_PARAMS);
6913 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
6914 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
6918 changed = !hci_dev_test_and_set_flag(hdev,
6920 if (cp->val == 0x02)
6921 hci_dev_set_flag(hdev, HCI_SC_ONLY);
6923 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6925 changed = hci_dev_test_and_clear_flag(hdev,
6927 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6930 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6935 err = new_settings(hdev, sk);
6942 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6943 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6944 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6948 cmd = mgmt_pending_new(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
6952 err = hci_cmd_sync_queue(hdev, set_secure_conn_sync, cmd,
6953 set_secure_conn_complete);
6956 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6957 MGMT_STATUS_FAILED);
6959 mgmt_pending_free(cmd);
6963 hci_dev_unlock(hdev);
6967 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
6968 void *data, u16 len)
6970 struct mgmt_mode *cp = data;
6971 bool changed, use_changed;
6974 bt_dev_dbg(hdev, "sock %p", sk);
6976 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6977 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
6978 MGMT_STATUS_INVALID_PARAMS);
6983 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
6985 changed = hci_dev_test_and_clear_flag(hdev,
6986 HCI_KEEP_DEBUG_KEYS);
6988 if (cp->val == 0x02)
6989 use_changed = !hci_dev_test_and_set_flag(hdev,
6990 HCI_USE_DEBUG_KEYS);
6992 use_changed = hci_dev_test_and_clear_flag(hdev,
6993 HCI_USE_DEBUG_KEYS);
6995 if (hdev_is_powered(hdev) && use_changed &&
6996 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6997 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
6998 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
6999 sizeof(mode), &mode);
7002 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
7007 err = new_settings(hdev, sk);
7010 hci_dev_unlock(hdev);
7014 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
7017 struct mgmt_cp_set_privacy *cp = cp_data;
7021 bt_dev_dbg(hdev, "sock %p", sk);
7023 if (!lmp_le_capable(hdev))
7024 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7025 MGMT_STATUS_NOT_SUPPORTED);
7027 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
7028 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7029 MGMT_STATUS_INVALID_PARAMS);
7031 if (hdev_is_powered(hdev))
7032 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7033 MGMT_STATUS_REJECTED);
7037 /* If user space supports this command it is also expected to
7038 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
7040 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
7043 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
7044 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
7045 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
7046 hci_adv_instances_set_rpa_expired(hdev, true);
7047 if (cp->privacy == 0x02)
7048 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
7050 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
7052 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
7053 memset(hdev->irk, 0, sizeof(hdev->irk));
7054 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
7055 hci_adv_instances_set_rpa_expired(hdev, false);
7056 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
7059 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
7064 err = new_settings(hdev, sk);
7067 hci_dev_unlock(hdev);
7071 static bool irk_is_valid(struct mgmt_irk_info *irk)
7073 switch (irk->addr.type) {
7074 case BDADDR_LE_PUBLIC:
7077 case BDADDR_LE_RANDOM:
7078 /* Two most significant bits shall be set */
7079 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
7087 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
7090 struct mgmt_cp_load_irks *cp = cp_data;
7091 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
7092 sizeof(struct mgmt_irk_info));
7093 u16 irk_count, expected_len;
7096 bt_dev_dbg(hdev, "sock %p", sk);
7098 if (!lmp_le_capable(hdev))
7099 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7100 MGMT_STATUS_NOT_SUPPORTED);
7102 irk_count = __le16_to_cpu(cp->irk_count);
7103 if (irk_count > max_irk_count) {
7104 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
7106 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7107 MGMT_STATUS_INVALID_PARAMS);
7110 expected_len = struct_size(cp, irks, irk_count);
7111 if (expected_len != len) {
7112 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
7114 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7115 MGMT_STATUS_INVALID_PARAMS);
7118 bt_dev_dbg(hdev, "irk_count %u", irk_count);
7120 for (i = 0; i < irk_count; i++) {
7121 struct mgmt_irk_info *key = &cp->irks[i];
7123 if (!irk_is_valid(key))
7124 return mgmt_cmd_status(sk, hdev->id,
7126 MGMT_STATUS_INVALID_PARAMS);
7131 hci_smp_irks_clear(hdev);
7133 for (i = 0; i < irk_count; i++) {
7134 struct mgmt_irk_info *irk = &cp->irks[i];
7136 if (hci_is_blocked_key(hdev,
7137 HCI_BLOCKED_KEY_TYPE_IRK,
7139 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
7144 hci_add_irk(hdev, &irk->addr.bdaddr,
7145 le_addr_type(irk->addr.type), irk->val,
7149 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
7151 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
7153 hci_dev_unlock(hdev);
7159 static int set_advertising_params(struct sock *sk, struct hci_dev *hdev,
7160 void *data, u16 len)
7162 struct mgmt_cp_set_advertising_params *cp = data;
7167 BT_DBG("%s", hdev->name);
7169 if (!lmp_le_capable(hdev))
7170 return mgmt_cmd_status(sk, hdev->id,
7171 MGMT_OP_SET_ADVERTISING_PARAMS,
7172 MGMT_STATUS_NOT_SUPPORTED);
7174 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7175 return mgmt_cmd_status(sk, hdev->id,
7176 MGMT_OP_SET_ADVERTISING_PARAMS,
7179 min_interval = __le16_to_cpu(cp->interval_min);
7180 max_interval = __le16_to_cpu(cp->interval_max);
7182 if (min_interval > max_interval ||
7183 min_interval < 0x0020 || max_interval > 0x4000)
7184 return mgmt_cmd_status(sk, hdev->id,
7185 MGMT_OP_SET_ADVERTISING_PARAMS,
7186 MGMT_STATUS_INVALID_PARAMS);
7190 hdev->le_adv_min_interval = min_interval;
7191 hdev->le_adv_max_interval = max_interval;
7192 hdev->adv_filter_policy = cp->filter_policy;
7193 hdev->adv_type = cp->type;
7195 err = mgmt_cmd_complete(sk, hdev->id,
7196 MGMT_OP_SET_ADVERTISING_PARAMS, 0, NULL, 0);
7198 hci_dev_unlock(hdev);
7203 static void set_advertising_data_complete(struct hci_dev *hdev,
7204 u8 status, u16 opcode)
7206 struct mgmt_cp_set_advertising_data *cp;
7207 struct mgmt_pending_cmd *cmd;
7209 BT_DBG("status 0x%02x", status);
7213 cmd = pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev);
7220 mgmt_cmd_status(cmd->sk, hdev->id,
7221 MGMT_OP_SET_ADVERTISING_DATA,
7222 mgmt_status(status));
7224 mgmt_cmd_complete(cmd->sk, hdev->id,
7225 MGMT_OP_SET_ADVERTISING_DATA, 0,
7228 mgmt_pending_remove(cmd);
7231 hci_dev_unlock(hdev);
7234 static int set_advertising_data(struct sock *sk, struct hci_dev *hdev,
7235 void *data, u16 len)
7237 struct mgmt_pending_cmd *cmd;
7238 struct hci_request req;
7239 struct mgmt_cp_set_advertising_data *cp = data;
7240 struct hci_cp_le_set_adv_data adv;
7243 BT_DBG("%s", hdev->name);
7245 if (!lmp_le_capable(hdev)) {
7246 return mgmt_cmd_status(sk, hdev->id,
7247 MGMT_OP_SET_ADVERTISING_DATA,
7248 MGMT_STATUS_NOT_SUPPORTED);
7253 if (pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev)) {
7254 err = mgmt_cmd_status(sk, hdev->id,
7255 MGMT_OP_SET_ADVERTISING_DATA,
7260 if (len > HCI_MAX_AD_LENGTH) {
7261 err = mgmt_cmd_status(sk, hdev->id,
7262 MGMT_OP_SET_ADVERTISING_DATA,
7263 MGMT_STATUS_INVALID_PARAMS);
7267 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING_DATA,
7274 hci_req_init(&req, hdev);
7276 memset(&adv, 0, sizeof(adv));
7277 memcpy(adv.data, cp->data, len);
7280 hci_req_add(&req, HCI_OP_LE_SET_ADV_DATA, sizeof(adv), &adv);
7282 err = hci_req_run(&req, set_advertising_data_complete);
7284 mgmt_pending_remove(cmd);
7287 hci_dev_unlock(hdev);
7292 /* Adv White List feature */
7293 static void add_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7295 struct mgmt_cp_add_dev_white_list *cp;
7296 struct mgmt_pending_cmd *cmd;
7298 BT_DBG("status 0x%02x", status);
7302 cmd = pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev);
7309 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
7310 mgmt_status(status));
7312 mgmt_cmd_complete(cmd->sk, hdev->id,
7313 MGMT_OP_ADD_DEV_WHITE_LIST, 0, cp, sizeof(*cp));
7315 mgmt_pending_remove(cmd);
7318 hci_dev_unlock(hdev);
7321 static int add_white_list(struct sock *sk, struct hci_dev *hdev,
7322 void *data, u16 len)
7324 struct mgmt_pending_cmd *cmd;
7325 struct mgmt_cp_add_dev_white_list *cp = data;
7326 struct hci_request req;
7329 BT_DBG("%s", hdev->name);
7331 if (!lmp_le_capable(hdev))
7332 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
7333 MGMT_STATUS_NOT_SUPPORTED);
7335 if (!hdev_is_powered(hdev))
7336 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
7337 MGMT_STATUS_REJECTED);
7341 if (pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev)) {
7342 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
7347 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEV_WHITE_LIST, hdev, data, len);
7353 hci_req_init(&req, hdev);
7355 hci_req_add(&req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(*cp), cp);
7357 err = hci_req_run(&req, add_white_list_complete);
7359 mgmt_pending_remove(cmd);
7364 hci_dev_unlock(hdev);
7369 static void remove_from_white_list_complete(struct hci_dev *hdev,
7370 u8 status, u16 opcode)
7372 struct mgmt_cp_remove_dev_from_white_list *cp;
7373 struct mgmt_pending_cmd *cmd;
7375 BT_DBG("status 0x%02x", status);
7379 cmd = pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev);
7386 mgmt_cmd_status(cmd->sk, hdev->id,
7387 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7388 mgmt_status(status));
7390 mgmt_cmd_complete(cmd->sk, hdev->id,
7391 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, 0,
7394 mgmt_pending_remove(cmd);
7397 hci_dev_unlock(hdev);
7400 static int remove_from_white_list(struct sock *sk, struct hci_dev *hdev,
7401 void *data, u16 len)
7403 struct mgmt_pending_cmd *cmd;
7404 struct mgmt_cp_remove_dev_from_white_list *cp = data;
7405 struct hci_request req;
7408 BT_DBG("%s", hdev->name);
7410 if (!lmp_le_capable(hdev))
7411 return mgmt_cmd_status(sk, hdev->id,
7412 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7413 MGMT_STATUS_NOT_SUPPORTED);
7415 if (!hdev_is_powered(hdev))
7416 return mgmt_cmd_status(sk, hdev->id,
7417 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7418 MGMT_STATUS_REJECTED);
7422 if (pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev)) {
7423 err = mgmt_cmd_status(sk, hdev->id,
7424 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7429 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7436 hci_req_init(&req, hdev);
7438 hci_req_add(&req, HCI_OP_LE_DEL_FROM_WHITE_LIST, sizeof(*cp), cp);
7440 err = hci_req_run(&req, remove_from_white_list_complete);
7442 mgmt_pending_remove(cmd);
7447 hci_dev_unlock(hdev);
7452 static void clear_white_list_complete(struct hci_dev *hdev, u8 status,
7455 struct mgmt_pending_cmd *cmd;
7457 BT_DBG("status 0x%02x", status);
7461 cmd = pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev);
7466 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
7467 mgmt_status(status));
7469 mgmt_cmd_complete(cmd->sk, hdev->id,
7470 MGMT_OP_CLEAR_DEV_WHITE_LIST,
7473 mgmt_pending_remove(cmd);
7476 hci_dev_unlock(hdev);
7479 static int clear_white_list(struct sock *sk, struct hci_dev *hdev,
7480 void *data, u16 len)
7482 struct mgmt_pending_cmd *cmd;
7483 struct hci_request req;
7486 BT_DBG("%s", hdev->name);
7488 if (!lmp_le_capable(hdev))
7489 return mgmt_cmd_status(sk, hdev->id,
7490 MGMT_OP_CLEAR_DEV_WHITE_LIST,
7491 MGMT_STATUS_NOT_SUPPORTED);
7493 if (!hdev_is_powered(hdev))
7494 return mgmt_cmd_status(sk, hdev->id,
7495 MGMT_OP_CLEAR_DEV_WHITE_LIST,
7496 MGMT_STATUS_REJECTED);
7500 if (pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev)) {
7501 err = mgmt_cmd_status(sk, hdev->id,
7502 MGMT_OP_CLEAR_DEV_WHITE_LIST,
7507 cmd = mgmt_pending_add(sk, MGMT_OP_CLEAR_DEV_WHITE_LIST,
7514 hci_req_init(&req, hdev);
7516 hci_req_add(&req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
7518 err = hci_req_run(&req, clear_white_list_complete);
7520 mgmt_pending_remove(cmd);
7525 hci_dev_unlock(hdev);
7530 static void set_scan_rsp_data_complete(struct hci_dev *hdev, u8 status,
7533 struct mgmt_cp_set_scan_rsp_data *cp;
7534 struct mgmt_pending_cmd *cmd;
7536 BT_DBG("status 0x%02x", status);
7540 cmd = pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev);
7547 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
7548 mgmt_status(status));
7550 mgmt_cmd_complete(cmd->sk, hdev->id,
7551 MGMT_OP_SET_SCAN_RSP_DATA, 0,
7554 mgmt_pending_remove(cmd);
7557 hci_dev_unlock(hdev);
7560 static int set_scan_rsp_data(struct sock *sk, struct hci_dev *hdev, void *data,
7563 struct mgmt_pending_cmd *cmd;
7564 struct hci_request req;
7565 struct mgmt_cp_set_scan_rsp_data *cp = data;
7566 struct hci_cp_le_set_scan_rsp_data rsp;
7569 BT_DBG("%s", hdev->name);
7571 if (!lmp_le_capable(hdev))
7572 return mgmt_cmd_status(sk, hdev->id,
7573 MGMT_OP_SET_SCAN_RSP_DATA,
7574 MGMT_STATUS_NOT_SUPPORTED);
7578 if (pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev)) {
7579 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
7584 if (len > HCI_MAX_AD_LENGTH) {
7585 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
7586 MGMT_STATUS_INVALID_PARAMS);
7590 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SCAN_RSP_DATA, hdev, data, len);
7596 hci_req_init(&req, hdev);
7598 memset(&rsp, 0, sizeof(rsp));
7599 memcpy(rsp.data, cp->data, len);
7602 hci_req_add(&req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(rsp), &rsp);
7604 err = hci_req_run(&req, set_scan_rsp_data_complete);
7606 mgmt_pending_remove(cmd);
7609 hci_dev_unlock(hdev);
7614 static void set_rssi_threshold_complete(struct hci_dev *hdev,
7615 u8 status, u16 opcode)
7617 struct mgmt_pending_cmd *cmd;
7619 BT_DBG("status 0x%02x", status);
7623 cmd = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7628 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7629 mgmt_status(status));
7631 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, 0,
7634 mgmt_pending_remove(cmd);
7637 hci_dev_unlock(hdev);
7640 static void set_rssi_disable_complete(struct hci_dev *hdev,
7641 u8 status, u16 opcode)
7643 struct mgmt_pending_cmd *cmd;
7645 BT_DBG("status 0x%02x", status);
7649 cmd = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
7654 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7655 mgmt_status(status));
7657 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7660 mgmt_pending_remove(cmd);
7663 hci_dev_unlock(hdev);
7666 int mgmt_set_rssi_threshold(struct sock *sk, struct hci_dev *hdev,
7667 void *data, u16 len)
7670 struct hci_cp_set_rssi_threshold th = { 0, };
7671 struct mgmt_cp_set_enable_rssi *cp = data;
7672 struct hci_conn *conn;
7673 struct mgmt_pending_cmd *cmd;
7674 struct hci_request req;
7679 cmd = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7681 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7682 MGMT_STATUS_FAILED);
7686 if (!lmp_le_capable(hdev)) {
7687 mgmt_pending_remove(cmd);
7688 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7689 MGMT_STATUS_NOT_SUPPORTED);
7693 if (!hdev_is_powered(hdev)) {
7694 BT_DBG("%s", hdev->name);
7695 mgmt_pending_remove(cmd);
7696 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7697 MGMT_STATUS_NOT_POWERED);
7701 if (cp->link_type == 0x01)
7702 dest_type = LE_LINK;
7704 dest_type = ACL_LINK;
7706 /* Get LE/ACL link handle info */
7707 conn = hci_conn_hash_lookup_ba(hdev,
7708 dest_type, &cp->bdaddr);
7711 err = mgmt_cmd_complete(sk, hdev->id,
7712 MGMT_OP_SET_RSSI_ENABLE, 1, NULL, 0);
7713 mgmt_pending_remove(cmd);
7717 hci_req_init(&req, hdev);
7719 th.hci_le_ext_opcode = 0x0B;
7721 th.conn_handle = conn->handle;
7722 th.alert_mask = 0x07;
7723 th.low_th = cp->low_th;
7724 th.in_range_th = cp->in_range_th;
7725 th.high_th = cp->high_th;
7727 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
7728 err = hci_req_run(&req, set_rssi_threshold_complete);
7731 mgmt_pending_remove(cmd);
7732 BT_ERR("Error in requesting hci_req_run");
7737 hci_dev_unlock(hdev);
7741 void mgmt_rssi_enable_success(struct sock *sk, struct hci_dev *hdev,
7742 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
7744 struct mgmt_cc_rsp_enable_rssi mgmt_rp = { 0, };
7745 struct mgmt_cp_set_enable_rssi *cp = data;
7746 struct mgmt_pending_cmd *cmd;
7751 mgmt_rp.status = rp->status;
7752 mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
7753 mgmt_rp.bt_address = cp->bdaddr;
7754 mgmt_rp.link_type = cp->link_type;
7756 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7757 MGMT_STATUS_SUCCESS, &mgmt_rp,
7758 sizeof(struct mgmt_cc_rsp_enable_rssi));
7760 mgmt_event(MGMT_EV_RSSI_ENABLED, hdev, &mgmt_rp,
7761 sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
7763 hci_conn_rssi_unset_all(hdev, mgmt_rp.link_type);
7764 hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
7765 &mgmt_rp.bt_address, true);
7769 cmd = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7771 mgmt_pending_remove(cmd);
7773 hci_dev_unlock(hdev);
7776 void mgmt_rssi_disable_success(struct sock *sk, struct hci_dev *hdev,
7777 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
7779 struct mgmt_cc_rp_disable_rssi mgmt_rp = { 0, };
7780 struct mgmt_cp_disable_rssi *cp = data;
7781 struct mgmt_pending_cmd *cmd;
7786 mgmt_rp.status = rp->status;
7787 mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
7788 mgmt_rp.bt_address = cp->bdaddr;
7789 mgmt_rp.link_type = cp->link_type;
7791 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7792 MGMT_STATUS_SUCCESS, &mgmt_rp,
7793 sizeof(struct mgmt_cc_rsp_enable_rssi));
7795 mgmt_event(MGMT_EV_RSSI_DISABLED, hdev, &mgmt_rp,
7796 sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
7798 hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
7799 &mgmt_rp.bt_address, false);
7803 cmd = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
7805 mgmt_pending_remove(cmd);
7807 hci_dev_unlock(hdev);
7810 static int mgmt_set_disable_rssi(struct sock *sk, struct hci_dev *hdev,
7811 void *data, u16 len)
7813 struct mgmt_pending_cmd *cmd;
7814 struct hci_request req;
7815 struct hci_cp_set_enable_rssi cp_en = { 0, };
7818 BT_DBG("Set Disable RSSI.");
7820 cp_en.hci_le_ext_opcode = 0x01;
7821 cp_en.le_enable_cs_Features = 0x00;
7822 cp_en.data[0] = 0x00;
7823 cp_en.data[1] = 0x00;
7824 cp_en.data[2] = 0x00;
7828 cmd = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
7830 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7831 MGMT_STATUS_FAILED);
7835 if (!lmp_le_capable(hdev)) {
7836 mgmt_pending_remove(cmd);
7837 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7838 MGMT_STATUS_NOT_SUPPORTED);
7842 if (!hdev_is_powered(hdev)) {
7843 BT_DBG("%s", hdev->name);
7844 mgmt_pending_remove(cmd);
7845 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7846 MGMT_STATUS_NOT_POWERED);
7850 hci_req_init(&req, hdev);
7852 BT_DBG("Enable Len: %zu [%2.2X %2.2X %2.2X %2.2X %2.2X]",
7853 sizeof(struct hci_cp_set_enable_rssi),
7854 cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
7855 cp_en.data[0], cp_en.data[1], cp_en.data[2]);
7857 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
7858 err = hci_req_run(&req, set_rssi_disable_complete);
7861 mgmt_pending_remove(cmd);
7862 BT_ERR("Error in requesting hci_req_run");
7867 hci_dev_unlock(hdev);
7871 void mgmt_enable_rssi_cc(struct hci_dev *hdev, void *response, u8 status)
7873 struct hci_cc_rsp_enable_rssi *rp = response;
7874 struct mgmt_pending_cmd *cmd_enable = NULL;
7875 struct mgmt_pending_cmd *cmd_disable = NULL;
7876 struct mgmt_cp_set_enable_rssi *cp_en;
7877 struct mgmt_cp_disable_rssi *cp_dis;
7880 cmd_enable = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7881 cmd_disable = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
7882 hci_dev_unlock(hdev);
7885 BT_DBG("Enable Request");
7888 BT_DBG("Disable Request");
7891 cp_en = cmd_enable->param;
7896 switch (rp->le_ext_opcode) {
7898 BT_DBG("RSSI enabled.. Setting Threshold...");
7899 mgmt_set_rssi_threshold(cmd_enable->sk, hdev,
7900 cp_en, sizeof(*cp_en));
7904 BT_DBG("Sending RSSI enable success");
7905 mgmt_rssi_enable_success(cmd_enable->sk, hdev,
7906 cp_en, rp, rp->status);
7910 } else if (cmd_disable) {
7911 cp_dis = cmd_disable->param;
7916 switch (rp->le_ext_opcode) {
7918 BT_DBG("Sending RSSI disable success");
7919 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
7920 cp_dis, rp, rp->status);
7925 * Only unset RSSI Threshold values for the Link if
7926 * RSSI is monitored for other BREDR or LE Links
7928 if (hci_conn_hash_lookup_rssi_count(hdev) > 1) {
7929 BT_DBG("Unset Threshold. Other links being monitored");
7930 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
7931 cp_dis, rp, rp->status);
7933 BT_DBG("Unset Threshold. Disabling...");
7934 mgmt_set_disable_rssi(cmd_disable->sk, hdev,
7935 cp_dis, sizeof(*cp_dis));
7942 static void set_rssi_enable_complete(struct hci_dev *hdev, u8 status,
7945 struct mgmt_pending_cmd *cmd;
7947 BT_DBG("status 0x%02x", status);
7951 cmd = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7956 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7957 mgmt_status(status));
7959 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, 0,
7962 mgmt_pending_remove(cmd);
7965 hci_dev_unlock(hdev);
7968 static int set_enable_rssi(struct sock *sk, struct hci_dev *hdev,
7969 void *data, u16 len)
7971 struct mgmt_pending_cmd *cmd;
7972 struct hci_request req;
7973 struct mgmt_cp_set_enable_rssi *cp = data;
7974 struct hci_cp_set_enable_rssi cp_en = { 0, };
7977 BT_DBG("Set Enable RSSI.");
7979 cp_en.hci_le_ext_opcode = 0x01;
7980 cp_en.le_enable_cs_Features = 0x04;
7981 cp_en.data[0] = 0x00;
7982 cp_en.data[1] = 0x00;
7983 cp_en.data[2] = 0x00;
7987 if (!lmp_le_capable(hdev)) {
7988 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7989 MGMT_STATUS_NOT_SUPPORTED);
7993 if (!hdev_is_powered(hdev)) {
7994 BT_DBG("%s", hdev->name);
7995 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7996 MGMT_STATUS_NOT_POWERED);
8000 if (pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev)) {
8001 BT_DBG("%s", hdev->name);
8002 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
8007 cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_ENABLE, hdev, cp,
8010 BT_DBG("%s", hdev->name);
8015 /* If RSSI is already enabled directly set Threshold values */
8016 if (hci_conn_hash_lookup_rssi_count(hdev) > 0) {
8017 hci_dev_unlock(hdev);
8018 BT_DBG("RSSI Enabled. Directly set Threshold");
8019 err = mgmt_set_rssi_threshold(sk, hdev, cp, sizeof(*cp));
8023 hci_req_init(&req, hdev);
8025 BT_DBG("Enable Len: %zu [%2.2X %2.2X %2.2X %2.2X %2.2X]",
8026 sizeof(struct hci_cp_set_enable_rssi),
8027 cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
8028 cp_en.data[0], cp_en.data[1], cp_en.data[2]);
8030 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
8031 err = hci_req_run(&req, set_rssi_enable_complete);
8034 mgmt_pending_remove(cmd);
8035 BT_ERR("Error in requesting hci_req_run");
8040 hci_dev_unlock(hdev);
8045 static void get_raw_rssi_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8047 struct mgmt_pending_cmd *cmd;
8049 BT_DBG("status 0x%02x", status);
8053 cmd = pending_find(MGMT_OP_GET_RAW_RSSI, hdev);
8057 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8058 MGMT_STATUS_SUCCESS, &status, 1);
8060 mgmt_pending_remove(cmd);
8063 hci_dev_unlock(hdev);
8066 static int get_raw_rssi(struct sock *sk, struct hci_dev *hdev, void *data,
8069 struct mgmt_pending_cmd *cmd;
8070 struct hci_request req;
8071 struct mgmt_cp_get_raw_rssi *cp = data;
8072 struct hci_cp_get_raw_rssi hci_cp;
8074 struct hci_conn *conn;
8078 BT_DBG("Get Raw RSSI.");
8082 if (!lmp_le_capable(hdev)) {
8083 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8084 MGMT_STATUS_NOT_SUPPORTED);
8088 if (cp->link_type == 0x01)
8089 dest_type = LE_LINK;
8091 dest_type = ACL_LINK;
8093 /* Get LE/BREDR link handle info */
8094 conn = hci_conn_hash_lookup_ba(hdev,
8095 dest_type, &cp->bt_address);
8097 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8098 MGMT_STATUS_NOT_CONNECTED);
8101 hci_cp.conn_handle = conn->handle;
8103 if (!hdev_is_powered(hdev)) {
8104 BT_DBG("%s", hdev->name);
8105 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8106 MGMT_STATUS_NOT_POWERED);
8110 if (pending_find(MGMT_OP_GET_RAW_RSSI, hdev)) {
8111 BT_DBG("%s", hdev->name);
8112 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8117 cmd = mgmt_pending_add(sk, MGMT_OP_GET_RAW_RSSI, hdev, data, len);
8119 BT_DBG("%s", hdev->name);
8124 hci_req_init(&req, hdev);
8126 BT_DBG("Connection Handle [%d]", hci_cp.conn_handle);
8127 hci_req_add(&req, HCI_OP_GET_RAW_RSSI, sizeof(hci_cp), &hci_cp);
8128 err = hci_req_run(&req, get_raw_rssi_complete);
8131 mgmt_pending_remove(cmd);
8132 BT_ERR("Error in requesting hci_req_run");
8136 hci_dev_unlock(hdev);
8141 void mgmt_raw_rssi_response(struct hci_dev *hdev,
8142 struct hci_cc_rp_get_raw_rssi *rp, int success)
8144 struct mgmt_cc_rp_get_raw_rssi mgmt_rp = { 0, };
8145 struct hci_conn *conn;
8147 mgmt_rp.status = rp->status;
8148 mgmt_rp.rssi_dbm = rp->rssi_dbm;
8150 conn = hci_conn_hash_lookup_handle(hdev, rp->conn_handle);
8154 bacpy(&mgmt_rp.bt_address, &conn->dst);
8155 if (conn->type == LE_LINK)
8156 mgmt_rp.link_type = 0x01;
8158 mgmt_rp.link_type = 0x00;
8160 mgmt_event(MGMT_EV_RAW_RSSI, hdev, &mgmt_rp,
8161 sizeof(struct mgmt_cc_rp_get_raw_rssi), NULL);
8164 static void set_disable_threshold_complete(struct hci_dev *hdev,
8165 u8 status, u16 opcode)
8167 struct mgmt_pending_cmd *cmd;
8169 BT_DBG("status 0x%02x", status);
8173 cmd = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
8177 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
8178 MGMT_STATUS_SUCCESS, &status, 1);
8180 mgmt_pending_remove(cmd);
8183 hci_dev_unlock(hdev);
8186 /** Removes monitoring for a link*/
8187 static int set_disable_threshold(struct sock *sk, struct hci_dev *hdev,
8188 void *data, u16 len)
8191 struct hci_cp_set_rssi_threshold th = { 0, };
8192 struct mgmt_cp_disable_rssi *cp = data;
8193 struct hci_conn *conn;
8194 struct mgmt_pending_cmd *cmd;
8195 struct hci_request req;
8198 BT_DBG("Set Disable RSSI.");
8202 if (!lmp_le_capable(hdev)) {
8203 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
8204 MGMT_STATUS_NOT_SUPPORTED);
8208 /* Get LE/ACL link handle info*/
8209 if (cp->link_type == 0x01)
8210 dest_type = LE_LINK;
8212 dest_type = ACL_LINK;
8214 conn = hci_conn_hash_lookup_ba(hdev, dest_type, &cp->bdaddr);
8216 err = mgmt_cmd_complete(sk, hdev->id,
8217 MGMT_OP_SET_RSSI_DISABLE, 1, NULL, 0);
8221 th.hci_le_ext_opcode = 0x0B;
8223 th.conn_handle = conn->handle;
8224 th.alert_mask = 0x00;
8226 th.in_range_th = 0x00;
8229 if (!hdev_is_powered(hdev)) {
8230 BT_DBG("%s", hdev->name);
8231 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
8236 if (pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev)) {
8237 BT_DBG("%s", hdev->name);
8238 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
8243 cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_DISABLE, hdev, cp,
8246 BT_DBG("%s", hdev->name);
8251 hci_req_init(&req, hdev);
8253 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
8254 err = hci_req_run(&req, set_disable_threshold_complete);
8256 mgmt_pending_remove(cmd);
8257 BT_ERR("Error in requesting hci_req_run");
8262 hci_dev_unlock(hdev);
8267 void mgmt_rssi_alert_evt(struct hci_dev *hdev, struct sk_buff *skb)
8269 struct hci_ev_vendor_specific_rssi_alert *ev = (void *)skb->data;
8270 struct mgmt_ev_vendor_specific_rssi_alert mgmt_ev;
8271 struct hci_conn *conn;
8273 BT_DBG("RSSI alert [%2.2X %2.2X %2.2X]",
8274 ev->conn_handle, ev->alert_type, ev->rssi_dbm);
8276 conn = hci_conn_hash_lookup_handle(hdev, ev->conn_handle);
8279 BT_ERR("RSSI alert Error: Device not found for handle");
8282 bacpy(&mgmt_ev.bdaddr, &conn->dst);
8284 if (conn->type == LE_LINK)
8285 mgmt_ev.link_type = 0x01;
8287 mgmt_ev.link_type = 0x00;
8289 mgmt_ev.alert_type = ev->alert_type;
8290 mgmt_ev.rssi_dbm = ev->rssi_dbm;
8292 mgmt_event(MGMT_EV_RSSI_ALERT, hdev, &mgmt_ev,
8293 sizeof(struct mgmt_ev_vendor_specific_rssi_alert),
8296 #endif /* TIZEN_BT */
8298 static bool ltk_is_valid(struct mgmt_ltk_info *key)
8300 if (key->initiator != 0x00 && key->initiator != 0x01)
8303 switch (key->addr.type) {
8304 case BDADDR_LE_PUBLIC:
8307 case BDADDR_LE_RANDOM:
8308 /* Two most significant bits shall be set */
8309 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
8317 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
8318 void *cp_data, u16 len)
8320 struct mgmt_cp_load_long_term_keys *cp = cp_data;
8321 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
8322 sizeof(struct mgmt_ltk_info));
8323 u16 key_count, expected_len;
8326 bt_dev_dbg(hdev, "sock %p", sk);
8328 if (!lmp_le_capable(hdev))
8329 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
8330 MGMT_STATUS_NOT_SUPPORTED);
8332 key_count = __le16_to_cpu(cp->key_count);
8333 if (key_count > max_key_count) {
8334 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
8336 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
8337 MGMT_STATUS_INVALID_PARAMS);
8340 expected_len = struct_size(cp, keys, key_count);
8341 if (expected_len != len) {
8342 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
8344 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
8345 MGMT_STATUS_INVALID_PARAMS);
8348 bt_dev_dbg(hdev, "key_count %u", key_count);
8350 for (i = 0; i < key_count; i++) {
8351 struct mgmt_ltk_info *key = &cp->keys[i];
8353 if (!ltk_is_valid(key))
8354 return mgmt_cmd_status(sk, hdev->id,
8355 MGMT_OP_LOAD_LONG_TERM_KEYS,
8356 MGMT_STATUS_INVALID_PARAMS);
8361 hci_smp_ltks_clear(hdev);
8363 for (i = 0; i < key_count; i++) {
8364 struct mgmt_ltk_info *key = &cp->keys[i];
8365 u8 type, authenticated;
8367 if (hci_is_blocked_key(hdev,
8368 HCI_BLOCKED_KEY_TYPE_LTK,
8370 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
8375 switch (key->type) {
8376 case MGMT_LTK_UNAUTHENTICATED:
8377 authenticated = 0x00;
8378 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
8380 case MGMT_LTK_AUTHENTICATED:
8381 authenticated = 0x01;
8382 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
8384 case MGMT_LTK_P256_UNAUTH:
8385 authenticated = 0x00;
8386 type = SMP_LTK_P256;
8388 case MGMT_LTK_P256_AUTH:
8389 authenticated = 0x01;
8390 type = SMP_LTK_P256;
8392 case MGMT_LTK_P256_DEBUG:
8393 authenticated = 0x00;
8394 type = SMP_LTK_P256_DEBUG;
8400 hci_add_ltk(hdev, &key->addr.bdaddr,
8401 le_addr_type(key->addr.type), type, authenticated,
8402 key->val, key->enc_size, key->ediv, key->rand);
8405 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
8408 hci_dev_unlock(hdev);
8413 static void get_conn_info_complete(struct hci_dev *hdev, void *data, int err)
8415 struct mgmt_pending_cmd *cmd = data;
8416 struct hci_conn *conn = cmd->user_data;
8417 struct mgmt_cp_get_conn_info *cp = cmd->param;
8418 struct mgmt_rp_get_conn_info rp;
8421 bt_dev_dbg(hdev, "err %d", err);
8423 memcpy(&rp.addr, &cp->addr.bdaddr, sizeof(rp.addr));
8425 status = mgmt_status(err);
8426 if (status == MGMT_STATUS_SUCCESS) {
8427 rp.rssi = conn->rssi;
8428 rp.tx_power = conn->tx_power;
8429 rp.max_tx_power = conn->max_tx_power;
8431 rp.rssi = HCI_RSSI_INVALID;
8432 rp.tx_power = HCI_TX_POWER_INVALID;
8433 rp.max_tx_power = HCI_TX_POWER_INVALID;
8436 mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
8439 mgmt_pending_free(cmd);
8442 static int get_conn_info_sync(struct hci_dev *hdev, void *data)
8444 struct mgmt_pending_cmd *cmd = data;
8445 struct mgmt_cp_get_conn_info *cp = cmd->param;
8446 struct hci_conn *conn;
8450 /* Make sure we are still connected */
8451 if (cp->addr.type == BDADDR_BREDR)
8452 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8455 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
8457 if (!conn || conn->state != BT_CONNECTED)
8458 return MGMT_STATUS_NOT_CONNECTED;
8460 cmd->user_data = conn;
8461 handle = cpu_to_le16(conn->handle);
8463 /* Refresh RSSI each time */
8464 err = hci_read_rssi_sync(hdev, handle);
8466 /* For LE links TX power does not change thus we don't need to
8467 * query for it once value is known.
8469 if (!err && (!bdaddr_type_is_le(cp->addr.type) ||
8470 conn->tx_power == HCI_TX_POWER_INVALID))
8471 err = hci_read_tx_power_sync(hdev, handle, 0x00);
8473 /* Max TX power needs to be read only once per connection */
8474 if (!err && conn->max_tx_power == HCI_TX_POWER_INVALID)
8475 err = hci_read_tx_power_sync(hdev, handle, 0x01);
8480 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
8483 struct mgmt_cp_get_conn_info *cp = data;
8484 struct mgmt_rp_get_conn_info rp;
8485 struct hci_conn *conn;
8486 unsigned long conn_info_age;
8489 bt_dev_dbg(hdev, "sock %p", sk);
8491 memset(&rp, 0, sizeof(rp));
8492 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
8493 rp.addr.type = cp->addr.type;
8495 if (!bdaddr_type_is_valid(cp->addr.type))
8496 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
8497 MGMT_STATUS_INVALID_PARAMS,
8502 if (!hdev_is_powered(hdev)) {
8503 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
8504 MGMT_STATUS_NOT_POWERED, &rp,
8509 if (cp->addr.type == BDADDR_BREDR)
8510 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8513 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
8515 if (!conn || conn->state != BT_CONNECTED) {
8516 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
8517 MGMT_STATUS_NOT_CONNECTED, &rp,
8522 /* To avoid client trying to guess when to poll again for information we
8523 * calculate conn info age as random value between min/max set in hdev.
8525 conn_info_age = hdev->conn_info_min_age +
8526 prandom_u32_max(hdev->conn_info_max_age -
8527 hdev->conn_info_min_age);
8529 /* Query controller to refresh cached values if they are too old or were
8532 if (time_after(jiffies, conn->conn_info_timestamp +
8533 msecs_to_jiffies(conn_info_age)) ||
8534 !conn->conn_info_timestamp) {
8535 struct mgmt_pending_cmd *cmd;
8537 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CONN_INFO, hdev, data,
8542 err = hci_cmd_sync_queue(hdev, get_conn_info_sync,
8543 cmd, get_conn_info_complete);
8547 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
8548 MGMT_STATUS_FAILED, &rp, sizeof(rp));
8551 mgmt_pending_free(cmd);
8556 conn->conn_info_timestamp = jiffies;
8558 /* Cache is valid, just reply with values cached in hci_conn */
8559 rp.rssi = conn->rssi;
8560 rp.tx_power = conn->tx_power;
8561 rp.max_tx_power = conn->max_tx_power;
8563 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
8564 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8568 hci_dev_unlock(hdev);
8572 static void get_clock_info_complete(struct hci_dev *hdev, void *data, int err)
8574 struct mgmt_pending_cmd *cmd = data;
8575 struct mgmt_cp_get_clock_info *cp = cmd->param;
8576 struct mgmt_rp_get_clock_info rp;
8577 struct hci_conn *conn = cmd->user_data;
8578 u8 status = mgmt_status(err);
8580 bt_dev_dbg(hdev, "err %d", err);
8582 memset(&rp, 0, sizeof(rp));
8583 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
8584 rp.addr.type = cp->addr.type;
8589 rp.local_clock = cpu_to_le32(hdev->clock);
8592 rp.piconet_clock = cpu_to_le32(conn->clock);
8593 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
8597 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
8600 mgmt_pending_free(cmd);
8603 static int get_clock_info_sync(struct hci_dev *hdev, void *data)
8605 struct mgmt_pending_cmd *cmd = data;
8606 struct mgmt_cp_get_clock_info *cp = cmd->param;
8607 struct hci_cp_read_clock hci_cp;
8608 struct hci_conn *conn;
8610 memset(&hci_cp, 0, sizeof(hci_cp));
8611 hci_read_clock_sync(hdev, &hci_cp);
8613 /* Make sure connection still exists */
8614 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
8615 if (!conn || conn->state != BT_CONNECTED)
8616 return MGMT_STATUS_NOT_CONNECTED;
8618 cmd->user_data = conn;
8619 hci_cp.handle = cpu_to_le16(conn->handle);
8620 hci_cp.which = 0x01; /* Piconet clock */
8622 return hci_read_clock_sync(hdev, &hci_cp);
8625 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
8628 struct mgmt_cp_get_clock_info *cp = data;
8629 struct mgmt_rp_get_clock_info rp;
8630 struct mgmt_pending_cmd *cmd;
8631 struct hci_conn *conn;
8634 bt_dev_dbg(hdev, "sock %p", sk);
8636 memset(&rp, 0, sizeof(rp));
8637 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
8638 rp.addr.type = cp->addr.type;
8640 if (cp->addr.type != BDADDR_BREDR)
8641 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
8642 MGMT_STATUS_INVALID_PARAMS,
8647 if (!hdev_is_powered(hdev)) {
8648 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
8649 MGMT_STATUS_NOT_POWERED, &rp,
8654 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
8655 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8657 if (!conn || conn->state != BT_CONNECTED) {
8658 err = mgmt_cmd_complete(sk, hdev->id,
8659 MGMT_OP_GET_CLOCK_INFO,
8660 MGMT_STATUS_NOT_CONNECTED,
8668 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
8672 err = hci_cmd_sync_queue(hdev, get_clock_info_sync, cmd,
8673 get_clock_info_complete);
8676 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
8677 MGMT_STATUS_FAILED, &rp, sizeof(rp));
8680 mgmt_pending_free(cmd);
8685 hci_dev_unlock(hdev);
8689 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
8691 struct hci_conn *conn;
8693 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
8697 if (conn->dst_type != type)
8700 if (conn->state != BT_CONNECTED)
8706 /* This function requires the caller holds hdev->lock */
8707 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
8708 u8 addr_type, u8 auto_connect)
8710 struct hci_conn_params *params;
8712 params = hci_conn_params_add(hdev, addr, addr_type);
8716 if (params->auto_connect == auto_connect)
8719 list_del_init(¶ms->action);
8721 switch (auto_connect) {
8722 case HCI_AUTO_CONN_DISABLED:
8723 case HCI_AUTO_CONN_LINK_LOSS:
8724 /* If auto connect is being disabled when we're trying to
8725 * connect to device, keep connecting.
8727 if (params->explicit_connect)
8728 list_add(¶ms->action, &hdev->pend_le_conns);
8730 case HCI_AUTO_CONN_REPORT:
8731 if (params->explicit_connect)
8732 list_add(¶ms->action, &hdev->pend_le_conns);
8734 list_add(¶ms->action, &hdev->pend_le_reports);
8736 case HCI_AUTO_CONN_DIRECT:
8737 case HCI_AUTO_CONN_ALWAYS:
8738 if (!is_connected(hdev, addr, addr_type))
8739 list_add(¶ms->action, &hdev->pend_le_conns);
8743 params->auto_connect = auto_connect;
8745 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
8746 addr, addr_type, auto_connect);
8751 static void device_added(struct sock *sk, struct hci_dev *hdev,
8752 bdaddr_t *bdaddr, u8 type, u8 action)
8754 struct mgmt_ev_device_added ev;
8756 bacpy(&ev.addr.bdaddr, bdaddr);
8757 ev.addr.type = type;
8760 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
8763 static int add_device_sync(struct hci_dev *hdev, void *data)
8765 return hci_update_passive_scan_sync(hdev);
8768 static int add_device(struct sock *sk, struct hci_dev *hdev,
8769 void *data, u16 len)
8771 struct mgmt_cp_add_device *cp = data;
8772 u8 auto_conn, addr_type;
8773 struct hci_conn_params *params;
8775 u32 current_flags = 0;
8776 u32 supported_flags;
8778 bt_dev_dbg(hdev, "sock %p", sk);
8780 if (!bdaddr_type_is_valid(cp->addr.type) ||
8781 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
8782 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
8783 MGMT_STATUS_INVALID_PARAMS,
8784 &cp->addr, sizeof(cp->addr));
8786 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
8787 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
8788 MGMT_STATUS_INVALID_PARAMS,
8789 &cp->addr, sizeof(cp->addr));
8793 if (cp->addr.type == BDADDR_BREDR) {
8794 /* Only incoming connections action is supported for now */
8795 if (cp->action != 0x01) {
8796 err = mgmt_cmd_complete(sk, hdev->id,
8798 MGMT_STATUS_INVALID_PARAMS,
8799 &cp->addr, sizeof(cp->addr));
8803 err = hci_bdaddr_list_add_with_flags(&hdev->accept_list,
8809 hci_update_scan(hdev);
8814 addr_type = le_addr_type(cp->addr.type);
8816 if (cp->action == 0x02)
8817 auto_conn = HCI_AUTO_CONN_ALWAYS;
8818 else if (cp->action == 0x01)
8819 auto_conn = HCI_AUTO_CONN_DIRECT;
8821 auto_conn = HCI_AUTO_CONN_REPORT;
8823 /* Kernel internally uses conn_params with resolvable private
8824 * address, but Add Device allows only identity addresses.
8825 * Make sure it is enforced before calling
8826 * hci_conn_params_lookup.
8828 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
8829 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
8830 MGMT_STATUS_INVALID_PARAMS,
8831 &cp->addr, sizeof(cp->addr));
8835 /* If the connection parameters don't exist for this device,
8836 * they will be created and configured with defaults.
8838 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
8840 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
8841 MGMT_STATUS_FAILED, &cp->addr,
8845 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
8848 current_flags = params->flags;
8851 err = hci_cmd_sync_queue(hdev, add_device_sync, NULL, NULL);
8856 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
8857 supported_flags = hdev->conn_flags;
8858 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type,
8859 supported_flags, current_flags);
8861 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
8862 MGMT_STATUS_SUCCESS, &cp->addr,
8866 hci_dev_unlock(hdev);
8870 static void device_removed(struct sock *sk, struct hci_dev *hdev,
8871 bdaddr_t *bdaddr, u8 type)
8873 struct mgmt_ev_device_removed ev;
8875 bacpy(&ev.addr.bdaddr, bdaddr);
8876 ev.addr.type = type;
8878 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
8881 static int remove_device_sync(struct hci_dev *hdev, void *data)
8883 return hci_update_passive_scan_sync(hdev);
8886 static int remove_device(struct sock *sk, struct hci_dev *hdev,
8887 void *data, u16 len)
8889 struct mgmt_cp_remove_device *cp = data;
8892 bt_dev_dbg(hdev, "sock %p", sk);
8896 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
8897 struct hci_conn_params *params;
8900 if (!bdaddr_type_is_valid(cp->addr.type)) {
8901 err = mgmt_cmd_complete(sk, hdev->id,
8902 MGMT_OP_REMOVE_DEVICE,
8903 MGMT_STATUS_INVALID_PARAMS,
8904 &cp->addr, sizeof(cp->addr));
8908 if (cp->addr.type == BDADDR_BREDR) {
8909 err = hci_bdaddr_list_del(&hdev->accept_list,
8913 err = mgmt_cmd_complete(sk, hdev->id,
8914 MGMT_OP_REMOVE_DEVICE,
8915 MGMT_STATUS_INVALID_PARAMS,
8921 hci_update_scan(hdev);
8923 device_removed(sk, hdev, &cp->addr.bdaddr,
8928 addr_type = le_addr_type(cp->addr.type);
8930 /* Kernel internally uses conn_params with resolvable private
8931 * address, but Remove Device allows only identity addresses.
8932 * Make sure it is enforced before calling
8933 * hci_conn_params_lookup.
8935 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
8936 err = mgmt_cmd_complete(sk, hdev->id,
8937 MGMT_OP_REMOVE_DEVICE,
8938 MGMT_STATUS_INVALID_PARAMS,
8939 &cp->addr, sizeof(cp->addr));
8943 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
8946 err = mgmt_cmd_complete(sk, hdev->id,
8947 MGMT_OP_REMOVE_DEVICE,
8948 MGMT_STATUS_INVALID_PARAMS,
8949 &cp->addr, sizeof(cp->addr));
8953 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
8954 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
8955 err = mgmt_cmd_complete(sk, hdev->id,
8956 MGMT_OP_REMOVE_DEVICE,
8957 MGMT_STATUS_INVALID_PARAMS,
8958 &cp->addr, sizeof(cp->addr));
8962 list_del(¶ms->action);
8963 list_del(¶ms->list);
8966 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
8968 struct hci_conn_params *p, *tmp;
8969 struct bdaddr_list *b, *btmp;
8971 if (cp->addr.type) {
8972 err = mgmt_cmd_complete(sk, hdev->id,
8973 MGMT_OP_REMOVE_DEVICE,
8974 MGMT_STATUS_INVALID_PARAMS,
8975 &cp->addr, sizeof(cp->addr));
8979 list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) {
8980 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
8985 hci_update_scan(hdev);
8987 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
8988 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
8990 device_removed(sk, hdev, &p->addr, p->addr_type);
8991 if (p->explicit_connect) {
8992 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
8995 list_del(&p->action);
9000 bt_dev_dbg(hdev, "All LE connection parameters were removed");
9003 hci_cmd_sync_queue(hdev, remove_device_sync, NULL, NULL);
9006 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
9007 MGMT_STATUS_SUCCESS, &cp->addr,
9010 hci_dev_unlock(hdev);
9014 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
9017 struct mgmt_cp_load_conn_param *cp = data;
9018 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
9019 sizeof(struct mgmt_conn_param));
9020 u16 param_count, expected_len;
9023 if (!lmp_le_capable(hdev))
9024 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
9025 MGMT_STATUS_NOT_SUPPORTED);
9027 param_count = __le16_to_cpu(cp->param_count);
9028 if (param_count > max_param_count) {
9029 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
9031 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
9032 MGMT_STATUS_INVALID_PARAMS);
9035 expected_len = struct_size(cp, params, param_count);
9036 if (expected_len != len) {
9037 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
9039 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
9040 MGMT_STATUS_INVALID_PARAMS);
9043 bt_dev_dbg(hdev, "param_count %u", param_count);
9047 hci_conn_params_clear_disabled(hdev);
9049 for (i = 0; i < param_count; i++) {
9050 struct mgmt_conn_param *param = &cp->params[i];
9051 struct hci_conn_params *hci_param;
9052 u16 min, max, latency, timeout;
9055 bt_dev_dbg(hdev, "Adding %pMR (type %u)", ¶m->addr.bdaddr,
9058 if (param->addr.type == BDADDR_LE_PUBLIC) {
9059 addr_type = ADDR_LE_DEV_PUBLIC;
9060 } else if (param->addr.type == BDADDR_LE_RANDOM) {
9061 addr_type = ADDR_LE_DEV_RANDOM;
9063 bt_dev_err(hdev, "ignoring invalid connection parameters");
9067 min = le16_to_cpu(param->min_interval);
9068 max = le16_to_cpu(param->max_interval);
9069 latency = le16_to_cpu(param->latency);
9070 timeout = le16_to_cpu(param->timeout);
9072 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
9073 min, max, latency, timeout);
9075 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
9076 bt_dev_err(hdev, "ignoring invalid connection parameters");
9080 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
9083 bt_dev_err(hdev, "failed to add connection parameters");
9087 hci_param->conn_min_interval = min;
9088 hci_param->conn_max_interval = max;
9089 hci_param->conn_latency = latency;
9090 hci_param->supervision_timeout = timeout;
9093 hci_dev_unlock(hdev);
9095 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
9099 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
9100 void *data, u16 len)
9102 struct mgmt_cp_set_external_config *cp = data;
9106 bt_dev_dbg(hdev, "sock %p", sk);
9108 if (hdev_is_powered(hdev))
9109 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
9110 MGMT_STATUS_REJECTED);
9112 if (cp->config != 0x00 && cp->config != 0x01)
9113 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
9114 MGMT_STATUS_INVALID_PARAMS);
9116 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
9117 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
9118 MGMT_STATUS_NOT_SUPPORTED);
9123 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
9125 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
9127 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
9134 err = new_options(hdev, sk);
9136 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
9137 mgmt_index_removed(hdev);
9139 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
9140 hci_dev_set_flag(hdev, HCI_CONFIG);
9141 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9143 queue_work(hdev->req_workqueue, &hdev->power_on);
9145 set_bit(HCI_RAW, &hdev->flags);
9146 mgmt_index_added(hdev);
9151 hci_dev_unlock(hdev);
9155 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
9156 void *data, u16 len)
9158 struct mgmt_cp_set_public_address *cp = data;
9162 bt_dev_dbg(hdev, "sock %p", sk);
9164 if (hdev_is_powered(hdev))
9165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
9166 MGMT_STATUS_REJECTED);
9168 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
9169 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
9170 MGMT_STATUS_INVALID_PARAMS);
9172 if (!hdev->set_bdaddr)
9173 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
9174 MGMT_STATUS_NOT_SUPPORTED);
9178 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
9179 bacpy(&hdev->public_addr, &cp->bdaddr);
9181 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
9188 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9189 err = new_options(hdev, sk);
9191 if (is_configured(hdev)) {
9192 mgmt_index_removed(hdev);
9194 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9196 hci_dev_set_flag(hdev, HCI_CONFIG);
9197 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9199 queue_work(hdev->req_workqueue, &hdev->power_on);
9203 hci_dev_unlock(hdev);
9208 int mgmt_device_name_update(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name,
9212 struct mgmt_ev_device_name_update *ev = (void *)buf;
9218 bacpy(&ev->addr.bdaddr, bdaddr);
9219 ev->addr.type = BDADDR_BREDR;
9221 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
9224 ev->eir_len = cpu_to_le16(eir_len);
9226 return mgmt_event(MGMT_EV_DEVICE_NAME_UPDATE, hdev, buf,
9227 sizeof(*ev) + eir_len, NULL);
9231 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, void *data,
9234 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
9235 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
9236 u8 *h192, *r192, *h256, *r256;
9237 struct mgmt_pending_cmd *cmd = data;
9238 struct sk_buff *skb = cmd->skb;
9239 u8 status = mgmt_status(err);
9242 if (cmd != pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev))
9247 status = MGMT_STATUS_FAILED;
9248 else if (IS_ERR(skb))
9249 status = mgmt_status(PTR_ERR(skb));
9251 status = mgmt_status(skb->data[0]);
9254 bt_dev_dbg(hdev, "status %u", status);
9256 mgmt_cp = cmd->param;
9259 status = mgmt_status(status);
9266 } else if (!bredr_sc_enabled(hdev)) {
9267 struct hci_rp_read_local_oob_data *rp;
9269 if (skb->len != sizeof(*rp)) {
9270 status = MGMT_STATUS_FAILED;
9273 status = MGMT_STATUS_SUCCESS;
9274 rp = (void *)skb->data;
9276 eir_len = 5 + 18 + 18;
9283 struct hci_rp_read_local_oob_ext_data *rp;
9285 if (skb->len != sizeof(*rp)) {
9286 status = MGMT_STATUS_FAILED;
9289 status = MGMT_STATUS_SUCCESS;
9290 rp = (void *)skb->data;
9292 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
9293 eir_len = 5 + 18 + 18;
9297 eir_len = 5 + 18 + 18 + 18 + 18;
9307 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
9314 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
9315 hdev->dev_class, 3);
9318 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
9319 EIR_SSP_HASH_C192, h192, 16);
9320 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
9321 EIR_SSP_RAND_R192, r192, 16);
9325 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
9326 EIR_SSP_HASH_C256, h256, 16);
9327 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
9328 EIR_SSP_RAND_R256, r256, 16);
9332 mgmt_rp->type = mgmt_cp->type;
9333 mgmt_rp->eir_len = cpu_to_le16(eir_len);
9335 err = mgmt_cmd_complete(cmd->sk, hdev->id,
9336 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
9337 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
9338 if (err < 0 || status)
9341 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
9343 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
9344 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
9345 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
9347 if (skb && !IS_ERR(skb))
9351 mgmt_pending_remove(cmd);
9354 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
9355 struct mgmt_cp_read_local_oob_ext_data *cp)
9357 struct mgmt_pending_cmd *cmd;
9360 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
9365 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
9366 read_local_oob_ext_data_complete);
9369 mgmt_pending_remove(cmd);
9376 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
9377 void *data, u16 data_len)
9379 struct mgmt_cp_read_local_oob_ext_data *cp = data;
9380 struct mgmt_rp_read_local_oob_ext_data *rp;
9383 u8 status, flags, role, addr[7], hash[16], rand[16];
9386 bt_dev_dbg(hdev, "sock %p", sk);
9388 if (hdev_is_powered(hdev)) {
9390 case BIT(BDADDR_BREDR):
9391 status = mgmt_bredr_support(hdev);
9397 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
9398 status = mgmt_le_support(hdev);
9402 eir_len = 9 + 3 + 18 + 18 + 3;
9405 status = MGMT_STATUS_INVALID_PARAMS;
9410 status = MGMT_STATUS_NOT_POWERED;
9414 rp_len = sizeof(*rp) + eir_len;
9415 rp = kmalloc(rp_len, GFP_ATOMIC);
9419 if (!status && !lmp_ssp_capable(hdev)) {
9420 status = MGMT_STATUS_NOT_SUPPORTED;
9431 case BIT(BDADDR_BREDR):
9432 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
9433 err = read_local_ssp_oob_req(hdev, sk, cp);
9434 hci_dev_unlock(hdev);
9438 status = MGMT_STATUS_FAILED;
9441 eir_len = eir_append_data(rp->eir, eir_len,
9443 hdev->dev_class, 3);
9446 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
9447 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
9448 smp_generate_oob(hdev, hash, rand) < 0) {
9449 hci_dev_unlock(hdev);
9450 status = MGMT_STATUS_FAILED;
9454 /* This should return the active RPA, but since the RPA
9455 * is only programmed on demand, it is really hard to fill
9456 * this in at the moment. For now disallow retrieving
9457 * local out-of-band data when privacy is in use.
9459 * Returning the identity address will not help here since
9460 * pairing happens before the identity resolving key is
9461 * known and thus the connection establishment happens
9462 * based on the RPA and not the identity address.
9464 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
9465 hci_dev_unlock(hdev);
9466 status = MGMT_STATUS_REJECTED;
9470 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
9471 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
9472 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
9473 bacmp(&hdev->static_addr, BDADDR_ANY))) {
9474 memcpy(addr, &hdev->static_addr, 6);
9477 memcpy(addr, &hdev->bdaddr, 6);
9481 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
9482 addr, sizeof(addr));
9484 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
9489 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
9490 &role, sizeof(role));
9492 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
9493 eir_len = eir_append_data(rp->eir, eir_len,
9495 hash, sizeof(hash));
9497 eir_len = eir_append_data(rp->eir, eir_len,
9499 rand, sizeof(rand));
9502 flags = mgmt_get_adv_discov_flags(hdev);
9504 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9505 flags |= LE_AD_NO_BREDR;
9507 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
9508 &flags, sizeof(flags));
9512 hci_dev_unlock(hdev);
9514 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
9516 status = MGMT_STATUS_SUCCESS;
9519 rp->type = cp->type;
9520 rp->eir_len = cpu_to_le16(eir_len);
9522 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
9523 status, rp, sizeof(*rp) + eir_len);
9524 if (err < 0 || status)
9527 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
9528 rp, sizeof(*rp) + eir_len,
9529 HCI_MGMT_OOB_DATA_EVENTS, sk);
9537 static u32 get_supported_adv_flags(struct hci_dev *hdev)
9541 flags |= MGMT_ADV_FLAG_CONNECTABLE;
9542 flags |= MGMT_ADV_FLAG_DISCOV;
9543 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
9544 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
9545 flags |= MGMT_ADV_FLAG_APPEARANCE;
9546 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
9547 flags |= MGMT_ADV_PARAM_DURATION;
9548 flags |= MGMT_ADV_PARAM_TIMEOUT;
9549 flags |= MGMT_ADV_PARAM_INTERVALS;
9550 flags |= MGMT_ADV_PARAM_TX_POWER;
9551 flags |= MGMT_ADV_PARAM_SCAN_RSP;
9553 /* In extended adv TX_POWER returned from Set Adv Param
9554 * will be always valid.
9556 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID || ext_adv_capable(hdev))
9557 flags |= MGMT_ADV_FLAG_TX_POWER;
9559 if (ext_adv_capable(hdev)) {
9560 flags |= MGMT_ADV_FLAG_SEC_1M;
9561 flags |= MGMT_ADV_FLAG_HW_OFFLOAD;
9562 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER;
9564 if (hdev->le_features[1] & HCI_LE_PHY_2M)
9565 flags |= MGMT_ADV_FLAG_SEC_2M;
9567 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
9568 flags |= MGMT_ADV_FLAG_SEC_CODED;
9574 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
9575 void *data, u16 data_len)
9577 struct mgmt_rp_read_adv_features *rp;
9580 struct adv_info *adv_instance;
9581 u32 supported_flags;
9584 bt_dev_dbg(hdev, "sock %p", sk);
9586 if (!lmp_le_capable(hdev))
9587 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
9588 MGMT_STATUS_REJECTED);
9592 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
9593 rp = kmalloc(rp_len, GFP_ATOMIC);
9595 hci_dev_unlock(hdev);
9599 supported_flags = get_supported_adv_flags(hdev);
9601 rp->supported_flags = cpu_to_le32(supported_flags);
9602 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
9603 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
9604 rp->max_instances = hdev->le_num_of_adv_sets;
9605 rp->num_instances = hdev->adv_instance_cnt;
9607 instance = rp->instance;
9608 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
9609 /* Only instances 1-le_num_of_adv_sets are externally visible */
9610 if (adv_instance->instance <= hdev->adv_instance_cnt) {
9611 *instance = adv_instance->instance;
9614 rp->num_instances--;
9619 hci_dev_unlock(hdev);
9621 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
9622 MGMT_STATUS_SUCCESS, rp, rp_len);
9629 static u8 calculate_name_len(struct hci_dev *hdev)
9631 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
9633 return eir_append_local_name(hdev, buf, 0);
9636 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
9639 u8 max_len = HCI_MAX_AD_LENGTH;
9642 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
9643 MGMT_ADV_FLAG_LIMITED_DISCOV |
9644 MGMT_ADV_FLAG_MANAGED_FLAGS))
9647 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
9650 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
9651 max_len -= calculate_name_len(hdev);
9653 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
9660 static bool flags_managed(u32 adv_flags)
9662 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
9663 MGMT_ADV_FLAG_LIMITED_DISCOV |
9664 MGMT_ADV_FLAG_MANAGED_FLAGS);
9667 static bool tx_power_managed(u32 adv_flags)
9669 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
9672 static bool name_managed(u32 adv_flags)
9674 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
9677 static bool appearance_managed(u32 adv_flags)
9679 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
9682 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
9683 u8 len, bool is_adv_data)
9688 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
9693 /* Make sure that the data is correctly formatted. */
9694 for (i = 0; i < len; i += (cur_len + 1)) {
9700 if (data[i + 1] == EIR_FLAGS &&
9701 (!is_adv_data || flags_managed(adv_flags)))
9704 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
9707 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
9710 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
9713 if (data[i + 1] == EIR_APPEARANCE &&
9714 appearance_managed(adv_flags))
9717 /* If the current field length would exceed the total data
9718 * length, then it's invalid.
9720 if (i + cur_len >= len)
9727 static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags)
9729 u32 supported_flags, phy_flags;
9731 /* The current implementation only supports a subset of the specified
9732 * flags. Also need to check mutual exclusiveness of sec flags.
9734 supported_flags = get_supported_adv_flags(hdev);
9735 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK;
9736 if (adv_flags & ~supported_flags ||
9737 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
9743 static bool adv_busy(struct hci_dev *hdev)
9745 return pending_find(MGMT_OP_SET_LE, hdev);
9748 static void add_adv_complete(struct hci_dev *hdev, struct sock *sk, u8 instance,
9751 struct adv_info *adv, *n;
9753 bt_dev_dbg(hdev, "err %d", err);
9757 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) {
9764 adv->pending = false;
9768 instance = adv->instance;
9770 if (hdev->cur_adv_instance == instance)
9771 cancel_adv_timeout(hdev);
9773 hci_remove_adv_instance(hdev, instance);
9774 mgmt_advertising_removed(sk, hdev, instance);
9777 hci_dev_unlock(hdev);
9780 static void add_advertising_complete(struct hci_dev *hdev, void *data, int err)
9782 struct mgmt_pending_cmd *cmd = data;
9783 struct mgmt_cp_add_advertising *cp = cmd->param;
9784 struct mgmt_rp_add_advertising rp;
9786 memset(&rp, 0, sizeof(rp));
9788 rp.instance = cp->instance;
9791 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
9794 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
9795 mgmt_status(err), &rp, sizeof(rp));
9797 add_adv_complete(hdev, cmd->sk, cp->instance, err);
9799 mgmt_pending_free(cmd);
9802 static int add_advertising_sync(struct hci_dev *hdev, void *data)
9804 struct mgmt_pending_cmd *cmd = data;
9805 struct mgmt_cp_add_advertising *cp = cmd->param;
9807 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
9810 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
9811 void *data, u16 data_len)
9813 struct mgmt_cp_add_advertising *cp = data;
9814 struct mgmt_rp_add_advertising rp;
9817 u16 timeout, duration;
9818 unsigned int prev_instance_cnt;
9819 u8 schedule_instance = 0;
9820 struct adv_info *adv, *next_instance;
9822 struct mgmt_pending_cmd *cmd;
9824 bt_dev_dbg(hdev, "sock %p", sk);
9826 status = mgmt_le_support(hdev);
9828 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
9831 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
9832 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
9833 MGMT_STATUS_INVALID_PARAMS);
9835 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
9836 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
9837 MGMT_STATUS_INVALID_PARAMS);
9839 flags = __le32_to_cpu(cp->flags);
9840 timeout = __le16_to_cpu(cp->timeout);
9841 duration = __le16_to_cpu(cp->duration);
9843 if (!requested_adv_flags_are_valid(hdev, flags))
9844 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
9845 MGMT_STATUS_INVALID_PARAMS);
9849 if (timeout && !hdev_is_powered(hdev)) {
9850 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
9851 MGMT_STATUS_REJECTED);
9855 if (adv_busy(hdev)) {
9856 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
9861 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
9862 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
9863 cp->scan_rsp_len, false)) {
9864 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
9865 MGMT_STATUS_INVALID_PARAMS);
9869 prev_instance_cnt = hdev->adv_instance_cnt;
9871 adv = hci_add_adv_instance(hdev, cp->instance, flags,
9872 cp->adv_data_len, cp->data,
9874 cp->data + cp->adv_data_len,
9876 HCI_ADV_TX_POWER_NO_PREFERENCE,
9877 hdev->le_adv_min_interval,
9878 hdev->le_adv_max_interval, 0);
9880 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
9881 MGMT_STATUS_FAILED);
9885 /* Only trigger an advertising added event if a new instance was
9888 if (hdev->adv_instance_cnt > prev_instance_cnt)
9889 mgmt_advertising_added(sk, hdev, cp->instance);
9891 if (hdev->cur_adv_instance == cp->instance) {
9892 /* If the currently advertised instance is being changed then
9893 * cancel the current advertising and schedule the next
9894 * instance. If there is only one instance then the overridden
9895 * advertising data will be visible right away.
9897 cancel_adv_timeout(hdev);
9899 next_instance = hci_get_next_instance(hdev, cp->instance);
9901 schedule_instance = next_instance->instance;
9902 } else if (!hdev->adv_instance_timeout) {
9903 /* Immediately advertise the new instance if no other
9904 * instance is currently being advertised.
9906 schedule_instance = cp->instance;
9909 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
9910 * there is no instance to be advertised then we have no HCI
9911 * communication to make. Simply return.
9913 if (!hdev_is_powered(hdev) ||
9914 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
9915 !schedule_instance) {
9916 rp.instance = cp->instance;
9917 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
9918 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
9922 /* We're good to go, update advertising data, parameters, and start
9925 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
9932 cp->instance = schedule_instance;
9934 err = hci_cmd_sync_queue(hdev, add_advertising_sync, cmd,
9935 add_advertising_complete);
9937 mgmt_pending_free(cmd);
9940 hci_dev_unlock(hdev);
9945 static void add_ext_adv_params_complete(struct hci_dev *hdev, void *data,
9948 struct mgmt_pending_cmd *cmd = data;
9949 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
9950 struct mgmt_rp_add_ext_adv_params rp;
9951 struct adv_info *adv;
9954 BT_DBG("%s", hdev->name);
9958 adv = hci_find_adv_instance(hdev, cp->instance);
9962 rp.instance = cp->instance;
9963 rp.tx_power = adv->tx_power;
9965 /* While we're at it, inform userspace of the available space for this
9966 * advertisement, given the flags that will be used.
9968 flags = __le32_to_cpu(cp->flags);
9969 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
9970 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
9973 /* If this advertisement was previously advertising and we
9974 * failed to update it, we signal that it has been removed and
9975 * delete its structure
9978 mgmt_advertising_removed(cmd->sk, hdev, cp->instance);
9980 hci_remove_adv_instance(hdev, cp->instance);
9982 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
9985 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
9986 mgmt_status(err), &rp, sizeof(rp));
9991 mgmt_pending_free(cmd);
9993 hci_dev_unlock(hdev);
9996 static int add_ext_adv_params_sync(struct hci_dev *hdev, void *data)
9998 struct mgmt_pending_cmd *cmd = data;
9999 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
10001 return hci_setup_ext_adv_instance_sync(hdev, cp->instance);
10004 static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev,
10005 void *data, u16 data_len)
10007 struct mgmt_cp_add_ext_adv_params *cp = data;
10008 struct mgmt_rp_add_ext_adv_params rp;
10009 struct mgmt_pending_cmd *cmd = NULL;
10010 struct adv_info *adv;
10011 u32 flags, min_interval, max_interval;
10012 u16 timeout, duration;
10017 BT_DBG("%s", hdev->name);
10019 status = mgmt_le_support(hdev);
10021 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10024 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
10025 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10026 MGMT_STATUS_INVALID_PARAMS);
10028 /* The purpose of breaking add_advertising into two separate MGMT calls
10029 * for params and data is to allow more parameters to be added to this
10030 * structure in the future. For this reason, we verify that we have the
10031 * bare minimum structure we know of when the interface was defined. Any
10032 * extra parameters we don't know about will be ignored in this request.
10034 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE)
10035 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10036 MGMT_STATUS_INVALID_PARAMS);
10038 flags = __le32_to_cpu(cp->flags);
10040 if (!requested_adv_flags_are_valid(hdev, flags))
10041 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10042 MGMT_STATUS_INVALID_PARAMS);
10044 hci_dev_lock(hdev);
10046 /* In new interface, we require that we are powered to register */
10047 if (!hdev_is_powered(hdev)) {
10048 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10049 MGMT_STATUS_REJECTED);
10053 if (adv_busy(hdev)) {
10054 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10059 /* Parse defined parameters from request, use defaults otherwise */
10060 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ?
10061 __le16_to_cpu(cp->timeout) : 0;
10063 duration = (flags & MGMT_ADV_PARAM_DURATION) ?
10064 __le16_to_cpu(cp->duration) :
10065 hdev->def_multi_adv_rotation_duration;
10067 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
10068 __le32_to_cpu(cp->min_interval) :
10069 hdev->le_adv_min_interval;
10071 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
10072 __le32_to_cpu(cp->max_interval) :
10073 hdev->le_adv_max_interval;
10075 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ?
10077 HCI_ADV_TX_POWER_NO_PREFERENCE;
10079 /* Create advertising instance with no advertising or response data */
10080 adv = hci_add_adv_instance(hdev, cp->instance, flags, 0, NULL, 0, NULL,
10081 timeout, duration, tx_power, min_interval,
10085 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10086 MGMT_STATUS_FAILED);
10090 /* Submit request for advertising params if ext adv available */
10091 if (ext_adv_capable(hdev)) {
10092 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_PARAMS, hdev,
10096 hci_remove_adv_instance(hdev, cp->instance);
10100 err = hci_cmd_sync_queue(hdev, add_ext_adv_params_sync, cmd,
10101 add_ext_adv_params_complete);
10103 mgmt_pending_free(cmd);
10105 rp.instance = cp->instance;
10106 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE;
10107 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
10108 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
10109 err = mgmt_cmd_complete(sk, hdev->id,
10110 MGMT_OP_ADD_EXT_ADV_PARAMS,
10111 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10115 hci_dev_unlock(hdev);
10120 static void add_ext_adv_data_complete(struct hci_dev *hdev, void *data, int err)
10122 struct mgmt_pending_cmd *cmd = data;
10123 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
10124 struct mgmt_rp_add_advertising rp;
10126 add_adv_complete(hdev, cmd->sk, cp->instance, err);
10128 memset(&rp, 0, sizeof(rp));
10130 rp.instance = cp->instance;
10133 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
10136 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
10137 mgmt_status(err), &rp, sizeof(rp));
10139 mgmt_pending_free(cmd);
10142 static int add_ext_adv_data_sync(struct hci_dev *hdev, void *data)
10144 struct mgmt_pending_cmd *cmd = data;
10145 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
10148 if (ext_adv_capable(hdev)) {
10149 err = hci_update_adv_data_sync(hdev, cp->instance);
10153 err = hci_update_scan_rsp_data_sync(hdev, cp->instance);
10157 return hci_enable_ext_advertising_sync(hdev, cp->instance);
10160 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
10163 static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data,
10166 struct mgmt_cp_add_ext_adv_data *cp = data;
10167 struct mgmt_rp_add_ext_adv_data rp;
10168 u8 schedule_instance = 0;
10169 struct adv_info *next_instance;
10170 struct adv_info *adv_instance;
10172 struct mgmt_pending_cmd *cmd;
10174 BT_DBG("%s", hdev->name);
10176 hci_dev_lock(hdev);
10178 adv_instance = hci_find_adv_instance(hdev, cp->instance);
10180 if (!adv_instance) {
10181 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10182 MGMT_STATUS_INVALID_PARAMS);
10186 /* In new interface, we require that we are powered to register */
10187 if (!hdev_is_powered(hdev)) {
10188 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10189 MGMT_STATUS_REJECTED);
10190 goto clear_new_instance;
10193 if (adv_busy(hdev)) {
10194 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10196 goto clear_new_instance;
10199 /* Validate new data */
10200 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data,
10201 cp->adv_data_len, true) ||
10202 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data +
10203 cp->adv_data_len, cp->scan_rsp_len, false)) {
10204 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10205 MGMT_STATUS_INVALID_PARAMS);
10206 goto clear_new_instance;
10209 /* Set the data in the advertising instance */
10210 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len,
10211 cp->data, cp->scan_rsp_len,
10212 cp->data + cp->adv_data_len);
10214 /* If using software rotation, determine next instance to use */
10215 if (hdev->cur_adv_instance == cp->instance) {
10216 /* If the currently advertised instance is being changed
10217 * then cancel the current advertising and schedule the
10218 * next instance. If there is only one instance then the
10219 * overridden advertising data will be visible right
10222 cancel_adv_timeout(hdev);
10224 next_instance = hci_get_next_instance(hdev, cp->instance);
10226 schedule_instance = next_instance->instance;
10227 } else if (!hdev->adv_instance_timeout) {
10228 /* Immediately advertise the new instance if no other
10229 * instance is currently being advertised.
10231 schedule_instance = cp->instance;
10234 /* If the HCI_ADVERTISING flag is set or there is no instance to
10235 * be advertised then we have no HCI communication to make.
10238 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || !schedule_instance) {
10239 if (adv_instance->pending) {
10240 mgmt_advertising_added(sk, hdev, cp->instance);
10241 adv_instance->pending = false;
10243 rp.instance = cp->instance;
10244 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10245 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10249 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data,
10253 goto clear_new_instance;
10256 err = hci_cmd_sync_queue(hdev, add_ext_adv_data_sync, cmd,
10257 add_ext_adv_data_complete);
10259 mgmt_pending_free(cmd);
10260 goto clear_new_instance;
10263 /* We were successful in updating data, so trigger advertising_added
10264 * event if this is an instance that wasn't previously advertising. If
10265 * a failure occurs in the requests we initiated, we will remove the
10266 * instance again in add_advertising_complete
10268 if (adv_instance->pending)
10269 mgmt_advertising_added(sk, hdev, cp->instance);
10273 clear_new_instance:
10274 hci_remove_adv_instance(hdev, cp->instance);
10277 hci_dev_unlock(hdev);
10282 static void remove_advertising_complete(struct hci_dev *hdev, void *data,
10285 struct mgmt_pending_cmd *cmd = data;
10286 struct mgmt_cp_remove_advertising *cp = cmd->param;
10287 struct mgmt_rp_remove_advertising rp;
10289 bt_dev_dbg(hdev, "err %d", err);
10291 memset(&rp, 0, sizeof(rp));
10292 rp.instance = cp->instance;
10295 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
10298 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
10299 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10301 mgmt_pending_free(cmd);
10304 static int remove_advertising_sync(struct hci_dev *hdev, void *data)
10306 struct mgmt_pending_cmd *cmd = data;
10307 struct mgmt_cp_remove_advertising *cp = cmd->param;
10310 err = hci_remove_advertising_sync(hdev, cmd->sk, cp->instance, true);
10314 if (list_empty(&hdev->adv_instances))
10315 err = hci_disable_advertising_sync(hdev);
10320 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
10321 void *data, u16 data_len)
10323 struct mgmt_cp_remove_advertising *cp = data;
10324 struct mgmt_pending_cmd *cmd;
10327 bt_dev_dbg(hdev, "sock %p", sk);
10329 hci_dev_lock(hdev);
10331 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
10332 err = mgmt_cmd_status(sk, hdev->id,
10333 MGMT_OP_REMOVE_ADVERTISING,
10334 MGMT_STATUS_INVALID_PARAMS);
10338 if (pending_find(MGMT_OP_SET_LE, hdev)) {
10339 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
10344 if (list_empty(&hdev->adv_instances)) {
10345 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
10346 MGMT_STATUS_INVALID_PARAMS);
10350 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
10357 err = hci_cmd_sync_queue(hdev, remove_advertising_sync, cmd,
10358 remove_advertising_complete);
10360 mgmt_pending_free(cmd);
10363 hci_dev_unlock(hdev);
10368 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
10369 void *data, u16 data_len)
10371 struct mgmt_cp_get_adv_size_info *cp = data;
10372 struct mgmt_rp_get_adv_size_info rp;
10373 u32 flags, supported_flags;
10375 bt_dev_dbg(hdev, "sock %p", sk);
10377 if (!lmp_le_capable(hdev))
10378 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
10379 MGMT_STATUS_REJECTED);
10381 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
10382 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
10383 MGMT_STATUS_INVALID_PARAMS);
10385 flags = __le32_to_cpu(cp->flags);
10387 /* The current implementation only supports a subset of the specified
10390 supported_flags = get_supported_adv_flags(hdev);
10391 if (flags & ~supported_flags)
10392 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
10393 MGMT_STATUS_INVALID_PARAMS);
10395 rp.instance = cp->instance;
10396 rp.flags = cp->flags;
10397 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
10398 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
10400 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
10401 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10404 static const struct hci_mgmt_handler mgmt_handlers[] = {
10405 { NULL }, /* 0x0000 (no command) */
10406 { read_version, MGMT_READ_VERSION_SIZE,
10408 HCI_MGMT_UNTRUSTED },
10409 { read_commands, MGMT_READ_COMMANDS_SIZE,
10411 HCI_MGMT_UNTRUSTED },
10412 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
10414 HCI_MGMT_UNTRUSTED },
10415 { read_controller_info, MGMT_READ_INFO_SIZE,
10416 HCI_MGMT_UNTRUSTED },
10417 { set_powered, MGMT_SETTING_SIZE },
10418 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
10419 { set_connectable, MGMT_SETTING_SIZE },
10420 { set_fast_connectable, MGMT_SETTING_SIZE },
10421 { set_bondable, MGMT_SETTING_SIZE },
10422 { set_link_security, MGMT_SETTING_SIZE },
10423 { set_ssp, MGMT_SETTING_SIZE },
10424 { set_hs, MGMT_SETTING_SIZE },
10425 { set_le, MGMT_SETTING_SIZE },
10426 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
10427 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
10428 { add_uuid, MGMT_ADD_UUID_SIZE },
10429 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
10430 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
10431 HCI_MGMT_VAR_LEN },
10432 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
10433 HCI_MGMT_VAR_LEN },
10434 { disconnect, MGMT_DISCONNECT_SIZE },
10435 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
10436 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
10437 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
10438 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
10439 { pair_device, MGMT_PAIR_DEVICE_SIZE },
10440 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
10441 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
10442 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
10443 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
10444 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
10445 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
10446 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
10447 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
10448 HCI_MGMT_VAR_LEN },
10449 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
10450 { start_discovery, MGMT_START_DISCOVERY_SIZE },
10451 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
10452 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
10453 { block_device, MGMT_BLOCK_DEVICE_SIZE },
10454 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
10455 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
10456 { set_advertising, MGMT_SETTING_SIZE },
10457 { set_bredr, MGMT_SETTING_SIZE },
10458 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
10459 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
10460 { set_secure_conn, MGMT_SETTING_SIZE },
10461 { set_debug_keys, MGMT_SETTING_SIZE },
10462 { set_privacy, MGMT_SET_PRIVACY_SIZE },
10463 { load_irks, MGMT_LOAD_IRKS_SIZE,
10464 HCI_MGMT_VAR_LEN },
10465 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
10466 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
10467 { add_device, MGMT_ADD_DEVICE_SIZE },
10468 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
10469 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
10470 HCI_MGMT_VAR_LEN },
10471 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
10473 HCI_MGMT_UNTRUSTED },
10474 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
10475 HCI_MGMT_UNCONFIGURED |
10476 HCI_MGMT_UNTRUSTED },
10477 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
10478 HCI_MGMT_UNCONFIGURED },
10479 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
10480 HCI_MGMT_UNCONFIGURED },
10481 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
10482 HCI_MGMT_VAR_LEN },
10483 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
10484 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
10486 HCI_MGMT_UNTRUSTED },
10487 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
10488 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
10489 HCI_MGMT_VAR_LEN },
10490 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
10491 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
10492 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
10493 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
10494 HCI_MGMT_UNTRUSTED },
10495 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
10496 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
10497 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
10498 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
10499 HCI_MGMT_VAR_LEN },
10500 { set_wideband_speech, MGMT_SETTING_SIZE },
10501 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE,
10502 HCI_MGMT_UNTRUSTED },
10503 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE,
10504 HCI_MGMT_UNTRUSTED |
10505 HCI_MGMT_HDEV_OPTIONAL },
10506 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE,
10508 HCI_MGMT_HDEV_OPTIONAL },
10509 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE,
10510 HCI_MGMT_UNTRUSTED },
10511 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE,
10512 HCI_MGMT_VAR_LEN },
10513 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE,
10514 HCI_MGMT_UNTRUSTED },
10515 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE,
10516 HCI_MGMT_VAR_LEN },
10517 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE },
10518 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE },
10519 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE },
10520 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE,
10521 HCI_MGMT_VAR_LEN },
10522 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE },
10523 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE,
10524 HCI_MGMT_VAR_LEN },
10525 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE,
10526 HCI_MGMT_VAR_LEN },
10527 { add_adv_patterns_monitor_rssi,
10528 MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE,
10529 HCI_MGMT_VAR_LEN },
10530 { set_mesh, MGMT_SET_MESH_RECEIVER_SIZE,
10531 HCI_MGMT_VAR_LEN },
10532 { mesh_features, MGMT_MESH_READ_FEATURES_SIZE },
10533 { mesh_send, MGMT_MESH_SEND_SIZE,
10534 HCI_MGMT_VAR_LEN },
10535 { mesh_send_cancel, MGMT_MESH_SEND_CANCEL_SIZE },
10539 static const struct hci_mgmt_handler tizen_mgmt_handlers[] = {
10540 { NULL }, /* 0x0000 (no command) */
10541 { set_advertising_params, MGMT_SET_ADVERTISING_PARAMS_SIZE },
10542 { set_advertising_data, MGMT_SET_ADV_MIN_APP_DATA_SIZE,
10543 HCI_MGMT_VAR_LEN },
10544 { set_scan_rsp_data, MGMT_SET_SCAN_RSP_MIN_APP_DATA_SIZE,
10545 HCI_MGMT_VAR_LEN },
10546 { add_white_list, MGMT_ADD_DEV_WHITE_LIST_SIZE },
10547 { remove_from_white_list, MGMT_REMOVE_DEV_FROM_WHITE_LIST_SIZE },
10548 { clear_white_list, MGMT_OP_CLEAR_DEV_WHITE_LIST_SIZE },
10549 { set_enable_rssi, MGMT_SET_RSSI_ENABLE_SIZE },
10550 { get_raw_rssi, MGMT_GET_RAW_RSSI_SIZE },
10551 { set_disable_threshold, MGMT_SET_RSSI_DISABLE_SIZE },
10555 void mgmt_index_added(struct hci_dev *hdev)
10557 struct mgmt_ev_ext_index ev;
10559 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
10562 switch (hdev->dev_type) {
10564 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
10565 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
10566 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
10569 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
10570 HCI_MGMT_INDEX_EVENTS);
10581 ev.bus = hdev->bus;
10583 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
10584 HCI_MGMT_EXT_INDEX_EVENTS);
10587 void mgmt_index_removed(struct hci_dev *hdev)
10589 struct mgmt_ev_ext_index ev;
10590 u8 status = MGMT_STATUS_INVALID_INDEX;
10592 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
10595 switch (hdev->dev_type) {
10597 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
10599 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
10600 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
10601 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
10604 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
10605 HCI_MGMT_INDEX_EVENTS);
10616 ev.bus = hdev->bus;
10618 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
10619 HCI_MGMT_EXT_INDEX_EVENTS);
10621 /* Cancel any remaining timed work */
10622 if (!hci_dev_test_flag(hdev, HCI_MGMT))
10624 cancel_delayed_work_sync(&hdev->discov_off);
10625 cancel_delayed_work_sync(&hdev->service_cache);
10626 cancel_delayed_work_sync(&hdev->rpa_expired);
10629 void mgmt_power_on(struct hci_dev *hdev, int err)
10631 struct cmd_lookup match = { NULL, hdev };
10633 bt_dev_dbg(hdev, "err %d", err);
10635 hci_dev_lock(hdev);
10638 restart_le_actions(hdev);
10639 hci_update_passive_scan(hdev);
10642 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
10644 new_settings(hdev, match.sk);
10647 sock_put(match.sk);
10649 hci_dev_unlock(hdev);
10652 void __mgmt_power_off(struct hci_dev *hdev)
10654 struct cmd_lookup match = { NULL, hdev };
10655 u8 status, zero_cod[] = { 0, 0, 0 };
10657 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
10659 /* If the power off is because of hdev unregistration let
10660 * use the appropriate INVALID_INDEX status. Otherwise use
10661 * NOT_POWERED. We cover both scenarios here since later in
10662 * mgmt_index_removed() any hci_conn callbacks will have already
10663 * been triggered, potentially causing misleading DISCONNECTED
10664 * status responses.
10666 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
10667 status = MGMT_STATUS_INVALID_INDEX;
10669 status = MGMT_STATUS_NOT_POWERED;
10671 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
10673 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
10674 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
10675 zero_cod, sizeof(zero_cod),
10676 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
10677 ext_info_changed(hdev, NULL);
10680 new_settings(hdev, match.sk);
10683 sock_put(match.sk);
10686 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
10688 struct mgmt_pending_cmd *cmd;
10691 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
10695 if (err == -ERFKILL)
10696 status = MGMT_STATUS_RFKILLED;
10698 status = MGMT_STATUS_FAILED;
10700 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
10702 mgmt_pending_remove(cmd);
10705 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
10708 struct mgmt_ev_new_link_key ev;
10710 memset(&ev, 0, sizeof(ev));
10712 ev.store_hint = persistent;
10713 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
10714 ev.key.addr.type = BDADDR_BREDR;
10715 ev.key.type = key->type;
10716 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
10717 ev.key.pin_len = key->pin_len;
10719 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
10722 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
10724 switch (ltk->type) {
10726 case SMP_LTK_RESPONDER:
10727 if (ltk->authenticated)
10728 return MGMT_LTK_AUTHENTICATED;
10729 return MGMT_LTK_UNAUTHENTICATED;
10731 if (ltk->authenticated)
10732 return MGMT_LTK_P256_AUTH;
10733 return MGMT_LTK_P256_UNAUTH;
10734 case SMP_LTK_P256_DEBUG:
10735 return MGMT_LTK_P256_DEBUG;
10738 return MGMT_LTK_UNAUTHENTICATED;
10741 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
10743 struct mgmt_ev_new_long_term_key ev;
10745 memset(&ev, 0, sizeof(ev));
10747 /* Devices using resolvable or non-resolvable random addresses
10748 * without providing an identity resolving key don't require
10749 * to store long term keys. Their addresses will change the
10750 * next time around.
10752 * Only when a remote device provides an identity address
10753 * make sure the long term key is stored. If the remote
10754 * identity is known, the long term keys are internally
10755 * mapped to the identity address. So allow static random
10756 * and public addresses here.
10758 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
10759 (key->bdaddr.b[5] & 0xc0) != 0xc0)
10760 ev.store_hint = 0x00;
10762 ev.store_hint = persistent;
10764 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
10765 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
10766 ev.key.type = mgmt_ltk_type(key);
10767 ev.key.enc_size = key->enc_size;
10768 ev.key.ediv = key->ediv;
10769 ev.key.rand = key->rand;
10771 if (key->type == SMP_LTK)
10772 ev.key.initiator = 1;
10774 /* Make sure we copy only the significant bytes based on the
10775 * encryption key size, and set the rest of the value to zeroes.
10777 memcpy(ev.key.val, key->val, key->enc_size);
10778 memset(ev.key.val + key->enc_size, 0,
10779 sizeof(ev.key.val) - key->enc_size);
10781 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
10784 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
10786 struct mgmt_ev_new_irk ev;
10788 memset(&ev, 0, sizeof(ev));
10790 ev.store_hint = persistent;
10792 bacpy(&ev.rpa, &irk->rpa);
10793 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
10794 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
10795 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
10797 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
10800 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
10803 struct mgmt_ev_new_csrk ev;
10805 memset(&ev, 0, sizeof(ev));
10807 /* Devices using resolvable or non-resolvable random addresses
10808 * without providing an identity resolving key don't require
10809 * to store signature resolving keys. Their addresses will change
10810 * the next time around.
10812 * Only when a remote device provides an identity address
10813 * make sure the signature resolving key is stored. So allow
10814 * static random and public addresses here.
10816 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
10817 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
10818 ev.store_hint = 0x00;
10820 ev.store_hint = persistent;
10822 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
10823 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
10824 ev.key.type = csrk->type;
10825 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
10827 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
10830 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
10831 u8 bdaddr_type, u8 store_hint, u16 min_interval,
10832 u16 max_interval, u16 latency, u16 timeout)
10834 struct mgmt_ev_new_conn_param ev;
10836 if (!hci_is_identity_address(bdaddr, bdaddr_type))
10839 memset(&ev, 0, sizeof(ev));
10840 bacpy(&ev.addr.bdaddr, bdaddr);
10841 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
10842 ev.store_hint = store_hint;
10843 ev.min_interval = cpu_to_le16(min_interval);
10844 ev.max_interval = cpu_to_le16(max_interval);
10845 ev.latency = cpu_to_le16(latency);
10846 ev.timeout = cpu_to_le16(timeout);
10848 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
10851 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
10852 u8 *name, u8 name_len)
10854 struct sk_buff *skb;
10855 struct mgmt_ev_device_connected *ev;
10859 /* allocate buff for LE or BR/EDR adv */
10860 if (conn->le_adv_data_len > 0)
10861 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
10862 sizeof(*ev) + conn->le_adv_data_len);
10864 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
10865 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0) +
10866 eir_precalc_len(sizeof(conn->dev_class)));
10868 ev = skb_put(skb, sizeof(*ev));
10869 bacpy(&ev->addr.bdaddr, &conn->dst);
10870 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
10873 flags |= MGMT_DEV_FOUND_INITIATED_CONN;
10875 ev->flags = __cpu_to_le32(flags);
10877 /* We must ensure that the EIR Data fields are ordered and
10878 * unique. Keep it simple for now and avoid the problem by not
10879 * adding any BR/EDR data to the LE adv.
10881 if (conn->le_adv_data_len > 0) {
10882 skb_put_data(skb, conn->le_adv_data, conn->le_adv_data_len);
10883 eir_len = conn->le_adv_data_len;
10886 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
10888 if (memcmp(conn->dev_class, "\0\0\0", sizeof(conn->dev_class)))
10889 eir_len += eir_skb_put_data(skb, EIR_CLASS_OF_DEV,
10890 conn->dev_class, sizeof(conn->dev_class));
10893 ev->eir_len = cpu_to_le16(eir_len);
10895 mgmt_event_skb(skb, NULL);
10898 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
10900 struct sock **sk = data;
10902 cmd->cmd_complete(cmd, 0);
10907 mgmt_pending_remove(cmd);
10910 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
10912 struct hci_dev *hdev = data;
10913 struct mgmt_cp_unpair_device *cp = cmd->param;
10915 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
10917 cmd->cmd_complete(cmd, 0);
10918 mgmt_pending_remove(cmd);
10921 bool mgmt_powering_down(struct hci_dev *hdev)
10923 struct mgmt_pending_cmd *cmd;
10924 struct mgmt_mode *cp;
10926 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
10937 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
10938 u8 link_type, u8 addr_type, u8 reason,
10939 bool mgmt_connected)
10941 struct mgmt_ev_device_disconnected ev;
10942 struct sock *sk = NULL;
10944 /* The connection is still in hci_conn_hash so test for 1
10945 * instead of 0 to know if this is the last one.
10947 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
10948 cancel_delayed_work(&hdev->power_off);
10949 queue_work(hdev->req_workqueue, &hdev->power_off.work);
10952 if (!mgmt_connected)
10955 if (link_type != ACL_LINK && link_type != LE_LINK)
10958 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
10960 bacpy(&ev.addr.bdaddr, bdaddr);
10961 ev.addr.type = link_to_bdaddr(link_type, addr_type);
10962 ev.reason = reason;
10964 /* Report disconnects due to suspend */
10965 if (hdev->suspended)
10966 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND;
10968 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
10973 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
10977 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
10978 u8 link_type, u8 addr_type, u8 status)
10980 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
10981 struct mgmt_cp_disconnect *cp;
10982 struct mgmt_pending_cmd *cmd;
10984 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
10987 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
10993 if (bacmp(bdaddr, &cp->addr.bdaddr))
10996 if (cp->addr.type != bdaddr_type)
10999 cmd->cmd_complete(cmd, mgmt_status(status));
11000 mgmt_pending_remove(cmd);
11003 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
11004 u8 addr_type, u8 status)
11006 struct mgmt_ev_connect_failed ev;
11008 /* The connection is still in hci_conn_hash so test for 1
11009 * instead of 0 to know if this is the last one.
11011 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
11012 cancel_delayed_work(&hdev->power_off);
11013 queue_work(hdev->req_workqueue, &hdev->power_off.work);
11016 bacpy(&ev.addr.bdaddr, bdaddr);
11017 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11018 ev.status = mgmt_status(status);
11020 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
11023 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
11025 struct mgmt_ev_pin_code_request ev;
11027 bacpy(&ev.addr.bdaddr, bdaddr);
11028 ev.addr.type = BDADDR_BREDR;
11029 ev.secure = secure;
11031 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
11034 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11037 struct mgmt_pending_cmd *cmd;
11039 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
11043 cmd->cmd_complete(cmd, mgmt_status(status));
11044 mgmt_pending_remove(cmd);
11047 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11050 struct mgmt_pending_cmd *cmd;
11052 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
11056 cmd->cmd_complete(cmd, mgmt_status(status));
11057 mgmt_pending_remove(cmd);
11060 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
11061 u8 link_type, u8 addr_type, u32 value,
11064 struct mgmt_ev_user_confirm_request ev;
11066 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
11068 bacpy(&ev.addr.bdaddr, bdaddr);
11069 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11070 ev.confirm_hint = confirm_hint;
11071 ev.value = cpu_to_le32(value);
11073 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
11077 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
11078 u8 link_type, u8 addr_type)
11080 struct mgmt_ev_user_passkey_request ev;
11082 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
11084 bacpy(&ev.addr.bdaddr, bdaddr);
11085 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11087 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
11091 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11092 u8 link_type, u8 addr_type, u8 status,
11095 struct mgmt_pending_cmd *cmd;
11097 cmd = pending_find(opcode, hdev);
11101 cmd->cmd_complete(cmd, mgmt_status(status));
11102 mgmt_pending_remove(cmd);
11107 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11108 u8 link_type, u8 addr_type, u8 status)
11110 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
11111 status, MGMT_OP_USER_CONFIRM_REPLY);
11114 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11115 u8 link_type, u8 addr_type, u8 status)
11117 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
11119 MGMT_OP_USER_CONFIRM_NEG_REPLY);
11122 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11123 u8 link_type, u8 addr_type, u8 status)
11125 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
11126 status, MGMT_OP_USER_PASSKEY_REPLY);
11129 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11130 u8 link_type, u8 addr_type, u8 status)
11132 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
11134 MGMT_OP_USER_PASSKEY_NEG_REPLY);
11137 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
11138 u8 link_type, u8 addr_type, u32 passkey,
11141 struct mgmt_ev_passkey_notify ev;
11143 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
11145 bacpy(&ev.addr.bdaddr, bdaddr);
11146 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11147 ev.passkey = __cpu_to_le32(passkey);
11148 ev.entered = entered;
11150 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
11153 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
11155 struct mgmt_ev_auth_failed ev;
11156 struct mgmt_pending_cmd *cmd;
11157 u8 status = mgmt_status(hci_status);
11159 bacpy(&ev.addr.bdaddr, &conn->dst);
11160 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
11161 ev.status = status;
11163 cmd = find_pairing(conn);
11165 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
11166 cmd ? cmd->sk : NULL);
11169 cmd->cmd_complete(cmd, status);
11170 mgmt_pending_remove(cmd);
11174 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
11176 struct cmd_lookup match = { NULL, hdev };
11180 u8 mgmt_err = mgmt_status(status);
11181 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
11182 cmd_status_rsp, &mgmt_err);
11186 if (test_bit(HCI_AUTH, &hdev->flags))
11187 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
11189 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
11191 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
11195 new_settings(hdev, match.sk);
11198 sock_put(match.sk);
11201 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
11203 struct cmd_lookup *match = data;
11205 if (match->sk == NULL) {
11206 match->sk = cmd->sk;
11207 sock_hold(match->sk);
11211 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
11214 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
11216 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
11217 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
11218 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
11221 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
11222 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
11223 ext_info_changed(hdev, NULL);
11227 sock_put(match.sk);
11230 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
11232 struct mgmt_cp_set_local_name ev;
11233 struct mgmt_pending_cmd *cmd;
11238 memset(&ev, 0, sizeof(ev));
11239 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
11240 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
11242 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
11244 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
11246 /* If this is a HCI command related to powering on the
11247 * HCI dev don't send any mgmt signals.
11249 if (pending_find(MGMT_OP_SET_POWERED, hdev))
11253 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
11254 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
11255 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
11258 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
11262 for (i = 0; i < uuid_count; i++) {
11263 if (!memcmp(uuid, uuids[i], 16))
11270 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
11274 while (parsed < eir_len) {
11275 u8 field_len = eir[0];
11279 if (field_len == 0)
11282 if (eir_len - parsed < field_len + 1)
11286 case EIR_UUID16_ALL:
11287 case EIR_UUID16_SOME:
11288 for (i = 0; i + 3 <= field_len; i += 2) {
11289 memcpy(uuid, bluetooth_base_uuid, 16);
11290 uuid[13] = eir[i + 3];
11291 uuid[12] = eir[i + 2];
11292 if (has_uuid(uuid, uuid_count, uuids))
11296 case EIR_UUID32_ALL:
11297 case EIR_UUID32_SOME:
11298 for (i = 0; i + 5 <= field_len; i += 4) {
11299 memcpy(uuid, bluetooth_base_uuid, 16);
11300 uuid[15] = eir[i + 5];
11301 uuid[14] = eir[i + 4];
11302 uuid[13] = eir[i + 3];
11303 uuid[12] = eir[i + 2];
11304 if (has_uuid(uuid, uuid_count, uuids))
11308 case EIR_UUID128_ALL:
11309 case EIR_UUID128_SOME:
11310 for (i = 0; i + 17 <= field_len; i += 16) {
11311 memcpy(uuid, eir + i + 2, 16);
11312 if (has_uuid(uuid, uuid_count, uuids))
11318 parsed += field_len + 1;
11319 eir += field_len + 1;
11325 static void restart_le_scan(struct hci_dev *hdev)
11327 /* If controller is not scanning we are done. */
11328 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
11331 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
11332 hdev->discovery.scan_start +
11333 hdev->discovery.scan_duration))
11336 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
11337 DISCOV_LE_RESTART_DELAY);
11340 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
11341 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
11343 /* If a RSSI threshold has been specified, and
11344 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
11345 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
11346 * is set, let it through for further processing, as we might need to
11347 * restart the scan.
11349 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
11350 * the results are also dropped.
11352 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
11353 (rssi == HCI_RSSI_INVALID ||
11354 (rssi < hdev->discovery.rssi &&
11355 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
11358 if (hdev->discovery.uuid_count != 0) {
11359 /* If a list of UUIDs is provided in filter, results with no
11360 * matching UUID should be dropped.
11362 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
11363 hdev->discovery.uuids) &&
11364 !eir_has_uuids(scan_rsp, scan_rsp_len,
11365 hdev->discovery.uuid_count,
11366 hdev->discovery.uuids))
11370 /* If duplicate filtering does not report RSSI changes, then restart
11371 * scanning to ensure updated result with updated RSSI values.
11373 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
11374 restart_le_scan(hdev);
11376 /* Validate RSSI value against the RSSI threshold once more. */
11377 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
11378 rssi < hdev->discovery.rssi)
11385 void mgmt_adv_monitor_device_lost(struct hci_dev *hdev, u16 handle,
11386 bdaddr_t *bdaddr, u8 addr_type)
11388 struct mgmt_ev_adv_monitor_device_lost ev;
11390 ev.monitor_handle = cpu_to_le16(handle);
11391 bacpy(&ev.addr.bdaddr, bdaddr);
11392 ev.addr.type = addr_type;
11394 mgmt_event(MGMT_EV_ADV_MONITOR_DEVICE_LOST, hdev, &ev, sizeof(ev),
11398 static void mgmt_send_adv_monitor_device_found(struct hci_dev *hdev,
11399 struct sk_buff *skb,
11400 struct sock *skip_sk,
11403 struct sk_buff *advmon_skb;
11404 size_t advmon_skb_len;
11405 __le16 *monitor_handle;
11410 advmon_skb_len = (sizeof(struct mgmt_ev_adv_monitor_device_found) -
11411 sizeof(struct mgmt_ev_device_found)) + skb->len;
11412 advmon_skb = mgmt_alloc_skb(hdev, MGMT_EV_ADV_MONITOR_DEVICE_FOUND,
11417 /* ADV_MONITOR_DEVICE_FOUND is similar to DEVICE_FOUND event except
11418 * that it also has 'monitor_handle'. Make a copy of DEVICE_FOUND and
11419 * store monitor_handle of the matched monitor.
11421 monitor_handle = skb_put(advmon_skb, sizeof(*monitor_handle));
11422 *monitor_handle = cpu_to_le16(handle);
11423 skb_put_data(advmon_skb, skb->data, skb->len);
11425 mgmt_event_skb(advmon_skb, skip_sk);
11428 static void mgmt_adv_monitor_device_found(struct hci_dev *hdev,
11429 bdaddr_t *bdaddr, bool report_device,
11430 struct sk_buff *skb,
11431 struct sock *skip_sk)
11433 struct monitored_device *dev, *tmp;
11434 bool matched = false;
11435 bool notified = false;
11437 /* We have received the Advertisement Report because:
11438 * 1. the kernel has initiated active discovery
11439 * 2. if not, we have pend_le_reports > 0 in which case we are doing
11441 * 3. if none of the above is true, we have one or more active
11442 * Advertisement Monitor
11444 * For case 1 and 2, report all advertisements via MGMT_EV_DEVICE_FOUND
11445 * and report ONLY one advertisement per device for the matched Monitor
11446 * via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event.
11448 * For case 3, since we are not active scanning and all advertisements
11449 * received are due to a matched Advertisement Monitor, report all
11450 * advertisements ONLY via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event.
11452 if (report_device && !hdev->advmon_pend_notify) {
11453 mgmt_event_skb(skb, skip_sk);
11457 hdev->advmon_pend_notify = false;
11459 list_for_each_entry_safe(dev, tmp, &hdev->monitored_devices, list) {
11460 if (!bacmp(&dev->bdaddr, bdaddr)) {
11463 if (!dev->notified) {
11464 mgmt_send_adv_monitor_device_found(hdev, skb,
11468 dev->notified = true;
11472 if (!dev->notified)
11473 hdev->advmon_pend_notify = true;
11476 if (!report_device &&
11477 ((matched && !notified) || !msft_monitor_supported(hdev))) {
11478 /* Handle 0 indicates that we are not active scanning and this
11479 * is a subsequent advertisement report for an already matched
11480 * Advertisement Monitor or the controller offloading support
11481 * is not available.
11483 mgmt_send_adv_monitor_device_found(hdev, skb, skip_sk, 0);
11487 mgmt_event_skb(skb, skip_sk);
11492 static void mesh_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr,
11493 u8 addr_type, s8 rssi, u32 flags, u8 *eir,
11494 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len,
11497 struct sk_buff *skb;
11498 struct mgmt_ev_mesh_device_found *ev;
11501 if (!hdev->mesh_ad_types[0])
11504 /* Scan for requested AD types */
11506 for (i = 0; i + 1 < eir_len; i += eir[i] + 1) {
11507 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) {
11508 if (!hdev->mesh_ad_types[j])
11511 if (hdev->mesh_ad_types[j] == eir[i + 1])
11517 if (scan_rsp_len > 0) {
11518 for (i = 0; i + 1 < scan_rsp_len; i += scan_rsp[i] + 1) {
11519 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) {
11520 if (!hdev->mesh_ad_types[j])
11523 if (hdev->mesh_ad_types[j] == scan_rsp[i + 1])
11532 skb = mgmt_alloc_skb(hdev, MGMT_EV_MESH_DEVICE_FOUND,
11533 sizeof(*ev) + eir_len + scan_rsp_len);
11537 ev = skb_put(skb, sizeof(*ev));
11539 bacpy(&ev->addr.bdaddr, bdaddr);
11540 ev->addr.type = link_to_bdaddr(LE_LINK, addr_type);
11542 ev->flags = cpu_to_le32(flags);
11543 ev->instant = cpu_to_le64(instant);
11546 /* Copy EIR or advertising data into event */
11547 skb_put_data(skb, eir, eir_len);
11549 if (scan_rsp_len > 0)
11550 /* Append scan response data to event */
11551 skb_put_data(skb, scan_rsp, scan_rsp_len);
11553 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
11555 mgmt_event_skb(skb, NULL);
11558 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
11559 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
11560 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len,
11563 struct sk_buff *skb;
11564 struct mgmt_ev_device_found *ev;
11565 bool report_device = hci_discovery_active(hdev);
11567 if (hci_dev_test_flag(hdev, HCI_MESH) && link_type == LE_LINK)
11568 mesh_device_found(hdev, bdaddr, addr_type, rssi, flags,
11569 eir, eir_len, scan_rsp, scan_rsp_len,
11572 /* Don't send events for a non-kernel initiated discovery. With
11573 * LE one exception is if we have pend_le_reports > 0 in which
11574 * case we're doing passive scanning and want these events.
11576 if (!hci_discovery_active(hdev)) {
11577 if (link_type == ACL_LINK)
11579 if (link_type == LE_LINK && !list_empty(&hdev->pend_le_reports))
11580 report_device = true;
11581 else if (!hci_is_adv_monitoring(hdev))
11585 if (hdev->discovery.result_filtering) {
11586 /* We are using service discovery */
11587 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
11592 if (hdev->discovery.limited) {
11593 /* Check for limited discoverable bit */
11595 if (!(dev_class[1] & 0x20))
11598 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
11599 if (!flags || !(flags[0] & LE_AD_LIMITED))
11604 /* Allocate skb. The 5 extra bytes are for the potential CoD field */
11605 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
11606 sizeof(*ev) + eir_len + scan_rsp_len + 5);
11610 ev = skb_put(skb, sizeof(*ev));
11612 /* In case of device discovery with BR/EDR devices (pre 1.2), the
11613 * RSSI value was reported as 0 when not available. This behavior
11614 * is kept when using device discovery. This is required for full
11615 * backwards compatibility with the API.
11617 * However when using service discovery, the value 127 will be
11618 * returned when the RSSI is not available.
11620 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
11621 link_type == ACL_LINK)
11624 bacpy(&ev->addr.bdaddr, bdaddr);
11625 ev->addr.type = link_to_bdaddr(link_type, addr_type);
11627 ev->flags = cpu_to_le32(flags);
11630 /* Copy EIR or advertising data into event */
11631 skb_put_data(skb, eir, eir_len);
11633 if (dev_class && !eir_get_data(eir, eir_len, EIR_CLASS_OF_DEV, NULL)) {
11636 eir_len += eir_append_data(eir_cod, 0, EIR_CLASS_OF_DEV,
11638 skb_put_data(skb, eir_cod, sizeof(eir_cod));
11641 if (scan_rsp_len > 0)
11642 /* Append scan response data to event */
11643 skb_put_data(skb, scan_rsp, scan_rsp_len);
11645 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
11647 mgmt_adv_monitor_device_found(hdev, bdaddr, report_device, skb, NULL);
11650 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
11651 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
11653 struct sk_buff *skb;
11654 struct mgmt_ev_device_found *ev;
11658 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
11659 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0));
11661 ev = skb_put(skb, sizeof(*ev));
11662 bacpy(&ev->addr.bdaddr, bdaddr);
11663 ev->addr.type = link_to_bdaddr(link_type, addr_type);
11667 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
11669 flags = MGMT_DEV_FOUND_NAME_REQUEST_FAILED;
11671 ev->eir_len = cpu_to_le16(eir_len);
11672 ev->flags = cpu_to_le32(flags);
11674 mgmt_event_skb(skb, NULL);
11677 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
11679 struct mgmt_ev_discovering ev;
11681 bt_dev_dbg(hdev, "discovering %u", discovering);
11683 memset(&ev, 0, sizeof(ev));
11684 ev.type = hdev->discovery.type;
11685 ev.discovering = discovering;
11687 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
11690 void mgmt_suspending(struct hci_dev *hdev, u8 state)
11692 struct mgmt_ev_controller_suspend ev;
11694 ev.suspend_state = state;
11695 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL);
11698 void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr,
11701 struct mgmt_ev_controller_resume ev;
11703 ev.wake_reason = reason;
11705 bacpy(&ev.addr.bdaddr, bdaddr);
11706 ev.addr.type = addr_type;
11708 memset(&ev.addr, 0, sizeof(ev.addr));
11711 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL);
11714 static struct hci_mgmt_chan chan = {
11715 .channel = HCI_CHANNEL_CONTROL,
11716 .handler_count = ARRAY_SIZE(mgmt_handlers),
11717 .handlers = mgmt_handlers,
11719 .tizen_handler_count = ARRAY_SIZE(tizen_mgmt_handlers),
11720 .tizen_handlers = tizen_mgmt_handlers,
11722 .hdev_init = mgmt_init_hdev,
11725 int mgmt_init(void)
11727 return hci_mgmt_chan_register(&chan);
11730 void mgmt_exit(void)
11732 hci_mgmt_chan_unregister(&chan);
11735 void mgmt_cleanup(struct sock *sk)
11737 struct mgmt_mesh_tx *mesh_tx;
11738 struct hci_dev *hdev;
11740 read_lock(&hci_dev_list_lock);
11742 list_for_each_entry(hdev, &hci_dev_list, list) {
11744 mesh_tx = mgmt_mesh_next(hdev, sk);
11747 mesh_send_complete(hdev, mesh_tx, true);
11751 read_unlock(&hci_dev_list_lock);
projects / platform / kernel / linux-starfive.git / blob