2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include <net/bluetooth/mgmt_tizen.h>
39 #include "hci_request.h"
41 #include "mgmt_util.h"
42 #include "mgmt_config.h"
47 #define MGMT_VERSION 1
48 #define MGMT_REVISION 22
50 static const u16 mgmt_commands[] = {
51 MGMT_OP_READ_INDEX_LIST,
54 MGMT_OP_SET_DISCOVERABLE,
55 MGMT_OP_SET_CONNECTABLE,
56 MGMT_OP_SET_FAST_CONNECTABLE,
58 MGMT_OP_SET_LINK_SECURITY,
62 MGMT_OP_SET_DEV_CLASS,
63 MGMT_OP_SET_LOCAL_NAME,
66 MGMT_OP_LOAD_LINK_KEYS,
67 MGMT_OP_LOAD_LONG_TERM_KEYS,
69 MGMT_OP_GET_CONNECTIONS,
70 MGMT_OP_PIN_CODE_REPLY,
71 MGMT_OP_PIN_CODE_NEG_REPLY,
72 MGMT_OP_SET_IO_CAPABILITY,
74 MGMT_OP_CANCEL_PAIR_DEVICE,
75 MGMT_OP_UNPAIR_DEVICE,
76 MGMT_OP_USER_CONFIRM_REPLY,
77 MGMT_OP_USER_CONFIRM_NEG_REPLY,
78 MGMT_OP_USER_PASSKEY_REPLY,
79 MGMT_OP_USER_PASSKEY_NEG_REPLY,
80 MGMT_OP_READ_LOCAL_OOB_DATA,
81 MGMT_OP_ADD_REMOTE_OOB_DATA,
82 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
83 MGMT_OP_START_DISCOVERY,
84 MGMT_OP_STOP_DISCOVERY,
87 MGMT_OP_UNBLOCK_DEVICE,
88 MGMT_OP_SET_DEVICE_ID,
89 MGMT_OP_SET_ADVERTISING,
91 MGMT_OP_SET_STATIC_ADDRESS,
92 MGMT_OP_SET_SCAN_PARAMS,
93 MGMT_OP_SET_SECURE_CONN,
94 MGMT_OP_SET_DEBUG_KEYS,
97 MGMT_OP_GET_CONN_INFO,
98 MGMT_OP_GET_CLOCK_INFO,
100 MGMT_OP_REMOVE_DEVICE,
101 MGMT_OP_LOAD_CONN_PARAM,
102 MGMT_OP_READ_UNCONF_INDEX_LIST,
103 MGMT_OP_READ_CONFIG_INFO,
104 MGMT_OP_SET_EXTERNAL_CONFIG,
105 MGMT_OP_SET_PUBLIC_ADDRESS,
106 MGMT_OP_START_SERVICE_DISCOVERY,
107 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
108 MGMT_OP_READ_EXT_INDEX_LIST,
109 MGMT_OP_READ_ADV_FEATURES,
110 MGMT_OP_ADD_ADVERTISING,
111 MGMT_OP_REMOVE_ADVERTISING,
112 MGMT_OP_GET_ADV_SIZE_INFO,
113 MGMT_OP_START_LIMITED_DISCOVERY,
114 MGMT_OP_READ_EXT_INFO,
115 MGMT_OP_SET_APPEARANCE,
116 MGMT_OP_GET_PHY_CONFIGURATION,
117 MGMT_OP_SET_PHY_CONFIGURATION,
118 MGMT_OP_SET_BLOCKED_KEYS,
119 MGMT_OP_SET_WIDEBAND_SPEECH,
120 MGMT_OP_READ_CONTROLLER_CAP,
121 MGMT_OP_READ_EXP_FEATURES_INFO,
122 MGMT_OP_SET_EXP_FEATURE,
123 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
124 MGMT_OP_SET_DEF_SYSTEM_CONFIG,
125 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
126 MGMT_OP_SET_DEF_RUNTIME_CONFIG,
127 MGMT_OP_GET_DEVICE_FLAGS,
128 MGMT_OP_SET_DEVICE_FLAGS,
129 MGMT_OP_READ_ADV_MONITOR_FEATURES,
130 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
131 MGMT_OP_REMOVE_ADV_MONITOR,
132 MGMT_OP_ADD_EXT_ADV_PARAMS,
133 MGMT_OP_ADD_EXT_ADV_DATA,
134 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI,
135 MGMT_OP_SET_MESH_RECEIVER,
136 MGMT_OP_MESH_READ_FEATURES,
138 MGMT_OP_MESH_SEND_CANCEL,
141 static const u16 mgmt_events[] = {
142 MGMT_EV_CONTROLLER_ERROR,
144 MGMT_EV_INDEX_REMOVED,
145 MGMT_EV_NEW_SETTINGS,
146 MGMT_EV_CLASS_OF_DEV_CHANGED,
147 MGMT_EV_LOCAL_NAME_CHANGED,
148 MGMT_EV_NEW_LINK_KEY,
149 MGMT_EV_NEW_LONG_TERM_KEY,
150 MGMT_EV_DEVICE_CONNECTED,
151 MGMT_EV_DEVICE_DISCONNECTED,
152 MGMT_EV_CONNECT_FAILED,
153 MGMT_EV_PIN_CODE_REQUEST,
154 MGMT_EV_USER_CONFIRM_REQUEST,
155 MGMT_EV_USER_PASSKEY_REQUEST,
157 MGMT_EV_DEVICE_FOUND,
159 MGMT_EV_DEVICE_BLOCKED,
160 MGMT_EV_DEVICE_UNBLOCKED,
161 MGMT_EV_DEVICE_UNPAIRED,
162 MGMT_EV_PASSKEY_NOTIFY,
165 MGMT_EV_DEVICE_ADDED,
166 MGMT_EV_DEVICE_REMOVED,
167 MGMT_EV_NEW_CONN_PARAM,
168 MGMT_EV_UNCONF_INDEX_ADDED,
169 MGMT_EV_UNCONF_INDEX_REMOVED,
170 MGMT_EV_NEW_CONFIG_OPTIONS,
171 MGMT_EV_EXT_INDEX_ADDED,
172 MGMT_EV_EXT_INDEX_REMOVED,
173 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
174 MGMT_EV_ADVERTISING_ADDED,
175 MGMT_EV_ADVERTISING_REMOVED,
176 MGMT_EV_EXT_INFO_CHANGED,
177 MGMT_EV_PHY_CONFIGURATION_CHANGED,
178 MGMT_EV_EXP_FEATURE_CHANGED,
179 MGMT_EV_DEVICE_FLAGS_CHANGED,
180 MGMT_EV_ADV_MONITOR_ADDED,
181 MGMT_EV_ADV_MONITOR_REMOVED,
182 MGMT_EV_CONTROLLER_SUSPEND,
183 MGMT_EV_CONTROLLER_RESUME,
184 MGMT_EV_ADV_MONITOR_DEVICE_FOUND,
185 MGMT_EV_ADV_MONITOR_DEVICE_LOST,
188 static const u16 mgmt_untrusted_commands[] = {
189 MGMT_OP_READ_INDEX_LIST,
191 MGMT_OP_READ_UNCONF_INDEX_LIST,
192 MGMT_OP_READ_CONFIG_INFO,
193 MGMT_OP_READ_EXT_INDEX_LIST,
194 MGMT_OP_READ_EXT_INFO,
195 MGMT_OP_READ_CONTROLLER_CAP,
196 MGMT_OP_READ_EXP_FEATURES_INFO,
197 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
198 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
201 static const u16 mgmt_untrusted_events[] = {
203 MGMT_EV_INDEX_REMOVED,
204 MGMT_EV_NEW_SETTINGS,
205 MGMT_EV_CLASS_OF_DEV_CHANGED,
206 MGMT_EV_LOCAL_NAME_CHANGED,
207 MGMT_EV_UNCONF_INDEX_ADDED,
208 MGMT_EV_UNCONF_INDEX_REMOVED,
209 MGMT_EV_NEW_CONFIG_OPTIONS,
210 MGMT_EV_EXT_INDEX_ADDED,
211 MGMT_EV_EXT_INDEX_REMOVED,
212 MGMT_EV_EXT_INFO_CHANGED,
213 MGMT_EV_EXP_FEATURE_CHANGED,
216 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
218 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
219 "\x00\x00\x00\x00\x00\x00\x00\x00"
221 /* HCI to MGMT error code conversion table */
222 static const u8 mgmt_status_table[] = {
224 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
225 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
226 MGMT_STATUS_FAILED, /* Hardware Failure */
227 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
228 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
229 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
230 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
231 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
232 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
233 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
234 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
235 MGMT_STATUS_BUSY, /* Command Disallowed */
236 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
237 MGMT_STATUS_REJECTED, /* Rejected Security */
238 MGMT_STATUS_REJECTED, /* Rejected Personal */
239 MGMT_STATUS_TIMEOUT, /* Host Timeout */
240 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
241 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
242 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
243 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
244 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
245 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
246 MGMT_STATUS_BUSY, /* Repeated Attempts */
247 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
248 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
249 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
250 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
251 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
252 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
253 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
254 MGMT_STATUS_FAILED, /* Unspecified Error */
255 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
256 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
257 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
258 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
259 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
260 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
261 MGMT_STATUS_FAILED, /* Unit Link Key Used */
262 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
263 MGMT_STATUS_TIMEOUT, /* Instant Passed */
264 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
265 MGMT_STATUS_FAILED, /* Transaction Collision */
266 MGMT_STATUS_FAILED, /* Reserved for future use */
267 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
268 MGMT_STATUS_REJECTED, /* QoS Rejected */
269 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
270 MGMT_STATUS_REJECTED, /* Insufficient Security */
271 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
272 MGMT_STATUS_FAILED, /* Reserved for future use */
273 MGMT_STATUS_BUSY, /* Role Switch Pending */
274 MGMT_STATUS_FAILED, /* Reserved for future use */
275 MGMT_STATUS_FAILED, /* Slot Violation */
276 MGMT_STATUS_FAILED, /* Role Switch Failed */
277 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
278 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
279 MGMT_STATUS_BUSY, /* Host Busy Pairing */
280 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
281 MGMT_STATUS_BUSY, /* Controller Busy */
282 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
283 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
284 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
285 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
286 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
289 static u8 mgmt_errno_status(int err)
293 return MGMT_STATUS_SUCCESS;
295 return MGMT_STATUS_REJECTED;
297 return MGMT_STATUS_INVALID_PARAMS;
299 return MGMT_STATUS_NOT_SUPPORTED;
301 return MGMT_STATUS_BUSY;
303 return MGMT_STATUS_AUTH_FAILED;
305 return MGMT_STATUS_NO_RESOURCES;
307 return MGMT_STATUS_ALREADY_CONNECTED;
309 return MGMT_STATUS_DISCONNECTED;
312 return MGMT_STATUS_FAILED;
315 static u8 mgmt_status(int err)
318 return mgmt_errno_status(err);
320 if (err < ARRAY_SIZE(mgmt_status_table))
321 return mgmt_status_table[err];
323 return MGMT_STATUS_FAILED;
326 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
329 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
333 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
334 u16 len, int flag, struct sock *skip_sk)
336 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
340 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
341 struct sock *skip_sk)
343 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
344 HCI_SOCK_TRUSTED, skip_sk);
347 static int mgmt_event_skb(struct sk_buff *skb, struct sock *skip_sk)
349 return mgmt_send_event_skb(HCI_CHANNEL_CONTROL, skb, HCI_SOCK_TRUSTED,
353 static u8 le_addr_type(u8 mgmt_addr_type)
355 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
356 return ADDR_LE_DEV_PUBLIC;
358 return ADDR_LE_DEV_RANDOM;
361 void mgmt_fill_version_info(void *ver)
363 struct mgmt_rp_read_version *rp = ver;
365 rp->version = MGMT_VERSION;
366 rp->revision = cpu_to_le16(MGMT_REVISION);
369 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
372 struct mgmt_rp_read_version rp;
374 bt_dev_dbg(hdev, "sock %p", sk);
376 mgmt_fill_version_info(&rp);
378 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
382 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
385 struct mgmt_rp_read_commands *rp;
386 u16 num_commands, num_events;
390 bt_dev_dbg(hdev, "sock %p", sk);
392 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
393 num_commands = ARRAY_SIZE(mgmt_commands);
394 num_events = ARRAY_SIZE(mgmt_events);
396 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
397 num_events = ARRAY_SIZE(mgmt_untrusted_events);
400 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
402 rp = kmalloc(rp_size, GFP_KERNEL);
406 rp->num_commands = cpu_to_le16(num_commands);
407 rp->num_events = cpu_to_le16(num_events);
409 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
410 __le16 *opcode = rp->opcodes;
412 for (i = 0; i < num_commands; i++, opcode++)
413 put_unaligned_le16(mgmt_commands[i], opcode);
415 for (i = 0; i < num_events; i++, opcode++)
416 put_unaligned_le16(mgmt_events[i], opcode);
418 __le16 *opcode = rp->opcodes;
420 for (i = 0; i < num_commands; i++, opcode++)
421 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
423 for (i = 0; i < num_events; i++, opcode++)
424 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
427 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
434 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
437 struct mgmt_rp_read_index_list *rp;
443 bt_dev_dbg(hdev, "sock %p", sk);
445 read_lock(&hci_dev_list_lock);
448 list_for_each_entry(d, &hci_dev_list, list) {
449 if (d->dev_type == HCI_PRIMARY &&
450 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
454 rp_len = sizeof(*rp) + (2 * count);
455 rp = kmalloc(rp_len, GFP_ATOMIC);
457 read_unlock(&hci_dev_list_lock);
462 list_for_each_entry(d, &hci_dev_list, list) {
463 if (hci_dev_test_flag(d, HCI_SETUP) ||
464 hci_dev_test_flag(d, HCI_CONFIG) ||
465 hci_dev_test_flag(d, HCI_USER_CHANNEL))
468 /* Devices marked as raw-only are neither configured
469 * nor unconfigured controllers.
471 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
474 if (d->dev_type == HCI_PRIMARY &&
475 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
476 rp->index[count++] = cpu_to_le16(d->id);
477 bt_dev_dbg(hdev, "Added hci%u", d->id);
481 rp->num_controllers = cpu_to_le16(count);
482 rp_len = sizeof(*rp) + (2 * count);
484 read_unlock(&hci_dev_list_lock);
486 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
494 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
495 void *data, u16 data_len)
497 struct mgmt_rp_read_unconf_index_list *rp;
503 bt_dev_dbg(hdev, "sock %p", sk);
505 read_lock(&hci_dev_list_lock);
508 list_for_each_entry(d, &hci_dev_list, list) {
509 if (d->dev_type == HCI_PRIMARY &&
510 hci_dev_test_flag(d, HCI_UNCONFIGURED))
514 rp_len = sizeof(*rp) + (2 * count);
515 rp = kmalloc(rp_len, GFP_ATOMIC);
517 read_unlock(&hci_dev_list_lock);
522 list_for_each_entry(d, &hci_dev_list, list) {
523 if (hci_dev_test_flag(d, HCI_SETUP) ||
524 hci_dev_test_flag(d, HCI_CONFIG) ||
525 hci_dev_test_flag(d, HCI_USER_CHANNEL))
528 /* Devices marked as raw-only are neither configured
529 * nor unconfigured controllers.
531 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
534 if (d->dev_type == HCI_PRIMARY &&
535 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
536 rp->index[count++] = cpu_to_le16(d->id);
537 bt_dev_dbg(hdev, "Added hci%u", d->id);
541 rp->num_controllers = cpu_to_le16(count);
542 rp_len = sizeof(*rp) + (2 * count);
544 read_unlock(&hci_dev_list_lock);
546 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
547 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
554 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
555 void *data, u16 data_len)
557 struct mgmt_rp_read_ext_index_list *rp;
562 bt_dev_dbg(hdev, "sock %p", sk);
564 read_lock(&hci_dev_list_lock);
567 list_for_each_entry(d, &hci_dev_list, list) {
568 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
572 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
574 read_unlock(&hci_dev_list_lock);
579 list_for_each_entry(d, &hci_dev_list, list) {
580 if (hci_dev_test_flag(d, HCI_SETUP) ||
581 hci_dev_test_flag(d, HCI_CONFIG) ||
582 hci_dev_test_flag(d, HCI_USER_CHANNEL))
585 /* Devices marked as raw-only are neither configured
586 * nor unconfigured controllers.
588 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
591 if (d->dev_type == HCI_PRIMARY) {
592 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
593 rp->entry[count].type = 0x01;
595 rp->entry[count].type = 0x00;
596 } else if (d->dev_type == HCI_AMP) {
597 rp->entry[count].type = 0x02;
602 rp->entry[count].bus = d->bus;
603 rp->entry[count++].index = cpu_to_le16(d->id);
604 bt_dev_dbg(hdev, "Added hci%u", d->id);
607 rp->num_controllers = cpu_to_le16(count);
609 read_unlock(&hci_dev_list_lock);
611 /* If this command is called at least once, then all the
612 * default index and unconfigured index events are disabled
613 * and from now on only extended index events are used.
615 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
616 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
617 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
619 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
620 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
621 struct_size(rp, entry, count));
628 static bool is_configured(struct hci_dev *hdev)
630 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
631 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
634 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
635 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
636 !bacmp(&hdev->public_addr, BDADDR_ANY))
642 static __le32 get_missing_options(struct hci_dev *hdev)
646 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
647 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
648 options |= MGMT_OPTION_EXTERNAL_CONFIG;
650 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
651 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
652 !bacmp(&hdev->public_addr, BDADDR_ANY))
653 options |= MGMT_OPTION_PUBLIC_ADDRESS;
655 return cpu_to_le32(options);
658 static int new_options(struct hci_dev *hdev, struct sock *skip)
660 __le32 options = get_missing_options(hdev);
662 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
663 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
666 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
668 __le32 options = get_missing_options(hdev);
670 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
674 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
675 void *data, u16 data_len)
677 struct mgmt_rp_read_config_info rp;
680 bt_dev_dbg(hdev, "sock %p", sk);
684 memset(&rp, 0, sizeof(rp));
685 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
687 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
688 options |= MGMT_OPTION_EXTERNAL_CONFIG;
690 if (hdev->set_bdaddr)
691 options |= MGMT_OPTION_PUBLIC_ADDRESS;
693 rp.supported_options = cpu_to_le32(options);
694 rp.missing_options = get_missing_options(hdev);
696 hci_dev_unlock(hdev);
698 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
702 static u32 get_supported_phys(struct hci_dev *hdev)
704 u32 supported_phys = 0;
706 if (lmp_bredr_capable(hdev)) {
707 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
709 if (hdev->features[0][0] & LMP_3SLOT)
710 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
712 if (hdev->features[0][0] & LMP_5SLOT)
713 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
715 if (lmp_edr_2m_capable(hdev)) {
716 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
718 if (lmp_edr_3slot_capable(hdev))
719 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
721 if (lmp_edr_5slot_capable(hdev))
722 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
724 if (lmp_edr_3m_capable(hdev)) {
725 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
727 if (lmp_edr_3slot_capable(hdev))
728 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
730 if (lmp_edr_5slot_capable(hdev))
731 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
736 if (lmp_le_capable(hdev)) {
737 supported_phys |= MGMT_PHY_LE_1M_TX;
738 supported_phys |= MGMT_PHY_LE_1M_RX;
740 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
741 supported_phys |= MGMT_PHY_LE_2M_TX;
742 supported_phys |= MGMT_PHY_LE_2M_RX;
745 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
746 supported_phys |= MGMT_PHY_LE_CODED_TX;
747 supported_phys |= MGMT_PHY_LE_CODED_RX;
751 return supported_phys;
754 static u32 get_selected_phys(struct hci_dev *hdev)
756 u32 selected_phys = 0;
758 if (lmp_bredr_capable(hdev)) {
759 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
761 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
762 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
764 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
765 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
767 if (lmp_edr_2m_capable(hdev)) {
768 if (!(hdev->pkt_type & HCI_2DH1))
769 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
771 if (lmp_edr_3slot_capable(hdev) &&
772 !(hdev->pkt_type & HCI_2DH3))
773 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
775 if (lmp_edr_5slot_capable(hdev) &&
776 !(hdev->pkt_type & HCI_2DH5))
777 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
779 if (lmp_edr_3m_capable(hdev)) {
780 if (!(hdev->pkt_type & HCI_3DH1))
781 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
783 if (lmp_edr_3slot_capable(hdev) &&
784 !(hdev->pkt_type & HCI_3DH3))
785 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
787 if (lmp_edr_5slot_capable(hdev) &&
788 !(hdev->pkt_type & HCI_3DH5))
789 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
794 if (lmp_le_capable(hdev)) {
795 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
796 selected_phys |= MGMT_PHY_LE_1M_TX;
798 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
799 selected_phys |= MGMT_PHY_LE_1M_RX;
801 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
802 selected_phys |= MGMT_PHY_LE_2M_TX;
804 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
805 selected_phys |= MGMT_PHY_LE_2M_RX;
807 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
808 selected_phys |= MGMT_PHY_LE_CODED_TX;
810 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
811 selected_phys |= MGMT_PHY_LE_CODED_RX;
814 return selected_phys;
817 static u32 get_configurable_phys(struct hci_dev *hdev)
819 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
820 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
823 static u32 get_supported_settings(struct hci_dev *hdev)
827 settings |= MGMT_SETTING_POWERED;
828 settings |= MGMT_SETTING_BONDABLE;
829 settings |= MGMT_SETTING_DEBUG_KEYS;
830 settings |= MGMT_SETTING_CONNECTABLE;
831 settings |= MGMT_SETTING_DISCOVERABLE;
833 if (lmp_bredr_capable(hdev)) {
834 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
835 settings |= MGMT_SETTING_FAST_CONNECTABLE;
836 settings |= MGMT_SETTING_BREDR;
837 settings |= MGMT_SETTING_LINK_SECURITY;
839 if (lmp_ssp_capable(hdev)) {
840 settings |= MGMT_SETTING_SSP;
841 if (IS_ENABLED(CONFIG_BT_HS))
842 settings |= MGMT_SETTING_HS;
845 if (lmp_sc_capable(hdev))
846 settings |= MGMT_SETTING_SECURE_CONN;
848 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
850 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
853 if (lmp_le_capable(hdev)) {
854 settings |= MGMT_SETTING_LE;
855 settings |= MGMT_SETTING_SECURE_CONN;
856 settings |= MGMT_SETTING_PRIVACY;
857 settings |= MGMT_SETTING_STATIC_ADDRESS;
858 settings |= MGMT_SETTING_ADVERTISING;
861 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
863 settings |= MGMT_SETTING_CONFIGURATION;
865 if (cis_central_capable(hdev))
866 settings |= MGMT_SETTING_CIS_CENTRAL;
868 if (cis_peripheral_capable(hdev))
869 settings |= MGMT_SETTING_CIS_PERIPHERAL;
871 settings |= MGMT_SETTING_PHY_CONFIGURATION;
876 static u32 get_current_settings(struct hci_dev *hdev)
880 if (hdev_is_powered(hdev))
881 settings |= MGMT_SETTING_POWERED;
883 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
884 settings |= MGMT_SETTING_CONNECTABLE;
886 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
887 settings |= MGMT_SETTING_FAST_CONNECTABLE;
889 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
890 settings |= MGMT_SETTING_DISCOVERABLE;
892 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
893 settings |= MGMT_SETTING_BONDABLE;
895 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
896 settings |= MGMT_SETTING_BREDR;
898 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
899 settings |= MGMT_SETTING_LE;
901 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
902 settings |= MGMT_SETTING_LINK_SECURITY;
904 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
905 settings |= MGMT_SETTING_SSP;
907 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
908 settings |= MGMT_SETTING_HS;
910 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
911 settings |= MGMT_SETTING_ADVERTISING;
913 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
914 settings |= MGMT_SETTING_SECURE_CONN;
916 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
917 settings |= MGMT_SETTING_DEBUG_KEYS;
919 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
920 settings |= MGMT_SETTING_PRIVACY;
922 /* The current setting for static address has two purposes. The
923 * first is to indicate if the static address will be used and
924 * the second is to indicate if it is actually set.
926 * This means if the static address is not configured, this flag
927 * will never be set. If the address is configured, then if the
928 * address is actually used decides if the flag is set or not.
930 * For single mode LE only controllers and dual-mode controllers
931 * with BR/EDR disabled, the existence of the static address will
934 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
935 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
936 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
937 if (bacmp(&hdev->static_addr, BDADDR_ANY))
938 settings |= MGMT_SETTING_STATIC_ADDRESS;
941 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
942 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
944 if (cis_central_capable(hdev))
945 settings |= MGMT_SETTING_CIS_CENTRAL;
947 if (cis_peripheral_capable(hdev))
948 settings |= MGMT_SETTING_CIS_PERIPHERAL;
950 if (bis_capable(hdev))
951 settings |= MGMT_SETTING_ISO_BROADCASTER;
953 if (sync_recv_capable(hdev))
954 settings |= MGMT_SETTING_ISO_SYNC_RECEIVER;
959 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
961 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
964 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
966 struct mgmt_pending_cmd *cmd;
968 /* If there's a pending mgmt command the flags will not yet have
969 * their final values, so check for this first.
971 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
973 struct mgmt_mode *cp = cmd->param;
975 return LE_AD_GENERAL;
976 else if (cp->val == 0x02)
977 return LE_AD_LIMITED;
979 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
980 return LE_AD_LIMITED;
981 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
982 return LE_AD_GENERAL;
988 bool mgmt_get_connectable(struct hci_dev *hdev)
990 struct mgmt_pending_cmd *cmd;
992 /* If there's a pending mgmt command the flag will not yet have
993 * it's final value, so check for this first.
995 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
997 struct mgmt_mode *cp = cmd->param;
1002 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
1005 static int service_cache_sync(struct hci_dev *hdev, void *data)
1007 hci_update_eir_sync(hdev);
1008 hci_update_class_sync(hdev);
1013 static void service_cache_off(struct work_struct *work)
1015 struct hci_dev *hdev = container_of(work, struct hci_dev,
1016 service_cache.work);
1018 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1021 hci_cmd_sync_queue(hdev, service_cache_sync, NULL, NULL);
1024 static int rpa_expired_sync(struct hci_dev *hdev, void *data)
1026 /* The generation of a new RPA and programming it into the
1027 * controller happens in the hci_req_enable_advertising()
1030 if (ext_adv_capable(hdev))
1031 return hci_start_ext_adv_sync(hdev, hdev->cur_adv_instance);
1033 return hci_enable_advertising_sync(hdev);
1036 static void rpa_expired(struct work_struct *work)
1038 struct hci_dev *hdev = container_of(work, struct hci_dev,
1041 bt_dev_dbg(hdev, "");
1043 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1045 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1048 hci_cmd_sync_queue(hdev, rpa_expired_sync, NULL, NULL);
1051 static void discov_off(struct work_struct *work)
1053 struct hci_dev *hdev = container_of(work, struct hci_dev,
1056 bt_dev_dbg(hdev, "");
1060 /* When discoverable timeout triggers, then just make sure
1061 * the limited discoverable flag is cleared. Even in the case
1062 * of a timeout triggered from general discoverable, it is
1063 * safe to unconditionally clear the flag.
1065 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1066 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1067 hdev->discov_timeout = 0;
1069 hci_update_discoverable(hdev);
1071 mgmt_new_settings(hdev);
1073 hci_dev_unlock(hdev);
1076 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev);
1078 static void mesh_send_complete(struct hci_dev *hdev,
1079 struct mgmt_mesh_tx *mesh_tx, bool silent)
1081 u8 handle = mesh_tx->handle;
1084 mgmt_event(MGMT_EV_MESH_PACKET_CMPLT, hdev, &handle,
1085 sizeof(handle), NULL);
1087 mgmt_mesh_remove(mesh_tx);
1090 static int mesh_send_done_sync(struct hci_dev *hdev, void *data)
1092 struct mgmt_mesh_tx *mesh_tx;
1094 hci_dev_clear_flag(hdev, HCI_MESH_SENDING);
1095 hci_disable_advertising_sync(hdev);
1096 mesh_tx = mgmt_mesh_next(hdev, NULL);
1099 mesh_send_complete(hdev, mesh_tx, false);
1104 static int mesh_send_sync(struct hci_dev *hdev, void *data);
1105 static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err);
1106 static void mesh_next(struct hci_dev *hdev, void *data, int err)
1108 struct mgmt_mesh_tx *mesh_tx = mgmt_mesh_next(hdev, NULL);
1113 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx,
1114 mesh_send_start_complete);
1117 mesh_send_complete(hdev, mesh_tx, false);
1119 hci_dev_set_flag(hdev, HCI_MESH_SENDING);
1122 static void mesh_send_done(struct work_struct *work)
1124 struct hci_dev *hdev = container_of(work, struct hci_dev,
1125 mesh_send_done.work);
1127 if (!hci_dev_test_flag(hdev, HCI_MESH_SENDING))
1130 hci_cmd_sync_queue(hdev, mesh_send_done_sync, NULL, mesh_next);
1133 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1135 if (hci_dev_test_flag(hdev, HCI_MGMT))
1138 BT_INFO("MGMT ver %d.%d", MGMT_VERSION, MGMT_REVISION);
1140 INIT_DELAYED_WORK(&hdev->discov_off, discov_off);
1141 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1142 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1143 INIT_DELAYED_WORK(&hdev->mesh_send_done, mesh_send_done);
1145 /* Non-mgmt controlled devices get this bit set
1146 * implicitly so that pairing works for them, however
1147 * for mgmt we require user-space to explicitly enable
1150 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1152 hci_dev_set_flag(hdev, HCI_MGMT);
1155 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1156 void *data, u16 data_len)
1158 struct mgmt_rp_read_info rp;
1160 bt_dev_dbg(hdev, "sock %p", sk);
1164 memset(&rp, 0, sizeof(rp));
1166 bacpy(&rp.bdaddr, &hdev->bdaddr);
1168 rp.version = hdev->hci_ver;
1169 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1171 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1172 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1174 memcpy(rp.dev_class, hdev->dev_class, 3);
1176 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1177 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1179 hci_dev_unlock(hdev);
1181 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1185 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1190 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1191 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1192 hdev->dev_class, 3);
1194 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1195 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1198 name_len = strnlen(hdev->dev_name, sizeof(hdev->dev_name));
1199 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1200 hdev->dev_name, name_len);
1202 name_len = strnlen(hdev->short_name, sizeof(hdev->short_name));
1203 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1204 hdev->short_name, name_len);
1209 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1210 void *data, u16 data_len)
1213 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1216 bt_dev_dbg(hdev, "sock %p", sk);
1218 memset(&buf, 0, sizeof(buf));
1222 bacpy(&rp->bdaddr, &hdev->bdaddr);
1224 rp->version = hdev->hci_ver;
1225 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1227 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1228 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1231 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1232 rp->eir_len = cpu_to_le16(eir_len);
1234 hci_dev_unlock(hdev);
1236 /* If this command is called at least once, then the events
1237 * for class of device and local name changes are disabled
1238 * and only the new extended controller information event
1241 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1242 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1243 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1245 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1246 sizeof(*rp) + eir_len);
1249 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1252 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1255 memset(buf, 0, sizeof(buf));
1257 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1258 ev->eir_len = cpu_to_le16(eir_len);
1260 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1261 sizeof(*ev) + eir_len,
1262 HCI_MGMT_EXT_INFO_EVENTS, skip);
1265 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1267 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1269 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1273 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1275 struct mgmt_ev_advertising_added ev;
1277 ev.instance = instance;
1279 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1282 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1285 struct mgmt_ev_advertising_removed ev;
1287 ev.instance = instance;
1289 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1292 static void cancel_adv_timeout(struct hci_dev *hdev)
1294 if (hdev->adv_instance_timeout) {
1295 hdev->adv_instance_timeout = 0;
1296 cancel_delayed_work(&hdev->adv_instance_expire);
1300 /* This function requires the caller holds hdev->lock */
1301 static void restart_le_actions(struct hci_dev *hdev)
1303 struct hci_conn_params *p;
1305 list_for_each_entry(p, &hdev->le_conn_params, list) {
1306 /* Needed for AUTO_OFF case where might not "really"
1307 * have been powered off.
1309 hci_pend_le_list_del_init(p);
1311 switch (p->auto_connect) {
1312 case HCI_AUTO_CONN_DIRECT:
1313 case HCI_AUTO_CONN_ALWAYS:
1314 hci_pend_le_list_add(p, &hdev->pend_le_conns);
1316 case HCI_AUTO_CONN_REPORT:
1317 hci_pend_le_list_add(p, &hdev->pend_le_reports);
1325 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1327 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1329 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1330 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1333 static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err)
1335 struct mgmt_pending_cmd *cmd = data;
1336 struct mgmt_mode *cp;
1338 /* Make sure cmd still outstanding. */
1339 if (cmd != pending_find(MGMT_OP_SET_POWERED, hdev))
1344 bt_dev_dbg(hdev, "err %d", err);
1349 restart_le_actions(hdev);
1350 hci_update_passive_scan(hdev);
1351 hci_dev_unlock(hdev);
1354 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
1356 /* Only call new_setting for power on as power off is deferred
1357 * to hdev->power_off work which does call hci_dev_do_close.
1360 new_settings(hdev, cmd->sk);
1362 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED,
1366 mgmt_pending_remove(cmd);
1369 static int set_powered_sync(struct hci_dev *hdev, void *data)
1371 struct mgmt_pending_cmd *cmd = data;
1372 struct mgmt_mode *cp = cmd->param;
1374 BT_DBG("%s", hdev->name);
1376 return hci_set_powered_sync(hdev, cp->val);
1379 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1382 struct mgmt_mode *cp = data;
1383 struct mgmt_pending_cmd *cmd;
1386 bt_dev_dbg(hdev, "sock %p", sk);
1388 if (cp->val != 0x00 && cp->val != 0x01)
1389 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1390 MGMT_STATUS_INVALID_PARAMS);
1394 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1395 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1400 if (!!cp->val == hdev_is_powered(hdev)) {
1401 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1405 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1411 /* Cancel potentially blocking sync operation before power off */
1412 if (cp->val == 0x00) {
1413 __hci_cmd_sync_cancel(hdev, -EHOSTDOWN);
1414 err = hci_cmd_sync_queue(hdev, set_powered_sync, cmd,
1415 mgmt_set_powered_complete);
1417 /* Use hci_cmd_sync_submit since hdev might not be running */
1418 err = hci_cmd_sync_submit(hdev, set_powered_sync, cmd,
1419 mgmt_set_powered_complete);
1423 mgmt_pending_remove(cmd);
1426 hci_dev_unlock(hdev);
1430 int mgmt_new_settings(struct hci_dev *hdev)
1432 return new_settings(hdev, NULL);
1437 struct hci_dev *hdev;
1441 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1443 struct cmd_lookup *match = data;
1445 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1447 list_del(&cmd->list);
1449 if (match->sk == NULL) {
1450 match->sk = cmd->sk;
1451 sock_hold(match->sk);
1454 mgmt_pending_free(cmd);
1457 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1461 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1462 mgmt_pending_remove(cmd);
1465 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1467 if (cmd->cmd_complete) {
1470 cmd->cmd_complete(cmd, *status);
1471 mgmt_pending_remove(cmd);
1476 cmd_status_rsp(cmd, data);
1479 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1481 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1482 cmd->param, cmd->param_len);
1485 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1487 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1488 cmd->param, sizeof(struct mgmt_addr_info));
1491 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1493 if (!lmp_bredr_capable(hdev))
1494 return MGMT_STATUS_NOT_SUPPORTED;
1495 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1496 return MGMT_STATUS_REJECTED;
1498 return MGMT_STATUS_SUCCESS;
1501 static u8 mgmt_le_support(struct hci_dev *hdev)
1503 if (!lmp_le_capable(hdev))
1504 return MGMT_STATUS_NOT_SUPPORTED;
1505 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1506 return MGMT_STATUS_REJECTED;
1508 return MGMT_STATUS_SUCCESS;
1511 static void mgmt_set_discoverable_complete(struct hci_dev *hdev, void *data,
1514 struct mgmt_pending_cmd *cmd = data;
1516 bt_dev_dbg(hdev, "err %d", err);
1518 /* Make sure cmd still outstanding. */
1519 if (cmd != pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
1525 u8 mgmt_err = mgmt_status(err);
1526 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1527 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1531 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1532 hdev->discov_timeout > 0) {
1533 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1534 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1537 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1538 new_settings(hdev, cmd->sk);
1541 mgmt_pending_remove(cmd);
1542 hci_dev_unlock(hdev);
1545 static int set_discoverable_sync(struct hci_dev *hdev, void *data)
1547 BT_DBG("%s", hdev->name);
1549 return hci_update_discoverable_sync(hdev);
1552 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1555 struct mgmt_cp_set_discoverable *cp = data;
1556 struct mgmt_pending_cmd *cmd;
1560 bt_dev_dbg(hdev, "sock %p", sk);
1562 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1563 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1565 MGMT_STATUS_REJECTED);
1567 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1568 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1569 MGMT_STATUS_INVALID_PARAMS);
1571 timeout = __le16_to_cpu(cp->timeout);
1573 /* Disabling discoverable requires that no timeout is set,
1574 * and enabling limited discoverable requires a timeout.
1576 if ((cp->val == 0x00 && timeout > 0) ||
1577 (cp->val == 0x02 && timeout == 0))
1578 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1579 MGMT_STATUS_INVALID_PARAMS);
1583 if (!hdev_is_powered(hdev) && timeout > 0) {
1584 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1585 MGMT_STATUS_NOT_POWERED);
1589 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1590 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1591 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1596 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1597 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1598 MGMT_STATUS_REJECTED);
1602 if (hdev->advertising_paused) {
1603 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1608 if (!hdev_is_powered(hdev)) {
1609 bool changed = false;
1611 /* Setting limited discoverable when powered off is
1612 * not a valid operation since it requires a timeout
1613 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1615 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1616 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1620 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1625 err = new_settings(hdev, sk);
1630 /* If the current mode is the same, then just update the timeout
1631 * value with the new value. And if only the timeout gets updated,
1632 * then no need for any HCI transactions.
1634 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1635 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1636 HCI_LIMITED_DISCOVERABLE)) {
1637 cancel_delayed_work(&hdev->discov_off);
1638 hdev->discov_timeout = timeout;
1640 if (cp->val && hdev->discov_timeout > 0) {
1641 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1642 queue_delayed_work(hdev->req_workqueue,
1643 &hdev->discov_off, to);
1646 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1650 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1656 /* Cancel any potential discoverable timeout that might be
1657 * still active and store new timeout value. The arming of
1658 * the timeout happens in the complete handler.
1660 cancel_delayed_work(&hdev->discov_off);
1661 hdev->discov_timeout = timeout;
1664 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1666 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1668 /* Limited discoverable mode */
1669 if (cp->val == 0x02)
1670 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1672 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1674 err = hci_cmd_sync_queue(hdev, set_discoverable_sync, cmd,
1675 mgmt_set_discoverable_complete);
1678 mgmt_pending_remove(cmd);
1681 hci_dev_unlock(hdev);
1685 static void mgmt_set_connectable_complete(struct hci_dev *hdev, void *data,
1688 struct mgmt_pending_cmd *cmd = data;
1690 bt_dev_dbg(hdev, "err %d", err);
1692 /* Make sure cmd still outstanding. */
1693 if (cmd != pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
1699 u8 mgmt_err = mgmt_status(err);
1700 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1704 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1705 new_settings(hdev, cmd->sk);
1709 mgmt_pending_remove(cmd);
1711 hci_dev_unlock(hdev);
1714 static int set_connectable_update_settings(struct hci_dev *hdev,
1715 struct sock *sk, u8 val)
1717 bool changed = false;
1720 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1724 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1726 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1727 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1730 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1735 hci_update_scan(hdev);
1736 hci_update_passive_scan(hdev);
1737 return new_settings(hdev, sk);
1743 static int set_connectable_sync(struct hci_dev *hdev, void *data)
1745 BT_DBG("%s", hdev->name);
1747 return hci_update_connectable_sync(hdev);
1750 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1753 struct mgmt_mode *cp = data;
1754 struct mgmt_pending_cmd *cmd;
1757 bt_dev_dbg(hdev, "sock %p", sk);
1759 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1760 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1761 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1762 MGMT_STATUS_REJECTED);
1764 if (cp->val != 0x00 && cp->val != 0x01)
1765 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1766 MGMT_STATUS_INVALID_PARAMS);
1770 if (!hdev_is_powered(hdev)) {
1771 err = set_connectable_update_settings(hdev, sk, cp->val);
1775 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1776 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1777 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1782 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1789 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1791 if (hdev->discov_timeout > 0)
1792 cancel_delayed_work(&hdev->discov_off);
1794 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1795 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1796 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1799 err = hci_cmd_sync_queue(hdev, set_connectable_sync, cmd,
1800 mgmt_set_connectable_complete);
1803 mgmt_pending_remove(cmd);
1806 hci_dev_unlock(hdev);
1810 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1813 struct mgmt_mode *cp = data;
1817 bt_dev_dbg(hdev, "sock %p", sk);
1819 if (cp->val != 0x00 && cp->val != 0x01)
1820 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1821 MGMT_STATUS_INVALID_PARAMS);
1826 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1828 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1830 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1835 /* In limited privacy mode the change of bondable mode
1836 * may affect the local advertising address.
1838 hci_update_discoverable(hdev);
1840 err = new_settings(hdev, sk);
1844 hci_dev_unlock(hdev);
1848 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1851 struct mgmt_mode *cp = data;
1852 struct mgmt_pending_cmd *cmd;
1856 bt_dev_dbg(hdev, "sock %p", sk);
1858 status = mgmt_bredr_support(hdev);
1860 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1863 if (cp->val != 0x00 && cp->val != 0x01)
1864 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1865 MGMT_STATUS_INVALID_PARAMS);
1869 if (!hdev_is_powered(hdev)) {
1870 bool changed = false;
1872 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1873 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1877 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1882 err = new_settings(hdev, sk);
1887 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1888 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1895 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1896 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1900 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1906 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1908 mgmt_pending_remove(cmd);
1913 hci_dev_unlock(hdev);
1917 static void set_ssp_complete(struct hci_dev *hdev, void *data, int err)
1919 struct cmd_lookup match = { NULL, hdev };
1920 struct mgmt_pending_cmd *cmd = data;
1921 struct mgmt_mode *cp = cmd->param;
1922 u8 enable = cp->val;
1925 /* Make sure cmd still outstanding. */
1926 if (cmd != pending_find(MGMT_OP_SET_SSP, hdev))
1930 u8 mgmt_err = mgmt_status(err);
1932 if (enable && hci_dev_test_and_clear_flag(hdev,
1934 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1935 new_settings(hdev, NULL);
1938 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
1944 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1946 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
1949 changed = hci_dev_test_and_clear_flag(hdev,
1952 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1955 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
1958 new_settings(hdev, match.sk);
1963 hci_update_eir_sync(hdev);
1966 static int set_ssp_sync(struct hci_dev *hdev, void *data)
1968 struct mgmt_pending_cmd *cmd = data;
1969 struct mgmt_mode *cp = cmd->param;
1970 bool changed = false;
1974 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1976 err = hci_write_ssp_mode_sync(hdev, cp->val);
1978 if (!err && changed)
1979 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
1984 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1986 struct mgmt_mode *cp = data;
1987 struct mgmt_pending_cmd *cmd;
1991 bt_dev_dbg(hdev, "sock %p", sk);
1993 status = mgmt_bredr_support(hdev);
1995 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1997 if (!lmp_ssp_capable(hdev))
1998 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1999 MGMT_STATUS_NOT_SUPPORTED);
2001 if (cp->val != 0x00 && cp->val != 0x01)
2002 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2003 MGMT_STATUS_INVALID_PARAMS);
2007 if (!hdev_is_powered(hdev)) {
2011 changed = !hci_dev_test_and_set_flag(hdev,
2014 changed = hci_dev_test_and_clear_flag(hdev,
2017 changed = hci_dev_test_and_clear_flag(hdev,
2020 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
2023 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2028 err = new_settings(hdev, sk);
2033 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2034 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2039 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2040 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2044 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2048 err = hci_cmd_sync_queue(hdev, set_ssp_sync, cmd,
2052 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2053 MGMT_STATUS_FAILED);
2056 mgmt_pending_remove(cmd);
2060 hci_dev_unlock(hdev);
2064 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2066 struct mgmt_mode *cp = data;
2071 bt_dev_dbg(hdev, "sock %p", sk);
2073 if (!IS_ENABLED(CONFIG_BT_HS))
2074 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2075 MGMT_STATUS_NOT_SUPPORTED);
2077 status = mgmt_bredr_support(hdev);
2079 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2081 if (!lmp_ssp_capable(hdev))
2082 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2083 MGMT_STATUS_NOT_SUPPORTED);
2085 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
2086 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2087 MGMT_STATUS_REJECTED);
2089 if (cp->val != 0x00 && cp->val != 0x01)
2090 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2091 MGMT_STATUS_INVALID_PARAMS);
2095 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2096 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2102 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2104 if (hdev_is_powered(hdev)) {
2105 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2106 MGMT_STATUS_REJECTED);
2110 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2113 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2118 err = new_settings(hdev, sk);
2121 hci_dev_unlock(hdev);
2125 static void set_le_complete(struct hci_dev *hdev, void *data, int err)
2127 struct cmd_lookup match = { NULL, hdev };
2128 u8 status = mgmt_status(err);
2130 bt_dev_dbg(hdev, "err %d", err);
2133 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2138 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2140 new_settings(hdev, match.sk);
2146 static int set_le_sync(struct hci_dev *hdev, void *data)
2148 struct mgmt_pending_cmd *cmd = data;
2149 struct mgmt_mode *cp = cmd->param;
2154 hci_clear_adv_instance_sync(hdev, NULL, 0x00, true);
2156 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2157 hci_disable_advertising_sync(hdev);
2159 if (ext_adv_capable(hdev))
2160 hci_remove_ext_adv_instance_sync(hdev, 0, cmd->sk);
2162 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
2165 err = hci_write_le_host_supported_sync(hdev, val, 0);
2167 /* Make sure the controller has a good default for
2168 * advertising data. Restrict the update to when LE
2169 * has actually been enabled. During power on, the
2170 * update in powered_update_hci will take care of it.
2172 if (!err && hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2173 if (ext_adv_capable(hdev)) {
2176 status = hci_setup_ext_adv_instance_sync(hdev, 0x00);
2178 hci_update_scan_rsp_data_sync(hdev, 0x00);
2180 hci_update_adv_data_sync(hdev, 0x00);
2181 hci_update_scan_rsp_data_sync(hdev, 0x00);
2184 hci_update_passive_scan(hdev);
2190 static void set_mesh_complete(struct hci_dev *hdev, void *data, int err)
2192 struct mgmt_pending_cmd *cmd = data;
2193 u8 status = mgmt_status(err);
2194 struct sock *sk = cmd->sk;
2197 mgmt_pending_foreach(MGMT_OP_SET_MESH_RECEIVER, hdev,
2198 cmd_status_rsp, &status);
2202 mgmt_pending_remove(cmd);
2203 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 0, NULL, 0);
2206 static int set_mesh_sync(struct hci_dev *hdev, void *data)
2208 struct mgmt_pending_cmd *cmd = data;
2209 struct mgmt_cp_set_mesh *cp = cmd->param;
2210 size_t len = cmd->param_len;
2212 memset(hdev->mesh_ad_types, 0, sizeof(hdev->mesh_ad_types));
2215 hci_dev_set_flag(hdev, HCI_MESH);
2217 hci_dev_clear_flag(hdev, HCI_MESH);
2221 /* If filters don't fit, forward all adv pkts */
2222 if (len <= sizeof(hdev->mesh_ad_types))
2223 memcpy(hdev->mesh_ad_types, cp->ad_types, len);
2225 hci_update_passive_scan_sync(hdev);
2229 static int set_mesh(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2231 struct mgmt_cp_set_mesh *cp = data;
2232 struct mgmt_pending_cmd *cmd;
2235 bt_dev_dbg(hdev, "sock %p", sk);
2237 if (!lmp_le_capable(hdev) ||
2238 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2239 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2240 MGMT_STATUS_NOT_SUPPORTED);
2242 if (cp->enable != 0x00 && cp->enable != 0x01)
2243 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2244 MGMT_STATUS_INVALID_PARAMS);
2248 cmd = mgmt_pending_add(sk, MGMT_OP_SET_MESH_RECEIVER, hdev, data, len);
2252 err = hci_cmd_sync_queue(hdev, set_mesh_sync, cmd,
2256 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2257 MGMT_STATUS_FAILED);
2260 mgmt_pending_remove(cmd);
2263 hci_dev_unlock(hdev);
2267 static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err)
2269 struct mgmt_mesh_tx *mesh_tx = data;
2270 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param;
2271 unsigned long mesh_send_interval;
2272 u8 mgmt_err = mgmt_status(err);
2274 /* Report any errors here, but don't report completion */
2277 hci_dev_clear_flag(hdev, HCI_MESH_SENDING);
2278 /* Send Complete Error Code for handle */
2279 mesh_send_complete(hdev, mesh_tx, false);
2283 mesh_send_interval = msecs_to_jiffies((send->cnt) * 25);
2284 queue_delayed_work(hdev->req_workqueue, &hdev->mesh_send_done,
2285 mesh_send_interval);
2288 static int mesh_send_sync(struct hci_dev *hdev, void *data)
2290 struct mgmt_mesh_tx *mesh_tx = data;
2291 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param;
2292 struct adv_info *adv, *next_instance;
2293 u8 instance = hdev->le_num_of_adv_sets + 1;
2294 u16 timeout, duration;
2297 if (hdev->le_num_of_adv_sets <= hdev->adv_instance_cnt)
2298 return MGMT_STATUS_BUSY;
2301 duration = send->cnt * INTERVAL_TO_MS(hdev->le_adv_max_interval);
2302 adv = hci_add_adv_instance(hdev, instance, 0,
2303 send->adv_data_len, send->adv_data,
2306 HCI_ADV_TX_POWER_NO_PREFERENCE,
2307 hdev->le_adv_min_interval,
2308 hdev->le_adv_max_interval,
2312 mesh_tx->instance = instance;
2316 if (hdev->cur_adv_instance == instance) {
2317 /* If the currently advertised instance is being changed then
2318 * cancel the current advertising and schedule the next
2319 * instance. If there is only one instance then the overridden
2320 * advertising data will be visible right away.
2322 cancel_adv_timeout(hdev);
2324 next_instance = hci_get_next_instance(hdev, instance);
2326 instance = next_instance->instance;
2329 } else if (hdev->adv_instance_timeout) {
2330 /* Immediately advertise the new instance if no other, or
2331 * let it go naturally from queue if ADV is already happening
2337 return hci_schedule_adv_instance_sync(hdev, instance, true);
2342 static void send_count(struct mgmt_mesh_tx *mesh_tx, void *data)
2344 struct mgmt_rp_mesh_read_features *rp = data;
2346 if (rp->used_handles >= rp->max_handles)
2349 rp->handles[rp->used_handles++] = mesh_tx->handle;
2352 static int mesh_features(struct sock *sk, struct hci_dev *hdev,
2353 void *data, u16 len)
2355 struct mgmt_rp_mesh_read_features rp;
2357 if (!lmp_le_capable(hdev) ||
2358 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2359 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES,
2360 MGMT_STATUS_NOT_SUPPORTED);
2362 memset(&rp, 0, sizeof(rp));
2363 rp.index = cpu_to_le16(hdev->id);
2364 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2365 rp.max_handles = MESH_HANDLES_MAX;
2370 mgmt_mesh_foreach(hdev, send_count, &rp, sk);
2372 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES, 0, &rp,
2373 rp.used_handles + sizeof(rp) - MESH_HANDLES_MAX);
2375 hci_dev_unlock(hdev);
2379 static int send_cancel(struct hci_dev *hdev, void *data)
2381 struct mgmt_pending_cmd *cmd = data;
2382 struct mgmt_cp_mesh_send_cancel *cancel = (void *)cmd->param;
2383 struct mgmt_mesh_tx *mesh_tx;
2385 if (!cancel->handle) {
2387 mesh_tx = mgmt_mesh_next(hdev, cmd->sk);
2390 mesh_send_complete(hdev, mesh_tx, false);
2393 mesh_tx = mgmt_mesh_find(hdev, cancel->handle);
2395 if (mesh_tx && mesh_tx->sk == cmd->sk)
2396 mesh_send_complete(hdev, mesh_tx, false);
2399 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2401 mgmt_pending_free(cmd);
2406 static int mesh_send_cancel(struct sock *sk, struct hci_dev *hdev,
2407 void *data, u16 len)
2409 struct mgmt_pending_cmd *cmd;
2412 if (!lmp_le_capable(hdev) ||
2413 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2414 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2415 MGMT_STATUS_NOT_SUPPORTED);
2417 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2418 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2419 MGMT_STATUS_REJECTED);
2422 cmd = mgmt_pending_new(sk, MGMT_OP_MESH_SEND_CANCEL, hdev, data, len);
2426 err = hci_cmd_sync_queue(hdev, send_cancel, cmd, NULL);
2429 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2430 MGMT_STATUS_FAILED);
2433 mgmt_pending_free(cmd);
2436 hci_dev_unlock(hdev);
2440 static int mesh_send(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2442 struct mgmt_mesh_tx *mesh_tx;
2443 struct mgmt_cp_mesh_send *send = data;
2444 struct mgmt_rp_mesh_read_features rp;
2448 if (!lmp_le_capable(hdev) ||
2449 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2450 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2451 MGMT_STATUS_NOT_SUPPORTED);
2452 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) ||
2453 len <= MGMT_MESH_SEND_SIZE ||
2454 len > (MGMT_MESH_SEND_SIZE + 31))
2455 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2456 MGMT_STATUS_REJECTED);
2460 memset(&rp, 0, sizeof(rp));
2461 rp.max_handles = MESH_HANDLES_MAX;
2463 mgmt_mesh_foreach(hdev, send_count, &rp, sk);
2465 if (rp.max_handles <= rp.used_handles) {
2466 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2471 sending = hci_dev_test_flag(hdev, HCI_MESH_SENDING);
2472 mesh_tx = mgmt_mesh_add(sk, hdev, send, len);
2477 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx,
2478 mesh_send_start_complete);
2481 bt_dev_err(hdev, "Send Mesh Failed %d", err);
2482 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2483 MGMT_STATUS_FAILED);
2487 mgmt_mesh_remove(mesh_tx);
2490 hci_dev_set_flag(hdev, HCI_MESH_SENDING);
2492 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_SEND, 0,
2493 &mesh_tx->handle, 1);
2497 hci_dev_unlock(hdev);
2501 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2503 struct mgmt_mode *cp = data;
2504 struct mgmt_pending_cmd *cmd;
2508 bt_dev_dbg(hdev, "sock %p", sk);
2510 if (!lmp_le_capable(hdev))
2511 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2512 MGMT_STATUS_NOT_SUPPORTED);
2514 if (cp->val != 0x00 && cp->val != 0x01)
2515 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2516 MGMT_STATUS_INVALID_PARAMS);
2518 /* Bluetooth single mode LE only controllers or dual-mode
2519 * controllers configured as LE only devices, do not allow
2520 * switching LE off. These have either LE enabled explicitly
2521 * or BR/EDR has been previously switched off.
2523 * When trying to enable an already enabled LE, then gracefully
2524 * send a positive response. Trying to disable it however will
2525 * result into rejection.
2527 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2528 if (cp->val == 0x01)
2529 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2531 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2532 MGMT_STATUS_REJECTED);
2538 enabled = lmp_host_le_capable(hdev);
2540 if (!hdev_is_powered(hdev) || val == enabled) {
2541 bool changed = false;
2543 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2544 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2548 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2549 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2553 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2558 err = new_settings(hdev, sk);
2563 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2564 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2565 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2570 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2574 err = hci_cmd_sync_queue(hdev, set_le_sync, cmd,
2578 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2579 MGMT_STATUS_FAILED);
2582 mgmt_pending_remove(cmd);
2586 hci_dev_unlock(hdev);
2590 /* This is a helper function to test for pending mgmt commands that can
2591 * cause CoD or EIR HCI commands. We can only allow one such pending
2592 * mgmt command at a time since otherwise we cannot easily track what
2593 * the current values are, will be, and based on that calculate if a new
2594 * HCI command needs to be sent and if yes with what value.
2596 static bool pending_eir_or_class(struct hci_dev *hdev)
2598 struct mgmt_pending_cmd *cmd;
2600 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2601 switch (cmd->opcode) {
2602 case MGMT_OP_ADD_UUID:
2603 case MGMT_OP_REMOVE_UUID:
2604 case MGMT_OP_SET_DEV_CLASS:
2605 case MGMT_OP_SET_POWERED:
2613 static const u8 bluetooth_base_uuid[] = {
2614 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2615 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2618 static u8 get_uuid_size(const u8 *uuid)
2622 if (memcmp(uuid, bluetooth_base_uuid, 12))
2625 val = get_unaligned_le32(&uuid[12]);
2632 static void mgmt_class_complete(struct hci_dev *hdev, void *data, int err)
2634 struct mgmt_pending_cmd *cmd = data;
2636 bt_dev_dbg(hdev, "err %d", err);
2638 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2639 mgmt_status(err), hdev->dev_class, 3);
2641 mgmt_pending_free(cmd);
2644 static int add_uuid_sync(struct hci_dev *hdev, void *data)
2648 err = hci_update_class_sync(hdev);
2652 return hci_update_eir_sync(hdev);
2655 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2657 struct mgmt_cp_add_uuid *cp = data;
2658 struct mgmt_pending_cmd *cmd;
2659 struct bt_uuid *uuid;
2662 bt_dev_dbg(hdev, "sock %p", sk);
2666 if (pending_eir_or_class(hdev)) {
2667 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2672 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2678 memcpy(uuid->uuid, cp->uuid, 16);
2679 uuid->svc_hint = cp->svc_hint;
2680 uuid->size = get_uuid_size(cp->uuid);
2682 list_add_tail(&uuid->list, &hdev->uuids);
2684 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2690 err = hci_cmd_sync_queue(hdev, add_uuid_sync, cmd, mgmt_class_complete);
2692 mgmt_pending_free(cmd);
2697 hci_dev_unlock(hdev);
2701 static bool enable_service_cache(struct hci_dev *hdev)
2703 if (!hdev_is_powered(hdev))
2706 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2707 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2715 static int remove_uuid_sync(struct hci_dev *hdev, void *data)
2719 err = hci_update_class_sync(hdev);
2723 return hci_update_eir_sync(hdev);
2726 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2729 struct mgmt_cp_remove_uuid *cp = data;
2730 struct mgmt_pending_cmd *cmd;
2731 struct bt_uuid *match, *tmp;
2732 static const u8 bt_uuid_any[] = {
2733 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
2737 bt_dev_dbg(hdev, "sock %p", sk);
2741 if (pending_eir_or_class(hdev)) {
2742 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2747 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2748 hci_uuids_clear(hdev);
2750 if (enable_service_cache(hdev)) {
2751 err = mgmt_cmd_complete(sk, hdev->id,
2752 MGMT_OP_REMOVE_UUID,
2753 0, hdev->dev_class, 3);
2762 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2763 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2766 list_del(&match->list);
2772 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2773 MGMT_STATUS_INVALID_PARAMS);
2778 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2784 err = hci_cmd_sync_queue(hdev, remove_uuid_sync, cmd,
2785 mgmt_class_complete);
2787 mgmt_pending_free(cmd);
2790 hci_dev_unlock(hdev);
2794 static int set_class_sync(struct hci_dev *hdev, void *data)
2798 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2799 cancel_delayed_work_sync(&hdev->service_cache);
2800 err = hci_update_eir_sync(hdev);
2806 return hci_update_class_sync(hdev);
2809 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2812 struct mgmt_cp_set_dev_class *cp = data;
2813 struct mgmt_pending_cmd *cmd;
2816 bt_dev_dbg(hdev, "sock %p", sk);
2818 if (!lmp_bredr_capable(hdev))
2819 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2820 MGMT_STATUS_NOT_SUPPORTED);
2824 if (pending_eir_or_class(hdev)) {
2825 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2830 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2831 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2832 MGMT_STATUS_INVALID_PARAMS);
2836 hdev->major_class = cp->major;
2837 hdev->minor_class = cp->minor;
2839 if (!hdev_is_powered(hdev)) {
2840 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2841 hdev->dev_class, 3);
2845 cmd = mgmt_pending_new(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2851 err = hci_cmd_sync_queue(hdev, set_class_sync, cmd,
2852 mgmt_class_complete);
2854 mgmt_pending_free(cmd);
2857 hci_dev_unlock(hdev);
2861 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2864 struct mgmt_cp_load_link_keys *cp = data;
2865 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2866 sizeof(struct mgmt_link_key_info));
2867 u16 key_count, expected_len;
2871 bt_dev_dbg(hdev, "sock %p", sk);
2873 if (!lmp_bredr_capable(hdev))
2874 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2875 MGMT_STATUS_NOT_SUPPORTED);
2877 key_count = __le16_to_cpu(cp->key_count);
2878 if (key_count > max_key_count) {
2879 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2881 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2882 MGMT_STATUS_INVALID_PARAMS);
2885 expected_len = struct_size(cp, keys, key_count);
2886 if (expected_len != len) {
2887 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2889 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2890 MGMT_STATUS_INVALID_PARAMS);
2893 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2894 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2895 MGMT_STATUS_INVALID_PARAMS);
2897 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2900 for (i = 0; i < key_count; i++) {
2901 struct mgmt_link_key_info *key = &cp->keys[i];
2903 /* Considering SMP over BREDR/LE, there is no need to check addr_type */
2904 if (key->type > 0x08)
2905 return mgmt_cmd_status(sk, hdev->id,
2906 MGMT_OP_LOAD_LINK_KEYS,
2907 MGMT_STATUS_INVALID_PARAMS);
2912 hci_link_keys_clear(hdev);
2915 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2917 changed = hci_dev_test_and_clear_flag(hdev,
2918 HCI_KEEP_DEBUG_KEYS);
2921 new_settings(hdev, NULL);
2923 for (i = 0; i < key_count; i++) {
2924 struct mgmt_link_key_info *key = &cp->keys[i];
2926 if (hci_is_blocked_key(hdev,
2927 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2929 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2934 /* Always ignore debug keys and require a new pairing if
2935 * the user wants to use them.
2937 if (key->type == HCI_LK_DEBUG_COMBINATION)
2940 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2941 key->type, key->pin_len, NULL);
2944 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2946 hci_dev_unlock(hdev);
2951 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2952 u8 addr_type, struct sock *skip_sk)
2954 struct mgmt_ev_device_unpaired ev;
2956 bacpy(&ev.addr.bdaddr, bdaddr);
2957 ev.addr.type = addr_type;
2959 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2963 static void unpair_device_complete(struct hci_dev *hdev, void *data, int err)
2965 struct mgmt_pending_cmd *cmd = data;
2966 struct mgmt_cp_unpair_device *cp = cmd->param;
2969 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2971 cmd->cmd_complete(cmd, err);
2972 mgmt_pending_free(cmd);
2975 static int unpair_device_sync(struct hci_dev *hdev, void *data)
2977 struct mgmt_pending_cmd *cmd = data;
2978 struct mgmt_cp_unpair_device *cp = cmd->param;
2979 struct hci_conn *conn;
2981 if (cp->addr.type == BDADDR_BREDR)
2982 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2985 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2986 le_addr_type(cp->addr.type));
2991 return hci_abort_conn_sync(hdev, conn, HCI_ERROR_REMOTE_USER_TERM);
2994 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2997 struct mgmt_cp_unpair_device *cp = data;
2998 struct mgmt_rp_unpair_device rp;
2999 struct hci_conn_params *params;
3000 struct mgmt_pending_cmd *cmd;
3001 struct hci_conn *conn;
3005 memset(&rp, 0, sizeof(rp));
3006 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3007 rp.addr.type = cp->addr.type;
3009 if (!bdaddr_type_is_valid(cp->addr.type))
3010 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3011 MGMT_STATUS_INVALID_PARAMS,
3014 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
3015 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3016 MGMT_STATUS_INVALID_PARAMS,
3021 if (!hdev_is_powered(hdev)) {
3022 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3023 MGMT_STATUS_NOT_POWERED, &rp,
3028 if (cp->addr.type == BDADDR_BREDR) {
3029 /* If disconnection is requested, then look up the
3030 * connection. If the remote device is connected, it
3031 * will be later used to terminate the link.
3033 * Setting it to NULL explicitly will cause no
3034 * termination of the link.
3037 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3042 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
3044 err = mgmt_cmd_complete(sk, hdev->id,
3045 MGMT_OP_UNPAIR_DEVICE,
3046 MGMT_STATUS_NOT_PAIRED, &rp,
3054 /* LE address type */
3055 addr_type = le_addr_type(cp->addr.type);
3057 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
3058 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
3060 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3061 MGMT_STATUS_NOT_PAIRED, &rp,
3066 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
3068 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
3073 /* Defer clearing up the connection parameters until closing to
3074 * give a chance of keeping them if a repairing happens.
3076 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3078 /* Disable auto-connection parameters if present */
3079 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
3081 if (params->explicit_connect)
3082 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3084 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3087 /* If disconnection is not requested, then clear the connection
3088 * variable so that the link is not terminated.
3090 if (!cp->disconnect)
3094 /* If the connection variable is set, then termination of the
3095 * link is requested.
3098 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3100 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
3104 cmd = mgmt_pending_new(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
3111 cmd->cmd_complete = addr_cmd_complete;
3113 err = hci_cmd_sync_queue(hdev, unpair_device_sync, cmd,
3114 unpair_device_complete);
3116 mgmt_pending_free(cmd);
3119 hci_dev_unlock(hdev);
3123 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
3126 struct mgmt_cp_disconnect *cp = data;
3127 struct mgmt_rp_disconnect rp;
3128 struct mgmt_pending_cmd *cmd;
3129 struct hci_conn *conn;
3132 bt_dev_dbg(hdev, "sock %p", sk);
3134 memset(&rp, 0, sizeof(rp));
3135 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3136 rp.addr.type = cp->addr.type;
3138 if (!bdaddr_type_is_valid(cp->addr.type))
3139 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3140 MGMT_STATUS_INVALID_PARAMS,
3145 if (!test_bit(HCI_UP, &hdev->flags)) {
3146 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3147 MGMT_STATUS_NOT_POWERED, &rp,
3152 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
3153 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3154 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3158 if (cp->addr.type == BDADDR_BREDR)
3159 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3162 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
3163 le_addr_type(cp->addr.type));
3165 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
3166 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3167 MGMT_STATUS_NOT_CONNECTED, &rp,
3172 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
3178 cmd->cmd_complete = generic_cmd_complete;
3180 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3182 mgmt_pending_remove(cmd);
3185 hci_dev_unlock(hdev);
3189 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3191 switch (link_type) {
3193 switch (addr_type) {
3194 case ADDR_LE_DEV_PUBLIC:
3195 return BDADDR_LE_PUBLIC;
3198 /* Fallback to LE Random address type */
3199 return BDADDR_LE_RANDOM;
3203 /* Fallback to BR/EDR type */
3204 return BDADDR_BREDR;
3208 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3211 struct mgmt_rp_get_connections *rp;
3216 bt_dev_dbg(hdev, "sock %p", sk);
3220 if (!hdev_is_powered(hdev)) {
3221 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3222 MGMT_STATUS_NOT_POWERED);
3227 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3228 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3232 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
3239 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3240 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3242 bacpy(&rp->addr[i].bdaddr, &c->dst);
3243 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3244 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3249 rp->conn_count = cpu_to_le16(i);
3251 /* Recalculate length in case of filtered SCO connections, etc */
3252 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3253 struct_size(rp, addr, i));
3258 hci_dev_unlock(hdev);
3262 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3263 struct mgmt_cp_pin_code_neg_reply *cp)
3265 struct mgmt_pending_cmd *cmd;
3268 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3273 cmd->cmd_complete = addr_cmd_complete;
3275 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3276 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3278 mgmt_pending_remove(cmd);
3283 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3286 struct hci_conn *conn;
3287 struct mgmt_cp_pin_code_reply *cp = data;
3288 struct hci_cp_pin_code_reply reply;
3289 struct mgmt_pending_cmd *cmd;
3292 bt_dev_dbg(hdev, "sock %p", sk);
3296 if (!hdev_is_powered(hdev)) {
3297 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3298 MGMT_STATUS_NOT_POWERED);
3302 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3304 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3305 MGMT_STATUS_NOT_CONNECTED);
3309 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3310 struct mgmt_cp_pin_code_neg_reply ncp;
3312 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3314 bt_dev_err(hdev, "PIN code is not 16 bytes long");
3316 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3318 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3319 MGMT_STATUS_INVALID_PARAMS);
3324 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3330 cmd->cmd_complete = addr_cmd_complete;
3332 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3333 reply.pin_len = cp->pin_len;
3334 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3336 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3338 mgmt_pending_remove(cmd);
3341 hci_dev_unlock(hdev);
3345 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3348 struct mgmt_cp_set_io_capability *cp = data;
3350 bt_dev_dbg(hdev, "sock %p", sk);
3352 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3353 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3354 MGMT_STATUS_INVALID_PARAMS);
3358 hdev->io_capability = cp->io_capability;
3360 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
3362 hci_dev_unlock(hdev);
3364 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3368 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
3370 struct hci_dev *hdev = conn->hdev;
3371 struct mgmt_pending_cmd *cmd;
3373 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3374 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3377 if (cmd->user_data != conn)
3386 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
3388 struct mgmt_rp_pair_device rp;
3389 struct hci_conn *conn = cmd->user_data;
3392 bacpy(&rp.addr.bdaddr, &conn->dst);
3393 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3395 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3396 status, &rp, sizeof(rp));
3398 /* So we don't get further callbacks for this connection */
3399 conn->connect_cfm_cb = NULL;
3400 conn->security_cfm_cb = NULL;
3401 conn->disconn_cfm_cb = NULL;
3403 hci_conn_drop(conn);
3405 /* The device is paired so there is no need to remove
3406 * its connection parameters anymore.
3408 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3415 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3417 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3418 struct mgmt_pending_cmd *cmd;
3420 cmd = find_pairing(conn);
3422 cmd->cmd_complete(cmd, status);
3423 mgmt_pending_remove(cmd);
3427 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3429 struct mgmt_pending_cmd *cmd;
3431 BT_DBG("status %u", status);
3433 cmd = find_pairing(conn);
3435 BT_DBG("Unable to find a pending command");
3439 cmd->cmd_complete(cmd, mgmt_status(status));
3440 mgmt_pending_remove(cmd);
3443 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3445 struct mgmt_pending_cmd *cmd;
3447 BT_DBG("status %u", status);
3452 cmd = find_pairing(conn);
3454 BT_DBG("Unable to find a pending command");
3458 cmd->cmd_complete(cmd, mgmt_status(status));
3459 mgmt_pending_remove(cmd);
3462 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3465 struct mgmt_cp_pair_device *cp = data;
3466 struct mgmt_rp_pair_device rp;
3467 struct mgmt_pending_cmd *cmd;
3468 u8 sec_level, auth_type;
3469 struct hci_conn *conn;
3472 bt_dev_dbg(hdev, "sock %p", sk);
3474 memset(&rp, 0, sizeof(rp));
3475 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3476 rp.addr.type = cp->addr.type;
3478 if (!bdaddr_type_is_valid(cp->addr.type))
3479 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3480 MGMT_STATUS_INVALID_PARAMS,
3483 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3484 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3485 MGMT_STATUS_INVALID_PARAMS,
3490 if (!hdev_is_powered(hdev)) {
3491 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3492 MGMT_STATUS_NOT_POWERED, &rp,
3497 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3498 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3499 MGMT_STATUS_ALREADY_PAIRED, &rp,
3504 sec_level = BT_SECURITY_MEDIUM;
3505 auth_type = HCI_AT_DEDICATED_BONDING;
3507 if (cp->addr.type == BDADDR_BREDR) {
3508 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3509 auth_type, CONN_REASON_PAIR_DEVICE);
3511 u8 addr_type = le_addr_type(cp->addr.type);
3512 struct hci_conn_params *p;
3514 /* When pairing a new device, it is expected to remember
3515 * this device for future connections. Adding the connection
3516 * parameter information ahead of time allows tracking
3517 * of the peripheral preferred values and will speed up any
3518 * further connection establishment.
3520 * If connection parameters already exist, then they
3521 * will be kept and this function does nothing.
3523 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3525 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
3526 p->auto_connect = HCI_AUTO_CONN_DISABLED;
3528 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type,
3529 sec_level, HCI_LE_CONN_TIMEOUT,
3530 CONN_REASON_PAIR_DEVICE);
3536 if (PTR_ERR(conn) == -EBUSY)
3537 status = MGMT_STATUS_BUSY;
3538 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3539 status = MGMT_STATUS_NOT_SUPPORTED;
3540 else if (PTR_ERR(conn) == -ECONNREFUSED)
3541 status = MGMT_STATUS_REJECTED;
3543 status = MGMT_STATUS_CONNECT_FAILED;
3545 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3546 status, &rp, sizeof(rp));
3550 if (conn->connect_cfm_cb) {
3551 hci_conn_drop(conn);
3552 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3553 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3557 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3560 hci_conn_drop(conn);
3564 cmd->cmd_complete = pairing_complete;
3566 /* For LE, just connecting isn't a proof that the pairing finished */
3567 if (cp->addr.type == BDADDR_BREDR) {
3568 conn->connect_cfm_cb = pairing_complete_cb;
3569 conn->security_cfm_cb = pairing_complete_cb;
3570 conn->disconn_cfm_cb = pairing_complete_cb;
3572 conn->connect_cfm_cb = le_pairing_complete_cb;
3573 conn->security_cfm_cb = le_pairing_complete_cb;
3574 conn->disconn_cfm_cb = le_pairing_complete_cb;
3577 conn->io_capability = cp->io_cap;
3578 cmd->user_data = hci_conn_get(conn);
3580 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3581 hci_conn_security(conn, sec_level, auth_type, true)) {
3582 cmd->cmd_complete(cmd, 0);
3583 mgmt_pending_remove(cmd);
3589 hci_dev_unlock(hdev);
3593 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3596 struct mgmt_addr_info *addr = data;
3597 struct mgmt_pending_cmd *cmd;
3598 struct hci_conn *conn;
3601 bt_dev_dbg(hdev, "sock %p", sk);
3605 if (!hdev_is_powered(hdev)) {
3606 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3607 MGMT_STATUS_NOT_POWERED);
3611 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3613 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3614 MGMT_STATUS_INVALID_PARAMS);
3618 conn = cmd->user_data;
3620 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3621 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3622 MGMT_STATUS_INVALID_PARAMS);
3626 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3627 mgmt_pending_remove(cmd);
3629 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3630 addr, sizeof(*addr));
3632 /* Since user doesn't want to proceed with the connection, abort any
3633 * ongoing pairing and then terminate the link if it was created
3634 * because of the pair device action.
3636 if (addr->type == BDADDR_BREDR)
3637 hci_remove_link_key(hdev, &addr->bdaddr);
3639 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr,
3640 le_addr_type(addr->type));
3642 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE)
3643 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
3646 hci_dev_unlock(hdev);
3650 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3651 struct mgmt_addr_info *addr, u16 mgmt_op,
3652 u16 hci_op, __le32 passkey)
3654 struct mgmt_pending_cmd *cmd;
3655 struct hci_conn *conn;
3660 if (!hdev_is_powered(hdev)) {
3661 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3662 MGMT_STATUS_NOT_POWERED, addr,
3667 if (addr->type == BDADDR_BREDR)
3668 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3670 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3671 le_addr_type(addr->type));
3674 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3675 MGMT_STATUS_NOT_CONNECTED, addr,
3680 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3681 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3683 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3684 MGMT_STATUS_SUCCESS, addr,
3687 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3688 MGMT_STATUS_FAILED, addr,
3694 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3700 cmd->cmd_complete = addr_cmd_complete;
3702 /* Continue with pairing via HCI */
3703 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3704 struct hci_cp_user_passkey_reply cp;
3706 bacpy(&cp.bdaddr, &addr->bdaddr);
3707 cp.passkey = passkey;
3708 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3710 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3714 mgmt_pending_remove(cmd);
3717 hci_dev_unlock(hdev);
3721 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3722 void *data, u16 len)
3724 struct mgmt_cp_pin_code_neg_reply *cp = data;
3726 bt_dev_dbg(hdev, "sock %p", sk);
3728 return user_pairing_resp(sk, hdev, &cp->addr,
3729 MGMT_OP_PIN_CODE_NEG_REPLY,
3730 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3733 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3736 struct mgmt_cp_user_confirm_reply *cp = data;
3738 bt_dev_dbg(hdev, "sock %p", sk);
3740 if (len != sizeof(*cp))
3741 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3742 MGMT_STATUS_INVALID_PARAMS);
3744 return user_pairing_resp(sk, hdev, &cp->addr,
3745 MGMT_OP_USER_CONFIRM_REPLY,
3746 HCI_OP_USER_CONFIRM_REPLY, 0);
3749 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3750 void *data, u16 len)
3752 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3754 bt_dev_dbg(hdev, "sock %p", sk);
3756 return user_pairing_resp(sk, hdev, &cp->addr,
3757 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3758 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3761 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3764 struct mgmt_cp_user_passkey_reply *cp = data;
3766 bt_dev_dbg(hdev, "sock %p", sk);
3768 return user_pairing_resp(sk, hdev, &cp->addr,
3769 MGMT_OP_USER_PASSKEY_REPLY,
3770 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3773 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3774 void *data, u16 len)
3776 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3778 bt_dev_dbg(hdev, "sock %p", sk);
3780 return user_pairing_resp(sk, hdev, &cp->addr,
3781 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3782 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3785 static int adv_expire_sync(struct hci_dev *hdev, u32 flags)
3787 struct adv_info *adv_instance;
3789 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3793 /* stop if current instance doesn't need to be changed */
3794 if (!(adv_instance->flags & flags))
3797 cancel_adv_timeout(hdev);
3799 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3803 hci_schedule_adv_instance_sync(hdev, adv_instance->instance, true);
3808 static int name_changed_sync(struct hci_dev *hdev, void *data)
3810 return adv_expire_sync(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3813 static void set_name_complete(struct hci_dev *hdev, void *data, int err)
3815 struct mgmt_pending_cmd *cmd = data;
3816 struct mgmt_cp_set_local_name *cp = cmd->param;
3817 u8 status = mgmt_status(err);
3819 bt_dev_dbg(hdev, "err %d", err);
3821 if (cmd != pending_find(MGMT_OP_SET_LOCAL_NAME, hdev))
3825 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3828 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3831 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3832 hci_cmd_sync_queue(hdev, name_changed_sync, NULL, NULL);
3835 mgmt_pending_remove(cmd);
3838 static int set_name_sync(struct hci_dev *hdev, void *data)
3840 if (lmp_bredr_capable(hdev)) {
3841 hci_update_name_sync(hdev);
3842 hci_update_eir_sync(hdev);
3845 /* The name is stored in the scan response data and so
3846 * no need to update the advertising data here.
3848 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3849 hci_update_scan_rsp_data_sync(hdev, hdev->cur_adv_instance);
3854 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3857 struct mgmt_cp_set_local_name *cp = data;
3858 struct mgmt_pending_cmd *cmd;
3861 bt_dev_dbg(hdev, "sock %p", sk);
3865 /* If the old values are the same as the new ones just return a
3866 * direct command complete event.
3868 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3869 !memcmp(hdev->short_name, cp->short_name,
3870 sizeof(hdev->short_name))) {
3871 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3876 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3878 if (!hdev_is_powered(hdev)) {
3879 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3881 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3886 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3887 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3888 ext_info_changed(hdev, sk);
3893 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3897 err = hci_cmd_sync_queue(hdev, set_name_sync, cmd,
3901 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3902 MGMT_STATUS_FAILED);
3905 mgmt_pending_remove(cmd);
3910 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3913 hci_dev_unlock(hdev);
3917 static int appearance_changed_sync(struct hci_dev *hdev, void *data)
3919 return adv_expire_sync(hdev, MGMT_ADV_FLAG_APPEARANCE);
3922 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3925 struct mgmt_cp_set_appearance *cp = data;
3929 bt_dev_dbg(hdev, "sock %p", sk);
3931 if (!lmp_le_capable(hdev))
3932 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3933 MGMT_STATUS_NOT_SUPPORTED);
3935 appearance = le16_to_cpu(cp->appearance);
3939 if (hdev->appearance != appearance) {
3940 hdev->appearance = appearance;
3942 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3943 hci_cmd_sync_queue(hdev, appearance_changed_sync, NULL,
3946 ext_info_changed(hdev, sk);
3949 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3952 hci_dev_unlock(hdev);
3957 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3958 void *data, u16 len)
3960 struct mgmt_rp_get_phy_configuration rp;
3962 bt_dev_dbg(hdev, "sock %p", sk);
3966 memset(&rp, 0, sizeof(rp));
3968 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3969 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3970 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3972 hci_dev_unlock(hdev);
3974 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3978 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3980 struct mgmt_ev_phy_configuration_changed ev;
3982 memset(&ev, 0, sizeof(ev));
3984 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3986 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3990 static void set_default_phy_complete(struct hci_dev *hdev, void *data, int err)
3992 struct mgmt_pending_cmd *cmd = data;
3993 struct sk_buff *skb = cmd->skb;
3994 u8 status = mgmt_status(err);
3996 if (cmd != pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev))
4001 status = MGMT_STATUS_FAILED;
4002 else if (IS_ERR(skb))
4003 status = mgmt_status(PTR_ERR(skb));
4005 status = mgmt_status(skb->data[0]);
4008 bt_dev_dbg(hdev, "status %d", status);
4011 mgmt_cmd_status(cmd->sk, hdev->id,
4012 MGMT_OP_SET_PHY_CONFIGURATION, status);
4014 mgmt_cmd_complete(cmd->sk, hdev->id,
4015 MGMT_OP_SET_PHY_CONFIGURATION, 0,
4018 mgmt_phy_configuration_changed(hdev, cmd->sk);
4021 if (skb && !IS_ERR(skb))
4024 mgmt_pending_remove(cmd);
4027 static int set_default_phy_sync(struct hci_dev *hdev, void *data)
4029 struct mgmt_pending_cmd *cmd = data;
4030 struct mgmt_cp_set_phy_configuration *cp = cmd->param;
4031 struct hci_cp_le_set_default_phy cp_phy;
4032 u32 selected_phys = __le32_to_cpu(cp->selected_phys);
4034 memset(&cp_phy, 0, sizeof(cp_phy));
4036 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
4037 cp_phy.all_phys |= 0x01;
4039 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
4040 cp_phy.all_phys |= 0x02;
4042 if (selected_phys & MGMT_PHY_LE_1M_TX)
4043 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
4045 if (selected_phys & MGMT_PHY_LE_2M_TX)
4046 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
4048 if (selected_phys & MGMT_PHY_LE_CODED_TX)
4049 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
4051 if (selected_phys & MGMT_PHY_LE_1M_RX)
4052 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
4054 if (selected_phys & MGMT_PHY_LE_2M_RX)
4055 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
4057 if (selected_phys & MGMT_PHY_LE_CODED_RX)
4058 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
4060 cmd->skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_DEFAULT_PHY,
4061 sizeof(cp_phy), &cp_phy, HCI_CMD_TIMEOUT);
4066 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
4067 void *data, u16 len)
4069 struct mgmt_cp_set_phy_configuration *cp = data;
4070 struct mgmt_pending_cmd *cmd;
4071 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
4072 u16 pkt_type = (HCI_DH1 | HCI_DM1);
4073 bool changed = false;
4076 bt_dev_dbg(hdev, "sock %p", sk);
4078 configurable_phys = get_configurable_phys(hdev);
4079 supported_phys = get_supported_phys(hdev);
4080 selected_phys = __le32_to_cpu(cp->selected_phys);
4082 if (selected_phys & ~supported_phys)
4083 return mgmt_cmd_status(sk, hdev->id,
4084 MGMT_OP_SET_PHY_CONFIGURATION,
4085 MGMT_STATUS_INVALID_PARAMS);
4087 unconfigure_phys = supported_phys & ~configurable_phys;
4089 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
4090 return mgmt_cmd_status(sk, hdev->id,
4091 MGMT_OP_SET_PHY_CONFIGURATION,
4092 MGMT_STATUS_INVALID_PARAMS);
4094 if (selected_phys == get_selected_phys(hdev))
4095 return mgmt_cmd_complete(sk, hdev->id,
4096 MGMT_OP_SET_PHY_CONFIGURATION,
4101 if (!hdev_is_powered(hdev)) {
4102 err = mgmt_cmd_status(sk, hdev->id,
4103 MGMT_OP_SET_PHY_CONFIGURATION,
4104 MGMT_STATUS_REJECTED);
4108 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
4109 err = mgmt_cmd_status(sk, hdev->id,
4110 MGMT_OP_SET_PHY_CONFIGURATION,
4115 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
4116 pkt_type |= (HCI_DH3 | HCI_DM3);
4118 pkt_type &= ~(HCI_DH3 | HCI_DM3);
4120 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
4121 pkt_type |= (HCI_DH5 | HCI_DM5);
4123 pkt_type &= ~(HCI_DH5 | HCI_DM5);
4125 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
4126 pkt_type &= ~HCI_2DH1;
4128 pkt_type |= HCI_2DH1;
4130 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
4131 pkt_type &= ~HCI_2DH3;
4133 pkt_type |= HCI_2DH3;
4135 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
4136 pkt_type &= ~HCI_2DH5;
4138 pkt_type |= HCI_2DH5;
4140 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
4141 pkt_type &= ~HCI_3DH1;
4143 pkt_type |= HCI_3DH1;
4145 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
4146 pkt_type &= ~HCI_3DH3;
4148 pkt_type |= HCI_3DH3;
4150 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
4151 pkt_type &= ~HCI_3DH5;
4153 pkt_type |= HCI_3DH5;
4155 if (pkt_type != hdev->pkt_type) {
4156 hdev->pkt_type = pkt_type;
4160 if ((selected_phys & MGMT_PHY_LE_MASK) ==
4161 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
4163 mgmt_phy_configuration_changed(hdev, sk);
4165 err = mgmt_cmd_complete(sk, hdev->id,
4166 MGMT_OP_SET_PHY_CONFIGURATION,
4172 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
4177 err = hci_cmd_sync_queue(hdev, set_default_phy_sync, cmd,
4178 set_default_phy_complete);
4181 err = mgmt_cmd_status(sk, hdev->id,
4182 MGMT_OP_SET_PHY_CONFIGURATION,
4183 MGMT_STATUS_FAILED);
4186 mgmt_pending_remove(cmd);
4190 hci_dev_unlock(hdev);
4195 static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
4198 int err = MGMT_STATUS_SUCCESS;
4199 struct mgmt_cp_set_blocked_keys *keys = data;
4200 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
4201 sizeof(struct mgmt_blocked_key_info));
4202 u16 key_count, expected_len;
4205 bt_dev_dbg(hdev, "sock %p", sk);
4207 key_count = __le16_to_cpu(keys->key_count);
4208 if (key_count > max_key_count) {
4209 bt_dev_err(hdev, "too big key_count value %u", key_count);
4210 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4211 MGMT_STATUS_INVALID_PARAMS);
4214 expected_len = struct_size(keys, keys, key_count);
4215 if (expected_len != len) {
4216 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
4218 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4219 MGMT_STATUS_INVALID_PARAMS);
4224 hci_blocked_keys_clear(hdev);
4226 for (i = 0; i < key_count; ++i) {
4227 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
4230 err = MGMT_STATUS_NO_RESOURCES;
4234 b->type = keys->keys[i].type;
4235 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
4236 list_add_rcu(&b->list, &hdev->blocked_keys);
4238 hci_dev_unlock(hdev);
4240 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4244 static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
4245 void *data, u16 len)
4247 struct mgmt_mode *cp = data;
4249 bool changed = false;
4251 bt_dev_dbg(hdev, "sock %p", sk);
4253 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
4254 return mgmt_cmd_status(sk, hdev->id,
4255 MGMT_OP_SET_WIDEBAND_SPEECH,
4256 MGMT_STATUS_NOT_SUPPORTED);
4258 if (cp->val != 0x00 && cp->val != 0x01)
4259 return mgmt_cmd_status(sk, hdev->id,
4260 MGMT_OP_SET_WIDEBAND_SPEECH,
4261 MGMT_STATUS_INVALID_PARAMS);
4265 if (hdev_is_powered(hdev) &&
4266 !!cp->val != hci_dev_test_flag(hdev,
4267 HCI_WIDEBAND_SPEECH_ENABLED)) {
4268 err = mgmt_cmd_status(sk, hdev->id,
4269 MGMT_OP_SET_WIDEBAND_SPEECH,
4270 MGMT_STATUS_REJECTED);
4275 changed = !hci_dev_test_and_set_flag(hdev,
4276 HCI_WIDEBAND_SPEECH_ENABLED);
4278 changed = hci_dev_test_and_clear_flag(hdev,
4279 HCI_WIDEBAND_SPEECH_ENABLED);
4281 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
4286 err = new_settings(hdev, sk);
4289 hci_dev_unlock(hdev);
4293 static int read_controller_cap(struct sock *sk, struct hci_dev *hdev,
4294 void *data, u16 data_len)
4297 struct mgmt_rp_read_controller_cap *rp = (void *)buf;
4300 u8 tx_power_range[2];
4302 bt_dev_dbg(hdev, "sock %p", sk);
4304 memset(&buf, 0, sizeof(buf));
4308 /* When the Read Simple Pairing Options command is supported, then
4309 * the remote public key validation is supported.
4311 * Alternatively, when Microsoft extensions are available, they can
4312 * indicate support for public key validation as well.
4314 if ((hdev->commands[41] & 0x08) || msft_curve_validity(hdev))
4315 flags |= 0x01; /* Remote public key validation (BR/EDR) */
4317 flags |= 0x02; /* Remote public key validation (LE) */
4319 /* When the Read Encryption Key Size command is supported, then the
4320 * encryption key size is enforced.
4322 if (hdev->commands[20] & 0x10)
4323 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
4325 flags |= 0x08; /* Encryption key size enforcement (LE) */
4327 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS,
4330 /* When the Read Simple Pairing Options command is supported, then
4331 * also max encryption key size information is provided.
4333 if (hdev->commands[41] & 0x08)
4334 cap_len = eir_append_le16(rp->cap, cap_len,
4335 MGMT_CAP_MAX_ENC_KEY_SIZE,
4336 hdev->max_enc_key_size);
4338 cap_len = eir_append_le16(rp->cap, cap_len,
4339 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE,
4340 SMP_MAX_ENC_KEY_SIZE);
4342 /* Append the min/max LE tx power parameters if we were able to fetch
4343 * it from the controller
4345 if (hdev->commands[38] & 0x80) {
4346 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1);
4347 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1);
4348 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR,
4352 rp->cap_len = cpu_to_le16(cap_len);
4354 hci_dev_unlock(hdev);
4356 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0,
4357 rp, sizeof(*rp) + cap_len);
4360 #ifdef CONFIG_BT_FEATURE_DEBUG
4361 /* d4992530-b9ec-469f-ab01-6c481c47da1c */
4362 static const u8 debug_uuid[16] = {
4363 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab,
4364 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4,
4368 /* 330859bc-7506-492d-9370-9a6f0614037f */
4369 static const u8 quality_report_uuid[16] = {
4370 0x7f, 0x03, 0x14, 0x06, 0x6f, 0x9a, 0x70, 0x93,
4371 0x2d, 0x49, 0x06, 0x75, 0xbc, 0x59, 0x08, 0x33,
4374 /* a6695ace-ee7f-4fb9-881a-5fac66c629af */
4375 static const u8 offload_codecs_uuid[16] = {
4376 0xaf, 0x29, 0xc6, 0x66, 0xac, 0x5f, 0x1a, 0x88,
4377 0xb9, 0x4f, 0x7f, 0xee, 0xce, 0x5a, 0x69, 0xa6,
4380 /* 671b10b5-42c0-4696-9227-eb28d1b049d6 */
4381 static const u8 le_simultaneous_roles_uuid[16] = {
4382 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92,
4383 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67,
4386 /* 15c0a148-c273-11ea-b3de-0242ac130004 */
4387 static const u8 rpa_resolution_uuid[16] = {
4388 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3,
4389 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15,
4392 /* 6fbaf188-05e0-496a-9885-d6ddfdb4e03e */
4393 static const u8 iso_socket_uuid[16] = {
4394 0x3e, 0xe0, 0xb4, 0xfd, 0xdd, 0xd6, 0x85, 0x98,
4395 0x6a, 0x49, 0xe0, 0x05, 0x88, 0xf1, 0xba, 0x6f,
4398 /* 2ce463d7-7a03-4d8d-bf05-5f24e8f36e76 */
4399 static const u8 mgmt_mesh_uuid[16] = {
4400 0x76, 0x6e, 0xf3, 0xe8, 0x24, 0x5f, 0x05, 0xbf,
4401 0x8d, 0x4d, 0x03, 0x7a, 0xd7, 0x63, 0xe4, 0x2c,
4404 static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
4405 void *data, u16 data_len)
4407 struct mgmt_rp_read_exp_features_info *rp;
4413 bt_dev_dbg(hdev, "sock %p", sk);
4415 /* Enough space for 7 features */
4416 len = sizeof(*rp) + (sizeof(rp->features[0]) * 7);
4417 rp = kzalloc(len, GFP_KERNEL);
4421 #ifdef CONFIG_BT_FEATURE_DEBUG
4423 flags = bt_dbg_get() ? BIT(0) : 0;
4425 memcpy(rp->features[idx].uuid, debug_uuid, 16);
4426 rp->features[idx].flags = cpu_to_le32(flags);
4431 if (hdev && hci_dev_le_state_simultaneous(hdev)) {
4432 if (hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES))
4437 memcpy(rp->features[idx].uuid, le_simultaneous_roles_uuid, 16);
4438 rp->features[idx].flags = cpu_to_le32(flags);
4442 if (hdev && ll_privacy_capable(hdev)) {
4443 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
4444 flags = BIT(0) | BIT(1);
4448 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16);
4449 rp->features[idx].flags = cpu_to_le32(flags);
4453 if (hdev && (aosp_has_quality_report(hdev) ||
4454 hdev->set_quality_report)) {
4455 if (hci_dev_test_flag(hdev, HCI_QUALITY_REPORT))
4460 memcpy(rp->features[idx].uuid, quality_report_uuid, 16);
4461 rp->features[idx].flags = cpu_to_le32(flags);
4465 if (hdev && hdev->get_data_path_id) {
4466 if (hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED))
4471 memcpy(rp->features[idx].uuid, offload_codecs_uuid, 16);
4472 rp->features[idx].flags = cpu_to_le32(flags);
4476 if (IS_ENABLED(CONFIG_BT_LE)) {
4477 flags = iso_enabled() ? BIT(0) : 0;
4478 memcpy(rp->features[idx].uuid, iso_socket_uuid, 16);
4479 rp->features[idx].flags = cpu_to_le32(flags);
4483 if (hdev && lmp_le_capable(hdev)) {
4484 if (hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
4489 memcpy(rp->features[idx].uuid, mgmt_mesh_uuid, 16);
4490 rp->features[idx].flags = cpu_to_le32(flags);
4494 rp->feature_count = cpu_to_le16(idx);
4496 /* After reading the experimental features information, enable
4497 * the events to update client on any future change.
4499 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4501 status = mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4502 MGMT_OP_READ_EXP_FEATURES_INFO,
4503 0, rp, sizeof(*rp) + (20 * idx));
4509 static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev,
4512 struct mgmt_ev_exp_feature_changed ev;
4514 memset(&ev, 0, sizeof(ev));
4515 memcpy(ev.uuid, rpa_resolution_uuid, 16);
4516 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1));
4518 // Do we need to be atomic with the conn_flags?
4519 if (enabled && privacy_mode_capable(hdev))
4520 hdev->conn_flags |= HCI_CONN_FLAG_DEVICE_PRIVACY;
4522 hdev->conn_flags &= ~HCI_CONN_FLAG_DEVICE_PRIVACY;
4524 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
4526 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4530 static int exp_feature_changed(struct hci_dev *hdev, const u8 *uuid,
4531 bool enabled, struct sock *skip)
4533 struct mgmt_ev_exp_feature_changed ev;
4535 memset(&ev, 0, sizeof(ev));
4536 memcpy(ev.uuid, uuid, 16);
4537 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
4539 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
4541 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4544 #define EXP_FEAT(_uuid, _set_func) \
4547 .set_func = _set_func, \
4550 /* The zero key uuid is special. Multiple exp features are set through it. */
4551 static int set_zero_key_func(struct sock *sk, struct hci_dev *hdev,
4552 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4554 struct mgmt_rp_set_exp_feature rp;
4556 memset(rp.uuid, 0, 16);
4557 rp.flags = cpu_to_le32(0);
4559 #ifdef CONFIG_BT_FEATURE_DEBUG
4561 bool changed = bt_dbg_get();
4566 exp_feature_changed(NULL, ZERO_KEY, false, sk);
4570 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) {
4573 changed = hci_dev_test_and_clear_flag(hdev,
4574 HCI_ENABLE_LL_PRIVACY);
4576 exp_feature_changed(hdev, rpa_resolution_uuid, false,
4580 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4582 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4583 MGMT_OP_SET_EXP_FEATURE, 0,
4587 #ifdef CONFIG_BT_FEATURE_DEBUG
4588 static int set_debug_func(struct sock *sk, struct hci_dev *hdev,
4589 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4591 struct mgmt_rp_set_exp_feature rp;
4596 /* Command requires to use the non-controller index */
4598 return mgmt_cmd_status(sk, hdev->id,
4599 MGMT_OP_SET_EXP_FEATURE,
4600 MGMT_STATUS_INVALID_INDEX);
4602 /* Parameters are limited to a single octet */
4603 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4604 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4605 MGMT_OP_SET_EXP_FEATURE,
4606 MGMT_STATUS_INVALID_PARAMS);
4608 /* Only boolean on/off is supported */
4609 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4610 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4611 MGMT_OP_SET_EXP_FEATURE,
4612 MGMT_STATUS_INVALID_PARAMS);
4614 val = !!cp->param[0];
4615 changed = val ? !bt_dbg_get() : bt_dbg_get();
4618 memcpy(rp.uuid, debug_uuid, 16);
4619 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4621 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4623 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4624 MGMT_OP_SET_EXP_FEATURE, 0,
4628 exp_feature_changed(hdev, debug_uuid, val, sk);
4634 static int set_mgmt_mesh_func(struct sock *sk, struct hci_dev *hdev,
4635 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4637 struct mgmt_rp_set_exp_feature rp;
4641 /* Command requires to use the controller index */
4643 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4644 MGMT_OP_SET_EXP_FEATURE,
4645 MGMT_STATUS_INVALID_INDEX);
4647 /* Parameters are limited to a single octet */
4648 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4649 return mgmt_cmd_status(sk, hdev->id,
4650 MGMT_OP_SET_EXP_FEATURE,
4651 MGMT_STATUS_INVALID_PARAMS);
4653 /* Only boolean on/off is supported */
4654 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4655 return mgmt_cmd_status(sk, hdev->id,
4656 MGMT_OP_SET_EXP_FEATURE,
4657 MGMT_STATUS_INVALID_PARAMS);
4659 val = !!cp->param[0];
4662 changed = !hci_dev_test_and_set_flag(hdev,
4663 HCI_MESH_EXPERIMENTAL);
4665 hci_dev_clear_flag(hdev, HCI_MESH);
4666 changed = hci_dev_test_and_clear_flag(hdev,
4667 HCI_MESH_EXPERIMENTAL);
4670 memcpy(rp.uuid, mgmt_mesh_uuid, 16);
4671 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4673 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4675 err = mgmt_cmd_complete(sk, hdev->id,
4676 MGMT_OP_SET_EXP_FEATURE, 0,
4680 exp_feature_changed(hdev, mgmt_mesh_uuid, val, sk);
4685 static int set_rpa_resolution_func(struct sock *sk, struct hci_dev *hdev,
4686 struct mgmt_cp_set_exp_feature *cp,
4689 struct mgmt_rp_set_exp_feature rp;
4694 /* Command requires to use the controller index */
4696 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4697 MGMT_OP_SET_EXP_FEATURE,
4698 MGMT_STATUS_INVALID_INDEX);
4700 /* Changes can only be made when controller is powered down */
4701 if (hdev_is_powered(hdev))
4702 return mgmt_cmd_status(sk, hdev->id,
4703 MGMT_OP_SET_EXP_FEATURE,
4704 MGMT_STATUS_REJECTED);
4706 /* Parameters are limited to a single octet */
4707 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4708 return mgmt_cmd_status(sk, hdev->id,
4709 MGMT_OP_SET_EXP_FEATURE,
4710 MGMT_STATUS_INVALID_PARAMS);
4712 /* Only boolean on/off is supported */
4713 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4714 return mgmt_cmd_status(sk, hdev->id,
4715 MGMT_OP_SET_EXP_FEATURE,
4716 MGMT_STATUS_INVALID_PARAMS);
4718 val = !!cp->param[0];
4721 changed = !hci_dev_test_and_set_flag(hdev,
4722 HCI_ENABLE_LL_PRIVACY);
4723 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4725 /* Enable LL privacy + supported settings changed */
4726 flags = BIT(0) | BIT(1);
4728 changed = hci_dev_test_and_clear_flag(hdev,
4729 HCI_ENABLE_LL_PRIVACY);
4731 /* Disable LL privacy + supported settings changed */
4735 memcpy(rp.uuid, rpa_resolution_uuid, 16);
4736 rp.flags = cpu_to_le32(flags);
4738 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4740 err = mgmt_cmd_complete(sk, hdev->id,
4741 MGMT_OP_SET_EXP_FEATURE, 0,
4745 exp_ll_privacy_feature_changed(val, hdev, sk);
4750 static int set_quality_report_func(struct sock *sk, struct hci_dev *hdev,
4751 struct mgmt_cp_set_exp_feature *cp,
4754 struct mgmt_rp_set_exp_feature rp;
4758 /* Command requires to use a valid controller index */
4760 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4761 MGMT_OP_SET_EXP_FEATURE,
4762 MGMT_STATUS_INVALID_INDEX);
4764 /* Parameters are limited to a single octet */
4765 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4766 return mgmt_cmd_status(sk, hdev->id,
4767 MGMT_OP_SET_EXP_FEATURE,
4768 MGMT_STATUS_INVALID_PARAMS);
4770 /* Only boolean on/off is supported */
4771 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4772 return mgmt_cmd_status(sk, hdev->id,
4773 MGMT_OP_SET_EXP_FEATURE,
4774 MGMT_STATUS_INVALID_PARAMS);
4776 hci_req_sync_lock(hdev);
4778 val = !!cp->param[0];
4779 changed = (val != hci_dev_test_flag(hdev, HCI_QUALITY_REPORT));
4781 if (!aosp_has_quality_report(hdev) && !hdev->set_quality_report) {
4782 err = mgmt_cmd_status(sk, hdev->id,
4783 MGMT_OP_SET_EXP_FEATURE,
4784 MGMT_STATUS_NOT_SUPPORTED);
4785 goto unlock_quality_report;
4789 if (hdev->set_quality_report)
4790 err = hdev->set_quality_report(hdev, val);
4792 err = aosp_set_quality_report(hdev, val);
4795 err = mgmt_cmd_status(sk, hdev->id,
4796 MGMT_OP_SET_EXP_FEATURE,
4797 MGMT_STATUS_FAILED);
4798 goto unlock_quality_report;
4802 hci_dev_set_flag(hdev, HCI_QUALITY_REPORT);
4804 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
4807 bt_dev_dbg(hdev, "quality report enable %d changed %d", val, changed);
4809 memcpy(rp.uuid, quality_report_uuid, 16);
4810 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4811 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4813 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_EXP_FEATURE, 0,
4817 exp_feature_changed(hdev, quality_report_uuid, val, sk);
4819 unlock_quality_report:
4820 hci_req_sync_unlock(hdev);
4824 static int set_offload_codec_func(struct sock *sk, struct hci_dev *hdev,
4825 struct mgmt_cp_set_exp_feature *cp,
4830 struct mgmt_rp_set_exp_feature rp;
4832 /* Command requires to use a valid controller index */
4834 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4835 MGMT_OP_SET_EXP_FEATURE,
4836 MGMT_STATUS_INVALID_INDEX);
4838 /* Parameters are limited to a single octet */
4839 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4840 return mgmt_cmd_status(sk, hdev->id,
4841 MGMT_OP_SET_EXP_FEATURE,
4842 MGMT_STATUS_INVALID_PARAMS);
4844 /* Only boolean on/off is supported */
4845 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4846 return mgmt_cmd_status(sk, hdev->id,
4847 MGMT_OP_SET_EXP_FEATURE,
4848 MGMT_STATUS_INVALID_PARAMS);
4850 val = !!cp->param[0];
4851 changed = (val != hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED));
4853 if (!hdev->get_data_path_id) {
4854 return mgmt_cmd_status(sk, hdev->id,
4855 MGMT_OP_SET_EXP_FEATURE,
4856 MGMT_STATUS_NOT_SUPPORTED);
4861 hci_dev_set_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4863 hci_dev_clear_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4866 bt_dev_info(hdev, "offload codecs enable %d changed %d",
4869 memcpy(rp.uuid, offload_codecs_uuid, 16);
4870 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4871 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4872 err = mgmt_cmd_complete(sk, hdev->id,
4873 MGMT_OP_SET_EXP_FEATURE, 0,
4877 exp_feature_changed(hdev, offload_codecs_uuid, val, sk);
4882 static int set_le_simultaneous_roles_func(struct sock *sk, struct hci_dev *hdev,
4883 struct mgmt_cp_set_exp_feature *cp,
4888 struct mgmt_rp_set_exp_feature rp;
4890 /* Command requires to use a valid controller index */
4892 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4893 MGMT_OP_SET_EXP_FEATURE,
4894 MGMT_STATUS_INVALID_INDEX);
4896 /* Parameters are limited to a single octet */
4897 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4898 return mgmt_cmd_status(sk, hdev->id,
4899 MGMT_OP_SET_EXP_FEATURE,
4900 MGMT_STATUS_INVALID_PARAMS);
4902 /* Only boolean on/off is supported */
4903 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4904 return mgmt_cmd_status(sk, hdev->id,
4905 MGMT_OP_SET_EXP_FEATURE,
4906 MGMT_STATUS_INVALID_PARAMS);
4908 val = !!cp->param[0];
4909 changed = (val != hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES));
4911 if (!hci_dev_le_state_simultaneous(hdev)) {
4912 return mgmt_cmd_status(sk, hdev->id,
4913 MGMT_OP_SET_EXP_FEATURE,
4914 MGMT_STATUS_NOT_SUPPORTED);
4919 hci_dev_set_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES);
4921 hci_dev_clear_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES);
4924 bt_dev_info(hdev, "LE simultaneous roles enable %d changed %d",
4927 memcpy(rp.uuid, le_simultaneous_roles_uuid, 16);
4928 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4929 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4930 err = mgmt_cmd_complete(sk, hdev->id,
4931 MGMT_OP_SET_EXP_FEATURE, 0,
4935 exp_feature_changed(hdev, le_simultaneous_roles_uuid, val, sk);
4941 static int set_iso_socket_func(struct sock *sk, struct hci_dev *hdev,
4942 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4944 struct mgmt_rp_set_exp_feature rp;
4945 bool val, changed = false;
4948 /* Command requires to use the non-controller index */
4950 return mgmt_cmd_status(sk, hdev->id,
4951 MGMT_OP_SET_EXP_FEATURE,
4952 MGMT_STATUS_INVALID_INDEX);
4954 /* Parameters are limited to a single octet */
4955 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4956 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4957 MGMT_OP_SET_EXP_FEATURE,
4958 MGMT_STATUS_INVALID_PARAMS);
4960 /* Only boolean on/off is supported */
4961 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4962 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4963 MGMT_OP_SET_EXP_FEATURE,
4964 MGMT_STATUS_INVALID_PARAMS);
4966 val = cp->param[0] ? true : false;
4975 memcpy(rp.uuid, iso_socket_uuid, 16);
4976 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4978 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4980 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4981 MGMT_OP_SET_EXP_FEATURE, 0,
4985 exp_feature_changed(hdev, iso_socket_uuid, val, sk);
4991 static const struct mgmt_exp_feature {
4993 int (*set_func)(struct sock *sk, struct hci_dev *hdev,
4994 struct mgmt_cp_set_exp_feature *cp, u16 data_len);
4995 } exp_features[] = {
4996 EXP_FEAT(ZERO_KEY, set_zero_key_func),
4997 #ifdef CONFIG_BT_FEATURE_DEBUG
4998 EXP_FEAT(debug_uuid, set_debug_func),
5000 EXP_FEAT(mgmt_mesh_uuid, set_mgmt_mesh_func),
5001 EXP_FEAT(rpa_resolution_uuid, set_rpa_resolution_func),
5002 EXP_FEAT(quality_report_uuid, set_quality_report_func),
5003 EXP_FEAT(offload_codecs_uuid, set_offload_codec_func),
5004 EXP_FEAT(le_simultaneous_roles_uuid, set_le_simultaneous_roles_func),
5006 EXP_FEAT(iso_socket_uuid, set_iso_socket_func),
5009 /* end with a null feature */
5010 EXP_FEAT(NULL, NULL)
5013 static int set_exp_feature(struct sock *sk, struct hci_dev *hdev,
5014 void *data, u16 data_len)
5016 struct mgmt_cp_set_exp_feature *cp = data;
5019 bt_dev_dbg(hdev, "sock %p", sk);
5021 for (i = 0; exp_features[i].uuid; i++) {
5022 if (!memcmp(cp->uuid, exp_features[i].uuid, 16))
5023 return exp_features[i].set_func(sk, hdev, cp, data_len);
5026 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
5027 MGMT_OP_SET_EXP_FEATURE,
5028 MGMT_STATUS_NOT_SUPPORTED);
5031 static u32 get_params_flags(struct hci_dev *hdev,
5032 struct hci_conn_params *params)
5034 u32 flags = hdev->conn_flags;
5036 /* Devices using RPAs can only be programmed in the acceptlist if
5037 * LL Privacy has been enable otherwise they cannot mark
5038 * HCI_CONN_FLAG_REMOTE_WAKEUP.
5040 if ((flags & HCI_CONN_FLAG_REMOTE_WAKEUP) && !use_ll_privacy(hdev) &&
5041 hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type))
5042 flags &= ~HCI_CONN_FLAG_REMOTE_WAKEUP;
5047 static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
5050 struct mgmt_cp_get_device_flags *cp = data;
5051 struct mgmt_rp_get_device_flags rp;
5052 struct bdaddr_list_with_flags *br_params;
5053 struct hci_conn_params *params;
5054 u32 supported_flags;
5055 u32 current_flags = 0;
5056 u8 status = MGMT_STATUS_INVALID_PARAMS;
5058 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n",
5059 &cp->addr.bdaddr, cp->addr.type);
5063 supported_flags = hdev->conn_flags;
5065 memset(&rp, 0, sizeof(rp));
5067 if (cp->addr.type == BDADDR_BREDR) {
5068 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
5074 current_flags = br_params->flags;
5076 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5077 le_addr_type(cp->addr.type));
5081 supported_flags = get_params_flags(hdev, params);
5082 current_flags = params->flags;
5085 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5086 rp.addr.type = cp->addr.type;
5087 rp.supported_flags = cpu_to_le32(supported_flags);
5088 rp.current_flags = cpu_to_le32(current_flags);
5090 status = MGMT_STATUS_SUCCESS;
5093 hci_dev_unlock(hdev);
5095 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status,
5099 static void device_flags_changed(struct sock *sk, struct hci_dev *hdev,
5100 bdaddr_t *bdaddr, u8 bdaddr_type,
5101 u32 supported_flags, u32 current_flags)
5103 struct mgmt_ev_device_flags_changed ev;
5105 bacpy(&ev.addr.bdaddr, bdaddr);
5106 ev.addr.type = bdaddr_type;
5107 ev.supported_flags = cpu_to_le32(supported_flags);
5108 ev.current_flags = cpu_to_le32(current_flags);
5110 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk);
5113 static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
5116 struct mgmt_cp_set_device_flags *cp = data;
5117 struct bdaddr_list_with_flags *br_params;
5118 struct hci_conn_params *params;
5119 u8 status = MGMT_STATUS_INVALID_PARAMS;
5120 u32 supported_flags;
5121 u32 current_flags = __le32_to_cpu(cp->current_flags);
5123 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x",
5124 &cp->addr.bdaddr, cp->addr.type, current_flags);
5126 // We should take hci_dev_lock() early, I think.. conn_flags can change
5127 supported_flags = hdev->conn_flags;
5129 if ((supported_flags | current_flags) != supported_flags) {
5130 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
5131 current_flags, supported_flags);
5137 if (cp->addr.type == BDADDR_BREDR) {
5138 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
5143 br_params->flags = current_flags;
5144 status = MGMT_STATUS_SUCCESS;
5146 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)",
5147 &cp->addr.bdaddr, cp->addr.type);
5153 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5154 le_addr_type(cp->addr.type));
5156 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)",
5157 &cp->addr.bdaddr, le_addr_type(cp->addr.type));
5161 supported_flags = get_params_flags(hdev, params);
5163 if ((supported_flags | current_flags) != supported_flags) {
5164 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
5165 current_flags, supported_flags);
5169 WRITE_ONCE(params->flags, current_flags);
5170 status = MGMT_STATUS_SUCCESS;
5172 /* Update passive scan if HCI_CONN_FLAG_DEVICE_PRIVACY
5175 if (params->flags & HCI_CONN_FLAG_DEVICE_PRIVACY)
5176 hci_update_passive_scan(hdev);
5179 hci_dev_unlock(hdev);
5182 if (status == MGMT_STATUS_SUCCESS)
5183 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
5184 supported_flags, current_flags);
5186 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status,
5187 &cp->addr, sizeof(cp->addr));
5190 static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev,
5193 struct mgmt_ev_adv_monitor_added ev;
5195 ev.monitor_handle = cpu_to_le16(handle);
5197 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk);
5200 void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle)
5202 struct mgmt_ev_adv_monitor_removed ev;
5203 struct mgmt_pending_cmd *cmd;
5204 struct sock *sk_skip = NULL;
5205 struct mgmt_cp_remove_adv_monitor *cp;
5207 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
5211 if (cp->monitor_handle)
5215 ev.monitor_handle = cpu_to_le16(handle);
5217 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip);
5220 static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
5221 void *data, u16 len)
5223 struct adv_monitor *monitor = NULL;
5224 struct mgmt_rp_read_adv_monitor_features *rp = NULL;
5227 __u32 supported = 0;
5229 __u16 num_handles = 0;
5230 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES];
5232 BT_DBG("request for %s", hdev->name);
5236 if (msft_monitor_supported(hdev))
5237 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS;
5239 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle)
5240 handles[num_handles++] = monitor->handle;
5242 hci_dev_unlock(hdev);
5244 rp_size = sizeof(*rp) + (num_handles * sizeof(u16));
5245 rp = kmalloc(rp_size, GFP_KERNEL);
5249 /* All supported features are currently enabled */
5250 enabled = supported;
5252 rp->supported_features = cpu_to_le32(supported);
5253 rp->enabled_features = cpu_to_le32(enabled);
5254 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES);
5255 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS;
5256 rp->num_handles = cpu_to_le16(num_handles);
5258 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
5260 err = mgmt_cmd_complete(sk, hdev->id,
5261 MGMT_OP_READ_ADV_MONITOR_FEATURES,
5262 MGMT_STATUS_SUCCESS, rp, rp_size);
5269 static void mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev,
5270 void *data, int status)
5272 struct mgmt_rp_add_adv_patterns_monitor rp;
5273 struct mgmt_pending_cmd *cmd = data;
5274 struct adv_monitor *monitor = cmd->user_data;
5278 rp.monitor_handle = cpu_to_le16(monitor->handle);
5281 mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle);
5282 hdev->adv_monitors_cnt++;
5283 if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED)
5284 monitor->state = ADV_MONITOR_STATE_REGISTERED;
5285 hci_update_passive_scan(hdev);
5288 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5289 mgmt_status(status), &rp, sizeof(rp));
5290 mgmt_pending_remove(cmd);
5292 hci_dev_unlock(hdev);
5293 bt_dev_dbg(hdev, "add monitor %d complete, status %d",
5294 rp.monitor_handle, status);
5297 static int mgmt_add_adv_patterns_monitor_sync(struct hci_dev *hdev, void *data)
5299 struct mgmt_pending_cmd *cmd = data;
5300 struct adv_monitor *monitor = cmd->user_data;
5302 return hci_add_adv_monitor(hdev, monitor);
5305 static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
5306 struct adv_monitor *m, u8 status,
5307 void *data, u16 len, u16 op)
5309 struct mgmt_pending_cmd *cmd;
5317 if (pending_find(MGMT_OP_SET_LE, hdev) ||
5318 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
5319 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) ||
5320 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) {
5321 status = MGMT_STATUS_BUSY;
5325 cmd = mgmt_pending_add(sk, op, hdev, data, len);
5327 status = MGMT_STATUS_NO_RESOURCES;
5332 err = hci_cmd_sync_queue(hdev, mgmt_add_adv_patterns_monitor_sync, cmd,
5333 mgmt_add_adv_patterns_monitor_complete);
5336 status = MGMT_STATUS_NO_RESOURCES;
5338 status = MGMT_STATUS_FAILED;
5343 hci_dev_unlock(hdev);
5348 hci_free_adv_monitor(hdev, m);
5349 hci_dev_unlock(hdev);
5350 return mgmt_cmd_status(sk, hdev->id, op, status);
5353 static void parse_adv_monitor_rssi(struct adv_monitor *m,
5354 struct mgmt_adv_rssi_thresholds *rssi)
5357 m->rssi.low_threshold = rssi->low_threshold;
5358 m->rssi.low_threshold_timeout =
5359 __le16_to_cpu(rssi->low_threshold_timeout);
5360 m->rssi.high_threshold = rssi->high_threshold;
5361 m->rssi.high_threshold_timeout =
5362 __le16_to_cpu(rssi->high_threshold_timeout);
5363 m->rssi.sampling_period = rssi->sampling_period;
5365 /* Default values. These numbers are the least constricting
5366 * parameters for MSFT API to work, so it behaves as if there
5367 * are no rssi parameter to consider. May need to be changed
5368 * if other API are to be supported.
5370 m->rssi.low_threshold = -127;
5371 m->rssi.low_threshold_timeout = 60;
5372 m->rssi.high_threshold = -127;
5373 m->rssi.high_threshold_timeout = 0;
5374 m->rssi.sampling_period = 0;
5378 static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count,
5379 struct mgmt_adv_pattern *patterns)
5381 u8 offset = 0, length = 0;
5382 struct adv_pattern *p = NULL;
5385 for (i = 0; i < pattern_count; i++) {
5386 offset = patterns[i].offset;
5387 length = patterns[i].length;
5388 if (offset >= HCI_MAX_EXT_AD_LENGTH ||
5389 length > HCI_MAX_EXT_AD_LENGTH ||
5390 (offset + length) > HCI_MAX_EXT_AD_LENGTH)
5391 return MGMT_STATUS_INVALID_PARAMS;
5393 p = kmalloc(sizeof(*p), GFP_KERNEL);
5395 return MGMT_STATUS_NO_RESOURCES;
5397 p->ad_type = patterns[i].ad_type;
5398 p->offset = patterns[i].offset;
5399 p->length = patterns[i].length;
5400 memcpy(p->value, patterns[i].value, p->length);
5402 INIT_LIST_HEAD(&p->list);
5403 list_add(&p->list, &m->patterns);
5406 return MGMT_STATUS_SUCCESS;
5409 static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
5410 void *data, u16 len)
5412 struct mgmt_cp_add_adv_patterns_monitor *cp = data;
5413 struct adv_monitor *m = NULL;
5414 u8 status = MGMT_STATUS_SUCCESS;
5415 size_t expected_size = sizeof(*cp);
5417 BT_DBG("request for %s", hdev->name);
5419 if (len <= sizeof(*cp)) {
5420 status = MGMT_STATUS_INVALID_PARAMS;
5424 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
5425 if (len != expected_size) {
5426 status = MGMT_STATUS_INVALID_PARAMS;
5430 m = kzalloc(sizeof(*m), GFP_KERNEL);
5432 status = MGMT_STATUS_NO_RESOURCES;
5436 INIT_LIST_HEAD(&m->patterns);
5438 parse_adv_monitor_rssi(m, NULL);
5439 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
5442 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
5443 MGMT_OP_ADD_ADV_PATTERNS_MONITOR);
5446 static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev,
5447 void *data, u16 len)
5449 struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data;
5450 struct adv_monitor *m = NULL;
5451 u8 status = MGMT_STATUS_SUCCESS;
5452 size_t expected_size = sizeof(*cp);
5454 BT_DBG("request for %s", hdev->name);
5456 if (len <= sizeof(*cp)) {
5457 status = MGMT_STATUS_INVALID_PARAMS;
5461 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
5462 if (len != expected_size) {
5463 status = MGMT_STATUS_INVALID_PARAMS;
5467 m = kzalloc(sizeof(*m), GFP_KERNEL);
5469 status = MGMT_STATUS_NO_RESOURCES;
5473 INIT_LIST_HEAD(&m->patterns);
5475 parse_adv_monitor_rssi(m, &cp->rssi);
5476 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
5479 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
5480 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI);
5483 static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev,
5484 void *data, int status)
5486 struct mgmt_rp_remove_adv_monitor rp;
5487 struct mgmt_pending_cmd *cmd = data;
5488 struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
5492 rp.monitor_handle = cp->monitor_handle;
5495 hci_update_passive_scan(hdev);
5497 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5498 mgmt_status(status), &rp, sizeof(rp));
5499 mgmt_pending_remove(cmd);
5501 hci_dev_unlock(hdev);
5502 bt_dev_dbg(hdev, "remove monitor %d complete, status %d",
5503 rp.monitor_handle, status);
5506 static int mgmt_remove_adv_monitor_sync(struct hci_dev *hdev, void *data)
5508 struct mgmt_pending_cmd *cmd = data;
5509 struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
5510 u16 handle = __le16_to_cpu(cp->monitor_handle);
5513 return hci_remove_all_adv_monitor(hdev);
5515 return hci_remove_single_adv_monitor(hdev, handle);
5518 static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev,
5519 void *data, u16 len)
5521 struct mgmt_pending_cmd *cmd;
5526 if (pending_find(MGMT_OP_SET_LE, hdev) ||
5527 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) ||
5528 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
5529 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) {
5530 status = MGMT_STATUS_BUSY;
5534 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len);
5536 status = MGMT_STATUS_NO_RESOURCES;
5540 err = hci_cmd_sync_queue(hdev, mgmt_remove_adv_monitor_sync, cmd,
5541 mgmt_remove_adv_monitor_complete);
5544 mgmt_pending_remove(cmd);
5547 status = MGMT_STATUS_NO_RESOURCES;
5549 status = MGMT_STATUS_FAILED;
5554 hci_dev_unlock(hdev);
5559 hci_dev_unlock(hdev);
5560 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
5564 static void read_local_oob_data_complete(struct hci_dev *hdev, void *data, int err)
5566 struct mgmt_rp_read_local_oob_data mgmt_rp;
5567 size_t rp_size = sizeof(mgmt_rp);
5568 struct mgmt_pending_cmd *cmd = data;
5569 struct sk_buff *skb = cmd->skb;
5570 u8 status = mgmt_status(err);
5574 status = MGMT_STATUS_FAILED;
5575 else if (IS_ERR(skb))
5576 status = mgmt_status(PTR_ERR(skb));
5578 status = mgmt_status(skb->data[0]);
5581 bt_dev_dbg(hdev, "status %d", status);
5584 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, status);
5588 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
5590 if (!bredr_sc_enabled(hdev)) {
5591 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
5593 if (skb->len < sizeof(*rp)) {
5594 mgmt_cmd_status(cmd->sk, hdev->id,
5595 MGMT_OP_READ_LOCAL_OOB_DATA,
5596 MGMT_STATUS_FAILED);
5600 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
5601 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
5603 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
5605 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
5607 if (skb->len < sizeof(*rp)) {
5608 mgmt_cmd_status(cmd->sk, hdev->id,
5609 MGMT_OP_READ_LOCAL_OOB_DATA,
5610 MGMT_STATUS_FAILED);
5614 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
5615 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
5617 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
5618 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
5621 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5622 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
5625 if (skb && !IS_ERR(skb))
5628 mgmt_pending_free(cmd);
5631 static int read_local_oob_data_sync(struct hci_dev *hdev, void *data)
5633 struct mgmt_pending_cmd *cmd = data;
5635 if (bredr_sc_enabled(hdev))
5636 cmd->skb = hci_read_local_oob_data_sync(hdev, true, cmd->sk);
5638 cmd->skb = hci_read_local_oob_data_sync(hdev, false, cmd->sk);
5640 if (IS_ERR(cmd->skb))
5641 return PTR_ERR(cmd->skb);
5646 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
5647 void *data, u16 data_len)
5649 struct mgmt_pending_cmd *cmd;
5652 bt_dev_dbg(hdev, "sock %p", sk);
5656 if (!hdev_is_powered(hdev)) {
5657 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5658 MGMT_STATUS_NOT_POWERED);
5662 if (!lmp_ssp_capable(hdev)) {
5663 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5664 MGMT_STATUS_NOT_SUPPORTED);
5668 cmd = mgmt_pending_new(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
5672 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
5673 read_local_oob_data_complete);
5676 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5677 MGMT_STATUS_FAILED);
5680 mgmt_pending_free(cmd);
5684 hci_dev_unlock(hdev);
5688 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
5689 void *data, u16 len)
5691 struct mgmt_addr_info *addr = data;
5694 bt_dev_dbg(hdev, "sock %p", sk);
5696 if (!bdaddr_type_is_valid(addr->type))
5697 return mgmt_cmd_complete(sk, hdev->id,
5698 MGMT_OP_ADD_REMOTE_OOB_DATA,
5699 MGMT_STATUS_INVALID_PARAMS,
5700 addr, sizeof(*addr));
5704 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
5705 struct mgmt_cp_add_remote_oob_data *cp = data;
5708 if (cp->addr.type != BDADDR_BREDR) {
5709 err = mgmt_cmd_complete(sk, hdev->id,
5710 MGMT_OP_ADD_REMOTE_OOB_DATA,
5711 MGMT_STATUS_INVALID_PARAMS,
5712 &cp->addr, sizeof(cp->addr));
5716 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
5717 cp->addr.type, cp->hash,
5718 cp->rand, NULL, NULL);
5720 status = MGMT_STATUS_FAILED;
5722 status = MGMT_STATUS_SUCCESS;
5724 err = mgmt_cmd_complete(sk, hdev->id,
5725 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
5726 &cp->addr, sizeof(cp->addr));
5727 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
5728 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
5729 u8 *rand192, *hash192, *rand256, *hash256;
5732 if (bdaddr_type_is_le(cp->addr.type)) {
5733 /* Enforce zero-valued 192-bit parameters as
5734 * long as legacy SMP OOB isn't implemented.
5736 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
5737 memcmp(cp->hash192, ZERO_KEY, 16)) {
5738 err = mgmt_cmd_complete(sk, hdev->id,
5739 MGMT_OP_ADD_REMOTE_OOB_DATA,
5740 MGMT_STATUS_INVALID_PARAMS,
5741 addr, sizeof(*addr));
5748 /* In case one of the P-192 values is set to zero,
5749 * then just disable OOB data for P-192.
5751 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
5752 !memcmp(cp->hash192, ZERO_KEY, 16)) {
5756 rand192 = cp->rand192;
5757 hash192 = cp->hash192;
5761 /* In case one of the P-256 values is set to zero, then just
5762 * disable OOB data for P-256.
5764 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
5765 !memcmp(cp->hash256, ZERO_KEY, 16)) {
5769 rand256 = cp->rand256;
5770 hash256 = cp->hash256;
5773 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
5774 cp->addr.type, hash192, rand192,
5777 status = MGMT_STATUS_FAILED;
5779 status = MGMT_STATUS_SUCCESS;
5781 err = mgmt_cmd_complete(sk, hdev->id,
5782 MGMT_OP_ADD_REMOTE_OOB_DATA,
5783 status, &cp->addr, sizeof(cp->addr));
5785 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
5787 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
5788 MGMT_STATUS_INVALID_PARAMS);
5792 hci_dev_unlock(hdev);
5796 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
5797 void *data, u16 len)
5799 struct mgmt_cp_remove_remote_oob_data *cp = data;
5803 bt_dev_dbg(hdev, "sock %p", sk);
5805 if (cp->addr.type != BDADDR_BREDR)
5806 return mgmt_cmd_complete(sk, hdev->id,
5807 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5808 MGMT_STATUS_INVALID_PARAMS,
5809 &cp->addr, sizeof(cp->addr));
5813 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5814 hci_remote_oob_data_clear(hdev);
5815 status = MGMT_STATUS_SUCCESS;
5819 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
5821 status = MGMT_STATUS_INVALID_PARAMS;
5823 status = MGMT_STATUS_SUCCESS;
5826 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5827 status, &cp->addr, sizeof(cp->addr));
5829 hci_dev_unlock(hdev);
5833 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
5835 struct mgmt_pending_cmd *cmd;
5837 bt_dev_dbg(hdev, "status %u", status);
5841 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
5843 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
5846 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
5849 cmd->cmd_complete(cmd, mgmt_status(status));
5850 mgmt_pending_remove(cmd);
5853 hci_dev_unlock(hdev);
5856 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
5857 uint8_t *mgmt_status)
5860 case DISCOV_TYPE_LE:
5861 *mgmt_status = mgmt_le_support(hdev);
5865 case DISCOV_TYPE_INTERLEAVED:
5866 *mgmt_status = mgmt_le_support(hdev);
5870 case DISCOV_TYPE_BREDR:
5871 *mgmt_status = mgmt_bredr_support(hdev);
5876 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
5883 static void start_discovery_complete(struct hci_dev *hdev, void *data, int err)
5885 struct mgmt_pending_cmd *cmd = data;
5887 if (cmd != pending_find(MGMT_OP_START_DISCOVERY, hdev) &&
5888 cmd != pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev) &&
5889 cmd != pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev))
5892 bt_dev_dbg(hdev, "err %d", err);
5894 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
5896 mgmt_pending_remove(cmd);
5898 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED:
5902 static int start_discovery_sync(struct hci_dev *hdev, void *data)
5904 return hci_start_discovery_sync(hdev);
5907 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
5908 u16 op, void *data, u16 len)
5910 struct mgmt_cp_start_discovery *cp = data;
5911 struct mgmt_pending_cmd *cmd;
5915 bt_dev_dbg(hdev, "sock %p", sk);
5919 if (!hdev_is_powered(hdev)) {
5920 err = mgmt_cmd_complete(sk, hdev->id, op,
5921 MGMT_STATUS_NOT_POWERED,
5922 &cp->type, sizeof(cp->type));
5926 if (hdev->discovery.state != DISCOVERY_STOPPED ||
5927 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
5928 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5929 &cp->type, sizeof(cp->type));
5933 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
5934 err = mgmt_cmd_complete(sk, hdev->id, op, status,
5935 &cp->type, sizeof(cp->type));
5939 /* Can't start discovery when it is paused */
5940 if (hdev->discovery_paused) {
5941 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5942 &cp->type, sizeof(cp->type));
5946 /* Clear the discovery filter first to free any previously
5947 * allocated memory for the UUID list.
5949 hci_discovery_filter_clear(hdev);
5951 hdev->discovery.type = cp->type;
5952 hdev->discovery.report_invalid_rssi = false;
5953 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
5954 hdev->discovery.limited = true;
5956 hdev->discovery.limited = false;
5958 cmd = mgmt_pending_add(sk, op, hdev, data, len);
5964 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
5965 start_discovery_complete);
5967 mgmt_pending_remove(cmd);
5971 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
5974 hci_dev_unlock(hdev);
5978 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
5979 void *data, u16 len)
5981 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
5985 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
5986 void *data, u16 len)
5988 return start_discovery_internal(sk, hdev,
5989 MGMT_OP_START_LIMITED_DISCOVERY,
5993 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
5994 void *data, u16 len)
5996 struct mgmt_cp_start_service_discovery *cp = data;
5997 struct mgmt_pending_cmd *cmd;
5998 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
5999 u16 uuid_count, expected_len;
6003 bt_dev_dbg(hdev, "sock %p", sk);
6007 if (!hdev_is_powered(hdev)) {
6008 err = mgmt_cmd_complete(sk, hdev->id,
6009 MGMT_OP_START_SERVICE_DISCOVERY,
6010 MGMT_STATUS_NOT_POWERED,
6011 &cp->type, sizeof(cp->type));
6015 if (hdev->discovery.state != DISCOVERY_STOPPED ||
6016 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
6017 err = mgmt_cmd_complete(sk, hdev->id,
6018 MGMT_OP_START_SERVICE_DISCOVERY,
6019 MGMT_STATUS_BUSY, &cp->type,
6024 if (hdev->discovery_paused) {
6025 err = mgmt_cmd_complete(sk, hdev->id,
6026 MGMT_OP_START_SERVICE_DISCOVERY,
6027 MGMT_STATUS_BUSY, &cp->type,
6032 uuid_count = __le16_to_cpu(cp->uuid_count);
6033 if (uuid_count > max_uuid_count) {
6034 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
6036 err = mgmt_cmd_complete(sk, hdev->id,
6037 MGMT_OP_START_SERVICE_DISCOVERY,
6038 MGMT_STATUS_INVALID_PARAMS, &cp->type,
6043 expected_len = sizeof(*cp) + uuid_count * 16;
6044 if (expected_len != len) {
6045 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
6047 err = mgmt_cmd_complete(sk, hdev->id,
6048 MGMT_OP_START_SERVICE_DISCOVERY,
6049 MGMT_STATUS_INVALID_PARAMS, &cp->type,
6054 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
6055 err = mgmt_cmd_complete(sk, hdev->id,
6056 MGMT_OP_START_SERVICE_DISCOVERY,
6057 status, &cp->type, sizeof(cp->type));
6061 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
6068 /* Clear the discovery filter first to free any previously
6069 * allocated memory for the UUID list.
6071 hci_discovery_filter_clear(hdev);
6073 hdev->discovery.result_filtering = true;
6074 hdev->discovery.type = cp->type;
6075 hdev->discovery.rssi = cp->rssi;
6076 hdev->discovery.uuid_count = uuid_count;
6078 if (uuid_count > 0) {
6079 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
6081 if (!hdev->discovery.uuids) {
6082 err = mgmt_cmd_complete(sk, hdev->id,
6083 MGMT_OP_START_SERVICE_DISCOVERY,
6085 &cp->type, sizeof(cp->type));
6086 mgmt_pending_remove(cmd);
6091 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
6092 start_discovery_complete);
6094 mgmt_pending_remove(cmd);
6098 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
6101 hci_dev_unlock(hdev);
6105 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
6107 struct mgmt_pending_cmd *cmd;
6109 bt_dev_dbg(hdev, "status %u", status);
6113 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
6115 cmd->cmd_complete(cmd, mgmt_status(status));
6116 mgmt_pending_remove(cmd);
6119 hci_dev_unlock(hdev);
6122 static void stop_discovery_complete(struct hci_dev *hdev, void *data, int err)
6124 struct mgmt_pending_cmd *cmd = data;
6126 if (cmd != pending_find(MGMT_OP_STOP_DISCOVERY, hdev))
6129 bt_dev_dbg(hdev, "err %d", err);
6131 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
6133 mgmt_pending_remove(cmd);
6136 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
6139 static int stop_discovery_sync(struct hci_dev *hdev, void *data)
6141 return hci_stop_discovery_sync(hdev);
6144 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
6147 struct mgmt_cp_stop_discovery *mgmt_cp = data;
6148 struct mgmt_pending_cmd *cmd;
6151 bt_dev_dbg(hdev, "sock %p", sk);
6155 if (!hci_discovery_active(hdev)) {
6156 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
6157 MGMT_STATUS_REJECTED, &mgmt_cp->type,
6158 sizeof(mgmt_cp->type));
6162 if (hdev->discovery.type != mgmt_cp->type) {
6163 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
6164 MGMT_STATUS_INVALID_PARAMS,
6165 &mgmt_cp->type, sizeof(mgmt_cp->type));
6169 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
6175 err = hci_cmd_sync_queue(hdev, stop_discovery_sync, cmd,
6176 stop_discovery_complete);
6178 mgmt_pending_remove(cmd);
6182 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
6185 hci_dev_unlock(hdev);
6189 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
6192 struct mgmt_cp_confirm_name *cp = data;
6193 struct inquiry_entry *e;
6196 bt_dev_dbg(hdev, "sock %p", sk);
6200 if (!hci_discovery_active(hdev)) {
6201 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
6202 MGMT_STATUS_FAILED, &cp->addr,
6207 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
6209 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
6210 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
6215 if (cp->name_known) {
6216 e->name_state = NAME_KNOWN;
6219 e->name_state = NAME_NEEDED;
6220 hci_inquiry_cache_update_resolve(hdev, e);
6223 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
6224 &cp->addr, sizeof(cp->addr));
6227 hci_dev_unlock(hdev);
6231 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
6234 struct mgmt_cp_block_device *cp = data;
6238 bt_dev_dbg(hdev, "sock %p", sk);
6240 if (!bdaddr_type_is_valid(cp->addr.type))
6241 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
6242 MGMT_STATUS_INVALID_PARAMS,
6243 &cp->addr, sizeof(cp->addr));
6247 err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr,
6250 status = MGMT_STATUS_FAILED;
6254 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
6256 status = MGMT_STATUS_SUCCESS;
6259 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
6260 &cp->addr, sizeof(cp->addr));
6262 hci_dev_unlock(hdev);
6267 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
6270 struct mgmt_cp_unblock_device *cp = data;
6274 bt_dev_dbg(hdev, "sock %p", sk);
6276 if (!bdaddr_type_is_valid(cp->addr.type))
6277 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
6278 MGMT_STATUS_INVALID_PARAMS,
6279 &cp->addr, sizeof(cp->addr));
6283 err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr,
6286 status = MGMT_STATUS_INVALID_PARAMS;
6290 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
6292 status = MGMT_STATUS_SUCCESS;
6295 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
6296 &cp->addr, sizeof(cp->addr));
6298 hci_dev_unlock(hdev);
6303 static int set_device_id_sync(struct hci_dev *hdev, void *data)
6305 return hci_update_eir_sync(hdev);
6308 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
6311 struct mgmt_cp_set_device_id *cp = data;
6315 bt_dev_dbg(hdev, "sock %p", sk);
6317 source = __le16_to_cpu(cp->source);
6319 if (source > 0x0002)
6320 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
6321 MGMT_STATUS_INVALID_PARAMS);
6325 hdev->devid_source = source;
6326 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
6327 hdev->devid_product = __le16_to_cpu(cp->product);
6328 hdev->devid_version = __le16_to_cpu(cp->version);
6330 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
6333 hci_cmd_sync_queue(hdev, set_device_id_sync, NULL, NULL);
6335 hci_dev_unlock(hdev);
6340 static void enable_advertising_instance(struct hci_dev *hdev, int err)
6343 bt_dev_err(hdev, "failed to re-configure advertising %d", err);
6345 bt_dev_dbg(hdev, "status %d", err);
6348 static void set_advertising_complete(struct hci_dev *hdev, void *data, int err)
6350 struct cmd_lookup match = { NULL, hdev };
6352 struct adv_info *adv_instance;
6353 u8 status = mgmt_status(err);
6356 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
6357 cmd_status_rsp, &status);
6361 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
6362 hci_dev_set_flag(hdev, HCI_ADVERTISING);
6364 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
6366 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
6369 new_settings(hdev, match.sk);
6374 /* If "Set Advertising" was just disabled and instance advertising was
6375 * set up earlier, then re-enable multi-instance advertising.
6377 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6378 list_empty(&hdev->adv_instances))
6381 instance = hdev->cur_adv_instance;
6383 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
6384 struct adv_info, list);
6388 instance = adv_instance->instance;
6391 err = hci_schedule_adv_instance_sync(hdev, instance, true);
6393 enable_advertising_instance(hdev, err);
6396 static int set_adv_sync(struct hci_dev *hdev, void *data)
6398 struct mgmt_pending_cmd *cmd = data;
6399 struct mgmt_mode *cp = cmd->param;
6402 if (cp->val == 0x02)
6403 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6405 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6407 cancel_adv_timeout(hdev);
6410 /* Switch to instance "0" for the Set Advertising setting.
6411 * We cannot use update_[adv|scan_rsp]_data() here as the
6412 * HCI_ADVERTISING flag is not yet set.
6414 hdev->cur_adv_instance = 0x00;
6416 if (ext_adv_capable(hdev)) {
6417 hci_start_ext_adv_sync(hdev, 0x00);
6419 hci_update_adv_data_sync(hdev, 0x00);
6420 hci_update_scan_rsp_data_sync(hdev, 0x00);
6421 hci_enable_advertising_sync(hdev);
6424 hci_disable_advertising_sync(hdev);
6430 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
6433 struct mgmt_mode *cp = data;
6434 struct mgmt_pending_cmd *cmd;
6438 bt_dev_dbg(hdev, "sock %p", sk);
6440 status = mgmt_le_support(hdev);
6442 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6445 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6446 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6447 MGMT_STATUS_INVALID_PARAMS);
6449 if (hdev->advertising_paused)
6450 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6457 /* The following conditions are ones which mean that we should
6458 * not do any HCI communication but directly send a mgmt
6459 * response to user space (after toggling the flag if
6462 if (!hdev_is_powered(hdev) ||
6463 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
6464 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
6465 hci_dev_test_flag(hdev, HCI_MESH) ||
6466 hci_conn_num(hdev, LE_LINK) > 0 ||
6467 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
6468 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
6472 hdev->cur_adv_instance = 0x00;
6473 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
6474 if (cp->val == 0x02)
6475 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6477 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6479 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
6480 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6483 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
6488 err = new_settings(hdev, sk);
6493 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
6494 pending_find(MGMT_OP_SET_LE, hdev)) {
6495 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6500 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
6504 err = hci_cmd_sync_queue(hdev, set_adv_sync, cmd,
6505 set_advertising_complete);
6508 mgmt_pending_remove(cmd);
6511 hci_dev_unlock(hdev);
6515 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
6516 void *data, u16 len)
6518 struct mgmt_cp_set_static_address *cp = data;
6521 bt_dev_dbg(hdev, "sock %p", sk);
6523 if (!lmp_le_capable(hdev))
6524 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
6525 MGMT_STATUS_NOT_SUPPORTED);
6527 if (hdev_is_powered(hdev))
6528 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
6529 MGMT_STATUS_REJECTED);
6531 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
6532 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
6533 return mgmt_cmd_status(sk, hdev->id,
6534 MGMT_OP_SET_STATIC_ADDRESS,
6535 MGMT_STATUS_INVALID_PARAMS);
6537 /* Two most significant bits shall be set */
6538 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
6539 return mgmt_cmd_status(sk, hdev->id,
6540 MGMT_OP_SET_STATIC_ADDRESS,
6541 MGMT_STATUS_INVALID_PARAMS);
6546 bacpy(&hdev->static_addr, &cp->bdaddr);
6548 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
6552 err = new_settings(hdev, sk);
6555 hci_dev_unlock(hdev);
6559 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
6560 void *data, u16 len)
6562 struct mgmt_cp_set_scan_params *cp = data;
6563 __u16 interval, window;
6566 bt_dev_dbg(hdev, "sock %p", sk);
6568 if (!lmp_le_capable(hdev))
6569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6570 MGMT_STATUS_NOT_SUPPORTED);
6572 interval = __le16_to_cpu(cp->interval);
6574 if (interval < 0x0004 || interval > 0x4000)
6575 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6576 MGMT_STATUS_INVALID_PARAMS);
6578 window = __le16_to_cpu(cp->window);
6580 if (window < 0x0004 || window > 0x4000)
6581 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6582 MGMT_STATUS_INVALID_PARAMS);
6584 if (window > interval)
6585 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6586 MGMT_STATUS_INVALID_PARAMS);
6590 hdev->le_scan_interval = interval;
6591 hdev->le_scan_window = window;
6593 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
6596 /* If background scan is running, restart it so new parameters are
6599 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
6600 hdev->discovery.state == DISCOVERY_STOPPED)
6601 hci_update_passive_scan(hdev);
6603 hci_dev_unlock(hdev);
6608 static void fast_connectable_complete(struct hci_dev *hdev, void *data, int err)
6610 struct mgmt_pending_cmd *cmd = data;
6612 bt_dev_dbg(hdev, "err %d", err);
6615 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
6618 struct mgmt_mode *cp = cmd->param;
6621 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
6623 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
6625 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6626 new_settings(hdev, cmd->sk);
6629 mgmt_pending_free(cmd);
6632 static int write_fast_connectable_sync(struct hci_dev *hdev, void *data)
6634 struct mgmt_pending_cmd *cmd = data;
6635 struct mgmt_mode *cp = cmd->param;
6637 return hci_write_fast_connectable_sync(hdev, cp->val);
6640 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
6641 void *data, u16 len)
6643 struct mgmt_mode *cp = data;
6644 struct mgmt_pending_cmd *cmd;
6647 bt_dev_dbg(hdev, "sock %p", sk);
6649 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
6650 hdev->hci_ver < BLUETOOTH_VER_1_2)
6651 return mgmt_cmd_status(sk, hdev->id,
6652 MGMT_OP_SET_FAST_CONNECTABLE,
6653 MGMT_STATUS_NOT_SUPPORTED);
6655 if (cp->val != 0x00 && cp->val != 0x01)
6656 return mgmt_cmd_status(sk, hdev->id,
6657 MGMT_OP_SET_FAST_CONNECTABLE,
6658 MGMT_STATUS_INVALID_PARAMS);
6662 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
6663 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6667 if (!hdev_is_powered(hdev)) {
6668 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
6669 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6670 new_settings(hdev, sk);
6674 cmd = mgmt_pending_new(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, data,
6679 err = hci_cmd_sync_queue(hdev, write_fast_connectable_sync, cmd,
6680 fast_connectable_complete);
6683 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
6684 MGMT_STATUS_FAILED);
6687 mgmt_pending_free(cmd);
6691 hci_dev_unlock(hdev);
6696 static void set_bredr_complete(struct hci_dev *hdev, void *data, int err)
6698 struct mgmt_pending_cmd *cmd = data;
6700 bt_dev_dbg(hdev, "err %d", err);
6703 u8 mgmt_err = mgmt_status(err);
6705 /* We need to restore the flag if related HCI commands
6708 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
6710 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
6712 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
6713 new_settings(hdev, cmd->sk);
6716 mgmt_pending_free(cmd);
6719 static int set_bredr_sync(struct hci_dev *hdev, void *data)
6723 status = hci_write_fast_connectable_sync(hdev, false);
6726 status = hci_update_scan_sync(hdev);
6728 /* Since only the advertising data flags will change, there
6729 * is no need to update the scan response data.
6732 status = hci_update_adv_data_sync(hdev, hdev->cur_adv_instance);
6737 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6739 struct mgmt_mode *cp = data;
6740 struct mgmt_pending_cmd *cmd;
6743 bt_dev_dbg(hdev, "sock %p", sk);
6745 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
6746 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6747 MGMT_STATUS_NOT_SUPPORTED);
6749 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
6750 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6751 MGMT_STATUS_REJECTED);
6753 if (cp->val != 0x00 && cp->val != 0x01)
6754 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6755 MGMT_STATUS_INVALID_PARAMS);
6759 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
6760 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6764 if (!hdev_is_powered(hdev)) {
6766 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
6767 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
6768 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
6769 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
6770 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
6773 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
6775 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6779 err = new_settings(hdev, sk);
6783 /* Reject disabling when powered on */
6785 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6786 MGMT_STATUS_REJECTED);
6789 /* When configuring a dual-mode controller to operate
6790 * with LE only and using a static address, then switching
6791 * BR/EDR back on is not allowed.
6793 * Dual-mode controllers shall operate with the public
6794 * address as its identity address for BR/EDR and LE. So
6795 * reject the attempt to create an invalid configuration.
6797 * The same restrictions applies when secure connections
6798 * has been enabled. For BR/EDR this is a controller feature
6799 * while for LE it is a host stack feature. This means that
6800 * switching BR/EDR back on when secure connections has been
6801 * enabled is not a supported transaction.
6803 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6804 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
6805 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
6806 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6807 MGMT_STATUS_REJECTED);
6812 cmd = mgmt_pending_new(sk, MGMT_OP_SET_BREDR, hdev, data, len);
6816 err = hci_cmd_sync_queue(hdev, set_bredr_sync, cmd,
6817 set_bredr_complete);
6820 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6821 MGMT_STATUS_FAILED);
6823 mgmt_pending_free(cmd);
6828 /* We need to flip the bit already here so that
6829 * hci_req_update_adv_data generates the correct flags.
6831 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
6834 hci_dev_unlock(hdev);
6838 static void set_secure_conn_complete(struct hci_dev *hdev, void *data, int err)
6840 struct mgmt_pending_cmd *cmd = data;
6841 struct mgmt_mode *cp;
6843 bt_dev_dbg(hdev, "err %d", err);
6846 u8 mgmt_err = mgmt_status(err);
6848 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
6856 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
6857 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6860 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6861 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6864 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6865 hci_dev_set_flag(hdev, HCI_SC_ONLY);
6869 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
6870 new_settings(hdev, cmd->sk);
6873 mgmt_pending_free(cmd);
6876 static int set_secure_conn_sync(struct hci_dev *hdev, void *data)
6878 struct mgmt_pending_cmd *cmd = data;
6879 struct mgmt_mode *cp = cmd->param;
6882 /* Force write of val */
6883 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6885 return hci_write_sc_support_sync(hdev, val);
6888 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
6889 void *data, u16 len)
6891 struct mgmt_mode *cp = data;
6892 struct mgmt_pending_cmd *cmd;
6896 bt_dev_dbg(hdev, "sock %p", sk);
6898 if (!lmp_sc_capable(hdev) &&
6899 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
6900 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6901 MGMT_STATUS_NOT_SUPPORTED);
6903 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6904 lmp_sc_capable(hdev) &&
6905 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
6906 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6907 MGMT_STATUS_REJECTED);
6909 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6910 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6911 MGMT_STATUS_INVALID_PARAMS);
6915 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
6916 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
6920 changed = !hci_dev_test_and_set_flag(hdev,
6922 if (cp->val == 0x02)
6923 hci_dev_set_flag(hdev, HCI_SC_ONLY);
6925 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6927 changed = hci_dev_test_and_clear_flag(hdev,
6929 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6932 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6937 err = new_settings(hdev, sk);
6944 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6945 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6946 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6950 cmd = mgmt_pending_new(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
6954 err = hci_cmd_sync_queue(hdev, set_secure_conn_sync, cmd,
6955 set_secure_conn_complete);
6958 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6959 MGMT_STATUS_FAILED);
6961 mgmt_pending_free(cmd);
6965 hci_dev_unlock(hdev);
6969 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
6970 void *data, u16 len)
6972 struct mgmt_mode *cp = data;
6973 bool changed, use_changed;
6976 bt_dev_dbg(hdev, "sock %p", sk);
6978 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6979 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
6980 MGMT_STATUS_INVALID_PARAMS);
6985 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
6987 changed = hci_dev_test_and_clear_flag(hdev,
6988 HCI_KEEP_DEBUG_KEYS);
6990 if (cp->val == 0x02)
6991 use_changed = !hci_dev_test_and_set_flag(hdev,
6992 HCI_USE_DEBUG_KEYS);
6994 use_changed = hci_dev_test_and_clear_flag(hdev,
6995 HCI_USE_DEBUG_KEYS);
6997 if (hdev_is_powered(hdev) && use_changed &&
6998 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6999 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
7000 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
7001 sizeof(mode), &mode);
7004 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
7009 err = new_settings(hdev, sk);
7012 hci_dev_unlock(hdev);
7016 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
7019 struct mgmt_cp_set_privacy *cp = cp_data;
7023 bt_dev_dbg(hdev, "sock %p", sk);
7025 if (!lmp_le_capable(hdev))
7026 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7027 MGMT_STATUS_NOT_SUPPORTED);
7029 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
7030 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7031 MGMT_STATUS_INVALID_PARAMS);
7033 if (hdev_is_powered(hdev))
7034 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7035 MGMT_STATUS_REJECTED);
7039 /* If user space supports this command it is also expected to
7040 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
7042 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
7045 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
7046 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
7047 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
7048 hci_adv_instances_set_rpa_expired(hdev, true);
7049 if (cp->privacy == 0x02)
7050 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
7052 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
7054 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
7055 memset(hdev->irk, 0, sizeof(hdev->irk));
7056 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
7057 hci_adv_instances_set_rpa_expired(hdev, false);
7058 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
7061 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
7066 err = new_settings(hdev, sk);
7069 hci_dev_unlock(hdev);
7073 static bool irk_is_valid(struct mgmt_irk_info *irk)
7075 switch (irk->addr.type) {
7076 case BDADDR_LE_PUBLIC:
7079 case BDADDR_LE_RANDOM:
7080 /* Two most significant bits shall be set */
7081 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
7089 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
7092 struct mgmt_cp_load_irks *cp = cp_data;
7093 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
7094 sizeof(struct mgmt_irk_info));
7095 u16 irk_count, expected_len;
7098 bt_dev_dbg(hdev, "sock %p", sk);
7100 if (!lmp_le_capable(hdev))
7101 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7102 MGMT_STATUS_NOT_SUPPORTED);
7104 irk_count = __le16_to_cpu(cp->irk_count);
7105 if (irk_count > max_irk_count) {
7106 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
7108 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7109 MGMT_STATUS_INVALID_PARAMS);
7112 expected_len = struct_size(cp, irks, irk_count);
7113 if (expected_len != len) {
7114 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
7116 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7117 MGMT_STATUS_INVALID_PARAMS);
7120 bt_dev_dbg(hdev, "irk_count %u", irk_count);
7122 for (i = 0; i < irk_count; i++) {
7123 struct mgmt_irk_info *key = &cp->irks[i];
7125 if (!irk_is_valid(key))
7126 return mgmt_cmd_status(sk, hdev->id,
7128 MGMT_STATUS_INVALID_PARAMS);
7133 hci_smp_irks_clear(hdev);
7135 for (i = 0; i < irk_count; i++) {
7136 struct mgmt_irk_info *irk = &cp->irks[i];
7137 u8 addr_type = le_addr_type(irk->addr.type);
7139 if (hci_is_blocked_key(hdev,
7140 HCI_BLOCKED_KEY_TYPE_IRK,
7142 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
7147 /* When using SMP over BR/EDR, the addr type should be set to BREDR */
7148 if (irk->addr.type == BDADDR_BREDR)
7149 addr_type = BDADDR_BREDR;
7151 hci_add_irk(hdev, &irk->addr.bdaddr,
7152 addr_type, irk->val,
7156 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
7158 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
7160 hci_dev_unlock(hdev);
7166 static int set_advertising_params(struct sock *sk, struct hci_dev *hdev,
7167 void *data, u16 len)
7169 struct mgmt_cp_set_advertising_params *cp = data;
7174 BT_DBG("%s", hdev->name);
7176 if (!lmp_le_capable(hdev))
7177 return mgmt_cmd_status(sk, hdev->id,
7178 MGMT_OP_SET_ADVERTISING_PARAMS,
7179 MGMT_STATUS_NOT_SUPPORTED);
7181 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7182 return mgmt_cmd_status(sk, hdev->id,
7183 MGMT_OP_SET_ADVERTISING_PARAMS,
7186 min_interval = __le16_to_cpu(cp->interval_min);
7187 max_interval = __le16_to_cpu(cp->interval_max);
7189 if (min_interval > max_interval ||
7190 min_interval < 0x0020 || max_interval > 0x4000)
7191 return mgmt_cmd_status(sk, hdev->id,
7192 MGMT_OP_SET_ADVERTISING_PARAMS,
7193 MGMT_STATUS_INVALID_PARAMS);
7197 hdev->le_adv_min_interval = min_interval;
7198 hdev->le_adv_max_interval = max_interval;
7199 hdev->adv_filter_policy = cp->filter_policy;
7200 hdev->adv_type = cp->type;
7202 err = mgmt_cmd_complete(sk, hdev->id,
7203 MGMT_OP_SET_ADVERTISING_PARAMS, 0, NULL, 0);
7205 hci_dev_unlock(hdev);
7210 static void set_advertising_data_complete(struct hci_dev *hdev,
7211 u8 status, u16 opcode)
7213 struct mgmt_cp_set_advertising_data *cp;
7214 struct mgmt_pending_cmd *cmd;
7216 BT_DBG("status 0x%02x", status);
7220 cmd = pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev);
7227 mgmt_cmd_status(cmd->sk, hdev->id,
7228 MGMT_OP_SET_ADVERTISING_DATA,
7229 mgmt_status(status));
7231 mgmt_cmd_complete(cmd->sk, hdev->id,
7232 MGMT_OP_SET_ADVERTISING_DATA, 0,
7235 mgmt_pending_remove(cmd);
7238 hci_dev_unlock(hdev);
7241 static int set_advertising_data(struct sock *sk, struct hci_dev *hdev,
7242 void *data, u16 len)
7244 struct mgmt_pending_cmd *cmd;
7245 struct hci_request req;
7246 struct mgmt_cp_set_advertising_data *cp = data;
7247 struct hci_cp_le_set_adv_data adv;
7250 BT_DBG("%s", hdev->name);
7252 if (!lmp_le_capable(hdev)) {
7253 return mgmt_cmd_status(sk, hdev->id,
7254 MGMT_OP_SET_ADVERTISING_DATA,
7255 MGMT_STATUS_NOT_SUPPORTED);
7260 if (pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev)) {
7261 err = mgmt_cmd_status(sk, hdev->id,
7262 MGMT_OP_SET_ADVERTISING_DATA,
7267 if (len > HCI_MAX_AD_LENGTH) {
7268 err = mgmt_cmd_status(sk, hdev->id,
7269 MGMT_OP_SET_ADVERTISING_DATA,
7270 MGMT_STATUS_INVALID_PARAMS);
7274 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING_DATA,
7281 hci_req_init(&req, hdev);
7283 memset(&adv, 0, sizeof(adv));
7284 memcpy(adv.data, cp->data, len);
7287 hci_req_add(&req, HCI_OP_LE_SET_ADV_DATA, sizeof(adv), &adv);
7289 err = hci_req_run(&req, set_advertising_data_complete);
7291 mgmt_pending_remove(cmd);
7294 hci_dev_unlock(hdev);
7299 /* Adv White List feature */
7300 static void add_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7302 struct mgmt_cp_add_dev_white_list *cp;
7303 struct mgmt_pending_cmd *cmd;
7305 BT_DBG("status 0x%02x", status);
7309 cmd = pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev);
7316 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
7317 mgmt_status(status));
7319 mgmt_cmd_complete(cmd->sk, hdev->id,
7320 MGMT_OP_ADD_DEV_WHITE_LIST, 0, cp, sizeof(*cp));
7322 mgmt_pending_remove(cmd);
7325 hci_dev_unlock(hdev);
7328 static int add_white_list(struct sock *sk, struct hci_dev *hdev,
7329 void *data, u16 len)
7331 struct mgmt_pending_cmd *cmd;
7332 struct mgmt_cp_add_dev_white_list *cp = data;
7333 struct hci_request req;
7336 BT_DBG("%s", hdev->name);
7338 if (!lmp_le_capable(hdev))
7339 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
7340 MGMT_STATUS_NOT_SUPPORTED);
7342 if (!hdev_is_powered(hdev))
7343 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
7344 MGMT_STATUS_REJECTED);
7348 if (pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev)) {
7349 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
7354 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEV_WHITE_LIST, hdev, data, len);
7360 hci_req_init(&req, hdev);
7362 hci_req_add(&req, HCI_OP_LE_ADD_TO_ACCEPT_LIST, sizeof(*cp), cp);
7364 err = hci_req_run(&req, add_white_list_complete);
7366 mgmt_pending_remove(cmd);
7371 hci_dev_unlock(hdev);
7376 static void remove_from_white_list_complete(struct hci_dev *hdev,
7377 u8 status, u16 opcode)
7379 struct mgmt_cp_remove_dev_from_white_list *cp;
7380 struct mgmt_pending_cmd *cmd;
7382 BT_DBG("status 0x%02x", status);
7386 cmd = pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev);
7393 mgmt_cmd_status(cmd->sk, hdev->id,
7394 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7395 mgmt_status(status));
7397 mgmt_cmd_complete(cmd->sk, hdev->id,
7398 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, 0,
7401 mgmt_pending_remove(cmd);
7404 hci_dev_unlock(hdev);
7407 static int remove_from_white_list(struct sock *sk, struct hci_dev *hdev,
7408 void *data, u16 len)
7410 struct mgmt_pending_cmd *cmd;
7411 struct mgmt_cp_remove_dev_from_white_list *cp = data;
7412 struct hci_request req;
7415 BT_DBG("%s", hdev->name);
7417 if (!lmp_le_capable(hdev))
7418 return mgmt_cmd_status(sk, hdev->id,
7419 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7420 MGMT_STATUS_NOT_SUPPORTED);
7422 if (!hdev_is_powered(hdev))
7423 return mgmt_cmd_status(sk, hdev->id,
7424 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7425 MGMT_STATUS_REJECTED);
7429 if (pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev)) {
7430 err = mgmt_cmd_status(sk, hdev->id,
7431 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7436 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
7443 hci_req_init(&req, hdev);
7445 hci_req_add(&req, HCI_OP_LE_DEL_FROM_ACCEPT_LIST, sizeof(*cp), cp);
7447 err = hci_req_run(&req, remove_from_white_list_complete);
7449 mgmt_pending_remove(cmd);
7454 hci_dev_unlock(hdev);
7459 static void clear_white_list_complete(struct hci_dev *hdev, u8 status,
7462 struct mgmt_pending_cmd *cmd;
7464 BT_DBG("status 0x%02x", status);
7468 cmd = pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev);
7473 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
7474 mgmt_status(status));
7476 mgmt_cmd_complete(cmd->sk, hdev->id,
7477 MGMT_OP_CLEAR_DEV_WHITE_LIST,
7480 mgmt_pending_remove(cmd);
7483 hci_dev_unlock(hdev);
7486 static int clear_white_list(struct sock *sk, struct hci_dev *hdev,
7487 void *data, u16 len)
7489 struct mgmt_pending_cmd *cmd;
7490 struct hci_request req;
7493 BT_DBG("%s", hdev->name);
7495 if (!lmp_le_capable(hdev))
7496 return mgmt_cmd_status(sk, hdev->id,
7497 MGMT_OP_CLEAR_DEV_WHITE_LIST,
7498 MGMT_STATUS_NOT_SUPPORTED);
7500 if (!hdev_is_powered(hdev))
7501 return mgmt_cmd_status(sk, hdev->id,
7502 MGMT_OP_CLEAR_DEV_WHITE_LIST,
7503 MGMT_STATUS_REJECTED);
7507 if (pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev)) {
7508 err = mgmt_cmd_status(sk, hdev->id,
7509 MGMT_OP_CLEAR_DEV_WHITE_LIST,
7514 cmd = mgmt_pending_add(sk, MGMT_OP_CLEAR_DEV_WHITE_LIST,
7521 hci_req_init(&req, hdev);
7523 hci_req_add(&req, HCI_OP_LE_CLEAR_ACCEPT_LIST, 0, NULL);
7525 err = hci_req_run(&req, clear_white_list_complete);
7527 mgmt_pending_remove(cmd);
7532 hci_dev_unlock(hdev);
7537 static void set_scan_rsp_data_complete(struct hci_dev *hdev, u8 status,
7540 struct mgmt_cp_set_scan_rsp_data *cp;
7541 struct mgmt_pending_cmd *cmd;
7543 BT_DBG("status 0x%02x", status);
7547 cmd = pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev);
7554 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
7555 mgmt_status(status));
7557 mgmt_cmd_complete(cmd->sk, hdev->id,
7558 MGMT_OP_SET_SCAN_RSP_DATA, 0,
7561 mgmt_pending_remove(cmd);
7564 hci_dev_unlock(hdev);
7567 static int set_scan_rsp_data(struct sock *sk, struct hci_dev *hdev, void *data,
7570 struct mgmt_pending_cmd *cmd;
7571 struct hci_request req;
7572 struct mgmt_cp_set_scan_rsp_data *cp = data;
7573 struct hci_cp_le_set_scan_rsp_data rsp;
7576 BT_DBG("%s", hdev->name);
7578 if (!lmp_le_capable(hdev))
7579 return mgmt_cmd_status(sk, hdev->id,
7580 MGMT_OP_SET_SCAN_RSP_DATA,
7581 MGMT_STATUS_NOT_SUPPORTED);
7585 if (pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev)) {
7586 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
7591 if (len > HCI_MAX_AD_LENGTH) {
7592 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
7593 MGMT_STATUS_INVALID_PARAMS);
7597 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SCAN_RSP_DATA, hdev, data, len);
7603 hci_req_init(&req, hdev);
7605 memset(&rsp, 0, sizeof(rsp));
7606 memcpy(rsp.data, cp->data, len);
7609 hci_req_add(&req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(rsp), &rsp);
7611 err = hci_req_run(&req, set_scan_rsp_data_complete);
7613 mgmt_pending_remove(cmd);
7616 hci_dev_unlock(hdev);
7621 static void set_rssi_threshold_complete(struct hci_dev *hdev,
7622 u8 status, u16 opcode)
7624 struct mgmt_pending_cmd *cmd;
7626 BT_DBG("status 0x%02x", status);
7630 cmd = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7635 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7636 mgmt_status(status));
7638 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, 0,
7641 mgmt_pending_remove(cmd);
7644 hci_dev_unlock(hdev);
7647 static void set_rssi_disable_complete(struct hci_dev *hdev,
7648 u8 status, u16 opcode)
7650 struct mgmt_pending_cmd *cmd;
7652 BT_DBG("status 0x%02x", status);
7656 cmd = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
7661 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7662 mgmt_status(status));
7664 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7667 mgmt_pending_remove(cmd);
7670 hci_dev_unlock(hdev);
7673 int mgmt_set_rssi_threshold(struct sock *sk, struct hci_dev *hdev,
7674 void *data, u16 len)
7677 struct hci_cp_set_rssi_threshold th = { 0, };
7678 struct mgmt_cp_set_enable_rssi *cp = data;
7679 struct hci_conn *conn;
7680 struct mgmt_pending_cmd *cmd;
7681 struct hci_request req;
7686 cmd = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7688 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7689 MGMT_STATUS_FAILED);
7693 if (!lmp_le_capable(hdev)) {
7694 mgmt_pending_remove(cmd);
7695 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7696 MGMT_STATUS_NOT_SUPPORTED);
7700 if (!hdev_is_powered(hdev)) {
7701 BT_DBG("%s", hdev->name);
7702 mgmt_pending_remove(cmd);
7703 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7704 MGMT_STATUS_NOT_POWERED);
7708 if (cp->link_type == 0x01)
7709 dest_type = LE_LINK;
7711 dest_type = ACL_LINK;
7713 /* Get LE/ACL link handle info */
7714 conn = hci_conn_hash_lookup_ba(hdev,
7715 dest_type, &cp->bdaddr);
7718 err = mgmt_cmd_complete(sk, hdev->id,
7719 MGMT_OP_SET_RSSI_ENABLE, 1, NULL, 0);
7720 mgmt_pending_remove(cmd);
7724 hci_req_init(&req, hdev);
7726 th.hci_le_ext_opcode = 0x0B;
7728 th.conn_handle = conn->handle;
7729 th.alert_mask = 0x07;
7730 th.low_th = cp->low_th;
7731 th.in_range_th = cp->in_range_th;
7732 th.high_th = cp->high_th;
7734 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
7735 err = hci_req_run(&req, set_rssi_threshold_complete);
7738 mgmt_pending_remove(cmd);
7739 BT_ERR("Error in requesting hci_req_run");
7744 hci_dev_unlock(hdev);
7748 void mgmt_rssi_enable_success(struct sock *sk, struct hci_dev *hdev,
7749 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
7751 struct mgmt_cc_rsp_enable_rssi mgmt_rp = { 0, };
7752 struct mgmt_cp_set_enable_rssi *cp = data;
7753 struct mgmt_pending_cmd *cmd;
7758 mgmt_rp.status = rp->status;
7759 mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
7760 mgmt_rp.bt_address = cp->bdaddr;
7761 mgmt_rp.link_type = cp->link_type;
7763 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7764 MGMT_STATUS_SUCCESS, &mgmt_rp,
7765 sizeof(struct mgmt_cc_rsp_enable_rssi));
7767 mgmt_event(MGMT_EV_RSSI_ENABLED, hdev, &mgmt_rp,
7768 sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
7770 hci_conn_rssi_unset_all(hdev, mgmt_rp.link_type);
7771 hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
7772 &mgmt_rp.bt_address, true);
7776 cmd = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7778 mgmt_pending_remove(cmd);
7780 hci_dev_unlock(hdev);
7783 void mgmt_rssi_disable_success(struct sock *sk, struct hci_dev *hdev,
7784 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
7786 struct mgmt_cc_rp_disable_rssi mgmt_rp = { 0, };
7787 struct mgmt_cp_disable_rssi *cp = data;
7788 struct mgmt_pending_cmd *cmd;
7793 mgmt_rp.status = rp->status;
7794 mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
7795 mgmt_rp.bt_address = cp->bdaddr;
7796 mgmt_rp.link_type = cp->link_type;
7798 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7799 MGMT_STATUS_SUCCESS, &mgmt_rp,
7800 sizeof(struct mgmt_cc_rsp_enable_rssi));
7802 mgmt_event(MGMT_EV_RSSI_DISABLED, hdev, &mgmt_rp,
7803 sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
7805 hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
7806 &mgmt_rp.bt_address, false);
7810 cmd = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
7812 mgmt_pending_remove(cmd);
7814 hci_dev_unlock(hdev);
7817 static int mgmt_set_disable_rssi(struct sock *sk, struct hci_dev *hdev,
7818 void *data, u16 len)
7820 struct mgmt_pending_cmd *cmd;
7821 struct hci_request req;
7822 struct hci_cp_set_enable_rssi cp_en = { 0, };
7825 BT_DBG("Set Disable RSSI.");
7827 cp_en.hci_le_ext_opcode = 0x01;
7828 cp_en.le_enable_cs_Features = 0x00;
7829 cp_en.data[0] = 0x00;
7830 cp_en.data[1] = 0x00;
7831 cp_en.data[2] = 0x00;
7835 cmd = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
7837 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7838 MGMT_STATUS_FAILED);
7842 if (!lmp_le_capable(hdev)) {
7843 mgmt_pending_remove(cmd);
7844 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7845 MGMT_STATUS_NOT_SUPPORTED);
7849 if (!hdev_is_powered(hdev)) {
7850 BT_DBG("%s", hdev->name);
7851 mgmt_pending_remove(cmd);
7852 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
7853 MGMT_STATUS_NOT_POWERED);
7857 hci_req_init(&req, hdev);
7859 BT_DBG("Enable Len: %zu [%2.2X %2.2X %2.2X %2.2X %2.2X]",
7860 sizeof(struct hci_cp_set_enable_rssi),
7861 cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
7862 cp_en.data[0], cp_en.data[1], cp_en.data[2]);
7864 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
7865 err = hci_req_run(&req, set_rssi_disable_complete);
7868 mgmt_pending_remove(cmd);
7869 BT_ERR("Error in requesting hci_req_run");
7874 hci_dev_unlock(hdev);
7878 void mgmt_enable_rssi_cc(struct hci_dev *hdev, void *response, u8 status)
7880 struct hci_cc_rsp_enable_rssi *rp = response;
7881 struct mgmt_pending_cmd *cmd_enable = NULL;
7882 struct mgmt_pending_cmd *cmd_disable = NULL;
7883 struct mgmt_cp_set_enable_rssi *cp_en;
7884 struct mgmt_cp_disable_rssi *cp_dis;
7887 cmd_enable = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7888 cmd_disable = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
7889 hci_dev_unlock(hdev);
7892 BT_DBG("Enable Request");
7895 BT_DBG("Disable Request");
7898 cp_en = cmd_enable->param;
7903 switch (rp->le_ext_opcode) {
7905 BT_DBG("RSSI enabled.. Setting Threshold...");
7906 mgmt_set_rssi_threshold(cmd_enable->sk, hdev,
7907 cp_en, sizeof(*cp_en));
7911 BT_DBG("Sending RSSI enable success");
7912 mgmt_rssi_enable_success(cmd_enable->sk, hdev,
7913 cp_en, rp, rp->status);
7917 } else if (cmd_disable) {
7918 cp_dis = cmd_disable->param;
7923 switch (rp->le_ext_opcode) {
7925 BT_DBG("Sending RSSI disable success");
7926 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
7927 cp_dis, rp, rp->status);
7932 * Only unset RSSI Threshold values for the Link if
7933 * RSSI is monitored for other BREDR or LE Links
7935 if (hci_conn_hash_lookup_rssi_count(hdev) > 1) {
7936 BT_DBG("Unset Threshold. Other links being monitored");
7937 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
7938 cp_dis, rp, rp->status);
7940 BT_DBG("Unset Threshold. Disabling...");
7941 mgmt_set_disable_rssi(cmd_disable->sk, hdev,
7942 cp_dis, sizeof(*cp_dis));
7949 static void set_rssi_enable_complete(struct hci_dev *hdev, u8 status,
7952 struct mgmt_pending_cmd *cmd;
7954 BT_DBG("status 0x%02x", status);
7958 cmd = pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
7963 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7964 mgmt_status(status));
7966 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, 0,
7969 mgmt_pending_remove(cmd);
7972 hci_dev_unlock(hdev);
7975 static int set_enable_rssi(struct sock *sk, struct hci_dev *hdev,
7976 void *data, u16 len)
7978 struct mgmt_pending_cmd *cmd;
7979 struct hci_request req;
7980 struct mgmt_cp_set_enable_rssi *cp = data;
7981 struct hci_cp_set_enable_rssi cp_en = { 0, };
7984 BT_DBG("Set Enable RSSI.");
7986 cp_en.hci_le_ext_opcode = 0x01;
7987 cp_en.le_enable_cs_Features = 0x04;
7988 cp_en.data[0] = 0x00;
7989 cp_en.data[1] = 0x00;
7990 cp_en.data[2] = 0x00;
7994 if (!lmp_le_capable(hdev)) {
7995 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
7996 MGMT_STATUS_NOT_SUPPORTED);
8000 if (!hdev_is_powered(hdev)) {
8001 BT_DBG("%s", hdev->name);
8002 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
8003 MGMT_STATUS_NOT_POWERED);
8007 if (pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev)) {
8008 BT_DBG("%s", hdev->name);
8009 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
8014 cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_ENABLE, hdev, cp,
8017 BT_DBG("%s", hdev->name);
8022 /* If RSSI is already enabled directly set Threshold values */
8023 if (hci_conn_hash_lookup_rssi_count(hdev) > 0) {
8024 hci_dev_unlock(hdev);
8025 BT_DBG("RSSI Enabled. Directly set Threshold");
8026 err = mgmt_set_rssi_threshold(sk, hdev, cp, sizeof(*cp));
8030 hci_req_init(&req, hdev);
8032 BT_DBG("Enable Len: %zu [%2.2X %2.2X %2.2X %2.2X %2.2X]",
8033 sizeof(struct hci_cp_set_enable_rssi),
8034 cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
8035 cp_en.data[0], cp_en.data[1], cp_en.data[2]);
8037 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
8038 err = hci_req_run(&req, set_rssi_enable_complete);
8041 mgmt_pending_remove(cmd);
8042 BT_ERR("Error in requesting hci_req_run");
8047 hci_dev_unlock(hdev);
8052 static void get_raw_rssi_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8054 struct mgmt_pending_cmd *cmd;
8056 BT_DBG("status 0x%02x", status);
8060 cmd = pending_find(MGMT_OP_GET_RAW_RSSI, hdev);
8064 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8065 MGMT_STATUS_SUCCESS, &status, 1);
8067 mgmt_pending_remove(cmd);
8070 hci_dev_unlock(hdev);
8073 static int get_raw_rssi(struct sock *sk, struct hci_dev *hdev, void *data,
8076 struct mgmt_pending_cmd *cmd;
8077 struct hci_request req;
8078 struct mgmt_cp_get_raw_rssi *cp = data;
8079 struct hci_cp_get_raw_rssi hci_cp;
8081 struct hci_conn *conn;
8085 BT_DBG("Get Raw RSSI.");
8089 if (!lmp_le_capable(hdev)) {
8090 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8091 MGMT_STATUS_NOT_SUPPORTED);
8095 if (cp->link_type == 0x01)
8096 dest_type = LE_LINK;
8098 dest_type = ACL_LINK;
8100 /* Get LE/BREDR link handle info */
8101 conn = hci_conn_hash_lookup_ba(hdev,
8102 dest_type, &cp->bt_address);
8104 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8105 MGMT_STATUS_NOT_CONNECTED);
8108 hci_cp.conn_handle = conn->handle;
8110 if (!hdev_is_powered(hdev)) {
8111 BT_DBG("%s", hdev->name);
8112 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8113 MGMT_STATUS_NOT_POWERED);
8117 if (pending_find(MGMT_OP_GET_RAW_RSSI, hdev)) {
8118 BT_DBG("%s", hdev->name);
8119 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
8124 cmd = mgmt_pending_add(sk, MGMT_OP_GET_RAW_RSSI, hdev, data, len);
8126 BT_DBG("%s", hdev->name);
8131 hci_req_init(&req, hdev);
8133 BT_DBG("Connection Handle [%d]", hci_cp.conn_handle);
8134 hci_req_add(&req, HCI_OP_GET_RAW_RSSI, sizeof(hci_cp), &hci_cp);
8135 err = hci_req_run(&req, get_raw_rssi_complete);
8138 mgmt_pending_remove(cmd);
8139 BT_ERR("Error in requesting hci_req_run");
8143 hci_dev_unlock(hdev);
8148 void mgmt_raw_rssi_response(struct hci_dev *hdev,
8149 struct hci_cc_rp_get_raw_rssi *rp, int success)
8151 struct mgmt_cc_rp_get_raw_rssi mgmt_rp = { 0, };
8152 struct hci_conn *conn;
8154 mgmt_rp.status = rp->status;
8155 mgmt_rp.rssi_dbm = rp->rssi_dbm;
8157 conn = hci_conn_hash_lookup_handle(hdev, rp->conn_handle);
8161 bacpy(&mgmt_rp.bt_address, &conn->dst);
8162 if (conn->type == LE_LINK)
8163 mgmt_rp.link_type = 0x01;
8165 mgmt_rp.link_type = 0x00;
8167 mgmt_event(MGMT_EV_RAW_RSSI, hdev, &mgmt_rp,
8168 sizeof(struct mgmt_cc_rp_get_raw_rssi), NULL);
8171 static void set_disable_threshold_complete(struct hci_dev *hdev,
8172 u8 status, u16 opcode)
8174 struct mgmt_pending_cmd *cmd;
8176 BT_DBG("status 0x%02x", status);
8180 cmd = pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
8184 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
8185 MGMT_STATUS_SUCCESS, &status, 1);
8187 mgmt_pending_remove(cmd);
8190 hci_dev_unlock(hdev);
8193 /** Removes monitoring for a link*/
8194 static int set_disable_threshold(struct sock *sk, struct hci_dev *hdev,
8195 void *data, u16 len)
8198 struct hci_cp_set_rssi_threshold th = { 0, };
8199 struct mgmt_cp_disable_rssi *cp = data;
8200 struct hci_conn *conn;
8201 struct mgmt_pending_cmd *cmd;
8202 struct hci_request req;
8205 BT_DBG("Set Disable RSSI.");
8209 if (!lmp_le_capable(hdev)) {
8210 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
8211 MGMT_STATUS_NOT_SUPPORTED);
8215 /* Get LE/ACL link handle info*/
8216 if (cp->link_type == 0x01)
8217 dest_type = LE_LINK;
8219 dest_type = ACL_LINK;
8221 conn = hci_conn_hash_lookup_ba(hdev, dest_type, &cp->bdaddr);
8223 err = mgmt_cmd_complete(sk, hdev->id,
8224 MGMT_OP_SET_RSSI_DISABLE, 1, NULL, 0);
8228 th.hci_le_ext_opcode = 0x0B;
8230 th.conn_handle = conn->handle;
8231 th.alert_mask = 0x00;
8233 th.in_range_th = 0x00;
8236 if (!hdev_is_powered(hdev)) {
8237 BT_DBG("%s", hdev->name);
8238 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
8243 if (pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev)) {
8244 BT_DBG("%s", hdev->name);
8245 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
8250 cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_DISABLE, hdev, cp,
8253 BT_DBG("%s", hdev->name);
8258 hci_req_init(&req, hdev);
8260 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
8261 err = hci_req_run(&req, set_disable_threshold_complete);
8263 mgmt_pending_remove(cmd);
8264 BT_ERR("Error in requesting hci_req_run");
8269 hci_dev_unlock(hdev);
8274 void mgmt_rssi_alert_evt(struct hci_dev *hdev, struct sk_buff *skb)
8276 struct hci_ev_vendor_specific_rssi_alert *ev = (void *)skb->data;
8277 struct mgmt_ev_vendor_specific_rssi_alert mgmt_ev;
8278 struct hci_conn *conn;
8280 BT_DBG("RSSI alert [%2.2X %2.2X %2.2X]",
8281 ev->conn_handle, ev->alert_type, ev->rssi_dbm);
8283 conn = hci_conn_hash_lookup_handle(hdev, ev->conn_handle);
8286 BT_ERR("RSSI alert Error: Device not found for handle");
8289 bacpy(&mgmt_ev.bdaddr, &conn->dst);
8291 if (conn->type == LE_LINK)
8292 mgmt_ev.link_type = 0x01;
8294 mgmt_ev.link_type = 0x00;
8296 mgmt_ev.alert_type = ev->alert_type;
8297 mgmt_ev.rssi_dbm = ev->rssi_dbm;
8299 mgmt_event(MGMT_EV_RSSI_ALERT, hdev, &mgmt_ev,
8300 sizeof(struct mgmt_ev_vendor_specific_rssi_alert),
8304 static int mgmt_start_le_discovery_failed(struct hci_dev *hdev, u8 status)
8306 struct mgmt_pending_cmd *cmd;
8310 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
8312 cmd = pending_find(MGMT_OP_START_LE_DISCOVERY, hdev);
8316 type = hdev->le_discovery.type;
8318 err = mgmt_cmd_complete(cmd->sk, hdev->id, cmd->opcode,
8319 mgmt_status(status), &type, sizeof(type));
8320 mgmt_pending_remove(cmd);
8325 static void start_le_discovery_complete(struct hci_dev *hdev, u8 status,
8328 unsigned long timeout = 0;
8330 BT_DBG("status %d", status);
8334 mgmt_start_le_discovery_failed(hdev, status);
8335 hci_dev_unlock(hdev);
8340 hci_le_discovery_set_state(hdev, DISCOVERY_FINDING);
8341 hci_dev_unlock(hdev);
8343 if (hdev->le_discovery.type != DISCOV_TYPE_LE)
8344 BT_ERR("Invalid discovery type %d", hdev->le_discovery.type);
8349 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
8352 static int start_le_discovery(struct sock *sk, struct hci_dev *hdev,
8353 void *data, u16 len)
8355 struct mgmt_cp_start_le_discovery *cp = data;
8356 struct mgmt_pending_cmd *cmd;
8357 struct hci_cp_le_set_scan_param param_cp;
8358 struct hci_cp_le_set_scan_enable enable_cp;
8359 struct hci_request req;
8360 u8 status, own_addr_type;
8363 BT_DBG("%s", hdev->name);
8365 if (!hdev_is_powered(hdev)) {
8366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
8367 MGMT_STATUS_NOT_POWERED);
8371 if (hdev->le_discovery.state != DISCOVERY_STOPPED) {
8372 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
8377 if (cp->type != DISCOV_TYPE_LE) {
8378 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
8379 MGMT_STATUS_INVALID_PARAMS);
8383 cmd = mgmt_pending_add(sk, MGMT_OP_START_LE_DISCOVERY, hdev, NULL, 0);
8389 hdev->le_discovery.type = cp->type;
8391 hci_req_init(&req, hdev);
8393 status = mgmt_le_support(hdev);
8395 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
8397 mgmt_pending_remove(cmd);
8401 /* If controller is scanning, it means the background scanning
8402 * is running. Thus, we should temporarily stop it in order to
8403 * set the discovery scanning parameters.
8405 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
8406 hci_req_add_le_scan_disable(&req, false);
8408 memset(¶m_cp, 0, sizeof(param_cp));
8410 /* All active scans will be done with either a resolvable
8411 * private address (when privacy feature has been enabled)
8412 * or unresolvable private address.
8414 err = hci_update_random_address_sync(hdev, true, hci_dev_test_flag(hdev, HCI_PRIVACY), &own_addr_type);
8416 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
8417 MGMT_STATUS_FAILED);
8418 mgmt_pending_remove(cmd);
8422 param_cp.type = hdev->le_scan_type;
8423 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
8424 param_cp.window = cpu_to_le16(hdev->le_scan_window);
8425 param_cp.own_address_type = own_addr_type;
8426 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
8429 memset(&enable_cp, 0, sizeof(enable_cp));
8430 enable_cp.enable = LE_SCAN_ENABLE;
8431 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_DISABLE;
8433 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
8436 err = hci_req_run(&req, start_le_discovery_complete);
8438 mgmt_pending_remove(cmd);
8440 hci_le_discovery_set_state(hdev, DISCOVERY_STARTING);
8446 static int mgmt_stop_le_discovery_failed(struct hci_dev *hdev, u8 status)
8448 struct mgmt_pending_cmd *cmd;
8451 cmd = pending_find(MGMT_OP_STOP_LE_DISCOVERY, hdev);
8455 err = mgmt_cmd_complete(cmd->sk, hdev->id, cmd->opcode,
8456 mgmt_status(status), &hdev->le_discovery.type,
8457 sizeof(hdev->le_discovery.type));
8458 mgmt_pending_remove(cmd);
8463 static void stop_le_discovery_complete(struct hci_dev *hdev, u8 status,
8466 BT_DBG("status %d", status);
8471 mgmt_stop_le_discovery_failed(hdev, status);
8475 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
8478 hci_dev_unlock(hdev);
8481 static int stop_le_discovery(struct sock *sk, struct hci_dev *hdev,
8482 void *data, u16 len)
8484 struct mgmt_cp_stop_le_discovery *mgmt_cp = data;
8485 struct mgmt_pending_cmd *cmd;
8486 struct hci_request req;
8489 BT_DBG("%s", hdev->name);
8493 if (!hci_le_discovery_active(hdev)) {
8494 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
8495 MGMT_STATUS_REJECTED, &mgmt_cp->type,
8496 sizeof(mgmt_cp->type));
8500 if (hdev->le_discovery.type != mgmt_cp->type) {
8501 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
8502 MGMT_STATUS_INVALID_PARAMS,
8503 &mgmt_cp->type, sizeof(mgmt_cp->type));
8507 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_LE_DISCOVERY, hdev, NULL, 0);
8513 hci_req_init(&req, hdev);
8515 if (hdev->le_discovery.state != DISCOVERY_FINDING) {
8516 BT_DBG("unknown le discovery state %u",
8517 hdev->le_discovery.state);
8519 mgmt_pending_remove(cmd);
8520 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
8521 MGMT_STATUS_FAILED, &mgmt_cp->type,
8522 sizeof(mgmt_cp->type));
8526 cancel_delayed_work(&hdev->le_scan_disable);
8527 hci_req_add_le_scan_disable(&req, false);
8529 err = hci_req_run(&req, stop_le_discovery_complete);
8531 mgmt_pending_remove(cmd);
8533 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPING);
8536 hci_dev_unlock(hdev);
8540 /* Separate LE discovery */
8541 void mgmt_le_discovering(struct hci_dev *hdev, u8 discovering)
8543 struct mgmt_ev_discovering ev;
8544 struct mgmt_pending_cmd *cmd;
8546 BT_DBG("%s le discovering %u", hdev->name, discovering);
8549 cmd = pending_find(MGMT_OP_START_LE_DISCOVERY, hdev);
8551 cmd = pending_find(MGMT_OP_STOP_LE_DISCOVERY, hdev);
8554 u8 type = hdev->le_discovery.type;
8556 mgmt_cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
8558 mgmt_pending_remove(cmd);
8561 memset(&ev, 0, sizeof(ev));
8562 ev.type = hdev->le_discovery.type;
8563 ev.discovering = discovering;
8565 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8568 static int disable_le_auto_connect(struct sock *sk, struct hci_dev *hdev,
8569 void *data, u16 len)
8573 BT_DBG("%s", hdev->name);
8577 err = hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
8579 BT_ERR("HCI_OP_LE_CREATE_CONN_CANCEL is failed");
8581 hci_dev_unlock(hdev);
8585 #endif /* TIZEN_BT */
8587 static bool ltk_is_valid(struct mgmt_ltk_info *key)
8589 if (key->initiator != 0x00 && key->initiator != 0x01)
8592 switch (key->addr.type) {
8593 case BDADDR_LE_PUBLIC:
8596 case BDADDR_LE_RANDOM:
8597 /* Two most significant bits shall be set */
8598 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
8606 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
8607 void *cp_data, u16 len)
8609 struct mgmt_cp_load_long_term_keys *cp = cp_data;
8610 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
8611 sizeof(struct mgmt_ltk_info));
8612 u16 key_count, expected_len;
8615 bt_dev_dbg(hdev, "sock %p", sk);
8617 if (!lmp_le_capable(hdev))
8618 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
8619 MGMT_STATUS_NOT_SUPPORTED);
8621 key_count = __le16_to_cpu(cp->key_count);
8622 if (key_count > max_key_count) {
8623 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
8625 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
8626 MGMT_STATUS_INVALID_PARAMS);
8629 expected_len = struct_size(cp, keys, key_count);
8630 if (expected_len != len) {
8631 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
8633 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
8634 MGMT_STATUS_INVALID_PARAMS);
8637 bt_dev_dbg(hdev, "key_count %u", key_count);
8639 for (i = 0; i < key_count; i++) {
8640 struct mgmt_ltk_info *key = &cp->keys[i];
8642 if (!ltk_is_valid(key))
8643 return mgmt_cmd_status(sk, hdev->id,
8644 MGMT_OP_LOAD_LONG_TERM_KEYS,
8645 MGMT_STATUS_INVALID_PARAMS);
8650 hci_smp_ltks_clear(hdev);
8652 for (i = 0; i < key_count; i++) {
8653 struct mgmt_ltk_info *key = &cp->keys[i];
8654 u8 type, authenticated;
8655 u8 addr_type = le_addr_type(key->addr.type);
8657 if (hci_is_blocked_key(hdev,
8658 HCI_BLOCKED_KEY_TYPE_LTK,
8660 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
8665 switch (key->type) {
8666 case MGMT_LTK_UNAUTHENTICATED:
8667 authenticated = 0x00;
8668 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
8670 case MGMT_LTK_AUTHENTICATED:
8671 authenticated = 0x01;
8672 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
8674 case MGMT_LTK_P256_UNAUTH:
8675 authenticated = 0x00;
8676 type = SMP_LTK_P256;
8678 case MGMT_LTK_P256_AUTH:
8679 authenticated = 0x01;
8680 type = SMP_LTK_P256;
8682 case MGMT_LTK_P256_DEBUG:
8683 authenticated = 0x00;
8684 type = SMP_LTK_P256_DEBUG;
8690 /* When using SMP over BR/EDR, the addr type should be set to BREDR */
8691 if (key->addr.type == BDADDR_BREDR)
8692 addr_type = BDADDR_BREDR;
8694 hci_add_ltk(hdev, &key->addr.bdaddr,
8695 addr_type, type, authenticated,
8696 key->val, key->enc_size, key->ediv, key->rand);
8699 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
8702 hci_dev_unlock(hdev);
8707 static void get_conn_info_complete(struct hci_dev *hdev, void *data, int err)
8709 struct mgmt_pending_cmd *cmd = data;
8710 struct hci_conn *conn = cmd->user_data;
8711 struct mgmt_cp_get_conn_info *cp = cmd->param;
8712 struct mgmt_rp_get_conn_info rp;
8715 bt_dev_dbg(hdev, "err %d", err);
8717 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
8719 status = mgmt_status(err);
8720 if (status == MGMT_STATUS_SUCCESS) {
8721 rp.rssi = conn->rssi;
8722 rp.tx_power = conn->tx_power;
8723 rp.max_tx_power = conn->max_tx_power;
8725 rp.rssi = HCI_RSSI_INVALID;
8726 rp.tx_power = HCI_TX_POWER_INVALID;
8727 rp.max_tx_power = HCI_TX_POWER_INVALID;
8730 mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
8733 mgmt_pending_free(cmd);
8736 static int get_conn_info_sync(struct hci_dev *hdev, void *data)
8738 struct mgmt_pending_cmd *cmd = data;
8739 struct mgmt_cp_get_conn_info *cp = cmd->param;
8740 struct hci_conn *conn;
8744 /* Make sure we are still connected */
8745 if (cp->addr.type == BDADDR_BREDR)
8746 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8749 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
8751 if (!conn || conn->state != BT_CONNECTED)
8752 return MGMT_STATUS_NOT_CONNECTED;
8754 cmd->user_data = conn;
8755 handle = cpu_to_le16(conn->handle);
8757 /* Refresh RSSI each time */
8758 err = hci_read_rssi_sync(hdev, handle);
8760 /* For LE links TX power does not change thus we don't need to
8761 * query for it once value is known.
8763 if (!err && (!bdaddr_type_is_le(cp->addr.type) ||
8764 conn->tx_power == HCI_TX_POWER_INVALID))
8765 err = hci_read_tx_power_sync(hdev, handle, 0x00);
8767 /* Max TX power needs to be read only once per connection */
8768 if (!err && conn->max_tx_power == HCI_TX_POWER_INVALID)
8769 err = hci_read_tx_power_sync(hdev, handle, 0x01);
8774 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
8777 struct mgmt_cp_get_conn_info *cp = data;
8778 struct mgmt_rp_get_conn_info rp;
8779 struct hci_conn *conn;
8780 unsigned long conn_info_age;
8783 bt_dev_dbg(hdev, "sock %p", sk);
8785 memset(&rp, 0, sizeof(rp));
8786 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
8787 rp.addr.type = cp->addr.type;
8789 if (!bdaddr_type_is_valid(cp->addr.type))
8790 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
8791 MGMT_STATUS_INVALID_PARAMS,
8796 if (!hdev_is_powered(hdev)) {
8797 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
8798 MGMT_STATUS_NOT_POWERED, &rp,
8803 if (cp->addr.type == BDADDR_BREDR)
8804 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8807 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
8809 if (!conn || conn->state != BT_CONNECTED) {
8810 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
8811 MGMT_STATUS_NOT_CONNECTED, &rp,
8816 /* To avoid client trying to guess when to poll again for information we
8817 * calculate conn info age as random value between min/max set in hdev.
8819 conn_info_age = get_random_u32_inclusive(hdev->conn_info_min_age,
8820 hdev->conn_info_max_age - 1);
8822 /* Query controller to refresh cached values if they are too old or were
8825 if (time_after(jiffies, conn->conn_info_timestamp +
8826 msecs_to_jiffies(conn_info_age)) ||
8827 !conn->conn_info_timestamp) {
8828 struct mgmt_pending_cmd *cmd;
8830 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CONN_INFO, hdev, data,
8835 err = hci_cmd_sync_queue(hdev, get_conn_info_sync,
8836 cmd, get_conn_info_complete);
8840 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
8841 MGMT_STATUS_FAILED, &rp, sizeof(rp));
8844 mgmt_pending_free(cmd);
8849 conn->conn_info_timestamp = jiffies;
8851 /* Cache is valid, just reply with values cached in hci_conn */
8852 rp.rssi = conn->rssi;
8853 rp.tx_power = conn->tx_power;
8854 rp.max_tx_power = conn->max_tx_power;
8856 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
8857 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8861 hci_dev_unlock(hdev);
8865 static void get_clock_info_complete(struct hci_dev *hdev, void *data, int err)
8867 struct mgmt_pending_cmd *cmd = data;
8868 struct mgmt_cp_get_clock_info *cp = cmd->param;
8869 struct mgmt_rp_get_clock_info rp;
8870 struct hci_conn *conn = cmd->user_data;
8871 u8 status = mgmt_status(err);
8873 bt_dev_dbg(hdev, "err %d", err);
8875 memset(&rp, 0, sizeof(rp));
8876 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
8877 rp.addr.type = cp->addr.type;
8882 rp.local_clock = cpu_to_le32(hdev->clock);
8885 rp.piconet_clock = cpu_to_le32(conn->clock);
8886 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
8890 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
8893 mgmt_pending_free(cmd);
8896 static int get_clock_info_sync(struct hci_dev *hdev, void *data)
8898 struct mgmt_pending_cmd *cmd = data;
8899 struct mgmt_cp_get_clock_info *cp = cmd->param;
8900 struct hci_cp_read_clock hci_cp;
8901 struct hci_conn *conn;
8903 memset(&hci_cp, 0, sizeof(hci_cp));
8904 hci_read_clock_sync(hdev, &hci_cp);
8906 /* Make sure connection still exists */
8907 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
8908 if (!conn || conn->state != BT_CONNECTED)
8909 return MGMT_STATUS_NOT_CONNECTED;
8911 cmd->user_data = conn;
8912 hci_cp.handle = cpu_to_le16(conn->handle);
8913 hci_cp.which = 0x01; /* Piconet clock */
8915 return hci_read_clock_sync(hdev, &hci_cp);
8918 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
8921 struct mgmt_cp_get_clock_info *cp = data;
8922 struct mgmt_rp_get_clock_info rp;
8923 struct mgmt_pending_cmd *cmd;
8924 struct hci_conn *conn;
8927 bt_dev_dbg(hdev, "sock %p", sk);
8929 memset(&rp, 0, sizeof(rp));
8930 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
8931 rp.addr.type = cp->addr.type;
8933 if (cp->addr.type != BDADDR_BREDR)
8934 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
8935 MGMT_STATUS_INVALID_PARAMS,
8940 if (!hdev_is_powered(hdev)) {
8941 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
8942 MGMT_STATUS_NOT_POWERED, &rp,
8947 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
8948 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8950 if (!conn || conn->state != BT_CONNECTED) {
8951 err = mgmt_cmd_complete(sk, hdev->id,
8952 MGMT_OP_GET_CLOCK_INFO,
8953 MGMT_STATUS_NOT_CONNECTED,
8961 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
8965 err = hci_cmd_sync_queue(hdev, get_clock_info_sync, cmd,
8966 get_clock_info_complete);
8969 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
8970 MGMT_STATUS_FAILED, &rp, sizeof(rp));
8973 mgmt_pending_free(cmd);
8978 hci_dev_unlock(hdev);
8982 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
8984 struct hci_conn *conn;
8986 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
8990 if (conn->dst_type != type)
8993 if (conn->state != BT_CONNECTED)
8999 /* This function requires the caller holds hdev->lock */
9000 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
9001 u8 addr_type, u8 auto_connect)
9003 struct hci_conn_params *params;
9005 params = hci_conn_params_add(hdev, addr, addr_type);
9009 if (params->auto_connect == auto_connect)
9012 hci_pend_le_list_del_init(params);
9014 switch (auto_connect) {
9015 case HCI_AUTO_CONN_DISABLED:
9016 case HCI_AUTO_CONN_LINK_LOSS:
9017 /* If auto connect is being disabled when we're trying to
9018 * connect to device, keep connecting.
9020 if (params->explicit_connect)
9021 hci_pend_le_list_add(params, &hdev->pend_le_conns);
9023 case HCI_AUTO_CONN_REPORT:
9024 if (params->explicit_connect)
9025 hci_pend_le_list_add(params, &hdev->pend_le_conns);
9027 hci_pend_le_list_add(params, &hdev->pend_le_reports);
9029 case HCI_AUTO_CONN_DIRECT:
9030 case HCI_AUTO_CONN_ALWAYS:
9031 if (!is_connected(hdev, addr, addr_type))
9032 hci_pend_le_list_add(params, &hdev->pend_le_conns);
9036 params->auto_connect = auto_connect;
9038 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
9039 addr, addr_type, auto_connect);
9044 static void device_added(struct sock *sk, struct hci_dev *hdev,
9045 bdaddr_t *bdaddr, u8 type, u8 action)
9047 struct mgmt_ev_device_added ev;
9049 bacpy(&ev.addr.bdaddr, bdaddr);
9050 ev.addr.type = type;
9053 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
9056 static int add_device_sync(struct hci_dev *hdev, void *data)
9058 return hci_update_passive_scan_sync(hdev);
9061 static int add_device(struct sock *sk, struct hci_dev *hdev,
9062 void *data, u16 len)
9064 struct mgmt_cp_add_device *cp = data;
9065 u8 auto_conn, addr_type;
9066 struct hci_conn_params *params;
9068 u32 current_flags = 0;
9069 u32 supported_flags;
9071 bt_dev_dbg(hdev, "sock %p", sk);
9073 if (!bdaddr_type_is_valid(cp->addr.type) ||
9074 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
9075 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
9076 MGMT_STATUS_INVALID_PARAMS,
9077 &cp->addr, sizeof(cp->addr));
9079 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
9080 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
9081 MGMT_STATUS_INVALID_PARAMS,
9082 &cp->addr, sizeof(cp->addr));
9086 if (cp->addr.type == BDADDR_BREDR) {
9087 /* Only incoming connections action is supported for now */
9088 if (cp->action != 0x01) {
9089 err = mgmt_cmd_complete(sk, hdev->id,
9091 MGMT_STATUS_INVALID_PARAMS,
9092 &cp->addr, sizeof(cp->addr));
9096 err = hci_bdaddr_list_add_with_flags(&hdev->accept_list,
9102 hci_update_scan(hdev);
9107 addr_type = le_addr_type(cp->addr.type);
9109 if (cp->action == 0x02)
9110 auto_conn = HCI_AUTO_CONN_ALWAYS;
9111 else if (cp->action == 0x01)
9112 auto_conn = HCI_AUTO_CONN_DIRECT;
9114 auto_conn = HCI_AUTO_CONN_REPORT;
9116 /* Kernel internally uses conn_params with resolvable private
9117 * address, but Add Device allows only identity addresses.
9118 * Make sure it is enforced before calling
9119 * hci_conn_params_lookup.
9121 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
9122 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
9123 MGMT_STATUS_INVALID_PARAMS,
9124 &cp->addr, sizeof(cp->addr));
9128 /* If the connection parameters don't exist for this device,
9129 * they will be created and configured with defaults.
9131 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
9133 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
9134 MGMT_STATUS_FAILED, &cp->addr,
9138 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
9141 current_flags = params->flags;
9144 err = hci_cmd_sync_queue(hdev, add_device_sync, NULL, NULL);
9149 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
9150 supported_flags = hdev->conn_flags;
9151 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type,
9152 supported_flags, current_flags);
9154 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
9155 MGMT_STATUS_SUCCESS, &cp->addr,
9159 hci_dev_unlock(hdev);
9163 static void device_removed(struct sock *sk, struct hci_dev *hdev,
9164 bdaddr_t *bdaddr, u8 type)
9166 struct mgmt_ev_device_removed ev;
9168 bacpy(&ev.addr.bdaddr, bdaddr);
9169 ev.addr.type = type;
9171 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
9174 static int remove_device_sync(struct hci_dev *hdev, void *data)
9176 return hci_update_passive_scan_sync(hdev);
9179 static int remove_device(struct sock *sk, struct hci_dev *hdev,
9180 void *data, u16 len)
9182 struct mgmt_cp_remove_device *cp = data;
9185 bt_dev_dbg(hdev, "sock %p", sk);
9189 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
9190 struct hci_conn_params *params;
9193 if (!bdaddr_type_is_valid(cp->addr.type)) {
9194 err = mgmt_cmd_complete(sk, hdev->id,
9195 MGMT_OP_REMOVE_DEVICE,
9196 MGMT_STATUS_INVALID_PARAMS,
9197 &cp->addr, sizeof(cp->addr));
9201 if (cp->addr.type == BDADDR_BREDR) {
9202 err = hci_bdaddr_list_del(&hdev->accept_list,
9206 err = mgmt_cmd_complete(sk, hdev->id,
9207 MGMT_OP_REMOVE_DEVICE,
9208 MGMT_STATUS_INVALID_PARAMS,
9214 hci_update_scan(hdev);
9216 device_removed(sk, hdev, &cp->addr.bdaddr,
9221 addr_type = le_addr_type(cp->addr.type);
9223 /* Kernel internally uses conn_params with resolvable private
9224 * address, but Remove Device allows only identity addresses.
9225 * Make sure it is enforced before calling
9226 * hci_conn_params_lookup.
9228 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
9229 err = mgmt_cmd_complete(sk, hdev->id,
9230 MGMT_OP_REMOVE_DEVICE,
9231 MGMT_STATUS_INVALID_PARAMS,
9232 &cp->addr, sizeof(cp->addr));
9236 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
9239 err = mgmt_cmd_complete(sk, hdev->id,
9240 MGMT_OP_REMOVE_DEVICE,
9241 MGMT_STATUS_INVALID_PARAMS,
9242 &cp->addr, sizeof(cp->addr));
9246 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
9247 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
9248 err = mgmt_cmd_complete(sk, hdev->id,
9249 MGMT_OP_REMOVE_DEVICE,
9250 MGMT_STATUS_INVALID_PARAMS,
9251 &cp->addr, sizeof(cp->addr));
9255 hci_conn_params_free(params);
9257 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
9259 struct hci_conn_params *p, *tmp;
9260 struct bdaddr_list *b, *btmp;
9262 if (cp->addr.type) {
9263 err = mgmt_cmd_complete(sk, hdev->id,
9264 MGMT_OP_REMOVE_DEVICE,
9265 MGMT_STATUS_INVALID_PARAMS,
9266 &cp->addr, sizeof(cp->addr));
9270 list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) {
9271 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
9276 hci_update_scan(hdev);
9278 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
9279 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
9281 device_removed(sk, hdev, &p->addr, p->addr_type);
9282 if (p->explicit_connect) {
9283 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
9286 hci_conn_params_free(p);
9289 bt_dev_dbg(hdev, "All LE connection parameters were removed");
9292 hci_cmd_sync_queue(hdev, remove_device_sync, NULL, NULL);
9295 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
9296 MGMT_STATUS_SUCCESS, &cp->addr,
9299 hci_dev_unlock(hdev);
9303 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
9306 struct mgmt_cp_load_conn_param *cp = data;
9307 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
9308 sizeof(struct mgmt_conn_param));
9309 u16 param_count, expected_len;
9312 if (!lmp_le_capable(hdev))
9313 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
9314 MGMT_STATUS_NOT_SUPPORTED);
9316 param_count = __le16_to_cpu(cp->param_count);
9317 if (param_count > max_param_count) {
9318 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
9320 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
9321 MGMT_STATUS_INVALID_PARAMS);
9324 expected_len = struct_size(cp, params, param_count);
9325 if (expected_len != len) {
9326 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
9328 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
9329 MGMT_STATUS_INVALID_PARAMS);
9332 bt_dev_dbg(hdev, "param_count %u", param_count);
9336 hci_conn_params_clear_disabled(hdev);
9338 for (i = 0; i < param_count; i++) {
9339 struct mgmt_conn_param *param = &cp->params[i];
9340 struct hci_conn_params *hci_param;
9341 u16 min, max, latency, timeout;
9344 bt_dev_dbg(hdev, "Adding %pMR (type %u)", ¶m->addr.bdaddr,
9347 if (param->addr.type == BDADDR_LE_PUBLIC) {
9348 addr_type = ADDR_LE_DEV_PUBLIC;
9349 } else if (param->addr.type == BDADDR_LE_RANDOM) {
9350 addr_type = ADDR_LE_DEV_RANDOM;
9352 bt_dev_err(hdev, "ignoring invalid connection parameters");
9356 min = le16_to_cpu(param->min_interval);
9357 max = le16_to_cpu(param->max_interval);
9358 latency = le16_to_cpu(param->latency);
9359 timeout = le16_to_cpu(param->timeout);
9361 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
9362 min, max, latency, timeout);
9364 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
9365 bt_dev_err(hdev, "ignoring invalid connection parameters");
9369 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
9372 bt_dev_err(hdev, "failed to add connection parameters");
9376 hci_param->conn_min_interval = min;
9377 hci_param->conn_max_interval = max;
9378 hci_param->conn_latency = latency;
9379 hci_param->supervision_timeout = timeout;
9382 hci_dev_unlock(hdev);
9384 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
9388 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
9389 void *data, u16 len)
9391 struct mgmt_cp_set_external_config *cp = data;
9395 bt_dev_dbg(hdev, "sock %p", sk);
9397 if (hdev_is_powered(hdev))
9398 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
9399 MGMT_STATUS_REJECTED);
9401 if (cp->config != 0x00 && cp->config != 0x01)
9402 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
9403 MGMT_STATUS_INVALID_PARAMS);
9405 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
9406 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
9407 MGMT_STATUS_NOT_SUPPORTED);
9412 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
9414 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
9416 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
9423 err = new_options(hdev, sk);
9425 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
9426 mgmt_index_removed(hdev);
9428 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
9429 hci_dev_set_flag(hdev, HCI_CONFIG);
9430 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9432 queue_work(hdev->req_workqueue, &hdev->power_on);
9434 set_bit(HCI_RAW, &hdev->flags);
9435 mgmt_index_added(hdev);
9440 hci_dev_unlock(hdev);
9444 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
9445 void *data, u16 len)
9447 struct mgmt_cp_set_public_address *cp = data;
9451 bt_dev_dbg(hdev, "sock %p", sk);
9453 if (hdev_is_powered(hdev))
9454 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
9455 MGMT_STATUS_REJECTED);
9457 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
9458 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
9459 MGMT_STATUS_INVALID_PARAMS);
9461 if (!hdev->set_bdaddr)
9462 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
9463 MGMT_STATUS_NOT_SUPPORTED);
9467 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
9468 bacpy(&hdev->public_addr, &cp->bdaddr);
9470 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
9477 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9478 err = new_options(hdev, sk);
9480 if (is_configured(hdev)) {
9481 mgmt_index_removed(hdev);
9483 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9485 hci_dev_set_flag(hdev, HCI_CONFIG);
9486 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9488 queue_work(hdev->req_workqueue, &hdev->power_on);
9492 hci_dev_unlock(hdev);
9497 int mgmt_device_name_update(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name,
9501 struct mgmt_ev_device_name_update *ev = (void *)buf;
9507 bacpy(&ev->addr.bdaddr, bdaddr);
9508 ev->addr.type = BDADDR_BREDR;
9510 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
9513 ev->eir_len = cpu_to_le16(eir_len);
9515 return mgmt_event(MGMT_EV_DEVICE_NAME_UPDATE, hdev, buf,
9516 sizeof(*ev) + eir_len, NULL);
9520 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, void *data,
9523 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
9524 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
9525 u8 *h192, *r192, *h256, *r256;
9526 struct mgmt_pending_cmd *cmd = data;
9527 struct sk_buff *skb = cmd->skb;
9528 u8 status = mgmt_status(err);
9531 if (cmd != pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev))
9536 status = MGMT_STATUS_FAILED;
9537 else if (IS_ERR(skb))
9538 status = mgmt_status(PTR_ERR(skb));
9540 status = mgmt_status(skb->data[0]);
9543 bt_dev_dbg(hdev, "status %u", status);
9545 mgmt_cp = cmd->param;
9548 status = mgmt_status(status);
9555 } else if (!bredr_sc_enabled(hdev)) {
9556 struct hci_rp_read_local_oob_data *rp;
9558 if (skb->len != sizeof(*rp)) {
9559 status = MGMT_STATUS_FAILED;
9562 status = MGMT_STATUS_SUCCESS;
9563 rp = (void *)skb->data;
9565 eir_len = 5 + 18 + 18;
9572 struct hci_rp_read_local_oob_ext_data *rp;
9574 if (skb->len != sizeof(*rp)) {
9575 status = MGMT_STATUS_FAILED;
9578 status = MGMT_STATUS_SUCCESS;
9579 rp = (void *)skb->data;
9581 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
9582 eir_len = 5 + 18 + 18;
9586 eir_len = 5 + 18 + 18 + 18 + 18;
9596 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
9603 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
9604 hdev->dev_class, 3);
9607 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
9608 EIR_SSP_HASH_C192, h192, 16);
9609 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
9610 EIR_SSP_RAND_R192, r192, 16);
9614 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
9615 EIR_SSP_HASH_C256, h256, 16);
9616 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
9617 EIR_SSP_RAND_R256, r256, 16);
9621 mgmt_rp->type = mgmt_cp->type;
9622 mgmt_rp->eir_len = cpu_to_le16(eir_len);
9624 err = mgmt_cmd_complete(cmd->sk, hdev->id,
9625 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
9626 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
9627 if (err < 0 || status)
9630 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
9632 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
9633 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
9634 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
9636 if (skb && !IS_ERR(skb))
9640 mgmt_pending_remove(cmd);
9643 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
9644 struct mgmt_cp_read_local_oob_ext_data *cp)
9646 struct mgmt_pending_cmd *cmd;
9649 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
9654 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
9655 read_local_oob_ext_data_complete);
9658 mgmt_pending_remove(cmd);
9665 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
9666 void *data, u16 data_len)
9668 struct mgmt_cp_read_local_oob_ext_data *cp = data;
9669 struct mgmt_rp_read_local_oob_ext_data *rp;
9672 u8 status, flags, role, addr[7], hash[16], rand[16];
9675 bt_dev_dbg(hdev, "sock %p", sk);
9677 if (hdev_is_powered(hdev)) {
9679 case BIT(BDADDR_BREDR):
9680 status = mgmt_bredr_support(hdev);
9686 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
9687 status = mgmt_le_support(hdev);
9691 eir_len = 9 + 3 + 18 + 18 + 3;
9694 status = MGMT_STATUS_INVALID_PARAMS;
9699 status = MGMT_STATUS_NOT_POWERED;
9703 rp_len = sizeof(*rp) + eir_len;
9704 rp = kmalloc(rp_len, GFP_ATOMIC);
9708 if (!status && !lmp_ssp_capable(hdev)) {
9709 status = MGMT_STATUS_NOT_SUPPORTED;
9720 case BIT(BDADDR_BREDR):
9721 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
9722 err = read_local_ssp_oob_req(hdev, sk, cp);
9723 hci_dev_unlock(hdev);
9727 status = MGMT_STATUS_FAILED;
9730 eir_len = eir_append_data(rp->eir, eir_len,
9732 hdev->dev_class, 3);
9735 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
9736 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
9737 smp_generate_oob(hdev, hash, rand) < 0) {
9738 hci_dev_unlock(hdev);
9739 status = MGMT_STATUS_FAILED;
9743 /* This should return the active RPA, but since the RPA
9744 * is only programmed on demand, it is really hard to fill
9745 * this in at the moment. For now disallow retrieving
9746 * local out-of-band data when privacy is in use.
9748 * Returning the identity address will not help here since
9749 * pairing happens before the identity resolving key is
9750 * known and thus the connection establishment happens
9751 * based on the RPA and not the identity address.
9753 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
9754 hci_dev_unlock(hdev);
9755 status = MGMT_STATUS_REJECTED;
9759 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
9760 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
9761 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
9762 bacmp(&hdev->static_addr, BDADDR_ANY))) {
9763 memcpy(addr, &hdev->static_addr, 6);
9766 memcpy(addr, &hdev->bdaddr, 6);
9770 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
9771 addr, sizeof(addr));
9773 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
9778 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
9779 &role, sizeof(role));
9781 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
9782 eir_len = eir_append_data(rp->eir, eir_len,
9784 hash, sizeof(hash));
9786 eir_len = eir_append_data(rp->eir, eir_len,
9788 rand, sizeof(rand));
9791 flags = mgmt_get_adv_discov_flags(hdev);
9793 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9794 flags |= LE_AD_NO_BREDR;
9796 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
9797 &flags, sizeof(flags));
9801 hci_dev_unlock(hdev);
9803 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
9805 status = MGMT_STATUS_SUCCESS;
9808 rp->type = cp->type;
9809 rp->eir_len = cpu_to_le16(eir_len);
9811 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
9812 status, rp, sizeof(*rp) + eir_len);
9813 if (err < 0 || status)
9816 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
9817 rp, sizeof(*rp) + eir_len,
9818 HCI_MGMT_OOB_DATA_EVENTS, sk);
9826 static u32 get_supported_adv_flags(struct hci_dev *hdev)
9830 flags |= MGMT_ADV_FLAG_CONNECTABLE;
9831 flags |= MGMT_ADV_FLAG_DISCOV;
9832 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
9833 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
9834 flags |= MGMT_ADV_FLAG_APPEARANCE;
9835 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
9836 flags |= MGMT_ADV_PARAM_DURATION;
9837 flags |= MGMT_ADV_PARAM_TIMEOUT;
9838 flags |= MGMT_ADV_PARAM_INTERVALS;
9839 flags |= MGMT_ADV_PARAM_TX_POWER;
9840 flags |= MGMT_ADV_PARAM_SCAN_RSP;
9842 /* In extended adv TX_POWER returned from Set Adv Param
9843 * will be always valid.
9845 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID || ext_adv_capable(hdev))
9846 flags |= MGMT_ADV_FLAG_TX_POWER;
9848 if (ext_adv_capable(hdev)) {
9849 flags |= MGMT_ADV_FLAG_SEC_1M;
9850 flags |= MGMT_ADV_FLAG_HW_OFFLOAD;
9851 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER;
9853 if (le_2m_capable(hdev))
9854 flags |= MGMT_ADV_FLAG_SEC_2M;
9856 if (le_coded_capable(hdev))
9857 flags |= MGMT_ADV_FLAG_SEC_CODED;
9863 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
9864 void *data, u16 data_len)
9866 struct mgmt_rp_read_adv_features *rp;
9869 struct adv_info *adv_instance;
9870 u32 supported_flags;
9873 bt_dev_dbg(hdev, "sock %p", sk);
9875 if (!lmp_le_capable(hdev))
9876 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
9877 MGMT_STATUS_REJECTED);
9881 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
9882 rp = kmalloc(rp_len, GFP_ATOMIC);
9884 hci_dev_unlock(hdev);
9888 supported_flags = get_supported_adv_flags(hdev);
9890 rp->supported_flags = cpu_to_le32(supported_flags);
9891 rp->max_adv_data_len = max_adv_len(hdev);
9892 rp->max_scan_rsp_len = max_adv_len(hdev);
9893 rp->max_instances = hdev->le_num_of_adv_sets;
9894 rp->num_instances = hdev->adv_instance_cnt;
9896 instance = rp->instance;
9897 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
9898 /* Only instances 1-le_num_of_adv_sets are externally visible */
9899 if (adv_instance->instance <= hdev->adv_instance_cnt) {
9900 *instance = adv_instance->instance;
9903 rp->num_instances--;
9908 hci_dev_unlock(hdev);
9910 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
9911 MGMT_STATUS_SUCCESS, rp, rp_len);
9918 static u8 calculate_name_len(struct hci_dev *hdev)
9920 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
9922 return eir_append_local_name(hdev, buf, 0);
9925 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
9928 u8 max_len = max_adv_len(hdev);
9931 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
9932 MGMT_ADV_FLAG_LIMITED_DISCOV |
9933 MGMT_ADV_FLAG_MANAGED_FLAGS))
9936 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
9939 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
9940 max_len -= calculate_name_len(hdev);
9942 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
9949 static bool flags_managed(u32 adv_flags)
9951 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
9952 MGMT_ADV_FLAG_LIMITED_DISCOV |
9953 MGMT_ADV_FLAG_MANAGED_FLAGS);
9956 static bool tx_power_managed(u32 adv_flags)
9958 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
9961 static bool name_managed(u32 adv_flags)
9963 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
9966 static bool appearance_managed(u32 adv_flags)
9968 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
9971 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
9972 u8 len, bool is_adv_data)
9977 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
9982 /* Make sure that the data is correctly formatted. */
9983 for (i = 0; i < len; i += (cur_len + 1)) {
9989 if (data[i + 1] == EIR_FLAGS &&
9990 (!is_adv_data || flags_managed(adv_flags)))
9993 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
9996 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
9999 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
10002 if (data[i + 1] == EIR_APPEARANCE &&
10003 appearance_managed(adv_flags))
10006 /* If the current field length would exceed the total data
10007 * length, then it's invalid.
10009 if (i + cur_len >= len)
10016 static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags)
10018 u32 supported_flags, phy_flags;
10020 /* The current implementation only supports a subset of the specified
10021 * flags. Also need to check mutual exclusiveness of sec flags.
10023 supported_flags = get_supported_adv_flags(hdev);
10024 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK;
10025 if (adv_flags & ~supported_flags ||
10026 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
10032 static bool adv_busy(struct hci_dev *hdev)
10034 return pending_find(MGMT_OP_SET_LE, hdev);
10037 static void add_adv_complete(struct hci_dev *hdev, struct sock *sk, u8 instance,
10040 struct adv_info *adv, *n;
10042 bt_dev_dbg(hdev, "err %d", err);
10044 hci_dev_lock(hdev);
10046 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) {
10053 adv->pending = false;
10057 instance = adv->instance;
10059 if (hdev->cur_adv_instance == instance)
10060 cancel_adv_timeout(hdev);
10062 hci_remove_adv_instance(hdev, instance);
10063 mgmt_advertising_removed(sk, hdev, instance);
10066 hci_dev_unlock(hdev);
10069 static void add_advertising_complete(struct hci_dev *hdev, void *data, int err)
10071 struct mgmt_pending_cmd *cmd = data;
10072 struct mgmt_cp_add_advertising *cp = cmd->param;
10073 struct mgmt_rp_add_advertising rp;
10075 memset(&rp, 0, sizeof(rp));
10077 rp.instance = cp->instance;
10080 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
10083 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
10084 mgmt_status(err), &rp, sizeof(rp));
10086 add_adv_complete(hdev, cmd->sk, cp->instance, err);
10088 mgmt_pending_free(cmd);
10091 static int add_advertising_sync(struct hci_dev *hdev, void *data)
10093 struct mgmt_pending_cmd *cmd = data;
10094 struct mgmt_cp_add_advertising *cp = cmd->param;
10096 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
10099 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
10100 void *data, u16 data_len)
10102 struct mgmt_cp_add_advertising *cp = data;
10103 struct mgmt_rp_add_advertising rp;
10106 u16 timeout, duration;
10107 unsigned int prev_instance_cnt;
10108 u8 schedule_instance = 0;
10109 struct adv_info *adv, *next_instance;
10111 struct mgmt_pending_cmd *cmd;
10113 bt_dev_dbg(hdev, "sock %p", sk);
10115 status = mgmt_le_support(hdev);
10117 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10120 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
10121 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10122 MGMT_STATUS_INVALID_PARAMS);
10124 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
10125 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10126 MGMT_STATUS_INVALID_PARAMS);
10128 flags = __le32_to_cpu(cp->flags);
10129 timeout = __le16_to_cpu(cp->timeout);
10130 duration = __le16_to_cpu(cp->duration);
10132 if (!requested_adv_flags_are_valid(hdev, flags))
10133 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10134 MGMT_STATUS_INVALID_PARAMS);
10136 hci_dev_lock(hdev);
10138 if (timeout && !hdev_is_powered(hdev)) {
10139 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10140 MGMT_STATUS_REJECTED);
10144 if (adv_busy(hdev)) {
10145 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10150 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
10151 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
10152 cp->scan_rsp_len, false)) {
10153 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10154 MGMT_STATUS_INVALID_PARAMS);
10158 prev_instance_cnt = hdev->adv_instance_cnt;
10160 adv = hci_add_adv_instance(hdev, cp->instance, flags,
10161 cp->adv_data_len, cp->data,
10163 cp->data + cp->adv_data_len,
10165 HCI_ADV_TX_POWER_NO_PREFERENCE,
10166 hdev->le_adv_min_interval,
10167 hdev->le_adv_max_interval, 0);
10169 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10170 MGMT_STATUS_FAILED);
10174 /* Only trigger an advertising added event if a new instance was
10177 if (hdev->adv_instance_cnt > prev_instance_cnt)
10178 mgmt_advertising_added(sk, hdev, cp->instance);
10180 if (hdev->cur_adv_instance == cp->instance) {
10181 /* If the currently advertised instance is being changed then
10182 * cancel the current advertising and schedule the next
10183 * instance. If there is only one instance then the overridden
10184 * advertising data will be visible right away.
10186 cancel_adv_timeout(hdev);
10188 next_instance = hci_get_next_instance(hdev, cp->instance);
10190 schedule_instance = next_instance->instance;
10191 } else if (!hdev->adv_instance_timeout) {
10192 /* Immediately advertise the new instance if no other
10193 * instance is currently being advertised.
10195 schedule_instance = cp->instance;
10198 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
10199 * there is no instance to be advertised then we have no HCI
10200 * communication to make. Simply return.
10202 if (!hdev_is_powered(hdev) ||
10203 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
10204 !schedule_instance) {
10205 rp.instance = cp->instance;
10206 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
10207 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10211 /* We're good to go, update advertising data, parameters, and start
10214 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
10221 cp->instance = schedule_instance;
10223 err = hci_cmd_sync_queue(hdev, add_advertising_sync, cmd,
10224 add_advertising_complete);
10226 mgmt_pending_free(cmd);
10229 hci_dev_unlock(hdev);
10234 static void add_ext_adv_params_complete(struct hci_dev *hdev, void *data,
10237 struct mgmt_pending_cmd *cmd = data;
10238 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
10239 struct mgmt_rp_add_ext_adv_params rp;
10240 struct adv_info *adv;
10243 BT_DBG("%s", hdev->name);
10245 hci_dev_lock(hdev);
10247 adv = hci_find_adv_instance(hdev, cp->instance);
10251 rp.instance = cp->instance;
10252 rp.tx_power = adv->tx_power;
10254 /* While we're at it, inform userspace of the available space for this
10255 * advertisement, given the flags that will be used.
10257 flags = __le32_to_cpu(cp->flags);
10258 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
10259 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
10262 /* If this advertisement was previously advertising and we
10263 * failed to update it, we signal that it has been removed and
10264 * delete its structure
10267 mgmt_advertising_removed(cmd->sk, hdev, cp->instance);
10269 hci_remove_adv_instance(hdev, cp->instance);
10271 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
10274 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
10275 mgmt_status(err), &rp, sizeof(rp));
10280 mgmt_pending_free(cmd);
10282 hci_dev_unlock(hdev);
10285 static int add_ext_adv_params_sync(struct hci_dev *hdev, void *data)
10287 struct mgmt_pending_cmd *cmd = data;
10288 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
10290 return hci_setup_ext_adv_instance_sync(hdev, cp->instance);
10293 static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev,
10294 void *data, u16 data_len)
10296 struct mgmt_cp_add_ext_adv_params *cp = data;
10297 struct mgmt_rp_add_ext_adv_params rp;
10298 struct mgmt_pending_cmd *cmd = NULL;
10299 struct adv_info *adv;
10300 u32 flags, min_interval, max_interval;
10301 u16 timeout, duration;
10306 BT_DBG("%s", hdev->name);
10308 status = mgmt_le_support(hdev);
10310 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10313 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
10314 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10315 MGMT_STATUS_INVALID_PARAMS);
10317 /* The purpose of breaking add_advertising into two separate MGMT calls
10318 * for params and data is to allow more parameters to be added to this
10319 * structure in the future. For this reason, we verify that we have the
10320 * bare minimum structure we know of when the interface was defined. Any
10321 * extra parameters we don't know about will be ignored in this request.
10323 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE)
10324 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10325 MGMT_STATUS_INVALID_PARAMS);
10327 flags = __le32_to_cpu(cp->flags);
10329 if (!requested_adv_flags_are_valid(hdev, flags))
10330 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10331 MGMT_STATUS_INVALID_PARAMS);
10333 hci_dev_lock(hdev);
10335 /* In new interface, we require that we are powered to register */
10336 if (!hdev_is_powered(hdev)) {
10337 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10338 MGMT_STATUS_REJECTED);
10342 if (adv_busy(hdev)) {
10343 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10348 /* Parse defined parameters from request, use defaults otherwise */
10349 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ?
10350 __le16_to_cpu(cp->timeout) : 0;
10352 duration = (flags & MGMT_ADV_PARAM_DURATION) ?
10353 __le16_to_cpu(cp->duration) :
10354 hdev->def_multi_adv_rotation_duration;
10356 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
10357 __le32_to_cpu(cp->min_interval) :
10358 hdev->le_adv_min_interval;
10360 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
10361 __le32_to_cpu(cp->max_interval) :
10362 hdev->le_adv_max_interval;
10364 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ?
10366 HCI_ADV_TX_POWER_NO_PREFERENCE;
10368 /* Create advertising instance with no advertising or response data */
10369 adv = hci_add_adv_instance(hdev, cp->instance, flags, 0, NULL, 0, NULL,
10370 timeout, duration, tx_power, min_interval,
10374 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
10375 MGMT_STATUS_FAILED);
10379 /* Submit request for advertising params if ext adv available */
10380 if (ext_adv_capable(hdev)) {
10381 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_PARAMS, hdev,
10385 hci_remove_adv_instance(hdev, cp->instance);
10389 err = hci_cmd_sync_queue(hdev, add_ext_adv_params_sync, cmd,
10390 add_ext_adv_params_complete);
10392 mgmt_pending_free(cmd);
10394 rp.instance = cp->instance;
10395 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE;
10396 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
10397 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
10398 err = mgmt_cmd_complete(sk, hdev->id,
10399 MGMT_OP_ADD_EXT_ADV_PARAMS,
10400 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10404 hci_dev_unlock(hdev);
10409 static void add_ext_adv_data_complete(struct hci_dev *hdev, void *data, int err)
10411 struct mgmt_pending_cmd *cmd = data;
10412 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
10413 struct mgmt_rp_add_advertising rp;
10415 add_adv_complete(hdev, cmd->sk, cp->instance, err);
10417 memset(&rp, 0, sizeof(rp));
10419 rp.instance = cp->instance;
10422 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
10425 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
10426 mgmt_status(err), &rp, sizeof(rp));
10428 mgmt_pending_free(cmd);
10431 static int add_ext_adv_data_sync(struct hci_dev *hdev, void *data)
10433 struct mgmt_pending_cmd *cmd = data;
10434 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
10437 if (ext_adv_capable(hdev)) {
10438 err = hci_update_adv_data_sync(hdev, cp->instance);
10442 err = hci_update_scan_rsp_data_sync(hdev, cp->instance);
10446 return hci_enable_ext_advertising_sync(hdev, cp->instance);
10449 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
10452 static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data,
10455 struct mgmt_cp_add_ext_adv_data *cp = data;
10456 struct mgmt_rp_add_ext_adv_data rp;
10457 u8 schedule_instance = 0;
10458 struct adv_info *next_instance;
10459 struct adv_info *adv_instance;
10461 struct mgmt_pending_cmd *cmd;
10463 BT_DBG("%s", hdev->name);
10465 hci_dev_lock(hdev);
10467 adv_instance = hci_find_adv_instance(hdev, cp->instance);
10469 if (!adv_instance) {
10470 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10471 MGMT_STATUS_INVALID_PARAMS);
10475 /* In new interface, we require that we are powered to register */
10476 if (!hdev_is_powered(hdev)) {
10477 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10478 MGMT_STATUS_REJECTED);
10479 goto clear_new_instance;
10482 if (adv_busy(hdev)) {
10483 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10485 goto clear_new_instance;
10488 /* Validate new data */
10489 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data,
10490 cp->adv_data_len, true) ||
10491 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data +
10492 cp->adv_data_len, cp->scan_rsp_len, false)) {
10493 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10494 MGMT_STATUS_INVALID_PARAMS);
10495 goto clear_new_instance;
10498 /* Set the data in the advertising instance */
10499 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len,
10500 cp->data, cp->scan_rsp_len,
10501 cp->data + cp->adv_data_len);
10503 /* If using software rotation, determine next instance to use */
10504 if (hdev->cur_adv_instance == cp->instance) {
10505 /* If the currently advertised instance is being changed
10506 * then cancel the current advertising and schedule the
10507 * next instance. If there is only one instance then the
10508 * overridden advertising data will be visible right
10511 cancel_adv_timeout(hdev);
10513 next_instance = hci_get_next_instance(hdev, cp->instance);
10515 schedule_instance = next_instance->instance;
10516 } else if (!hdev->adv_instance_timeout) {
10517 /* Immediately advertise the new instance if no other
10518 * instance is currently being advertised.
10520 schedule_instance = cp->instance;
10523 /* If the HCI_ADVERTISING flag is set or there is no instance to
10524 * be advertised then we have no HCI communication to make.
10527 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || !schedule_instance) {
10528 if (adv_instance->pending) {
10529 mgmt_advertising_added(sk, hdev, cp->instance);
10530 adv_instance->pending = false;
10532 rp.instance = cp->instance;
10533 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
10534 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10538 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data,
10542 goto clear_new_instance;
10545 err = hci_cmd_sync_queue(hdev, add_ext_adv_data_sync, cmd,
10546 add_ext_adv_data_complete);
10548 mgmt_pending_free(cmd);
10549 goto clear_new_instance;
10552 /* We were successful in updating data, so trigger advertising_added
10553 * event if this is an instance that wasn't previously advertising. If
10554 * a failure occurs in the requests we initiated, we will remove the
10555 * instance again in add_advertising_complete
10557 if (adv_instance->pending)
10558 mgmt_advertising_added(sk, hdev, cp->instance);
10562 clear_new_instance:
10563 hci_remove_adv_instance(hdev, cp->instance);
10566 hci_dev_unlock(hdev);
10571 static void remove_advertising_complete(struct hci_dev *hdev, void *data,
10574 struct mgmt_pending_cmd *cmd = data;
10575 struct mgmt_cp_remove_advertising *cp = cmd->param;
10576 struct mgmt_rp_remove_advertising rp;
10578 bt_dev_dbg(hdev, "err %d", err);
10580 memset(&rp, 0, sizeof(rp));
10581 rp.instance = cp->instance;
10584 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
10587 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
10588 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10590 mgmt_pending_free(cmd);
10593 static int remove_advertising_sync(struct hci_dev *hdev, void *data)
10595 struct mgmt_pending_cmd *cmd = data;
10596 struct mgmt_cp_remove_advertising *cp = cmd->param;
10599 err = hci_remove_advertising_sync(hdev, cmd->sk, cp->instance, true);
10603 if (list_empty(&hdev->adv_instances))
10604 err = hci_disable_advertising_sync(hdev);
10609 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
10610 void *data, u16 data_len)
10612 struct mgmt_cp_remove_advertising *cp = data;
10613 struct mgmt_pending_cmd *cmd;
10616 bt_dev_dbg(hdev, "sock %p", sk);
10618 hci_dev_lock(hdev);
10620 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
10621 err = mgmt_cmd_status(sk, hdev->id,
10622 MGMT_OP_REMOVE_ADVERTISING,
10623 MGMT_STATUS_INVALID_PARAMS);
10627 if (pending_find(MGMT_OP_SET_LE, hdev)) {
10628 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
10633 if (list_empty(&hdev->adv_instances)) {
10634 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
10635 MGMT_STATUS_INVALID_PARAMS);
10639 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
10646 err = hci_cmd_sync_queue(hdev, remove_advertising_sync, cmd,
10647 remove_advertising_complete);
10649 mgmt_pending_free(cmd);
10652 hci_dev_unlock(hdev);
10657 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
10658 void *data, u16 data_len)
10660 struct mgmt_cp_get_adv_size_info *cp = data;
10661 struct mgmt_rp_get_adv_size_info rp;
10662 u32 flags, supported_flags;
10664 bt_dev_dbg(hdev, "sock %p", sk);
10666 if (!lmp_le_capable(hdev))
10667 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
10668 MGMT_STATUS_REJECTED);
10670 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
10671 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
10672 MGMT_STATUS_INVALID_PARAMS);
10674 flags = __le32_to_cpu(cp->flags);
10676 /* The current implementation only supports a subset of the specified
10679 supported_flags = get_supported_adv_flags(hdev);
10680 if (flags & ~supported_flags)
10681 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
10682 MGMT_STATUS_INVALID_PARAMS);
10684 rp.instance = cp->instance;
10685 rp.flags = cp->flags;
10686 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
10687 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
10689 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
10690 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
10693 static const struct hci_mgmt_handler mgmt_handlers[] = {
10694 { NULL }, /* 0x0000 (no command) */
10695 { read_version, MGMT_READ_VERSION_SIZE,
10697 HCI_MGMT_UNTRUSTED },
10698 { read_commands, MGMT_READ_COMMANDS_SIZE,
10700 HCI_MGMT_UNTRUSTED },
10701 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
10703 HCI_MGMT_UNTRUSTED },
10704 { read_controller_info, MGMT_READ_INFO_SIZE,
10705 HCI_MGMT_UNTRUSTED },
10706 { set_powered, MGMT_SETTING_SIZE },
10707 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
10708 { set_connectable, MGMT_SETTING_SIZE },
10709 { set_fast_connectable, MGMT_SETTING_SIZE },
10710 { set_bondable, MGMT_SETTING_SIZE },
10711 { set_link_security, MGMT_SETTING_SIZE },
10712 { set_ssp, MGMT_SETTING_SIZE },
10713 { set_hs, MGMT_SETTING_SIZE },
10714 { set_le, MGMT_SETTING_SIZE },
10715 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
10716 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
10717 { add_uuid, MGMT_ADD_UUID_SIZE },
10718 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
10719 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
10720 HCI_MGMT_VAR_LEN },
10721 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
10722 HCI_MGMT_VAR_LEN },
10723 { disconnect, MGMT_DISCONNECT_SIZE },
10724 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
10725 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
10726 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
10727 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
10728 { pair_device, MGMT_PAIR_DEVICE_SIZE },
10729 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
10730 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
10731 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
10732 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
10733 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
10734 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
10735 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
10736 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
10737 HCI_MGMT_VAR_LEN },
10738 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
10739 { start_discovery, MGMT_START_DISCOVERY_SIZE },
10740 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
10741 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
10742 { block_device, MGMT_BLOCK_DEVICE_SIZE },
10743 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
10744 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
10745 { set_advertising, MGMT_SETTING_SIZE },
10746 { set_bredr, MGMT_SETTING_SIZE },
10747 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
10748 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
10749 { set_secure_conn, MGMT_SETTING_SIZE },
10750 { set_debug_keys, MGMT_SETTING_SIZE },
10751 { set_privacy, MGMT_SET_PRIVACY_SIZE },
10752 { load_irks, MGMT_LOAD_IRKS_SIZE,
10753 HCI_MGMT_VAR_LEN },
10754 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
10755 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
10756 { add_device, MGMT_ADD_DEVICE_SIZE },
10757 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
10758 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
10759 HCI_MGMT_VAR_LEN },
10760 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
10762 HCI_MGMT_UNTRUSTED },
10763 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
10764 HCI_MGMT_UNCONFIGURED |
10765 HCI_MGMT_UNTRUSTED },
10766 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
10767 HCI_MGMT_UNCONFIGURED },
10768 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
10769 HCI_MGMT_UNCONFIGURED },
10770 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
10771 HCI_MGMT_VAR_LEN },
10772 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
10773 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
10775 HCI_MGMT_UNTRUSTED },
10776 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
10777 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
10778 HCI_MGMT_VAR_LEN },
10779 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
10780 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
10781 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
10782 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
10783 HCI_MGMT_UNTRUSTED },
10784 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
10785 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
10786 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
10787 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
10788 HCI_MGMT_VAR_LEN },
10789 { set_wideband_speech, MGMT_SETTING_SIZE },
10790 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE,
10791 HCI_MGMT_UNTRUSTED },
10792 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE,
10793 HCI_MGMT_UNTRUSTED |
10794 HCI_MGMT_HDEV_OPTIONAL },
10795 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE,
10797 HCI_MGMT_HDEV_OPTIONAL },
10798 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE,
10799 HCI_MGMT_UNTRUSTED },
10800 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE,
10801 HCI_MGMT_VAR_LEN },
10802 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE,
10803 HCI_MGMT_UNTRUSTED },
10804 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE,
10805 HCI_MGMT_VAR_LEN },
10806 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE },
10807 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE },
10808 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE },
10809 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE,
10810 HCI_MGMT_VAR_LEN },
10811 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE },
10812 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE,
10813 HCI_MGMT_VAR_LEN },
10814 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE,
10815 HCI_MGMT_VAR_LEN },
10816 { add_adv_patterns_monitor_rssi,
10817 MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE,
10818 HCI_MGMT_VAR_LEN },
10819 { set_mesh, MGMT_SET_MESH_RECEIVER_SIZE,
10820 HCI_MGMT_VAR_LEN },
10821 { mesh_features, MGMT_MESH_READ_FEATURES_SIZE },
10822 { mesh_send, MGMT_MESH_SEND_SIZE,
10823 HCI_MGMT_VAR_LEN },
10824 { mesh_send_cancel, MGMT_MESH_SEND_CANCEL_SIZE },
10828 static const struct hci_mgmt_handler tizen_mgmt_handlers[] = {
10829 { NULL }, /* 0x0000 (no command) */
10830 { set_advertising_params, MGMT_SET_ADVERTISING_PARAMS_SIZE },
10831 { set_advertising_data, MGMT_SET_ADV_MIN_APP_DATA_SIZE,
10832 HCI_MGMT_VAR_LEN },
10833 { set_scan_rsp_data, MGMT_SET_SCAN_RSP_MIN_APP_DATA_SIZE,
10834 HCI_MGMT_VAR_LEN },
10835 { add_white_list, MGMT_ADD_DEV_WHITE_LIST_SIZE },
10836 { remove_from_white_list, MGMT_REMOVE_DEV_FROM_WHITE_LIST_SIZE },
10837 { clear_white_list, MGMT_OP_CLEAR_DEV_WHITE_LIST_SIZE },
10838 { set_enable_rssi, MGMT_SET_RSSI_ENABLE_SIZE },
10839 { get_raw_rssi, MGMT_GET_RAW_RSSI_SIZE },
10840 { set_disable_threshold, MGMT_SET_RSSI_DISABLE_SIZE },
10841 { start_le_discovery, MGMT_START_LE_DISCOVERY_SIZE },
10842 { stop_le_discovery, MGMT_STOP_LE_DISCOVERY_SIZE },
10843 { disable_le_auto_connect, MGMT_DISABLE_LE_AUTO_CONNECT_SIZE },
10847 void mgmt_index_added(struct hci_dev *hdev)
10849 struct mgmt_ev_ext_index ev;
10851 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
10854 switch (hdev->dev_type) {
10856 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
10857 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
10858 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
10861 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
10862 HCI_MGMT_INDEX_EVENTS);
10873 ev.bus = hdev->bus;
10875 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
10876 HCI_MGMT_EXT_INDEX_EVENTS);
10879 void mgmt_index_removed(struct hci_dev *hdev)
10881 struct mgmt_ev_ext_index ev;
10882 u8 status = MGMT_STATUS_INVALID_INDEX;
10884 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
10887 switch (hdev->dev_type) {
10889 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
10891 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
10892 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
10893 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
10896 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
10897 HCI_MGMT_INDEX_EVENTS);
10908 ev.bus = hdev->bus;
10910 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
10911 HCI_MGMT_EXT_INDEX_EVENTS);
10913 /* Cancel any remaining timed work */
10914 if (!hci_dev_test_flag(hdev, HCI_MGMT))
10916 cancel_delayed_work_sync(&hdev->discov_off);
10917 cancel_delayed_work_sync(&hdev->service_cache);
10918 cancel_delayed_work_sync(&hdev->rpa_expired);
10921 void mgmt_power_on(struct hci_dev *hdev, int err)
10923 struct cmd_lookup match = { NULL, hdev };
10925 bt_dev_dbg(hdev, "err %d", err);
10927 hci_dev_lock(hdev);
10930 restart_le_actions(hdev);
10931 hci_update_passive_scan(hdev);
10934 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
10936 new_settings(hdev, match.sk);
10939 sock_put(match.sk);
10941 hci_dev_unlock(hdev);
10944 void __mgmt_power_off(struct hci_dev *hdev)
10946 struct cmd_lookup match = { NULL, hdev };
10947 u8 status, zero_cod[] = { 0, 0, 0 };
10949 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
10951 /* If the power off is because of hdev unregistration let
10952 * use the appropriate INVALID_INDEX status. Otherwise use
10953 * NOT_POWERED. We cover both scenarios here since later in
10954 * mgmt_index_removed() any hci_conn callbacks will have already
10955 * been triggered, potentially causing misleading DISCONNECTED
10956 * status responses.
10958 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
10959 status = MGMT_STATUS_INVALID_INDEX;
10961 status = MGMT_STATUS_NOT_POWERED;
10963 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
10965 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
10966 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
10967 zero_cod, sizeof(zero_cod),
10968 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
10969 ext_info_changed(hdev, NULL);
10972 new_settings(hdev, match.sk);
10975 sock_put(match.sk);
10978 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
10980 struct mgmt_pending_cmd *cmd;
10983 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
10987 if (err == -ERFKILL)
10988 status = MGMT_STATUS_RFKILLED;
10990 status = MGMT_STATUS_FAILED;
10992 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
10994 mgmt_pending_remove(cmd);
10997 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
11000 struct mgmt_ev_new_link_key ev;
11002 memset(&ev, 0, sizeof(ev));
11004 ev.store_hint = persistent;
11005 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
11006 ev.key.addr.type = link_to_bdaddr(key->link_type, key->bdaddr_type);
11007 ev.key.type = key->type;
11008 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
11009 ev.key.pin_len = key->pin_len;
11011 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
11014 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
11016 switch (ltk->type) {
11018 case SMP_LTK_RESPONDER:
11019 if (ltk->authenticated)
11020 return MGMT_LTK_AUTHENTICATED;
11021 return MGMT_LTK_UNAUTHENTICATED;
11023 if (ltk->authenticated)
11024 return MGMT_LTK_P256_AUTH;
11025 return MGMT_LTK_P256_UNAUTH;
11026 case SMP_LTK_P256_DEBUG:
11027 return MGMT_LTK_P256_DEBUG;
11030 return MGMT_LTK_UNAUTHENTICATED;
11033 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
11035 struct mgmt_ev_new_long_term_key ev;
11037 memset(&ev, 0, sizeof(ev));
11039 /* Devices using resolvable or non-resolvable random addresses
11040 * without providing an identity resolving key don't require
11041 * to store long term keys. Their addresses will change the
11042 * next time around.
11044 * Only when a remote device provides an identity address
11045 * make sure the long term key is stored. If the remote
11046 * identity is known, the long term keys are internally
11047 * mapped to the identity address. So allow static random
11048 * and public addresses here.
11050 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
11051 (key->bdaddr.b[5] & 0xc0) != 0xc0)
11052 ev.store_hint = 0x00;
11054 ev.store_hint = persistent;
11056 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
11057 ev.key.addr.type = link_to_bdaddr(key->link_type, key->bdaddr_type);
11058 ev.key.type = mgmt_ltk_type(key);
11059 ev.key.enc_size = key->enc_size;
11060 ev.key.ediv = key->ediv;
11061 ev.key.rand = key->rand;
11063 if (key->type == SMP_LTK)
11064 ev.key.initiator = 1;
11066 /* Make sure we copy only the significant bytes based on the
11067 * encryption key size, and set the rest of the value to zeroes.
11069 memcpy(ev.key.val, key->val, key->enc_size);
11070 memset(ev.key.val + key->enc_size, 0,
11071 sizeof(ev.key.val) - key->enc_size);
11073 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
11076 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
11078 struct mgmt_ev_new_irk ev;
11080 memset(&ev, 0, sizeof(ev));
11082 ev.store_hint = persistent;
11084 bacpy(&ev.rpa, &irk->rpa);
11085 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
11086 ev.irk.addr.type = link_to_bdaddr(irk->link_type, irk->addr_type);
11087 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
11089 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
11092 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
11095 struct mgmt_ev_new_csrk ev;
11097 memset(&ev, 0, sizeof(ev));
11099 /* Devices using resolvable or non-resolvable random addresses
11100 * without providing an identity resolving key don't require
11101 * to store signature resolving keys. Their addresses will change
11102 * the next time around.
11104 * Only when a remote device provides an identity address
11105 * make sure the signature resolving key is stored. So allow
11106 * static random and public addresses here.
11108 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
11109 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
11110 ev.store_hint = 0x00;
11112 ev.store_hint = persistent;
11114 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
11115 ev.key.addr.type = link_to_bdaddr(csrk->link_type, csrk->bdaddr_type);
11116 ev.key.type = csrk->type;
11117 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
11119 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
11122 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
11123 u8 bdaddr_type, u8 store_hint, u16 min_interval,
11124 u16 max_interval, u16 latency, u16 timeout)
11126 struct mgmt_ev_new_conn_param ev;
11128 if (!hci_is_identity_address(bdaddr, bdaddr_type))
11131 memset(&ev, 0, sizeof(ev));
11132 bacpy(&ev.addr.bdaddr, bdaddr);
11133 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
11134 ev.store_hint = store_hint;
11135 ev.min_interval = cpu_to_le16(min_interval);
11136 ev.max_interval = cpu_to_le16(max_interval);
11137 ev.latency = cpu_to_le16(latency);
11138 ev.timeout = cpu_to_le16(timeout);
11140 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
11143 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
11144 u8 *name, u8 name_len)
11146 struct sk_buff *skb;
11147 struct mgmt_ev_device_connected *ev;
11151 /* allocate buff for LE or BR/EDR adv */
11152 if (conn->le_adv_data_len > 0)
11153 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
11154 sizeof(*ev) + conn->le_adv_data_len);
11156 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
11157 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0) +
11158 eir_precalc_len(sizeof(conn->dev_class)));
11160 ev = skb_put(skb, sizeof(*ev));
11161 bacpy(&ev->addr.bdaddr, &conn->dst);
11162 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
11165 flags |= MGMT_DEV_FOUND_INITIATED_CONN;
11167 ev->flags = __cpu_to_le32(flags);
11169 /* We must ensure that the EIR Data fields are ordered and
11170 * unique. Keep it simple for now and avoid the problem by not
11171 * adding any BR/EDR data to the LE adv.
11173 if (conn->le_adv_data_len > 0) {
11174 skb_put_data(skb, conn->le_adv_data, conn->le_adv_data_len);
11175 eir_len = conn->le_adv_data_len;
11178 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
11180 if (memcmp(conn->dev_class, "\0\0\0", sizeof(conn->dev_class)))
11181 eir_len += eir_skb_put_data(skb, EIR_CLASS_OF_DEV,
11182 conn->dev_class, sizeof(conn->dev_class));
11185 ev->eir_len = cpu_to_le16(eir_len);
11187 mgmt_event_skb(skb, NULL);
11190 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
11192 struct sock **sk = data;
11194 cmd->cmd_complete(cmd, 0);
11199 mgmt_pending_remove(cmd);
11202 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
11204 struct hci_dev *hdev = data;
11205 struct mgmt_cp_unpair_device *cp = cmd->param;
11207 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
11209 cmd->cmd_complete(cmd, 0);
11210 mgmt_pending_remove(cmd);
11213 bool mgmt_powering_down(struct hci_dev *hdev)
11215 struct mgmt_pending_cmd *cmd;
11216 struct mgmt_mode *cp;
11218 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
11229 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
11230 u8 link_type, u8 addr_type, u8 reason,
11231 bool mgmt_connected)
11233 struct mgmt_ev_device_disconnected ev;
11234 struct sock *sk = NULL;
11236 /* The connection is still in hci_conn_hash so test for 1
11237 * instead of 0 to know if this is the last one.
11239 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
11240 cancel_delayed_work(&hdev->power_off);
11241 queue_work(hdev->req_workqueue, &hdev->power_off.work);
11244 if (!mgmt_connected)
11247 if (link_type != ACL_LINK && link_type != LE_LINK)
11250 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
11252 bacpy(&ev.addr.bdaddr, bdaddr);
11253 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11254 ev.reason = reason;
11256 /* Report disconnects due to suspend */
11257 if (hdev->suspended)
11258 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND;
11260 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
11265 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
11269 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
11270 u8 link_type, u8 addr_type, u8 status)
11272 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
11273 struct mgmt_cp_disconnect *cp;
11274 struct mgmt_pending_cmd *cmd;
11276 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
11279 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
11285 if (bacmp(bdaddr, &cp->addr.bdaddr))
11288 if (cp->addr.type != bdaddr_type)
11291 cmd->cmd_complete(cmd, mgmt_status(status));
11292 mgmt_pending_remove(cmd);
11295 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
11296 u8 addr_type, u8 status)
11298 struct mgmt_ev_connect_failed ev;
11300 /* The connection is still in hci_conn_hash so test for 1
11301 * instead of 0 to know if this is the last one.
11303 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
11304 cancel_delayed_work(&hdev->power_off);
11305 queue_work(hdev->req_workqueue, &hdev->power_off.work);
11308 bacpy(&ev.addr.bdaddr, bdaddr);
11309 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11310 ev.status = mgmt_status(status);
11312 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
11315 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
11317 struct mgmt_ev_pin_code_request ev;
11319 bacpy(&ev.addr.bdaddr, bdaddr);
11320 ev.addr.type = BDADDR_BREDR;
11321 ev.secure = secure;
11323 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
11326 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11329 struct mgmt_pending_cmd *cmd;
11331 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
11335 cmd->cmd_complete(cmd, mgmt_status(status));
11336 mgmt_pending_remove(cmd);
11339 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11342 struct mgmt_pending_cmd *cmd;
11344 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
11348 cmd->cmd_complete(cmd, mgmt_status(status));
11349 mgmt_pending_remove(cmd);
11352 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
11353 u8 link_type, u8 addr_type, u32 value,
11356 struct mgmt_ev_user_confirm_request ev;
11358 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
11360 bacpy(&ev.addr.bdaddr, bdaddr);
11361 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11362 ev.confirm_hint = confirm_hint;
11363 ev.value = cpu_to_le32(value);
11365 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
11369 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
11370 u8 link_type, u8 addr_type)
11372 struct mgmt_ev_user_passkey_request ev;
11374 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
11376 bacpy(&ev.addr.bdaddr, bdaddr);
11377 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11379 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
11383 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11384 u8 link_type, u8 addr_type, u8 status,
11387 struct mgmt_pending_cmd *cmd;
11389 cmd = pending_find(opcode, hdev);
11393 cmd->cmd_complete(cmd, mgmt_status(status));
11394 mgmt_pending_remove(cmd);
11399 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11400 u8 link_type, u8 addr_type, u8 status)
11402 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
11403 status, MGMT_OP_USER_CONFIRM_REPLY);
11406 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11407 u8 link_type, u8 addr_type, u8 status)
11409 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
11411 MGMT_OP_USER_CONFIRM_NEG_REPLY);
11414 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11415 u8 link_type, u8 addr_type, u8 status)
11417 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
11418 status, MGMT_OP_USER_PASSKEY_REPLY);
11421 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
11422 u8 link_type, u8 addr_type, u8 status)
11424 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
11426 MGMT_OP_USER_PASSKEY_NEG_REPLY);
11429 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
11430 u8 link_type, u8 addr_type, u32 passkey,
11433 struct mgmt_ev_passkey_notify ev;
11435 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
11437 bacpy(&ev.addr.bdaddr, bdaddr);
11438 ev.addr.type = link_to_bdaddr(link_type, addr_type);
11439 ev.passkey = __cpu_to_le32(passkey);
11440 ev.entered = entered;
11442 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
11445 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
11447 struct mgmt_ev_auth_failed ev;
11448 struct mgmt_pending_cmd *cmd;
11449 u8 status = mgmt_status(hci_status);
11451 bacpy(&ev.addr.bdaddr, &conn->dst);
11452 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
11453 ev.status = status;
11455 cmd = find_pairing(conn);
11457 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
11458 cmd ? cmd->sk : NULL);
11461 cmd->cmd_complete(cmd, status);
11462 mgmt_pending_remove(cmd);
11466 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
11468 struct cmd_lookup match = { NULL, hdev };
11472 u8 mgmt_err = mgmt_status(status);
11473 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
11474 cmd_status_rsp, &mgmt_err);
11478 if (test_bit(HCI_AUTH, &hdev->flags))
11479 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
11481 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
11483 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
11487 new_settings(hdev, match.sk);
11490 sock_put(match.sk);
11493 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
11495 struct cmd_lookup *match = data;
11497 if (match->sk == NULL) {
11498 match->sk = cmd->sk;
11499 sock_hold(match->sk);
11503 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
11506 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
11508 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
11509 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
11510 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
11513 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
11514 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
11515 ext_info_changed(hdev, NULL);
11519 sock_put(match.sk);
11522 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
11524 struct mgmt_cp_set_local_name ev;
11525 struct mgmt_pending_cmd *cmd;
11530 memset(&ev, 0, sizeof(ev));
11531 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
11532 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
11534 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
11536 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
11538 /* If this is a HCI command related to powering on the
11539 * HCI dev don't send any mgmt signals.
11541 if (pending_find(MGMT_OP_SET_POWERED, hdev))
11545 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
11546 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
11547 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
11550 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
11554 for (i = 0; i < uuid_count; i++) {
11555 if (!memcmp(uuid, uuids[i], 16))
11562 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
11566 while (parsed < eir_len) {
11567 u8 field_len = eir[0];
11571 if (field_len == 0)
11574 if (eir_len - parsed < field_len + 1)
11578 case EIR_UUID16_ALL:
11579 case EIR_UUID16_SOME:
11580 for (i = 0; i + 3 <= field_len; i += 2) {
11581 memcpy(uuid, bluetooth_base_uuid, 16);
11582 uuid[13] = eir[i + 3];
11583 uuid[12] = eir[i + 2];
11584 if (has_uuid(uuid, uuid_count, uuids))
11588 case EIR_UUID32_ALL:
11589 case EIR_UUID32_SOME:
11590 for (i = 0; i + 5 <= field_len; i += 4) {
11591 memcpy(uuid, bluetooth_base_uuid, 16);
11592 uuid[15] = eir[i + 5];
11593 uuid[14] = eir[i + 4];
11594 uuid[13] = eir[i + 3];
11595 uuid[12] = eir[i + 2];
11596 if (has_uuid(uuid, uuid_count, uuids))
11600 case EIR_UUID128_ALL:
11601 case EIR_UUID128_SOME:
11602 for (i = 0; i + 17 <= field_len; i += 16) {
11603 memcpy(uuid, eir + i + 2, 16);
11604 if (has_uuid(uuid, uuid_count, uuids))
11610 parsed += field_len + 1;
11611 eir += field_len + 1;
11617 static void restart_le_scan(struct hci_dev *hdev)
11619 /* If controller is not scanning we are done. */
11620 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
11623 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
11624 hdev->discovery.scan_start +
11625 hdev->discovery.scan_duration))
11628 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
11629 DISCOV_LE_RESTART_DELAY);
11632 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
11633 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
11635 /* If a RSSI threshold has been specified, and
11636 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
11637 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
11638 * is set, let it through for further processing, as we might need to
11639 * restart the scan.
11641 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
11642 * the results are also dropped.
11644 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
11645 (rssi == HCI_RSSI_INVALID ||
11646 (rssi < hdev->discovery.rssi &&
11647 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
11650 if (hdev->discovery.uuid_count != 0) {
11651 /* If a list of UUIDs is provided in filter, results with no
11652 * matching UUID should be dropped.
11654 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
11655 hdev->discovery.uuids) &&
11656 !eir_has_uuids(scan_rsp, scan_rsp_len,
11657 hdev->discovery.uuid_count,
11658 hdev->discovery.uuids))
11662 /* If duplicate filtering does not report RSSI changes, then restart
11663 * scanning to ensure updated result with updated RSSI values.
11665 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
11666 restart_le_scan(hdev);
11668 /* Validate RSSI value against the RSSI threshold once more. */
11669 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
11670 rssi < hdev->discovery.rssi)
11677 void mgmt_adv_monitor_device_lost(struct hci_dev *hdev, u16 handle,
11678 bdaddr_t *bdaddr, u8 addr_type)
11680 struct mgmt_ev_adv_monitor_device_lost ev;
11682 ev.monitor_handle = cpu_to_le16(handle);
11683 bacpy(&ev.addr.bdaddr, bdaddr);
11684 ev.addr.type = addr_type;
11686 mgmt_event(MGMT_EV_ADV_MONITOR_DEVICE_LOST, hdev, &ev, sizeof(ev),
11690 static void mgmt_send_adv_monitor_device_found(struct hci_dev *hdev,
11691 struct sk_buff *skb,
11692 struct sock *skip_sk,
11695 struct sk_buff *advmon_skb;
11696 size_t advmon_skb_len;
11697 __le16 *monitor_handle;
11702 advmon_skb_len = (sizeof(struct mgmt_ev_adv_monitor_device_found) -
11703 sizeof(struct mgmt_ev_device_found)) + skb->len;
11704 advmon_skb = mgmt_alloc_skb(hdev, MGMT_EV_ADV_MONITOR_DEVICE_FOUND,
11709 /* ADV_MONITOR_DEVICE_FOUND is similar to DEVICE_FOUND event except
11710 * that it also has 'monitor_handle'. Make a copy of DEVICE_FOUND and
11711 * store monitor_handle of the matched monitor.
11713 monitor_handle = skb_put(advmon_skb, sizeof(*monitor_handle));
11714 *monitor_handle = cpu_to_le16(handle);
11715 skb_put_data(advmon_skb, skb->data, skb->len);
11717 mgmt_event_skb(advmon_skb, skip_sk);
11720 static void mgmt_adv_monitor_device_found(struct hci_dev *hdev,
11721 bdaddr_t *bdaddr, bool report_device,
11722 struct sk_buff *skb,
11723 struct sock *skip_sk)
11725 struct monitored_device *dev, *tmp;
11726 bool matched = false;
11727 bool notified = false;
11729 /* We have received the Advertisement Report because:
11730 * 1. the kernel has initiated active discovery
11731 * 2. if not, we have pend_le_reports > 0 in which case we are doing
11733 * 3. if none of the above is true, we have one or more active
11734 * Advertisement Monitor
11736 * For case 1 and 2, report all advertisements via MGMT_EV_DEVICE_FOUND
11737 * and report ONLY one advertisement per device for the matched Monitor
11738 * via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event.
11740 * For case 3, since we are not active scanning and all advertisements
11741 * received are due to a matched Advertisement Monitor, report all
11742 * advertisements ONLY via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event.
11744 if (report_device && !hdev->advmon_pend_notify) {
11745 mgmt_event_skb(skb, skip_sk);
11749 hdev->advmon_pend_notify = false;
11751 list_for_each_entry_safe(dev, tmp, &hdev->monitored_devices, list) {
11752 if (!bacmp(&dev->bdaddr, bdaddr)) {
11755 if (!dev->notified) {
11756 mgmt_send_adv_monitor_device_found(hdev, skb,
11760 dev->notified = true;
11764 if (!dev->notified)
11765 hdev->advmon_pend_notify = true;
11768 if (!report_device &&
11769 ((matched && !notified) || !msft_monitor_supported(hdev))) {
11770 /* Handle 0 indicates that we are not active scanning and this
11771 * is a subsequent advertisement report for an already matched
11772 * Advertisement Monitor or the controller offloading support
11773 * is not available.
11775 mgmt_send_adv_monitor_device_found(hdev, skb, skip_sk, 0);
11779 mgmt_event_skb(skb, skip_sk);
11784 static void mesh_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr,
11785 u8 addr_type, s8 rssi, u32 flags, u8 *eir,
11786 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len,
11789 struct sk_buff *skb;
11790 struct mgmt_ev_mesh_device_found *ev;
11793 if (!hdev->mesh_ad_types[0])
11796 /* Scan for requested AD types */
11798 for (i = 0; i + 1 < eir_len; i += eir[i] + 1) {
11799 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) {
11800 if (!hdev->mesh_ad_types[j])
11803 if (hdev->mesh_ad_types[j] == eir[i + 1])
11809 if (scan_rsp_len > 0) {
11810 for (i = 0; i + 1 < scan_rsp_len; i += scan_rsp[i] + 1) {
11811 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) {
11812 if (!hdev->mesh_ad_types[j])
11815 if (hdev->mesh_ad_types[j] == scan_rsp[i + 1])
11824 skb = mgmt_alloc_skb(hdev, MGMT_EV_MESH_DEVICE_FOUND,
11825 sizeof(*ev) + eir_len + scan_rsp_len);
11829 ev = skb_put(skb, sizeof(*ev));
11831 bacpy(&ev->addr.bdaddr, bdaddr);
11832 ev->addr.type = link_to_bdaddr(LE_LINK, addr_type);
11834 ev->flags = cpu_to_le32(flags);
11835 ev->instant = cpu_to_le64(instant);
11838 /* Copy EIR or advertising data into event */
11839 skb_put_data(skb, eir, eir_len);
11841 if (scan_rsp_len > 0)
11842 /* Append scan response data to event */
11843 skb_put_data(skb, scan_rsp, scan_rsp_len);
11845 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
11847 mgmt_event_skb(skb, NULL);
11850 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
11851 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
11852 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len,
11855 struct sk_buff *skb;
11856 struct mgmt_ev_device_found *ev;
11857 bool report_device = hci_discovery_active(hdev);
11859 if (hci_dev_test_flag(hdev, HCI_MESH) && link_type == LE_LINK)
11860 mesh_device_found(hdev, bdaddr, addr_type, rssi, flags,
11861 eir, eir_len, scan_rsp, scan_rsp_len,
11864 /* Don't send events for a non-kernel initiated discovery. With
11865 * LE one exception is if we have pend_le_reports > 0 in which
11866 * case we're doing passive scanning and want these events.
11868 if (!hci_discovery_active(hdev)) {
11869 if (link_type == ACL_LINK)
11871 if (link_type == LE_LINK && !list_empty(&hdev->pend_le_reports))
11872 report_device = true;
11873 else if (!hci_is_adv_monitoring(hdev))
11877 if (hdev->discovery.result_filtering) {
11878 /* We are using service discovery */
11879 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
11884 if (hdev->discovery.limited) {
11885 /* Check for limited discoverable bit */
11887 if (!(dev_class[1] & 0x20))
11890 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
11891 if (!flags || !(flags[0] & LE_AD_LIMITED))
11896 /* Allocate skb. The 5 extra bytes are for the potential CoD field */
11897 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
11898 sizeof(*ev) + eir_len + scan_rsp_len + 5);
11902 ev = skb_put(skb, sizeof(*ev));
11904 /* In case of device discovery with BR/EDR devices (pre 1.2), the
11905 * RSSI value was reported as 0 when not available. This behavior
11906 * is kept when using device discovery. This is required for full
11907 * backwards compatibility with the API.
11909 * However when using service discovery, the value 127 will be
11910 * returned when the RSSI is not available.
11912 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
11913 link_type == ACL_LINK)
11916 bacpy(&ev->addr.bdaddr, bdaddr);
11917 ev->addr.type = link_to_bdaddr(link_type, addr_type);
11919 ev->flags = cpu_to_le32(flags);
11922 /* Copy EIR or advertising data into event */
11923 skb_put_data(skb, eir, eir_len);
11925 if (dev_class && !eir_get_data(eir, eir_len, EIR_CLASS_OF_DEV, NULL)) {
11928 eir_len += eir_append_data(eir_cod, 0, EIR_CLASS_OF_DEV,
11930 skb_put_data(skb, eir_cod, sizeof(eir_cod));
11933 if (scan_rsp_len > 0)
11934 /* Append scan response data to event */
11935 skb_put_data(skb, scan_rsp, scan_rsp_len);
11937 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
11939 mgmt_adv_monitor_device_found(hdev, bdaddr, report_device, skb, NULL);
11942 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
11943 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
11945 struct sk_buff *skb;
11946 struct mgmt_ev_device_found *ev;
11950 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
11951 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0));
11953 ev = skb_put(skb, sizeof(*ev));
11954 bacpy(&ev->addr.bdaddr, bdaddr);
11955 ev->addr.type = link_to_bdaddr(link_type, addr_type);
11959 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
11961 flags = MGMT_DEV_FOUND_NAME_REQUEST_FAILED;
11963 ev->eir_len = cpu_to_le16(eir_len);
11964 ev->flags = cpu_to_le32(flags);
11966 mgmt_event_skb(skb, NULL);
11969 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
11971 struct mgmt_ev_discovering ev;
11973 bt_dev_dbg(hdev, "discovering %u", discovering);
11975 memset(&ev, 0, sizeof(ev));
11976 ev.type = hdev->discovery.type;
11977 ev.discovering = discovering;
11979 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
11982 void mgmt_suspending(struct hci_dev *hdev, u8 state)
11984 struct mgmt_ev_controller_suspend ev;
11986 ev.suspend_state = state;
11987 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL);
11990 void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr,
11993 struct mgmt_ev_controller_resume ev;
11995 ev.wake_reason = reason;
11997 bacpy(&ev.addr.bdaddr, bdaddr);
11998 ev.addr.type = addr_type;
12000 memset(&ev.addr, 0, sizeof(ev.addr));
12003 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL);
12006 static struct hci_mgmt_chan chan = {
12007 .channel = HCI_CHANNEL_CONTROL,
12008 .handler_count = ARRAY_SIZE(mgmt_handlers),
12009 .handlers = mgmt_handlers,
12011 .tizen_handler_count = ARRAY_SIZE(tizen_mgmt_handlers),
12012 .tizen_handlers = tizen_mgmt_handlers,
12014 .hdev_init = mgmt_init_hdev,
12017 int mgmt_init(void)
12019 return hci_mgmt_chan_register(&chan);
12022 void mgmt_exit(void)
12024 hci_mgmt_chan_unregister(&chan);
12027 void mgmt_cleanup(struct sock *sk)
12029 struct mgmt_mesh_tx *mesh_tx;
12030 struct hci_dev *hdev;
12032 read_lock(&hci_dev_list_lock);
12034 list_for_each_entry(hdev, &hci_dev_list, list) {
12036 mesh_tx = mgmt_mesh_next(hdev, sk);
12039 mesh_send_complete(hdev, mesh_tx, true);
12043 read_unlock(&hci_dev_list_lock);
projects / platform / kernel / linux-starfive.git / blob