2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include <net/bluetooth/mgmt_tizen.h>
39 #include "hci_request.h"
41 #include "mgmt_util.h"
42 #include "mgmt_config.h"
47 #define MGMT_VERSION 1
48 #define MGMT_REVISION 22
50 static const u16 mgmt_commands[] = {
51 MGMT_OP_READ_INDEX_LIST,
54 MGMT_OP_SET_DISCOVERABLE,
55 MGMT_OP_SET_CONNECTABLE,
56 MGMT_OP_SET_FAST_CONNECTABLE,
58 MGMT_OP_SET_LINK_SECURITY,
62 MGMT_OP_SET_DEV_CLASS,
63 MGMT_OP_SET_LOCAL_NAME,
66 MGMT_OP_LOAD_LINK_KEYS,
67 MGMT_OP_LOAD_LONG_TERM_KEYS,
69 MGMT_OP_GET_CONNECTIONS,
70 MGMT_OP_PIN_CODE_REPLY,
71 MGMT_OP_PIN_CODE_NEG_REPLY,
72 MGMT_OP_SET_IO_CAPABILITY,
74 MGMT_OP_CANCEL_PAIR_DEVICE,
75 MGMT_OP_UNPAIR_DEVICE,
76 MGMT_OP_USER_CONFIRM_REPLY,
77 MGMT_OP_USER_CONFIRM_NEG_REPLY,
78 MGMT_OP_USER_PASSKEY_REPLY,
79 MGMT_OP_USER_PASSKEY_NEG_REPLY,
80 MGMT_OP_READ_LOCAL_OOB_DATA,
81 MGMT_OP_ADD_REMOTE_OOB_DATA,
82 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
83 MGMT_OP_START_DISCOVERY,
84 MGMT_OP_STOP_DISCOVERY,
87 MGMT_OP_UNBLOCK_DEVICE,
88 MGMT_OP_SET_DEVICE_ID,
89 MGMT_OP_SET_ADVERTISING,
91 MGMT_OP_SET_STATIC_ADDRESS,
92 MGMT_OP_SET_SCAN_PARAMS,
93 MGMT_OP_SET_SECURE_CONN,
94 MGMT_OP_SET_DEBUG_KEYS,
97 MGMT_OP_GET_CONN_INFO,
98 MGMT_OP_GET_CLOCK_INFO,
100 MGMT_OP_REMOVE_DEVICE,
101 MGMT_OP_LOAD_CONN_PARAM,
102 MGMT_OP_READ_UNCONF_INDEX_LIST,
103 MGMT_OP_READ_CONFIG_INFO,
104 MGMT_OP_SET_EXTERNAL_CONFIG,
105 MGMT_OP_SET_PUBLIC_ADDRESS,
106 MGMT_OP_START_SERVICE_DISCOVERY,
107 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
108 MGMT_OP_READ_EXT_INDEX_LIST,
109 MGMT_OP_READ_ADV_FEATURES,
110 MGMT_OP_ADD_ADVERTISING,
111 MGMT_OP_REMOVE_ADVERTISING,
112 MGMT_OP_GET_ADV_SIZE_INFO,
113 MGMT_OP_START_LIMITED_DISCOVERY,
114 MGMT_OP_READ_EXT_INFO,
115 MGMT_OP_SET_APPEARANCE,
116 MGMT_OP_GET_PHY_CONFIGURATION,
117 MGMT_OP_SET_PHY_CONFIGURATION,
118 MGMT_OP_SET_BLOCKED_KEYS,
119 MGMT_OP_SET_WIDEBAND_SPEECH,
120 MGMT_OP_READ_CONTROLLER_CAP,
121 MGMT_OP_READ_EXP_FEATURES_INFO,
122 MGMT_OP_SET_EXP_FEATURE,
123 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
124 MGMT_OP_SET_DEF_SYSTEM_CONFIG,
125 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
126 MGMT_OP_SET_DEF_RUNTIME_CONFIG,
127 MGMT_OP_GET_DEVICE_FLAGS,
128 MGMT_OP_SET_DEVICE_FLAGS,
129 MGMT_OP_READ_ADV_MONITOR_FEATURES,
130 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
131 MGMT_OP_REMOVE_ADV_MONITOR,
132 MGMT_OP_ADD_EXT_ADV_PARAMS,
133 MGMT_OP_ADD_EXT_ADV_DATA,
134 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI,
135 MGMT_OP_SET_MESH_RECEIVER,
136 MGMT_OP_MESH_READ_FEATURES,
138 MGMT_OP_MESH_SEND_CANCEL,
141 static const u16 mgmt_events[] = {
142 MGMT_EV_CONTROLLER_ERROR,
144 MGMT_EV_INDEX_REMOVED,
145 MGMT_EV_NEW_SETTINGS,
146 MGMT_EV_CLASS_OF_DEV_CHANGED,
147 MGMT_EV_LOCAL_NAME_CHANGED,
148 MGMT_EV_NEW_LINK_KEY,
149 MGMT_EV_NEW_LONG_TERM_KEY,
150 MGMT_EV_DEVICE_CONNECTED,
151 MGMT_EV_DEVICE_DISCONNECTED,
152 MGMT_EV_CONNECT_FAILED,
153 MGMT_EV_PIN_CODE_REQUEST,
154 MGMT_EV_USER_CONFIRM_REQUEST,
155 MGMT_EV_USER_PASSKEY_REQUEST,
157 MGMT_EV_DEVICE_FOUND,
159 MGMT_EV_DEVICE_BLOCKED,
160 MGMT_EV_DEVICE_UNBLOCKED,
161 MGMT_EV_DEVICE_UNPAIRED,
162 MGMT_EV_PASSKEY_NOTIFY,
165 MGMT_EV_DEVICE_ADDED,
166 MGMT_EV_DEVICE_REMOVED,
167 MGMT_EV_NEW_CONN_PARAM,
168 MGMT_EV_UNCONF_INDEX_ADDED,
169 MGMT_EV_UNCONF_INDEX_REMOVED,
170 MGMT_EV_NEW_CONFIG_OPTIONS,
171 MGMT_EV_EXT_INDEX_ADDED,
172 MGMT_EV_EXT_INDEX_REMOVED,
173 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
174 MGMT_EV_ADVERTISING_ADDED,
175 MGMT_EV_ADVERTISING_REMOVED,
176 MGMT_EV_EXT_INFO_CHANGED,
177 MGMT_EV_PHY_CONFIGURATION_CHANGED,
178 MGMT_EV_EXP_FEATURE_CHANGED,
179 MGMT_EV_DEVICE_FLAGS_CHANGED,
180 MGMT_EV_ADV_MONITOR_ADDED,
181 MGMT_EV_ADV_MONITOR_REMOVED,
182 MGMT_EV_CONTROLLER_SUSPEND,
183 MGMT_EV_CONTROLLER_RESUME,
184 MGMT_EV_ADV_MONITOR_DEVICE_FOUND,
185 MGMT_EV_ADV_MONITOR_DEVICE_LOST,
188 static const u16 mgmt_untrusted_commands[] = {
189 MGMT_OP_READ_INDEX_LIST,
191 MGMT_OP_READ_UNCONF_INDEX_LIST,
192 MGMT_OP_READ_CONFIG_INFO,
193 MGMT_OP_READ_EXT_INDEX_LIST,
194 MGMT_OP_READ_EXT_INFO,
195 MGMT_OP_READ_CONTROLLER_CAP,
196 MGMT_OP_READ_EXP_FEATURES_INFO,
197 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
198 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
201 static const u16 mgmt_untrusted_events[] = {
203 MGMT_EV_INDEX_REMOVED,
204 MGMT_EV_NEW_SETTINGS,
205 MGMT_EV_CLASS_OF_DEV_CHANGED,
206 MGMT_EV_LOCAL_NAME_CHANGED,
207 MGMT_EV_UNCONF_INDEX_ADDED,
208 MGMT_EV_UNCONF_INDEX_REMOVED,
209 MGMT_EV_NEW_CONFIG_OPTIONS,
210 MGMT_EV_EXT_INDEX_ADDED,
211 MGMT_EV_EXT_INDEX_REMOVED,
212 MGMT_EV_EXT_INFO_CHANGED,
213 MGMT_EV_EXP_FEATURE_CHANGED,
216 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
218 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
219 "\x00\x00\x00\x00\x00\x00\x00\x00"
221 /* HCI to MGMT error code conversion table */
222 static const u8 mgmt_status_table[] = {
224 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
225 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
226 MGMT_STATUS_FAILED, /* Hardware Failure */
227 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
228 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
229 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
230 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
231 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
232 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
233 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
234 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
235 MGMT_STATUS_BUSY, /* Command Disallowed */
236 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
237 MGMT_STATUS_REJECTED, /* Rejected Security */
238 MGMT_STATUS_REJECTED, /* Rejected Personal */
239 MGMT_STATUS_TIMEOUT, /* Host Timeout */
240 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
241 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
242 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
243 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
244 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
245 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
246 MGMT_STATUS_BUSY, /* Repeated Attempts */
247 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
248 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
249 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
250 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
251 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
252 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
253 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
254 MGMT_STATUS_FAILED, /* Unspecified Error */
255 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
256 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
257 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
258 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
259 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
260 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
261 MGMT_STATUS_FAILED, /* Unit Link Key Used */
262 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
263 MGMT_STATUS_TIMEOUT, /* Instant Passed */
264 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
265 MGMT_STATUS_FAILED, /* Transaction Collision */
266 MGMT_STATUS_FAILED, /* Reserved for future use */
267 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
268 MGMT_STATUS_REJECTED, /* QoS Rejected */
269 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
270 MGMT_STATUS_REJECTED, /* Insufficient Security */
271 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
272 MGMT_STATUS_FAILED, /* Reserved for future use */
273 MGMT_STATUS_BUSY, /* Role Switch Pending */
274 MGMT_STATUS_FAILED, /* Reserved for future use */
275 MGMT_STATUS_FAILED, /* Slot Violation */
276 MGMT_STATUS_FAILED, /* Role Switch Failed */
277 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
278 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
279 MGMT_STATUS_BUSY, /* Host Busy Pairing */
280 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
281 MGMT_STATUS_BUSY, /* Controller Busy */
282 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
283 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
284 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
285 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
286 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
289 static u8 mgmt_errno_status(int err)
293 return MGMT_STATUS_SUCCESS;
295 return MGMT_STATUS_REJECTED;
297 return MGMT_STATUS_INVALID_PARAMS;
299 return MGMT_STATUS_NOT_SUPPORTED;
301 return MGMT_STATUS_BUSY;
303 return MGMT_STATUS_AUTH_FAILED;
305 return MGMT_STATUS_NO_RESOURCES;
307 return MGMT_STATUS_ALREADY_CONNECTED;
309 return MGMT_STATUS_DISCONNECTED;
312 return MGMT_STATUS_FAILED;
315 static u8 mgmt_status(int err)
318 return mgmt_errno_status(err);
320 if (err < ARRAY_SIZE(mgmt_status_table))
321 return mgmt_status_table[err];
323 return MGMT_STATUS_FAILED;
326 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
329 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
333 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
334 u16 len, int flag, struct sock *skip_sk)
336 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
340 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
341 struct sock *skip_sk)
343 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
344 HCI_SOCK_TRUSTED, skip_sk);
347 static int mgmt_event_skb(struct sk_buff *skb, struct sock *skip_sk)
349 return mgmt_send_event_skb(HCI_CHANNEL_CONTROL, skb, HCI_SOCK_TRUSTED,
353 static u8 le_addr_type(u8 mgmt_addr_type)
355 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
356 return ADDR_LE_DEV_PUBLIC;
358 return ADDR_LE_DEV_RANDOM;
361 void mgmt_fill_version_info(void *ver)
363 struct mgmt_rp_read_version *rp = ver;
365 rp->version = MGMT_VERSION;
366 rp->revision = cpu_to_le16(MGMT_REVISION);
369 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
372 struct mgmt_rp_read_version rp;
374 bt_dev_dbg(hdev, "sock %p", sk);
376 mgmt_fill_version_info(&rp);
378 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
382 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
385 struct mgmt_rp_read_commands *rp;
386 u16 num_commands, num_events;
390 bt_dev_dbg(hdev, "sock %p", sk);
392 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
393 num_commands = ARRAY_SIZE(mgmt_commands);
394 num_events = ARRAY_SIZE(mgmt_events);
396 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
397 num_events = ARRAY_SIZE(mgmt_untrusted_events);
400 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
402 rp = kmalloc(rp_size, GFP_KERNEL);
406 rp->num_commands = cpu_to_le16(num_commands);
407 rp->num_events = cpu_to_le16(num_events);
409 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
410 __le16 *opcode = rp->opcodes;
412 for (i = 0; i < num_commands; i++, opcode++)
413 put_unaligned_le16(mgmt_commands[i], opcode);
415 for (i = 0; i < num_events; i++, opcode++)
416 put_unaligned_le16(mgmt_events[i], opcode);
418 __le16 *opcode = rp->opcodes;
420 for (i = 0; i < num_commands; i++, opcode++)
421 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
423 for (i = 0; i < num_events; i++, opcode++)
424 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
427 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
434 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
437 struct mgmt_rp_read_index_list *rp;
443 bt_dev_dbg(hdev, "sock %p", sk);
445 read_lock(&hci_dev_list_lock);
448 list_for_each_entry(d, &hci_dev_list, list) {
449 if (d->dev_type == HCI_PRIMARY &&
450 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
454 rp_len = sizeof(*rp) + (2 * count);
455 rp = kmalloc(rp_len, GFP_ATOMIC);
457 read_unlock(&hci_dev_list_lock);
462 list_for_each_entry(d, &hci_dev_list, list) {
463 if (hci_dev_test_flag(d, HCI_SETUP) ||
464 hci_dev_test_flag(d, HCI_CONFIG) ||
465 hci_dev_test_flag(d, HCI_USER_CHANNEL))
468 /* Devices marked as raw-only are neither configured
469 * nor unconfigured controllers.
471 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
474 if (d->dev_type == HCI_PRIMARY &&
475 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
476 rp->index[count++] = cpu_to_le16(d->id);
477 bt_dev_dbg(hdev, "Added hci%u", d->id);
481 rp->num_controllers = cpu_to_le16(count);
482 rp_len = sizeof(*rp) + (2 * count);
484 read_unlock(&hci_dev_list_lock);
486 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
494 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
495 void *data, u16 data_len)
497 struct mgmt_rp_read_unconf_index_list *rp;
503 bt_dev_dbg(hdev, "sock %p", sk);
505 read_lock(&hci_dev_list_lock);
508 list_for_each_entry(d, &hci_dev_list, list) {
509 if (d->dev_type == HCI_PRIMARY &&
510 hci_dev_test_flag(d, HCI_UNCONFIGURED))
514 rp_len = sizeof(*rp) + (2 * count);
515 rp = kmalloc(rp_len, GFP_ATOMIC);
517 read_unlock(&hci_dev_list_lock);
522 list_for_each_entry(d, &hci_dev_list, list) {
523 if (hci_dev_test_flag(d, HCI_SETUP) ||
524 hci_dev_test_flag(d, HCI_CONFIG) ||
525 hci_dev_test_flag(d, HCI_USER_CHANNEL))
528 /* Devices marked as raw-only are neither configured
529 * nor unconfigured controllers.
531 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
534 if (d->dev_type == HCI_PRIMARY &&
535 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
536 rp->index[count++] = cpu_to_le16(d->id);
537 bt_dev_dbg(hdev, "Added hci%u", d->id);
541 rp->num_controllers = cpu_to_le16(count);
542 rp_len = sizeof(*rp) + (2 * count);
544 read_unlock(&hci_dev_list_lock);
546 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
547 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
554 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
555 void *data, u16 data_len)
557 struct mgmt_rp_read_ext_index_list *rp;
562 bt_dev_dbg(hdev, "sock %p", sk);
564 read_lock(&hci_dev_list_lock);
567 list_for_each_entry(d, &hci_dev_list, list) {
568 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
572 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
574 read_unlock(&hci_dev_list_lock);
579 list_for_each_entry(d, &hci_dev_list, list) {
580 if (hci_dev_test_flag(d, HCI_SETUP) ||
581 hci_dev_test_flag(d, HCI_CONFIG) ||
582 hci_dev_test_flag(d, HCI_USER_CHANNEL))
585 /* Devices marked as raw-only are neither configured
586 * nor unconfigured controllers.
588 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
591 if (d->dev_type == HCI_PRIMARY) {
592 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
593 rp->entry[count].type = 0x01;
595 rp->entry[count].type = 0x00;
596 } else if (d->dev_type == HCI_AMP) {
597 rp->entry[count].type = 0x02;
602 rp->entry[count].bus = d->bus;
603 rp->entry[count++].index = cpu_to_le16(d->id);
604 bt_dev_dbg(hdev, "Added hci%u", d->id);
607 rp->num_controllers = cpu_to_le16(count);
609 read_unlock(&hci_dev_list_lock);
611 /* If this command is called at least once, then all the
612 * default index and unconfigured index events are disabled
613 * and from now on only extended index events are used.
615 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
616 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
617 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
619 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
620 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
621 struct_size(rp, entry, count));
628 static bool is_configured(struct hci_dev *hdev)
630 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
631 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
634 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
635 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
636 !bacmp(&hdev->public_addr, BDADDR_ANY))
642 static __le32 get_missing_options(struct hci_dev *hdev)
646 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
647 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
648 options |= MGMT_OPTION_EXTERNAL_CONFIG;
650 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
651 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
652 !bacmp(&hdev->public_addr, BDADDR_ANY))
653 options |= MGMT_OPTION_PUBLIC_ADDRESS;
655 return cpu_to_le32(options);
658 static int new_options(struct hci_dev *hdev, struct sock *skip)
660 __le32 options = get_missing_options(hdev);
662 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
663 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
666 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
668 __le32 options = get_missing_options(hdev);
670 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
674 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
675 void *data, u16 data_len)
677 struct mgmt_rp_read_config_info rp;
680 bt_dev_dbg(hdev, "sock %p", sk);
684 memset(&rp, 0, sizeof(rp));
685 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
687 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
688 options |= MGMT_OPTION_EXTERNAL_CONFIG;
690 if (hdev->set_bdaddr)
691 options |= MGMT_OPTION_PUBLIC_ADDRESS;
693 rp.supported_options = cpu_to_le32(options);
694 rp.missing_options = get_missing_options(hdev);
696 hci_dev_unlock(hdev);
698 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
702 static u32 get_supported_phys(struct hci_dev *hdev)
704 u32 supported_phys = 0;
706 if (lmp_bredr_capable(hdev)) {
707 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
709 if (hdev->features[0][0] & LMP_3SLOT)
710 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
712 if (hdev->features[0][0] & LMP_5SLOT)
713 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
715 if (lmp_edr_2m_capable(hdev)) {
716 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
718 if (lmp_edr_3slot_capable(hdev))
719 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
721 if (lmp_edr_5slot_capable(hdev))
722 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
724 if (lmp_edr_3m_capable(hdev)) {
725 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
727 if (lmp_edr_3slot_capable(hdev))
728 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
730 if (lmp_edr_5slot_capable(hdev))
731 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
736 if (lmp_le_capable(hdev)) {
737 supported_phys |= MGMT_PHY_LE_1M_TX;
738 supported_phys |= MGMT_PHY_LE_1M_RX;
740 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
741 supported_phys |= MGMT_PHY_LE_2M_TX;
742 supported_phys |= MGMT_PHY_LE_2M_RX;
745 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
746 supported_phys |= MGMT_PHY_LE_CODED_TX;
747 supported_phys |= MGMT_PHY_LE_CODED_RX;
751 return supported_phys;
754 static u32 get_selected_phys(struct hci_dev *hdev)
756 u32 selected_phys = 0;
758 if (lmp_bredr_capable(hdev)) {
759 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
761 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
762 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
764 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
765 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
767 if (lmp_edr_2m_capable(hdev)) {
768 if (!(hdev->pkt_type & HCI_2DH1))
769 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
771 if (lmp_edr_3slot_capable(hdev) &&
772 !(hdev->pkt_type & HCI_2DH3))
773 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
775 if (lmp_edr_5slot_capable(hdev) &&
776 !(hdev->pkt_type & HCI_2DH5))
777 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
779 if (lmp_edr_3m_capable(hdev)) {
780 if (!(hdev->pkt_type & HCI_3DH1))
781 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
783 if (lmp_edr_3slot_capable(hdev) &&
784 !(hdev->pkt_type & HCI_3DH3))
785 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
787 if (lmp_edr_5slot_capable(hdev) &&
788 !(hdev->pkt_type & HCI_3DH5))
789 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
794 if (lmp_le_capable(hdev)) {
795 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
796 selected_phys |= MGMT_PHY_LE_1M_TX;
798 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
799 selected_phys |= MGMT_PHY_LE_1M_RX;
801 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
802 selected_phys |= MGMT_PHY_LE_2M_TX;
804 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
805 selected_phys |= MGMT_PHY_LE_2M_RX;
807 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
808 selected_phys |= MGMT_PHY_LE_CODED_TX;
810 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
811 selected_phys |= MGMT_PHY_LE_CODED_RX;
814 return selected_phys;
817 static u32 get_configurable_phys(struct hci_dev *hdev)
819 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
820 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
823 static u32 get_supported_settings(struct hci_dev *hdev)
827 settings |= MGMT_SETTING_POWERED;
828 settings |= MGMT_SETTING_BONDABLE;
829 settings |= MGMT_SETTING_DEBUG_KEYS;
830 settings |= MGMT_SETTING_CONNECTABLE;
831 settings |= MGMT_SETTING_DISCOVERABLE;
833 if (lmp_bredr_capable(hdev)) {
834 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
835 settings |= MGMT_SETTING_FAST_CONNECTABLE;
836 settings |= MGMT_SETTING_BREDR;
837 settings |= MGMT_SETTING_LINK_SECURITY;
839 if (lmp_ssp_capable(hdev)) {
840 settings |= MGMT_SETTING_SSP;
841 if (IS_ENABLED(CONFIG_BT_HS))
842 settings |= MGMT_SETTING_HS;
845 if (lmp_sc_capable(hdev))
846 settings |= MGMT_SETTING_SECURE_CONN;
848 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
850 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
853 if (lmp_le_capable(hdev)) {
854 settings |= MGMT_SETTING_LE;
855 settings |= MGMT_SETTING_SECURE_CONN;
856 settings |= MGMT_SETTING_PRIVACY;
857 settings |= MGMT_SETTING_STATIC_ADDRESS;
858 settings |= MGMT_SETTING_ADVERTISING;
861 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
863 settings |= MGMT_SETTING_CONFIGURATION;
865 if (cis_central_capable(hdev))
866 settings |= MGMT_SETTING_CIS_CENTRAL;
868 if (cis_peripheral_capable(hdev))
869 settings |= MGMT_SETTING_CIS_PERIPHERAL;
871 settings |= MGMT_SETTING_PHY_CONFIGURATION;
876 static u32 get_current_settings(struct hci_dev *hdev)
880 if (hdev_is_powered(hdev))
881 settings |= MGMT_SETTING_POWERED;
883 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
884 settings |= MGMT_SETTING_CONNECTABLE;
886 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
887 settings |= MGMT_SETTING_FAST_CONNECTABLE;
889 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
890 settings |= MGMT_SETTING_DISCOVERABLE;
892 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
893 settings |= MGMT_SETTING_BONDABLE;
895 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
896 settings |= MGMT_SETTING_BREDR;
898 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
899 settings |= MGMT_SETTING_LE;
901 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
902 settings |= MGMT_SETTING_LINK_SECURITY;
904 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
905 settings |= MGMT_SETTING_SSP;
907 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
908 settings |= MGMT_SETTING_HS;
910 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
911 settings |= MGMT_SETTING_ADVERTISING;
913 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
914 settings |= MGMT_SETTING_SECURE_CONN;
916 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
917 settings |= MGMT_SETTING_DEBUG_KEYS;
919 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
920 settings |= MGMT_SETTING_PRIVACY;
922 /* The current setting for static address has two purposes. The
923 * first is to indicate if the static address will be used and
924 * the second is to indicate if it is actually set.
926 * This means if the static address is not configured, this flag
927 * will never be set. If the address is configured, then if the
928 * address is actually used decides if the flag is set or not.
930 * For single mode LE only controllers and dual-mode controllers
931 * with BR/EDR disabled, the existence of the static address will
934 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
935 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
936 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
937 if (bacmp(&hdev->static_addr, BDADDR_ANY))
938 settings |= MGMT_SETTING_STATIC_ADDRESS;
941 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
942 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
944 if (cis_central_capable(hdev))
945 settings |= MGMT_SETTING_CIS_CENTRAL;
947 if (cis_peripheral_capable(hdev))
948 settings |= MGMT_SETTING_CIS_PERIPHERAL;
950 if (bis_capable(hdev))
951 settings |= MGMT_SETTING_ISO_BROADCASTER;
953 if (sync_recv_capable(hdev))
954 settings |= MGMT_SETTING_ISO_SYNC_RECEIVER;
959 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
961 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
964 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
966 struct mgmt_pending_cmd *cmd;
968 /* If there's a pending mgmt command the flags will not yet have
969 * their final values, so check for this first.
971 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
973 struct mgmt_mode *cp = cmd->param;
975 return LE_AD_GENERAL;
976 else if (cp->val == 0x02)
977 return LE_AD_LIMITED;
979 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
980 return LE_AD_LIMITED;
981 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
982 return LE_AD_GENERAL;
988 bool mgmt_get_connectable(struct hci_dev *hdev)
990 struct mgmt_pending_cmd *cmd;
992 /* If there's a pending mgmt command the flag will not yet have
993 * it's final value, so check for this first.
995 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
997 struct mgmt_mode *cp = cmd->param;
1002 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
1005 static int service_cache_sync(struct hci_dev *hdev, void *data)
1007 hci_update_eir_sync(hdev);
1008 hci_update_class_sync(hdev);
1013 static void service_cache_off(struct work_struct *work)
1015 struct hci_dev *hdev = container_of(work, struct hci_dev,
1016 service_cache.work);
1018 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1021 hci_cmd_sync_queue(hdev, service_cache_sync, NULL, NULL);
1024 static int rpa_expired_sync(struct hci_dev *hdev, void *data)
1026 /* The generation of a new RPA and programming it into the
1027 * controller happens in the hci_req_enable_advertising()
1030 if (ext_adv_capable(hdev))
1031 return hci_start_ext_adv_sync(hdev, hdev->cur_adv_instance);
1033 return hci_enable_advertising_sync(hdev);
1036 static void rpa_expired(struct work_struct *work)
1038 struct hci_dev *hdev = container_of(work, struct hci_dev,
1041 bt_dev_dbg(hdev, "");
1043 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1045 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1048 hci_cmd_sync_queue(hdev, rpa_expired_sync, NULL, NULL);
1051 static void discov_off(struct work_struct *work)
1053 struct hci_dev *hdev = container_of(work, struct hci_dev,
1056 bt_dev_dbg(hdev, "");
1060 /* When discoverable timeout triggers, then just make sure
1061 * the limited discoverable flag is cleared. Even in the case
1062 * of a timeout triggered from general discoverable, it is
1063 * safe to unconditionally clear the flag.
1065 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1066 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1067 hdev->discov_timeout = 0;
1069 hci_update_discoverable(hdev);
1071 mgmt_new_settings(hdev);
1073 hci_dev_unlock(hdev);
1076 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev);
1078 static void mesh_send_complete(struct hci_dev *hdev,
1079 struct mgmt_mesh_tx *mesh_tx, bool silent)
1081 u8 handle = mesh_tx->handle;
1084 mgmt_event(MGMT_EV_MESH_PACKET_CMPLT, hdev, &handle,
1085 sizeof(handle), NULL);
1087 mgmt_mesh_remove(mesh_tx);
1090 static int mesh_send_done_sync(struct hci_dev *hdev, void *data)
1092 struct mgmt_mesh_tx *mesh_tx;
1094 hci_dev_clear_flag(hdev, HCI_MESH_SENDING);
1095 hci_disable_advertising_sync(hdev);
1096 mesh_tx = mgmt_mesh_next(hdev, NULL);
1099 mesh_send_complete(hdev, mesh_tx, false);
1104 static int mesh_send_sync(struct hci_dev *hdev, void *data);
1105 static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err);
1106 static void mesh_next(struct hci_dev *hdev, void *data, int err)
1108 struct mgmt_mesh_tx *mesh_tx = mgmt_mesh_next(hdev, NULL);
1113 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx,
1114 mesh_send_start_complete);
1117 mesh_send_complete(hdev, mesh_tx, false);
1119 hci_dev_set_flag(hdev, HCI_MESH_SENDING);
1122 static void mesh_send_done(struct work_struct *work)
1124 struct hci_dev *hdev = container_of(work, struct hci_dev,
1125 mesh_send_done.work);
1127 if (!hci_dev_test_flag(hdev, HCI_MESH_SENDING))
1130 hci_cmd_sync_queue(hdev, mesh_send_done_sync, NULL, mesh_next);
1133 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1135 if (hci_dev_test_flag(hdev, HCI_MGMT))
1138 BT_INFO("MGMT ver %d.%d", MGMT_VERSION, MGMT_REVISION);
1140 INIT_DELAYED_WORK(&hdev->discov_off, discov_off);
1141 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1142 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1143 INIT_DELAYED_WORK(&hdev->mesh_send_done, mesh_send_done);
1145 /* Non-mgmt controlled devices get this bit set
1146 * implicitly so that pairing works for them, however
1147 * for mgmt we require user-space to explicitly enable
1150 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1152 hci_dev_set_flag(hdev, HCI_MGMT);
1155 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1156 void *data, u16 data_len)
1158 struct mgmt_rp_read_info rp;
1160 bt_dev_dbg(hdev, "sock %p", sk);
1164 memset(&rp, 0, sizeof(rp));
1166 bacpy(&rp.bdaddr, &hdev->bdaddr);
1168 rp.version = hdev->hci_ver;
1169 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1171 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1172 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1174 memcpy(rp.dev_class, hdev->dev_class, 3);
1176 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1177 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1179 hci_dev_unlock(hdev);
1181 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1185 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1190 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1191 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1192 hdev->dev_class, 3);
1194 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1195 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1198 name_len = strnlen(hdev->dev_name, sizeof(hdev->dev_name));
1199 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1200 hdev->dev_name, name_len);
1202 name_len = strnlen(hdev->short_name, sizeof(hdev->short_name));
1203 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1204 hdev->short_name, name_len);
1209 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1210 void *data, u16 data_len)
1213 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1216 bt_dev_dbg(hdev, "sock %p", sk);
1218 memset(&buf, 0, sizeof(buf));
1222 bacpy(&rp->bdaddr, &hdev->bdaddr);
1224 rp->version = hdev->hci_ver;
1225 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1227 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1228 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1231 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1232 rp->eir_len = cpu_to_le16(eir_len);
1234 hci_dev_unlock(hdev);
1236 /* If this command is called at least once, then the events
1237 * for class of device and local name changes are disabled
1238 * and only the new extended controller information event
1241 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1242 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1243 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1245 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1246 sizeof(*rp) + eir_len);
1249 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1252 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1255 memset(buf, 0, sizeof(buf));
1257 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1258 ev->eir_len = cpu_to_le16(eir_len);
1260 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1261 sizeof(*ev) + eir_len,
1262 HCI_MGMT_EXT_INFO_EVENTS, skip);
1265 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1267 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1269 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1273 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1275 struct mgmt_ev_advertising_added ev;
1277 ev.instance = instance;
1279 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1282 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1285 struct mgmt_ev_advertising_removed ev;
1287 ev.instance = instance;
1289 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1292 static void cancel_adv_timeout(struct hci_dev *hdev)
1294 if (hdev->adv_instance_timeout) {
1295 hdev->adv_instance_timeout = 0;
1296 cancel_delayed_work(&hdev->adv_instance_expire);
1300 /* This function requires the caller holds hdev->lock */
1301 static void restart_le_actions(struct hci_dev *hdev)
1303 struct hci_conn_params *p;
1305 list_for_each_entry(p, &hdev->le_conn_params, list) {
1306 /* Needed for AUTO_OFF case where might not "really"
1307 * have been powered off.
1309 hci_pend_le_list_del_init(p);
1311 switch (p->auto_connect) {
1312 case HCI_AUTO_CONN_DIRECT:
1313 case HCI_AUTO_CONN_ALWAYS:
1314 hci_pend_le_list_add(p, &hdev->pend_le_conns);
1316 case HCI_AUTO_CONN_REPORT:
1317 hci_pend_le_list_add(p, &hdev->pend_le_reports);
1325 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1327 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1329 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1330 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1333 static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err)
1335 struct mgmt_pending_cmd *cmd = data;
1336 struct mgmt_mode *cp;
1338 /* Make sure cmd still outstanding. */
1339 if (cmd != pending_find(MGMT_OP_SET_POWERED, hdev))
1344 bt_dev_dbg(hdev, "err %d", err);
1349 restart_le_actions(hdev);
1350 hci_update_passive_scan(hdev);
1351 hci_dev_unlock(hdev);
1354 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
1356 /* Only call new_setting for power on as power off is deferred
1357 * to hdev->power_off work which does call hci_dev_do_close.
1360 new_settings(hdev, cmd->sk);
1362 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED,
1366 mgmt_pending_remove(cmd);
1369 static int set_powered_sync(struct hci_dev *hdev, void *data)
1371 struct mgmt_pending_cmd *cmd = data;
1372 struct mgmt_mode *cp = cmd->param;
1374 BT_DBG("%s", hdev->name);
1376 return hci_set_powered_sync(hdev, cp->val);
1379 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1382 struct mgmt_mode *cp = data;
1383 struct mgmt_pending_cmd *cmd;
1386 bt_dev_dbg(hdev, "sock %p", sk);
1388 if (cp->val != 0x00 && cp->val != 0x01)
1389 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1390 MGMT_STATUS_INVALID_PARAMS);
1394 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1395 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1400 if (!!cp->val == hdev_is_powered(hdev)) {
1401 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1405 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1411 /* Cancel potentially blocking sync operation before power off */
1412 if (cp->val == 0x00) {
1413 __hci_cmd_sync_cancel(hdev, -EHOSTDOWN);
1414 err = hci_cmd_sync_queue(hdev, set_powered_sync, cmd,
1415 mgmt_set_powered_complete);
1417 /* Use hci_cmd_sync_submit since hdev might not be running */
1418 err = hci_cmd_sync_submit(hdev, set_powered_sync, cmd,
1419 mgmt_set_powered_complete);
1423 mgmt_pending_remove(cmd);
1426 hci_dev_unlock(hdev);
1430 int mgmt_new_settings(struct hci_dev *hdev)
1432 return new_settings(hdev, NULL);
1437 struct hci_dev *hdev;
1441 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1443 struct cmd_lookup *match = data;
1445 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1447 list_del(&cmd->list);
1449 if (match->sk == NULL) {
1450 match->sk = cmd->sk;
1451 sock_hold(match->sk);
1454 mgmt_pending_free(cmd);
1457 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1461 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1462 mgmt_pending_remove(cmd);
1465 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1467 if (cmd->cmd_complete) {
1470 cmd->cmd_complete(cmd, *status);
1471 mgmt_pending_remove(cmd);
1476 cmd_status_rsp(cmd, data);
1479 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1481 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1482 cmd->param, cmd->param_len);
1485 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1487 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1488 cmd->param, sizeof(struct mgmt_addr_info));
1491 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1493 if (!lmp_bredr_capable(hdev))
1494 return MGMT_STATUS_NOT_SUPPORTED;
1495 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1496 return MGMT_STATUS_REJECTED;
1498 return MGMT_STATUS_SUCCESS;
1501 static u8 mgmt_le_support(struct hci_dev *hdev)
1503 if (!lmp_le_capable(hdev))
1504 return MGMT_STATUS_NOT_SUPPORTED;
1505 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1506 return MGMT_STATUS_REJECTED;
1508 return MGMT_STATUS_SUCCESS;
1511 static void mgmt_set_discoverable_complete(struct hci_dev *hdev, void *data,
1514 struct mgmt_pending_cmd *cmd = data;
1516 bt_dev_dbg(hdev, "err %d", err);
1518 /* Make sure cmd still outstanding. */
1519 if (cmd != pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
1525 u8 mgmt_err = mgmt_status(err);
1526 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1527 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1531 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1532 hdev->discov_timeout > 0) {
1533 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1534 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1537 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1538 new_settings(hdev, cmd->sk);
1541 mgmt_pending_remove(cmd);
1542 hci_dev_unlock(hdev);
1545 static int set_discoverable_sync(struct hci_dev *hdev, void *data)
1547 BT_DBG("%s", hdev->name);
1549 return hci_update_discoverable_sync(hdev);
1552 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1555 struct mgmt_cp_set_discoverable *cp = data;
1556 struct mgmt_pending_cmd *cmd;
1560 bt_dev_dbg(hdev, "sock %p", sk);
1562 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1563 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1565 MGMT_STATUS_REJECTED);
1567 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1568 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1569 MGMT_STATUS_INVALID_PARAMS);
1571 timeout = __le16_to_cpu(cp->timeout);
1573 /* Disabling discoverable requires that no timeout is set,
1574 * and enabling limited discoverable requires a timeout.
1576 if ((cp->val == 0x00 && timeout > 0) ||
1577 (cp->val == 0x02 && timeout == 0))
1578 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1579 MGMT_STATUS_INVALID_PARAMS);
1583 if (!hdev_is_powered(hdev) && timeout > 0) {
1584 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1585 MGMT_STATUS_NOT_POWERED);
1589 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1590 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1591 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1596 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1597 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1598 MGMT_STATUS_REJECTED);
1602 if (hdev->advertising_paused) {
1603 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1608 if (!hdev_is_powered(hdev)) {
1609 bool changed = false;
1611 /* Setting limited discoverable when powered off is
1612 * not a valid operation since it requires a timeout
1613 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1615 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1616 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1620 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1625 err = new_settings(hdev, sk);
1630 /* If the current mode is the same, then just update the timeout
1631 * value with the new value. And if only the timeout gets updated,
1632 * then no need for any HCI transactions.
1634 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1635 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1636 HCI_LIMITED_DISCOVERABLE)) {
1637 cancel_delayed_work(&hdev->discov_off);
1638 hdev->discov_timeout = timeout;
1640 if (cp->val && hdev->discov_timeout > 0) {
1641 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1642 queue_delayed_work(hdev->req_workqueue,
1643 &hdev->discov_off, to);
1646 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1650 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1656 /* Cancel any potential discoverable timeout that might be
1657 * still active and store new timeout value. The arming of
1658 * the timeout happens in the complete handler.
1660 cancel_delayed_work(&hdev->discov_off);
1661 hdev->discov_timeout = timeout;
1664 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1666 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1668 /* Limited discoverable mode */
1669 if (cp->val == 0x02)
1670 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1672 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1674 err = hci_cmd_sync_queue(hdev, set_discoverable_sync, cmd,
1675 mgmt_set_discoverable_complete);
1678 mgmt_pending_remove(cmd);
1681 hci_dev_unlock(hdev);
1685 static void mgmt_set_connectable_complete(struct hci_dev *hdev, void *data,
1688 struct mgmt_pending_cmd *cmd = data;
1690 bt_dev_dbg(hdev, "err %d", err);
1692 /* Make sure cmd still outstanding. */
1693 if (cmd != pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
1699 u8 mgmt_err = mgmt_status(err);
1700 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1704 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1705 new_settings(hdev, cmd->sk);
1709 mgmt_pending_remove(cmd);
1711 hci_dev_unlock(hdev);
1714 static int set_connectable_update_settings(struct hci_dev *hdev,
1715 struct sock *sk, u8 val)
1717 bool changed = false;
1720 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1724 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1726 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1727 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1730 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1735 hci_update_scan(hdev);
1736 hci_update_passive_scan(hdev);
1737 return new_settings(hdev, sk);
1743 static int set_connectable_sync(struct hci_dev *hdev, void *data)
1745 BT_DBG("%s", hdev->name);
1747 return hci_update_connectable_sync(hdev);
1750 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1753 struct mgmt_mode *cp = data;
1754 struct mgmt_pending_cmd *cmd;
1757 bt_dev_dbg(hdev, "sock %p", sk);
1759 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1760 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1761 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1762 MGMT_STATUS_REJECTED);
1764 if (cp->val != 0x00 && cp->val != 0x01)
1765 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1766 MGMT_STATUS_INVALID_PARAMS);
1770 if (!hdev_is_powered(hdev)) {
1771 err = set_connectable_update_settings(hdev, sk, cp->val);
1775 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1776 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1777 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1782 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1789 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1791 if (hdev->discov_timeout > 0)
1792 cancel_delayed_work(&hdev->discov_off);
1794 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1795 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1796 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1799 err = hci_cmd_sync_queue(hdev, set_connectable_sync, cmd,
1800 mgmt_set_connectable_complete);
1803 mgmt_pending_remove(cmd);
1806 hci_dev_unlock(hdev);
1810 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1813 struct mgmt_mode *cp = data;
1817 bt_dev_dbg(hdev, "sock %p", sk);
1819 if (cp->val != 0x00 && cp->val != 0x01)
1820 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1821 MGMT_STATUS_INVALID_PARAMS);
1826 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1828 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1830 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1835 /* In limited privacy mode the change of bondable mode
1836 * may affect the local advertising address.
1838 hci_update_discoverable(hdev);
1840 err = new_settings(hdev, sk);
1844 hci_dev_unlock(hdev);
1848 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1851 struct mgmt_mode *cp = data;
1852 struct mgmt_pending_cmd *cmd;
1856 bt_dev_dbg(hdev, "sock %p", sk);
1858 status = mgmt_bredr_support(hdev);
1860 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1863 if (cp->val != 0x00 && cp->val != 0x01)
1864 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1865 MGMT_STATUS_INVALID_PARAMS);
1869 if (!hdev_is_powered(hdev)) {
1870 bool changed = false;
1872 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1873 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1877 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1882 err = new_settings(hdev, sk);
1887 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1888 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1895 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1896 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1900 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1906 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1908 mgmt_pending_remove(cmd);
1913 hci_dev_unlock(hdev);
1917 static void set_ssp_complete(struct hci_dev *hdev, void *data, int err)
1919 struct cmd_lookup match = { NULL, hdev };
1920 struct mgmt_pending_cmd *cmd = data;
1921 struct mgmt_mode *cp = cmd->param;
1922 u8 enable = cp->val;
1925 /* Make sure cmd still outstanding. */
1926 if (cmd != pending_find(MGMT_OP_SET_SSP, hdev))
1930 u8 mgmt_err = mgmt_status(err);
1932 if (enable && hci_dev_test_and_clear_flag(hdev,
1934 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1935 new_settings(hdev, NULL);
1938 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
1944 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1946 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
1949 changed = hci_dev_test_and_clear_flag(hdev,
1952 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1955 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
1958 new_settings(hdev, match.sk);
1963 hci_update_eir_sync(hdev);
1966 static int set_ssp_sync(struct hci_dev *hdev, void *data)
1968 struct mgmt_pending_cmd *cmd = data;
1969 struct mgmt_mode *cp = cmd->param;
1970 bool changed = false;
1974 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1976 err = hci_write_ssp_mode_sync(hdev, cp->val);
1978 if (!err && changed)
1979 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
1984 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1986 struct mgmt_mode *cp = data;
1987 struct mgmt_pending_cmd *cmd;
1991 bt_dev_dbg(hdev, "sock %p", sk);
1993 status = mgmt_bredr_support(hdev);
1995 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1997 if (!lmp_ssp_capable(hdev))
1998 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1999 MGMT_STATUS_NOT_SUPPORTED);
2001 if (cp->val != 0x00 && cp->val != 0x01)
2002 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2003 MGMT_STATUS_INVALID_PARAMS);
2007 if (!hdev_is_powered(hdev)) {
2011 changed = !hci_dev_test_and_set_flag(hdev,
2014 changed = hci_dev_test_and_clear_flag(hdev,
2017 changed = hci_dev_test_and_clear_flag(hdev,
2020 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
2023 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2028 err = new_settings(hdev, sk);
2033 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2034 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2039 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2040 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2044 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2048 err = hci_cmd_sync_queue(hdev, set_ssp_sync, cmd,
2052 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2053 MGMT_STATUS_FAILED);
2056 mgmt_pending_remove(cmd);
2060 hci_dev_unlock(hdev);
2064 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2066 struct mgmt_mode *cp = data;
2071 bt_dev_dbg(hdev, "sock %p", sk);
2073 if (!IS_ENABLED(CONFIG_BT_HS))
2074 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2075 MGMT_STATUS_NOT_SUPPORTED);
2077 status = mgmt_bredr_support(hdev);
2079 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2081 if (!lmp_ssp_capable(hdev))
2082 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2083 MGMT_STATUS_NOT_SUPPORTED);
2085 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
2086 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2087 MGMT_STATUS_REJECTED);
2089 if (cp->val != 0x00 && cp->val != 0x01)
2090 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2091 MGMT_STATUS_INVALID_PARAMS);
2095 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2096 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2102 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2104 if (hdev_is_powered(hdev)) {
2105 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2106 MGMT_STATUS_REJECTED);
2110 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2113 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2118 err = new_settings(hdev, sk);
2121 hci_dev_unlock(hdev);
2125 static void set_le_complete(struct hci_dev *hdev, void *data, int err)
2127 struct cmd_lookup match = { NULL, hdev };
2128 u8 status = mgmt_status(err);
2130 bt_dev_dbg(hdev, "err %d", err);
2133 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2138 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2140 new_settings(hdev, match.sk);
2146 static int set_le_sync(struct hci_dev *hdev, void *data)
2148 struct mgmt_pending_cmd *cmd = data;
2149 struct mgmt_mode *cp = cmd->param;
2154 hci_clear_adv_instance_sync(hdev, NULL, 0x00, true);
2156 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2157 hci_disable_advertising_sync(hdev);
2159 if (ext_adv_capable(hdev))
2160 hci_remove_ext_adv_instance_sync(hdev, 0, cmd->sk);
2162 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
2165 err = hci_write_le_host_supported_sync(hdev, val, 0);
2167 /* Make sure the controller has a good default for
2168 * advertising data. Restrict the update to when LE
2169 * has actually been enabled. During power on, the
2170 * update in powered_update_hci will take care of it.
2172 if (!err && hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2173 if (ext_adv_capable(hdev)) {
2176 status = hci_setup_ext_adv_instance_sync(hdev, 0x00);
2178 hci_update_scan_rsp_data_sync(hdev, 0x00);
2180 hci_update_adv_data_sync(hdev, 0x00);
2181 hci_update_scan_rsp_data_sync(hdev, 0x00);
2184 hci_update_passive_scan(hdev);
2190 static void set_mesh_complete(struct hci_dev *hdev, void *data, int err)
2192 struct mgmt_pending_cmd *cmd = data;
2193 u8 status = mgmt_status(err);
2194 struct sock *sk = cmd->sk;
2197 mgmt_pending_foreach(MGMT_OP_SET_MESH_RECEIVER, hdev,
2198 cmd_status_rsp, &status);
2202 mgmt_pending_remove(cmd);
2203 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 0, NULL, 0);
2206 static int set_mesh_sync(struct hci_dev *hdev, void *data)
2208 struct mgmt_pending_cmd *cmd = data;
2209 struct mgmt_cp_set_mesh *cp = cmd->param;
2210 size_t len = cmd->param_len;
2212 memset(hdev->mesh_ad_types, 0, sizeof(hdev->mesh_ad_types));
2215 hci_dev_set_flag(hdev, HCI_MESH);
2217 hci_dev_clear_flag(hdev, HCI_MESH);
2221 /* If filters don't fit, forward all adv pkts */
2222 if (len <= sizeof(hdev->mesh_ad_types))
2223 memcpy(hdev->mesh_ad_types, cp->ad_types, len);
2225 hci_update_passive_scan_sync(hdev);
2229 static int set_mesh(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2231 struct mgmt_cp_set_mesh *cp = data;
2232 struct mgmt_pending_cmd *cmd;
2235 bt_dev_dbg(hdev, "sock %p", sk);
2237 if (!lmp_le_capable(hdev) ||
2238 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2239 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2240 MGMT_STATUS_NOT_SUPPORTED);
2242 if (cp->enable != 0x00 && cp->enable != 0x01)
2243 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2244 MGMT_STATUS_INVALID_PARAMS);
2248 cmd = mgmt_pending_add(sk, MGMT_OP_SET_MESH_RECEIVER, hdev, data, len);
2252 err = hci_cmd_sync_queue(hdev, set_mesh_sync, cmd,
2256 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2257 MGMT_STATUS_FAILED);
2260 mgmt_pending_remove(cmd);
2263 hci_dev_unlock(hdev);
2267 static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err)
2269 struct mgmt_mesh_tx *mesh_tx = data;
2270 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param;
2271 unsigned long mesh_send_interval;
2272 u8 mgmt_err = mgmt_status(err);
2274 /* Report any errors here, but don't report completion */
2277 hci_dev_clear_flag(hdev, HCI_MESH_SENDING);
2278 /* Send Complete Error Code for handle */
2279 mesh_send_complete(hdev, mesh_tx, false);
2283 mesh_send_interval = msecs_to_jiffies((send->cnt) * 25);
2284 queue_delayed_work(hdev->req_workqueue, &hdev->mesh_send_done,
2285 mesh_send_interval);
2288 static int mesh_send_sync(struct hci_dev *hdev, void *data)
2290 struct mgmt_mesh_tx *mesh_tx = data;
2291 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param;
2292 struct adv_info *adv, *next_instance;
2293 u8 instance = hdev->le_num_of_adv_sets + 1;
2294 u16 timeout, duration;
2297 if (hdev->le_num_of_adv_sets <= hdev->adv_instance_cnt)
2298 return MGMT_STATUS_BUSY;
2301 duration = send->cnt * INTERVAL_TO_MS(hdev->le_adv_max_interval);
2302 adv = hci_add_adv_instance(hdev, instance, 0,
2303 send->adv_data_len, send->adv_data,
2306 HCI_ADV_TX_POWER_NO_PREFERENCE,
2307 hdev->le_adv_min_interval,
2308 hdev->le_adv_max_interval,
2312 mesh_tx->instance = instance;
2316 if (hdev->cur_adv_instance == instance) {
2317 /* If the currently advertised instance is being changed then
2318 * cancel the current advertising and schedule the next
2319 * instance. If there is only one instance then the overridden
2320 * advertising data will be visible right away.
2322 cancel_adv_timeout(hdev);
2324 next_instance = hci_get_next_instance(hdev, instance);
2326 instance = next_instance->instance;
2329 } else if (hdev->adv_instance_timeout) {
2330 /* Immediately advertise the new instance if no other, or
2331 * let it go naturally from queue if ADV is already happening
2337 return hci_schedule_adv_instance_sync(hdev, instance, true);
2342 static void send_count(struct mgmt_mesh_tx *mesh_tx, void *data)
2344 struct mgmt_rp_mesh_read_features *rp = data;
2346 if (rp->used_handles >= rp->max_handles)
2349 rp->handles[rp->used_handles++] = mesh_tx->handle;
2352 static int mesh_features(struct sock *sk, struct hci_dev *hdev,
2353 void *data, u16 len)
2355 struct mgmt_rp_mesh_read_features rp;
2357 if (!lmp_le_capable(hdev) ||
2358 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2359 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES,
2360 MGMT_STATUS_NOT_SUPPORTED);
2362 memset(&rp, 0, sizeof(rp));
2363 rp.index = cpu_to_le16(hdev->id);
2364 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2365 rp.max_handles = MESH_HANDLES_MAX;
2370 mgmt_mesh_foreach(hdev, send_count, &rp, sk);
2372 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES, 0, &rp,
2373 rp.used_handles + sizeof(rp) - MESH_HANDLES_MAX);
2375 hci_dev_unlock(hdev);
2379 static int send_cancel(struct hci_dev *hdev, void *data)
2381 struct mgmt_pending_cmd *cmd = data;
2382 struct mgmt_cp_mesh_send_cancel *cancel = (void *)cmd->param;
2383 struct mgmt_mesh_tx *mesh_tx;
2385 if (!cancel->handle) {
2387 mesh_tx = mgmt_mesh_next(hdev, cmd->sk);
2390 mesh_send_complete(hdev, mesh_tx, false);
2393 mesh_tx = mgmt_mesh_find(hdev, cancel->handle);
2395 if (mesh_tx && mesh_tx->sk == cmd->sk)
2396 mesh_send_complete(hdev, mesh_tx, false);
2399 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2401 mgmt_pending_free(cmd);
2406 static int mesh_send_cancel(struct sock *sk, struct hci_dev *hdev,
2407 void *data, u16 len)
2409 struct mgmt_pending_cmd *cmd;
2412 if (!lmp_le_capable(hdev) ||
2413 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2414 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2415 MGMT_STATUS_NOT_SUPPORTED);
2417 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2418 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2419 MGMT_STATUS_REJECTED);
2422 cmd = mgmt_pending_new(sk, MGMT_OP_MESH_SEND_CANCEL, hdev, data, len);
2426 err = hci_cmd_sync_queue(hdev, send_cancel, cmd, NULL);
2429 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2430 MGMT_STATUS_FAILED);
2433 mgmt_pending_free(cmd);
2436 hci_dev_unlock(hdev);
2440 static int mesh_send(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2442 struct mgmt_mesh_tx *mesh_tx;
2443 struct mgmt_cp_mesh_send *send = data;
2444 struct mgmt_rp_mesh_read_features rp;
2448 if (!lmp_le_capable(hdev) ||
2449 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2450 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2451 MGMT_STATUS_NOT_SUPPORTED);
2452 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) ||
2453 len <= MGMT_MESH_SEND_SIZE ||
2454 len > (MGMT_MESH_SEND_SIZE + 31))
2455 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2456 MGMT_STATUS_REJECTED);
2460 memset(&rp, 0, sizeof(rp));
2461 rp.max_handles = MESH_HANDLES_MAX;
2463 mgmt_mesh_foreach(hdev, send_count, &rp, sk);
2465 if (rp.max_handles <= rp.used_handles) {
2466 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2471 sending = hci_dev_test_flag(hdev, HCI_MESH_SENDING);
2472 mesh_tx = mgmt_mesh_add(sk, hdev, send, len);
2477 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx,
2478 mesh_send_start_complete);
2481 bt_dev_err(hdev, "Send Mesh Failed %d", err);
2482 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2483 MGMT_STATUS_FAILED);
2487 mgmt_mesh_remove(mesh_tx);
2490 hci_dev_set_flag(hdev, HCI_MESH_SENDING);
2492 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_SEND, 0,
2493 &mesh_tx->handle, 1);
2497 hci_dev_unlock(hdev);
2501 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2503 struct mgmt_mode *cp = data;
2504 struct mgmt_pending_cmd *cmd;
2508 bt_dev_dbg(hdev, "sock %p", sk);
2510 if (!lmp_le_capable(hdev))
2511 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2512 MGMT_STATUS_NOT_SUPPORTED);
2514 if (cp->val != 0x00 && cp->val != 0x01)
2515 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2516 MGMT_STATUS_INVALID_PARAMS);
2518 /* Bluetooth single mode LE only controllers or dual-mode
2519 * controllers configured as LE only devices, do not allow
2520 * switching LE off. These have either LE enabled explicitly
2521 * or BR/EDR has been previously switched off.
2523 * When trying to enable an already enabled LE, then gracefully
2524 * send a positive response. Trying to disable it however will
2525 * result into rejection.
2527 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2528 if (cp->val == 0x01)
2529 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2531 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2532 MGMT_STATUS_REJECTED);
2538 enabled = lmp_host_le_capable(hdev);
2540 if (!hdev_is_powered(hdev) || val == enabled) {
2541 bool changed = false;
2543 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2544 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2548 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2549 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2553 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2558 err = new_settings(hdev, sk);
2563 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2564 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2565 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2570 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2574 err = hci_cmd_sync_queue(hdev, set_le_sync, cmd,
2578 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2579 MGMT_STATUS_FAILED);
2582 mgmt_pending_remove(cmd);
2586 hci_dev_unlock(hdev);
2590 /* This is a helper function to test for pending mgmt commands that can
2591 * cause CoD or EIR HCI commands. We can only allow one such pending
2592 * mgmt command at a time since otherwise we cannot easily track what
2593 * the current values are, will be, and based on that calculate if a new
2594 * HCI command needs to be sent and if yes with what value.
2596 static bool pending_eir_or_class(struct hci_dev *hdev)
2598 struct mgmt_pending_cmd *cmd;
2600 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2601 switch (cmd->opcode) {
2602 case MGMT_OP_ADD_UUID:
2603 case MGMT_OP_REMOVE_UUID:
2604 case MGMT_OP_SET_DEV_CLASS:
2605 case MGMT_OP_SET_POWERED:
2613 static const u8 bluetooth_base_uuid[] = {
2614 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2615 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2618 static u8 get_uuid_size(const u8 *uuid)
2622 if (memcmp(uuid, bluetooth_base_uuid, 12))
2625 val = get_unaligned_le32(&uuid[12]);
2632 static void mgmt_class_complete(struct hci_dev *hdev, void *data, int err)
2634 struct mgmt_pending_cmd *cmd = data;
2636 bt_dev_dbg(hdev, "err %d", err);
2638 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2639 mgmt_status(err), hdev->dev_class, 3);
2641 mgmt_pending_free(cmd);
2644 static int add_uuid_sync(struct hci_dev *hdev, void *data)
2648 err = hci_update_class_sync(hdev);
2652 return hci_update_eir_sync(hdev);
2655 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2657 struct mgmt_cp_add_uuid *cp = data;
2658 struct mgmt_pending_cmd *cmd;
2659 struct bt_uuid *uuid;
2662 bt_dev_dbg(hdev, "sock %p", sk);
2666 if (pending_eir_or_class(hdev)) {
2667 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2672 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2678 memcpy(uuid->uuid, cp->uuid, 16);
2679 uuid->svc_hint = cp->svc_hint;
2680 uuid->size = get_uuid_size(cp->uuid);
2682 list_add_tail(&uuid->list, &hdev->uuids);
2684 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2690 err = hci_cmd_sync_queue(hdev, add_uuid_sync, cmd, mgmt_class_complete);
2692 mgmt_pending_free(cmd);
2697 hci_dev_unlock(hdev);
2701 static bool enable_service_cache(struct hci_dev *hdev)
2703 if (!hdev_is_powered(hdev))
2706 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2707 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2715 static int remove_uuid_sync(struct hci_dev *hdev, void *data)
2719 err = hci_update_class_sync(hdev);
2723 return hci_update_eir_sync(hdev);
2726 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2729 struct mgmt_cp_remove_uuid *cp = data;
2730 struct mgmt_pending_cmd *cmd;
2731 struct bt_uuid *match, *tmp;
2732 static const u8 bt_uuid_any[] = {
2733 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
2737 bt_dev_dbg(hdev, "sock %p", sk);
2741 if (pending_eir_or_class(hdev)) {
2742 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2747 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2748 hci_uuids_clear(hdev);
2750 if (enable_service_cache(hdev)) {
2751 err = mgmt_cmd_complete(sk, hdev->id,
2752 MGMT_OP_REMOVE_UUID,
2753 0, hdev->dev_class, 3);
2762 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2763 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2766 list_del(&match->list);
2772 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2773 MGMT_STATUS_INVALID_PARAMS);
2778 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2784 err = hci_cmd_sync_queue(hdev, remove_uuid_sync, cmd,
2785 mgmt_class_complete);
2787 mgmt_pending_free(cmd);
2790 hci_dev_unlock(hdev);
2794 static int set_class_sync(struct hci_dev *hdev, void *data)
2798 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2799 cancel_delayed_work_sync(&hdev->service_cache);
2800 err = hci_update_eir_sync(hdev);
2806 return hci_update_class_sync(hdev);
2809 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2812 struct mgmt_cp_set_dev_class *cp = data;
2813 struct mgmt_pending_cmd *cmd;
2816 bt_dev_dbg(hdev, "sock %p", sk);
2818 if (!lmp_bredr_capable(hdev))
2819 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2820 MGMT_STATUS_NOT_SUPPORTED);
2824 if (pending_eir_or_class(hdev)) {
2825 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2830 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2831 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2832 MGMT_STATUS_INVALID_PARAMS);
2836 hdev->major_class = cp->major;
2837 hdev->minor_class = cp->minor;
2839 if (!hdev_is_powered(hdev)) {
2840 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2841 hdev->dev_class, 3);
2845 cmd = mgmt_pending_new(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2851 err = hci_cmd_sync_queue(hdev, set_class_sync, cmd,
2852 mgmt_class_complete);
2854 mgmt_pending_free(cmd);
2857 hci_dev_unlock(hdev);
2861 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2864 struct mgmt_cp_load_link_keys *cp = data;
2865 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2866 sizeof(struct mgmt_link_key_info));
2867 u16 key_count, expected_len;
2871 bt_dev_dbg(hdev, "sock %p", sk);
2873 if (!lmp_bredr_capable(hdev))
2874 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2875 MGMT_STATUS_NOT_SUPPORTED);
2877 key_count = __le16_to_cpu(cp->key_count);
2878 if (key_count > max_key_count) {
2879 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2881 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2882 MGMT_STATUS_INVALID_PARAMS);
2885 expected_len = struct_size(cp, keys, key_count);
2886 if (expected_len != len) {
2887 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2889 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2890 MGMT_STATUS_INVALID_PARAMS);
2893 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2894 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2895 MGMT_STATUS_INVALID_PARAMS);
2897 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2900 for (i = 0; i < key_count; i++) {
2901 struct mgmt_link_key_info *key = &cp->keys[i];
2903 /* Considering SMP over BREDR/LE, there is no need to check addr_type */
2904 if (key->type > 0x08)
2905 return mgmt_cmd_status(sk, hdev->id,
2906 MGMT_OP_LOAD_LINK_KEYS,
2907 MGMT_STATUS_INVALID_PARAMS);
2912 hci_link_keys_clear(hdev);
2915 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2917 changed = hci_dev_test_and_clear_flag(hdev,
2918 HCI_KEEP_DEBUG_KEYS);
2921 new_settings(hdev, NULL);
2923 for (i = 0; i < key_count; i++) {
2924 struct mgmt_link_key_info *key = &cp->keys[i];
2926 if (hci_is_blocked_key(hdev,
2927 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2929 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2934 /* Always ignore debug keys and require a new pairing if
2935 * the user wants to use them.
2937 if (key->type == HCI_LK_DEBUG_COMBINATION)
2940 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2941 key->type, key->pin_len, NULL);
2944 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2946 hci_dev_unlock(hdev);
2951 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2952 u8 addr_type, struct sock *skip_sk)
2954 struct mgmt_ev_device_unpaired ev;
2956 bacpy(&ev.addr.bdaddr, bdaddr);
2957 ev.addr.type = addr_type;
2959 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2963 static void unpair_device_complete(struct hci_dev *hdev, void *data, int err)
2965 struct mgmt_pending_cmd *cmd = data;
2966 struct mgmt_cp_unpair_device *cp = cmd->param;
2969 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2971 cmd->cmd_complete(cmd, err);
2972 mgmt_pending_free(cmd);
2975 static int unpair_device_sync(struct hci_dev *hdev, void *data)
2977 struct mgmt_pending_cmd *cmd = data;
2978 struct mgmt_cp_unpair_device *cp = cmd->param;
2979 struct hci_conn *conn;
2981 if (cp->addr.type == BDADDR_BREDR)
2982 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2985 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2986 le_addr_type(cp->addr.type));
2991 return hci_abort_conn_sync(hdev, conn, HCI_ERROR_REMOTE_USER_TERM);
2994 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2997 struct mgmt_cp_unpair_device *cp = data;
2998 struct mgmt_rp_unpair_device rp;
2999 struct hci_conn_params *params;
3000 struct mgmt_pending_cmd *cmd;
3001 struct hci_conn *conn;
3005 memset(&rp, 0, sizeof(rp));
3006 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3007 rp.addr.type = cp->addr.type;
3009 if (!bdaddr_type_is_valid(cp->addr.type))
3010 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3011 MGMT_STATUS_INVALID_PARAMS,
3014 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
3015 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3016 MGMT_STATUS_INVALID_PARAMS,
3021 if (!hdev_is_powered(hdev)) {
3022 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3023 MGMT_STATUS_NOT_POWERED, &rp,
3028 if (cp->addr.type == BDADDR_BREDR) {
3029 /* If disconnection is requested, then look up the
3030 * connection. If the remote device is connected, it
3031 * will be later used to terminate the link.
3033 * Setting it to NULL explicitly will cause no
3034 * termination of the link.
3037 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3042 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
3044 err = mgmt_cmd_complete(sk, hdev->id,
3045 MGMT_OP_UNPAIR_DEVICE,
3046 MGMT_STATUS_NOT_PAIRED, &rp,
3054 /* LE address type */
3055 addr_type = le_addr_type(cp->addr.type);
3057 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
3058 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
3060 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3061 MGMT_STATUS_NOT_PAIRED, &rp,
3066 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
3068 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
3073 /* Defer clearing up the connection parameters until closing to
3074 * give a chance of keeping them if a repairing happens.
3076 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3078 /* Disable auto-connection parameters if present */
3079 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
3081 if (params->explicit_connect)
3082 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3084 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3087 /* If disconnection is not requested, then clear the connection
3088 * variable so that the link is not terminated.
3090 if (!cp->disconnect)
3094 /* If the connection variable is set, then termination of the
3095 * link is requested.
3098 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3100 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
3104 cmd = mgmt_pending_new(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
3111 cmd->cmd_complete = addr_cmd_complete;
3113 err = hci_cmd_sync_queue(hdev, unpair_device_sync, cmd,
3114 unpair_device_complete);
3116 mgmt_pending_free(cmd);
3119 hci_dev_unlock(hdev);
3123 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
3126 struct mgmt_cp_disconnect *cp = data;
3127 struct mgmt_rp_disconnect rp;
3128 struct mgmt_pending_cmd *cmd;
3129 struct hci_conn *conn;
3132 bt_dev_dbg(hdev, "sock %p", sk);
3134 memset(&rp, 0, sizeof(rp));
3135 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3136 rp.addr.type = cp->addr.type;
3138 if (!bdaddr_type_is_valid(cp->addr.type))
3139 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3140 MGMT_STATUS_INVALID_PARAMS,
3145 if (!test_bit(HCI_UP, &hdev->flags)) {
3146 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3147 MGMT_STATUS_NOT_POWERED, &rp,
3152 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
3153 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3154 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3158 if (cp->addr.type == BDADDR_BREDR)
3159 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3162 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
3163 le_addr_type(cp->addr.type));
3165 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
3166 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3167 MGMT_STATUS_NOT_CONNECTED, &rp,
3172 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
3178 cmd->cmd_complete = generic_cmd_complete;
3180 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3182 mgmt_pending_remove(cmd);
3185 hci_dev_unlock(hdev);
3189 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3191 switch (link_type) {
3193 switch (addr_type) {
3194 case ADDR_LE_DEV_PUBLIC:
3195 return BDADDR_LE_PUBLIC;
3198 /* Fallback to LE Random address type */
3199 return BDADDR_LE_RANDOM;
3203 /* Fallback to BR/EDR type */
3204 return BDADDR_BREDR;
3208 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3211 struct mgmt_rp_get_connections *rp;
3216 bt_dev_dbg(hdev, "sock %p", sk);
3220 if (!hdev_is_powered(hdev)) {
3221 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3222 MGMT_STATUS_NOT_POWERED);
3227 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3228 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3232 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
3239 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3240 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3242 bacpy(&rp->addr[i].bdaddr, &c->dst);
3243 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3244 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3249 rp->conn_count = cpu_to_le16(i);
3251 /* Recalculate length in case of filtered SCO connections, etc */
3252 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3253 struct_size(rp, addr, i));
3258 hci_dev_unlock(hdev);
3262 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3263 struct mgmt_cp_pin_code_neg_reply *cp)
3265 struct mgmt_pending_cmd *cmd;
3268 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3273 cmd->cmd_complete = addr_cmd_complete;
3275 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3276 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3278 mgmt_pending_remove(cmd);
3283 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3286 struct hci_conn *conn;
3287 struct mgmt_cp_pin_code_reply *cp = data;
3288 struct hci_cp_pin_code_reply reply;
3289 struct mgmt_pending_cmd *cmd;
3292 bt_dev_dbg(hdev, "sock %p", sk);
3296 if (!hdev_is_powered(hdev)) {
3297 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3298 MGMT_STATUS_NOT_POWERED);
3302 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3304 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3305 MGMT_STATUS_NOT_CONNECTED);
3309 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3310 struct mgmt_cp_pin_code_neg_reply ncp;
3312 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3314 bt_dev_err(hdev, "PIN code is not 16 bytes long");
3316 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3318 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3319 MGMT_STATUS_INVALID_PARAMS);
3324 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3330 cmd->cmd_complete = addr_cmd_complete;
3332 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3333 reply.pin_len = cp->pin_len;
3334 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3336 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3338 mgmt_pending_remove(cmd);
3341 hci_dev_unlock(hdev);
3345 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3348 struct mgmt_cp_set_io_capability *cp = data;
3350 bt_dev_dbg(hdev, "sock %p", sk);
3352 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3353 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3354 MGMT_STATUS_INVALID_PARAMS);
3358 hdev->io_capability = cp->io_capability;
3360 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
3362 hci_dev_unlock(hdev);
3364 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3368 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
3370 struct hci_dev *hdev = conn->hdev;
3371 struct mgmt_pending_cmd *cmd;
3373 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3374 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3377 if (cmd->user_data != conn)
3386 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
3388 struct mgmt_rp_pair_device rp;
3389 struct hci_conn *conn = cmd->user_data;
3392 bacpy(&rp.addr.bdaddr, &conn->dst);
3393 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3395 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3396 status, &rp, sizeof(rp));
3398 /* So we don't get further callbacks for this connection */
3399 conn->connect_cfm_cb = NULL;
3400 conn->security_cfm_cb = NULL;
3401 conn->disconn_cfm_cb = NULL;
3403 hci_conn_drop(conn);
3405 /* The device is paired so there is no need to remove
3406 * its connection parameters anymore.
3408 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3415 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3417 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3418 struct mgmt_pending_cmd *cmd;
3420 cmd = find_pairing(conn);
3422 cmd->cmd_complete(cmd, status);
3423 mgmt_pending_remove(cmd);
3427 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3429 struct mgmt_pending_cmd *cmd;
3431 BT_DBG("status %u", status);
3433 cmd = find_pairing(conn);
3435 BT_DBG("Unable to find a pending command");
3439 cmd->cmd_complete(cmd, mgmt_status(status));
3440 mgmt_pending_remove(cmd);
3443 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3445 struct mgmt_pending_cmd *cmd;
3447 BT_DBG("status %u", status);
3452 cmd = find_pairing(conn);
3454 BT_DBG("Unable to find a pending command");
3458 cmd->cmd_complete(cmd, mgmt_status(status));
3459 mgmt_pending_remove(cmd);
3462 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3465 struct mgmt_cp_pair_device *cp = data;
3466 struct mgmt_rp_pair_device rp;
3467 struct mgmt_pending_cmd *cmd;
3468 u8 sec_level, auth_type;
3469 struct hci_conn *conn;
3472 bt_dev_dbg(hdev, "sock %p", sk);
3474 memset(&rp, 0, sizeof(rp));
3475 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3476 rp.addr.type = cp->addr.type;
3478 if (!bdaddr_type_is_valid(cp->addr.type))
3479 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3480 MGMT_STATUS_INVALID_PARAMS,
3483 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3484 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3485 MGMT_STATUS_INVALID_PARAMS,
3490 if (!hdev_is_powered(hdev)) {
3491 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3492 MGMT_STATUS_NOT_POWERED, &rp,
3497 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3498 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3499 MGMT_STATUS_ALREADY_PAIRED, &rp,
3504 sec_level = BT_SECURITY_MEDIUM;
3505 auth_type = HCI_AT_DEDICATED_BONDING;
3507 if (cp->addr.type == BDADDR_BREDR) {
3508 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3509 auth_type, CONN_REASON_PAIR_DEVICE);
3511 u8 addr_type = le_addr_type(cp->addr.type);
3512 struct hci_conn_params *p;
3514 /* When pairing a new device, it is expected to remember
3515 * this device for future connections. Adding the connection
3516 * parameter information ahead of time allows tracking
3517 * of the peripheral preferred values and will speed up any
3518 * further connection establishment.
3520 * If connection parameters already exist, then they
3521 * will be kept and this function does nothing.
3523 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3525 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
3526 p->auto_connect = HCI_AUTO_CONN_DISABLED;
3528 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type,
3529 sec_level, HCI_LE_CONN_TIMEOUT,
3530 CONN_REASON_PAIR_DEVICE);
3536 if (PTR_ERR(conn) == -EBUSY)
3537 status = MGMT_STATUS_BUSY;
3538 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3539 status = MGMT_STATUS_NOT_SUPPORTED;
3540 else if (PTR_ERR(conn) == -ECONNREFUSED)
3541 status = MGMT_STATUS_REJECTED;
3543 status = MGMT_STATUS_CONNECT_FAILED;
3545 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3546 status, &rp, sizeof(rp));
3550 if (conn->connect_cfm_cb) {
3551 hci_conn_drop(conn);
3552 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3553 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3557 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3560 hci_conn_drop(conn);
3564 cmd->cmd_complete = pairing_complete;
3566 /* For LE, just connecting isn't a proof that the pairing finished */
3567 if (cp->addr.type == BDADDR_BREDR) {
3568 conn->connect_cfm_cb = pairing_complete_cb;
3569 conn->security_cfm_cb = pairing_complete_cb;
3570 conn->disconn_cfm_cb = pairing_complete_cb;
3572 conn->connect_cfm_cb = le_pairing_complete_cb;
3573 conn->security_cfm_cb = le_pairing_complete_cb;
3574 conn->disconn_cfm_cb = le_pairing_complete_cb;
3577 conn->io_capability = cp->io_cap;
3578 cmd->user_data = hci_conn_get(conn);
3580 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3581 hci_conn_security(conn, sec_level, auth_type, true)) {
3582 cmd->cmd_complete(cmd, 0);
3583 mgmt_pending_remove(cmd);
3589 hci_dev_unlock(hdev);
3593 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3596 struct mgmt_addr_info *addr = data;
3597 struct mgmt_pending_cmd *cmd;
3598 struct hci_conn *conn;
3601 bt_dev_dbg(hdev, "sock %p", sk);
3605 if (!hdev_is_powered(hdev)) {
3606 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3607 MGMT_STATUS_NOT_POWERED);
3611 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3613 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3614 MGMT_STATUS_INVALID_PARAMS);
3618 conn = cmd->user_data;
3620 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3621 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3622 MGMT_STATUS_INVALID_PARAMS);
3626 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3627 mgmt_pending_remove(cmd);
3629 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3630 addr, sizeof(*addr));
3632 /* Since user doesn't want to proceed with the connection, abort any
3633 * ongoing pairing and then terminate the link if it was created
3634 * because of the pair device action.
3636 if (addr->type == BDADDR_BREDR)
3637 hci_remove_link_key(hdev, &addr->bdaddr);
3639 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr,
3640 le_addr_type(addr->type));
3642 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE)
3643 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
3646 hci_dev_unlock(hdev);
3650 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3651 struct mgmt_addr_info *addr, u16 mgmt_op,
3652 u16 hci_op, __le32 passkey)
3654 struct mgmt_pending_cmd *cmd;
3655 struct hci_conn *conn;
3660 if (!hdev_is_powered(hdev)) {
3661 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3662 MGMT_STATUS_NOT_POWERED, addr,
3667 if (addr->type == BDADDR_BREDR)
3668 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3670 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3671 le_addr_type(addr->type));
3674 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3675 MGMT_STATUS_NOT_CONNECTED, addr,
3680 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3681 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3683 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3684 MGMT_STATUS_SUCCESS, addr,
3687 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3688 MGMT_STATUS_FAILED, addr,
3694 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3700 cmd->cmd_complete = addr_cmd_complete;
3702 /* Continue with pairing via HCI */
3703 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3704 struct hci_cp_user_passkey_reply cp;
3706 bacpy(&cp.bdaddr, &addr->bdaddr);
3707 cp.passkey = passkey;
3708 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3710 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3714 mgmt_pending_remove(cmd);
3717 hci_dev_unlock(hdev);
3721 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3722 void *data, u16 len)
3724 struct mgmt_cp_pin_code_neg_reply *cp = data;
3726 bt_dev_dbg(hdev, "sock %p", sk);
3728 return user_pairing_resp(sk, hdev, &cp->addr,
3729 MGMT_OP_PIN_CODE_NEG_REPLY,
3730 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3733 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3736 struct mgmt_cp_user_confirm_reply *cp = data;
3738 bt_dev_dbg(hdev, "sock %p", sk);
3740 if (len != sizeof(*cp))
3741 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3742 MGMT_STATUS_INVALID_PARAMS);
3744 return user_pairing_resp(sk, hdev, &cp->addr,
3745 MGMT_OP_USER_CONFIRM_REPLY,
3746 HCI_OP_USER_CONFIRM_REPLY, 0);
3749 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3750 void *data, u16 len)
3752 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3754 bt_dev_dbg(hdev, "sock %p", sk);
3756 return user_pairing_resp(sk, hdev, &cp->addr,
3757 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3758 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3761 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3764 struct mgmt_cp_user_passkey_reply *cp = data;
3766 bt_dev_dbg(hdev, "sock %p", sk);
3768 return user_pairing_resp(sk, hdev, &cp->addr,
3769 MGMT_OP_USER_PASSKEY_REPLY,
3770 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3773 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3774 void *data, u16 len)
3776 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3778 bt_dev_dbg(hdev, "sock %p", sk);
3780 return user_pairing_resp(sk, hdev, &cp->addr,
3781 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3782 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3785 static int adv_expire_sync(struct hci_dev *hdev, u32 flags)
3787 struct adv_info *adv_instance;
3789 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3793 /* stop if current instance doesn't need to be changed */
3794 if (!(adv_instance->flags & flags))
3797 cancel_adv_timeout(hdev);
3799 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3803 hci_schedule_adv_instance_sync(hdev, adv_instance->instance, true);
3808 static int name_changed_sync(struct hci_dev *hdev, void *data)
3810 return adv_expire_sync(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3813 static void set_name_complete(struct hci_dev *hdev, void *data, int err)
3815 struct mgmt_pending_cmd *cmd = data;
3816 struct mgmt_cp_set_local_name *cp = cmd->param;
3817 u8 status = mgmt_status(err);
3819 bt_dev_dbg(hdev, "err %d", err);
3821 if (cmd != pending_find(MGMT_OP_SET_LOCAL_NAME, hdev))
3825 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3828 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3831 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3832 hci_cmd_sync_queue(hdev, name_changed_sync, NULL, NULL);
3835 mgmt_pending_remove(cmd);
3838 static int set_name_sync(struct hci_dev *hdev, void *data)
3840 if (lmp_bredr_capable(hdev)) {
3841 hci_update_name_sync(hdev);
3842 hci_update_eir_sync(hdev);
3845 /* The name is stored in the scan response data and so
3846 * no need to update the advertising data here.
3848 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3849 hci_update_scan_rsp_data_sync(hdev, hdev->cur_adv_instance);
3854 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3857 struct mgmt_cp_set_local_name *cp = data;
3858 struct mgmt_pending_cmd *cmd;
3861 bt_dev_dbg(hdev, "sock %p", sk);
3865 /* If the old values are the same as the new ones just return a
3866 * direct command complete event.
3868 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3869 !memcmp(hdev->short_name, cp->short_name,
3870 sizeof(hdev->short_name))) {
3871 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3876 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3878 if (!hdev_is_powered(hdev)) {
3879 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3881 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3886 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3887 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3888 ext_info_changed(hdev, sk);
3893 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3897 err = hci_cmd_sync_queue(hdev, set_name_sync, cmd,
3901 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3902 MGMT_STATUS_FAILED);
3905 mgmt_pending_remove(cmd);
3910 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3913 hci_dev_unlock(hdev);
3917 static int appearance_changed_sync(struct hci_dev *hdev, void *data)
3919 return adv_expire_sync(hdev, MGMT_ADV_FLAG_APPEARANCE);
3922 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3925 struct mgmt_cp_set_appearance *cp = data;
3929 bt_dev_dbg(hdev, "sock %p", sk);
3931 if (!lmp_le_capable(hdev))
3932 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3933 MGMT_STATUS_NOT_SUPPORTED);
3935 appearance = le16_to_cpu(cp->appearance);
3939 if (hdev->appearance != appearance) {
3940 hdev->appearance = appearance;
3942 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3943 hci_cmd_sync_queue(hdev, appearance_changed_sync, NULL,
3946 ext_info_changed(hdev, sk);
3949 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3952 hci_dev_unlock(hdev);
3957 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3958 void *data, u16 len)
3960 struct mgmt_rp_get_phy_configuration rp;
3962 bt_dev_dbg(hdev, "sock %p", sk);
3966 memset(&rp, 0, sizeof(rp));
3968 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3969 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3970 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3972 hci_dev_unlock(hdev);
3974 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3978 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3980 struct mgmt_ev_phy_configuration_changed ev;
3982 memset(&ev, 0, sizeof(ev));
3984 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3986 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3990 static void set_default_phy_complete(struct hci_dev *hdev, void *data, int err)
3992 struct mgmt_pending_cmd *cmd = data;
3993 struct sk_buff *skb = cmd->skb;
3994 u8 status = mgmt_status(err);
3996 if (cmd != pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev))
4001 status = MGMT_STATUS_FAILED;
4002 else if (IS_ERR(skb))
4003 status = mgmt_status(PTR_ERR(skb));
4005 status = mgmt_status(skb->data[0]);
4008 bt_dev_dbg(hdev, "status %d", status);
4011 mgmt_cmd_status(cmd->sk, hdev->id,
4012 MGMT_OP_SET_PHY_CONFIGURATION, status);
4014 mgmt_cmd_complete(cmd->sk, hdev->id,
4015 MGMT_OP_SET_PHY_CONFIGURATION, 0,
4018 mgmt_phy_configuration_changed(hdev, cmd->sk);
4021 if (skb && !IS_ERR(skb))
4024 mgmt_pending_remove(cmd);
4027 static int set_default_phy_sync(struct hci_dev *hdev, void *data)
4029 struct mgmt_pending_cmd *cmd = data;
4030 struct mgmt_cp_set_phy_configuration *cp = cmd->param;
4031 struct hci_cp_le_set_default_phy cp_phy;
4032 u32 selected_phys = __le32_to_cpu(cp->selected_phys);
4034 memset(&cp_phy, 0, sizeof(cp_phy));
4036 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
4037 cp_phy.all_phys |= 0x01;
4039 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
4040 cp_phy.all_phys |= 0x02;
4042 if (selected_phys & MGMT_PHY_LE_1M_TX)
4043 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
4045 if (selected_phys & MGMT_PHY_LE_2M_TX)
4046 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
4048 if (selected_phys & MGMT_PHY_LE_CODED_TX)
4049 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
4051 if (selected_phys & MGMT_PHY_LE_1M_RX)
4052 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
4054 if (selected_phys & MGMT_PHY_LE_2M_RX)
4055 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
4057 if (selected_phys & MGMT_PHY_LE_CODED_RX)
4058 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
4060 cmd->skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_DEFAULT_PHY,
4061 sizeof(cp_phy), &cp_phy, HCI_CMD_TIMEOUT);
4066 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
4067 void *data, u16 len)
4069 struct mgmt_cp_set_phy_configuration *cp = data;
4070 struct mgmt_pending_cmd *cmd;
4071 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
4072 u16 pkt_type = (HCI_DH1 | HCI_DM1);
4073 bool changed = false;
4076 bt_dev_dbg(hdev, "sock %p", sk);
4078 configurable_phys = get_configurable_phys(hdev);
4079 supported_phys = get_supported_phys(hdev);
4080 selected_phys = __le32_to_cpu(cp->selected_phys);
4082 if (selected_phys & ~supported_phys)
4083 return mgmt_cmd_status(sk, hdev->id,
4084 MGMT_OP_SET_PHY_CONFIGURATION,
4085 MGMT_STATUS_INVALID_PARAMS);
4087 unconfigure_phys = supported_phys & ~configurable_phys;
4089 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
4090 return mgmt_cmd_status(sk, hdev->id,
4091 MGMT_OP_SET_PHY_CONFIGURATION,
4092 MGMT_STATUS_INVALID_PARAMS);
4094 if (selected_phys == get_selected_phys(hdev))
4095 return mgmt_cmd_complete(sk, hdev->id,
4096 MGMT_OP_SET_PHY_CONFIGURATION,
4101 if (!hdev_is_powered(hdev)) {
4102 err = mgmt_cmd_status(sk, hdev->id,
4103 MGMT_OP_SET_PHY_CONFIGURATION,
4104 MGMT_STATUS_REJECTED);
4108 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
4109 err = mgmt_cmd_status(sk, hdev->id,
4110 MGMT_OP_SET_PHY_CONFIGURATION,
4115 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
4116 pkt_type |= (HCI_DH3 | HCI_DM3);
4118 pkt_type &= ~(HCI_DH3 | HCI_DM3);
4120 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
4121 pkt_type |= (HCI_DH5 | HCI_DM5);
4123 pkt_type &= ~(HCI_DH5 | HCI_DM5);
4125 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
4126 pkt_type &= ~HCI_2DH1;
4128 pkt_type |= HCI_2DH1;
4130 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
4131 pkt_type &= ~HCI_2DH3;
4133 pkt_type |= HCI_2DH3;
4135 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
4136 pkt_type &= ~HCI_2DH5;
4138 pkt_type |= HCI_2DH5;
4140 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
4141 pkt_type &= ~HCI_3DH1;
4143 pkt_type |= HCI_3DH1;
4145 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
4146 pkt_type &= ~HCI_3DH3;
4148 pkt_type |= HCI_3DH3;
4150 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
4151 pkt_type &= ~HCI_3DH5;
4153 pkt_type |= HCI_3DH5;
4155 if (pkt_type != hdev->pkt_type) {
4156 hdev->pkt_type = pkt_type;
4160 if ((selected_phys & MGMT_PHY_LE_MASK) ==
4161 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
4163 mgmt_phy_configuration_changed(hdev, sk);
4165 err = mgmt_cmd_complete(sk, hdev->id,
4166 MGMT_OP_SET_PHY_CONFIGURATION,
4172 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
4177 err = hci_cmd_sync_queue(hdev, set_default_phy_sync, cmd,
4178 set_default_phy_complete);
4181 err = mgmt_cmd_status(sk, hdev->id,
4182 MGMT_OP_SET_PHY_CONFIGURATION,
4183 MGMT_STATUS_FAILED);
4186 mgmt_pending_remove(cmd);
4190 hci_dev_unlock(hdev);
4195 static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
4198 int err = MGMT_STATUS_SUCCESS;
4199 struct mgmt_cp_set_blocked_keys *keys = data;
4200 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
4201 sizeof(struct mgmt_blocked_key_info));
4202 u16 key_count, expected_len;
4205 bt_dev_dbg(hdev, "sock %p", sk);
4207 key_count = __le16_to_cpu(keys->key_count);
4208 if (key_count > max_key_count) {
4209 bt_dev_err(hdev, "too big key_count value %u", key_count);
4210 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4211 MGMT_STATUS_INVALID_PARAMS);
4214 expected_len = struct_size(keys, keys, key_count);
4215 if (expected_len != len) {
4216 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
4218 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4219 MGMT_STATUS_INVALID_PARAMS);
4224 hci_blocked_keys_clear(hdev);
4226 for (i = 0; i < key_count; ++i) {
4227 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
4230 err = MGMT_STATUS_NO_RESOURCES;
4234 b->type = keys->keys[i].type;
4235 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
4236 list_add_rcu(&b->list, &hdev->blocked_keys);
4238 hci_dev_unlock(hdev);
4240 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4244 static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
4245 void *data, u16 len)
4247 struct mgmt_mode *cp = data;
4249 bool changed = false;
4251 bt_dev_dbg(hdev, "sock %p", sk);
4253 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
4254 return mgmt_cmd_status(sk, hdev->id,
4255 MGMT_OP_SET_WIDEBAND_SPEECH,
4256 MGMT_STATUS_NOT_SUPPORTED);
4258 if (cp->val != 0x00 && cp->val != 0x01)
4259 return mgmt_cmd_status(sk, hdev->id,
4260 MGMT_OP_SET_WIDEBAND_SPEECH,
4261 MGMT_STATUS_INVALID_PARAMS);
4265 if (hdev_is_powered(hdev) &&
4266 !!cp->val != hci_dev_test_flag(hdev,
4267 HCI_WIDEBAND_SPEECH_ENABLED)) {
4268 err = mgmt_cmd_status(sk, hdev->id,
4269 MGMT_OP_SET_WIDEBAND_SPEECH,
4270 MGMT_STATUS_REJECTED);
4275 changed = !hci_dev_test_and_set_flag(hdev,
4276 HCI_WIDEBAND_SPEECH_ENABLED);
4278 changed = hci_dev_test_and_clear_flag(hdev,
4279 HCI_WIDEBAND_SPEECH_ENABLED);
4281 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
4286 err = new_settings(hdev, sk);
4289 hci_dev_unlock(hdev);
4293 static int read_controller_cap(struct sock *sk, struct hci_dev *hdev,
4294 void *data, u16 data_len)
4297 struct mgmt_rp_read_controller_cap *rp = (void *)buf;
4300 u8 tx_power_range[2];
4302 bt_dev_dbg(hdev, "sock %p", sk);
4304 memset(&buf, 0, sizeof(buf));
4308 /* When the Read Simple Pairing Options command is supported, then
4309 * the remote public key validation is supported.
4311 * Alternatively, when Microsoft extensions are available, they can
4312 * indicate support for public key validation as well.
4314 if ((hdev->commands[41] & 0x08) || msft_curve_validity(hdev))
4315 flags |= 0x01; /* Remote public key validation (BR/EDR) */
4317 flags |= 0x02; /* Remote public key validation (LE) */
4319 /* When the Read Encryption Key Size command is supported, then the
4320 * encryption key size is enforced.
4322 if (hdev->commands[20] & 0x10)
4323 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
4325 flags |= 0x08; /* Encryption key size enforcement (LE) */
4327 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS,
4330 /* When the Read Simple Pairing Options command is supported, then
4331 * also max encryption key size information is provided.
4333 if (hdev->commands[41] & 0x08)
4334 cap_len = eir_append_le16(rp->cap, cap_len,
4335 MGMT_CAP_MAX_ENC_KEY_SIZE,
4336 hdev->max_enc_key_size);
4338 cap_len = eir_append_le16(rp->cap, cap_len,
4339 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE,
4340 SMP_MAX_ENC_KEY_SIZE);
4342 /* Append the min/max LE tx power parameters if we were able to fetch
4343 * it from the controller
4345 if (hdev->commands[38] & 0x80) {
4346 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1);
4347 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1);
4348 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR,
4352 rp->cap_len = cpu_to_le16(cap_len);
4354 hci_dev_unlock(hdev);
4356 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0,
4357 rp, sizeof(*rp) + cap_len);
4360 #ifdef CONFIG_BT_FEATURE_DEBUG
4361 /* d4992530-b9ec-469f-ab01-6c481c47da1c */
4362 static const u8 debug_uuid[16] = {
4363 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab,
4364 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4,
4368 /* 330859bc-7506-492d-9370-9a6f0614037f */
4369 static const u8 quality_report_uuid[16] = {
4370 0x7f, 0x03, 0x14, 0x06, 0x6f, 0x9a, 0x70, 0x93,
4371 0x2d, 0x49, 0x06, 0x75, 0xbc, 0x59, 0x08, 0x33,
4374 /* a6695ace-ee7f-4fb9-881a-5fac66c629af */
4375 static const u8 offload_codecs_uuid[16] = {
4376 0xaf, 0x29, 0xc6, 0x66, 0xac, 0x5f, 0x1a, 0x88,
4377 0xb9, 0x4f, 0x7f, 0xee, 0xce, 0x5a, 0x69, 0xa6,
4380 /* 671b10b5-42c0-4696-9227-eb28d1b049d6 */
4381 static const u8 le_simultaneous_roles_uuid[16] = {
4382 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92,
4383 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67,
4386 /* 15c0a148-c273-11ea-b3de-0242ac130004 */
4387 static const u8 rpa_resolution_uuid[16] = {
4388 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3,
4389 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15,
4392 /* 6fbaf188-05e0-496a-9885-d6ddfdb4e03e */
4393 static const u8 iso_socket_uuid[16] = {
4394 0x3e, 0xe0, 0xb4, 0xfd, 0xdd, 0xd6, 0x85, 0x98,
4395 0x6a, 0x49, 0xe0, 0x05, 0x88, 0xf1, 0xba, 0x6f,
4398 /* 2ce463d7-7a03-4d8d-bf05-5f24e8f36e76 */
4399 static const u8 mgmt_mesh_uuid[16] = {
4400 0x76, 0x6e, 0xf3, 0xe8, 0x24, 0x5f, 0x05, 0xbf,
4401 0x8d, 0x4d, 0x03, 0x7a, 0xd7, 0x63, 0xe4, 0x2c,
4404 static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
4405 void *data, u16 data_len)
4407 struct mgmt_rp_read_exp_features_info *rp;
4413 bt_dev_dbg(hdev, "sock %p", sk);
4415 /* Enough space for 7 features */
4416 len = sizeof(*rp) + (sizeof(rp->features[0]) * 7);
4417 rp = kzalloc(len, GFP_KERNEL);
4421 #ifdef CONFIG_BT_FEATURE_DEBUG
4423 flags = bt_dbg_get() ? BIT(0) : 0;
4425 memcpy(rp->features[idx].uuid, debug_uuid, 16);
4426 rp->features[idx].flags = cpu_to_le32(flags);
4431 if (hdev && hci_dev_le_state_simultaneous(hdev)) {
4432 if (hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES))
4437 memcpy(rp->features[idx].uuid, le_simultaneous_roles_uuid, 16);
4438 rp->features[idx].flags = cpu_to_le32(flags);
4442 if (hdev && ll_privacy_capable(hdev)) {
4443 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
4444 flags = BIT(0) | BIT(1);
4448 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16);
4449 rp->features[idx].flags = cpu_to_le32(flags);
4453 if (hdev && (aosp_has_quality_report(hdev) ||
4454 hdev->set_quality_report)) {
4455 if (hci_dev_test_flag(hdev, HCI_QUALITY_REPORT))
4460 memcpy(rp->features[idx].uuid, quality_report_uuid, 16);
4461 rp->features[idx].flags = cpu_to_le32(flags);
4465 if (hdev && hdev->get_data_path_id) {
4466 if (hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED))
4471 memcpy(rp->features[idx].uuid, offload_codecs_uuid, 16);
4472 rp->features[idx].flags = cpu_to_le32(flags);
4476 if (IS_ENABLED(CONFIG_BT_LE)) {
4477 flags = iso_enabled() ? BIT(0) : 0;
4478 memcpy(rp->features[idx].uuid, iso_socket_uuid, 16);
4479 rp->features[idx].flags = cpu_to_le32(flags);
4483 if (hdev && lmp_le_capable(hdev)) {
4484 if (hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
4489 memcpy(rp->features[idx].uuid, mgmt_mesh_uuid, 16);
4490 rp->features[idx].flags = cpu_to_le32(flags);
4494 rp->feature_count = cpu_to_le16(idx);
4496 /* After reading the experimental features information, enable
4497 * the events to update client on any future change.
4499 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4501 status = mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4502 MGMT_OP_READ_EXP_FEATURES_INFO,
4503 0, rp, sizeof(*rp) + (20 * idx));
4509 static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev,
4512 struct mgmt_ev_exp_feature_changed ev;
4514 memset(&ev, 0, sizeof(ev));
4515 memcpy(ev.uuid, rpa_resolution_uuid, 16);
4516 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1));
4518 // Do we need to be atomic with the conn_flags?
4519 if (enabled && privacy_mode_capable(hdev))
4520 hdev->conn_flags |= HCI_CONN_FLAG_DEVICE_PRIVACY;
4522 hdev->conn_flags &= ~HCI_CONN_FLAG_DEVICE_PRIVACY;
4524 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
4526 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4530 static int exp_feature_changed(struct hci_dev *hdev, const u8 *uuid,
4531 bool enabled, struct sock *skip)
4533 struct mgmt_ev_exp_feature_changed ev;
4535 memset(&ev, 0, sizeof(ev));
4536 memcpy(ev.uuid, uuid, 16);
4537 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
4539 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
4541 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4544 #define EXP_FEAT(_uuid, _set_func) \
4547 .set_func = _set_func, \
4550 /* The zero key uuid is special. Multiple exp features are set through it. */
4551 static int set_zero_key_func(struct sock *sk, struct hci_dev *hdev,
4552 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4554 struct mgmt_rp_set_exp_feature rp;
4556 memset(rp.uuid, 0, 16);
4557 rp.flags = cpu_to_le32(0);
4559 #ifdef CONFIG_BT_FEATURE_DEBUG
4561 bool changed = bt_dbg_get();
4566 exp_feature_changed(NULL, ZERO_KEY, false, sk);
4570 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) {
4573 changed = hci_dev_test_and_clear_flag(hdev,
4574 HCI_ENABLE_LL_PRIVACY);
4576 exp_feature_changed(hdev, rpa_resolution_uuid, false,
4580 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4582 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4583 MGMT_OP_SET_EXP_FEATURE, 0,
4587 #ifdef CONFIG_BT_FEATURE_DEBUG
4588 static int set_debug_func(struct sock *sk, struct hci_dev *hdev,
4589 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4591 struct mgmt_rp_set_exp_feature rp;
4596 /* Command requires to use the non-controller index */
4598 return mgmt_cmd_status(sk, hdev->id,
4599 MGMT_OP_SET_EXP_FEATURE,
4600 MGMT_STATUS_INVALID_INDEX);
4602 /* Parameters are limited to a single octet */
4603 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4604 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4605 MGMT_OP_SET_EXP_FEATURE,
4606 MGMT_STATUS_INVALID_PARAMS);
4608 /* Only boolean on/off is supported */
4609 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4610 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4611 MGMT_OP_SET_EXP_FEATURE,
4612 MGMT_STATUS_INVALID_PARAMS);
4614 val = !!cp->param[0];
4615 changed = val ? !bt_dbg_get() : bt_dbg_get();
4618 memcpy(rp.uuid, debug_uuid, 16);
4619 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4621 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4623 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4624 MGMT_OP_SET_EXP_FEATURE, 0,
4628 exp_feature_changed(hdev, debug_uuid, val, sk);
4634 static int set_mgmt_mesh_func(struct sock *sk, struct hci_dev *hdev,
4635 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4637 struct mgmt_rp_set_exp_feature rp;
4641 /* Command requires to use the controller index */
4643 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4644 MGMT_OP_SET_EXP_FEATURE,
4645 MGMT_STATUS_INVALID_INDEX);
4647 /* Parameters are limited to a single octet */
4648 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4649 return mgmt_cmd_status(sk, hdev->id,
4650 MGMT_OP_SET_EXP_FEATURE,
4651 MGMT_STATUS_INVALID_PARAMS);
4653 /* Only boolean on/off is supported */
4654 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4655 return mgmt_cmd_status(sk, hdev->id,
4656 MGMT_OP_SET_EXP_FEATURE,
4657 MGMT_STATUS_INVALID_PARAMS);
4659 val = !!cp->param[0];
4662 changed = !hci_dev_test_and_set_flag(hdev,
4663 HCI_MESH_EXPERIMENTAL);
4665 hci_dev_clear_flag(hdev, HCI_MESH);
4666 changed = hci_dev_test_and_clear_flag(hdev,
4667 HCI_MESH_EXPERIMENTAL);
4670 memcpy(rp.uuid, mgmt_mesh_uuid, 16);
4671 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4673 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4675 err = mgmt_cmd_complete(sk, hdev->id,
4676 MGMT_OP_SET_EXP_FEATURE, 0,
4680 exp_feature_changed(hdev, mgmt_mesh_uuid, val, sk);
4685 static int set_rpa_resolution_func(struct sock *sk, struct hci_dev *hdev,
4686 struct mgmt_cp_set_exp_feature *cp,
4689 struct mgmt_rp_set_exp_feature rp;
4694 /* Command requires to use the controller index */
4696 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4697 MGMT_OP_SET_EXP_FEATURE,
4698 MGMT_STATUS_INVALID_INDEX);
4700 /* Changes can only be made when controller is powered down */
4701 if (hdev_is_powered(hdev))
4702 return mgmt_cmd_status(sk, hdev->id,
4703 MGMT_OP_SET_EXP_FEATURE,
4704 MGMT_STATUS_REJECTED);
4706 /* Parameters are limited to a single octet */
4707 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4708 return mgmt_cmd_status(sk, hdev->id,
4709 MGMT_OP_SET_EXP_FEATURE,
4710 MGMT_STATUS_INVALID_PARAMS);
4712 /* Only boolean on/off is supported */
4713 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4714 return mgmt_cmd_status(sk, hdev->id,
4715 MGMT_OP_SET_EXP_FEATURE,
4716 MGMT_STATUS_INVALID_PARAMS);
4718 val = !!cp->param[0];
4721 changed = !hci_dev_test_and_set_flag(hdev,
4722 HCI_ENABLE_LL_PRIVACY);
4723 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4725 /* Enable LL privacy + supported settings changed */
4726 flags = BIT(0) | BIT(1);
4728 changed = hci_dev_test_and_clear_flag(hdev,
4729 HCI_ENABLE_LL_PRIVACY);
4731 /* Disable LL privacy + supported settings changed */
4735 memcpy(rp.uuid, rpa_resolution_uuid, 16);
4736 rp.flags = cpu_to_le32(flags);
4738 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4740 err = mgmt_cmd_complete(sk, hdev->id,
4741 MGMT_OP_SET_EXP_FEATURE, 0,
4745 exp_ll_privacy_feature_changed(val, hdev, sk);
4750 static int set_quality_report_func(struct sock *sk, struct hci_dev *hdev,
4751 struct mgmt_cp_set_exp_feature *cp,
4754 struct mgmt_rp_set_exp_feature rp;
4758 /* Command requires to use a valid controller index */
4760 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4761 MGMT_OP_SET_EXP_FEATURE,
4762 MGMT_STATUS_INVALID_INDEX);
4764 /* Parameters are limited to a single octet */
4765 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4766 return mgmt_cmd_status(sk, hdev->id,
4767 MGMT_OP_SET_EXP_FEATURE,
4768 MGMT_STATUS_INVALID_PARAMS);
4770 /* Only boolean on/off is supported */
4771 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4772 return mgmt_cmd_status(sk, hdev->id,
4773 MGMT_OP_SET_EXP_FEATURE,
4774 MGMT_STATUS_INVALID_PARAMS);
4776 hci_req_sync_lock(hdev);
4778 val = !!cp->param[0];
4779 changed = (val != hci_dev_test_flag(hdev, HCI_QUALITY_REPORT));
4781 if (!aosp_has_quality_report(hdev) && !hdev->set_quality_report) {
4782 err = mgmt_cmd_status(sk, hdev->id,
4783 MGMT_OP_SET_EXP_FEATURE,
4784 MGMT_STATUS_NOT_SUPPORTED);
4785 goto unlock_quality_report;
4789 if (hdev->set_quality_report)
4790 err = hdev->set_quality_report(hdev, val);
4792 err = aosp_set_quality_report(hdev, val);
4795 err = mgmt_cmd_status(sk, hdev->id,
4796 MGMT_OP_SET_EXP_FEATURE,
4797 MGMT_STATUS_FAILED);
4798 goto unlock_quality_report;
4802 hci_dev_set_flag(hdev, HCI_QUALITY_REPORT);
4804 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
4807 bt_dev_dbg(hdev, "quality report enable %d changed %d", val, changed);
4809 memcpy(rp.uuid, quality_report_uuid, 16);
4810 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4811 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4813 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_EXP_FEATURE, 0,
4817 exp_feature_changed(hdev, quality_report_uuid, val, sk);
4819 unlock_quality_report:
4820 hci_req_sync_unlock(hdev);
4824 static int set_offload_codec_func(struct sock *sk, struct hci_dev *hdev,
4825 struct mgmt_cp_set_exp_feature *cp,
4830 struct mgmt_rp_set_exp_feature rp;
4832 /* Command requires to use a valid controller index */
4834 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4835 MGMT_OP_SET_EXP_FEATURE,
4836 MGMT_STATUS_INVALID_INDEX);
4838 /* Parameters are limited to a single octet */
4839 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4840 return mgmt_cmd_status(sk, hdev->id,
4841 MGMT_OP_SET_EXP_FEATURE,
4842 MGMT_STATUS_INVALID_PARAMS);
4844 /* Only boolean on/off is supported */
4845 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4846 return mgmt_cmd_status(sk, hdev->id,
4847 MGMT_OP_SET_EXP_FEATURE,
4848 MGMT_STATUS_INVALID_PARAMS);
4850 val = !!cp->param[0];
4851 changed = (val != hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED));
4853 if (!hdev->get_data_path_id) {
4854 return mgmt_cmd_status(sk, hdev->id,
4855 MGMT_OP_SET_EXP_FEATURE,
4856 MGMT_STATUS_NOT_SUPPORTED);
4861 hci_dev_set_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4863 hci_dev_clear_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4866 bt_dev_info(hdev, "offload codecs enable %d changed %d",
4869 memcpy(rp.uuid, offload_codecs_uuid, 16);
4870 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4871 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4872 err = mgmt_cmd_complete(sk, hdev->id,
4873 MGMT_OP_SET_EXP_FEATURE, 0,
4877 exp_feature_changed(hdev, offload_codecs_uuid, val, sk);
4882 static int set_le_simultaneous_roles_func(struct sock *sk, struct hci_dev *hdev,
4883 struct mgmt_cp_set_exp_feature *cp,
4888 struct mgmt_rp_set_exp_feature rp;
4890 /* Command requires to use a valid controller index */
4892 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4893 MGMT_OP_SET_EXP_FEATURE,
4894 MGMT_STATUS_INVALID_INDEX);
4896 /* Parameters are limited to a single octet */
4897 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4898 return mgmt_cmd_status(sk, hdev->id,
4899 MGMT_OP_SET_EXP_FEATURE,
4900 MGMT_STATUS_INVALID_PARAMS);
4902 /* Only boolean on/off is supported */
4903 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4904 return mgmt_cmd_status(sk, hdev->id,
4905 MGMT_OP_SET_EXP_FEATURE,
4906 MGMT_STATUS_INVALID_PARAMS);
4908 val = !!cp->param[0];
4909 changed = (val != hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES));
4911 if (!hci_dev_le_state_simultaneous(hdev)) {
4912 return mgmt_cmd_status(sk, hdev->id,
4913 MGMT_OP_SET_EXP_FEATURE,
4914 MGMT_STATUS_NOT_SUPPORTED);
4919 hci_dev_set_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES);
4921 hci_dev_clear_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES);
4924 bt_dev_info(hdev, "LE simultaneous roles enable %d changed %d",
4927 memcpy(rp.uuid, le_simultaneous_roles_uuid, 16);
4928 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4929 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4930 err = mgmt_cmd_complete(sk, hdev->id,
4931 MGMT_OP_SET_EXP_FEATURE, 0,
4935 exp_feature_changed(hdev, le_simultaneous_roles_uuid, val, sk);
4941 static int set_iso_socket_func(struct sock *sk, struct hci_dev *hdev,
4942 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4944 struct mgmt_rp_set_exp_feature rp;
4945 bool val, changed = false;
4948 /* Command requires to use the non-controller index */
4950 return mgmt_cmd_status(sk, hdev->id,
4951 MGMT_OP_SET_EXP_FEATURE,
4952 MGMT_STATUS_INVALID_INDEX);
4954 /* Parameters are limited to a single octet */
4955 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4956 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4957 MGMT_OP_SET_EXP_FEATURE,
4958 MGMT_STATUS_INVALID_PARAMS);
4960 /* Only boolean on/off is supported */
4961 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4962 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4963 MGMT_OP_SET_EXP_FEATURE,
4964 MGMT_STATUS_INVALID_PARAMS);
4966 val = cp->param[0] ? true : false;
4975 memcpy(rp.uuid, iso_socket_uuid, 16);
4976 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4978 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4980 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4981 MGMT_OP_SET_EXP_FEATURE, 0,
4985 exp_feature_changed(hdev, iso_socket_uuid, val, sk);
4991 static const struct mgmt_exp_feature {
4993 int (*set_func)(struct sock *sk, struct hci_dev *hdev,
4994 struct mgmt_cp_set_exp_feature *cp, u16 data_len);
4995 } exp_features[] = {
4996 EXP_FEAT(ZERO_KEY, set_zero_key_func),
4997 #ifdef CONFIG_BT_FEATURE_DEBUG
4998 EXP_FEAT(debug_uuid, set_debug_func),
5000 EXP_FEAT(mgmt_mesh_uuid, set_mgmt_mesh_func),
5001 EXP_FEAT(rpa_resolution_uuid, set_rpa_resolution_func),
5002 EXP_FEAT(quality_report_uuid, set_quality_report_func),
5003 EXP_FEAT(offload_codecs_uuid, set_offload_codec_func),
5004 EXP_FEAT(le_simultaneous_roles_uuid, set_le_simultaneous_roles_func),
5006 EXP_FEAT(iso_socket_uuid, set_iso_socket_func),
5009 /* end with a null feature */
5010 EXP_FEAT(NULL, NULL)
5013 static int set_exp_feature(struct sock *sk, struct hci_dev *hdev,
5014 void *data, u16 data_len)
5016 struct mgmt_cp_set_exp_feature *cp = data;
5019 bt_dev_dbg(hdev, "sock %p", sk);
5021 for (i = 0; exp_features[i].uuid; i++) {
5022 if (!memcmp(cp->uuid, exp_features[i].uuid, 16))
5023 return exp_features[i].set_func(sk, hdev, cp, data_len);
5026 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
5027 MGMT_OP_SET_EXP_FEATURE,
5028 MGMT_STATUS_NOT_SUPPORTED);
5031 static u32 get_params_flags(struct hci_dev *hdev,
5032 struct hci_conn_params *params)
5034 u32 flags = hdev->conn_flags;
5036 /* Devices using RPAs can only be programmed in the acceptlist if
5037 * LL Privacy has been enable otherwise they cannot mark
5038 * HCI_CONN_FLAG_REMOTE_WAKEUP.
5040 if ((flags & HCI_CONN_FLAG_REMOTE_WAKEUP) && !use_ll_privacy(hdev) &&
5041 hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type))
5042 flags &= ~HCI_CONN_FLAG_REMOTE_WAKEUP;
5047 static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
5050 struct mgmt_cp_get_device_flags *cp = data;
5051 struct mgmt_rp_get_device_flags rp;
5052 struct bdaddr_list_with_flags *br_params;
5053 struct hci_conn_params *params;
5054 u32 supported_flags;
5055 u32 current_flags = 0;
5056 u8 status = MGMT_STATUS_INVALID_PARAMS;
5058 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n",
5059 &cp->addr.bdaddr, cp->addr.type);
5063 supported_flags = hdev->conn_flags;
5065 memset(&rp, 0, sizeof(rp));
5067 if (cp->addr.type == BDADDR_BREDR) {
5068 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
5074 current_flags = br_params->flags;
5076 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5077 le_addr_type(cp->addr.type));
5081 supported_flags = get_params_flags(hdev, params);
5082 current_flags = params->flags;
5085 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5086 rp.addr.type = cp->addr.type;
5087 rp.supported_flags = cpu_to_le32(supported_flags);
5088 rp.current_flags = cpu_to_le32(current_flags);
5090 status = MGMT_STATUS_SUCCESS;
5093 hci_dev_unlock(hdev);
5095 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status,
5099 static void device_flags_changed(struct sock *sk, struct hci_dev *hdev,
5100 bdaddr_t *bdaddr, u8 bdaddr_type,
5101 u32 supported_flags, u32 current_flags)
5103 struct mgmt_ev_device_flags_changed ev;
5105 bacpy(&ev.addr.bdaddr, bdaddr);
5106 ev.addr.type = bdaddr_type;
5107 ev.supported_flags = cpu_to_le32(supported_flags);
5108 ev.current_flags = cpu_to_le32(current_flags);
5110 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk);
5113 static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
5116 struct mgmt_cp_set_device_flags *cp = data;
5117 struct bdaddr_list_with_flags *br_params;
5118 struct hci_conn_params *params;
5119 u8 status = MGMT_STATUS_INVALID_PARAMS;
5120 u32 supported_flags;
5121 u32 current_flags = __le32_to_cpu(cp->current_flags);
5123 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x",
5124 &cp->addr.bdaddr, cp->addr.type, current_flags);
5126 // We should take hci_dev_lock() early, I think.. conn_flags can change
5127 supported_flags = hdev->conn_flags;
5129 if ((supported_flags | current_flags) != supported_flags) {
5130 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
5131 current_flags, supported_flags);
5137 if (cp->addr.type == BDADDR_BREDR) {
5138 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
5143 br_params->flags = current_flags;
5144 status = MGMT_STATUS_SUCCESS;
5146 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)",
5147 &cp->addr.bdaddr, cp->addr.type);
5153 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5154 le_addr_type(cp->addr.type));
5156 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)",
5157 &cp->addr.bdaddr, le_addr_type(cp->addr.type));
5161 supported_flags = get_params_flags(hdev, params);
5163 if ((supported_flags | current_flags) != supported_flags) {
5164 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
5165 current_flags, supported_flags);
5169 WRITE_ONCE(params->flags, current_flags);
5170 status = MGMT_STATUS_SUCCESS;
5172 /* Update passive scan if HCI_CONN_FLAG_DEVICE_PRIVACY
5175 if (params->flags & HCI_CONN_FLAG_DEVICE_PRIVACY)
5176 hci_update_passive_scan(hdev);
5179 hci_dev_unlock(hdev);
5182 if (status == MGMT_STATUS_SUCCESS)
5183 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
5184 supported_flags, current_flags);
5186 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status,
5187 &cp->addr, sizeof(cp->addr));
5190 static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev,
5193 struct mgmt_ev_adv_monitor_added ev;
5195 ev.monitor_handle = cpu_to_le16(handle);
5197 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk);
5200 void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle)
5202 struct mgmt_ev_adv_monitor_removed ev;
5203 struct mgmt_pending_cmd *cmd;
5204 struct sock *sk_skip = NULL;
5205 struct mgmt_cp_remove_adv_monitor *cp;
5207 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
5211 if (cp->monitor_handle)
5215 ev.monitor_handle = cpu_to_le16(handle);
5217 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip);
5220 static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
5221 void *data, u16 len)
5223 struct adv_monitor *monitor = NULL;
5224 struct mgmt_rp_read_adv_monitor_features *rp = NULL;
5227 __u32 supported = 0;
5229 __u16 num_handles = 0;
5230 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES];
5232 BT_DBG("request for %s", hdev->name);
5236 if (msft_monitor_supported(hdev))
5237 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS;
5239 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle)
5240 handles[num_handles++] = monitor->handle;
5242 hci_dev_unlock(hdev);
5244 rp_size = sizeof(*rp) + (num_handles * sizeof(u16));
5245 rp = kmalloc(rp_size, GFP_KERNEL);
5249 /* All supported features are currently enabled */
5250 enabled = supported;
5252 rp->supported_features = cpu_to_le32(supported);
5253 rp->enabled_features = cpu_to_le32(enabled);
5254 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES);
5255 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS;
5256 rp->num_handles = cpu_to_le16(num_handles);
5258 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
5260 err = mgmt_cmd_complete(sk, hdev->id,
5261 MGMT_OP_READ_ADV_MONITOR_FEATURES,
5262 MGMT_STATUS_SUCCESS, rp, rp_size);
5269 static void mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev,
5270 void *data, int status)
5272 struct mgmt_rp_add_adv_patterns_monitor rp;
5273 struct mgmt_pending_cmd *cmd = data;
5274 struct adv_monitor *monitor = cmd->user_data;
5278 rp.monitor_handle = cpu_to_le16(monitor->handle);
5281 mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle);
5282 hdev->adv_monitors_cnt++;
5283 if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED)
5284 monitor->state = ADV_MONITOR_STATE_REGISTERED;
5285 hci_update_passive_scan(hdev);
5288 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5289 mgmt_status(status), &rp, sizeof(rp));
5290 mgmt_pending_remove(cmd);
5292 hci_dev_unlock(hdev);
5293 bt_dev_dbg(hdev, "add monitor %d complete, status %d",
5294 rp.monitor_handle, status);
5297 static int mgmt_add_adv_patterns_monitor_sync(struct hci_dev *hdev, void *data)
5299 struct mgmt_pending_cmd *cmd = data;
5300 struct adv_monitor *monitor = cmd->user_data;
5302 return hci_add_adv_monitor(hdev, monitor);
5305 static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
5306 struct adv_monitor *m, u8 status,
5307 void *data, u16 len, u16 op)
5309 struct mgmt_pending_cmd *cmd;
5317 if (pending_find(MGMT_OP_SET_LE, hdev) ||
5318 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
5319 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) ||
5320 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) {
5321 status = MGMT_STATUS_BUSY;
5325 cmd = mgmt_pending_add(sk, op, hdev, data, len);
5327 status = MGMT_STATUS_NO_RESOURCES;
5332 err = hci_cmd_sync_queue(hdev, mgmt_add_adv_patterns_monitor_sync, cmd,
5333 mgmt_add_adv_patterns_monitor_complete);
5336 status = MGMT_STATUS_NO_RESOURCES;
5338 status = MGMT_STATUS_FAILED;
5343 hci_dev_unlock(hdev);
5348 hci_free_adv_monitor(hdev, m);
5349 hci_dev_unlock(hdev);
5350 return mgmt_cmd_status(sk, hdev->id, op, status);
5353 static void parse_adv_monitor_rssi(struct adv_monitor *m,
5354 struct mgmt_adv_rssi_thresholds *rssi)
5357 m->rssi.low_threshold = rssi->low_threshold;
5358 m->rssi.low_threshold_timeout =
5359 __le16_to_cpu(rssi->low_threshold_timeout);
5360 m->rssi.high_threshold = rssi->high_threshold;
5361 m->rssi.high_threshold_timeout =
5362 __le16_to_cpu(rssi->high_threshold_timeout);
5363 m->rssi.sampling_period = rssi->sampling_period;
5365 /* Default values. These numbers are the least constricting
5366 * parameters for MSFT API to work, so it behaves as if there
5367 * are no rssi parameter to consider. May need to be changed
5368 * if other API are to be supported.
5370 m->rssi.low_threshold = -127;
5371 m->rssi.low_threshold_timeout = 60;
5372 m->rssi.high_threshold = -127;
5373 m->rssi.high_threshold_timeout = 0;
5374 m->rssi.sampling_period = 0;
5378 static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count,
5379 struct mgmt_adv_pattern *patterns)
5381 u8 offset = 0, length = 0;
5382 struct adv_pattern *p = NULL;
5385 for (i = 0; i < pattern_count; i++) {
5386 offset = patterns[i].offset;
5387 length = patterns[i].length;
5388 if (offset >= HCI_MAX_EXT_AD_LENGTH ||
5389 length > HCI_MAX_EXT_AD_LENGTH ||
5390 (offset + length) > HCI_MAX_EXT_AD_LENGTH)
5391 return MGMT_STATUS_INVALID_PARAMS;
5393 p = kmalloc(sizeof(*p), GFP_KERNEL);
5395 return MGMT_STATUS_NO_RESOURCES;
5397 p->ad_type = patterns[i].ad_type;
5398 p->offset = patterns[i].offset;
5399 p->length = patterns[i].length;
5400 memcpy(p->value, patterns[i].value, p->length);
5402 INIT_LIST_HEAD(&p->list);
5403 list_add(&p->list, &m->patterns);
5406 return MGMT_STATUS_SUCCESS;
5409 static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
5410 void *data, u16 len)
5412 struct mgmt_cp_add_adv_patterns_monitor *cp = data;
5413 struct adv_monitor *m = NULL;
5414 u8 status = MGMT_STATUS_SUCCESS;
5415 size_t expected_size = sizeof(*cp);
5417 BT_DBG("request for %s", hdev->name);
5419 if (len <= sizeof(*cp)) {
5420 status = MGMT_STATUS_INVALID_PARAMS;
5424 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
5425 if (len != expected_size) {
5426 status = MGMT_STATUS_INVALID_PARAMS;
5430 m = kzalloc(sizeof(*m), GFP_KERNEL);
5432 status = MGMT_STATUS_NO_RESOURCES;
5436 INIT_LIST_HEAD(&m->patterns);
5438 parse_adv_monitor_rssi(m, NULL);
5439 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
5442 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
5443 MGMT_OP_ADD_ADV_PATTERNS_MONITOR);
5446 static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev,
5447 void *data, u16 len)
5449 struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data;
5450 struct adv_monitor *m = NULL;
5451 u8 status = MGMT_STATUS_SUCCESS;
5452 size_t expected_size = sizeof(*cp);
5454 BT_DBG("request for %s", hdev->name);
5456 if (len <= sizeof(*cp)) {
5457 status = MGMT_STATUS_INVALID_PARAMS;
5461 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
5462 if (len != expected_size) {
5463 status = MGMT_STATUS_INVALID_PARAMS;
5467 m = kzalloc(sizeof(*m), GFP_KERNEL);
5469 status = MGMT_STATUS_NO_RESOURCES;
5473 INIT_LIST_HEAD(&m->patterns);
5475 parse_adv_monitor_rssi(m, &cp->rssi);
5476 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
5479 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
5480 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI);
5483 static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev,
5484 void *data, int status)
5486 struct mgmt_rp_remove_adv_monitor rp;
5487 struct mgmt_pending_cmd *cmd = data;
5488 struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
5492 rp.monitor_handle = cp->monitor_handle;
5495 hci_update_passive_scan(hdev);
5497 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5498 mgmt_status(status), &rp, sizeof(rp));
5499 mgmt_pending_remove(cmd);
5501 hci_dev_unlock(hdev);
5502 bt_dev_dbg(hdev, "remove monitor %d complete, status %d",
5503 rp.monitor_handle, status);
5506 static int mgmt_remove_adv_monitor_sync(struct hci_dev *hdev, void *data)
5508 struct mgmt_pending_cmd *cmd = data;
5509 struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
5510 u16 handle = __le16_to_cpu(cp->monitor_handle);
5513 return hci_remove_all_adv_monitor(hdev);
5515 return hci_remove_single_adv_monitor(hdev, handle);
5518 static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev,
5519 void *data, u16 len)
5521 struct mgmt_pending_cmd *cmd;
5526 if (pending_find(MGMT_OP_SET_LE, hdev) ||
5527 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) ||
5528 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
5529 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) {
5530 status = MGMT_STATUS_BUSY;
5534 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len);
5536 status = MGMT_STATUS_NO_RESOURCES;
5540 err = hci_cmd_sync_queue(hdev, mgmt_remove_adv_monitor_sync, cmd,
5541 mgmt_remove_adv_monitor_complete);
5544 mgmt_pending_remove(cmd);
5547 status = MGMT_STATUS_NO_RESOURCES;
5549 status = MGMT_STATUS_FAILED;
5554 hci_dev_unlock(hdev);
5559 hci_dev_unlock(hdev);
5560 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
5564 static void read_local_oob_data_complete(struct hci_dev *hdev, void *data, int err)
5566 struct mgmt_rp_read_local_oob_data mgmt_rp;
5567 size_t rp_size = sizeof(mgmt_rp);
5568 struct mgmt_pending_cmd *cmd = data;
5569 struct sk_buff *skb = cmd->skb;
5570 u8 status = mgmt_status(err);
5574 status = MGMT_STATUS_FAILED;
5575 else if (IS_ERR(skb))
5576 status = mgmt_status(PTR_ERR(skb));
5578 status = mgmt_status(skb->data[0]);
5581 bt_dev_dbg(hdev, "status %d", status);
5584 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, status);
5588 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
5590 if (!bredr_sc_enabled(hdev)) {
5591 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
5593 if (skb->len < sizeof(*rp)) {
5594 mgmt_cmd_status(cmd->sk, hdev->id,
5595 MGMT_OP_READ_LOCAL_OOB_DATA,
5596 MGMT_STATUS_FAILED);
5600 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
5601 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
5603 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
5605 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
5607 if (skb->len < sizeof(*rp)) {
5608 mgmt_cmd_status(cmd->sk, hdev->id,
5609 MGMT_OP_READ_LOCAL_OOB_DATA,
5610 MGMT_STATUS_FAILED);
5614 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
5615 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
5617 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
5618 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
5621 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5622 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
5625 if (skb && !IS_ERR(skb))
5628 mgmt_pending_free(cmd);
5631 static int read_local_oob_data_sync(struct hci_dev *hdev, void *data)
5633 struct mgmt_pending_cmd *cmd = data;
5635 if (bredr_sc_enabled(hdev))
5636 cmd->skb = hci_read_local_oob_data_sync(hdev, true, cmd->sk);
5638 cmd->skb = hci_read_local_oob_data_sync(hdev, false, cmd->sk);
5640 if (IS_ERR(cmd->skb))
5641 return PTR_ERR(cmd->skb);
5646 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
5647 void *data, u16 data_len)
5649 struct mgmt_pending_cmd *cmd;
5652 bt_dev_dbg(hdev, "sock %p", sk);
5656 if (!hdev_is_powered(hdev)) {
5657 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5658 MGMT_STATUS_NOT_POWERED);
5662 if (!lmp_ssp_capable(hdev)) {
5663 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5664 MGMT_STATUS_NOT_SUPPORTED);
5668 cmd = mgmt_pending_new(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
5672 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
5673 read_local_oob_data_complete);
5676 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5677 MGMT_STATUS_FAILED);
5680 mgmt_pending_free(cmd);
5684 hci_dev_unlock(hdev);
5688 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
5689 void *data, u16 len)
5691 struct mgmt_addr_info *addr = data;
5694 bt_dev_dbg(hdev, "sock %p", sk);
5696 if (!bdaddr_type_is_valid(addr->type))
5697 return mgmt_cmd_complete(sk, hdev->id,
5698 MGMT_OP_ADD_REMOTE_OOB_DATA,
5699 MGMT_STATUS_INVALID_PARAMS,
5700 addr, sizeof(*addr));
5704 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
5705 struct mgmt_cp_add_remote_oob_data *cp = data;
5708 if (cp->addr.type != BDADDR_BREDR) {
5709 err = mgmt_cmd_complete(sk, hdev->id,
5710 MGMT_OP_ADD_REMOTE_OOB_DATA,
5711 MGMT_STATUS_INVALID_PARAMS,
5712 &cp->addr, sizeof(cp->addr));
5716 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
5717 cp->addr.type, cp->hash,
5718 cp->rand, NULL, NULL);
5720 status = MGMT_STATUS_FAILED;
5722 status = MGMT_STATUS_SUCCESS;
5724 err = mgmt_cmd_complete(sk, hdev->id,
5725 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
5726 &cp->addr, sizeof(cp->addr));
5727 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
5728 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
5729 u8 *rand192, *hash192, *rand256, *hash256;
5732 if (bdaddr_type_is_le(cp->addr.type)) {
5733 /* Enforce zero-valued 192-bit parameters as
5734 * long as legacy SMP OOB isn't implemented.
5736 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
5737 memcmp(cp->hash192, ZERO_KEY, 16)) {
5738 err = mgmt_cmd_complete(sk, hdev->id,
5739 MGMT_OP_ADD_REMOTE_OOB_DATA,
5740 MGMT_STATUS_INVALID_PARAMS,
5741 addr, sizeof(*addr));
5748 /* In case one of the P-192 values is set to zero,
5749 * then just disable OOB data for P-192.
5751 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
5752 !memcmp(cp->hash192, ZERO_KEY, 16)) {
5756 rand192 = cp->rand192;
5757 hash192 = cp->hash192;
5761 /* In case one of the P-256 values is set to zero, then just
5762 * disable OOB data for P-256.
5764 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
5765 !memcmp(cp->hash256, ZERO_KEY, 16)) {
5769 rand256 = cp->rand256;
5770 hash256 = cp->hash256;
5773 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
5774 cp->addr.type, hash192, rand192,
5777 status = MGMT_STATUS_FAILED;
5779 status = MGMT_STATUS_SUCCESS;
5781 err = mgmt_cmd_complete(sk, hdev->id,
5782 MGMT_OP_ADD_REMOTE_OOB_DATA,
5783 status, &cp->addr, sizeof(cp->addr));
5785 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
5787 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
5788 MGMT_STATUS_INVALID_PARAMS);
5792 hci_dev_unlock(hdev);
5796 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
5797 void *data, u16 len)
5799 struct mgmt_cp_remove_remote_oob_data *cp = data;
5803 bt_dev_dbg(hdev, "sock %p", sk);
5805 if (cp->addr.type != BDADDR_BREDR)
5806 return mgmt_cmd_complete(sk, hdev->id,
5807 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5808 MGMT_STATUS_INVALID_PARAMS,
5809 &cp->addr, sizeof(cp->addr));
5813 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5814 hci_remote_oob_data_clear(hdev);
5815 status = MGMT_STATUS_SUCCESS;
5819 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
5821 status = MGMT_STATUS_INVALID_PARAMS;
5823 status = MGMT_STATUS_SUCCESS;
5826 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5827 status, &cp->addr, sizeof(cp->addr));
5829 hci_dev_unlock(hdev);
5833 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
5835 struct mgmt_pending_cmd *cmd;
5837 bt_dev_dbg(hdev, "status %u", status);
5841 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
5843 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
5846 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
5849 cmd->cmd_complete(cmd, mgmt_status(status));
5850 mgmt_pending_remove(cmd);
5853 hci_dev_unlock(hdev);
5856 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
5857 uint8_t *mgmt_status)
5860 case DISCOV_TYPE_LE:
5861 *mgmt_status = mgmt_le_support(hdev);
5865 case DISCOV_TYPE_INTERLEAVED:
5866 *mgmt_status = mgmt_le_support(hdev);
5870 case DISCOV_TYPE_BREDR:
5871 *mgmt_status = mgmt_bredr_support(hdev);
5876 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
5883 static void start_discovery_complete(struct hci_dev *hdev, void *data, int err)
5885 struct mgmt_pending_cmd *cmd = data;
5887 if (cmd != pending_find(MGMT_OP_START_DISCOVERY, hdev) &&
5888 cmd != pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev) &&
5889 cmd != pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev))
5892 bt_dev_dbg(hdev, "err %d", err);
5894 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
5896 mgmt_pending_remove(cmd);
5898 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED:
5902 static int start_discovery_sync(struct hci_dev *hdev, void *data)
5904 return hci_start_discovery_sync(hdev);
5907 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
5908 u16 op, void *data, u16 len)
5910 struct mgmt_cp_start_discovery *cp = data;
5911 struct mgmt_pending_cmd *cmd;
5915 bt_dev_dbg(hdev, "sock %p", sk);
5919 if (!hdev_is_powered(hdev)) {
5920 err = mgmt_cmd_complete(sk, hdev->id, op,
5921 MGMT_STATUS_NOT_POWERED,
5922 &cp->type, sizeof(cp->type));
5926 if (hdev->discovery.state != DISCOVERY_STOPPED ||
5927 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
5928 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5929 &cp->type, sizeof(cp->type));
5933 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
5934 err = mgmt_cmd_complete(sk, hdev->id, op, status,
5935 &cp->type, sizeof(cp->type));
5939 /* Can't start discovery when it is paused */
5940 if (hdev->discovery_paused) {
5941 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5942 &cp->type, sizeof(cp->type));
5946 /* Clear the discovery filter first to free any previously
5947 * allocated memory for the UUID list.
5949 hci_discovery_filter_clear(hdev);
5951 hdev->discovery.type = cp->type;
5952 hdev->discovery.report_invalid_rssi = false;
5953 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
5954 hdev->discovery.limited = true;
5956 hdev->discovery.limited = false;
5958 cmd = mgmt_pending_add(sk, op, hdev, data, len);
5964 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
5965 start_discovery_complete);
5967 mgmt_pending_remove(cmd);
5971 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
5974 hci_dev_unlock(hdev);
5978 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
5979 void *data, u16 len)
5981 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
5985 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
5986 void *data, u16 len)
5988 return start_discovery_internal(sk, hdev,
5989 MGMT_OP_START_LIMITED_DISCOVERY,
5993 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
5994 void *data, u16 len)
5996 struct mgmt_cp_start_service_discovery *cp = data;
5997 struct mgmt_pending_cmd *cmd;
5998 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
5999 u16 uuid_count, expected_len;
6003 bt_dev_dbg(hdev, "sock %p", sk);
6007 if (!hdev_is_powered(hdev)) {
6008 err = mgmt_cmd_complete(sk, hdev->id,
6009 MGMT_OP_START_SERVICE_DISCOVERY,
6010 MGMT_STATUS_NOT_POWERED,
6011 &cp->type, sizeof(cp->type));
6015 if (hdev->discovery.state != DISCOVERY_STOPPED ||
6016 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
6017 err = mgmt_cmd_complete(sk, hdev->id,
6018 MGMT_OP_START_SERVICE_DISCOVERY,
6019 MGMT_STATUS_BUSY, &cp->type,
6024 if (hdev->discovery_paused) {
6025 err = mgmt_cmd_complete(sk, hdev->id,
6026 MGMT_OP_START_SERVICE_DISCOVERY,
6027 MGMT_STATUS_BUSY, &cp->type,
6032 uuid_count = __le16_to_cpu(cp->uuid_count);
6033 if (uuid_count > max_uuid_count) {
6034 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
6036 err = mgmt_cmd_complete(sk, hdev->id,
6037 MGMT_OP_START_SERVICE_DISCOVERY,
6038 MGMT_STATUS_INVALID_PARAMS, &cp->type,
6043 expected_len = sizeof(*cp) + uuid_count * 16;
6044 if (expected_len != len) {
6045 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
6047 err = mgmt_cmd_complete(sk, hdev->id,
6048 MGMT_OP_START_SERVICE_DISCOVERY,
6049 MGMT_STATUS_INVALID_PARAMS, &cp->type,
6054 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
6055 err = mgmt_cmd_complete(sk, hdev->id,
6056 MGMT_OP_START_SERVICE_DISCOVERY,
6057 status, &cp->type, sizeof(cp->type));
6061 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
6068 /* Clear the discovery filter first to free any previously
6069 * allocated memory for the UUID list.
6071 hci_discovery_filter_clear(hdev);
6073 hdev->discovery.result_filtering = true;
6074 hdev->discovery.type = cp->type;
6075 hdev->discovery.rssi = cp->rssi;
6076 hdev->discovery.uuid_count = uuid_count;
6078 if (uuid_count > 0) {
6079 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
6081 if (!hdev->discovery.uuids) {
6082 err = mgmt_cmd_complete(sk, hdev->id,
6083 MGMT_OP_START_SERVICE_DISCOVERY,
6085 &cp->type, sizeof(cp->type));
6086 mgmt_pending_remove(cmd);
6091 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
6092 start_discovery_complete);
6094 mgmt_pending_remove(cmd);
6098 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
6101 hci_dev_unlock(hdev);
6105 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
6107 struct mgmt_pending_cmd *cmd;
6109 bt_dev_dbg(hdev, "status %u", status);
6113 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
6115 cmd->cmd_complete(cmd, mgmt_status(status));
6116 mgmt_pending_remove(cmd);
6119 hci_dev_unlock(hdev);
6122 static void stop_discovery_complete(struct hci_dev *hdev, void *data, int err)
6124 struct mgmt_pending_cmd *cmd = data;
6126 if (cmd != pending_find(MGMT_OP_STOP_DISCOVERY, hdev))
6129 bt_dev_dbg(hdev, "err %d", err);
6131 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
6133 mgmt_pending_remove(cmd);
6136 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
6139 static int stop_discovery_sync(struct hci_dev *hdev, void *data)
6141 return hci_stop_discovery_sync(hdev);
6144 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
6147 struct mgmt_cp_stop_discovery *mgmt_cp = data;
6148 struct mgmt_pending_cmd *cmd;
6151 bt_dev_dbg(hdev, "sock %p", sk);
6155 if (!hci_discovery_active(hdev)) {
6156 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
6157 MGMT_STATUS_REJECTED, &mgmt_cp->type,
6158 sizeof(mgmt_cp->type));
6162 if (hdev->discovery.type != mgmt_cp->type) {
6163 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
6164 MGMT_STATUS_INVALID_PARAMS,
6165 &mgmt_cp->type, sizeof(mgmt_cp->type));
6169 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
6175 err = hci_cmd_sync_queue(hdev, stop_discovery_sync, cmd,
6176 stop_discovery_complete);
6178 mgmt_pending_remove(cmd);
6182 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
6185 hci_dev_unlock(hdev);
6189 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
6192 struct mgmt_cp_confirm_name *cp = data;
6193 struct inquiry_entry *e;
6196 bt_dev_dbg(hdev, "sock %p", sk);
6200 if (!hci_discovery_active(hdev)) {
6201 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
6202 MGMT_STATUS_FAILED, &cp->addr,
6207 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
6209 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
6210 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
6215 if (cp->name_known) {
6216 e->name_state = NAME_KNOWN;
6219 e->name_state = NAME_NEEDED;
6220 hci_inquiry_cache_update_resolve(hdev, e);
6223 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
6224 &cp->addr, sizeof(cp->addr));
6227 hci_dev_unlock(hdev);
6231 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
6234 struct mgmt_cp_block_device *cp = data;
6238 bt_dev_dbg(hdev, "sock %p", sk);
6240 if (!bdaddr_type_is_valid(cp->addr.type))
6241 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
6242 MGMT_STATUS_INVALID_PARAMS,
6243 &cp->addr, sizeof(cp->addr));
6247 err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr,
6250 status = MGMT_STATUS_FAILED;
6254 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
6256 status = MGMT_STATUS_SUCCESS;
6259 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
6260 &cp->addr, sizeof(cp->addr));
6262 hci_dev_unlock(hdev);
6267 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
6270 struct mgmt_cp_unblock_device *cp = data;
6274 bt_dev_dbg(hdev, "sock %p", sk);
6276 if (!bdaddr_type_is_valid(cp->addr.type))
6277 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
6278 MGMT_STATUS_INVALID_PARAMS,
6279 &cp->addr, sizeof(cp->addr));
6283 err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr,
6286 status = MGMT_STATUS_INVALID_PARAMS;
6290 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
6292 status = MGMT_STATUS_SUCCESS;
6295 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
6296 &cp->addr, sizeof(cp->addr));
6298 hci_dev_unlock(hdev);
6303 static int set_device_id_sync(struct hci_dev *hdev, void *data)
6305 return hci_update_eir_sync(hdev);
6308 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
6311 struct mgmt_cp_set_device_id *cp = data;
6315 bt_dev_dbg(hdev, "sock %p", sk);
6317 source = __le16_to_cpu(cp->source);
6319 if (source > 0x0002)
6320 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
6321 MGMT_STATUS_INVALID_PARAMS);
6325 hdev->devid_source = source;
6326 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
6327 hdev->devid_product = __le16_to_cpu(cp->product);
6328 hdev->devid_version = __le16_to_cpu(cp->version);
6330 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
6333 hci_cmd_sync_queue(hdev, set_device_id_sync, NULL, NULL);
6335 hci_dev_unlock(hdev);
6340 static void enable_advertising_instance(struct hci_dev *hdev, int err)
6343 bt_dev_err(hdev, "failed to re-configure advertising %d", err);
6345 bt_dev_dbg(hdev, "status %d", err);
6348 static void set_advertising_complete(struct hci_dev *hdev, void *data, int err)
6350 struct cmd_lookup match = { NULL, hdev };
6352 struct adv_info *adv_instance;
6353 u8 status = mgmt_status(err);
6356 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
6357 cmd_status_rsp, &status);
6361 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
6362 hci_dev_set_flag(hdev, HCI_ADVERTISING);
6364 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
6366 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
6369 new_settings(hdev, match.sk);
6374 /* If "Set Advertising" was just disabled and instance advertising was
6375 * set up earlier, then re-enable multi-instance advertising.
6377 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6378 list_empty(&hdev->adv_instances))
6381 instance = hdev->cur_adv_instance;
6383 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
6384 struct adv_info, list);
6388 instance = adv_instance->instance;
6391 err = hci_schedule_adv_instance_sync(hdev, instance, true);
6393 enable_advertising_instance(hdev, err);
6396 static int set_adv_sync(struct hci_dev *hdev, void *data)
6398 struct mgmt_pending_cmd *cmd = data;
6399 struct mgmt_mode *cp = cmd->param;
6402 if (cp->val == 0x02)
6403 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6405 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6407 cancel_adv_timeout(hdev);
6410 /* Switch to instance "0" for the Set Advertising setting.
6411 * We cannot use update_[adv|scan_rsp]_data() here as the
6412 * HCI_ADVERTISING flag is not yet set.
6414 hdev->cur_adv_instance = 0x00;
6416 if (ext_adv_capable(hdev)) {
6417 hci_start_ext_adv_sync(hdev, 0x00);
6419 hci_update_adv_data_sync(hdev, 0x00);
6420 hci_update_scan_rsp_data_sync(hdev, 0x00);
6421 hci_enable_advertising_sync(hdev);
6424 hci_disable_advertising_sync(hdev);
6430 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
6433 struct mgmt_mode *cp = data;
6434 struct mgmt_pending_cmd *cmd;
6438 bt_dev_dbg(hdev, "sock %p", sk);
6440 status = mgmt_le_support(hdev);
6442 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6445 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6446 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6447 MGMT_STATUS_INVALID_PARAMS);
6449 if (hdev->advertising_paused)
6450 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6457 /* The following conditions are ones which mean that we should
6458 * not do any HCI communication but directly send a mgmt
6459 * response to user space (after toggling the flag if
6462 if (!hdev_is_powered(hdev) ||
6463 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
6464 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
6465 hci_dev_test_flag(hdev, HCI_MESH) ||
6466 hci_conn_num(hdev, LE_LINK) > 0 ||
6467 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
6468 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
6472 hdev->cur_adv_instance = 0x00;
6473 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
6474 if (cp->val == 0x02)
6475 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6477 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6479 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
6480 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6483 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
6488 err = new_settings(hdev, sk);
6493 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
6494 pending_find(MGMT_OP_SET_LE, hdev)) {
6495 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6500 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
6504 err = hci_cmd_sync_queue(hdev, set_adv_sync, cmd,
6505 set_advertising_complete);
6508 mgmt_pending_remove(cmd);
6511 hci_dev_unlock(hdev);
6515 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
6516 void *data, u16 len)
6518 struct mgmt_cp_set_static_address *cp = data;
6521 bt_dev_dbg(hdev, "sock %p", sk);
6523 if (!lmp_le_capable(hdev))
6524 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
6525 MGMT_STATUS_NOT_SUPPORTED);
6527 if (hdev_is_powered(hdev))
6528 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
6529 MGMT_STATUS_REJECTED);
6531 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
6532 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
6533 return mgmt_cmd_status(sk, hdev->id,
6534 MGMT_OP_SET_STATIC_ADDRESS,
6535 MGMT_STATUS_INVALID_PARAMS);
6537 /* Two most significant bits shall be set */
6538 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
6539 return mgmt_cmd_status(sk, hdev->id,
6540 MGMT_OP_SET_STATIC_ADDRESS,
6541 MGMT_STATUS_INVALID_PARAMS);
6546 bacpy(&hdev->static_addr, &cp->bdaddr);
6548 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
6552 err = new_settings(hdev, sk);
6555 hci_dev_unlock(hdev);
6559 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
6560 void *data, u16 len)
6562 struct mgmt_cp_set_scan_params *cp = data;
6563 __u16 interval, window;
6566 bt_dev_dbg(hdev, "sock %p", sk);
6568 if (!lmp_le_capable(hdev))
6569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6570 MGMT_STATUS_NOT_SUPPORTED);
6572 interval = __le16_to_cpu(cp->interval);
6574 if (interval < 0x0004 || interval > 0x4000)
6575 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6576 MGMT_STATUS_INVALID_PARAMS);
6578 window = __le16_to_cpu(cp->window);
6580 if (window < 0x0004 || window > 0x4000)
6581 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6582 MGMT_STATUS_INVALID_PARAMS);
6584 if (window > interval)
6585 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6586 MGMT_STATUS_INVALID_PARAMS);
6590 hdev->le_scan_interval = interval;
6591 hdev->le_scan_window = window;
6593 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
6596 /* If background scan is running, restart it so new parameters are
6599 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
6600 hdev->discovery.state == DISCOVERY_STOPPED)
6601 hci_update_passive_scan(hdev);
6603 hci_dev_unlock(hdev);
6608 static void fast_connectable_complete(struct hci_dev *hdev, void *data, int err)
6610 struct mgmt_pending_cmd *cmd = data;
6612 bt_dev_dbg(hdev, "err %d", err);
6615 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
6618 struct mgmt_mode *cp = cmd->param;
6621 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
6623 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
6625 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6626 new_settings(hdev, cmd->sk);
6629 mgmt_pending_free(cmd);
6632 static int write_fast_connectable_sync(struct hci_dev *hdev, void *data)
6634 struct mgmt_pending_cmd *cmd = data;
6635 struct mgmt_mode *cp = cmd->param;
6637 return hci_write_fast_connectable_sync(hdev, cp->val);
6640 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
6641 void *data, u16 len)
6643 struct mgmt_mode *cp = data;
6644 struct mgmt_pending_cmd *cmd;
6647 bt_dev_dbg(hdev, "sock %p", sk);
6649 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
6650 hdev->hci_ver < BLUETOOTH_VER_1_2)
6651 return mgmt_cmd_status(sk, hdev->id,
6652 MGMT_OP_SET_FAST_CONNECTABLE,
6653 MGMT_STATUS_NOT_SUPPORTED);
6655 if (cp->val != 0x00 && cp->val != 0x01)
6656 return mgmt_cmd_status(sk, hdev->id,
6657 MGMT_OP_SET_FAST_CONNECTABLE,
6658 MGMT_STATUS_INVALID_PARAMS);
6662 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
6663 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6667 if (!hdev_is_powered(hdev)) {
6668 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
6669 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6670 new_settings(hdev, sk);
6674 cmd = mgmt_pending_new(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, data,
6679 err = hci_cmd_sync_queue(hdev, write_fast_connectable_sync, cmd,
6680 fast_connectable_complete);
6683 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
6684 MGMT_STATUS_FAILED);
6687 mgmt_pending_free(cmd);
6691 hci_dev_unlock(hdev);
6696 static void set_bredr_complete(struct hci_dev *hdev, void *data, int err)
6698 struct mgmt_pending_cmd *cmd = data;
6700 bt_dev_dbg(hdev, "err %d", err);
6703 u8 mgmt_err = mgmt_status(err);
6705 /* We need to restore the flag if related HCI commands
6708 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
6710 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
6712 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
6713 new_settings(hdev, cmd->sk);
6716 mgmt_pending_free(cmd);
6719 static int set_bredr_sync(struct hci_dev *hdev, void *data)
6723 status = hci_write_fast_connectable_sync(hdev, false);
6726 status = hci_update_scan_sync(hdev);
6728 /* Since only the advertising data flags will change, there
6729 * is no need to update the scan response data.
6732 status = hci_update_adv_data_sync(hdev, hdev->cur_adv_instance);
6737 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6739 struct mgmt_mode *cp = data;
6740 struct mgmt_pending_cmd *cmd;
6743 bt_dev_dbg(hdev, "sock %p", sk);
6745 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
6746 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6747 MGMT_STATUS_NOT_SUPPORTED);
6749 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
6750 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6751 MGMT_STATUS_REJECTED);
6753 if (cp->val != 0x00 && cp->val != 0x01)
6754 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6755 MGMT_STATUS_INVALID_PARAMS);
6759 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
6760 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6764 if (!hdev_is_powered(hdev)) {
6766 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
6767 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
6768 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
6769 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
6770 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
6773 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
6775 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6779 err = new_settings(hdev, sk);
6783 /* Reject disabling when powered on */
6785 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6786 MGMT_STATUS_REJECTED);
6789 /* When configuring a dual-mode controller to operate
6790 * with LE only and using a static address, then switching
6791 * BR/EDR back on is not allowed.
6793 * Dual-mode controllers shall operate with the public
6794 * address as its identity address for BR/EDR and LE. So
6795 * reject the attempt to create an invalid configuration.
6797 * The same restrictions applies when secure connections
6798 * has been enabled. For BR/EDR this is a controller feature
6799 * while for LE it is a host stack feature. This means that
6800 * switching BR/EDR back on when secure connections has been
6801 * enabled is not a supported transaction.
6803 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6804 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
6805 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
6806 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6807 MGMT_STATUS_REJECTED);
6812 cmd = mgmt_pending_new(sk, MGMT_OP_SET_BREDR, hdev, data, len);
6816 err = hci_cmd_sync_queue(hdev, set_bredr_sync, cmd,
6817 set_bredr_complete);
6820 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6821 MGMT_STATUS_FAILED);
6823 mgmt_pending_free(cmd);
6828 /* We need to flip the bit already here so that
6829 * hci_req_update_adv_data generates the correct flags.
6831 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
6834 hci_dev_unlock(hdev);
6838 static void set_secure_conn_complete(struct hci_dev *hdev, void *data, int err)
6840 struct mgmt_pending_cmd *cmd = data;
6841 struct mgmt_mode *cp;
6843 bt_dev_dbg(hdev, "err %d", err);
6846 u8 mgmt_err = mgmt_status(err);
6848 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
6856 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
6857 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6860 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6861 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6864 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6865 hci_dev_set_flag(hdev, HCI_SC_ONLY);
6869 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
6870 new_settings(hdev, cmd->sk);
6873 mgmt_pending_free(cmd);
6876 static int set_secure_conn_sync(struct hci_dev *hdev, void *data)
6878 struct mgmt_pending_cmd *cmd = data;
6879 struct mgmt_mode *cp = cmd->param;
6882 /* Force write of val */
6883 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6885 return hci_write_sc_support_sync(hdev, val);
6888 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
6889 void *data, u16 len)
6891 struct mgmt_mode *cp = data;
6892 struct mgmt_pending_cmd *cmd;
6896 bt_dev_dbg(hdev, "sock %p", sk);
6898 if (!lmp_sc_capable(hdev) &&
6899 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
6900 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6901 MGMT_STATUS_NOT_SUPPORTED);
6903 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6904 lmp_sc_capable(hdev) &&
6905 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
6906 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6907 MGMT_STATUS_REJECTED);
6909 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6910 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6911 MGMT_STATUS_INVALID_PARAMS);
6915 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
6916 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
6920 changed = !hci_dev_test_and_set_flag(hdev,
6922 if (cp->val == 0x02)
6923 hci_dev_set_flag(hdev, HCI_SC_ONLY);
6925 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6927 changed = hci_dev_test_and_clear_flag(hdev,
6929 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6932 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6937 err = new_settings(hdev, sk);
6944 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6945 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6946 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6950 cmd = mgmt_pending_new(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
6954 err = hci_cmd_sync_queue(hdev, set_secure_conn_sync, cmd,
6955 set_secure_conn_complete);
6958 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6959 MGMT_STATUS_FAILED);
6961 mgmt_pending_free(cmd);
6965 hci_dev_unlock(hdev);
6969 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
6970 void *data, u16 len)
6972 struct mgmt_mode *cp = data;
6973 bool changed, use_changed;
6976 bt_dev_dbg(hdev, "sock %p", sk);
6978 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6979 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
6980 MGMT_STATUS_INVALID_PARAMS);
6985 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
6987 changed = hci_dev_test_and_clear_flag(hdev,
6988 HCI_KEEP_DEBUG_KEYS);
6990 if (cp->val == 0x02)
6991 use_changed = !hci_dev_test_and_set_flag(hdev,
6992 HCI_USE_DEBUG_KEYS);
6994 use_changed = hci_dev_test_and_clear_flag(hdev,
6995 HCI_USE_DEBUG_KEYS);
6997 if (hdev_is_powered(hdev) && use_changed &&
6998 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6999 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
7000 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
7001 sizeof(mode), &mode);
7004 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
7009 err = new_settings(hdev, sk);
7012 hci_dev_unlock(hdev);
7016 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
7019 struct mgmt_cp_set_privacy *cp = cp_data;
7023 bt_dev_dbg(hdev, "sock %p", sk);
7025 if (!lmp_le_capable(hdev))
7026 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7027 MGMT_STATUS_NOT_SUPPORTED);
7029 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
7030 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7031 MGMT_STATUS_INVALID_PARAMS);
7033 if (hdev_is_powered(hdev))
7034 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7035 MGMT_STATUS_REJECTED);
7039 /* If user space supports this command it is also expected to
7040 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
7042 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
7045 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
7046 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
7047 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
7048 hci_adv_instances_set_rpa_expired(hdev, true);
7049 if (cp->privacy == 0x02)
7050 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
7052 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
7054 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
7055 memset(hdev->irk, 0, sizeof(hdev->irk));
7056 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
7057 hci_adv_instances_set_rpa_expired(hdev, false);
7058 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
7061 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
7066 err = new_settings(hdev, sk);
7069 hci_dev_unlock(hdev);
7073 static bool irk_is_valid(struct mgmt_irk_info *irk)
7075 switch (irk->addr.type) {
7076 case BDADDR_LE_PUBLIC:
7079 case BDADDR_LE_RANDOM:
7080 /* Two most significant bits shall be set */
7081 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
7089 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
7092 struct mgmt_cp_load_irks *cp = cp_data;
7093 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
7094 sizeof(struct mgmt_irk_info));
7095 u16 irk_count, expected_len;
7098 bt_dev_dbg(hdev, "sock %p", sk);
7100 if (!lmp_le_capable(hdev))
7101 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7102 MGMT_STATUS_NOT_SUPPORTED);
7104 irk_count = __le16_to_cpu(cp->irk_count);
7105 if (irk_count > max_irk_count) {
7106 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
7108 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7109 MGMT_STATUS_INVALID_PARAMS);
7112 expected_len = struct_size(cp, irks, irk_count);
7113 if (expected_len != len) {
7114 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
7116 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7117 MGMT_STATUS_INVALID_PARAMS);
7120 bt_dev_dbg(hdev, "irk_count %u", irk_count);
7122 for (i = 0; i < irk_count; i++) {
7123 struct mgmt_irk_info *key = &cp->irks[i];
7125 if (!irk_is_valid(key))
7126 return mgmt_cmd_status(sk, hdev->id,
7128 MGMT_STATUS_INVALID_PARAMS);
7133 hci_smp_irks_clear(hdev);
7135 for (i = 0; i < irk_count; i++) {
7136 struct mgmt_irk_info *irk = &cp->irks[i];
7137 u8 addr_type = le_addr_type(irk->addr.type);
7139 if (hci_is_blocked_key(hdev,
7140 HCI_BLOCKED_KEY_TYPE_IRK,
7142 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
7147 /* When using SMP over BR/EDR, the addr type should be set to BREDR */
7148 if (irk->addr.type == BDADDR_BREDR)
7149 addr_type = BDADDR_BREDR;
7151 hci_add_irk(hdev, &irk->addr.bdaddr,
7152 addr_type, irk->val,
7156 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
7158 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
7160 hci_dev_unlock(hdev);
7166 static int set_advertising_params(struct sock *sk, struct hci_dev *hdev,
7167 void *data, u16 len)
7169 struct mgmt_cp_set_advertising_params *cp = data;
7174 BT_DBG("%s", hdev->name);
7176 if (!lmp_le_capable(hdev))
7177 return mgmt_cmd_status(sk, hdev->id,
7178 MGMT_OP_SET_ADVERTISING_PARAMS,
7179 MGMT_STATUS_NOT_SUPPORTED);
7181 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7182 return mgmt_cmd_status(sk, hdev->id,
7183 MGMT_OP_SET_ADVERTISING_PARAMS,
7186 min_interval = __le16_to_cpu(cp->interval_min);
7187 max_interval = __le16_to_cpu(cp->interval_max);
7189 if (min_interval > max_interval ||
7190 min_interval < 0x0020 || max_interval > 0x4000)
7191 return mgmt_cmd_status(sk, hdev->id,
7192 MGMT_OP_SET_ADVERTISING_PARAMS,
7193 MGMT_STATUS_INVALID_PARAMS);
7197 hdev->le_adv_min_interval = min_interval;
7198 hdev->le_adv_max_interval = max_interval;
7199 hdev->adv_filter_policy = cp->filter_policy;
7200 hdev->adv_type = cp->type;
7202 err = mgmt_cmd_complete(sk, hdev->id,
7203 MGMT_OP_SET_ADVERTISING_PARAMS, 0, NULL, 0);
7205 hci_dev_unlock(hdev);
7210 static void set_advertising_data_complete(struct hci_dev *hdev,
7211 u8 status, u16 opcode)
7213 struct mgmt_cp_set_advertising_data *cp;
7214 struct mgmt_pending_cmd *cmd;
7216 BT_DBG("status 0x%02x", status);
7220 cmd = pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev);
7227 mgmt_cmd_status(cmd->sk, hdev->id,
7228 MGMT_OP_SET_ADVERTISING_DATA,
7229 mgmt_status(status));
7231 mgmt_cmd_complete(cmd->sk, hdev->id,
7232 MGMT_OP_SET_ADVERTISING_DATA, 0,
7235 mgmt_pending_remove(cmd);
7238 hci_dev_unlock(hdev);
7241 static int set_advertising_data(struct sock *sk, struct hci_dev *hdev,
7242 void *data, u16 len)
7244 struct mgmt_pending_cmd *cmd;
7245 struct hci_request req;
7246 struct mgmt_cp_set_advertising_data *cp = data;
7247 struct hci_cp_le_set_adv_data adv;
7250 BT_DBG("%s", hdev->name);
7252 if (!lmp_le_capable(hdev)) {
7253 return mgmt_cmd_status(sk, hdev->id,
7254 MGMT_OP_SET_ADVERTISING_DATA,
7255 MGMT_STATUS_NOT_SUPPORTED);
7260 if (pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev)) {
7261 err = mgmt_cmd_status(sk, hdev->id,
7262 MGMT_OP_SET_ADVERTISING_DATA,
7267 if (len > HCI_MAX_AD_LENGTH) {
7268 err = mgmt_cmd_status(sk, hdev->id,
7269 MGMT_OP_SET_ADVERTISING_DATA,
7270 MGMT_STATUS_INVALID_PARAMS);
7274 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING_DATA,
7281 hci_req_init(&req, hdev);
7283 memset(&adv, 0, sizeof(adv));
7284 memcpy(adv.data, cp->data, len);
7287 hci_req_add(&req, HCI_OP_LE_SET_ADV_DATA, sizeof(adv), &adv);
7289 err = hci_req_run(&req, set_advertising_data_complete);
7291 mgmt_pending_remove(cmd);
7294 hci_dev_unlock(hdev);
7299 /* Adv White List feature */
7300 static void add_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7302 struct mgmt_cp_add_dev_white_list *cp;
7303 struct mgmt_pending_cmd *cmd;
7305 BT_DBG("status 0x%02x", status);
7309 cmd = pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev);
7316 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
7317 mgmt_status(status));
7319 mgmt_cmd_complete(cmd->sk, hdev->id,
7320 MGMT_OP_ADD_DEV_WHITE_LIST, 0, cp, sizeof(*cp));
7322 mgmt_pending_remove(cmd);
7325 hci_dev_unlock(hdev);
7328 static int add_white_list(struct sock *sk, struct hci_dev *hdev,
7329 void *data, u16 len)
7331 struct mgmt_pending_cmd *cmd;
7332 struct mgmt_cp_add_dev_white_list *cp = data;
7333 struct hci_request req;
7336 BT_DBG("%s", hdev->name);
7338 if (!lmp_le_capable(hdev))
7339 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
7340 MGMT_STATUS_NOT_SUPPORTED);
7342 if (!hdev_is_powered(hdev))
7343 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
7344 MGMT_STATUS_REJECTED);
7348 if (pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev)) {
7349 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
7354 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEV_WHITE_LIST, hdev, data, len);
7360 hci_req_init(&req, hdev);
7362 hci_req_add(&req, HCI_OP_LE_ADD_TO_ACCEPT_LIST, sizeof(*cp), cp);
7364 err = hci_req_run(&req, add_white_list_complete);
7366 mgmt_pending_remove(cmd);
7371 hci_dev_unlock(hdev);
7376 static void remove_from_white_list_complete(struct hci_dev *hdev,
7377 u8 status, u16 opcode)
7379 struct mgmt_cp_remove_dev_from_white_list *cp;
7380 struct mgmt_pending_cmd *cmd;
7382 BT_DBG("status 0x%02x", status);
7386 cmd = pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev);
7393 mgmt_cmd_status(cmd->sk, hdev->id,
7394 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7395 mgmt_status(status));
7397 mgmt_cmd_complete(cmd->sk, hdev->id,
7398 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, 0,
7401 mgmt_pending_remove(cmd);
7404 hci_dev_unlock(hdev);
7407 static int remove_from_white_list(struct sock *sk, struct hci_dev *hdev,
7408 void *data, u16 len)
7410 struct mgmt_pending_cmd *cmd;
7411 struct mgmt_cp_remove_dev_from_white_list *cp = data;
7412 struct hci_request req;
7415 BT_DBG("%s", hdev->name);
7417 if (!lmp_le_capable(hdev))
7418 return mgmt_cmd_status(sk, hdev->id,
7419 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7420 MGMT_STATUS_NOT_SUPPORTED);
7422 if (!hdev_is_powered(hdev))
7423 return mgmt_cmd_status(sk, hdev->id,
7424 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7425 MGMT_STATUS_REJECTED);
7429 if (pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev)) {
7430 err = mgmt_cmd_status(sk, hdev->id,
7431 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7436 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7443 hci_req_init(&req, hdev);
7445 hci_req_add(&req, HCI_OP_LE_DEL_FROM_ACCEPT_LIST, sizeof(*cp), cp);
7447 err = hci_req_run(&req, remove_from_white_list_complete);
7449 mgmt_pending_remove(cmd);
7454 hci_dev_unlock(hdev);
7459 static void clear_white_list_complete(struct hci_dev *hdev, u8 status,
7462 struct mgmt_pending_cmd *cmd;
7464 BT_DBG("status 0x%02x", status);
7468 cmd = pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev);
7473 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
7474 mgmt_status(status));
7476 mgmt_cmd_complete(cmd->sk, hdev->id,
7477 MGMT_OP_CLEAR_DEV_WHITE_LIST,
7480 mgmt_pending_remove(cmd);
7483 hci_dev_unlock(hdev);
7486 static int clear_white_list(struct sock *sk, struct hci_dev *hdev,
7487 void *data, u16 len)
7489 struct mgmt_pending_cmd *cmd;
7490 struct hci_request req;
7493 BT_DBG("%s", hdev->name);
7495 if (!lmp_le_capable(hdev))
7496 return mgmt_cmd_status(sk, hdev->id,
7497 MGMT_OP_CLEAR_DEV_WHITE_LIST,
7498 MGMT_STATUS_NOT_SUPPORTED);
7500 if (!hdev_is_powered(hdev))
7501 return mgmt_cmd_status(sk, hdev->id,
7502 MGMT_OP_CLEAR_DEV_WHITE_LIST,
7503 MGMT_STATUS_REJECTED);
7507 if (pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev)) {
7508 err = mgmt_cmd_status(sk, hdev->id,
7509 MGMT_OP_CLEAR_DEV_WHITE_LIST,
7514 cmd = mgmt_pending_add(sk, MGMT_OP_CLEAR_DEV_WHITE_LIST,
7521 hci_req_init(&req, hdev);
7523 hci_req_add(&req, HCI_OP_LE_CLEAR_ACCEPT_LIST, 0, NULL);
7525 err = hci_req_run(&req, clear_white_list_complete);
7527 mgmt_pending_remove(cmd);
7532 hci_dev_unlock(hdev);
7537 static void set_scan_rsp_data_complete(struct hci_dev *hdev, u8 status,
7540 struct mgmt_cp_set_scan_rsp_data *cp;
7541 struct mgmt_pending_cmd *cmd;
7543 BT_DBG("status 0x%02x", status);
7547 cmd = pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev);
7554 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
7555 mgmt_status(status));
7557 mgmt_cmd_complete(cmd->sk, hdev->id,
7558 MGMT_OP_SET_SCAN_RSP_DATA, 0,
7561 mgmt_pending_remove(cmd);
7564 hci_dev_unlock(hdev);
7567 static int set_scan_rsp_data(struct sock *sk, struct hci_dev *hdev, void *data,
7570 struct mgmt_pending_cmd *cmd;
7571 struct hci_request req;
7572 struct mgmt_cp_set_scan_rsp_data *cp = data;
7573 struct hci_cp_le_set_scan_rsp_data rsp;
7576 BT_DBG("%s", hdev->name);
7578 if (!lmp_le_capable(hdev))
7579 return mgmt_cmd_status(sk, hdev->id,
7580 MGMT_OP_SET_SCAN_RSP_DATA,
7581 MGMT_STATUS_NOT_SUPPORTED);
7585 if (pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev)) {
7586 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
7591 if (len > HCI_MAX_AD_LENGTH) {
7592 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
7593 MGMT_STATUS_INVALID_PARAMS);
7597 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SCAN_RSP_DATA, hdev, data, len);
7603 hci_req_init(&req, hdev);
7605 memset(&rsp, 0, sizeof(rsp));
7606 memcpy(rsp.data, cp->data, len);
7609 hci_req_add(&req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(rsp), &rsp);
7611 err = hci_req_run(&req, set_scan_rsp_data_complete);
7613 mgmt_pending_remove(cmd);
7616 hci_dev_unlock(hdev);
7621 static void set_rssi_threshold_complete(struct hci_dev *hdev,
7622 u8 status, u16 opcode)
7624 struct mgmt_pending_cmd *cmd;
7626 BT_DBG("status 0x%02x", status);
7630 cmd = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7635 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7636 mgmt_status(status));
7638 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, 0,
7641 mgmt_pending_remove(cmd);
7644 hci_dev_unlock(hdev);
7647 static void set_rssi_disable_complete(struct hci_dev *hdev,
7648 u8 status, u16 opcode)
7650 struct mgmt_pending_cmd *cmd;
7652 BT_DBG("status 0x%02x", status);
7656 cmd = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
7661 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7662 mgmt_status(status));
7664 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7667 mgmt_pending_remove(cmd);
7670 hci_dev_unlock(hdev);
7673 int mgmt_set_rssi_threshold(struct sock *sk, struct hci_dev *hdev,
7674 void *data, u16 len)
7677 struct hci_cp_set_rssi_threshold th = { 0, };
7678 struct mgmt_cp_set_enable_rssi *cp = data;
7679 struct hci_conn *conn;
7680 struct mgmt_pending_cmd *cmd;
7681 struct hci_request req;
7686 cmd = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7688 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7689 MGMT_STATUS_FAILED);
7693 if (!lmp_le_capable(hdev)) {
7694 mgmt_pending_remove(cmd);
7695 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7696 MGMT_STATUS_NOT_SUPPORTED);
7700 if (!hdev_is_powered(hdev)) {
7701 BT_DBG("%s", hdev->name);
7702 mgmt_pending_remove(cmd);
7703 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7704 MGMT_STATUS_NOT_POWERED);
7708 if (cp->link_type == 0x01)
7709 dest_type = LE_LINK;
7711 dest_type = ACL_LINK;
7713 /* Get LE/ACL link handle info */
7714 conn = hci_conn_hash_lookup_ba(hdev,
7715 dest_type, &cp->bdaddr);
7718 err = mgmt_cmd_complete(sk, hdev->id,
7719 MGMT_OP_SET_RSSI_ENABLE, 1, NULL, 0);
7720 mgmt_pending_remove(cmd);
7724 hci_req_init(&req, hdev);
7726 th.hci_le_ext_opcode = 0x0B;
7728 th.conn_handle = conn->handle;
7729 th.alert_mask = 0x07;
7730 th.low_th = cp->low_th;
7731 th.in_range_th = cp->in_range_th;
7732 th.high_th = cp->high_th;
7734 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
7735 err = hci_req_run(&req, set_rssi_threshold_complete);
7738 mgmt_pending_remove(cmd);
7739 BT_ERR("Error in requesting hci_req_run");
7744 hci_dev_unlock(hdev);
7748 void mgmt_rssi_enable_success(struct sock *sk, struct hci_dev *hdev,
7749 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
7751 struct mgmt_cc_rsp_enable_rssi mgmt_rp = { 0, };
7752 struct mgmt_cp_set_enable_rssi *cp = data;
7753 struct mgmt_pending_cmd *cmd;
7758 mgmt_rp.status = rp->status;
7759 mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
7760 mgmt_rp.bt_address = cp->bdaddr;
7761 mgmt_rp.link_type = cp->link_type;
7763 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7764 MGMT_STATUS_SUCCESS, &mgmt_rp,
7765 sizeof(struct mgmt_cc_rsp_enable_rssi));
7767 mgmt_event(MGMT_EV_RSSI_ENABLED, hdev, &mgmt_rp,
7768 sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
7770 hci_conn_rssi_unset_all(hdev, mgmt_rp.link_type);
7771 hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
7772 &mgmt_rp.bt_address, true);
7776 cmd = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7778 mgmt_pending_remove(cmd);
7780 hci_dev_unlock(hdev);
7783 void mgmt_rssi_disable_success(struct sock *sk, struct hci_dev *hdev,
7784 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
7786 struct mgmt_cc_rp_disable_rssi mgmt_rp = { 0, };
7787 struct mgmt_cp_disable_rssi *cp = data;
7788 struct mgmt_pending_cmd *cmd;
7793 mgmt_rp.status = rp->status;
7794 mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
7795 mgmt_rp.bt_address = cp->bdaddr;
7796 mgmt_rp.link_type = cp->link_type;
7798 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7799 MGMT_STATUS_SUCCESS, &mgmt_rp,
7800 sizeof(struct mgmt_cc_rsp_enable_rssi));
7802 mgmt_event(MGMT_EV_RSSI_DISABLED, hdev, &mgmt_rp,
7803 sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
7805 hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
7806 &mgmt_rp.bt_address, false);
7810 cmd = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
7812 mgmt_pending_remove(cmd);
7814 hci_dev_unlock(hdev);
7817 static int mgmt_set_disable_rssi(struct sock *sk, struct hci_dev *hdev,
7818 void *data, u16 len)
7820 struct mgmt_pending_cmd *cmd;
7821 struct hci_request req;
7822 struct hci_cp_set_enable_rssi cp_en = { 0, };
7825 BT_DBG("Set Disable RSSI.");
7827 cp_en.hci_le_ext_opcode = 0x01;
7828 cp_en.le_enable_cs_Features = 0x00;
7829 cp_en.data[0] = 0x00;
7830 cp_en.data[1] = 0x00;
7831 cp_en.data[2] = 0x00;
7835 cmd = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
7837 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7838 MGMT_STATUS_FAILED);
7842 if (!lmp_le_capable(hdev)) {
7843 mgmt_pending_remove(cmd);
7844 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7845 MGMT_STATUS_NOT_SUPPORTED);
7849 if (!hdev_is_powered(hdev)) {
7850 BT_DBG("%s", hdev->name);
7851 mgmt_pending_remove(cmd);
7852 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7853 MGMT_STATUS_NOT_POWERED);
7857 hci_req_init(&req, hdev);
7859 BT_DBG("Enable Len: %zu [%2.2X %2.2X %2.2X %2.2X %2.2X]",
7860 sizeof(struct hci_cp_set_enable_rssi),
7861 cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
7862 cp_en.data[0], cp_en.data[1], cp_en.data[2]);
7864 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
7865 err = hci_req_run(&req, set_rssi_disable_complete);
7868 mgmt_pending_remove(cmd);
7869 BT_ERR("Error in requesting hci_req_run");
7874 hci_dev_unlock(hdev);
7878 void mgmt_enable_rssi_cc(struct hci_dev *hdev, void *response, u8 status)
7880 struct hci_cc_rsp_enable_rssi *rp = response;
7881 struct mgmt_pending_cmd *cmd_enable = NULL;
7882 struct mgmt_pending_cmd *cmd_disable = NULL;
7883 struct mgmt_cp_set_enable_rssi *cp_en;
7884 struct mgmt_cp_disable_rssi *cp_dis;
7887 cmd_enable = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7888 cmd_disable = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
7889 hci_dev_unlock(hdev);
7892 BT_DBG("Enable Request");
7895 BT_DBG("Disable Request");
7898 cp_en = cmd_enable->param;
7903 switch (rp->le_ext_opcode) {
7905 BT_DBG("RSSI enabled.. Setting Threshold...");
7906 mgmt_set_rssi_threshold(cmd_enable->sk, hdev,
7907 cp_en, sizeof(*cp_en));
7911 BT_DBG("Sending RSSI enable success");
7912 mgmt_rssi_enable_success(cmd_enable->sk, hdev,
7913 cp_en, rp, rp->status);
7917 } else if (cmd_disable) {
7918 cp_dis = cmd_disable->param;
7923 switch (rp->le_ext_opcode) {
7925 BT_DBG("Sending RSSI disable success");
7926 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
7927 cp_dis, rp, rp->status);
7932 * Only unset RSSI Threshold values for the Link if
7933 * RSSI is monitored for other BREDR or LE Links
7935 if (hci_conn_hash_lookup_rssi_count(hdev) > 1) {
7936 BT_DBG("Unset Threshold. Other links being monitored");
7937 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
7938 cp_dis, rp, rp->status);
7940 BT_DBG("Unset Threshold. Disabling...");
7941 mgmt_set_disable_rssi(cmd_disable->sk, hdev,
7942 cp_dis, sizeof(*cp_dis));
7949 static void set_rssi_enable_complete(struct hci_dev *hdev, u8 status,
7952 struct mgmt_pending_cmd *cmd;
7954 BT_DBG("status 0x%02x", status);
7958 cmd = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7963 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7964 mgmt_status(status));
7966 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, 0,
7969 mgmt_pending_remove(cmd);
7972 hci_dev_unlock(hdev);
7975 static int set_enable_rssi(struct sock *sk, struct hci_dev *hdev,
7976 void *data, u16 len)
7978 struct mgmt_pending_cmd *cmd;
7979 struct hci_request req;
7980 struct mgmt_cp_set_enable_rssi *cp = data;
7981 struct hci_cp_set_enable_rssi cp_en = { 0, };
7984 BT_DBG("Set Enable RSSI.");
7986 cp_en.hci_le_ext_opcode = 0x01;
7987 cp_en.le_enable_cs_Features = 0x04;
7988 cp_en.data[0] = 0x00;
7989 cp_en.data[1] = 0x00;
7990 cp_en.data[2] = 0x00;
7994 if (!lmp_le_capable(hdev)) {
7995 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7996 MGMT_STATUS_NOT_SUPPORTED);
8000 if (!hdev_is_powered(hdev)) {
8001 BT_DBG("%s", hdev->name);
8002 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
8003 MGMT_STATUS_NOT_POWERED);
8007 if (pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev)) {
8008 BT_DBG("%s", hdev->name);
8009 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
8014 cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_ENABLE, hdev, cp,
8017 BT_DBG("%s", hdev->name);
8022 /* If RSSI is already enabled directly set Threshold values */
8023 if (hci_conn_hash_lookup_rssi_count(hdev) > 0) {
8024 hci_dev_unlock(hdev);
8025 BT_DBG("RSSI Enabled. Directly set Threshold");
8026 err = mgmt_set_rssi_threshold(sk, hdev, cp, sizeof(*cp));
8030 hci_req_init(&req, hdev);
8032 BT_DBG("Enable Len: %zu [%2.2X %2.2X %2.2X %2.2X %2.2X]",
8033 sizeof(struct hci_cp_set_enable_rssi),
8034 cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
8035 cp_en.data[0], cp_en.data[1], cp_en.data[2]);
8037 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
8038 err = hci_req_run(&req, set_rssi_enable_complete);
8041 mgmt_pending_remove(cmd);
8042 BT_ERR("Error in requesting hci_req_run");
8047 hci_dev_unlock(hdev);
8052 static void get_raw_rssi_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8054 struct mgmt_pending_cmd *cmd;
8056 BT_DBG("status 0x%02x", status);
8060 cmd = pending_find(MGMT_OP_GET_RAW_RSSI, hdev);
8064 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8065 MGMT_STATUS_SUCCESS, &status, 1);
8067 mgmt_pending_remove(cmd);
8070 hci_dev_unlock(hdev);
8073 static int get_raw_rssi(struct sock *sk, struct hci_dev *hdev, void *data,
8076 struct mgmt_pending_cmd *cmd;
8077 struct hci_request req;
8078 struct mgmt_cp_get_raw_rssi *cp = data;
8079 struct hci_cp_get_raw_rssi hci_cp;
8081 struct hci_conn *conn;
8085 BT_DBG("Get Raw RSSI.");
8089 if (!lmp_le_capable(hdev)) {
8090 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8091 MGMT_STATUS_NOT_SUPPORTED);
8095 if (cp->link_type == 0x01)
8096 dest_type = LE_LINK;
8098 dest_type = ACL_LINK;
8100 /* Get LE/BREDR link handle info */
8101 conn = hci_conn_hash_lookup_ba(hdev,
8102 dest_type, &cp->bt_address);
8104 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8105 MGMT_STATUS_NOT_CONNECTED);
8108 hci_cp.conn_handle = conn->handle;
8110 if (!hdev_is_powered(hdev)) {
8111 BT_DBG("%s", hdev->name);
8112 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8113 MGMT_STATUS_NOT_POWERED);
8117 if (pending_find(MGMT_OP_GET_RAW_RSSI, hdev)) {
8118 BT_DBG("%s", hdev->name);
8119 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8124 cmd = mgmt_pending_add(sk, MGMT_OP_GET_RAW_RSSI, hdev, data, len);
8126 BT_DBG("%s", hdev->name);
8131 hci_req_init(&req, hdev);
8133 BT_DBG("Connection Handle [%d]", hci_cp.conn_handle);
8134 hci_req_add(&req, HCI_OP_GET_RAW_RSSI, sizeof(hci_cp), &hci_cp);
8135 err = hci_req_run(&req, get_raw_rssi_complete);
8138 mgmt_pending_remove(cmd);
8139 BT_ERR("Error in requesting hci_req_run");
8143 hci_dev_unlock(hdev);
8148 void mgmt_raw_rssi_response(struct hci_dev *hdev,
8149 struct hci_cc_rp_get_raw_rssi *rp, int success)
8151 struct mgmt_cc_rp_get_raw_rssi mgmt_rp = { 0, };
8152 struct hci_conn *conn;
8154 mgmt_rp.status = rp->status;
8155 mgmt_rp.rssi_dbm = rp->rssi_dbm;
8157 conn = hci_conn_hash_lookup_handle(hdev, rp->conn_handle);
8161 bacpy(&mgmt_rp.bt_address, &conn->dst);
8162 if (conn->type == LE_LINK)
8163 mgmt_rp.link_type = 0x01;
8165 mgmt_rp.link_type = 0x00;
8167 mgmt_event(MGMT_EV_RAW_RSSI, hdev, &mgmt_rp,
8168 sizeof(struct mgmt_cc_rp_get_raw_rssi), NULL);
8171 static void set_disable_threshold_complete(struct hci_dev *hdev,
8172 u8 status, u16 opcode)
8174 struct mgmt_pending_cmd *cmd;
8176 BT_DBG("status 0x%02x", status);
8180 cmd = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
8184 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
8185 MGMT_STATUS_SUCCESS, &status, 1);
8187 mgmt_pending_remove(cmd);
8190 hci_dev_unlock(hdev);
8193 /** Removes monitoring for a link*/
8194 static int set_disable_threshold(struct sock *sk, struct hci_dev *hdev,
8195 void *data, u16 len)
8198 struct hci_cp_set_rssi_threshold th = { 0, };
8199 struct mgmt_cp_disable_rssi *cp = data;
8200 struct hci_conn *conn;
8201 struct mgmt_pending_cmd *cmd;
8202 struct hci_request req;
8205 BT_DBG("Set Disable RSSI.");
8209 if (!lmp_le_capable(hdev)) {
8210 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
8211 MGMT_STATUS_NOT_SUPPORTED);
8215 /* Get LE/ACL link handle info*/
8216 if (cp->link_type == 0x01)
8217 dest_type = LE_LINK;
8219 dest_type = ACL_LINK;
8221 conn = hci_conn_hash_lookup_ba(hdev, dest_type, &cp->bdaddr);
8223 err = mgmt_cmd_complete(sk, hdev->id,
8224 MGMT_OP_SET_RSSI_DISABLE, 1, NULL, 0);
8228 th.hci_le_ext_opcode = 0x0B;
8230 th.conn_handle = conn->handle;
8231 th.alert_mask = 0x00;
8233 th.in_range_th = 0x00;
8236 if (!hdev_is_powered(hdev)) {
8237 BT_DBG("%s", hdev->name);
8238 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
8243 if (pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev)) {
8244 BT_DBG("%s", hdev->name);
8245 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
8250 cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_DISABLE, hdev, cp,
8253 BT_DBG("%s", hdev->name);
8258 hci_req_init(&req, hdev);
8260 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
8261 err = hci_req_run(&req, set_disable_threshold_complete);
8263 mgmt_pending_remove(cmd);
8264 BT_ERR("Error in requesting hci_req_run");
8269 hci_dev_unlock(hdev);
8274 void mgmt_rssi_alert_evt(struct hci_dev *hdev, struct sk_buff *skb)
8276 struct hci_ev_vendor_specific_rssi_alert *ev = (void *)skb->data;
8277 struct mgmt_ev_vendor_specific_rssi_alert mgmt_ev;
8278 struct hci_conn *conn;
8280 BT_DBG("RSSI alert [%2.2X %2.2X %2.2X]",
8281 ev->conn_handle, ev->alert_type, ev->rssi_dbm);
8283 conn = hci_conn_hash_lookup_handle(hdev, ev->conn_handle);
8286 BT_ERR("RSSI alert Error: Device not found for handle");
8289 bacpy(&mgmt_ev.bdaddr, &conn->dst);
8291 if (conn->type == LE_LINK)
8292 mgmt_ev.link_type = 0x01;
8294 mgmt_ev.link_type = 0x00;
8296 mgmt_ev.alert_type = ev->alert_type;
8297 mgmt_ev.rssi_dbm = ev->rssi_dbm;
8299 mgmt_event(MGMT_EV_RSSI_ALERT, hdev, &mgmt_ev,
8300 sizeof(struct mgmt_ev_vendor_specific_rssi_alert),
8304 static int mgmt_start_le_discovery_failed(struct hci_dev *hdev, u8 status)
8306 struct mgmt_pending_cmd *cmd;
8310 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
8312 cmd = pending_find(MGMT_OP_START_LE_DISCOVERY, hdev);
8316 type = hdev->le_discovery.type;
8318 err = mgmt_cmd_complete(cmd->sk, hdev->id, cmd->opcode,
8319 mgmt_status(status), &type, sizeof(type));
8320 mgmt_pending_remove(cmd);
8325 static void start_le_discovery_complete(struct hci_dev *hdev, u8 status,
8328 unsigned long timeout = 0;
8330 BT_DBG("status %d", status);
8334 mgmt_start_le_discovery_failed(hdev, status);
8335 hci_dev_unlock(hdev);
8340 hci_le_discovery_set_state(hdev, DISCOVERY_FINDING);
8341 hci_dev_unlock(hdev);
8343 if (hdev->le_discovery.type != DISCOV_TYPE_LE)
8344 BT_ERR("Invalid discovery type %d", hdev->le_discovery.type);
8349 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
8352 static int start_le_discovery(struct sock *sk, struct hci_dev *hdev,
8353 void *data, u16 len)
8355 struct mgmt_cp_start_le_discovery *cp = data;
8356 struct mgmt_pending_cmd *cmd;
8357 struct hci_cp_le_set_scan_param param_cp;
8358 struct hci_cp_le_set_scan_enable enable_cp;
8359 struct hci_request req;
8360 u8 status, own_addr_type;
8363 BT_DBG("%s", hdev->name);
8365 if (!hdev_is_powered(hdev)) {
8366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
8367 MGMT_STATUS_NOT_POWERED);
8371 if (hdev->le_discovery.state != DISCOVERY_STOPPED) {
8372 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
8377 if (cp->type != DISCOV_TYPE_LE) {
8378 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
8379 MGMT_STATUS_INVALID_PARAMS);
8383 cmd = mgmt_pending_add(sk, MGMT_OP_START_LE_DISCOVERY, hdev, NULL, 0);
8389 hdev->le_discovery.type = cp->type;
8391 hci_req_init(&req, hdev);
8393 status = mgmt_le_support(hdev);
8395 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
8397 mgmt_pending_remove(cmd);
8401 /* If controller is scanning, it means the background scanning
8402 * is running. Thus, we should temporarily stop it in order to
8403 * set the discovery scanning parameters.
8405 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
8406 hci_req_add_le_scan_disable(&req, false);
8408 memset(¶m_cp, 0, sizeof(param_cp));
8410 /* All active scans will be done with either a resolvable
8411 * private address (when privacy feature has been enabled)
8412 * or unresolvable private address.
8414 err = hci_update_random_address_sync(hdev, true, hci_dev_test_flag(hdev, HCI_PRIVACY), &own_addr_type);
8416 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
8417 MGMT_STATUS_FAILED);
8418 mgmt_pending_remove(cmd);
8422 param_cp.type = hdev->le_scan_type;
8423 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
8424 param_cp.window = cpu_to_le16(hdev->le_scan_window);
8425 param_cp.own_address_type = own_addr_type;
8426 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
8429 memset(&enable_cp, 0, sizeof(enable_cp));
8430 enable_cp.enable = LE_SCAN_ENABLE;
8431 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_DISABLE;
8433 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
8436 err = hci_req_run(&req, start_le_discovery_complete);
8438 mgmt_pending_remove(cmd);
8440 hci_le_discovery_set_state(hdev, DISCOVERY_STARTING);
8446 static int mgmt_stop_le_discovery_failed(struct hci_dev *hdev, u8 status)
8448 struct mgmt_pending_cmd *cmd;
8451 cmd = pending_find(MGMT_OP_STOP_LE_DISCOVERY, hdev);
8455 err = mgmt_cmd_complete(cmd->sk, hdev->id, cmd->opcode,
8456 mgmt_status(status), &hdev->le_discovery.type,
8457 sizeof(hdev->le_discovery.type));
8458 mgmt_pending_remove(cmd);
8463 static void stop_le_discovery_complete(struct hci_dev *hdev, u8 status,
8466 BT_DBG("status %d", status);
8471 mgmt_stop_le_discovery_failed(hdev, status);
8475 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
8478 hci_dev_unlock(hdev);
8481 static int stop_le_discovery(struct sock *sk, struct hci_dev *hdev,
8482 void *data, u16 len)
8484 struct mgmt_cp_stop_le_discovery *mgmt_cp = data;
8485 struct mgmt_pending_cmd *cmd;
8486 struct hci_request req;
8489 BT_DBG("%s", hdev->name);
8493 if (!hci_le_discovery_active(hdev)) {
8494 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
8495 MGMT_STATUS_REJECTED, &mgmt_cp->type,
8496 sizeof(mgmt_cp->type));
8500 if (hdev->le_discovery.type != mgmt_cp->type) {
8501 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
8502 MGMT_STATUS_INVALID_PARAMS,
8503 &mgmt_cp->type, sizeof(mgmt_cp->type));
8507 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_LE_DISCOVERY, hdev, NULL, 0);
8513 hci_req_init(&req, hdev);
8515 if (hdev->le_discovery.state != DISCOVERY_FINDING) {
8516 BT_DBG("unknown le discovery state %u",
8517 hdev->le_discovery.state);
8519 mgmt_pending_remove(cmd);
8520 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
8521 MGMT_STATUS_FAILED, &mgmt_cp->type,
8522 sizeof(mgmt_cp->type));
8526 cancel_delayed_work(&hdev->le_scan_disable);
8527 hci_req_add_le_scan_disable(&req, false);
8529 err = hci_req_run(&req, stop_le_discovery_complete);
8531 mgmt_pending_remove(cmd);
8533 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPING);
8536 hci_dev_unlock(hdev);
8540 /* Separate LE discovery */
8541 void mgmt_le_discovering(struct hci_dev *hdev, u8 discovering)
8543 struct mgmt_ev_discovering ev;
8544 struct mgmt_pending_cmd *cmd;
8546 BT_DBG("%s le discovering %u", hdev->name, discovering);
8549 cmd = pending_find(MGMT_OP_START_LE_DISCOVERY, hdev);
8551 cmd = pending_find(MGMT_OP_STOP_LE_DISCOVERY, hdev);
8554 u8 type = hdev->le_discovery.type;
8556 mgmt_cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
8558 mgmt_pending_remove(cmd);
8561 memset(&ev, 0, sizeof(ev));
8562 ev.type = hdev->le_discovery.type;
8563 ev.discovering = discovering;
8565 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8568 static int disable_le_auto_connect(struct sock *sk, struct hci_dev *hdev,
8569 void *data, u16 len)
8573 BT_DBG("%s", hdev->name);
8577 err = hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
8579 BT_ERR("HCI_OP_LE_CREATE_CONN_CANCEL is failed");
8581 hci_dev_unlock(hdev);
8586 static inline int check_le_conn_update_param(u16 min, u16 max, u16 latency,
8591 if (min > max || min < 6 || max > 3200)
8594 if (to_multiplier < 10 || to_multiplier > 3200)
8597 if (max >= to_multiplier * 8)
8600 max_latency = (to_multiplier * 8 / max) - 1;
8602 if (latency > 499 || latency > max_latency)
8608 static int le_conn_update(struct sock *sk, struct hci_dev *hdev, void *data,
8611 struct mgmt_cp_le_conn_update *cp = data;
8613 struct hci_conn *conn;
8614 u16 min, max, latency, supervision_timeout;
8617 if (!hdev_is_powered(hdev))
8618 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
8619 MGMT_STATUS_NOT_POWERED);
8621 min = __le16_to_cpu(cp->conn_interval_min);
8622 max = __le16_to_cpu(cp->conn_interval_max);
8623 latency = __le16_to_cpu(cp->conn_latency);
8624 supervision_timeout = __le16_to_cpu(cp->supervision_timeout);
8626 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x supervision_timeout: 0x%4.4x",
8627 min, max, latency, supervision_timeout);
8629 err = check_le_conn_update_param(min, max, latency,
8630 supervision_timeout);
8633 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
8634 MGMT_STATUS_INVALID_PARAMS);
8638 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
8640 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
8641 MGMT_STATUS_NOT_CONNECTED);
8642 hci_dev_unlock(hdev);
8646 hci_dev_unlock(hdev);
8648 hci_le_conn_update(conn, min, max, latency, supervision_timeout);
8650 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE, 0,
8654 static void set_manufacturer_data_complete(struct hci_dev *hdev, u8 status,
8657 struct mgmt_cp_set_manufacturer_data *cp;
8658 struct mgmt_pending_cmd *cmd;
8660 BT_DBG("status 0x%02x", status);
8664 cmd = pending_find(MGMT_OP_SET_MANUFACTURER_DATA, hdev);
8671 mgmt_cmd_status(cmd->sk, hdev->id,
8672 MGMT_OP_SET_MANUFACTURER_DATA,
8673 mgmt_status(status));
8675 mgmt_cmd_complete(cmd->sk, hdev->id,
8676 MGMT_OP_SET_MANUFACTURER_DATA, 0,
8679 mgmt_pending_remove(cmd);
8682 hci_dev_unlock(hdev);
8685 static int set_manufacturer_data(struct sock *sk, struct hci_dev *hdev,
8686 void *data, u16 len)
8688 struct mgmt_pending_cmd *cmd;
8689 struct hci_request req;
8690 struct mgmt_cp_set_manufacturer_data *cp = data;
8691 u8 old_data[HCI_MAX_EIR_LENGTH] = {0, };
8695 BT_DBG("%s", hdev->name);
8697 if (!lmp_bredr_capable(hdev))
8698 return mgmt_cmd_status(sk, hdev->id,
8699 MGMT_OP_SET_MANUFACTURER_DATA,
8700 MGMT_STATUS_NOT_SUPPORTED);
8702 if (cp->data[0] == 0 ||
8703 cp->data[0] - 1 > sizeof(hdev->manufacturer_data))
8704 return mgmt_cmd_status(sk, hdev->id,
8705 MGMT_OP_SET_MANUFACTURER_DATA,
8706 MGMT_STATUS_INVALID_PARAMS);
8708 if (cp->data[1] != 0xFF)
8709 return mgmt_cmd_status(sk, hdev->id,
8710 MGMT_OP_SET_MANUFACTURER_DATA,
8711 MGMT_STATUS_NOT_SUPPORTED);
8715 if (pending_find(MGMT_OP_SET_MANUFACTURER_DATA, hdev)) {
8716 err = mgmt_cmd_status(sk, hdev->id,
8717 MGMT_OP_SET_MANUFACTURER_DATA,
8722 cmd = mgmt_pending_add(sk, MGMT_OP_SET_MANUFACTURER_DATA, hdev, data,
8729 hci_req_init(&req, hdev);
8731 /* if new data is same as previous data then return command
8734 if (hdev->manufacturer_len == cp->data[0] - 1 &&
8735 !memcmp(hdev->manufacturer_data, cp->data + 2, cp->data[0] - 1)) {
8736 mgmt_pending_remove(cmd);
8737 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
8738 0, cp, sizeof(*cp));
8743 old_len = hdev->manufacturer_len;
8745 memcpy(old_data, hdev->manufacturer_data, old_len);
8747 hdev->manufacturer_len = cp->data[0] - 1;
8748 if (hdev->manufacturer_len > 0)
8749 memcpy(hdev->manufacturer_data, cp->data + 2,
8750 hdev->manufacturer_len);
8752 hci_update_eir_sync(hdev);
8754 err = hci_req_run(&req, set_manufacturer_data_complete);
8756 mgmt_pending_remove(cmd);
8761 hci_dev_unlock(hdev);
8766 memset(hdev->manufacturer_data, 0x00, sizeof(hdev->manufacturer_data));
8767 hdev->manufacturer_len = old_len;
8768 if (hdev->manufacturer_len > 0)
8769 memcpy(hdev->manufacturer_data, old_data,
8770 hdev->manufacturer_len);
8771 hci_dev_unlock(hdev);
8775 static int le_set_scan_params(struct sock *sk, struct hci_dev *hdev,
8776 void *data, u16 len)
8778 struct mgmt_cp_le_set_scan_params *cp = data;
8779 __u16 interval, window;
8782 BT_DBG("%s", hdev->name);
8784 if (!lmp_le_capable(hdev))
8785 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
8786 MGMT_STATUS_NOT_SUPPORTED);
8788 interval = __le16_to_cpu(cp->interval);
8790 if (interval < 0x0004 || interval > 0x4000)
8791 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
8792 MGMT_STATUS_INVALID_PARAMS);
8794 window = __le16_to_cpu(cp->window);
8796 if (window < 0x0004 || window > 0x4000)
8797 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
8798 MGMT_STATUS_INVALID_PARAMS);
8800 if (window > interval)
8801 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
8802 MGMT_STATUS_INVALID_PARAMS);
8806 hdev->le_scan_type = cp->type;
8807 hdev->le_scan_interval = interval;
8808 hdev->le_scan_window = window;
8810 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS, 0,
8813 /* If background scan is running, restart it so new parameters are
8816 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
8817 hdev->discovery.state == DISCOVERY_STOPPED) {
8818 struct hci_request req;
8820 hci_req_init(&req, hdev);
8822 hci_req_add_le_scan_disable(&req, false);
8823 hci_req_add_le_passive_scan(&req);
8825 hci_req_run(&req, NULL);
8828 hci_dev_unlock(hdev);
8832 #endif /* TIZEN_BT */
8834 static bool ltk_is_valid(struct mgmt_ltk_info *key)
8836 if (key->initiator != 0x00 && key->initiator != 0x01)
8839 switch (key->addr.type) {
8840 case BDADDR_LE_PUBLIC:
8843 case BDADDR_LE_RANDOM:
8844 /* Two most significant bits shall be set */
8845 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
8853 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
8854 void *cp_data, u16 len)
8856 struct mgmt_cp_load_long_term_keys *cp = cp_data;
8857 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
8858 sizeof(struct mgmt_ltk_info));
8859 u16 key_count, expected_len;
8862 bt_dev_dbg(hdev, "sock %p", sk);
8864 if (!lmp_le_capable(hdev))
8865 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
8866 MGMT_STATUS_NOT_SUPPORTED);
8868 key_count = __le16_to_cpu(cp->key_count);
8869 if (key_count > max_key_count) {
8870 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
8872 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
8873 MGMT_STATUS_INVALID_PARAMS);
8876 expected_len = struct_size(cp, keys, key_count);
8877 if (expected_len != len) {
8878 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
8880 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
8881 MGMT_STATUS_INVALID_PARAMS);
8884 bt_dev_dbg(hdev, "key_count %u", key_count);
8886 for (i = 0; i < key_count; i++) {
8887 struct mgmt_ltk_info *key = &cp->keys[i];
8889 if (!ltk_is_valid(key))
8890 return mgmt_cmd_status(sk, hdev->id,
8891 MGMT_OP_LOAD_LONG_TERM_KEYS,
8892 MGMT_STATUS_INVALID_PARAMS);
8897 hci_smp_ltks_clear(hdev);
8899 for (i = 0; i < key_count; i++) {
8900 struct mgmt_ltk_info *key = &cp->keys[i];
8901 u8 type, authenticated;
8902 u8 addr_type = le_addr_type(key->addr.type);
8904 if (hci_is_blocked_key(hdev,
8905 HCI_BLOCKED_KEY_TYPE_LTK,
8907 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
8912 switch (key->type) {
8913 case MGMT_LTK_UNAUTHENTICATED:
8914 authenticated = 0x00;
8915 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
8917 case MGMT_LTK_AUTHENTICATED:
8918 authenticated = 0x01;
8919 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
8921 case MGMT_LTK_P256_UNAUTH:
8922 authenticated = 0x00;
8923 type = SMP_LTK_P256;
8925 case MGMT_LTK_P256_AUTH:
8926 authenticated = 0x01;
8927 type = SMP_LTK_P256;
8929 case MGMT_LTK_P256_DEBUG:
8930 authenticated = 0x00;
8931 type = SMP_LTK_P256_DEBUG;
8937 /* When using SMP over BR/EDR, the addr type should be set to BREDR */
8938 if (key->addr.type == BDADDR_BREDR)
8939 addr_type = BDADDR_BREDR;
8941 hci_add_ltk(hdev, &key->addr.bdaddr,
8942 addr_type, type, authenticated,
8943 key->val, key->enc_size, key->ediv, key->rand);
8946 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
8949 hci_dev_unlock(hdev);
8954 static void get_conn_info_complete(struct hci_dev *hdev, void *data, int err)
8956 struct mgmt_pending_cmd *cmd = data;
8957 struct hci_conn *conn = cmd->user_data;
8958 struct mgmt_cp_get_conn_info *cp = cmd->param;
8959 struct mgmt_rp_get_conn_info rp;
8962 bt_dev_dbg(hdev, "err %d", err);
8964 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
8966 status = mgmt_status(err);
8967 if (status == MGMT_STATUS_SUCCESS) {
8968 rp.rssi = conn->rssi;
8969 rp.tx_power = conn->tx_power;
8970 rp.max_tx_power = conn->max_tx_power;
8972 rp.rssi = HCI_RSSI_INVALID;
8973 rp.tx_power = HCI_TX_POWER_INVALID;
8974 rp.max_tx_power = HCI_TX_POWER_INVALID;
8977 mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
8980 mgmt_pending_free(cmd);
8983 static int get_conn_info_sync(struct hci_dev *hdev, void *data)
8985 struct mgmt_pending_cmd *cmd = data;
8986 struct mgmt_cp_get_conn_info *cp = cmd->param;
8987 struct hci_conn *conn;
8991 /* Make sure we are still connected */
8992 if (cp->addr.type == BDADDR_BREDR)
8993 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8996 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
8998 if (!conn || conn->state != BT_CONNECTED)
8999 return MGMT_STATUS_NOT_CONNECTED;
9001 cmd->user_data = conn;
9002 handle = cpu_to_le16(conn->handle);
9004 /* Refresh RSSI each time */
9005 err = hci_read_rssi_sync(hdev, handle);
9007 /* For LE links TX power does not change thus we don't need to
9008 * query for it once value is known.
9010 if (!err && (!bdaddr_type_is_le(cp->addr.type) ||
9011 conn->tx_power == HCI_TX_POWER_INVALID))
9012 err = hci_read_tx_power_sync(hdev, handle, 0x00);
9014 /* Max TX power needs to be read only once per connection */
9015 if (!err && conn->max_tx_power == HCI_TX_POWER_INVALID)
9016 err = hci_read_tx_power_sync(hdev, handle, 0x01);
9021 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
9024 struct mgmt_cp_get_conn_info *cp = data;
9025 struct mgmt_rp_get_conn_info rp;
9026 struct hci_conn *conn;
9027 unsigned long conn_info_age;
9030 bt_dev_dbg(hdev, "sock %p", sk);
9032 memset(&rp, 0, sizeof(rp));
9033 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
9034 rp.addr.type = cp->addr.type;
9036 if (!bdaddr_type_is_valid(cp->addr.type))
9037 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
9038 MGMT_STATUS_INVALID_PARAMS,
9043 if (!hdev_is_powered(hdev)) {
9044 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
9045 MGMT_STATUS_NOT_POWERED, &rp,
9050 if (cp->addr.type == BDADDR_BREDR)
9051 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
9054 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
9056 if (!conn || conn->state != BT_CONNECTED) {
9057 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
9058 MGMT_STATUS_NOT_CONNECTED, &rp,
9063 /* To avoid client trying to guess when to poll again for information we
9064 * calculate conn info age as random value between min/max set in hdev.
9066 conn_info_age = get_random_u32_inclusive(hdev->conn_info_min_age,
9067 hdev->conn_info_max_age - 1);
9069 /* Query controller to refresh cached values if they are too old or were
9072 if (time_after(jiffies, conn->conn_info_timestamp +
9073 msecs_to_jiffies(conn_info_age)) ||
9074 !conn->conn_info_timestamp) {
9075 struct mgmt_pending_cmd *cmd;
9077 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CONN_INFO, hdev, data,
9082 err = hci_cmd_sync_queue(hdev, get_conn_info_sync,
9083 cmd, get_conn_info_complete);
9087 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
9088 MGMT_STATUS_FAILED, &rp, sizeof(rp));
9091 mgmt_pending_free(cmd);
9096 conn->conn_info_timestamp = jiffies;
9098 /* Cache is valid, just reply with values cached in hci_conn */
9099 rp.rssi = conn->rssi;
9100 rp.tx_power = conn->tx_power;
9101 rp.max_tx_power = conn->max_tx_power;
9103 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
9104 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
9108 hci_dev_unlock(hdev);
9112 static void get_clock_info_complete(struct hci_dev *hdev, void *data, int err)
9114 struct mgmt_pending_cmd *cmd = data;
9115 struct mgmt_cp_get_clock_info *cp = cmd->param;
9116 struct mgmt_rp_get_clock_info rp;
9117 struct hci_conn *conn = cmd->user_data;
9118 u8 status = mgmt_status(err);
9120 bt_dev_dbg(hdev, "err %d", err);
9122 memset(&rp, 0, sizeof(rp));
9123 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
9124 rp.addr.type = cp->addr.type;
9129 rp.local_clock = cpu_to_le32(hdev->clock);
9132 rp.piconet_clock = cpu_to_le32(conn->clock);
9133 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
9137 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
9140 mgmt_pending_free(cmd);
9143 static int get_clock_info_sync(struct hci_dev *hdev, void *data)
9145 struct mgmt_pending_cmd *cmd = data;
9146 struct mgmt_cp_get_clock_info *cp = cmd->param;
9147 struct hci_cp_read_clock hci_cp;
9148 struct hci_conn *conn;
9150 memset(&hci_cp, 0, sizeof(hci_cp));
9151 hci_read_clock_sync(hdev, &hci_cp);
9153 /* Make sure connection still exists */
9154 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
9155 if (!conn || conn->state != BT_CONNECTED)
9156 return MGMT_STATUS_NOT_CONNECTED;
9158 cmd->user_data = conn;
9159 hci_cp.handle = cpu_to_le16(conn->handle);
9160 hci_cp.which = 0x01; /* Piconet clock */
9162 return hci_read_clock_sync(hdev, &hci_cp);
9165 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
9168 struct mgmt_cp_get_clock_info *cp = data;
9169 struct mgmt_rp_get_clock_info rp;
9170 struct mgmt_pending_cmd *cmd;
9171 struct hci_conn *conn;
9174 bt_dev_dbg(hdev, "sock %p", sk);
9176 memset(&rp, 0, sizeof(rp));
9177 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
9178 rp.addr.type = cp->addr.type;
9180 if (cp->addr.type != BDADDR_BREDR)
9181 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
9182 MGMT_STATUS_INVALID_PARAMS,
9187 if (!hdev_is_powered(hdev)) {
9188 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
9189 MGMT_STATUS_NOT_POWERED, &rp,
9194 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
9195 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
9197 if (!conn || conn->state != BT_CONNECTED) {
9198 err = mgmt_cmd_complete(sk, hdev->id,
9199 MGMT_OP_GET_CLOCK_INFO,
9200 MGMT_STATUS_NOT_CONNECTED,
9208 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
9212 err = hci_cmd_sync_queue(hdev, get_clock_info_sync, cmd,
9213 get_clock_info_complete);
9216 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
9217 MGMT_STATUS_FAILED, &rp, sizeof(rp));
9220 mgmt_pending_free(cmd);
9225 hci_dev_unlock(hdev);
9229 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
9231 struct hci_conn *conn;
9233 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
9237 if (conn->dst_type != type)
9240 if (conn->state != BT_CONNECTED)
9246 /* This function requires the caller holds hdev->lock */
9247 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
9248 u8 addr_type, u8 auto_connect)
9250 struct hci_conn_params *params;
9252 params = hci_conn_params_add(hdev, addr, addr_type);
9256 if (params->auto_connect == auto_connect)
9259 hci_pend_le_list_del_init(params);
9261 switch (auto_connect) {
9262 case HCI_AUTO_CONN_DISABLED:
9263 case HCI_AUTO_CONN_LINK_LOSS:
9264 /* If auto connect is being disabled when we're trying to
9265 * connect to device, keep connecting.
9267 if (params->explicit_connect)
9268 hci_pend_le_list_add(params, &hdev->pend_le_conns);
9270 case HCI_AUTO_CONN_REPORT:
9271 if (params->explicit_connect)
9272 hci_pend_le_list_add(params, &hdev->pend_le_conns);
9274 hci_pend_le_list_add(params, &hdev->pend_le_reports);
9276 case HCI_AUTO_CONN_DIRECT:
9277 case HCI_AUTO_CONN_ALWAYS:
9278 if (!is_connected(hdev, addr, addr_type))
9279 hci_pend_le_list_add(params, &hdev->pend_le_conns);
9283 params->auto_connect = auto_connect;
9285 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
9286 addr, addr_type, auto_connect);
9291 static void device_added(struct sock *sk, struct hci_dev *hdev,
9292 bdaddr_t *bdaddr, u8 type, u8 action)
9294 struct mgmt_ev_device_added ev;
9296 bacpy(&ev.addr.bdaddr, bdaddr);
9297 ev.addr.type = type;
9300 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
9303 static int add_device_sync(struct hci_dev *hdev, void *data)
9305 return hci_update_passive_scan_sync(hdev);
9308 static int add_device(struct sock *sk, struct hci_dev *hdev,
9309 void *data, u16 len)
9311 struct mgmt_cp_add_device *cp = data;
9312 u8 auto_conn, addr_type;
9313 struct hci_conn_params *params;
9315 u32 current_flags = 0;
9316 u32 supported_flags;
9318 bt_dev_dbg(hdev, "sock %p", sk);
9320 if (!bdaddr_type_is_valid(cp->addr.type) ||
9321 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
9322 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
9323 MGMT_STATUS_INVALID_PARAMS,
9324 &cp->addr, sizeof(cp->addr));
9326 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
9327 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
9328 MGMT_STATUS_INVALID_PARAMS,
9329 &cp->addr, sizeof(cp->addr));
9333 if (cp->addr.type == BDADDR_BREDR) {
9334 /* Only incoming connections action is supported for now */
9335 if (cp->action != 0x01) {
9336 err = mgmt_cmd_complete(sk, hdev->id,
9338 MGMT_STATUS_INVALID_PARAMS,
9339 &cp->addr, sizeof(cp->addr));
9343 err = hci_bdaddr_list_add_with_flags(&hdev->accept_list,
9349 hci_update_scan(hdev);
9354 addr_type = le_addr_type(cp->addr.type);
9356 if (cp->action == 0x02)
9357 auto_conn = HCI_AUTO_CONN_ALWAYS;
9358 else if (cp->action == 0x01)
9359 auto_conn = HCI_AUTO_CONN_DIRECT;
9361 auto_conn = HCI_AUTO_CONN_REPORT;
9363 /* Kernel internally uses conn_params with resolvable private
9364 * address, but Add Device allows only identity addresses.
9365 * Make sure it is enforced before calling
9366 * hci_conn_params_lookup.
9368 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
9369 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
9370 MGMT_STATUS_INVALID_PARAMS,
9371 &cp->addr, sizeof(cp->addr));
9375 /* If the connection parameters don't exist for this device,
9376 * they will be created and configured with defaults.
9378 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
9380 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
9381 MGMT_STATUS_FAILED, &cp->addr,
9385 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
9388 current_flags = params->flags;
9391 err = hci_cmd_sync_queue(hdev, add_device_sync, NULL, NULL);
9396 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
9397 supported_flags = hdev->conn_flags;
9398 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type,
9399 supported_flags, current_flags);
9401 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
9402 MGMT_STATUS_SUCCESS, &cp->addr,
9406 hci_dev_unlock(hdev);
9410 static void device_removed(struct sock *sk, struct hci_dev *hdev,
9411 bdaddr_t *bdaddr, u8 type)
9413 struct mgmt_ev_device_removed ev;
9415 bacpy(&ev.addr.bdaddr, bdaddr);
9416 ev.addr.type = type;
9418 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
9421 static int remove_device_sync(struct hci_dev *hdev, void *data)
9423 return hci_update_passive_scan_sync(hdev);
9426 static int remove_device(struct sock *sk, struct hci_dev *hdev,
9427 void *data, u16 len)
9429 struct mgmt_cp_remove_device *cp = data;
9432 bt_dev_dbg(hdev, "sock %p", sk);
9436 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
9437 struct hci_conn_params *params;
9440 if (!bdaddr_type_is_valid(cp->addr.type)) {
9441 err = mgmt_cmd_complete(sk, hdev->id,
9442 MGMT_OP_REMOVE_DEVICE,
9443 MGMT_STATUS_INVALID_PARAMS,
9444 &cp->addr, sizeof(cp->addr));
9448 if (cp->addr.type == BDADDR_BREDR) {
9449 err = hci_bdaddr_list_del(&hdev->accept_list,
9453 err = mgmt_cmd_complete(sk, hdev->id,
9454 MGMT_OP_REMOVE_DEVICE,
9455 MGMT_STATUS_INVALID_PARAMS,
9461 hci_update_scan(hdev);
9463 device_removed(sk, hdev, &cp->addr.bdaddr,
9468 addr_type = le_addr_type(cp->addr.type);
9470 /* Kernel internally uses conn_params with resolvable private
9471 * address, but Remove Device allows only identity addresses.
9472 * Make sure it is enforced before calling
9473 * hci_conn_params_lookup.
9475 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
9476 err = mgmt_cmd_complete(sk, hdev->id,
9477 MGMT_OP_REMOVE_DEVICE,
9478 MGMT_STATUS_INVALID_PARAMS,
9479 &cp->addr, sizeof(cp->addr));
9483 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
9486 err = mgmt_cmd_complete(sk, hdev->id,
9487 MGMT_OP_REMOVE_DEVICE,
9488 MGMT_STATUS_INVALID_PARAMS,
9489 &cp->addr, sizeof(cp->addr));
9493 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
9494 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
9495 err = mgmt_cmd_complete(sk, hdev->id,
9496 MGMT_OP_REMOVE_DEVICE,
9497 MGMT_STATUS_INVALID_PARAMS,
9498 &cp->addr, sizeof(cp->addr));
9502 hci_conn_params_free(params);
9504 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
9506 struct hci_conn_params *p, *tmp;
9507 struct bdaddr_list *b, *btmp;
9509 if (cp->addr.type) {
9510 err = mgmt_cmd_complete(sk, hdev->id,
9511 MGMT_OP_REMOVE_DEVICE,
9512 MGMT_STATUS_INVALID_PARAMS,
9513 &cp->addr, sizeof(cp->addr));
9517 list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) {
9518 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
9523 hci_update_scan(hdev);
9525 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
9526 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
9528 device_removed(sk, hdev, &p->addr, p->addr_type);
9529 if (p->explicit_connect) {
9530 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
9533 hci_conn_params_free(p);
9536 bt_dev_dbg(hdev, "All LE connection parameters were removed");
9539 hci_cmd_sync_queue(hdev, remove_device_sync, NULL, NULL);
9542 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
9543 MGMT_STATUS_SUCCESS, &cp->addr,
9546 hci_dev_unlock(hdev);
9550 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
9553 struct mgmt_cp_load_conn_param *cp = data;
9554 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
9555 sizeof(struct mgmt_conn_param));
9556 u16 param_count, expected_len;
9559 if (!lmp_le_capable(hdev))
9560 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
9561 MGMT_STATUS_NOT_SUPPORTED);
9563 param_count = __le16_to_cpu(cp->param_count);
9564 if (param_count > max_param_count) {
9565 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
9567 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
9568 MGMT_STATUS_INVALID_PARAMS);
9571 expected_len = struct_size(cp, params, param_count);
9572 if (expected_len != len) {
9573 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
9575 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
9576 MGMT_STATUS_INVALID_PARAMS);
9579 bt_dev_dbg(hdev, "param_count %u", param_count);
9583 hci_conn_params_clear_disabled(hdev);
9585 for (i = 0; i < param_count; i++) {
9586 struct mgmt_conn_param *param = &cp->params[i];
9587 struct hci_conn_params *hci_param;
9588 u16 min, max, latency, timeout;
9591 bt_dev_dbg(hdev, "Adding %pMR (type %u)", ¶m->addr.bdaddr,
9594 if (param->addr.type == BDADDR_LE_PUBLIC) {
9595 addr_type = ADDR_LE_DEV_PUBLIC;
9596 } else if (param->addr.type == BDADDR_LE_RANDOM) {
9597 addr_type = ADDR_LE_DEV_RANDOM;
9599 bt_dev_err(hdev, "ignoring invalid connection parameters");
9603 min = le16_to_cpu(param->min_interval);
9604 max = le16_to_cpu(param->max_interval);
9605 latency = le16_to_cpu(param->latency);
9606 timeout = le16_to_cpu(param->timeout);
9608 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
9609 min, max, latency, timeout);
9611 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
9612 bt_dev_err(hdev, "ignoring invalid connection parameters");
9616 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
9619 bt_dev_err(hdev, "failed to add connection parameters");
9623 hci_param->conn_min_interval = min;
9624 hci_param->conn_max_interval = max;
9625 hci_param->conn_latency = latency;
9626 hci_param->supervision_timeout = timeout;
9629 hci_dev_unlock(hdev);
9631 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
9635 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
9636 void *data, u16 len)
9638 struct mgmt_cp_set_external_config *cp = data;
9642 bt_dev_dbg(hdev, "sock %p", sk);
9644 if (hdev_is_powered(hdev))
9645 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
9646 MGMT_STATUS_REJECTED);
9648 if (cp->config != 0x00 && cp->config != 0x01)
9649 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
9650 MGMT_STATUS_INVALID_PARAMS);
9652 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
9653 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
9654 MGMT_STATUS_NOT_SUPPORTED);
9659 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
9661 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
9663 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
9670 err = new_options(hdev, sk);
9672 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
9673 mgmt_index_removed(hdev);
9675 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
9676 hci_dev_set_flag(hdev, HCI_CONFIG);
9677 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9679 queue_work(hdev->req_workqueue, &hdev->power_on);
9681 set_bit(HCI_RAW, &hdev->flags);
9682 mgmt_index_added(hdev);
9687 hci_dev_unlock(hdev);
9691 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
9692 void *data, u16 len)
9694 struct mgmt_cp_set_public_address *cp = data;
9698 bt_dev_dbg(hdev, "sock %p", sk);
9700 if (hdev_is_powered(hdev))
9701 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
9702 MGMT_STATUS_REJECTED);
9704 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
9705 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
9706 MGMT_STATUS_INVALID_PARAMS);
9708 if (!hdev->set_bdaddr)
9709 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
9710 MGMT_STATUS_NOT_SUPPORTED);
9714 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
9715 bacpy(&hdev->public_addr, &cp->bdaddr);
9717 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
9724 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9725 err = new_options(hdev, sk);
9727 if (is_configured(hdev)) {
9728 mgmt_index_removed(hdev);
9730 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9732 hci_dev_set_flag(hdev, HCI_CONFIG);
9733 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9735 queue_work(hdev->req_workqueue, &hdev->power_on);
9739 hci_dev_unlock(hdev);
9744 int mgmt_device_name_update(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name,
9748 struct mgmt_ev_device_name_update *ev = (void *)buf;
9754 bacpy(&ev->addr.bdaddr, bdaddr);
9755 ev->addr.type = BDADDR_BREDR;
9757 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
9760 ev->eir_len = cpu_to_le16(eir_len);
9762 return mgmt_event(MGMT_EV_DEVICE_NAME_UPDATE, hdev, buf,
9763 sizeof(*ev) + eir_len, NULL);
9766 int mgmt_le_conn_update_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
9767 u8 link_type, u8 addr_type, u8 status)
9769 struct mgmt_ev_conn_update_failed ev;
9771 bacpy(&ev.addr.bdaddr, bdaddr);
9772 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9775 return mgmt_event(MGMT_EV_CONN_UPDATE_FAILED, hdev,
9776 &ev, sizeof(ev), NULL);
9779 int mgmt_le_conn_updated(struct hci_dev *hdev, bdaddr_t *bdaddr,
9780 u8 link_type, u8 addr_type, u16 conn_interval,
9781 u16 conn_latency, u16 supervision_timeout)
9783 struct mgmt_ev_conn_updated ev;
9785 bacpy(&ev.addr.bdaddr, bdaddr);
9786 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9787 ev.conn_interval = cpu_to_le16(conn_interval);
9788 ev.conn_latency = cpu_to_le16(conn_latency);
9789 ev.supervision_timeout = cpu_to_le16(supervision_timeout);
9791 return mgmt_event(MGMT_EV_CONN_UPDATED, hdev,
9792 &ev, sizeof(ev), NULL);
9796 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, void *data,
9799 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
9800 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
9801 u8 *h192, *r192, *h256, *r256;
9802 struct mgmt_pending_cmd *cmd = data;
9803 struct sk_buff *skb = cmd->skb;
9804 u8 status = mgmt_status(err);
9807 if (cmd != pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev))
9812 status = MGMT_STATUS_FAILED;
9813 else if (IS_ERR(skb))
9814 status = mgmt_status(PTR_ERR(skb));
9816 status = mgmt_status(skb->data[0]);
9819 bt_dev_dbg(hdev, "status %u", status);
9821 mgmt_cp = cmd->param;
9824 status = mgmt_status(status);
9831 } else if (!bredr_sc_enabled(hdev)) {
9832 struct hci_rp_read_local_oob_data *rp;
9834 if (skb->len != sizeof(*rp)) {
9835 status = MGMT_STATUS_FAILED;
9838 status = MGMT_STATUS_SUCCESS;
9839 rp = (void *)skb->data;
9841 eir_len = 5 + 18 + 18;
9848 struct hci_rp_read_local_oob_ext_data *rp;
9850 if (skb->len != sizeof(*rp)) {
9851 status = MGMT_STATUS_FAILED;
9854 status = MGMT_STATUS_SUCCESS;
9855 rp = (void *)skb->data;
9857 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
9858 eir_len = 5 + 18 + 18;
9862 eir_len = 5 + 18 + 18 + 18 + 18;
9872 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
9879 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
9880 hdev->dev_class, 3);
9883 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
9884 EIR_SSP_HASH_C192, h192, 16);
9885 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
9886 EIR_SSP_RAND_R192, r192, 16);
9890 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
9891 EIR_SSP_HASH_C256, h256, 16);
9892 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
9893 EIR_SSP_RAND_R256, r256, 16);
9897 mgmt_rp->type = mgmt_cp->type;
9898 mgmt_rp->eir_len = cpu_to_le16(eir_len);
9900 err = mgmt_cmd_complete(cmd->sk, hdev->id,
9901 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
9902 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
9903 if (err < 0 || status)
9906 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
9908 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
9909 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
9910 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
9912 if (skb && !IS_ERR(skb))
9916 mgmt_pending_remove(cmd);
9919 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
9920 struct mgmt_cp_read_local_oob_ext_data *cp)
9922 struct mgmt_pending_cmd *cmd;
9925 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
9930 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
9931 read_local_oob_ext_data_complete);
9934 mgmt_pending_remove(cmd);
9941 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
9942 void *data, u16 data_len)
9944 struct mgmt_cp_read_local_oob_ext_data *cp = data;
9945 struct mgmt_rp_read_local_oob_ext_data *rp;
9948 u8 status, flags, role, addr[7], hash[16], rand[16];
9951 bt_dev_dbg(hdev, "sock %p", sk);
9953 if (hdev_is_powered(hdev)) {
9955 case BIT(BDADDR_BREDR):
9956 status = mgmt_bredr_support(hdev);
9962 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
9963 status = mgmt_le_support(hdev);
9967 eir_len = 9 + 3 + 18 + 18 + 3;
9970 status = MGMT_STATUS_INVALID_PARAMS;
9975 status = MGMT_STATUS_NOT_POWERED;
9979 rp_len = sizeof(*rp) + eir_len;
9980 rp = kmalloc(rp_len, GFP_ATOMIC);
9984 if (!status && !lmp_ssp_capable(hdev)) {
9985 status = MGMT_STATUS_NOT_SUPPORTED;
9996 case BIT(BDADDR_BREDR):
9997 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
9998 err = read_local_ssp_oob_req(hdev, sk, cp);
9999 hci_dev_unlock(hdev);
10003 status = MGMT_STATUS_FAILED;
10006 eir_len = eir_append_data(rp->eir, eir_len,
10008 hdev->dev_class, 3);
10011 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
10012 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
10013 smp_generate_oob(hdev, hash, rand) < 0) {
10014 hci_dev_unlock(hdev);
10015 status = MGMT_STATUS_FAILED;
10019 /* This should return the active RPA, but since the RPA
10020 * is only programmed on demand, it is really hard to fill
10021 * this in at the moment. For now disallow retrieving
10022 * local out-of-band data when privacy is in use.
10024 * Returning the identity address will not help here since
10025 * pairing happens before the identity resolving key is
10026 * known and thus the connection establishment happens
10027 * based on the RPA and not the identity address.
10029 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
10030 hci_dev_unlock(hdev);
10031 status = MGMT_STATUS_REJECTED;
10035 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
10036 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
10037 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
10038 bacmp(&hdev->static_addr, BDADDR_ANY))) {
10039 memcpy(addr, &hdev->static_addr, 6);
10042 memcpy(addr, &hdev->bdaddr, 6);
10046 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
10047 addr, sizeof(addr));
10049 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
10054 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
10055 &role, sizeof(role));
10057 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
10058 eir_len = eir_append_data(rp->eir, eir_len,
10060 hash, sizeof(hash));
10062 eir_len = eir_append_data(rp->eir, eir_len,
10064 rand, sizeof(rand));
10067 flags = mgmt_get_adv_discov_flags(hdev);
10069 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
10070 flags |= LE_AD_NO_BREDR;
10072 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
10073 &flags, sizeof(flags));
10077 hci_dev_unlock(hdev);
10079 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
10081 status = MGMT_STATUS_SUCCESS;
10084 rp->type = cp->type;
10085 rp->eir_len = cpu_to_le16(eir_len);
10087 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
10088 status, rp, sizeof(*rp) + eir_len);
10089 if (err < 0 || status)
10092 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
10093 rp, sizeof(*rp) + eir_len,
10094 HCI_MGMT_OOB_DATA_EVENTS, sk);
10102 static u32 get_supported_adv_flags(struct hci_dev *hdev)
10106 flags |= MGMT_ADV_FLAG_CONNECTABLE;
10107 flags |= MGMT_ADV_FLAG_DISCOV;
10108 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
10109 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
10110 flags |= MGMT_ADV_FLAG_APPEARANCE;
10111 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
10112 flags |= MGMT_ADV_PARAM_DURATION;
10113 flags |= MGMT_ADV_PARAM_TIMEOUT;
10114 flags |= MGMT_ADV_PARAM_INTERVALS;
10115 flags |= MGMT_ADV_PARAM_TX_POWER;
10116 flags |= MGMT_ADV_PARAM_SCAN_RSP;
10118 /* In extended adv TX_POWER returned from Set Adv Param
10119 * will be always valid.
10121 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID || ext_adv_capable(hdev))
10122 flags |= MGMT_ADV_FLAG_TX_POWER;
10124 if (ext_adv_capable(hdev)) {
10125 flags |= MGMT_ADV_FLAG_SEC_1M;
10126 flags |= MGMT_ADV_FLAG_HW_OFFLOAD;
10127 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER;
10129 if (le_2m_capable(hdev))
10130 flags |= MGMT_ADV_FLAG_SEC_2M;
10132 if (le_coded_capable(hdev))
10133 flags |= MGMT_ADV_FLAG_SEC_CODED;
10139 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
10140 void *data, u16 data_len)
10142 struct mgmt_rp_read_adv_features *rp;
10145 struct adv_info *adv_instance;
10146 u32 supported_flags;
10149 bt_dev_dbg(hdev, "sock %p", sk);
10151 if (!lmp_le_capable(hdev))
10152 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
10153 MGMT_STATUS_REJECTED);
10155 hci_dev_lock(hdev);
10157 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
10158 rp = kmalloc(rp_len, GFP_ATOMIC);
10160 hci_dev_unlock(hdev);
10164 supported_flags = get_supported_adv_flags(hdev);
10166 rp->supported_flags = cpu_to_le32(supported_flags);
10167 rp->max_adv_data_len = max_adv_len(hdev);
10168 rp->max_scan_rsp_len = max_adv_len(hdev);
10169 rp->max_instances = hdev->le_num_of_adv_sets;
10170 rp->num_instances = hdev->adv_instance_cnt;
10172 instance = rp->instance;
10173 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
10174 /* Only instances 1-le_num_of_adv_sets are externally visible */
10175 if (adv_instance->instance <= hdev->adv_instance_cnt) {
10176 *instance = adv_instance->instance;
10179 rp->num_instances--;
10184 hci_dev_unlock(hdev);
10186 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
10187 MGMT_STATUS_SUCCESS, rp, rp_len);
10194 static u8 calculate_name_len(struct hci_dev *hdev)
10196 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
10198 return eir_append_local_name(hdev, buf, 0);
10201 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
10204 u8 max_len = max_adv_len(hdev);
10207 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
10208 MGMT_ADV_FLAG_LIMITED_DISCOV |
10209 MGMT_ADV_FLAG_MANAGED_FLAGS))
10212 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
10215 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
10216 max_len -= calculate_name_len(hdev);
10218 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
10225 static bool flags_managed(u32 adv_flags)
10227 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
10228 MGMT_ADV_FLAG_LIMITED_DISCOV |
10229 MGMT_ADV_FLAG_MANAGED_FLAGS);
10232 static bool tx_power_managed(u32 adv_flags)
10234 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
10237 static bool name_managed(u32 adv_flags)
10239 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
10242 static bool appearance_managed(u32 adv_flags)
10244 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
10247 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
10248 u8 len, bool is_adv_data)
10253 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
10258 /* Make sure that the data is correctly formatted. */
10259 for (i = 0; i < len; i += (cur_len + 1)) {
10265 if (data[i + 1] == EIR_FLAGS &&
10266 (!is_adv_data || flags_managed(adv_flags)))
10269 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
10272 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
10275 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
10278 if (data[i + 1] == EIR_APPEARANCE &&
10279 appearance_managed(adv_flags))
10282 /* If the current field length would exceed the total data
10283 * length, then it's invalid.
10285 if (i + cur_len >= len)
10292 static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags)
10294 u32 supported_flags, phy_flags;
10296 /* The current implementation only supports a subset of the specified
10297 * flags. Also need to check mutual exclusiveness of sec flags.
10299 supported_flags = get_supported_adv_flags(hdev);
10300 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK;
10301 if (adv_flags & ~supported_flags ||
10302 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
10308 static bool adv_busy(struct hci_dev *hdev)
10310 return pending_find(MGMT_OP_SET_LE, hdev);
10313 static void add_adv_complete(struct hci_dev *hdev, struct sock *sk, u8 instance,
10316 struct adv_info *adv, *n;
10318 bt_dev_dbg(hdev, "err %d", err);
10320 hci_dev_lock(hdev);
10322 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) {
10329 adv->pending = false;
10333 instance = adv->instance;
10335 if (hdev->cur_adv_instance == instance)
10336 cancel_adv_timeout(hdev);
10338 hci_remove_adv_instance(hdev, instance);
10339 mgmt_advertising_removed(sk, hdev, instance);
10342 hci_dev_unlock(hdev);
10345 static void add_advertising_complete(struct hci_dev *hdev, void *data, int err)
10347 struct mgmt_pending_cmd *cmd = data;
10348 struct mgmt_cp_add_advertising *cp = cmd->param;
10349 struct mgmt_rp_add_advertising rp;
10351 memset(&rp, 0, sizeof(rp));
10353 rp.instance = cp->instance;
10356 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
10359 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
10360 mgmt_status(err), &rp, sizeof(rp));
10362 add_adv_complete(hdev, cmd->sk, cp->instance, err);
10364 mgmt_pending_free(cmd);
10367 static int add_advertising_sync(struct hci_dev *hdev, void *data)
10369 struct mgmt_pending_cmd *cmd = data;
10370 struct mgmt_cp_add_advertising *cp = cmd->param;
10372 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
10375 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
10376 void *data, u16 data_len)
10378 struct mgmt_cp_add_advertising *cp = data;
10379 struct mgmt_rp_add_advertising rp;
10382 u16 timeout, duration;
10383 unsigned int prev_instance_cnt;
10384 u8 schedule_instance = 0;
10385 struct adv_info *adv, *next_instance;
10387 struct mgmt_pending_cmd *cmd;
10389 bt_dev_dbg(hdev, "sock %p", sk);
10391 status = mgmt_le_support(hdev);
10393 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10396 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
10397 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10398 MGMT_STATUS_INVALID_PARAMS);
10400 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
10401 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10402 MGMT_STATUS_INVALID_PARAMS);
10404 flags = __le32_to_cpu(cp->flags);
10405 timeout = __le16_to_cpu(cp->timeout);
10406 duration = __le16_to_cpu(cp->duration);
10408 if (!requested_adv_flags_are_valid(hdev, flags))
10409 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10410 MGMT_STATUS_INVALID_PARAMS);
10412 hci_dev_lock(hdev);
10414 if (timeout && !hdev_is_powered(hdev)) {
10415 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10416 MGMT_STATUS_REJECTED);
10420 if (adv_busy(hdev)) {
10421 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10426 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
10427 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
10428 cp->scan_rsp_len, false)) {
10429 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10430 MGMT_STATUS_INVALID_PARAMS);
10434 prev_instance_cnt = hdev->adv_instance_cnt;
10436 adv = hci_add_adv_instance(hdev, cp->instance, flags,
10437 cp->adv_data_len, cp->data,
10439 cp->data + cp->adv_data_len,
10441 HCI_ADV_TX_POWER_NO_PREFERENCE,
10442 hdev->le_adv_min_interval,
10443 hdev->le_adv_max_interval, 0);
10445 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10446 MGMT_STATUS_FAILED);
10450 /* Only trigger an advertising added event if a new instance was
10453 if (hdev->adv_instance_cnt > prev_instance_cnt)
10454 mgmt_advertising_added(sk, hdev, cp->instance);
10456 if (hdev->cur_adv_instance == cp->instance) {
10457 /* If the currently advertised instance is being changed then
10458 * cancel the current advertising and schedule the next
10459 * instance. If there is only one instance then the overridden
10460 * advertising data will be visible right away.
10462 cancel_adv_timeout(hdev);
10464 next_instance = hci_get_next_instance(hdev, cp->instance);
10466 schedule_instance = next_instance->instance;
10467 } else if (!hdev->adv_instance_timeout) {
10468 /* Immediately advertise the new instance if no other
10469 * instance is currently being advertised.
10471 schedule_instance = cp->instance;
10474 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
10475 * there is no instance to be advertised then we have no HCI
10476 * communication to make. Simply return.
10478 if (!hdev_is_powered(hdev) ||
10479 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
10480 !schedule_instance) {
10481 rp.instance = cp->instance;
10482 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10483 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10487 /* We're good to go, update advertising data, parameters, and start
10490 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
10497 cp->instance = schedule_instance;
10499 err = hci_cmd_sync_queue(hdev, add_advertising_sync, cmd,
10500 add_advertising_complete);
10502 mgmt_pending_free(cmd);
10505 hci_dev_unlock(hdev);
10510 static void add_ext_adv_params_complete(struct hci_dev *hdev, void *data,
10513 struct mgmt_pending_cmd *cmd = data;
10514 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
10515 struct mgmt_rp_add_ext_adv_params rp;
10516 struct adv_info *adv;
10519 BT_DBG("%s", hdev->name);
10521 hci_dev_lock(hdev);
10523 adv = hci_find_adv_instance(hdev, cp->instance);
10527 rp.instance = cp->instance;
10528 rp.tx_power = adv->tx_power;
10530 /* While we're at it, inform userspace of the available space for this
10531 * advertisement, given the flags that will be used.
10533 flags = __le32_to_cpu(cp->flags);
10534 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
10535 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
10538 /* If this advertisement was previously advertising and we
10539 * failed to update it, we signal that it has been removed and
10540 * delete its structure
10543 mgmt_advertising_removed(cmd->sk, hdev, cp->instance);
10545 hci_remove_adv_instance(hdev, cp->instance);
10547 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
10550 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
10551 mgmt_status(err), &rp, sizeof(rp));
10556 mgmt_pending_free(cmd);
10558 hci_dev_unlock(hdev);
10561 static int add_ext_adv_params_sync(struct hci_dev *hdev, void *data)
10563 struct mgmt_pending_cmd *cmd = data;
10564 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
10566 return hci_setup_ext_adv_instance_sync(hdev, cp->instance);
10569 static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev,
10570 void *data, u16 data_len)
10572 struct mgmt_cp_add_ext_adv_params *cp = data;
10573 struct mgmt_rp_add_ext_adv_params rp;
10574 struct mgmt_pending_cmd *cmd = NULL;
10575 struct adv_info *adv;
10576 u32 flags, min_interval, max_interval;
10577 u16 timeout, duration;
10582 BT_DBG("%s", hdev->name);
10584 status = mgmt_le_support(hdev);
10586 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10589 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
10590 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10591 MGMT_STATUS_INVALID_PARAMS);
10593 /* The purpose of breaking add_advertising into two separate MGMT calls
10594 * for params and data is to allow more parameters to be added to this
10595 * structure in the future. For this reason, we verify that we have the
10596 * bare minimum structure we know of when the interface was defined. Any
10597 * extra parameters we don't know about will be ignored in this request.
10599 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE)
10600 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10601 MGMT_STATUS_INVALID_PARAMS);
10603 flags = __le32_to_cpu(cp->flags);
10605 if (!requested_adv_flags_are_valid(hdev, flags))
10606 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10607 MGMT_STATUS_INVALID_PARAMS);
10609 hci_dev_lock(hdev);
10611 /* In new interface, we require that we are powered to register */
10612 if (!hdev_is_powered(hdev)) {
10613 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10614 MGMT_STATUS_REJECTED);
10618 if (adv_busy(hdev)) {
10619 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10624 /* Parse defined parameters from request, use defaults otherwise */
10625 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ?
10626 __le16_to_cpu(cp->timeout) : 0;
10628 duration = (flags & MGMT_ADV_PARAM_DURATION) ?
10629 __le16_to_cpu(cp->duration) :
10630 hdev->def_multi_adv_rotation_duration;
10632 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
10633 __le32_to_cpu(cp->min_interval) :
10634 hdev->le_adv_min_interval;
10636 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
10637 __le32_to_cpu(cp->max_interval) :
10638 hdev->le_adv_max_interval;
10640 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ?
10642 HCI_ADV_TX_POWER_NO_PREFERENCE;
10644 /* Create advertising instance with no advertising or response data */
10645 adv = hci_add_adv_instance(hdev, cp->instance, flags, 0, NULL, 0, NULL,
10646 timeout, duration, tx_power, min_interval,
10650 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10651 MGMT_STATUS_FAILED);
10655 /* Submit request for advertising params if ext adv available */
10656 if (ext_adv_capable(hdev)) {
10657 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_PARAMS, hdev,
10661 hci_remove_adv_instance(hdev, cp->instance);
10665 err = hci_cmd_sync_queue(hdev, add_ext_adv_params_sync, cmd,
10666 add_ext_adv_params_complete);
10668 mgmt_pending_free(cmd);
10670 rp.instance = cp->instance;
10671 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE;
10672 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
10673 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
10674 err = mgmt_cmd_complete(sk, hdev->id,
10675 MGMT_OP_ADD_EXT_ADV_PARAMS,
10676 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10680 hci_dev_unlock(hdev);
10685 static void add_ext_adv_data_complete(struct hci_dev *hdev, void *data, int err)
10687 struct mgmt_pending_cmd *cmd = data;
10688 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
10689 struct mgmt_rp_add_advertising rp;
10691 add_adv_complete(hdev, cmd->sk, cp->instance, err);
10693 memset(&rp, 0, sizeof(rp));
10695 rp.instance = cp->instance;
10698 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
10701 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
10702 mgmt_status(err), &rp, sizeof(rp));
10704 mgmt_pending_free(cmd);
10707 static int add_ext_adv_data_sync(struct hci_dev *hdev, void *data)
10709 struct mgmt_pending_cmd *cmd = data;
10710 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
10713 if (ext_adv_capable(hdev)) {
10714 err = hci_update_adv_data_sync(hdev, cp->instance);
10718 err = hci_update_scan_rsp_data_sync(hdev, cp->instance);
10722 return hci_enable_ext_advertising_sync(hdev, cp->instance);
10725 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
10728 static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data,
10731 struct mgmt_cp_add_ext_adv_data *cp = data;
10732 struct mgmt_rp_add_ext_adv_data rp;
10733 u8 schedule_instance = 0;
10734 struct adv_info *next_instance;
10735 struct adv_info *adv_instance;
10737 struct mgmt_pending_cmd *cmd;
10739 BT_DBG("%s", hdev->name);
10741 hci_dev_lock(hdev);
10743 adv_instance = hci_find_adv_instance(hdev, cp->instance);
10745 if (!adv_instance) {
10746 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10747 MGMT_STATUS_INVALID_PARAMS);
10751 /* In new interface, we require that we are powered to register */
10752 if (!hdev_is_powered(hdev)) {
10753 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10754 MGMT_STATUS_REJECTED);
10755 goto clear_new_instance;
10758 if (adv_busy(hdev)) {
10759 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10761 goto clear_new_instance;
10764 /* Validate new data */
10765 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data,
10766 cp->adv_data_len, true) ||
10767 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data +
10768 cp->adv_data_len, cp->scan_rsp_len, false)) {
10769 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10770 MGMT_STATUS_INVALID_PARAMS);
10771 goto clear_new_instance;
10774 /* Set the data in the advertising instance */
10775 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len,
10776 cp->data, cp->scan_rsp_len,
10777 cp->data + cp->adv_data_len);
10779 /* If using software rotation, determine next instance to use */
10780 if (hdev->cur_adv_instance == cp->instance) {
10781 /* If the currently advertised instance is being changed
10782 * then cancel the current advertising and schedule the
10783 * next instance. If there is only one instance then the
10784 * overridden advertising data will be visible right
10787 cancel_adv_timeout(hdev);
10789 next_instance = hci_get_next_instance(hdev, cp->instance);
10791 schedule_instance = next_instance->instance;
10792 } else if (!hdev->adv_instance_timeout) {
10793 /* Immediately advertise the new instance if no other
10794 * instance is currently being advertised.
10796 schedule_instance = cp->instance;
10799 /* If the HCI_ADVERTISING flag is set or there is no instance to
10800 * be advertised then we have no HCI communication to make.
10803 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || !schedule_instance) {
10804 if (adv_instance->pending) {
10805 mgmt_advertising_added(sk, hdev, cp->instance);
10806 adv_instance->pending = false;
10808 rp.instance = cp->instance;
10809 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10810 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10814 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data,
10818 goto clear_new_instance;
10821 err = hci_cmd_sync_queue(hdev, add_ext_adv_data_sync, cmd,
10822 add_ext_adv_data_complete);
10824 mgmt_pending_free(cmd);
10825 goto clear_new_instance;
10828 /* We were successful in updating data, so trigger advertising_added
10829 * event if this is an instance that wasn't previously advertising. If
10830 * a failure occurs in the requests we initiated, we will remove the
10831 * instance again in add_advertising_complete
10833 if (adv_instance->pending)
10834 mgmt_advertising_added(sk, hdev, cp->instance);
10838 clear_new_instance:
10839 hci_remove_adv_instance(hdev, cp->instance);
10842 hci_dev_unlock(hdev);
10847 static void remove_advertising_complete(struct hci_dev *hdev, void *data,
10850 struct mgmt_pending_cmd *cmd = data;
10851 struct mgmt_cp_remove_advertising *cp = cmd->param;
10852 struct mgmt_rp_remove_advertising rp;
10854 bt_dev_dbg(hdev, "err %d", err);
10856 memset(&rp, 0, sizeof(rp));
10857 rp.instance = cp->instance;
10860 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
10863 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
10864 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10866 mgmt_pending_free(cmd);
10869 static int remove_advertising_sync(struct hci_dev *hdev, void *data)
10871 struct mgmt_pending_cmd *cmd = data;
10872 struct mgmt_cp_remove_advertising *cp = cmd->param;
10875 err = hci_remove_advertising_sync(hdev, cmd->sk, cp->instance, true);
10879 if (list_empty(&hdev->adv_instances))
10880 err = hci_disable_advertising_sync(hdev);
10885 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
10886 void *data, u16 data_len)
10888 struct mgmt_cp_remove_advertising *cp = data;
10889 struct mgmt_pending_cmd *cmd;
10892 bt_dev_dbg(hdev, "sock %p", sk);
10894 hci_dev_lock(hdev);
10896 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
10897 err = mgmt_cmd_status(sk, hdev->id,
10898 MGMT_OP_REMOVE_ADVERTISING,
10899 MGMT_STATUS_INVALID_PARAMS);
10903 if (pending_find(MGMT_OP_SET_LE, hdev)) {
10904 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
10909 if (list_empty(&hdev->adv_instances)) {
10910 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
10911 MGMT_STATUS_INVALID_PARAMS);
10915 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
10922 err = hci_cmd_sync_queue(hdev, remove_advertising_sync, cmd,
10923 remove_advertising_complete);
10925 mgmt_pending_free(cmd);
10928 hci_dev_unlock(hdev);
10933 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
10934 void *data, u16 data_len)
10936 struct mgmt_cp_get_adv_size_info *cp = data;
10937 struct mgmt_rp_get_adv_size_info rp;
10938 u32 flags, supported_flags;
10940 bt_dev_dbg(hdev, "sock %p", sk);
10942 if (!lmp_le_capable(hdev))
10943 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
10944 MGMT_STATUS_REJECTED);
10946 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
10947 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
10948 MGMT_STATUS_INVALID_PARAMS);
10950 flags = __le32_to_cpu(cp->flags);
10952 /* The current implementation only supports a subset of the specified
10955 supported_flags = get_supported_adv_flags(hdev);
10956 if (flags & ~supported_flags)
10957 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
10958 MGMT_STATUS_INVALID_PARAMS);
10960 rp.instance = cp->instance;
10961 rp.flags = cp->flags;
10962 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
10963 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
10965 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
10966 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10969 static const struct hci_mgmt_handler mgmt_handlers[] = {
10970 { NULL }, /* 0x0000 (no command) */
10971 { read_version, MGMT_READ_VERSION_SIZE,
10973 HCI_MGMT_UNTRUSTED },
10974 { read_commands, MGMT_READ_COMMANDS_SIZE,
10976 HCI_MGMT_UNTRUSTED },
10977 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
10979 HCI_MGMT_UNTRUSTED },
10980 { read_controller_info, MGMT_READ_INFO_SIZE,
10981 HCI_MGMT_UNTRUSTED },
10982 { set_powered, MGMT_SETTING_SIZE },
10983 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
10984 { set_connectable, MGMT_SETTING_SIZE },
10985 { set_fast_connectable, MGMT_SETTING_SIZE },
10986 { set_bondable, MGMT_SETTING_SIZE },
10987 { set_link_security, MGMT_SETTING_SIZE },
10988 { set_ssp, MGMT_SETTING_SIZE },
10989 { set_hs, MGMT_SETTING_SIZE },
10990 { set_le, MGMT_SETTING_SIZE },
10991 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
10992 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
10993 { add_uuid, MGMT_ADD_UUID_SIZE },
10994 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
10995 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
10996 HCI_MGMT_VAR_LEN },
10997 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
10998 HCI_MGMT_VAR_LEN },
10999 { disconnect, MGMT_DISCONNECT_SIZE },
11000 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
11001 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
11002 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
11003 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
11004 { pair_device, MGMT_PAIR_DEVICE_SIZE },
11005 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
11006 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
11007 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
11008 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
11009 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
11010 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
11011 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
11012 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
11013 HCI_MGMT_VAR_LEN },
11014 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
11015 { start_discovery, MGMT_START_DISCOVERY_SIZE },
11016 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
11017 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
11018 { block_device, MGMT_BLOCK_DEVICE_SIZE },
11019 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
11020 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
11021 { set_advertising, MGMT_SETTING_SIZE },
11022 { set_bredr, MGMT_SETTING_SIZE },
11023 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
11024 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
11025 { set_secure_conn, MGMT_SETTING_SIZE },
11026 { set_debug_keys, MGMT_SETTING_SIZE },
11027 { set_privacy, MGMT_SET_PRIVACY_SIZE },
11028 { load_irks, MGMT_LOAD_IRKS_SIZE,
11029 HCI_MGMT_VAR_LEN },
11030 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
11031 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
11032 { add_device, MGMT_ADD_DEVICE_SIZE },
11033 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
11034 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
11035 HCI_MGMT_VAR_LEN },
11036 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
11038 HCI_MGMT_UNTRUSTED },
11039 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
11040 HCI_MGMT_UNCONFIGURED |
11041 HCI_MGMT_UNTRUSTED },
11042 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
11043 HCI_MGMT_UNCONFIGURED },
11044 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
11045 HCI_MGMT_UNCONFIGURED },
11046 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
11047 HCI_MGMT_VAR_LEN },
11048 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
11049 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
11051 HCI_MGMT_UNTRUSTED },
11052 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
11053 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
11054 HCI_MGMT_VAR_LEN },
11055 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
11056 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
11057 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
11058 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
11059 HCI_MGMT_UNTRUSTED },
11060 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
11061 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
11062 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
11063 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
11064 HCI_MGMT_VAR_LEN },
11065 { set_wideband_speech, MGMT_SETTING_SIZE },
11066 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE,
11067 HCI_MGMT_UNTRUSTED },
11068 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE,
11069 HCI_MGMT_UNTRUSTED |
11070 HCI_MGMT_HDEV_OPTIONAL },
11071 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE,
11073 HCI_MGMT_HDEV_OPTIONAL },
11074 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE,
11075 HCI_MGMT_UNTRUSTED },
11076 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE,
11077 HCI_MGMT_VAR_LEN },
11078 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE,
11079 HCI_MGMT_UNTRUSTED },
11080 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE,
11081 HCI_MGMT_VAR_LEN },
11082 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE },
11083 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE },
11084 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE },
11085 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE,
11086 HCI_MGMT_VAR_LEN },
11087 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE },
11088 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE,
11089 HCI_MGMT_VAR_LEN },
11090 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE,
11091 HCI_MGMT_VAR_LEN },
11092 { add_adv_patterns_monitor_rssi,
11093 MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE,
11094 HCI_MGMT_VAR_LEN },
11095 { set_mesh, MGMT_SET_MESH_RECEIVER_SIZE,
11096 HCI_MGMT_VAR_LEN },
11097 { mesh_features, MGMT_MESH_READ_FEATURES_SIZE },
11098 { mesh_send, MGMT_MESH_SEND_SIZE,
11099 HCI_MGMT_VAR_LEN },
11100 { mesh_send_cancel, MGMT_MESH_SEND_CANCEL_SIZE },
11104 static const struct hci_mgmt_handler tizen_mgmt_handlers[] = {
11105 { NULL }, /* 0x0000 (no command) */
11106 { set_advertising_params, MGMT_SET_ADVERTISING_PARAMS_SIZE },
11107 { set_advertising_data, MGMT_SET_ADV_MIN_APP_DATA_SIZE,
11108 HCI_MGMT_VAR_LEN },
11109 { set_scan_rsp_data, MGMT_SET_SCAN_RSP_MIN_APP_DATA_SIZE,
11110 HCI_MGMT_VAR_LEN },
11111 { add_white_list, MGMT_ADD_DEV_WHITE_LIST_SIZE },
11112 { remove_from_white_list, MGMT_REMOVE_DEV_FROM_WHITE_LIST_SIZE },
11113 { clear_white_list, MGMT_OP_CLEAR_DEV_WHITE_LIST_SIZE },
11114 { set_enable_rssi, MGMT_SET_RSSI_ENABLE_SIZE },
11115 { get_raw_rssi, MGMT_GET_RAW_RSSI_SIZE },
11116 { set_disable_threshold, MGMT_SET_RSSI_DISABLE_SIZE },
11117 { start_le_discovery, MGMT_START_LE_DISCOVERY_SIZE },
11118 { stop_le_discovery, MGMT_STOP_LE_DISCOVERY_SIZE },
11119 { disable_le_auto_connect, MGMT_DISABLE_LE_AUTO_CONNECT_SIZE },
11120 { le_conn_update, MGMT_LE_CONN_UPDATE_SIZE },
11121 { set_manufacturer_data, MGMT_SET_MANUFACTURER_DATA_SIZE },
11122 { le_set_scan_params, MGMT_LE_SET_SCAN_PARAMS_SIZE },
11126 void mgmt_index_added(struct hci_dev *hdev)
11128 struct mgmt_ev_ext_index ev;
11130 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
11133 switch (hdev->dev_type) {
11135 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
11136 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
11137 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
11140 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
11141 HCI_MGMT_INDEX_EVENTS);
11152 ev.bus = hdev->bus;
11154 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
11155 HCI_MGMT_EXT_INDEX_EVENTS);
11158 void mgmt_index_removed(struct hci_dev *hdev)
11160 struct mgmt_ev_ext_index ev;
11161 u8 status = MGMT_STATUS_INVALID_INDEX;
11163 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
11166 switch (hdev->dev_type) {
11168 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
11170 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
11171 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
11172 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
11175 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
11176 HCI_MGMT_INDEX_EVENTS);
11187 ev.bus = hdev->bus;
11189 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
11190 HCI_MGMT_EXT_INDEX_EVENTS);
11192 /* Cancel any remaining timed work */
11193 if (!hci_dev_test_flag(hdev, HCI_MGMT))
11195 cancel_delayed_work_sync(&hdev->discov_off);
11196 cancel_delayed_work_sync(&hdev->service_cache);
11197 cancel_delayed_work_sync(&hdev->rpa_expired);
11200 void mgmt_power_on(struct hci_dev *hdev, int err)
11202 struct cmd_lookup match = { NULL, hdev };
11204 bt_dev_dbg(hdev, "err %d", err);
11206 hci_dev_lock(hdev);
11209 restart_le_actions(hdev);
11210 hci_update_passive_scan(hdev);
11213 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
11215 new_settings(hdev, match.sk);
11218 sock_put(match.sk);
11220 hci_dev_unlock(hdev);
11223 void __mgmt_power_off(struct hci_dev *hdev)
11225 struct cmd_lookup match = { NULL, hdev };
11226 u8 status, zero_cod[] = { 0, 0, 0 };
11228 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
11230 /* If the power off is because of hdev unregistration let
11231 * use the appropriate INVALID_INDEX status. Otherwise use
11232 * NOT_POWERED. We cover both scenarios here since later in
11233 * mgmt_index_removed() any hci_conn callbacks will have already
11234 * been triggered, potentially causing misleading DISCONNECTED
11235 * status responses.
11237 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
11238 status = MGMT_STATUS_INVALID_INDEX;
11240 status = MGMT_STATUS_NOT_POWERED;
11242 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
11244 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
11245 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
11246 zero_cod, sizeof(zero_cod),
11247 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
11248 ext_info_changed(hdev, NULL);
11251 new_settings(hdev, match.sk);
11254 sock_put(match.sk);
11257 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
11259 struct mgmt_pending_cmd *cmd;
11262 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
11266 if (err == -ERFKILL)
11267 status = MGMT_STATUS_RFKILLED;
11269 status = MGMT_STATUS_FAILED;
11271 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
11273 mgmt_pending_remove(cmd);
11276 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
11279 struct mgmt_ev_new_link_key ev;
11281 memset(&ev, 0, sizeof(ev));
11283 ev.store_hint = persistent;
11284 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
11285 ev.key.addr.type = link_to_bdaddr(key->link_type, key->bdaddr_type);
11286 ev.key.type = key->type;
11287 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
11288 ev.key.pin_len = key->pin_len;
11290 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
11293 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
11295 switch (ltk->type) {
11297 case SMP_LTK_RESPONDER:
11298 if (ltk->authenticated)
11299 return MGMT_LTK_AUTHENTICATED;
11300 return MGMT_LTK_UNAUTHENTICATED;
11302 if (ltk->authenticated)
11303 return MGMT_LTK_P256_AUTH;
11304 return MGMT_LTK_P256_UNAUTH;
11305 case SMP_LTK_P256_DEBUG:
11306 return MGMT_LTK_P256_DEBUG;
11309 return MGMT_LTK_UNAUTHENTICATED;
11312 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
11314 struct mgmt_ev_new_long_term_key ev;
11316 memset(&ev, 0, sizeof(ev));
11318 /* Devices using resolvable or non-resolvable random addresses
11319 * without providing an identity resolving key don't require
11320 * to store long term keys. Their addresses will change the
11321 * next time around.
11323 * Only when a remote device provides an identity address
11324 * make sure the long term key is stored. If the remote
11325 * identity is known, the long term keys are internally
11326 * mapped to the identity address. So allow static random
11327 * and public addresses here.
11329 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
11330 (key->bdaddr.b[5] & 0xc0) != 0xc0)
11331 ev.store_hint = 0x00;
11333 ev.store_hint = persistent;
11335 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
11336 ev.key.addr.type = link_to_bdaddr(key->link_type, key->bdaddr_type);
11337 ev.key.type = mgmt_ltk_type(key);
11338 ev.key.enc_size = key->enc_size;
11339 ev.key.ediv = key->ediv;
11340 ev.key.rand = key->rand;
11342 if (key->type == SMP_LTK)
11343 ev.key.initiator = 1;
11345 /* Make sure we copy only the significant bytes based on the
11346 * encryption key size, and set the rest of the value to zeroes.
11348 memcpy(ev.key.val, key->val, key->enc_size);
11349 memset(ev.key.val + key->enc_size, 0,
11350 sizeof(ev.key.val) - key->enc_size);
11352 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
11355 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
11357 struct mgmt_ev_new_irk ev;
11359 memset(&ev, 0, sizeof(ev));
11361 ev.store_hint = persistent;
11363 bacpy(&ev.rpa, &irk->rpa);
11364 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
11365 ev.irk.addr.type = link_to_bdaddr(irk->link_type, irk->addr_type);
11366 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
11368 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
11371 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
11374 struct mgmt_ev_new_csrk ev;
11376 memset(&ev, 0, sizeof(ev));
11378 /* Devices using resolvable or non-resolvable random addresses
11379 * without providing an identity resolving key don't require
11380 * to store signature resolving keys. Their addresses will change
11381 * the next time around.
11383 * Only when a remote device provides an identity address
11384 * make sure the signature resolving key is stored. So allow
11385 * static random and public addresses here.
11387 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
11388 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
11389 ev.store_hint = 0x00;
11391 ev.store_hint = persistent;
11393 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
11394 ev.key.addr.type = link_to_bdaddr(csrk->link_type, csrk->bdaddr_type);
11395 ev.key.type = csrk->type;
11396 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
11398 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
11401 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
11402 u8 bdaddr_type, u8 store_hint, u16 min_interval,
11403 u16 max_interval, u16 latency, u16 timeout)
11405 struct mgmt_ev_new_conn_param ev;
11407 if (!hci_is_identity_address(bdaddr, bdaddr_type))
11410 memset(&ev, 0, sizeof(ev));
11411 bacpy(&ev.addr.bdaddr, bdaddr);
11412 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
11413 ev.store_hint = store_hint;
11414 ev.min_interval = cpu_to_le16(min_interval);
11415 ev.max_interval = cpu_to_le16(max_interval);
11416 ev.latency = cpu_to_le16(latency);
11417 ev.timeout = cpu_to_le16(timeout);
11419 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
11422 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
11423 u8 *name, u8 name_len)
11425 struct sk_buff *skb;
11426 struct mgmt_ev_device_connected *ev;
11430 /* allocate buff for LE or BR/EDR adv */
11431 if (conn->le_adv_data_len > 0)
11432 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
11433 sizeof(*ev) + conn->le_adv_data_len);
11435 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
11436 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0) +
11437 eir_precalc_len(sizeof(conn->dev_class)));
11439 ev = skb_put(skb, sizeof(*ev));
11440 bacpy(&ev->addr.bdaddr, &conn->dst);
11441 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
11444 flags |= MGMT_DEV_FOUND_INITIATED_CONN;
11446 ev->flags = __cpu_to_le32(flags);
11448 /* We must ensure that the EIR Data fields are ordered and
11449 * unique. Keep it simple for now and avoid the problem by not
11450 * adding any BR/EDR data to the LE adv.
11452 if (conn->le_adv_data_len > 0) {
11453 skb_put_data(skb, conn->le_adv_data, conn->le_adv_data_len);
11454 eir_len = conn->le_adv_data_len;
11457 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
11459 if (memcmp(conn->dev_class, "\0\0\0", sizeof(conn->dev_class)))
11460 eir_len += eir_skb_put_data(skb, EIR_CLASS_OF_DEV,
11461 conn->dev_class, sizeof(conn->dev_class));
11464 ev->eir_len = cpu_to_le16(eir_len);
11466 mgmt_event_skb(skb, NULL);
11469 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
11471 struct sock **sk = data;
11473 cmd->cmd_complete(cmd, 0);
11478 mgmt_pending_remove(cmd);
11481 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
11483 struct hci_dev *hdev = data;
11484 struct mgmt_cp_unpair_device *cp = cmd->param;
11486 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
11488 cmd->cmd_complete(cmd, 0);
11489 mgmt_pending_remove(cmd);
11492 bool mgmt_powering_down(struct hci_dev *hdev)
11494 struct mgmt_pending_cmd *cmd;
11495 struct mgmt_mode *cp;
11497 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
11508 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
11509 u8 link_type, u8 addr_type, u8 reason,
11510 bool mgmt_connected)
11512 struct mgmt_ev_device_disconnected ev;
11513 struct sock *sk = NULL;
11515 /* The connection is still in hci_conn_hash so test for 1
11516 * instead of 0 to know if this is the last one.
11518 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
11519 cancel_delayed_work(&hdev->power_off);
11520 queue_work(hdev->req_workqueue, &hdev->power_off.work);
11523 if (!mgmt_connected)
11526 if (link_type != ACL_LINK && link_type != LE_LINK)
11529 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
11531 bacpy(&ev.addr.bdaddr, bdaddr);
11532 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11533 ev.reason = reason;
11535 /* Report disconnects due to suspend */
11536 if (hdev->suspended)
11537 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND;
11539 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
11544 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
11548 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
11549 u8 link_type, u8 addr_type, u8 status)
11551 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
11552 struct mgmt_cp_disconnect *cp;
11553 struct mgmt_pending_cmd *cmd;
11555 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
11558 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
11564 if (bacmp(bdaddr, &cp->addr.bdaddr))
11567 if (cp->addr.type != bdaddr_type)
11570 cmd->cmd_complete(cmd, mgmt_status(status));
11571 mgmt_pending_remove(cmd);
11574 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
11575 u8 addr_type, u8 status)
11577 struct mgmt_ev_connect_failed ev;
11579 /* The connection is still in hci_conn_hash so test for 1
11580 * instead of 0 to know if this is the last one.
11582 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
11583 cancel_delayed_work(&hdev->power_off);
11584 queue_work(hdev->req_workqueue, &hdev->power_off.work);
11587 bacpy(&ev.addr.bdaddr, bdaddr);
11588 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11589 ev.status = mgmt_status(status);
11591 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
11594 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
11596 struct mgmt_ev_pin_code_request ev;
11598 bacpy(&ev.addr.bdaddr, bdaddr);
11599 ev.addr.type = BDADDR_BREDR;
11600 ev.secure = secure;
11602 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
11605 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11608 struct mgmt_pending_cmd *cmd;
11610 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
11614 cmd->cmd_complete(cmd, mgmt_status(status));
11615 mgmt_pending_remove(cmd);
11618 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11621 struct mgmt_pending_cmd *cmd;
11623 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
11627 cmd->cmd_complete(cmd, mgmt_status(status));
11628 mgmt_pending_remove(cmd);
11631 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
11632 u8 link_type, u8 addr_type, u32 value,
11635 struct mgmt_ev_user_confirm_request ev;
11637 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
11639 bacpy(&ev.addr.bdaddr, bdaddr);
11640 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11641 ev.confirm_hint = confirm_hint;
11642 ev.value = cpu_to_le32(value);
11644 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
11648 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
11649 u8 link_type, u8 addr_type)
11651 struct mgmt_ev_user_passkey_request ev;
11653 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
11655 bacpy(&ev.addr.bdaddr, bdaddr);
11656 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11658 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
11662 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11663 u8 link_type, u8 addr_type, u8 status,
11666 struct mgmt_pending_cmd *cmd;
11668 cmd = pending_find(opcode, hdev);
11672 cmd->cmd_complete(cmd, mgmt_status(status));
11673 mgmt_pending_remove(cmd);
11678 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11679 u8 link_type, u8 addr_type, u8 status)
11681 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
11682 status, MGMT_OP_USER_CONFIRM_REPLY);
11685 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11686 u8 link_type, u8 addr_type, u8 status)
11688 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
11690 MGMT_OP_USER_CONFIRM_NEG_REPLY);
11693 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11694 u8 link_type, u8 addr_type, u8 status)
11696 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
11697 status, MGMT_OP_USER_PASSKEY_REPLY);
11700 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11701 u8 link_type, u8 addr_type, u8 status)
11703 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
11705 MGMT_OP_USER_PASSKEY_NEG_REPLY);
11708 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
11709 u8 link_type, u8 addr_type, u32 passkey,
11712 struct mgmt_ev_passkey_notify ev;
11714 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
11716 bacpy(&ev.addr.bdaddr, bdaddr);
11717 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11718 ev.passkey = __cpu_to_le32(passkey);
11719 ev.entered = entered;
11721 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
11724 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
11726 struct mgmt_ev_auth_failed ev;
11727 struct mgmt_pending_cmd *cmd;
11728 u8 status = mgmt_status(hci_status);
11730 bacpy(&ev.addr.bdaddr, &conn->dst);
11731 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
11732 ev.status = status;
11734 cmd = find_pairing(conn);
11736 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
11737 cmd ? cmd->sk : NULL);
11740 cmd->cmd_complete(cmd, status);
11741 mgmt_pending_remove(cmd);
11745 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
11747 struct cmd_lookup match = { NULL, hdev };
11751 u8 mgmt_err = mgmt_status(status);
11752 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
11753 cmd_status_rsp, &mgmt_err);
11757 if (test_bit(HCI_AUTH, &hdev->flags))
11758 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
11760 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
11762 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
11766 new_settings(hdev, match.sk);
11769 sock_put(match.sk);
11772 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
11774 struct cmd_lookup *match = data;
11776 if (match->sk == NULL) {
11777 match->sk = cmd->sk;
11778 sock_hold(match->sk);
11782 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
11785 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
11787 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
11788 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
11789 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
11792 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
11793 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
11794 ext_info_changed(hdev, NULL);
11798 sock_put(match.sk);
11801 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
11803 struct mgmt_cp_set_local_name ev;
11804 struct mgmt_pending_cmd *cmd;
11809 memset(&ev, 0, sizeof(ev));
11810 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
11811 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
11813 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
11815 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
11817 /* If this is a HCI command related to powering on the
11818 * HCI dev don't send any mgmt signals.
11820 if (pending_find(MGMT_OP_SET_POWERED, hdev))
11824 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
11825 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
11826 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
11829 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
11833 for (i = 0; i < uuid_count; i++) {
11834 if (!memcmp(uuid, uuids[i], 16))
11841 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
11845 while (parsed < eir_len) {
11846 u8 field_len = eir[0];
11850 if (field_len == 0)
11853 if (eir_len - parsed < field_len + 1)
11857 case EIR_UUID16_ALL:
11858 case EIR_UUID16_SOME:
11859 for (i = 0; i + 3 <= field_len; i += 2) {
11860 memcpy(uuid, bluetooth_base_uuid, 16);
11861 uuid[13] = eir[i + 3];
11862 uuid[12] = eir[i + 2];
11863 if (has_uuid(uuid, uuid_count, uuids))
11867 case EIR_UUID32_ALL:
11868 case EIR_UUID32_SOME:
11869 for (i = 0; i + 5 <= field_len; i += 4) {
11870 memcpy(uuid, bluetooth_base_uuid, 16);
11871 uuid[15] = eir[i + 5];
11872 uuid[14] = eir[i + 4];
11873 uuid[13] = eir[i + 3];
11874 uuid[12] = eir[i + 2];
11875 if (has_uuid(uuid, uuid_count, uuids))
11879 case EIR_UUID128_ALL:
11880 case EIR_UUID128_SOME:
11881 for (i = 0; i + 17 <= field_len; i += 16) {
11882 memcpy(uuid, eir + i + 2, 16);
11883 if (has_uuid(uuid, uuid_count, uuids))
11889 parsed += field_len + 1;
11890 eir += field_len + 1;
11896 static void restart_le_scan(struct hci_dev *hdev)
11898 /* If controller is not scanning we are done. */
11899 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
11902 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
11903 hdev->discovery.scan_start +
11904 hdev->discovery.scan_duration))
11907 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
11908 DISCOV_LE_RESTART_DELAY);
11911 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
11912 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
11914 /* If a RSSI threshold has been specified, and
11915 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
11916 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
11917 * is set, let it through for further processing, as we might need to
11918 * restart the scan.
11920 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
11921 * the results are also dropped.
11923 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
11924 (rssi == HCI_RSSI_INVALID ||
11925 (rssi < hdev->discovery.rssi &&
11926 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
11929 if (hdev->discovery.uuid_count != 0) {
11930 /* If a list of UUIDs is provided in filter, results with no
11931 * matching UUID should be dropped.
11933 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
11934 hdev->discovery.uuids) &&
11935 !eir_has_uuids(scan_rsp, scan_rsp_len,
11936 hdev->discovery.uuid_count,
11937 hdev->discovery.uuids))
11941 /* If duplicate filtering does not report RSSI changes, then restart
11942 * scanning to ensure updated result with updated RSSI values.
11944 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
11945 restart_le_scan(hdev);
11947 /* Validate RSSI value against the RSSI threshold once more. */
11948 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
11949 rssi < hdev->discovery.rssi)
11956 void mgmt_adv_monitor_device_lost(struct hci_dev *hdev, u16 handle,
11957 bdaddr_t *bdaddr, u8 addr_type)
11959 struct mgmt_ev_adv_monitor_device_lost ev;
11961 ev.monitor_handle = cpu_to_le16(handle);
11962 bacpy(&ev.addr.bdaddr, bdaddr);
11963 ev.addr.type = addr_type;
11965 mgmt_event(MGMT_EV_ADV_MONITOR_DEVICE_LOST, hdev, &ev, sizeof(ev),
11969 static void mgmt_send_adv_monitor_device_found(struct hci_dev *hdev,
11970 struct sk_buff *skb,
11971 struct sock *skip_sk,
11974 struct sk_buff *advmon_skb;
11975 size_t advmon_skb_len;
11976 __le16 *monitor_handle;
11981 advmon_skb_len = (sizeof(struct mgmt_ev_adv_monitor_device_found) -
11982 sizeof(struct mgmt_ev_device_found)) + skb->len;
11983 advmon_skb = mgmt_alloc_skb(hdev, MGMT_EV_ADV_MONITOR_DEVICE_FOUND,
11988 /* ADV_MONITOR_DEVICE_FOUND is similar to DEVICE_FOUND event except
11989 * that it also has 'monitor_handle'. Make a copy of DEVICE_FOUND and
11990 * store monitor_handle of the matched monitor.
11992 monitor_handle = skb_put(advmon_skb, sizeof(*monitor_handle));
11993 *monitor_handle = cpu_to_le16(handle);
11994 skb_put_data(advmon_skb, skb->data, skb->len);
11996 mgmt_event_skb(advmon_skb, skip_sk);
11999 static void mgmt_adv_monitor_device_found(struct hci_dev *hdev,
12000 bdaddr_t *bdaddr, bool report_device,
12001 struct sk_buff *skb,
12002 struct sock *skip_sk)
12004 struct monitored_device *dev, *tmp;
12005 bool matched = false;
12006 bool notified = false;
12008 /* We have received the Advertisement Report because:
12009 * 1. the kernel has initiated active discovery
12010 * 2. if not, we have pend_le_reports > 0 in which case we are doing
12012 * 3. if none of the above is true, we have one or more active
12013 * Advertisement Monitor
12015 * For case 1 and 2, report all advertisements via MGMT_EV_DEVICE_FOUND
12016 * and report ONLY one advertisement per device for the matched Monitor
12017 * via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event.
12019 * For case 3, since we are not active scanning and all advertisements
12020 * received are due to a matched Advertisement Monitor, report all
12021 * advertisements ONLY via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event.
12023 if (report_device && !hdev->advmon_pend_notify) {
12024 mgmt_event_skb(skb, skip_sk);
12028 hdev->advmon_pend_notify = false;
12030 list_for_each_entry_safe(dev, tmp, &hdev->monitored_devices, list) {
12031 if (!bacmp(&dev->bdaddr, bdaddr)) {
12034 if (!dev->notified) {
12035 mgmt_send_adv_monitor_device_found(hdev, skb,
12039 dev->notified = true;
12043 if (!dev->notified)
12044 hdev->advmon_pend_notify = true;
12047 if (!report_device &&
12048 ((matched && !notified) || !msft_monitor_supported(hdev))) {
12049 /* Handle 0 indicates that we are not active scanning and this
12050 * is a subsequent advertisement report for an already matched
12051 * Advertisement Monitor or the controller offloading support
12052 * is not available.
12054 mgmt_send_adv_monitor_device_found(hdev, skb, skip_sk, 0);
12058 mgmt_event_skb(skb, skip_sk);
12063 static void mesh_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr,
12064 u8 addr_type, s8 rssi, u32 flags, u8 *eir,
12065 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len,
12068 struct sk_buff *skb;
12069 struct mgmt_ev_mesh_device_found *ev;
12072 if (!hdev->mesh_ad_types[0])
12075 /* Scan for requested AD types */
12077 for (i = 0; i + 1 < eir_len; i += eir[i] + 1) {
12078 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) {
12079 if (!hdev->mesh_ad_types[j])
12082 if (hdev->mesh_ad_types[j] == eir[i + 1])
12088 if (scan_rsp_len > 0) {
12089 for (i = 0; i + 1 < scan_rsp_len; i += scan_rsp[i] + 1) {
12090 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) {
12091 if (!hdev->mesh_ad_types[j])
12094 if (hdev->mesh_ad_types[j] == scan_rsp[i + 1])
12103 skb = mgmt_alloc_skb(hdev, MGMT_EV_MESH_DEVICE_FOUND,
12104 sizeof(*ev) + eir_len + scan_rsp_len);
12108 ev = skb_put(skb, sizeof(*ev));
12110 bacpy(&ev->addr.bdaddr, bdaddr);
12111 ev->addr.type = link_to_bdaddr(LE_LINK, addr_type);
12113 ev->flags = cpu_to_le32(flags);
12114 ev->instant = cpu_to_le64(instant);
12117 /* Copy EIR or advertising data into event */
12118 skb_put_data(skb, eir, eir_len);
12120 if (scan_rsp_len > 0)
12121 /* Append scan response data to event */
12122 skb_put_data(skb, scan_rsp, scan_rsp_len);
12124 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
12126 mgmt_event_skb(skb, NULL);
12129 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
12130 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
12131 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len,
12134 struct sk_buff *skb;
12135 struct mgmt_ev_device_found *ev;
12136 bool report_device = hci_discovery_active(hdev);
12138 if (hci_dev_test_flag(hdev, HCI_MESH) && link_type == LE_LINK)
12139 mesh_device_found(hdev, bdaddr, addr_type, rssi, flags,
12140 eir, eir_len, scan_rsp, scan_rsp_len,
12143 /* Don't send events for a non-kernel initiated discovery. With
12144 * LE one exception is if we have pend_le_reports > 0 in which
12145 * case we're doing passive scanning and want these events.
12147 if (!hci_discovery_active(hdev)) {
12148 if (link_type == ACL_LINK)
12150 if (link_type == LE_LINK && !list_empty(&hdev->pend_le_reports))
12151 report_device = true;
12152 else if (!hci_is_adv_monitoring(hdev))
12156 if (hdev->discovery.result_filtering) {
12157 /* We are using service discovery */
12158 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
12163 if (hdev->discovery.limited) {
12164 /* Check for limited discoverable bit */
12166 if (!(dev_class[1] & 0x20))
12169 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
12170 if (!flags || !(flags[0] & LE_AD_LIMITED))
12175 /* Allocate skb. The 5 extra bytes are for the potential CoD field */
12176 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
12177 sizeof(*ev) + eir_len + scan_rsp_len + 5);
12181 ev = skb_put(skb, sizeof(*ev));
12183 /* In case of device discovery with BR/EDR devices (pre 1.2), the
12184 * RSSI value was reported as 0 when not available. This behavior
12185 * is kept when using device discovery. This is required for full
12186 * backwards compatibility with the API.
12188 * However when using service discovery, the value 127 will be
12189 * returned when the RSSI is not available.
12191 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
12192 link_type == ACL_LINK)
12195 bacpy(&ev->addr.bdaddr, bdaddr);
12196 ev->addr.type = link_to_bdaddr(link_type, addr_type);
12198 ev->flags = cpu_to_le32(flags);
12201 /* Copy EIR or advertising data into event */
12202 skb_put_data(skb, eir, eir_len);
12204 if (dev_class && !eir_get_data(eir, eir_len, EIR_CLASS_OF_DEV, NULL)) {
12207 eir_len += eir_append_data(eir_cod, 0, EIR_CLASS_OF_DEV,
12209 skb_put_data(skb, eir_cod, sizeof(eir_cod));
12212 if (scan_rsp_len > 0)
12213 /* Append scan response data to event */
12214 skb_put_data(skb, scan_rsp, scan_rsp_len);
12216 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
12218 mgmt_adv_monitor_device_found(hdev, bdaddr, report_device, skb, NULL);
12221 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
12222 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
12224 struct sk_buff *skb;
12225 struct mgmt_ev_device_found *ev;
12229 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
12230 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0));
12232 ev = skb_put(skb, sizeof(*ev));
12233 bacpy(&ev->addr.bdaddr, bdaddr);
12234 ev->addr.type = link_to_bdaddr(link_type, addr_type);
12238 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
12240 flags = MGMT_DEV_FOUND_NAME_REQUEST_FAILED;
12242 ev->eir_len = cpu_to_le16(eir_len);
12243 ev->flags = cpu_to_le32(flags);
12245 mgmt_event_skb(skb, NULL);
12248 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
12250 struct mgmt_ev_discovering ev;
12252 bt_dev_dbg(hdev, "discovering %u", discovering);
12254 memset(&ev, 0, sizeof(ev));
12255 ev.type = hdev->discovery.type;
12256 ev.discovering = discovering;
12258 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
12261 void mgmt_suspending(struct hci_dev *hdev, u8 state)
12263 struct mgmt_ev_controller_suspend ev;
12265 ev.suspend_state = state;
12266 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL);
12269 void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr,
12272 struct mgmt_ev_controller_resume ev;
12274 ev.wake_reason = reason;
12276 bacpy(&ev.addr.bdaddr, bdaddr);
12277 ev.addr.type = addr_type;
12279 memset(&ev.addr, 0, sizeof(ev.addr));
12282 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL);
12285 static struct hci_mgmt_chan chan = {
12286 .channel = HCI_CHANNEL_CONTROL,
12287 .handler_count = ARRAY_SIZE(mgmt_handlers),
12288 .handlers = mgmt_handlers,
12290 .tizen_handler_count = ARRAY_SIZE(tizen_mgmt_handlers),
12291 .tizen_handlers = tizen_mgmt_handlers,
12293 .hdev_init = mgmt_init_hdev,
12296 int mgmt_init(void)
12298 return hci_mgmt_chan_register(&chan);
12301 void mgmt_exit(void)
12303 hci_mgmt_chan_unregister(&chan);
12306 void mgmt_cleanup(struct sock *sk)
12308 struct mgmt_mesh_tx *mesh_tx;
12309 struct hci_dev *hdev;
12311 read_lock(&hci_dev_list_lock);
12313 list_for_each_entry(hdev, &hci_dev_list, list) {
12315 mesh_tx = mgmt_mesh_next(hdev, sk);
12318 mesh_send_complete(hdev, mesh_tx, true);
12322 read_unlock(&hci_dev_list_lock);
projects / platform / kernel / linux-starfive.git / blob