2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33 #include <net/bluetooth/mgmt.h>
35 #include "hci_request.h"
38 #define MGMT_VERSION 1
39 #define MGMT_REVISION 8
41 static const u16 mgmt_commands[] = {
42 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_SET_DISCOVERABLE,
46 MGMT_OP_SET_CONNECTABLE,
47 MGMT_OP_SET_FAST_CONNECTABLE,
49 MGMT_OP_SET_LINK_SECURITY,
53 MGMT_OP_SET_DEV_CLASS,
54 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_LOAD_LINK_KEYS,
58 MGMT_OP_LOAD_LONG_TERM_KEYS,
60 MGMT_OP_GET_CONNECTIONS,
61 MGMT_OP_PIN_CODE_REPLY,
62 MGMT_OP_PIN_CODE_NEG_REPLY,
63 MGMT_OP_SET_IO_CAPABILITY,
65 MGMT_OP_CANCEL_PAIR_DEVICE,
66 MGMT_OP_UNPAIR_DEVICE,
67 MGMT_OP_USER_CONFIRM_REPLY,
68 MGMT_OP_USER_CONFIRM_NEG_REPLY,
69 MGMT_OP_USER_PASSKEY_REPLY,
70 MGMT_OP_USER_PASSKEY_NEG_REPLY,
71 MGMT_OP_READ_LOCAL_OOB_DATA,
72 MGMT_OP_ADD_REMOTE_OOB_DATA,
73 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
74 MGMT_OP_START_DISCOVERY,
75 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_UNBLOCK_DEVICE,
79 MGMT_OP_SET_DEVICE_ID,
80 MGMT_OP_SET_ADVERTISING,
82 MGMT_OP_SET_STATIC_ADDRESS,
83 MGMT_OP_SET_SCAN_PARAMS,
84 MGMT_OP_SET_SECURE_CONN,
85 MGMT_OP_SET_DEBUG_KEYS,
88 MGMT_OP_GET_CONN_INFO,
89 MGMT_OP_GET_CLOCK_INFO,
91 MGMT_OP_REMOVE_DEVICE,
92 MGMT_OP_LOAD_CONN_PARAM,
93 MGMT_OP_READ_UNCONF_INDEX_LIST,
94 MGMT_OP_READ_CONFIG_INFO,
95 MGMT_OP_SET_EXTERNAL_CONFIG,
96 MGMT_OP_SET_PUBLIC_ADDRESS,
97 MGMT_OP_START_SERVICE_DISCOVERY,
100 static const u16 mgmt_events[] = {
101 MGMT_EV_CONTROLLER_ERROR,
103 MGMT_EV_INDEX_REMOVED,
104 MGMT_EV_NEW_SETTINGS,
105 MGMT_EV_CLASS_OF_DEV_CHANGED,
106 MGMT_EV_LOCAL_NAME_CHANGED,
107 MGMT_EV_NEW_LINK_KEY,
108 MGMT_EV_NEW_LONG_TERM_KEY,
109 MGMT_EV_DEVICE_CONNECTED,
110 MGMT_EV_DEVICE_DISCONNECTED,
111 MGMT_EV_CONNECT_FAILED,
112 MGMT_EV_PIN_CODE_REQUEST,
113 MGMT_EV_USER_CONFIRM_REQUEST,
114 MGMT_EV_USER_PASSKEY_REQUEST,
116 MGMT_EV_DEVICE_FOUND,
118 MGMT_EV_DEVICE_BLOCKED,
119 MGMT_EV_DEVICE_UNBLOCKED,
120 MGMT_EV_DEVICE_UNPAIRED,
121 MGMT_EV_PASSKEY_NOTIFY,
124 MGMT_EV_DEVICE_ADDED,
125 MGMT_EV_DEVICE_REMOVED,
126 MGMT_EV_NEW_CONN_PARAM,
127 MGMT_EV_UNCONF_INDEX_ADDED,
128 MGMT_EV_UNCONF_INDEX_REMOVED,
129 MGMT_EV_NEW_CONFIG_OPTIONS,
132 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
135 struct list_head list;
142 int (*cmd_complete)(struct pending_cmd *cmd, u8 status);
145 /* HCI to MGMT error code conversion table */
146 static u8 mgmt_status_table[] = {
148 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
149 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
150 MGMT_STATUS_FAILED, /* Hardware Failure */
151 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
152 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
153 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
154 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
155 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
156 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
157 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
158 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
159 MGMT_STATUS_BUSY, /* Command Disallowed */
160 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
161 MGMT_STATUS_REJECTED, /* Rejected Security */
162 MGMT_STATUS_REJECTED, /* Rejected Personal */
163 MGMT_STATUS_TIMEOUT, /* Host Timeout */
164 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
166 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
167 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
168 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
169 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
170 MGMT_STATUS_BUSY, /* Repeated Attempts */
171 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
172 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
173 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
174 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
175 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
176 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
177 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
178 MGMT_STATUS_FAILED, /* Unspecified Error */
179 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
180 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
181 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
182 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
183 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
184 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
185 MGMT_STATUS_FAILED, /* Unit Link Key Used */
186 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
187 MGMT_STATUS_TIMEOUT, /* Instant Passed */
188 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
189 MGMT_STATUS_FAILED, /* Transaction Collision */
190 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
191 MGMT_STATUS_REJECTED, /* QoS Rejected */
192 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
193 MGMT_STATUS_REJECTED, /* Insufficient Security */
194 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
195 MGMT_STATUS_BUSY, /* Role Switch Pending */
196 MGMT_STATUS_FAILED, /* Slot Violation */
197 MGMT_STATUS_FAILED, /* Role Switch Failed */
198 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
199 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
200 MGMT_STATUS_BUSY, /* Host Busy Pairing */
201 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
202 MGMT_STATUS_BUSY, /* Controller Busy */
203 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
204 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
205 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
206 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
207 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
210 static u8 mgmt_status(u8 hci_status)
212 if (hci_status < ARRAY_SIZE(mgmt_status_table))
213 return mgmt_status_table[hci_status];
215 return MGMT_STATUS_FAILED;
218 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
219 struct sock *skip_sk)
222 struct mgmt_hdr *hdr;
224 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
228 hdr = (void *) skb_put(skb, sizeof(*hdr));
229 hdr->opcode = cpu_to_le16(event);
231 hdr->index = cpu_to_le16(hdev->id);
233 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
234 hdr->len = cpu_to_le16(data_len);
237 memcpy(skb_put(skb, data_len), data, data_len);
240 __net_timestamp(skb);
242 hci_send_to_control(skb, skip_sk);
248 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
251 struct mgmt_hdr *hdr;
252 struct mgmt_ev_cmd_status *ev;
255 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
257 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
261 hdr = (void *) skb_put(skb, sizeof(*hdr));
263 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
264 hdr->index = cpu_to_le16(index);
265 hdr->len = cpu_to_le16(sizeof(*ev));
267 ev = (void *) skb_put(skb, sizeof(*ev));
269 ev->opcode = cpu_to_le16(cmd);
271 err = sock_queue_rcv_skb(sk, skb);
278 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
279 void *rp, size_t rp_len)
282 struct mgmt_hdr *hdr;
283 struct mgmt_ev_cmd_complete *ev;
286 BT_DBG("sock %p", sk);
288 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
292 hdr = (void *) skb_put(skb, sizeof(*hdr));
294 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
295 hdr->index = cpu_to_le16(index);
296 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
298 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
299 ev->opcode = cpu_to_le16(cmd);
303 memcpy(ev->data, rp, rp_len);
305 err = sock_queue_rcv_skb(sk, skb);
312 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
315 struct mgmt_rp_read_version rp;
317 BT_DBG("sock %p", sk);
319 rp.version = MGMT_VERSION;
320 rp.revision = cpu_to_le16(MGMT_REVISION);
322 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
326 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
329 struct mgmt_rp_read_commands *rp;
330 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
331 const u16 num_events = ARRAY_SIZE(mgmt_events);
336 BT_DBG("sock %p", sk);
338 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
340 rp = kmalloc(rp_size, GFP_KERNEL);
344 rp->num_commands = cpu_to_le16(num_commands);
345 rp->num_events = cpu_to_le16(num_events);
347 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
348 put_unaligned_le16(mgmt_commands[i], opcode);
350 for (i = 0; i < num_events; i++, opcode++)
351 put_unaligned_le16(mgmt_events[i], opcode);
353 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
360 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
363 struct mgmt_rp_read_index_list *rp;
369 BT_DBG("sock %p", sk);
371 read_lock(&hci_dev_list_lock);
374 list_for_each_entry(d, &hci_dev_list, list) {
375 if (d->dev_type == HCI_BREDR &&
376 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
380 rp_len = sizeof(*rp) + (2 * count);
381 rp = kmalloc(rp_len, GFP_ATOMIC);
383 read_unlock(&hci_dev_list_lock);
388 list_for_each_entry(d, &hci_dev_list, list) {
389 if (test_bit(HCI_SETUP, &d->dev_flags) ||
390 test_bit(HCI_CONFIG, &d->dev_flags) ||
391 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
394 /* Devices marked as raw-only are neither configured
395 * nor unconfigured controllers.
397 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
400 if (d->dev_type == HCI_BREDR &&
401 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
402 rp->index[count++] = cpu_to_le16(d->id);
403 BT_DBG("Added hci%u", d->id);
407 rp->num_controllers = cpu_to_le16(count);
408 rp_len = sizeof(*rp) + (2 * count);
410 read_unlock(&hci_dev_list_lock);
412 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
420 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
421 void *data, u16 data_len)
423 struct mgmt_rp_read_unconf_index_list *rp;
429 BT_DBG("sock %p", sk);
431 read_lock(&hci_dev_list_lock);
434 list_for_each_entry(d, &hci_dev_list, list) {
435 if (d->dev_type == HCI_BREDR &&
436 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
440 rp_len = sizeof(*rp) + (2 * count);
441 rp = kmalloc(rp_len, GFP_ATOMIC);
443 read_unlock(&hci_dev_list_lock);
448 list_for_each_entry(d, &hci_dev_list, list) {
449 if (test_bit(HCI_SETUP, &d->dev_flags) ||
450 test_bit(HCI_CONFIG, &d->dev_flags) ||
451 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
454 /* Devices marked as raw-only are neither configured
455 * nor unconfigured controllers.
457 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
460 if (d->dev_type == HCI_BREDR &&
461 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
462 rp->index[count++] = cpu_to_le16(d->id);
463 BT_DBG("Added hci%u", d->id);
467 rp->num_controllers = cpu_to_le16(count);
468 rp_len = sizeof(*rp) + (2 * count);
470 read_unlock(&hci_dev_list_lock);
472 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
480 static bool is_configured(struct hci_dev *hdev)
482 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
483 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
486 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
487 !bacmp(&hdev->public_addr, BDADDR_ANY))
493 static __le32 get_missing_options(struct hci_dev *hdev)
497 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
498 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
499 options |= MGMT_OPTION_EXTERNAL_CONFIG;
501 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
502 !bacmp(&hdev->public_addr, BDADDR_ANY))
503 options |= MGMT_OPTION_PUBLIC_ADDRESS;
505 return cpu_to_le32(options);
508 static int new_options(struct hci_dev *hdev, struct sock *skip)
510 __le32 options = get_missing_options(hdev);
512 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
513 sizeof(options), skip);
516 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
518 __le32 options = get_missing_options(hdev);
520 return cmd_complete(sk, hdev->id, opcode, 0, &options,
524 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
525 void *data, u16 data_len)
527 struct mgmt_rp_read_config_info rp;
530 BT_DBG("sock %p %s", sk, hdev->name);
534 memset(&rp, 0, sizeof(rp));
535 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
537 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
538 options |= MGMT_OPTION_EXTERNAL_CONFIG;
540 if (hdev->set_bdaddr)
541 options |= MGMT_OPTION_PUBLIC_ADDRESS;
543 rp.supported_options = cpu_to_le32(options);
544 rp.missing_options = get_missing_options(hdev);
546 hci_dev_unlock(hdev);
548 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
552 static u32 get_supported_settings(struct hci_dev *hdev)
556 settings |= MGMT_SETTING_POWERED;
557 settings |= MGMT_SETTING_BONDABLE;
558 settings |= MGMT_SETTING_DEBUG_KEYS;
559 settings |= MGMT_SETTING_CONNECTABLE;
560 settings |= MGMT_SETTING_DISCOVERABLE;
562 if (lmp_bredr_capable(hdev)) {
563 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
564 settings |= MGMT_SETTING_FAST_CONNECTABLE;
565 settings |= MGMT_SETTING_BREDR;
566 settings |= MGMT_SETTING_LINK_SECURITY;
568 if (lmp_ssp_capable(hdev)) {
569 settings |= MGMT_SETTING_SSP;
570 settings |= MGMT_SETTING_HS;
573 if (lmp_sc_capable(hdev))
574 settings |= MGMT_SETTING_SECURE_CONN;
577 if (lmp_le_capable(hdev)) {
578 settings |= MGMT_SETTING_LE;
579 settings |= MGMT_SETTING_ADVERTISING;
580 settings |= MGMT_SETTING_SECURE_CONN;
581 settings |= MGMT_SETTING_PRIVACY;
584 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
586 settings |= MGMT_SETTING_CONFIGURATION;
591 static u32 get_current_settings(struct hci_dev *hdev)
595 if (hdev_is_powered(hdev))
596 settings |= MGMT_SETTING_POWERED;
598 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
599 settings |= MGMT_SETTING_CONNECTABLE;
601 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
602 settings |= MGMT_SETTING_FAST_CONNECTABLE;
604 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
605 settings |= MGMT_SETTING_DISCOVERABLE;
607 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
608 settings |= MGMT_SETTING_BONDABLE;
610 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
611 settings |= MGMT_SETTING_BREDR;
613 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
614 settings |= MGMT_SETTING_LE;
616 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
617 settings |= MGMT_SETTING_LINK_SECURITY;
619 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
620 settings |= MGMT_SETTING_SSP;
622 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
623 settings |= MGMT_SETTING_HS;
625 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
626 settings |= MGMT_SETTING_ADVERTISING;
628 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
629 settings |= MGMT_SETTING_SECURE_CONN;
631 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
632 settings |= MGMT_SETTING_DEBUG_KEYS;
634 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
635 settings |= MGMT_SETTING_PRIVACY;
640 #define PNP_INFO_SVCLASS_ID 0x1200
642 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
644 u8 *ptr = data, *uuids_start = NULL;
645 struct bt_uuid *uuid;
650 list_for_each_entry(uuid, &hdev->uuids, list) {
653 if (uuid->size != 16)
656 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
660 if (uuid16 == PNP_INFO_SVCLASS_ID)
666 uuids_start[1] = EIR_UUID16_ALL;
670 /* Stop if not enough space to put next UUID */
671 if ((ptr - data) + sizeof(u16) > len) {
672 uuids_start[1] = EIR_UUID16_SOME;
676 *ptr++ = (uuid16 & 0x00ff);
677 *ptr++ = (uuid16 & 0xff00) >> 8;
678 uuids_start[0] += sizeof(uuid16);
684 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
686 u8 *ptr = data, *uuids_start = NULL;
687 struct bt_uuid *uuid;
692 list_for_each_entry(uuid, &hdev->uuids, list) {
693 if (uuid->size != 32)
699 uuids_start[1] = EIR_UUID32_ALL;
703 /* Stop if not enough space to put next UUID */
704 if ((ptr - data) + sizeof(u32) > len) {
705 uuids_start[1] = EIR_UUID32_SOME;
709 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
711 uuids_start[0] += sizeof(u32);
717 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
719 u8 *ptr = data, *uuids_start = NULL;
720 struct bt_uuid *uuid;
725 list_for_each_entry(uuid, &hdev->uuids, list) {
726 if (uuid->size != 128)
732 uuids_start[1] = EIR_UUID128_ALL;
736 /* Stop if not enough space to put next UUID */
737 if ((ptr - data) + 16 > len) {
738 uuids_start[1] = EIR_UUID128_SOME;
742 memcpy(ptr, uuid->uuid, 16);
744 uuids_start[0] += 16;
750 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
752 struct pending_cmd *cmd;
754 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
755 if (cmd->opcode == opcode)
762 static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
763 struct hci_dev *hdev,
766 struct pending_cmd *cmd;
768 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
769 if (cmd->user_data != data)
771 if (cmd->opcode == opcode)
778 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
783 name_len = strlen(hdev->dev_name);
785 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
787 if (name_len > max_len) {
789 ptr[1] = EIR_NAME_SHORT;
791 ptr[1] = EIR_NAME_COMPLETE;
793 ptr[0] = name_len + 1;
795 memcpy(ptr + 2, hdev->dev_name, name_len);
797 ad_len += (name_len + 2);
798 ptr += (name_len + 2);
804 static void update_scan_rsp_data(struct hci_request *req)
806 struct hci_dev *hdev = req->hdev;
807 struct hci_cp_le_set_scan_rsp_data cp;
810 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
813 memset(&cp, 0, sizeof(cp));
815 len = create_scan_rsp_data(hdev, cp.data);
817 if (hdev->scan_rsp_data_len == len &&
818 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
821 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
822 hdev->scan_rsp_data_len = len;
826 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
829 static u8 get_adv_discov_flags(struct hci_dev *hdev)
831 struct pending_cmd *cmd;
833 /* If there's a pending mgmt command the flags will not yet have
834 * their final values, so check for this first.
836 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
838 struct mgmt_mode *cp = cmd->param;
840 return LE_AD_GENERAL;
841 else if (cp->val == 0x02)
842 return LE_AD_LIMITED;
844 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
845 return LE_AD_LIMITED;
846 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
847 return LE_AD_GENERAL;
853 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
855 u8 ad_len = 0, flags = 0;
857 flags |= get_adv_discov_flags(hdev);
859 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
860 flags |= LE_AD_NO_BREDR;
863 BT_DBG("adv flags 0x%02x", flags);
873 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
875 ptr[1] = EIR_TX_POWER;
876 ptr[2] = (u8) hdev->adv_tx_power;
885 static void update_adv_data(struct hci_request *req)
887 struct hci_dev *hdev = req->hdev;
888 struct hci_cp_le_set_adv_data cp;
891 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
894 memset(&cp, 0, sizeof(cp));
896 len = create_adv_data(hdev, cp.data);
898 if (hdev->adv_data_len == len &&
899 memcmp(cp.data, hdev->adv_data, len) == 0)
902 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
903 hdev->adv_data_len = len;
907 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
910 int mgmt_update_adv_data(struct hci_dev *hdev)
912 struct hci_request req;
914 hci_req_init(&req, hdev);
915 update_adv_data(&req);
917 return hci_req_run(&req, NULL);
920 static void create_eir(struct hci_dev *hdev, u8 *data)
925 name_len = strlen(hdev->dev_name);
931 ptr[1] = EIR_NAME_SHORT;
933 ptr[1] = EIR_NAME_COMPLETE;
935 /* EIR Data length */
936 ptr[0] = name_len + 1;
938 memcpy(ptr + 2, hdev->dev_name, name_len);
940 ptr += (name_len + 2);
943 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
945 ptr[1] = EIR_TX_POWER;
946 ptr[2] = (u8) hdev->inq_tx_power;
951 if (hdev->devid_source > 0) {
953 ptr[1] = EIR_DEVICE_ID;
955 put_unaligned_le16(hdev->devid_source, ptr + 2);
956 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
957 put_unaligned_le16(hdev->devid_product, ptr + 6);
958 put_unaligned_le16(hdev->devid_version, ptr + 8);
963 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
964 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
965 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
968 static void update_eir(struct hci_request *req)
970 struct hci_dev *hdev = req->hdev;
971 struct hci_cp_write_eir cp;
973 if (!hdev_is_powered(hdev))
976 if (!lmp_ext_inq_capable(hdev))
979 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
982 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
985 memset(&cp, 0, sizeof(cp));
987 create_eir(hdev, cp.data);
989 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
992 memcpy(hdev->eir, cp.data, sizeof(cp.data));
994 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
997 static u8 get_service_classes(struct hci_dev *hdev)
999 struct bt_uuid *uuid;
1002 list_for_each_entry(uuid, &hdev->uuids, list)
1003 val |= uuid->svc_hint;
1008 static void update_class(struct hci_request *req)
1010 struct hci_dev *hdev = req->hdev;
1013 BT_DBG("%s", hdev->name);
1015 if (!hdev_is_powered(hdev))
1018 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1021 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1024 cod[0] = hdev->minor_class;
1025 cod[1] = hdev->major_class;
1026 cod[2] = get_service_classes(hdev);
1028 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1031 if (memcmp(cod, hdev->dev_class, 3) == 0)
1034 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1037 static bool get_connectable(struct hci_dev *hdev)
1039 struct pending_cmd *cmd;
1041 /* If there's a pending mgmt command the flag will not yet have
1042 * it's final value, so check for this first.
1044 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1046 struct mgmt_mode *cp = cmd->param;
1050 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1053 static void disable_advertising(struct hci_request *req)
1057 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1060 static void enable_advertising(struct hci_request *req)
1062 struct hci_dev *hdev = req->hdev;
1063 struct hci_cp_le_set_adv_param cp;
1064 u8 own_addr_type, enable = 0x01;
1067 if (hci_conn_num(hdev, LE_LINK) > 0)
1070 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1071 disable_advertising(req);
1073 /* Clear the HCI_LE_ADV bit temporarily so that the
1074 * hci_update_random_address knows that it's safe to go ahead
1075 * and write a new random address. The flag will be set back on
1076 * as soon as the SET_ADV_ENABLE HCI command completes.
1078 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
1080 connectable = get_connectable(hdev);
1082 /* Set require_privacy to true only when non-connectable
1083 * advertising is used. In that case it is fine to use a
1084 * non-resolvable private address.
1086 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1089 memset(&cp, 0, sizeof(cp));
1090 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1091 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1092 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1093 cp.own_address_type = own_addr_type;
1094 cp.channel_map = hdev->le_adv_channel_map;
1096 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1098 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1101 static void service_cache_off(struct work_struct *work)
1103 struct hci_dev *hdev = container_of(work, struct hci_dev,
1104 service_cache.work);
1105 struct hci_request req;
1107 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1110 hci_req_init(&req, hdev);
1117 hci_dev_unlock(hdev);
1119 hci_req_run(&req, NULL);
1122 static void rpa_expired(struct work_struct *work)
1124 struct hci_dev *hdev = container_of(work, struct hci_dev,
1126 struct hci_request req;
1130 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1132 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1135 /* The generation of a new RPA and programming it into the
1136 * controller happens in the enable_advertising() function.
1138 hci_req_init(&req, hdev);
1139 enable_advertising(&req);
1140 hci_req_run(&req, NULL);
1143 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1145 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
1148 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1149 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1151 /* Non-mgmt controlled devices get this bit set
1152 * implicitly so that pairing works for them, however
1153 * for mgmt we require user-space to explicitly enable
1156 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1159 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1160 void *data, u16 data_len)
1162 struct mgmt_rp_read_info rp;
1164 BT_DBG("sock %p %s", sk, hdev->name);
1168 memset(&rp, 0, sizeof(rp));
1170 bacpy(&rp.bdaddr, &hdev->bdaddr);
1172 rp.version = hdev->hci_ver;
1173 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1175 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1176 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1178 memcpy(rp.dev_class, hdev->dev_class, 3);
1180 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1181 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1183 hci_dev_unlock(hdev);
1185 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1189 static void mgmt_pending_free(struct pending_cmd *cmd)
1196 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1197 struct hci_dev *hdev, void *data,
1200 struct pending_cmd *cmd;
1202 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1206 cmd->opcode = opcode;
1207 cmd->index = hdev->id;
1209 cmd->param = kmemdup(data, len, GFP_KERNEL);
1215 cmd->param_len = len;
1220 list_add(&cmd->list, &hdev->mgmt_pending);
1225 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1226 void (*cb)(struct pending_cmd *cmd,
1230 struct pending_cmd *cmd, *tmp;
1232 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1233 if (opcode > 0 && cmd->opcode != opcode)
1240 static void mgmt_pending_remove(struct pending_cmd *cmd)
1242 list_del(&cmd->list);
1243 mgmt_pending_free(cmd);
1246 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1248 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1250 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
1254 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1256 BT_DBG("%s status 0x%02x", hdev->name, status);
1258 if (hci_conn_count(hdev) == 0) {
1259 cancel_delayed_work(&hdev->power_off);
1260 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1264 static bool hci_stop_discovery(struct hci_request *req)
1266 struct hci_dev *hdev = req->hdev;
1267 struct hci_cp_remote_name_req_cancel cp;
1268 struct inquiry_entry *e;
1270 switch (hdev->discovery.state) {
1271 case DISCOVERY_FINDING:
1272 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1273 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1275 cancel_delayed_work(&hdev->le_scan_disable);
1276 hci_req_add_le_scan_disable(req);
1281 case DISCOVERY_RESOLVING:
1282 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1287 bacpy(&cp.bdaddr, &e->data.bdaddr);
1288 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1294 /* Passive scanning */
1295 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
1296 hci_req_add_le_scan_disable(req);
1306 static int clean_up_hci_state(struct hci_dev *hdev)
1308 struct hci_request req;
1309 struct hci_conn *conn;
1310 bool discov_stopped;
1313 hci_req_init(&req, hdev);
1315 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1316 test_bit(HCI_PSCAN, &hdev->flags)) {
1318 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1321 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1322 disable_advertising(&req);
1324 discov_stopped = hci_stop_discovery(&req);
1326 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1327 struct hci_cp_disconnect dc;
1328 struct hci_cp_reject_conn_req rej;
1330 switch (conn->state) {
1333 dc.handle = cpu_to_le16(conn->handle);
1334 dc.reason = 0x15; /* Terminated due to Power Off */
1335 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1338 if (conn->type == LE_LINK)
1339 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1341 else if (conn->type == ACL_LINK)
1342 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1346 bacpy(&rej.bdaddr, &conn->dst);
1347 rej.reason = 0x15; /* Terminated due to Power Off */
1348 if (conn->type == ACL_LINK)
1349 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1351 else if (conn->type == SCO_LINK)
1352 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1358 err = hci_req_run(&req, clean_up_hci_complete);
1359 if (!err && discov_stopped)
1360 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1365 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1368 struct mgmt_mode *cp = data;
1369 struct pending_cmd *cmd;
1372 BT_DBG("request for %s", hdev->name);
1374 if (cp->val != 0x00 && cp->val != 0x01)
1375 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1376 MGMT_STATUS_INVALID_PARAMS);
1380 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1381 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1386 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1387 cancel_delayed_work(&hdev->power_off);
1390 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1392 err = mgmt_powered(hdev, 1);
1397 if (!!cp->val == hdev_is_powered(hdev)) {
1398 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1402 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1409 queue_work(hdev->req_workqueue, &hdev->power_on);
1412 /* Disconnect connections, stop scans, etc */
1413 err = clean_up_hci_state(hdev);
1415 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1416 HCI_POWER_OFF_TIMEOUT);
1418 /* ENODATA means there were no HCI commands queued */
1419 if (err == -ENODATA) {
1420 cancel_delayed_work(&hdev->power_off);
1421 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1427 hci_dev_unlock(hdev);
1431 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1435 ev = cpu_to_le32(get_current_settings(hdev));
1437 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1440 int mgmt_new_settings(struct hci_dev *hdev)
1442 return new_settings(hdev, NULL);
1447 struct hci_dev *hdev;
1451 static void settings_rsp(struct pending_cmd *cmd, void *data)
1453 struct cmd_lookup *match = data;
1455 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1457 list_del(&cmd->list);
1459 if (match->sk == NULL) {
1460 match->sk = cmd->sk;
1461 sock_hold(match->sk);
1464 mgmt_pending_free(cmd);
1467 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1471 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1472 mgmt_pending_remove(cmd);
1475 static void cmd_complete_rsp(struct pending_cmd *cmd, void *data)
1477 if (cmd->cmd_complete) {
1480 cmd->cmd_complete(cmd, *status);
1481 mgmt_pending_remove(cmd);
1486 cmd_status_rsp(cmd, data);
1489 static int generic_cmd_complete(struct pending_cmd *cmd, u8 status)
1491 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1492 cmd->param, cmd->param_len);
1495 static int addr_cmd_complete(struct pending_cmd *cmd, u8 status)
1497 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1498 sizeof(struct mgmt_addr_info));
1501 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1503 if (!lmp_bredr_capable(hdev))
1504 return MGMT_STATUS_NOT_SUPPORTED;
1505 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1506 return MGMT_STATUS_REJECTED;
1508 return MGMT_STATUS_SUCCESS;
1511 static u8 mgmt_le_support(struct hci_dev *hdev)
1513 if (!lmp_le_capable(hdev))
1514 return MGMT_STATUS_NOT_SUPPORTED;
1515 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1516 return MGMT_STATUS_REJECTED;
1518 return MGMT_STATUS_SUCCESS;
1521 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1523 struct pending_cmd *cmd;
1524 struct mgmt_mode *cp;
1525 struct hci_request req;
1528 BT_DBG("status 0x%02x", status);
1532 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1537 u8 mgmt_err = mgmt_status(status);
1538 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1539 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1545 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1548 if (hdev->discov_timeout > 0) {
1549 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1550 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1554 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1558 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1561 new_settings(hdev, cmd->sk);
1563 /* When the discoverable mode gets changed, make sure
1564 * that class of device has the limited discoverable
1565 * bit correctly set. Also update page scan based on whitelist
1568 hci_req_init(&req, hdev);
1569 __hci_update_page_scan(&req);
1571 hci_req_run(&req, NULL);
1574 mgmt_pending_remove(cmd);
1577 hci_dev_unlock(hdev);
1580 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1583 struct mgmt_cp_set_discoverable *cp = data;
1584 struct pending_cmd *cmd;
1585 struct hci_request req;
1590 BT_DBG("request for %s", hdev->name);
1592 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1593 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1594 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1595 MGMT_STATUS_REJECTED);
1597 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1598 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1599 MGMT_STATUS_INVALID_PARAMS);
1601 timeout = __le16_to_cpu(cp->timeout);
1603 /* Disabling discoverable requires that no timeout is set,
1604 * and enabling limited discoverable requires a timeout.
1606 if ((cp->val == 0x00 && timeout > 0) ||
1607 (cp->val == 0x02 && timeout == 0))
1608 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1609 MGMT_STATUS_INVALID_PARAMS);
1613 if (!hdev_is_powered(hdev) && timeout > 0) {
1614 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1615 MGMT_STATUS_NOT_POWERED);
1619 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1620 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1621 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1626 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1627 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1628 MGMT_STATUS_REJECTED);
1632 if (!hdev_is_powered(hdev)) {
1633 bool changed = false;
1635 /* Setting limited discoverable when powered off is
1636 * not a valid operation since it requires a timeout
1637 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1639 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1640 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1644 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1649 err = new_settings(hdev, sk);
1654 /* If the current mode is the same, then just update the timeout
1655 * value with the new value. And if only the timeout gets updated,
1656 * then no need for any HCI transactions.
1658 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1659 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1660 &hdev->dev_flags)) {
1661 cancel_delayed_work(&hdev->discov_off);
1662 hdev->discov_timeout = timeout;
1664 if (cp->val && hdev->discov_timeout > 0) {
1665 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1666 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1670 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1674 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1680 /* Cancel any potential discoverable timeout that might be
1681 * still active and store new timeout value. The arming of
1682 * the timeout happens in the complete handler.
1684 cancel_delayed_work(&hdev->discov_off);
1685 hdev->discov_timeout = timeout;
1687 /* Limited discoverable mode */
1688 if (cp->val == 0x02)
1689 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1691 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1693 hci_req_init(&req, hdev);
1695 /* The procedure for LE-only controllers is much simpler - just
1696 * update the advertising data.
1698 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1704 struct hci_cp_write_current_iac_lap hci_cp;
1706 if (cp->val == 0x02) {
1707 /* Limited discoverable mode */
1708 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1709 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1710 hci_cp.iac_lap[1] = 0x8b;
1711 hci_cp.iac_lap[2] = 0x9e;
1712 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1713 hci_cp.iac_lap[4] = 0x8b;
1714 hci_cp.iac_lap[5] = 0x9e;
1716 /* General discoverable mode */
1718 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1719 hci_cp.iac_lap[1] = 0x8b;
1720 hci_cp.iac_lap[2] = 0x9e;
1723 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1724 (hci_cp.num_iac * 3) + 1, &hci_cp);
1726 scan |= SCAN_INQUIRY;
1728 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1731 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1734 update_adv_data(&req);
1736 err = hci_req_run(&req, set_discoverable_complete);
1738 mgmt_pending_remove(cmd);
1741 hci_dev_unlock(hdev);
1745 static void write_fast_connectable(struct hci_request *req, bool enable)
1747 struct hci_dev *hdev = req->hdev;
1748 struct hci_cp_write_page_scan_activity acp;
1751 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1754 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1758 type = PAGE_SCAN_TYPE_INTERLACED;
1760 /* 160 msec page scan interval */
1761 acp.interval = cpu_to_le16(0x0100);
1763 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1765 /* default 1.28 sec page scan */
1766 acp.interval = cpu_to_le16(0x0800);
1769 acp.window = cpu_to_le16(0x0012);
1771 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1772 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1773 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1776 if (hdev->page_scan_type != type)
1777 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1780 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1782 struct pending_cmd *cmd;
1783 struct mgmt_mode *cp;
1784 bool conn_changed, discov_changed;
1786 BT_DBG("status 0x%02x", status);
1790 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1795 u8 mgmt_err = mgmt_status(status);
1796 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1802 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1804 discov_changed = false;
1806 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1808 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1812 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1814 if (conn_changed || discov_changed) {
1815 new_settings(hdev, cmd->sk);
1816 hci_update_page_scan(hdev);
1818 mgmt_update_adv_data(hdev);
1819 hci_update_background_scan(hdev);
1823 mgmt_pending_remove(cmd);
1826 hci_dev_unlock(hdev);
1829 static int set_connectable_update_settings(struct hci_dev *hdev,
1830 struct sock *sk, u8 val)
1832 bool changed = false;
1835 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1839 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1841 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1842 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1845 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1850 hci_update_page_scan(hdev);
1851 hci_update_background_scan(hdev);
1852 return new_settings(hdev, sk);
1858 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1861 struct mgmt_mode *cp = data;
1862 struct pending_cmd *cmd;
1863 struct hci_request req;
1867 BT_DBG("request for %s", hdev->name);
1869 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1870 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1871 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1872 MGMT_STATUS_REJECTED);
1874 if (cp->val != 0x00 && cp->val != 0x01)
1875 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1876 MGMT_STATUS_INVALID_PARAMS);
1880 if (!hdev_is_powered(hdev)) {
1881 err = set_connectable_update_settings(hdev, sk, cp->val);
1885 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1886 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1887 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1892 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1898 hci_req_init(&req, hdev);
1900 /* If BR/EDR is not enabled and we disable advertising as a
1901 * by-product of disabling connectable, we need to update the
1902 * advertising flags.
1904 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1906 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1907 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1909 update_adv_data(&req);
1910 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1914 /* If we don't have any whitelist entries just
1915 * disable all scanning. If there are entries
1916 * and we had both page and inquiry scanning
1917 * enabled then fall back to only page scanning.
1918 * Otherwise no changes are needed.
1920 if (list_empty(&hdev->whitelist))
1921 scan = SCAN_DISABLED;
1922 else if (test_bit(HCI_ISCAN, &hdev->flags))
1925 goto no_scan_update;
1927 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1928 hdev->discov_timeout > 0)
1929 cancel_delayed_work(&hdev->discov_off);
1932 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1936 /* If we're going from non-connectable to connectable or
1937 * vice-versa when fast connectable is enabled ensure that fast
1938 * connectable gets disabled. write_fast_connectable won't do
1939 * anything if the page scan parameters are already what they
1942 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1943 write_fast_connectable(&req, false);
1945 /* Update the advertising parameters if necessary */
1946 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1947 enable_advertising(&req);
1949 err = hci_req_run(&req, set_connectable_complete);
1951 mgmt_pending_remove(cmd);
1952 if (err == -ENODATA)
1953 err = set_connectable_update_settings(hdev, sk,
1959 hci_dev_unlock(hdev);
1963 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1966 struct mgmt_mode *cp = data;
1970 BT_DBG("request for %s", hdev->name);
1972 if (cp->val != 0x00 && cp->val != 0x01)
1973 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1974 MGMT_STATUS_INVALID_PARAMS);
1979 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
1981 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1983 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1988 err = new_settings(hdev, sk);
1991 hci_dev_unlock(hdev);
1995 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1998 struct mgmt_mode *cp = data;
1999 struct pending_cmd *cmd;
2003 BT_DBG("request for %s", hdev->name);
2005 status = mgmt_bredr_support(hdev);
2007 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2010 if (cp->val != 0x00 && cp->val != 0x01)
2011 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2012 MGMT_STATUS_INVALID_PARAMS);
2016 if (!hdev_is_powered(hdev)) {
2017 bool changed = false;
2019 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
2020 &hdev->dev_flags)) {
2021 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2025 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2030 err = new_settings(hdev, sk);
2035 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2036 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2043 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2044 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2048 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2054 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2056 mgmt_pending_remove(cmd);
2061 hci_dev_unlock(hdev);
2065 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2067 struct mgmt_mode *cp = data;
2068 struct pending_cmd *cmd;
2072 BT_DBG("request for %s", hdev->name);
2074 status = mgmt_bredr_support(hdev);
2076 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2078 if (!lmp_ssp_capable(hdev))
2079 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2080 MGMT_STATUS_NOT_SUPPORTED);
2082 if (cp->val != 0x00 && cp->val != 0x01)
2083 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2084 MGMT_STATUS_INVALID_PARAMS);
2088 if (!hdev_is_powered(hdev)) {
2092 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2095 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2098 changed = test_and_clear_bit(HCI_HS_ENABLED,
2101 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2104 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2109 err = new_settings(hdev, sk);
2114 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2115 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
2116 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2121 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2122 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2126 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2132 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2133 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2134 sizeof(cp->val), &cp->val);
2136 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2138 mgmt_pending_remove(cmd);
2143 hci_dev_unlock(hdev);
2147 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2149 struct mgmt_mode *cp = data;
2154 BT_DBG("request for %s", hdev->name);
2156 status = mgmt_bredr_support(hdev);
2158 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2160 if (!lmp_ssp_capable(hdev))
2161 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2162 MGMT_STATUS_NOT_SUPPORTED);
2164 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2165 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2166 MGMT_STATUS_REJECTED);
2168 if (cp->val != 0x00 && cp->val != 0x01)
2169 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2170 MGMT_STATUS_INVALID_PARAMS);
2175 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2177 if (hdev_is_powered(hdev)) {
2178 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2179 MGMT_STATUS_REJECTED);
2183 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2186 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2191 err = new_settings(hdev, sk);
2194 hci_dev_unlock(hdev);
2198 static void le_enable_complete(struct hci_dev *hdev, u8 status)
2200 struct cmd_lookup match = { NULL, hdev };
2205 u8 mgmt_err = mgmt_status(status);
2207 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2212 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2214 new_settings(hdev, match.sk);
2219 /* Make sure the controller has a good default for
2220 * advertising data. Restrict the update to when LE
2221 * has actually been enabled. During power on, the
2222 * update in powered_update_hci will take care of it.
2224 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2225 struct hci_request req;
2227 hci_req_init(&req, hdev);
2228 update_adv_data(&req);
2229 update_scan_rsp_data(&req);
2230 __hci_update_background_scan(&req);
2231 hci_req_run(&req, NULL);
2235 hci_dev_unlock(hdev);
2238 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2240 struct mgmt_mode *cp = data;
2241 struct hci_cp_write_le_host_supported hci_cp;
2242 struct pending_cmd *cmd;
2243 struct hci_request req;
2247 BT_DBG("request for %s", hdev->name);
2249 if (!lmp_le_capable(hdev))
2250 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2251 MGMT_STATUS_NOT_SUPPORTED);
2253 if (cp->val != 0x00 && cp->val != 0x01)
2254 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2255 MGMT_STATUS_INVALID_PARAMS);
2257 /* LE-only devices do not allow toggling LE on/off */
2258 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
2259 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2260 MGMT_STATUS_REJECTED);
2265 enabled = lmp_host_le_capable(hdev);
2267 if (!hdev_is_powered(hdev) || val == enabled) {
2268 bool changed = false;
2270 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2271 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2275 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2276 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
2280 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2285 err = new_settings(hdev, sk);
2290 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2291 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2292 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2297 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2303 hci_req_init(&req, hdev);
2305 memset(&hci_cp, 0, sizeof(hci_cp));
2309 hci_cp.simul = 0x00;
2311 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
2312 disable_advertising(&req);
2315 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2318 err = hci_req_run(&req, le_enable_complete);
2320 mgmt_pending_remove(cmd);
2323 hci_dev_unlock(hdev);
2327 /* This is a helper function to test for pending mgmt commands that can
2328 * cause CoD or EIR HCI commands. We can only allow one such pending
2329 * mgmt command at a time since otherwise we cannot easily track what
2330 * the current values are, will be, and based on that calculate if a new
2331 * HCI command needs to be sent and if yes with what value.
2333 static bool pending_eir_or_class(struct hci_dev *hdev)
2335 struct pending_cmd *cmd;
2337 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2338 switch (cmd->opcode) {
2339 case MGMT_OP_ADD_UUID:
2340 case MGMT_OP_REMOVE_UUID:
2341 case MGMT_OP_SET_DEV_CLASS:
2342 case MGMT_OP_SET_POWERED:
2350 static const u8 bluetooth_base_uuid[] = {
2351 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2352 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2355 static u8 get_uuid_size(const u8 *uuid)
2359 if (memcmp(uuid, bluetooth_base_uuid, 12))
2362 val = get_unaligned_le32(&uuid[12]);
2369 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2371 struct pending_cmd *cmd;
2375 cmd = mgmt_pending_find(mgmt_op, hdev);
2379 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2380 hdev->dev_class, 3);
2382 mgmt_pending_remove(cmd);
2385 hci_dev_unlock(hdev);
2388 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2390 BT_DBG("status 0x%02x", status);
2392 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2395 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2397 struct mgmt_cp_add_uuid *cp = data;
2398 struct pending_cmd *cmd;
2399 struct hci_request req;
2400 struct bt_uuid *uuid;
2403 BT_DBG("request for %s", hdev->name);
2407 if (pending_eir_or_class(hdev)) {
2408 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2413 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2419 memcpy(uuid->uuid, cp->uuid, 16);
2420 uuid->svc_hint = cp->svc_hint;
2421 uuid->size = get_uuid_size(cp->uuid);
2423 list_add_tail(&uuid->list, &hdev->uuids);
2425 hci_req_init(&req, hdev);
2430 err = hci_req_run(&req, add_uuid_complete);
2432 if (err != -ENODATA)
2435 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2436 hdev->dev_class, 3);
2440 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2449 hci_dev_unlock(hdev);
2453 static bool enable_service_cache(struct hci_dev *hdev)
2455 if (!hdev_is_powered(hdev))
2458 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2459 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2467 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2469 BT_DBG("status 0x%02x", status);
2471 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2474 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2477 struct mgmt_cp_remove_uuid *cp = data;
2478 struct pending_cmd *cmd;
2479 struct bt_uuid *match, *tmp;
2480 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2481 struct hci_request req;
2484 BT_DBG("request for %s", hdev->name);
2488 if (pending_eir_or_class(hdev)) {
2489 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2494 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2495 hci_uuids_clear(hdev);
2497 if (enable_service_cache(hdev)) {
2498 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2499 0, hdev->dev_class, 3);
2508 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2509 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2512 list_del(&match->list);
2518 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2519 MGMT_STATUS_INVALID_PARAMS);
2524 hci_req_init(&req, hdev);
2529 err = hci_req_run(&req, remove_uuid_complete);
2531 if (err != -ENODATA)
2534 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2535 hdev->dev_class, 3);
2539 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2548 hci_dev_unlock(hdev);
2552 static void set_class_complete(struct hci_dev *hdev, u8 status)
2554 BT_DBG("status 0x%02x", status);
2556 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2559 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2562 struct mgmt_cp_set_dev_class *cp = data;
2563 struct pending_cmd *cmd;
2564 struct hci_request req;
2567 BT_DBG("request for %s", hdev->name);
2569 if (!lmp_bredr_capable(hdev))
2570 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2571 MGMT_STATUS_NOT_SUPPORTED);
2575 if (pending_eir_or_class(hdev)) {
2576 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2581 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2582 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2583 MGMT_STATUS_INVALID_PARAMS);
2587 hdev->major_class = cp->major;
2588 hdev->minor_class = cp->minor;
2590 if (!hdev_is_powered(hdev)) {
2591 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2592 hdev->dev_class, 3);
2596 hci_req_init(&req, hdev);
2598 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2599 hci_dev_unlock(hdev);
2600 cancel_delayed_work_sync(&hdev->service_cache);
2607 err = hci_req_run(&req, set_class_complete);
2609 if (err != -ENODATA)
2612 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2613 hdev->dev_class, 3);
2617 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2626 hci_dev_unlock(hdev);
2630 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2633 struct mgmt_cp_load_link_keys *cp = data;
2634 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2635 sizeof(struct mgmt_link_key_info));
2636 u16 key_count, expected_len;
2640 BT_DBG("request for %s", hdev->name);
2642 if (!lmp_bredr_capable(hdev))
2643 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2644 MGMT_STATUS_NOT_SUPPORTED);
2646 key_count = __le16_to_cpu(cp->key_count);
2647 if (key_count > max_key_count) {
2648 BT_ERR("load_link_keys: too big key_count value %u",
2650 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2651 MGMT_STATUS_INVALID_PARAMS);
2654 expected_len = sizeof(*cp) + key_count *
2655 sizeof(struct mgmt_link_key_info);
2656 if (expected_len != len) {
2657 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2659 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2660 MGMT_STATUS_INVALID_PARAMS);
2663 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2664 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2665 MGMT_STATUS_INVALID_PARAMS);
2667 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2670 for (i = 0; i < key_count; i++) {
2671 struct mgmt_link_key_info *key = &cp->keys[i];
2673 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2674 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2675 MGMT_STATUS_INVALID_PARAMS);
2680 hci_link_keys_clear(hdev);
2683 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2686 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2690 new_settings(hdev, NULL);
2692 for (i = 0; i < key_count; i++) {
2693 struct mgmt_link_key_info *key = &cp->keys[i];
2695 /* Always ignore debug keys and require a new pairing if
2696 * the user wants to use them.
2698 if (key->type == HCI_LK_DEBUG_COMBINATION)
2701 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2702 key->type, key->pin_len, NULL);
2705 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2707 hci_dev_unlock(hdev);
2712 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2713 u8 addr_type, struct sock *skip_sk)
2715 struct mgmt_ev_device_unpaired ev;
2717 bacpy(&ev.addr.bdaddr, bdaddr);
2718 ev.addr.type = addr_type;
2720 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2724 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2727 struct mgmt_cp_unpair_device *cp = data;
2728 struct mgmt_rp_unpair_device rp;
2729 struct hci_cp_disconnect dc;
2730 struct pending_cmd *cmd;
2731 struct hci_conn *conn;
2734 memset(&rp, 0, sizeof(rp));
2735 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2736 rp.addr.type = cp->addr.type;
2738 if (!bdaddr_type_is_valid(cp->addr.type))
2739 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2740 MGMT_STATUS_INVALID_PARAMS,
2743 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2744 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2745 MGMT_STATUS_INVALID_PARAMS,
2750 if (!hdev_is_powered(hdev)) {
2751 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2752 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2756 if (cp->addr.type == BDADDR_BREDR) {
2757 /* If disconnection is requested, then look up the
2758 * connection. If the remote device is connected, it
2759 * will be later used to terminate the link.
2761 * Setting it to NULL explicitly will cause no
2762 * termination of the link.
2765 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2770 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2774 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2777 /* Defer clearing up the connection parameters
2778 * until closing to give a chance of keeping
2779 * them if a repairing happens.
2781 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2783 /* If disconnection is not requested, then
2784 * clear the connection variable so that the
2785 * link is not terminated.
2787 if (!cp->disconnect)
2791 if (cp->addr.type == BDADDR_LE_PUBLIC)
2792 addr_type = ADDR_LE_DEV_PUBLIC;
2794 addr_type = ADDR_LE_DEV_RANDOM;
2796 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2798 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2802 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2803 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2807 /* If the connection variable is set, then termination of the
2808 * link is requested.
2811 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2813 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2817 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2824 cmd->cmd_complete = addr_cmd_complete;
2826 dc.handle = cpu_to_le16(conn->handle);
2827 dc.reason = 0x13; /* Remote User Terminated Connection */
2828 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2830 mgmt_pending_remove(cmd);
2833 hci_dev_unlock(hdev);
2837 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2840 struct mgmt_cp_disconnect *cp = data;
2841 struct mgmt_rp_disconnect rp;
2842 struct pending_cmd *cmd;
2843 struct hci_conn *conn;
2848 memset(&rp, 0, sizeof(rp));
2849 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2850 rp.addr.type = cp->addr.type;
2852 if (!bdaddr_type_is_valid(cp->addr.type))
2853 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2854 MGMT_STATUS_INVALID_PARAMS,
2859 if (!test_bit(HCI_UP, &hdev->flags)) {
2860 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2861 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2865 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2866 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2867 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2871 if (cp->addr.type == BDADDR_BREDR)
2872 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2875 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2877 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2878 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2879 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2883 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2889 cmd->cmd_complete = generic_cmd_complete;
2891 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2893 mgmt_pending_remove(cmd);
2896 hci_dev_unlock(hdev);
2900 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2902 switch (link_type) {
2904 switch (addr_type) {
2905 case ADDR_LE_DEV_PUBLIC:
2906 return BDADDR_LE_PUBLIC;
2909 /* Fallback to LE Random address type */
2910 return BDADDR_LE_RANDOM;
2914 /* Fallback to BR/EDR type */
2915 return BDADDR_BREDR;
2919 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2922 struct mgmt_rp_get_connections *rp;
2932 if (!hdev_is_powered(hdev)) {
2933 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2934 MGMT_STATUS_NOT_POWERED);
2939 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2940 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2944 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2945 rp = kmalloc(rp_len, GFP_KERNEL);
2952 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2953 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2955 bacpy(&rp->addr[i].bdaddr, &c->dst);
2956 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2957 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2962 rp->conn_count = cpu_to_le16(i);
2964 /* Recalculate length in case of filtered SCO connections, etc */
2965 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2967 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2973 hci_dev_unlock(hdev);
2977 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2978 struct mgmt_cp_pin_code_neg_reply *cp)
2980 struct pending_cmd *cmd;
2983 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2988 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2989 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2991 mgmt_pending_remove(cmd);
2996 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2999 struct hci_conn *conn;
3000 struct mgmt_cp_pin_code_reply *cp = data;
3001 struct hci_cp_pin_code_reply reply;
3002 struct pending_cmd *cmd;
3009 if (!hdev_is_powered(hdev)) {
3010 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3011 MGMT_STATUS_NOT_POWERED);
3015 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3017 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3018 MGMT_STATUS_NOT_CONNECTED);
3022 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3023 struct mgmt_cp_pin_code_neg_reply ncp;
3025 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3027 BT_ERR("PIN code is not 16 bytes long");
3029 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3031 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3032 MGMT_STATUS_INVALID_PARAMS);
3037 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3043 cmd->cmd_complete = addr_cmd_complete;
3045 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3046 reply.pin_len = cp->pin_len;
3047 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3049 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3051 mgmt_pending_remove(cmd);
3054 hci_dev_unlock(hdev);
3058 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3061 struct mgmt_cp_set_io_capability *cp = data;
3065 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3066 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3067 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3071 hdev->io_capability = cp->io_capability;
3073 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3074 hdev->io_capability);
3076 hci_dev_unlock(hdev);
3078 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3082 static struct pending_cmd *find_pairing(struct hci_conn *conn)
3084 struct hci_dev *hdev = conn->hdev;
3085 struct pending_cmd *cmd;
3087 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3088 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3091 if (cmd->user_data != conn)
3100 static int pairing_complete(struct pending_cmd *cmd, u8 status)
3102 struct mgmt_rp_pair_device rp;
3103 struct hci_conn *conn = cmd->user_data;
3106 bacpy(&rp.addr.bdaddr, &conn->dst);
3107 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3109 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
3112 /* So we don't get further callbacks for this connection */
3113 conn->connect_cfm_cb = NULL;
3114 conn->security_cfm_cb = NULL;
3115 conn->disconn_cfm_cb = NULL;
3117 hci_conn_drop(conn);
3119 /* The device is paired so there is no need to remove
3120 * its connection parameters anymore.
3122 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3129 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3131 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3132 struct pending_cmd *cmd;
3134 cmd = find_pairing(conn);
3136 cmd->cmd_complete(cmd, status);
3137 mgmt_pending_remove(cmd);
3141 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3143 struct pending_cmd *cmd;
3145 BT_DBG("status %u", status);
3147 cmd = find_pairing(conn);
3149 BT_DBG("Unable to find a pending command");
3153 cmd->cmd_complete(cmd, mgmt_status(status));
3154 mgmt_pending_remove(cmd);
3157 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3159 struct pending_cmd *cmd;
3161 BT_DBG("status %u", status);
3166 cmd = find_pairing(conn);
3168 BT_DBG("Unable to find a pending command");
3172 cmd->cmd_complete(cmd, mgmt_status(status));
3173 mgmt_pending_remove(cmd);
3176 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3179 struct mgmt_cp_pair_device *cp = data;
3180 struct mgmt_rp_pair_device rp;
3181 struct pending_cmd *cmd;
3182 u8 sec_level, auth_type;
3183 struct hci_conn *conn;
3188 memset(&rp, 0, sizeof(rp));
3189 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3190 rp.addr.type = cp->addr.type;
3192 if (!bdaddr_type_is_valid(cp->addr.type))
3193 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3194 MGMT_STATUS_INVALID_PARAMS,
3197 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3198 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3199 MGMT_STATUS_INVALID_PARAMS,
3204 if (!hdev_is_powered(hdev)) {
3205 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3206 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
3210 sec_level = BT_SECURITY_MEDIUM;
3211 auth_type = HCI_AT_DEDICATED_BONDING;
3213 if (cp->addr.type == BDADDR_BREDR) {
3214 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3219 /* Convert from L2CAP channel address type to HCI address type
3221 if (cp->addr.type == BDADDR_LE_PUBLIC)
3222 addr_type = ADDR_LE_DEV_PUBLIC;
3224 addr_type = ADDR_LE_DEV_RANDOM;
3226 /* When pairing a new device, it is expected to remember
3227 * this device for future connections. Adding the connection
3228 * parameter information ahead of time allows tracking
3229 * of the slave preferred values and will speed up any
3230 * further connection establishment.
3232 * If connection parameters already exist, then they
3233 * will be kept and this function does nothing.
3235 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3237 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3238 sec_level, HCI_LE_CONN_TIMEOUT,
3245 if (PTR_ERR(conn) == -EBUSY)
3246 status = MGMT_STATUS_BUSY;
3248 status = MGMT_STATUS_CONNECT_FAILED;
3250 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3256 if (conn->connect_cfm_cb) {
3257 hci_conn_drop(conn);
3258 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3259 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3263 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3266 hci_conn_drop(conn);
3270 cmd->cmd_complete = pairing_complete;
3272 /* For LE, just connecting isn't a proof that the pairing finished */
3273 if (cp->addr.type == BDADDR_BREDR) {
3274 conn->connect_cfm_cb = pairing_complete_cb;
3275 conn->security_cfm_cb = pairing_complete_cb;
3276 conn->disconn_cfm_cb = pairing_complete_cb;
3278 conn->connect_cfm_cb = le_pairing_complete_cb;
3279 conn->security_cfm_cb = le_pairing_complete_cb;
3280 conn->disconn_cfm_cb = le_pairing_complete_cb;
3283 conn->io_capability = cp->io_cap;
3284 cmd->user_data = hci_conn_get(conn);
3286 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3287 hci_conn_security(conn, sec_level, auth_type, true)) {
3288 cmd->cmd_complete(cmd, 0);
3289 mgmt_pending_remove(cmd);
3295 hci_dev_unlock(hdev);
3299 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3302 struct mgmt_addr_info *addr = data;
3303 struct pending_cmd *cmd;
3304 struct hci_conn *conn;
3311 if (!hdev_is_powered(hdev)) {
3312 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3313 MGMT_STATUS_NOT_POWERED);
3317 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3319 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3320 MGMT_STATUS_INVALID_PARAMS);
3324 conn = cmd->user_data;
3326 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3327 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3328 MGMT_STATUS_INVALID_PARAMS);
3332 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3333 mgmt_pending_remove(cmd);
3335 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3336 addr, sizeof(*addr));
3338 hci_dev_unlock(hdev);
3342 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3343 struct mgmt_addr_info *addr, u16 mgmt_op,
3344 u16 hci_op, __le32 passkey)
3346 struct pending_cmd *cmd;
3347 struct hci_conn *conn;
3352 if (!hdev_is_powered(hdev)) {
3353 err = cmd_complete(sk, hdev->id, mgmt_op,
3354 MGMT_STATUS_NOT_POWERED, addr,
3359 if (addr->type == BDADDR_BREDR)
3360 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3362 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3365 err = cmd_complete(sk, hdev->id, mgmt_op,
3366 MGMT_STATUS_NOT_CONNECTED, addr,
3371 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3372 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3374 err = cmd_complete(sk, hdev->id, mgmt_op,
3375 MGMT_STATUS_SUCCESS, addr,
3378 err = cmd_complete(sk, hdev->id, mgmt_op,
3379 MGMT_STATUS_FAILED, addr,
3385 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3391 cmd->cmd_complete = addr_cmd_complete;
3393 /* Continue with pairing via HCI */
3394 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3395 struct hci_cp_user_passkey_reply cp;
3397 bacpy(&cp.bdaddr, &addr->bdaddr);
3398 cp.passkey = passkey;
3399 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3401 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3405 mgmt_pending_remove(cmd);
3408 hci_dev_unlock(hdev);
3412 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3413 void *data, u16 len)
3415 struct mgmt_cp_pin_code_neg_reply *cp = data;
3419 return user_pairing_resp(sk, hdev, &cp->addr,
3420 MGMT_OP_PIN_CODE_NEG_REPLY,
3421 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3424 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3427 struct mgmt_cp_user_confirm_reply *cp = data;
3431 if (len != sizeof(*cp))
3432 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3433 MGMT_STATUS_INVALID_PARAMS);
3435 return user_pairing_resp(sk, hdev, &cp->addr,
3436 MGMT_OP_USER_CONFIRM_REPLY,
3437 HCI_OP_USER_CONFIRM_REPLY, 0);
3440 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3441 void *data, u16 len)
3443 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3447 return user_pairing_resp(sk, hdev, &cp->addr,
3448 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3449 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3452 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3455 struct mgmt_cp_user_passkey_reply *cp = data;
3459 return user_pairing_resp(sk, hdev, &cp->addr,
3460 MGMT_OP_USER_PASSKEY_REPLY,
3461 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3464 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3465 void *data, u16 len)
3467 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3471 return user_pairing_resp(sk, hdev, &cp->addr,
3472 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3473 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3476 static void update_name(struct hci_request *req)
3478 struct hci_dev *hdev = req->hdev;
3479 struct hci_cp_write_local_name cp;
3481 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3483 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3486 static void set_name_complete(struct hci_dev *hdev, u8 status)
3488 struct mgmt_cp_set_local_name *cp;
3489 struct pending_cmd *cmd;
3491 BT_DBG("status 0x%02x", status);
3495 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3502 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3503 mgmt_status(status));
3505 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3508 mgmt_pending_remove(cmd);
3511 hci_dev_unlock(hdev);
3514 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3517 struct mgmt_cp_set_local_name *cp = data;
3518 struct pending_cmd *cmd;
3519 struct hci_request req;
3526 /* If the old values are the same as the new ones just return a
3527 * direct command complete event.
3529 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3530 !memcmp(hdev->short_name, cp->short_name,
3531 sizeof(hdev->short_name))) {
3532 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3537 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3539 if (!hdev_is_powered(hdev)) {
3540 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3542 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3547 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3553 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3559 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3561 hci_req_init(&req, hdev);
3563 if (lmp_bredr_capable(hdev)) {
3568 /* The name is stored in the scan response data and so
3569 * no need to udpate the advertising data here.
3571 if (lmp_le_capable(hdev))
3572 update_scan_rsp_data(&req);
3574 err = hci_req_run(&req, set_name_complete);
3576 mgmt_pending_remove(cmd);
3579 hci_dev_unlock(hdev);
3583 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3584 void *data, u16 data_len)
3586 struct pending_cmd *cmd;
3589 BT_DBG("%s", hdev->name);
3593 if (!hdev_is_powered(hdev)) {
3594 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3595 MGMT_STATUS_NOT_POWERED);
3599 if (!lmp_ssp_capable(hdev)) {
3600 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3601 MGMT_STATUS_NOT_SUPPORTED);
3605 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3606 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3611 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3617 if (bredr_sc_enabled(hdev))
3618 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3621 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3624 mgmt_pending_remove(cmd);
3627 hci_dev_unlock(hdev);
3631 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3632 void *data, u16 len)
3636 BT_DBG("%s ", hdev->name);
3640 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3641 struct mgmt_cp_add_remote_oob_data *cp = data;
3644 if (cp->addr.type != BDADDR_BREDR) {
3645 err = cmd_complete(sk, hdev->id,
3646 MGMT_OP_ADD_REMOTE_OOB_DATA,
3647 MGMT_STATUS_INVALID_PARAMS,
3648 &cp->addr, sizeof(cp->addr));
3652 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3653 cp->addr.type, cp->hash,
3654 cp->rand, NULL, NULL);
3656 status = MGMT_STATUS_FAILED;
3658 status = MGMT_STATUS_SUCCESS;
3660 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3661 status, &cp->addr, sizeof(cp->addr));
3662 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3663 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3664 u8 *rand192, *hash192;
3667 if (cp->addr.type != BDADDR_BREDR) {
3668 err = cmd_complete(sk, hdev->id,
3669 MGMT_OP_ADD_REMOTE_OOB_DATA,
3670 MGMT_STATUS_INVALID_PARAMS,
3671 &cp->addr, sizeof(cp->addr));
3675 if (bdaddr_type_is_le(cp->addr.type)) {
3679 rand192 = cp->rand192;
3680 hash192 = cp->hash192;
3683 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3684 cp->addr.type, hash192, rand192,
3685 cp->hash256, cp->rand256);
3687 status = MGMT_STATUS_FAILED;
3689 status = MGMT_STATUS_SUCCESS;
3691 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3692 status, &cp->addr, sizeof(cp->addr));
3694 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3695 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3696 MGMT_STATUS_INVALID_PARAMS);
3700 hci_dev_unlock(hdev);
3704 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3705 void *data, u16 len)
3707 struct mgmt_cp_remove_remote_oob_data *cp = data;
3711 BT_DBG("%s", hdev->name);
3713 if (cp->addr.type != BDADDR_BREDR)
3714 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3715 MGMT_STATUS_INVALID_PARAMS,
3716 &cp->addr, sizeof(cp->addr));
3720 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3721 hci_remote_oob_data_clear(hdev);
3722 status = MGMT_STATUS_SUCCESS;
3726 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3728 status = MGMT_STATUS_INVALID_PARAMS;
3730 status = MGMT_STATUS_SUCCESS;
3733 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3734 status, &cp->addr, sizeof(cp->addr));
3736 hci_dev_unlock(hdev);
3740 static bool trigger_discovery(struct hci_request *req, u8 *status)
3742 struct hci_dev *hdev = req->hdev;
3743 struct hci_cp_le_set_scan_param param_cp;
3744 struct hci_cp_le_set_scan_enable enable_cp;
3745 struct hci_cp_inquiry inq_cp;
3746 /* General inquiry access code (GIAC) */
3747 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3751 switch (hdev->discovery.type) {
3752 case DISCOV_TYPE_BREDR:
3753 *status = mgmt_bredr_support(hdev);
3757 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3758 *status = MGMT_STATUS_BUSY;
3762 hci_inquiry_cache_flush(hdev);
3764 memset(&inq_cp, 0, sizeof(inq_cp));
3765 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3766 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3767 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3770 case DISCOV_TYPE_LE:
3771 case DISCOV_TYPE_INTERLEAVED:
3772 *status = mgmt_le_support(hdev);
3776 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3777 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3778 *status = MGMT_STATUS_NOT_SUPPORTED;
3782 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3783 /* Don't let discovery abort an outgoing
3784 * connection attempt that's using directed
3787 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3789 *status = MGMT_STATUS_REJECTED;
3793 disable_advertising(req);
3796 /* If controller is scanning, it means the background scanning
3797 * is running. Thus, we should temporarily stop it in order to
3798 * set the discovery scanning parameters.
3800 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3801 hci_req_add_le_scan_disable(req);
3803 memset(¶m_cp, 0, sizeof(param_cp));
3805 /* All active scans will be done with either a resolvable
3806 * private address (when privacy feature has been enabled)
3807 * or non-resolvable private address.
3809 err = hci_update_random_address(req, true, &own_addr_type);
3811 *status = MGMT_STATUS_FAILED;
3815 param_cp.type = LE_SCAN_ACTIVE;
3816 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3817 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3818 param_cp.own_address_type = own_addr_type;
3819 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3822 memset(&enable_cp, 0, sizeof(enable_cp));
3823 enable_cp.enable = LE_SCAN_ENABLE;
3824 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3825 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3830 *status = MGMT_STATUS_INVALID_PARAMS;
3837 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3839 struct pending_cmd *cmd;
3840 unsigned long timeout;
3842 BT_DBG("status %d", status);
3846 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3848 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3851 cmd->cmd_complete(cmd, mgmt_status(status));
3852 mgmt_pending_remove(cmd);
3856 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3860 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3862 switch (hdev->discovery.type) {
3863 case DISCOV_TYPE_LE:
3864 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3866 case DISCOV_TYPE_INTERLEAVED:
3867 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3869 case DISCOV_TYPE_BREDR:
3873 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3879 queue_delayed_work(hdev->workqueue,
3880 &hdev->le_scan_disable, timeout);
3883 hci_dev_unlock(hdev);
3886 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3887 void *data, u16 len)
3889 struct mgmt_cp_start_discovery *cp = data;
3890 struct pending_cmd *cmd;
3891 struct hci_request req;
3895 BT_DBG("%s", hdev->name);
3899 if (!hdev_is_powered(hdev)) {
3900 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3901 MGMT_STATUS_NOT_POWERED,
3902 &cp->type, sizeof(cp->type));
3906 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3907 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3908 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3909 MGMT_STATUS_BUSY, &cp->type,
3914 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
3920 cmd->cmd_complete = generic_cmd_complete;
3922 /* Clear the discovery filter first to free any previously
3923 * allocated memory for the UUID list.
3925 hci_discovery_filter_clear(hdev);
3927 hdev->discovery.type = cp->type;
3928 hdev->discovery.report_invalid_rssi = false;
3930 hci_req_init(&req, hdev);
3932 if (!trigger_discovery(&req, &status)) {
3933 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3934 status, &cp->type, sizeof(cp->type));
3935 mgmt_pending_remove(cmd);
3939 err = hci_req_run(&req, start_discovery_complete);
3941 mgmt_pending_remove(cmd);
3945 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3948 hci_dev_unlock(hdev);
3952 static int service_discovery_cmd_complete(struct pending_cmd *cmd, u8 status)
3954 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3958 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3959 void *data, u16 len)
3961 struct mgmt_cp_start_service_discovery *cp = data;
3962 struct pending_cmd *cmd;
3963 struct hci_request req;
3964 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3965 u16 uuid_count, expected_len;
3969 BT_DBG("%s", hdev->name);
3973 if (!hdev_is_powered(hdev)) {
3974 err = cmd_complete(sk, hdev->id,
3975 MGMT_OP_START_SERVICE_DISCOVERY,
3976 MGMT_STATUS_NOT_POWERED,
3977 &cp->type, sizeof(cp->type));
3981 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3982 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3983 err = cmd_complete(sk, hdev->id,
3984 MGMT_OP_START_SERVICE_DISCOVERY,
3985 MGMT_STATUS_BUSY, &cp->type,
3990 uuid_count = __le16_to_cpu(cp->uuid_count);
3991 if (uuid_count > max_uuid_count) {
3992 BT_ERR("service_discovery: too big uuid_count value %u",
3994 err = cmd_complete(sk, hdev->id,
3995 MGMT_OP_START_SERVICE_DISCOVERY,
3996 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4001 expected_len = sizeof(*cp) + uuid_count * 16;
4002 if (expected_len != len) {
4003 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4005 err = cmd_complete(sk, hdev->id,
4006 MGMT_OP_START_SERVICE_DISCOVERY,
4007 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4012 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4019 cmd->cmd_complete = service_discovery_cmd_complete;
4021 /* Clear the discovery filter first to free any previously
4022 * allocated memory for the UUID list.
4024 hci_discovery_filter_clear(hdev);
4026 hdev->discovery.type = cp->type;
4027 hdev->discovery.rssi = cp->rssi;
4028 hdev->discovery.uuid_count = uuid_count;
4030 if (uuid_count > 0) {
4031 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4033 if (!hdev->discovery.uuids) {
4034 err = cmd_complete(sk, hdev->id,
4035 MGMT_OP_START_SERVICE_DISCOVERY,
4037 &cp->type, sizeof(cp->type));
4038 mgmt_pending_remove(cmd);
4043 hci_req_init(&req, hdev);
4045 if (!trigger_discovery(&req, &status)) {
4046 err = cmd_complete(sk, hdev->id,
4047 MGMT_OP_START_SERVICE_DISCOVERY,
4048 status, &cp->type, sizeof(cp->type));
4049 mgmt_pending_remove(cmd);
4053 err = hci_req_run(&req, start_discovery_complete);
4055 mgmt_pending_remove(cmd);
4059 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4062 hci_dev_unlock(hdev);
4066 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
4068 struct pending_cmd *cmd;
4070 BT_DBG("status %d", status);
4074 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4076 cmd->cmd_complete(cmd, mgmt_status(status));
4077 mgmt_pending_remove(cmd);
4081 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4083 hci_dev_unlock(hdev);
4086 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4089 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4090 struct pending_cmd *cmd;
4091 struct hci_request req;
4094 BT_DBG("%s", hdev->name);
4098 if (!hci_discovery_active(hdev)) {
4099 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4100 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4101 sizeof(mgmt_cp->type));
4105 if (hdev->discovery.type != mgmt_cp->type) {
4106 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4107 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
4108 sizeof(mgmt_cp->type));
4112 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4118 cmd->cmd_complete = generic_cmd_complete;
4120 hci_req_init(&req, hdev);
4122 hci_stop_discovery(&req);
4124 err = hci_req_run(&req, stop_discovery_complete);
4126 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4130 mgmt_pending_remove(cmd);
4132 /* If no HCI commands were sent we're done */
4133 if (err == -ENODATA) {
4134 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4135 &mgmt_cp->type, sizeof(mgmt_cp->type));
4136 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4140 hci_dev_unlock(hdev);
4144 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4147 struct mgmt_cp_confirm_name *cp = data;
4148 struct inquiry_entry *e;
4151 BT_DBG("%s", hdev->name);
4155 if (!hci_discovery_active(hdev)) {
4156 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4157 MGMT_STATUS_FAILED, &cp->addr,
4162 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4164 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4165 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4170 if (cp->name_known) {
4171 e->name_state = NAME_KNOWN;
4174 e->name_state = NAME_NEEDED;
4175 hci_inquiry_cache_update_resolve(hdev, e);
4178 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4182 hci_dev_unlock(hdev);
4186 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4189 struct mgmt_cp_block_device *cp = data;
4193 BT_DBG("%s", hdev->name);
4195 if (!bdaddr_type_is_valid(cp->addr.type))
4196 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4197 MGMT_STATUS_INVALID_PARAMS,
4198 &cp->addr, sizeof(cp->addr));
4202 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4205 status = MGMT_STATUS_FAILED;
4209 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4211 status = MGMT_STATUS_SUCCESS;
4214 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4215 &cp->addr, sizeof(cp->addr));
4217 hci_dev_unlock(hdev);
4222 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4225 struct mgmt_cp_unblock_device *cp = data;
4229 BT_DBG("%s", hdev->name);
4231 if (!bdaddr_type_is_valid(cp->addr.type))
4232 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4233 MGMT_STATUS_INVALID_PARAMS,
4234 &cp->addr, sizeof(cp->addr));
4238 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4241 status = MGMT_STATUS_INVALID_PARAMS;
4245 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4247 status = MGMT_STATUS_SUCCESS;
4250 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4251 &cp->addr, sizeof(cp->addr));
4253 hci_dev_unlock(hdev);
4258 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4261 struct mgmt_cp_set_device_id *cp = data;
4262 struct hci_request req;
4266 BT_DBG("%s", hdev->name);
4268 source = __le16_to_cpu(cp->source);
4270 if (source > 0x0002)
4271 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4272 MGMT_STATUS_INVALID_PARAMS);
4276 hdev->devid_source = source;
4277 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4278 hdev->devid_product = __le16_to_cpu(cp->product);
4279 hdev->devid_version = __le16_to_cpu(cp->version);
4281 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4283 hci_req_init(&req, hdev);
4285 hci_req_run(&req, NULL);
4287 hci_dev_unlock(hdev);
4292 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4294 struct cmd_lookup match = { NULL, hdev };
4299 u8 mgmt_err = mgmt_status(status);
4301 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4302 cmd_status_rsp, &mgmt_err);
4306 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4307 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4309 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4311 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4314 new_settings(hdev, match.sk);
4320 hci_dev_unlock(hdev);
4323 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4326 struct mgmt_mode *cp = data;
4327 struct pending_cmd *cmd;
4328 struct hci_request req;
4329 u8 val, enabled, status;
4332 BT_DBG("request for %s", hdev->name);
4334 status = mgmt_le_support(hdev);
4336 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4339 if (cp->val != 0x00 && cp->val != 0x01)
4340 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4341 MGMT_STATUS_INVALID_PARAMS);
4346 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4348 /* The following conditions are ones which mean that we should
4349 * not do any HCI communication but directly send a mgmt
4350 * response to user space (after toggling the flag if
4353 if (!hdev_is_powered(hdev) || val == enabled ||
4354 hci_conn_num(hdev, LE_LINK) > 0 ||
4355 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4356 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4357 bool changed = false;
4359 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4360 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4364 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4369 err = new_settings(hdev, sk);
4374 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4375 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4376 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4381 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4387 hci_req_init(&req, hdev);
4390 enable_advertising(&req);
4392 disable_advertising(&req);
4394 err = hci_req_run(&req, set_advertising_complete);
4396 mgmt_pending_remove(cmd);
4399 hci_dev_unlock(hdev);
4403 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4404 void *data, u16 len)
4406 struct mgmt_cp_set_static_address *cp = data;
4409 BT_DBG("%s", hdev->name);
4411 if (!lmp_le_capable(hdev))
4412 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4413 MGMT_STATUS_NOT_SUPPORTED);
4415 if (hdev_is_powered(hdev))
4416 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4417 MGMT_STATUS_REJECTED);
4419 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4420 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4421 return cmd_status(sk, hdev->id,
4422 MGMT_OP_SET_STATIC_ADDRESS,
4423 MGMT_STATUS_INVALID_PARAMS);
4425 /* Two most significant bits shall be set */
4426 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4427 return cmd_status(sk, hdev->id,
4428 MGMT_OP_SET_STATIC_ADDRESS,
4429 MGMT_STATUS_INVALID_PARAMS);
4434 bacpy(&hdev->static_addr, &cp->bdaddr);
4436 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4438 hci_dev_unlock(hdev);
4443 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4444 void *data, u16 len)
4446 struct mgmt_cp_set_scan_params *cp = data;
4447 __u16 interval, window;
4450 BT_DBG("%s", hdev->name);
4452 if (!lmp_le_capable(hdev))
4453 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4454 MGMT_STATUS_NOT_SUPPORTED);
4456 interval = __le16_to_cpu(cp->interval);
4458 if (interval < 0x0004 || interval > 0x4000)
4459 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4460 MGMT_STATUS_INVALID_PARAMS);
4462 window = __le16_to_cpu(cp->window);
4464 if (window < 0x0004 || window > 0x4000)
4465 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4466 MGMT_STATUS_INVALID_PARAMS);
4468 if (window > interval)
4469 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4470 MGMT_STATUS_INVALID_PARAMS);
4474 hdev->le_scan_interval = interval;
4475 hdev->le_scan_window = window;
4477 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4479 /* If background scan is running, restart it so new parameters are
4482 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4483 hdev->discovery.state == DISCOVERY_STOPPED) {
4484 struct hci_request req;
4486 hci_req_init(&req, hdev);
4488 hci_req_add_le_scan_disable(&req);
4489 hci_req_add_le_passive_scan(&req);
4491 hci_req_run(&req, NULL);
4494 hci_dev_unlock(hdev);
4499 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4501 struct pending_cmd *cmd;
4503 BT_DBG("status 0x%02x", status);
4507 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4512 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4513 mgmt_status(status));
4515 struct mgmt_mode *cp = cmd->param;
4518 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4520 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4522 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4523 new_settings(hdev, cmd->sk);
4526 mgmt_pending_remove(cmd);
4529 hci_dev_unlock(hdev);
4532 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4533 void *data, u16 len)
4535 struct mgmt_mode *cp = data;
4536 struct pending_cmd *cmd;
4537 struct hci_request req;
4540 BT_DBG("%s", hdev->name);
4542 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4543 hdev->hci_ver < BLUETOOTH_VER_1_2)
4544 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4545 MGMT_STATUS_NOT_SUPPORTED);
4547 if (cp->val != 0x00 && cp->val != 0x01)
4548 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4549 MGMT_STATUS_INVALID_PARAMS);
4551 if (!hdev_is_powered(hdev))
4552 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4553 MGMT_STATUS_NOT_POWERED);
4555 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4556 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4557 MGMT_STATUS_REJECTED);
4561 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4562 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4567 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4568 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4573 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4580 hci_req_init(&req, hdev);
4582 write_fast_connectable(&req, cp->val);
4584 err = hci_req_run(&req, fast_connectable_complete);
4586 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4587 MGMT_STATUS_FAILED);
4588 mgmt_pending_remove(cmd);
4592 hci_dev_unlock(hdev);
4597 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4599 struct pending_cmd *cmd;
4601 BT_DBG("status 0x%02x", status);
4605 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4610 u8 mgmt_err = mgmt_status(status);
4612 /* We need to restore the flag if related HCI commands
4615 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4617 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4619 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4620 new_settings(hdev, cmd->sk);
4623 mgmt_pending_remove(cmd);
4626 hci_dev_unlock(hdev);
4629 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4631 struct mgmt_mode *cp = data;
4632 struct pending_cmd *cmd;
4633 struct hci_request req;
4636 BT_DBG("request for %s", hdev->name);
4638 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4639 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4640 MGMT_STATUS_NOT_SUPPORTED);
4642 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4643 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4644 MGMT_STATUS_REJECTED);
4646 if (cp->val != 0x00 && cp->val != 0x01)
4647 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4648 MGMT_STATUS_INVALID_PARAMS);
4652 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4653 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4657 if (!hdev_is_powered(hdev)) {
4659 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4660 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4661 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4662 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4663 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4666 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4668 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4672 err = new_settings(hdev, sk);
4676 /* Reject disabling when powered on */
4678 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4679 MGMT_STATUS_REJECTED);
4683 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4684 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4689 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4695 /* We need to flip the bit already here so that update_adv_data
4696 * generates the correct flags.
4698 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4700 hci_req_init(&req, hdev);
4702 write_fast_connectable(&req, false);
4703 __hci_update_page_scan(&req);
4705 /* Since only the advertising data flags will change, there
4706 * is no need to update the scan response data.
4708 update_adv_data(&req);
4710 err = hci_req_run(&req, set_bredr_complete);
4712 mgmt_pending_remove(cmd);
4715 hci_dev_unlock(hdev);
4719 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4720 void *data, u16 len)
4722 struct mgmt_mode *cp = data;
4723 struct pending_cmd *cmd;
4727 BT_DBG("request for %s", hdev->name);
4729 if (!lmp_sc_capable(hdev) &&
4730 !test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4731 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4732 MGMT_STATUS_NOT_SUPPORTED);
4734 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4735 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4736 MGMT_STATUS_INVALID_PARAMS);
4740 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4741 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4745 changed = !test_and_set_bit(HCI_SC_ENABLED,
4747 if (cp->val == 0x02)
4748 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4750 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4752 changed = test_and_clear_bit(HCI_SC_ENABLED,
4754 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4757 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4762 err = new_settings(hdev, sk);
4767 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4768 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4775 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4776 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
4777 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4781 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4787 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4789 mgmt_pending_remove(cmd);
4793 if (cp->val == 0x02)
4794 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4796 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4799 hci_dev_unlock(hdev);
4803 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4804 void *data, u16 len)
4806 struct mgmt_mode *cp = data;
4807 bool changed, use_changed;
4810 BT_DBG("request for %s", hdev->name);
4812 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4813 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4814 MGMT_STATUS_INVALID_PARAMS);
4819 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4822 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4825 if (cp->val == 0x02)
4826 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4829 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4832 if (hdev_is_powered(hdev) && use_changed &&
4833 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4834 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4835 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4836 sizeof(mode), &mode);
4839 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4844 err = new_settings(hdev, sk);
4847 hci_dev_unlock(hdev);
4851 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4854 struct mgmt_cp_set_privacy *cp = cp_data;
4858 BT_DBG("request for %s", hdev->name);
4860 if (!lmp_le_capable(hdev))
4861 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4862 MGMT_STATUS_NOT_SUPPORTED);
4864 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4865 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4866 MGMT_STATUS_INVALID_PARAMS);
4868 if (hdev_is_powered(hdev))
4869 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4870 MGMT_STATUS_REJECTED);
4874 /* If user space supports this command it is also expected to
4875 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4877 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4880 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4881 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4882 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4884 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4885 memset(hdev->irk, 0, sizeof(hdev->irk));
4886 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4889 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4894 err = new_settings(hdev, sk);
4897 hci_dev_unlock(hdev);
4901 static bool irk_is_valid(struct mgmt_irk_info *irk)
4903 switch (irk->addr.type) {
4904 case BDADDR_LE_PUBLIC:
4907 case BDADDR_LE_RANDOM:
4908 /* Two most significant bits shall be set */
4909 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4917 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4920 struct mgmt_cp_load_irks *cp = cp_data;
4921 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4922 sizeof(struct mgmt_irk_info));
4923 u16 irk_count, expected_len;
4926 BT_DBG("request for %s", hdev->name);
4928 if (!lmp_le_capable(hdev))
4929 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4930 MGMT_STATUS_NOT_SUPPORTED);
4932 irk_count = __le16_to_cpu(cp->irk_count);
4933 if (irk_count > max_irk_count) {
4934 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4935 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4936 MGMT_STATUS_INVALID_PARAMS);
4939 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4940 if (expected_len != len) {
4941 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4943 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4944 MGMT_STATUS_INVALID_PARAMS);
4947 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4949 for (i = 0; i < irk_count; i++) {
4950 struct mgmt_irk_info *key = &cp->irks[i];
4952 if (!irk_is_valid(key))
4953 return cmd_status(sk, hdev->id,
4955 MGMT_STATUS_INVALID_PARAMS);
4960 hci_smp_irks_clear(hdev);
4962 for (i = 0; i < irk_count; i++) {
4963 struct mgmt_irk_info *irk = &cp->irks[i];
4966 if (irk->addr.type == BDADDR_LE_PUBLIC)
4967 addr_type = ADDR_LE_DEV_PUBLIC;
4969 addr_type = ADDR_LE_DEV_RANDOM;
4971 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4975 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4977 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4979 hci_dev_unlock(hdev);
4984 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4986 if (key->master != 0x00 && key->master != 0x01)
4989 switch (key->addr.type) {
4990 case BDADDR_LE_PUBLIC:
4993 case BDADDR_LE_RANDOM:
4994 /* Two most significant bits shall be set */
4995 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5003 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5004 void *cp_data, u16 len)
5006 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5007 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5008 sizeof(struct mgmt_ltk_info));
5009 u16 key_count, expected_len;
5012 BT_DBG("request for %s", hdev->name);
5014 if (!lmp_le_capable(hdev))
5015 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5016 MGMT_STATUS_NOT_SUPPORTED);
5018 key_count = __le16_to_cpu(cp->key_count);
5019 if (key_count > max_key_count) {
5020 BT_ERR("load_ltks: too big key_count value %u", key_count);
5021 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5022 MGMT_STATUS_INVALID_PARAMS);
5025 expected_len = sizeof(*cp) + key_count *
5026 sizeof(struct mgmt_ltk_info);
5027 if (expected_len != len) {
5028 BT_ERR("load_keys: expected %u bytes, got %u bytes",
5030 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5031 MGMT_STATUS_INVALID_PARAMS);
5034 BT_DBG("%s key_count %u", hdev->name, key_count);
5036 for (i = 0; i < key_count; i++) {
5037 struct mgmt_ltk_info *key = &cp->keys[i];
5039 if (!ltk_is_valid(key))
5040 return cmd_status(sk, hdev->id,
5041 MGMT_OP_LOAD_LONG_TERM_KEYS,
5042 MGMT_STATUS_INVALID_PARAMS);
5047 hci_smp_ltks_clear(hdev);
5049 for (i = 0; i < key_count; i++) {
5050 struct mgmt_ltk_info *key = &cp->keys[i];
5051 u8 type, addr_type, authenticated;
5053 if (key->addr.type == BDADDR_LE_PUBLIC)
5054 addr_type = ADDR_LE_DEV_PUBLIC;
5056 addr_type = ADDR_LE_DEV_RANDOM;
5058 switch (key->type) {
5059 case MGMT_LTK_UNAUTHENTICATED:
5060 authenticated = 0x00;
5061 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5063 case MGMT_LTK_AUTHENTICATED:
5064 authenticated = 0x01;
5065 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5067 case MGMT_LTK_P256_UNAUTH:
5068 authenticated = 0x00;
5069 type = SMP_LTK_P256;
5071 case MGMT_LTK_P256_AUTH:
5072 authenticated = 0x01;
5073 type = SMP_LTK_P256;
5075 case MGMT_LTK_P256_DEBUG:
5076 authenticated = 0x00;
5077 type = SMP_LTK_P256_DEBUG;
5082 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
5083 authenticated, key->val, key->enc_size, key->ediv,
5087 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5090 hci_dev_unlock(hdev);
5095 static int conn_info_cmd_complete(struct pending_cmd *cmd, u8 status)
5097 struct hci_conn *conn = cmd->user_data;
5098 struct mgmt_rp_get_conn_info rp;
5101 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5103 if (status == MGMT_STATUS_SUCCESS) {
5104 rp.rssi = conn->rssi;
5105 rp.tx_power = conn->tx_power;
5106 rp.max_tx_power = conn->max_tx_power;
5108 rp.rssi = HCI_RSSI_INVALID;
5109 rp.tx_power = HCI_TX_POWER_INVALID;
5110 rp.max_tx_power = HCI_TX_POWER_INVALID;
5113 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
5116 hci_conn_drop(conn);
5122 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status)
5124 struct hci_cp_read_rssi *cp;
5125 struct pending_cmd *cmd;
5126 struct hci_conn *conn;
5130 BT_DBG("status 0x%02x", hci_status);
5134 /* Commands sent in request are either Read RSSI or Read Transmit Power
5135 * Level so we check which one was last sent to retrieve connection
5136 * handle. Both commands have handle as first parameter so it's safe to
5137 * cast data on the same command struct.
5139 * First command sent is always Read RSSI and we fail only if it fails.
5140 * In other case we simply override error to indicate success as we
5141 * already remembered if TX power value is actually valid.
5143 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5145 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5146 status = MGMT_STATUS_SUCCESS;
5148 status = mgmt_status(hci_status);
5152 BT_ERR("invalid sent_cmd in conn_info response");
5156 handle = __le16_to_cpu(cp->handle);
5157 conn = hci_conn_hash_lookup_handle(hdev, handle);
5159 BT_ERR("unknown handle (%d) in conn_info response", handle);
5163 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5167 cmd->cmd_complete(cmd, status);
5168 mgmt_pending_remove(cmd);
5171 hci_dev_unlock(hdev);
5174 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5177 struct mgmt_cp_get_conn_info *cp = data;
5178 struct mgmt_rp_get_conn_info rp;
5179 struct hci_conn *conn;
5180 unsigned long conn_info_age;
5183 BT_DBG("%s", hdev->name);
5185 memset(&rp, 0, sizeof(rp));
5186 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5187 rp.addr.type = cp->addr.type;
5189 if (!bdaddr_type_is_valid(cp->addr.type))
5190 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5191 MGMT_STATUS_INVALID_PARAMS,
5196 if (!hdev_is_powered(hdev)) {
5197 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5198 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5202 if (cp->addr.type == BDADDR_BREDR)
5203 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5206 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5208 if (!conn || conn->state != BT_CONNECTED) {
5209 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5210 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5214 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5215 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5216 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5220 /* To avoid client trying to guess when to poll again for information we
5221 * calculate conn info age as random value between min/max set in hdev.
5223 conn_info_age = hdev->conn_info_min_age +
5224 prandom_u32_max(hdev->conn_info_max_age -
5225 hdev->conn_info_min_age);
5227 /* Query controller to refresh cached values if they are too old or were
5230 if (time_after(jiffies, conn->conn_info_timestamp +
5231 msecs_to_jiffies(conn_info_age)) ||
5232 !conn->conn_info_timestamp) {
5233 struct hci_request req;
5234 struct hci_cp_read_tx_power req_txp_cp;
5235 struct hci_cp_read_rssi req_rssi_cp;
5236 struct pending_cmd *cmd;
5238 hci_req_init(&req, hdev);
5239 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5240 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5243 /* For LE links TX power does not change thus we don't need to
5244 * query for it once value is known.
5246 if (!bdaddr_type_is_le(cp->addr.type) ||
5247 conn->tx_power == HCI_TX_POWER_INVALID) {
5248 req_txp_cp.handle = cpu_to_le16(conn->handle);
5249 req_txp_cp.type = 0x00;
5250 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5251 sizeof(req_txp_cp), &req_txp_cp);
5254 /* Max TX power needs to be read only once per connection */
5255 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5256 req_txp_cp.handle = cpu_to_le16(conn->handle);
5257 req_txp_cp.type = 0x01;
5258 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5259 sizeof(req_txp_cp), &req_txp_cp);
5262 err = hci_req_run(&req, conn_info_refresh_complete);
5266 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5273 hci_conn_hold(conn);
5274 cmd->user_data = hci_conn_get(conn);
5275 cmd->cmd_complete = conn_info_cmd_complete;
5277 conn->conn_info_timestamp = jiffies;
5279 /* Cache is valid, just reply with values cached in hci_conn */
5280 rp.rssi = conn->rssi;
5281 rp.tx_power = conn->tx_power;
5282 rp.max_tx_power = conn->max_tx_power;
5284 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5285 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5289 hci_dev_unlock(hdev);
5293 static int clock_info_cmd_complete(struct pending_cmd *cmd, u8 status)
5295 struct hci_conn *conn = cmd->user_data;
5296 struct mgmt_rp_get_clock_info rp;
5297 struct hci_dev *hdev;
5300 memset(&rp, 0, sizeof(rp));
5301 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5306 hdev = hci_dev_get(cmd->index);
5308 rp.local_clock = cpu_to_le32(hdev->clock);
5313 rp.piconet_clock = cpu_to_le32(conn->clock);
5314 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5318 err = cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5322 hci_conn_drop(conn);
5329 static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5331 struct hci_cp_read_clock *hci_cp;
5332 struct pending_cmd *cmd;
5333 struct hci_conn *conn;
5335 BT_DBG("%s status %u", hdev->name, status);
5339 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5343 if (hci_cp->which) {
5344 u16 handle = __le16_to_cpu(hci_cp->handle);
5345 conn = hci_conn_hash_lookup_handle(hdev, handle);
5350 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5354 cmd->cmd_complete(cmd, mgmt_status(status));
5355 mgmt_pending_remove(cmd);
5358 hci_dev_unlock(hdev);
5361 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5364 struct mgmt_cp_get_clock_info *cp = data;
5365 struct mgmt_rp_get_clock_info rp;
5366 struct hci_cp_read_clock hci_cp;
5367 struct pending_cmd *cmd;
5368 struct hci_request req;
5369 struct hci_conn *conn;
5372 BT_DBG("%s", hdev->name);
5374 memset(&rp, 0, sizeof(rp));
5375 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5376 rp.addr.type = cp->addr.type;
5378 if (cp->addr.type != BDADDR_BREDR)
5379 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5380 MGMT_STATUS_INVALID_PARAMS,
5385 if (!hdev_is_powered(hdev)) {
5386 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5387 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5391 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5392 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5394 if (!conn || conn->state != BT_CONNECTED) {
5395 err = cmd_complete(sk, hdev->id,
5396 MGMT_OP_GET_CLOCK_INFO,
5397 MGMT_STATUS_NOT_CONNECTED,
5405 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5411 cmd->cmd_complete = clock_info_cmd_complete;
5413 hci_req_init(&req, hdev);
5415 memset(&hci_cp, 0, sizeof(hci_cp));
5416 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5419 hci_conn_hold(conn);
5420 cmd->user_data = hci_conn_get(conn);
5422 hci_cp.handle = cpu_to_le16(conn->handle);
5423 hci_cp.which = 0x01; /* Piconet clock */
5424 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5427 err = hci_req_run(&req, get_clock_info_complete);
5429 mgmt_pending_remove(cmd);
5432 hci_dev_unlock(hdev);
5436 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5438 struct hci_conn *conn;
5440 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5444 if (conn->dst_type != type)
5447 if (conn->state != BT_CONNECTED)
5453 /* This function requires the caller holds hdev->lock */
5454 static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5455 u8 addr_type, u8 auto_connect)
5457 struct hci_dev *hdev = req->hdev;
5458 struct hci_conn_params *params;
5460 params = hci_conn_params_add(hdev, addr, addr_type);
5464 if (params->auto_connect == auto_connect)
5467 list_del_init(¶ms->action);
5469 switch (auto_connect) {
5470 case HCI_AUTO_CONN_DISABLED:
5471 case HCI_AUTO_CONN_LINK_LOSS:
5472 __hci_update_background_scan(req);
5474 case HCI_AUTO_CONN_REPORT:
5475 list_add(¶ms->action, &hdev->pend_le_reports);
5476 __hci_update_background_scan(req);
5478 case HCI_AUTO_CONN_DIRECT:
5479 case HCI_AUTO_CONN_ALWAYS:
5480 if (!is_connected(hdev, addr, addr_type)) {
5481 list_add(¶ms->action, &hdev->pend_le_conns);
5482 __hci_update_background_scan(req);
5487 params->auto_connect = auto_connect;
5489 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5495 static void device_added(struct sock *sk, struct hci_dev *hdev,
5496 bdaddr_t *bdaddr, u8 type, u8 action)
5498 struct mgmt_ev_device_added ev;
5500 bacpy(&ev.addr.bdaddr, bdaddr);
5501 ev.addr.type = type;
5504 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5507 static void add_device_complete(struct hci_dev *hdev, u8 status)
5509 struct pending_cmd *cmd;
5511 BT_DBG("status 0x%02x", status);
5515 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5519 cmd->cmd_complete(cmd, mgmt_status(status));
5520 mgmt_pending_remove(cmd);
5523 hci_dev_unlock(hdev);
5526 static int add_device(struct sock *sk, struct hci_dev *hdev,
5527 void *data, u16 len)
5529 struct mgmt_cp_add_device *cp = data;
5530 struct pending_cmd *cmd;
5531 struct hci_request req;
5532 u8 auto_conn, addr_type;
5535 BT_DBG("%s", hdev->name);
5537 if (!bdaddr_type_is_valid(cp->addr.type) ||
5538 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5539 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5540 MGMT_STATUS_INVALID_PARAMS,
5541 &cp->addr, sizeof(cp->addr));
5543 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5544 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5545 MGMT_STATUS_INVALID_PARAMS,
5546 &cp->addr, sizeof(cp->addr));
5548 hci_req_init(&req, hdev);
5552 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5558 cmd->cmd_complete = addr_cmd_complete;
5560 if (cp->addr.type == BDADDR_BREDR) {
5561 /* Only incoming connections action is supported for now */
5562 if (cp->action != 0x01) {
5563 err = cmd->cmd_complete(cmd,
5564 MGMT_STATUS_INVALID_PARAMS);
5565 mgmt_pending_remove(cmd);
5569 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5574 __hci_update_page_scan(&req);
5579 if (cp->addr.type == BDADDR_LE_PUBLIC)
5580 addr_type = ADDR_LE_DEV_PUBLIC;
5582 addr_type = ADDR_LE_DEV_RANDOM;
5584 if (cp->action == 0x02)
5585 auto_conn = HCI_AUTO_CONN_ALWAYS;
5586 else if (cp->action == 0x01)
5587 auto_conn = HCI_AUTO_CONN_DIRECT;
5589 auto_conn = HCI_AUTO_CONN_REPORT;
5591 /* If the connection parameters don't exist for this device,
5592 * they will be created and configured with defaults.
5594 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
5596 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5597 mgmt_pending_remove(cmd);
5602 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5604 err = hci_req_run(&req, add_device_complete);
5606 /* ENODATA means no HCI commands were needed (e.g. if
5607 * the adapter is powered off).
5609 if (err == -ENODATA)
5610 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5611 mgmt_pending_remove(cmd);
5615 hci_dev_unlock(hdev);
5619 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5620 bdaddr_t *bdaddr, u8 type)
5622 struct mgmt_ev_device_removed ev;
5624 bacpy(&ev.addr.bdaddr, bdaddr);
5625 ev.addr.type = type;
5627 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5630 static void remove_device_complete(struct hci_dev *hdev, u8 status)
5632 struct pending_cmd *cmd;
5634 BT_DBG("status 0x%02x", status);
5638 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5642 cmd->cmd_complete(cmd, mgmt_status(status));
5643 mgmt_pending_remove(cmd);
5646 hci_dev_unlock(hdev);
5649 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5650 void *data, u16 len)
5652 struct mgmt_cp_remove_device *cp = data;
5653 struct pending_cmd *cmd;
5654 struct hci_request req;
5657 BT_DBG("%s", hdev->name);
5659 hci_req_init(&req, hdev);
5663 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5669 cmd->cmd_complete = addr_cmd_complete;
5671 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5672 struct hci_conn_params *params;
5675 if (!bdaddr_type_is_valid(cp->addr.type)) {
5676 err = cmd->cmd_complete(cmd,
5677 MGMT_STATUS_INVALID_PARAMS);
5678 mgmt_pending_remove(cmd);
5682 if (cp->addr.type == BDADDR_BREDR) {
5683 err = hci_bdaddr_list_del(&hdev->whitelist,
5687 err = cmd->cmd_complete(cmd,
5688 MGMT_STATUS_INVALID_PARAMS);
5689 mgmt_pending_remove(cmd);
5693 __hci_update_page_scan(&req);
5695 device_removed(sk, hdev, &cp->addr.bdaddr,
5700 if (cp->addr.type == BDADDR_LE_PUBLIC)
5701 addr_type = ADDR_LE_DEV_PUBLIC;
5703 addr_type = ADDR_LE_DEV_RANDOM;
5705 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5708 err = cmd->cmd_complete(cmd,
5709 MGMT_STATUS_INVALID_PARAMS);
5710 mgmt_pending_remove(cmd);
5714 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5715 err = cmd->cmd_complete(cmd,
5716 MGMT_STATUS_INVALID_PARAMS);
5717 mgmt_pending_remove(cmd);
5721 list_del(¶ms->action);
5722 list_del(¶ms->list);
5724 __hci_update_background_scan(&req);
5726 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5728 struct hci_conn_params *p, *tmp;
5729 struct bdaddr_list *b, *btmp;
5731 if (cp->addr.type) {
5732 err = cmd->cmd_complete(cmd,
5733 MGMT_STATUS_INVALID_PARAMS);
5734 mgmt_pending_remove(cmd);
5738 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5739 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5744 __hci_update_page_scan(&req);
5746 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5747 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5749 device_removed(sk, hdev, &p->addr, p->addr_type);
5750 list_del(&p->action);
5755 BT_DBG("All LE connection parameters were removed");
5757 __hci_update_background_scan(&req);
5761 err = hci_req_run(&req, remove_device_complete);
5763 /* ENODATA means no HCI commands were needed (e.g. if
5764 * the adapter is powered off).
5766 if (err == -ENODATA)
5767 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5768 mgmt_pending_remove(cmd);
5772 hci_dev_unlock(hdev);
5776 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5779 struct mgmt_cp_load_conn_param *cp = data;
5780 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5781 sizeof(struct mgmt_conn_param));
5782 u16 param_count, expected_len;
5785 if (!lmp_le_capable(hdev))
5786 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5787 MGMT_STATUS_NOT_SUPPORTED);
5789 param_count = __le16_to_cpu(cp->param_count);
5790 if (param_count > max_param_count) {
5791 BT_ERR("load_conn_param: too big param_count value %u",
5793 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5794 MGMT_STATUS_INVALID_PARAMS);
5797 expected_len = sizeof(*cp) + param_count *
5798 sizeof(struct mgmt_conn_param);
5799 if (expected_len != len) {
5800 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5802 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5803 MGMT_STATUS_INVALID_PARAMS);
5806 BT_DBG("%s param_count %u", hdev->name, param_count);
5810 hci_conn_params_clear_disabled(hdev);
5812 for (i = 0; i < param_count; i++) {
5813 struct mgmt_conn_param *param = &cp->params[i];
5814 struct hci_conn_params *hci_param;
5815 u16 min, max, latency, timeout;
5818 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5821 if (param->addr.type == BDADDR_LE_PUBLIC) {
5822 addr_type = ADDR_LE_DEV_PUBLIC;
5823 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5824 addr_type = ADDR_LE_DEV_RANDOM;
5826 BT_ERR("Ignoring invalid connection parameters");
5830 min = le16_to_cpu(param->min_interval);
5831 max = le16_to_cpu(param->max_interval);
5832 latency = le16_to_cpu(param->latency);
5833 timeout = le16_to_cpu(param->timeout);
5835 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5836 min, max, latency, timeout);
5838 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5839 BT_ERR("Ignoring invalid connection parameters");
5843 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5846 BT_ERR("Failed to add connection parameters");
5850 hci_param->conn_min_interval = min;
5851 hci_param->conn_max_interval = max;
5852 hci_param->conn_latency = latency;
5853 hci_param->supervision_timeout = timeout;
5856 hci_dev_unlock(hdev);
5858 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5861 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5862 void *data, u16 len)
5864 struct mgmt_cp_set_external_config *cp = data;
5868 BT_DBG("%s", hdev->name);
5870 if (hdev_is_powered(hdev))
5871 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5872 MGMT_STATUS_REJECTED);
5874 if (cp->config != 0x00 && cp->config != 0x01)
5875 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5876 MGMT_STATUS_INVALID_PARAMS);
5878 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5879 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5880 MGMT_STATUS_NOT_SUPPORTED);
5885 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5888 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5891 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5898 err = new_options(hdev, sk);
5900 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5901 mgmt_index_removed(hdev);
5903 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5904 set_bit(HCI_CONFIG, &hdev->dev_flags);
5905 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5907 queue_work(hdev->req_workqueue, &hdev->power_on);
5909 set_bit(HCI_RAW, &hdev->flags);
5910 mgmt_index_added(hdev);
5915 hci_dev_unlock(hdev);
5919 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5920 void *data, u16 len)
5922 struct mgmt_cp_set_public_address *cp = data;
5926 BT_DBG("%s", hdev->name);
5928 if (hdev_is_powered(hdev))
5929 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5930 MGMT_STATUS_REJECTED);
5932 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5933 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5934 MGMT_STATUS_INVALID_PARAMS);
5936 if (!hdev->set_bdaddr)
5937 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5938 MGMT_STATUS_NOT_SUPPORTED);
5942 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5943 bacpy(&hdev->public_addr, &cp->bdaddr);
5945 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5952 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5953 err = new_options(hdev, sk);
5955 if (is_configured(hdev)) {
5956 mgmt_index_removed(hdev);
5958 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5960 set_bit(HCI_CONFIG, &hdev->dev_flags);
5961 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5963 queue_work(hdev->req_workqueue, &hdev->power_on);
5967 hci_dev_unlock(hdev);
5971 static const struct mgmt_handler {
5972 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5976 } mgmt_handlers[] = {
5977 { NULL }, /* 0x0000 (no command) */
5978 { read_version, false, MGMT_READ_VERSION_SIZE },
5979 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5980 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5981 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5982 { set_powered, false, MGMT_SETTING_SIZE },
5983 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5984 { set_connectable, false, MGMT_SETTING_SIZE },
5985 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5986 { set_bondable, false, MGMT_SETTING_SIZE },
5987 { set_link_security, false, MGMT_SETTING_SIZE },
5988 { set_ssp, false, MGMT_SETTING_SIZE },
5989 { set_hs, false, MGMT_SETTING_SIZE },
5990 { set_le, false, MGMT_SETTING_SIZE },
5991 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5992 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5993 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5994 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5995 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5996 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5997 { disconnect, false, MGMT_DISCONNECT_SIZE },
5998 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5999 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
6000 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6001 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
6002 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
6003 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6004 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
6005 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
6006 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6007 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
6008 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6009 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6010 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
6011 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6012 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
6013 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
6014 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
6015 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
6016 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
6017 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
6018 { set_advertising, false, MGMT_SETTING_SIZE },
6019 { set_bredr, false, MGMT_SETTING_SIZE },
6020 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
6021 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
6022 { set_secure_conn, false, MGMT_SETTING_SIZE },
6023 { set_debug_keys, false, MGMT_SETTING_SIZE },
6024 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
6025 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
6026 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
6027 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
6028 { add_device, false, MGMT_ADD_DEVICE_SIZE },
6029 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
6030 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
6031 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
6032 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
6033 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
6034 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
6035 { start_service_discovery,true, MGMT_START_SERVICE_DISCOVERY_SIZE },
6038 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
6042 struct mgmt_hdr *hdr;
6043 u16 opcode, index, len;
6044 struct hci_dev *hdev = NULL;
6045 const struct mgmt_handler *handler;
6048 BT_DBG("got %zu bytes", msglen);
6050 if (msglen < sizeof(*hdr))
6053 buf = kmalloc(msglen, GFP_KERNEL);
6057 if (memcpy_from_msg(buf, msg, msglen)) {
6063 opcode = __le16_to_cpu(hdr->opcode);
6064 index = __le16_to_cpu(hdr->index);
6065 len = __le16_to_cpu(hdr->len);
6067 if (len != msglen - sizeof(*hdr)) {
6072 if (index != MGMT_INDEX_NONE) {
6073 hdev = hci_dev_get(index);
6075 err = cmd_status(sk, index, opcode,
6076 MGMT_STATUS_INVALID_INDEX);
6080 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
6081 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
6082 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
6083 err = cmd_status(sk, index, opcode,
6084 MGMT_STATUS_INVALID_INDEX);
6088 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
6089 opcode != MGMT_OP_READ_CONFIG_INFO &&
6090 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
6091 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
6092 err = cmd_status(sk, index, opcode,
6093 MGMT_STATUS_INVALID_INDEX);
6098 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
6099 mgmt_handlers[opcode].func == NULL) {
6100 BT_DBG("Unknown op %u", opcode);
6101 err = cmd_status(sk, index, opcode,
6102 MGMT_STATUS_UNKNOWN_COMMAND);
6106 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
6107 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
6108 err = cmd_status(sk, index, opcode,
6109 MGMT_STATUS_INVALID_INDEX);
6113 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
6114 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
6115 err = cmd_status(sk, index, opcode,
6116 MGMT_STATUS_INVALID_INDEX);
6120 handler = &mgmt_handlers[opcode];
6122 if ((handler->var_len && len < handler->data_len) ||
6123 (!handler->var_len && len != handler->data_len)) {
6124 err = cmd_status(sk, index, opcode,
6125 MGMT_STATUS_INVALID_PARAMS);
6130 mgmt_init_hdev(sk, hdev);
6132 cp = buf + sizeof(*hdr);
6134 err = handler->func(sk, hdev, cp, len);
6148 void mgmt_index_added(struct hci_dev *hdev)
6150 if (hdev->dev_type != HCI_BREDR)
6153 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6156 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6157 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
6159 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
6162 void mgmt_index_removed(struct hci_dev *hdev)
6164 u8 status = MGMT_STATUS_INVALID_INDEX;
6166 if (hdev->dev_type != HCI_BREDR)
6169 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6172 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6174 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6175 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
6177 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
6180 /* This function requires the caller holds hdev->lock */
6181 static void restart_le_actions(struct hci_request *req)
6183 struct hci_dev *hdev = req->hdev;
6184 struct hci_conn_params *p;
6186 list_for_each_entry(p, &hdev->le_conn_params, list) {
6187 /* Needed for AUTO_OFF case where might not "really"
6188 * have been powered off.
6190 list_del_init(&p->action);
6192 switch (p->auto_connect) {
6193 case HCI_AUTO_CONN_DIRECT:
6194 case HCI_AUTO_CONN_ALWAYS:
6195 list_add(&p->action, &hdev->pend_le_conns);
6197 case HCI_AUTO_CONN_REPORT:
6198 list_add(&p->action, &hdev->pend_le_reports);
6205 __hci_update_background_scan(req);
6208 static void powered_complete(struct hci_dev *hdev, u8 status)
6210 struct cmd_lookup match = { NULL, hdev };
6212 BT_DBG("status 0x%02x", status);
6216 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6218 new_settings(hdev, match.sk);
6220 hci_dev_unlock(hdev);
6226 static int powered_update_hci(struct hci_dev *hdev)
6228 struct hci_request req;
6231 hci_req_init(&req, hdev);
6233 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
6234 !lmp_host_ssp_capable(hdev)) {
6237 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
6240 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6242 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, sizeof(sc), &sc);
6245 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
6246 lmp_bredr_capable(hdev)) {
6247 struct hci_cp_write_le_host_supported cp;
6252 /* Check first if we already have the right
6253 * host state (host features set)
6255 if (cp.le != lmp_host_le_capable(hdev) ||
6256 cp.simul != lmp_host_le_br_capable(hdev))
6257 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6261 if (lmp_le_capable(hdev)) {
6262 /* Make sure the controller has a good default for
6263 * advertising data. This also applies to the case
6264 * where BR/EDR was toggled during the AUTO_OFF phase.
6266 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
6267 update_adv_data(&req);
6268 update_scan_rsp_data(&req);
6271 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6272 enable_advertising(&req);
6274 restart_le_actions(&req);
6277 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
6278 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
6279 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6280 sizeof(link_sec), &link_sec);
6282 if (lmp_bredr_capable(hdev)) {
6283 write_fast_connectable(&req, false);
6284 __hci_update_page_scan(&req);
6290 return hci_req_run(&req, powered_complete);
6293 int mgmt_powered(struct hci_dev *hdev, u8 powered)
6295 struct cmd_lookup match = { NULL, hdev };
6296 u8 status, zero_cod[] = { 0, 0, 0 };
6299 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
6303 if (powered_update_hci(hdev) == 0)
6306 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6311 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6313 /* If the power off is because of hdev unregistration let
6314 * use the appropriate INVALID_INDEX status. Otherwise use
6315 * NOT_POWERED. We cover both scenarios here since later in
6316 * mgmt_index_removed() any hci_conn callbacks will have already
6317 * been triggered, potentially causing misleading DISCONNECTED
6320 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
6321 status = MGMT_STATUS_INVALID_INDEX;
6323 status = MGMT_STATUS_NOT_POWERED;
6325 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6327 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6328 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6329 zero_cod, sizeof(zero_cod), NULL);
6332 err = new_settings(hdev, match.sk);
6340 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
6342 struct pending_cmd *cmd;
6345 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6349 if (err == -ERFKILL)
6350 status = MGMT_STATUS_RFKILLED;
6352 status = MGMT_STATUS_FAILED;
6354 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
6356 mgmt_pending_remove(cmd);
6359 void mgmt_discoverable_timeout(struct hci_dev *hdev)
6361 struct hci_request req;
6365 /* When discoverable timeout triggers, then just make sure
6366 * the limited discoverable flag is cleared. Even in the case
6367 * of a timeout triggered from general discoverable, it is
6368 * safe to unconditionally clear the flag.
6370 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
6371 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
6373 hci_req_init(&req, hdev);
6374 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6375 u8 scan = SCAN_PAGE;
6376 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6377 sizeof(scan), &scan);
6380 update_adv_data(&req);
6381 hci_req_run(&req, NULL);
6383 hdev->discov_timeout = 0;
6385 new_settings(hdev, NULL);
6387 hci_dev_unlock(hdev);
6390 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6393 struct mgmt_ev_new_link_key ev;
6395 memset(&ev, 0, sizeof(ev));
6397 ev.store_hint = persistent;
6398 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6399 ev.key.addr.type = BDADDR_BREDR;
6400 ev.key.type = key->type;
6401 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6402 ev.key.pin_len = key->pin_len;
6404 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6407 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6409 switch (ltk->type) {
6412 if (ltk->authenticated)
6413 return MGMT_LTK_AUTHENTICATED;
6414 return MGMT_LTK_UNAUTHENTICATED;
6416 if (ltk->authenticated)
6417 return MGMT_LTK_P256_AUTH;
6418 return MGMT_LTK_P256_UNAUTH;
6419 case SMP_LTK_P256_DEBUG:
6420 return MGMT_LTK_P256_DEBUG;
6423 return MGMT_LTK_UNAUTHENTICATED;
6426 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6428 struct mgmt_ev_new_long_term_key ev;
6430 memset(&ev, 0, sizeof(ev));
6432 /* Devices using resolvable or non-resolvable random addresses
6433 * without providing an indentity resolving key don't require
6434 * to store long term keys. Their addresses will change the
6437 * Only when a remote device provides an identity address
6438 * make sure the long term key is stored. If the remote
6439 * identity is known, the long term keys are internally
6440 * mapped to the identity address. So allow static random
6441 * and public addresses here.
6443 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6444 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6445 ev.store_hint = 0x00;
6447 ev.store_hint = persistent;
6449 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6450 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6451 ev.key.type = mgmt_ltk_type(key);
6452 ev.key.enc_size = key->enc_size;
6453 ev.key.ediv = key->ediv;
6454 ev.key.rand = key->rand;
6456 if (key->type == SMP_LTK)
6459 memcpy(ev.key.val, key->val, sizeof(key->val));
6461 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6464 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6466 struct mgmt_ev_new_irk ev;
6468 memset(&ev, 0, sizeof(ev));
6470 /* For identity resolving keys from devices that are already
6471 * using a public address or static random address, do not
6472 * ask for storing this key. The identity resolving key really
6473 * is only mandatory for devices using resovlable random
6476 * Storing all identity resolving keys has the downside that
6477 * they will be also loaded on next boot of they system. More
6478 * identity resolving keys, means more time during scanning is
6479 * needed to actually resolve these addresses.
6481 if (bacmp(&irk->rpa, BDADDR_ANY))
6482 ev.store_hint = 0x01;
6484 ev.store_hint = 0x00;
6486 bacpy(&ev.rpa, &irk->rpa);
6487 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6488 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6489 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6491 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6494 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6497 struct mgmt_ev_new_csrk ev;
6499 memset(&ev, 0, sizeof(ev));
6501 /* Devices using resolvable or non-resolvable random addresses
6502 * without providing an indentity resolving key don't require
6503 * to store signature resolving keys. Their addresses will change
6504 * the next time around.
6506 * Only when a remote device provides an identity address
6507 * make sure the signature resolving key is stored. So allow
6508 * static random and public addresses here.
6510 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6511 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6512 ev.store_hint = 0x00;
6514 ev.store_hint = persistent;
6516 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6517 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6518 ev.key.master = csrk->master;
6519 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6521 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6524 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6525 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6526 u16 max_interval, u16 latency, u16 timeout)
6528 struct mgmt_ev_new_conn_param ev;
6530 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6533 memset(&ev, 0, sizeof(ev));
6534 bacpy(&ev.addr.bdaddr, bdaddr);
6535 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6536 ev.store_hint = store_hint;
6537 ev.min_interval = cpu_to_le16(min_interval);
6538 ev.max_interval = cpu_to_le16(max_interval);
6539 ev.latency = cpu_to_le16(latency);
6540 ev.timeout = cpu_to_le16(timeout);
6542 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6545 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6548 eir[eir_len++] = sizeof(type) + data_len;
6549 eir[eir_len++] = type;
6550 memcpy(&eir[eir_len], data, data_len);
6551 eir_len += data_len;
6556 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6557 u32 flags, u8 *name, u8 name_len)
6560 struct mgmt_ev_device_connected *ev = (void *) buf;
6563 bacpy(&ev->addr.bdaddr, &conn->dst);
6564 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6566 ev->flags = __cpu_to_le32(flags);
6568 /* We must ensure that the EIR Data fields are ordered and
6569 * unique. Keep it simple for now and avoid the problem by not
6570 * adding any BR/EDR data to the LE adv.
6572 if (conn->le_adv_data_len > 0) {
6573 memcpy(&ev->eir[eir_len],
6574 conn->le_adv_data, conn->le_adv_data_len);
6575 eir_len = conn->le_adv_data_len;
6578 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6581 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
6582 eir_len = eir_append_data(ev->eir, eir_len,
6584 conn->dev_class, 3);
6587 ev->eir_len = cpu_to_le16(eir_len);
6589 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6590 sizeof(*ev) + eir_len, NULL);
6593 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6595 struct sock **sk = data;
6597 cmd->cmd_complete(cmd, 0);
6602 mgmt_pending_remove(cmd);
6605 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
6607 struct hci_dev *hdev = data;
6608 struct mgmt_cp_unpair_device *cp = cmd->param;
6610 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6612 cmd->cmd_complete(cmd, 0);
6613 mgmt_pending_remove(cmd);
6616 bool mgmt_powering_down(struct hci_dev *hdev)
6618 struct pending_cmd *cmd;
6619 struct mgmt_mode *cp;
6621 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6632 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6633 u8 link_type, u8 addr_type, u8 reason,
6634 bool mgmt_connected)
6636 struct mgmt_ev_device_disconnected ev;
6637 struct sock *sk = NULL;
6639 /* The connection is still in hci_conn_hash so test for 1
6640 * instead of 0 to know if this is the last one.
6642 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6643 cancel_delayed_work(&hdev->power_off);
6644 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6647 if (!mgmt_connected)
6650 if (link_type != ACL_LINK && link_type != LE_LINK)
6653 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6655 bacpy(&ev.addr.bdaddr, bdaddr);
6656 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6659 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6664 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6668 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6669 u8 link_type, u8 addr_type, u8 status)
6671 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6672 struct mgmt_cp_disconnect *cp;
6673 struct pending_cmd *cmd;
6675 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6678 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
6684 if (bacmp(bdaddr, &cp->addr.bdaddr))
6687 if (cp->addr.type != bdaddr_type)
6690 cmd->cmd_complete(cmd, mgmt_status(status));
6691 mgmt_pending_remove(cmd);
6694 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6695 u8 addr_type, u8 status)
6697 struct mgmt_ev_connect_failed ev;
6699 /* The connection is still in hci_conn_hash so test for 1
6700 * instead of 0 to know if this is the last one.
6702 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6703 cancel_delayed_work(&hdev->power_off);
6704 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6707 bacpy(&ev.addr.bdaddr, bdaddr);
6708 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6709 ev.status = mgmt_status(status);
6711 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
6714 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
6716 struct mgmt_ev_pin_code_request ev;
6718 bacpy(&ev.addr.bdaddr, bdaddr);
6719 ev.addr.type = BDADDR_BREDR;
6722 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
6725 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6728 struct pending_cmd *cmd;
6730 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
6734 cmd->cmd_complete(cmd, mgmt_status(status));
6735 mgmt_pending_remove(cmd);
6738 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6741 struct pending_cmd *cmd;
6743 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
6747 cmd->cmd_complete(cmd, mgmt_status(status));
6748 mgmt_pending_remove(cmd);
6751 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
6752 u8 link_type, u8 addr_type, u32 value,
6755 struct mgmt_ev_user_confirm_request ev;
6757 BT_DBG("%s", hdev->name);
6759 bacpy(&ev.addr.bdaddr, bdaddr);
6760 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6761 ev.confirm_hint = confirm_hint;
6762 ev.value = cpu_to_le32(value);
6764 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
6768 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
6769 u8 link_type, u8 addr_type)
6771 struct mgmt_ev_user_passkey_request ev;
6773 BT_DBG("%s", hdev->name);
6775 bacpy(&ev.addr.bdaddr, bdaddr);
6776 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6778 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
6782 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6783 u8 link_type, u8 addr_type, u8 status,
6786 struct pending_cmd *cmd;
6788 cmd = mgmt_pending_find(opcode, hdev);
6792 cmd->cmd_complete(cmd, mgmt_status(status));
6793 mgmt_pending_remove(cmd);
6798 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6799 u8 link_type, u8 addr_type, u8 status)
6801 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6802 status, MGMT_OP_USER_CONFIRM_REPLY);
6805 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6806 u8 link_type, u8 addr_type, u8 status)
6808 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6810 MGMT_OP_USER_CONFIRM_NEG_REPLY);
6813 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6814 u8 link_type, u8 addr_type, u8 status)
6816 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6817 status, MGMT_OP_USER_PASSKEY_REPLY);
6820 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6821 u8 link_type, u8 addr_type, u8 status)
6823 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6825 MGMT_OP_USER_PASSKEY_NEG_REPLY);
6828 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6829 u8 link_type, u8 addr_type, u32 passkey,
6832 struct mgmt_ev_passkey_notify ev;
6834 BT_DBG("%s", hdev->name);
6836 bacpy(&ev.addr.bdaddr, bdaddr);
6837 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6838 ev.passkey = __cpu_to_le32(passkey);
6839 ev.entered = entered;
6841 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6844 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
6846 struct mgmt_ev_auth_failed ev;
6847 struct pending_cmd *cmd;
6848 u8 status = mgmt_status(hci_status);
6850 bacpy(&ev.addr.bdaddr, &conn->dst);
6851 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6854 cmd = find_pairing(conn);
6856 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6857 cmd ? cmd->sk : NULL);
6860 cmd->cmd_complete(cmd, status);
6861 mgmt_pending_remove(cmd);
6865 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
6867 struct cmd_lookup match = { NULL, hdev };
6871 u8 mgmt_err = mgmt_status(status);
6872 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
6873 cmd_status_rsp, &mgmt_err);
6877 if (test_bit(HCI_AUTH, &hdev->flags))
6878 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6881 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6884 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
6888 new_settings(hdev, match.sk);
6894 static void clear_eir(struct hci_request *req)
6896 struct hci_dev *hdev = req->hdev;
6897 struct hci_cp_write_eir cp;
6899 if (!lmp_ext_inq_capable(hdev))
6902 memset(hdev->eir, 0, sizeof(hdev->eir));
6904 memset(&cp, 0, sizeof(cp));
6906 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
6909 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6911 struct cmd_lookup match = { NULL, hdev };
6912 struct hci_request req;
6913 bool changed = false;
6916 u8 mgmt_err = mgmt_status(status);
6918 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
6919 &hdev->dev_flags)) {
6920 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
6921 new_settings(hdev, NULL);
6924 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6930 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6932 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6934 changed = test_and_clear_bit(HCI_HS_ENABLED,
6937 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
6940 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6943 new_settings(hdev, match.sk);
6948 hci_req_init(&req, hdev);
6950 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6951 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6952 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6953 sizeof(enable), &enable);
6959 hci_req_run(&req, NULL);
6962 void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6964 struct cmd_lookup match = { NULL, hdev };
6965 bool changed = false;
6968 u8 mgmt_err = mgmt_status(status);
6971 if (test_and_clear_bit(HCI_SC_ENABLED,
6973 new_settings(hdev, NULL);
6974 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6977 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6978 cmd_status_rsp, &mgmt_err);
6983 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
6985 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
6986 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6989 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6990 settings_rsp, &match);
6993 new_settings(hdev, match.sk);
6999 static void sk_lookup(struct pending_cmd *cmd, void *data)
7001 struct cmd_lookup *match = data;
7003 if (match->sk == NULL) {
7004 match->sk = cmd->sk;
7005 sock_hold(match->sk);
7009 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7012 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7014 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7015 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7016 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7019 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
7026 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7028 struct mgmt_cp_set_local_name ev;
7029 struct pending_cmd *cmd;
7034 memset(&ev, 0, sizeof(ev));
7035 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7036 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7038 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7040 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7042 /* If this is a HCI command related to powering on the
7043 * HCI dev don't send any mgmt signals.
7045 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7049 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7050 cmd ? cmd->sk : NULL);
7053 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
7054 u8 *rand192, u8 *hash256, u8 *rand256,
7057 struct pending_cmd *cmd;
7059 BT_DBG("%s status %u", hdev->name, status);
7061 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
7066 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7067 mgmt_status(status));
7069 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
7070 struct mgmt_rp_read_local_oob_ext_data rp;
7072 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7073 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
7075 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
7076 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
7078 cmd_complete(cmd->sk, hdev->id,
7079 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7082 struct mgmt_rp_read_local_oob_data rp;
7084 memcpy(rp.hash, hash192, sizeof(rp.hash));
7085 memcpy(rp.rand, rand192, sizeof(rp.rand));
7087 cmd_complete(cmd->sk, hdev->id,
7088 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7093 mgmt_pending_remove(cmd);
7096 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7100 for (i = 0; i < uuid_count; i++) {
7101 if (!memcmp(uuid, uuids[i], 16))
7108 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7112 while (parsed < eir_len) {
7113 u8 field_len = eir[0];
7120 if (eir_len - parsed < field_len + 1)
7124 case EIR_UUID16_ALL:
7125 case EIR_UUID16_SOME:
7126 for (i = 0; i + 3 <= field_len; i += 2) {
7127 memcpy(uuid, bluetooth_base_uuid, 16);
7128 uuid[13] = eir[i + 3];
7129 uuid[12] = eir[i + 2];
7130 if (has_uuid(uuid, uuid_count, uuids))
7134 case EIR_UUID32_ALL:
7135 case EIR_UUID32_SOME:
7136 for (i = 0; i + 5 <= field_len; i += 4) {
7137 memcpy(uuid, bluetooth_base_uuid, 16);
7138 uuid[15] = eir[i + 5];
7139 uuid[14] = eir[i + 4];
7140 uuid[13] = eir[i + 3];
7141 uuid[12] = eir[i + 2];
7142 if (has_uuid(uuid, uuid_count, uuids))
7146 case EIR_UUID128_ALL:
7147 case EIR_UUID128_SOME:
7148 for (i = 0; i + 17 <= field_len; i += 16) {
7149 memcpy(uuid, eir + i + 2, 16);
7150 if (has_uuid(uuid, uuid_count, uuids))
7156 parsed += field_len + 1;
7157 eir += field_len + 1;
7163 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7164 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7165 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7168 struct mgmt_ev_device_found *ev = (void *) buf;
7172 /* Don't send events for a non-kernel initiated discovery. With
7173 * LE one exception is if we have pend_le_reports > 0 in which
7174 * case we're doing passive scanning and want these events.
7176 if (!hci_discovery_active(hdev)) {
7177 if (link_type == ACL_LINK)
7179 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7183 /* When using service discovery with a RSSI threshold, then check
7184 * if such a RSSI threshold is specified. If a RSSI threshold has
7185 * been specified, then all results with a RSSI smaller than the
7186 * RSSI threshold will be dropped.
7188 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7189 * the results are also dropped.
7191 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7192 (rssi < hdev->discovery.rssi || rssi == HCI_RSSI_INVALID))
7195 /* Make sure that the buffer is big enough. The 5 extra bytes
7196 * are for the potential CoD field.
7198 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7201 memset(buf, 0, sizeof(buf));
7203 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7204 * RSSI value was reported as 0 when not available. This behavior
7205 * is kept when using device discovery. This is required for full
7206 * backwards compatibility with the API.
7208 * However when using service discovery, the value 127 will be
7209 * returned when the RSSI is not available.
7211 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi)
7214 bacpy(&ev->addr.bdaddr, bdaddr);
7215 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7217 ev->flags = cpu_to_le32(flags);
7220 /* When using service discovery and a list of UUID is
7221 * provided, results with no matching UUID should be
7222 * dropped. In case there is a match the result is
7223 * kept and checking possible scan response data
7226 if (hdev->discovery.uuid_count > 0)
7227 match = eir_has_uuids(eir, eir_len,
7228 hdev->discovery.uuid_count,
7229 hdev->discovery.uuids);
7233 if (!match && !scan_rsp_len)
7236 /* Copy EIR or advertising data into event */
7237 memcpy(ev->eir, eir, eir_len);
7239 /* When using service discovery and a list of UUID is
7240 * provided, results with empty EIR or advertising data
7241 * should be dropped since they do not match any UUID.
7243 if (hdev->discovery.uuid_count > 0 && !scan_rsp_len)
7249 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7250 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7253 if (scan_rsp_len > 0) {
7254 /* When using service discovery and a list of UUID is
7255 * provided, results with no matching UUID should be
7256 * dropped if there is no previous match from the
7259 if (hdev->discovery.uuid_count > 0) {
7260 if (!match && !eir_has_uuids(scan_rsp, scan_rsp_len,
7261 hdev->discovery.uuid_count,
7262 hdev->discovery.uuids))
7266 /* Append scan response data to event */
7267 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7269 /* When using service discovery and a list of UUID is
7270 * provided, results with empty scan response and no
7271 * previous matched advertising data should be dropped.
7273 if (hdev->discovery.uuid_count > 0 && !match)
7277 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7278 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7280 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7283 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7284 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7286 struct mgmt_ev_device_found *ev;
7287 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7290 ev = (struct mgmt_ev_device_found *) buf;
7292 memset(buf, 0, sizeof(buf));
7294 bacpy(&ev->addr.bdaddr, bdaddr);
7295 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7298 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7301 ev->eir_len = cpu_to_le16(eir_len);
7303 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7306 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7308 struct mgmt_ev_discovering ev;
7310 BT_DBG("%s discovering %u", hdev->name, discovering);
7312 memset(&ev, 0, sizeof(ev));
7313 ev.type = hdev->discovery.type;
7314 ev.discovering = discovering;
7316 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7319 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
7321 BT_DBG("%s status %u", hdev->name, status);
7324 void mgmt_reenable_advertising(struct hci_dev *hdev)
7326 struct hci_request req;
7328 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
7331 hci_req_init(&req, hdev);
7332 enable_advertising(&req);
7333 hci_req_run(&req, adv_enable_complete);
projects / karo-tx-linux.git / blob