2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 17
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
109 MGMT_OP_SET_BLOCKED_KEYS,
110 MGMT_OP_SET_WIDEBAND_SPEECH,
111 MGMT_OP_READ_SECURITY_INFO,
114 static const u16 mgmt_events[] = {
115 MGMT_EV_CONTROLLER_ERROR,
117 MGMT_EV_INDEX_REMOVED,
118 MGMT_EV_NEW_SETTINGS,
119 MGMT_EV_CLASS_OF_DEV_CHANGED,
120 MGMT_EV_LOCAL_NAME_CHANGED,
121 MGMT_EV_NEW_LINK_KEY,
122 MGMT_EV_NEW_LONG_TERM_KEY,
123 MGMT_EV_DEVICE_CONNECTED,
124 MGMT_EV_DEVICE_DISCONNECTED,
125 MGMT_EV_CONNECT_FAILED,
126 MGMT_EV_PIN_CODE_REQUEST,
127 MGMT_EV_USER_CONFIRM_REQUEST,
128 MGMT_EV_USER_PASSKEY_REQUEST,
130 MGMT_EV_DEVICE_FOUND,
132 MGMT_EV_DEVICE_BLOCKED,
133 MGMT_EV_DEVICE_UNBLOCKED,
134 MGMT_EV_DEVICE_UNPAIRED,
135 MGMT_EV_PASSKEY_NOTIFY,
138 MGMT_EV_DEVICE_ADDED,
139 MGMT_EV_DEVICE_REMOVED,
140 MGMT_EV_NEW_CONN_PARAM,
141 MGMT_EV_UNCONF_INDEX_ADDED,
142 MGMT_EV_UNCONF_INDEX_REMOVED,
143 MGMT_EV_NEW_CONFIG_OPTIONS,
144 MGMT_EV_EXT_INDEX_ADDED,
145 MGMT_EV_EXT_INDEX_REMOVED,
146 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
147 MGMT_EV_ADVERTISING_ADDED,
148 MGMT_EV_ADVERTISING_REMOVED,
149 MGMT_EV_EXT_INFO_CHANGED,
150 MGMT_EV_PHY_CONFIGURATION_CHANGED,
153 static const u16 mgmt_untrusted_commands[] = {
154 MGMT_OP_READ_INDEX_LIST,
156 MGMT_OP_READ_UNCONF_INDEX_LIST,
157 MGMT_OP_READ_CONFIG_INFO,
158 MGMT_OP_READ_EXT_INDEX_LIST,
159 MGMT_OP_READ_EXT_INFO,
160 MGMT_OP_READ_SECURITY_INFO,
163 static const u16 mgmt_untrusted_events[] = {
165 MGMT_EV_INDEX_REMOVED,
166 MGMT_EV_NEW_SETTINGS,
167 MGMT_EV_CLASS_OF_DEV_CHANGED,
168 MGMT_EV_LOCAL_NAME_CHANGED,
169 MGMT_EV_UNCONF_INDEX_ADDED,
170 MGMT_EV_UNCONF_INDEX_REMOVED,
171 MGMT_EV_NEW_CONFIG_OPTIONS,
172 MGMT_EV_EXT_INDEX_ADDED,
173 MGMT_EV_EXT_INDEX_REMOVED,
174 MGMT_EV_EXT_INFO_CHANGED,
177 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
179 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
180 "\x00\x00\x00\x00\x00\x00\x00\x00"
182 /* HCI to MGMT error code conversion table */
183 static const u8 mgmt_status_table[] = {
185 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
186 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
187 MGMT_STATUS_FAILED, /* Hardware Failure */
188 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
189 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
190 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
191 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
192 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
193 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
194 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
195 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
196 MGMT_STATUS_BUSY, /* Command Disallowed */
197 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
198 MGMT_STATUS_REJECTED, /* Rejected Security */
199 MGMT_STATUS_REJECTED, /* Rejected Personal */
200 MGMT_STATUS_TIMEOUT, /* Host Timeout */
201 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
202 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
203 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
204 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
205 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
206 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
207 MGMT_STATUS_BUSY, /* Repeated Attempts */
208 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
209 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
210 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
211 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
212 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
213 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
214 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
215 MGMT_STATUS_FAILED, /* Unspecified Error */
216 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
217 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
218 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
219 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
220 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
221 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
222 MGMT_STATUS_FAILED, /* Unit Link Key Used */
223 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
224 MGMT_STATUS_TIMEOUT, /* Instant Passed */
225 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
226 MGMT_STATUS_FAILED, /* Transaction Collision */
227 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
228 MGMT_STATUS_REJECTED, /* QoS Rejected */
229 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
230 MGMT_STATUS_REJECTED, /* Insufficient Security */
231 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
232 MGMT_STATUS_BUSY, /* Role Switch Pending */
233 MGMT_STATUS_FAILED, /* Slot Violation */
234 MGMT_STATUS_FAILED, /* Role Switch Failed */
235 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
236 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
237 MGMT_STATUS_BUSY, /* Host Busy Pairing */
238 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
239 MGMT_STATUS_BUSY, /* Controller Busy */
240 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
241 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
242 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
243 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
244 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
247 static u8 mgmt_status(u8 hci_status)
249 if (hci_status < ARRAY_SIZE(mgmt_status_table))
250 return mgmt_status_table[hci_status];
252 return MGMT_STATUS_FAILED;
255 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
258 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
262 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
263 u16 len, int flag, struct sock *skip_sk)
265 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
269 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
270 struct sock *skip_sk)
272 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
273 HCI_SOCK_TRUSTED, skip_sk);
276 static u8 le_addr_type(u8 mgmt_addr_type)
278 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
279 return ADDR_LE_DEV_PUBLIC;
281 return ADDR_LE_DEV_RANDOM;
284 void mgmt_fill_version_info(void *ver)
286 struct mgmt_rp_read_version *rp = ver;
288 rp->version = MGMT_VERSION;
289 rp->revision = cpu_to_le16(MGMT_REVISION);
292 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
295 struct mgmt_rp_read_version rp;
297 bt_dev_dbg(hdev, "sock %p", sk);
299 mgmt_fill_version_info(&rp);
301 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
305 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
308 struct mgmt_rp_read_commands *rp;
309 u16 num_commands, num_events;
313 bt_dev_dbg(hdev, "sock %p", sk);
315 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
316 num_commands = ARRAY_SIZE(mgmt_commands);
317 num_events = ARRAY_SIZE(mgmt_events);
319 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
320 num_events = ARRAY_SIZE(mgmt_untrusted_events);
323 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
325 rp = kmalloc(rp_size, GFP_KERNEL);
329 rp->num_commands = cpu_to_le16(num_commands);
330 rp->num_events = cpu_to_le16(num_events);
332 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
333 __le16 *opcode = rp->opcodes;
335 for (i = 0; i < num_commands; i++, opcode++)
336 put_unaligned_le16(mgmt_commands[i], opcode);
338 for (i = 0; i < num_events; i++, opcode++)
339 put_unaligned_le16(mgmt_events[i], opcode);
341 __le16 *opcode = rp->opcodes;
343 for (i = 0; i < num_commands; i++, opcode++)
344 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
346 for (i = 0; i < num_events; i++, opcode++)
347 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
350 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
357 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
360 struct mgmt_rp_read_index_list *rp;
366 bt_dev_dbg(hdev, "sock %p", sk);
368 read_lock(&hci_dev_list_lock);
371 list_for_each_entry(d, &hci_dev_list, list) {
372 if (d->dev_type == HCI_PRIMARY &&
373 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
377 rp_len = sizeof(*rp) + (2 * count);
378 rp = kmalloc(rp_len, GFP_ATOMIC);
380 read_unlock(&hci_dev_list_lock);
385 list_for_each_entry(d, &hci_dev_list, list) {
386 if (hci_dev_test_flag(d, HCI_SETUP) ||
387 hci_dev_test_flag(d, HCI_CONFIG) ||
388 hci_dev_test_flag(d, HCI_USER_CHANNEL))
391 /* Devices marked as raw-only are neither configured
392 * nor unconfigured controllers.
394 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
397 if (d->dev_type == HCI_PRIMARY &&
398 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
399 rp->index[count++] = cpu_to_le16(d->id);
400 bt_dev_dbg(hdev, "Added hci%u", d->id);
404 rp->num_controllers = cpu_to_le16(count);
405 rp_len = sizeof(*rp) + (2 * count);
407 read_unlock(&hci_dev_list_lock);
409 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
417 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
418 void *data, u16 data_len)
420 struct mgmt_rp_read_unconf_index_list *rp;
426 bt_dev_dbg(hdev, "sock %p", sk);
428 read_lock(&hci_dev_list_lock);
431 list_for_each_entry(d, &hci_dev_list, list) {
432 if (d->dev_type == HCI_PRIMARY &&
433 hci_dev_test_flag(d, HCI_UNCONFIGURED))
437 rp_len = sizeof(*rp) + (2 * count);
438 rp = kmalloc(rp_len, GFP_ATOMIC);
440 read_unlock(&hci_dev_list_lock);
445 list_for_each_entry(d, &hci_dev_list, list) {
446 if (hci_dev_test_flag(d, HCI_SETUP) ||
447 hci_dev_test_flag(d, HCI_CONFIG) ||
448 hci_dev_test_flag(d, HCI_USER_CHANNEL))
451 /* Devices marked as raw-only are neither configured
452 * nor unconfigured controllers.
454 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
457 if (d->dev_type == HCI_PRIMARY &&
458 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
459 rp->index[count++] = cpu_to_le16(d->id);
460 bt_dev_dbg(hdev, "Added hci%u", d->id);
464 rp->num_controllers = cpu_to_le16(count);
465 rp_len = sizeof(*rp) + (2 * count);
467 read_unlock(&hci_dev_list_lock);
469 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
470 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
477 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
478 void *data, u16 data_len)
480 struct mgmt_rp_read_ext_index_list *rp;
485 bt_dev_dbg(hdev, "sock %p", sk);
487 read_lock(&hci_dev_list_lock);
490 list_for_each_entry(d, &hci_dev_list, list) {
491 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
495 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
497 read_unlock(&hci_dev_list_lock);
502 list_for_each_entry(d, &hci_dev_list, list) {
503 if (hci_dev_test_flag(d, HCI_SETUP) ||
504 hci_dev_test_flag(d, HCI_CONFIG) ||
505 hci_dev_test_flag(d, HCI_USER_CHANNEL))
508 /* Devices marked as raw-only are neither configured
509 * nor unconfigured controllers.
511 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
514 if (d->dev_type == HCI_PRIMARY) {
515 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
516 rp->entry[count].type = 0x01;
518 rp->entry[count].type = 0x00;
519 } else if (d->dev_type == HCI_AMP) {
520 rp->entry[count].type = 0x02;
525 rp->entry[count].bus = d->bus;
526 rp->entry[count++].index = cpu_to_le16(d->id);
527 bt_dev_dbg(hdev, "Added hci%u", d->id);
530 rp->num_controllers = cpu_to_le16(count);
532 read_unlock(&hci_dev_list_lock);
534 /* If this command is called at least once, then all the
535 * default index and unconfigured index events are disabled
536 * and from now on only extended index events are used.
538 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
539 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
540 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
542 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
543 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
544 struct_size(rp, entry, count));
551 static bool is_configured(struct hci_dev *hdev)
553 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
554 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
557 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
558 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
559 !bacmp(&hdev->public_addr, BDADDR_ANY))
565 static __le32 get_missing_options(struct hci_dev *hdev)
569 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
570 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
571 options |= MGMT_OPTION_EXTERNAL_CONFIG;
573 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
574 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
575 !bacmp(&hdev->public_addr, BDADDR_ANY))
576 options |= MGMT_OPTION_PUBLIC_ADDRESS;
578 return cpu_to_le32(options);
581 static int new_options(struct hci_dev *hdev, struct sock *skip)
583 __le32 options = get_missing_options(hdev);
585 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
586 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
589 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
591 __le32 options = get_missing_options(hdev);
593 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
597 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
598 void *data, u16 data_len)
600 struct mgmt_rp_read_config_info rp;
603 bt_dev_dbg(hdev, "sock %p", sk);
607 memset(&rp, 0, sizeof(rp));
608 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
610 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
611 options |= MGMT_OPTION_EXTERNAL_CONFIG;
613 if (hdev->set_bdaddr)
614 options |= MGMT_OPTION_PUBLIC_ADDRESS;
616 rp.supported_options = cpu_to_le32(options);
617 rp.missing_options = get_missing_options(hdev);
619 hci_dev_unlock(hdev);
621 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
625 static u32 get_supported_phys(struct hci_dev *hdev)
627 u32 supported_phys = 0;
629 if (lmp_bredr_capable(hdev)) {
630 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
632 if (hdev->features[0][0] & LMP_3SLOT)
633 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
635 if (hdev->features[0][0] & LMP_5SLOT)
636 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
638 if (lmp_edr_2m_capable(hdev)) {
639 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
641 if (lmp_edr_3slot_capable(hdev))
642 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
644 if (lmp_edr_5slot_capable(hdev))
645 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
647 if (lmp_edr_3m_capable(hdev)) {
648 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
650 if (lmp_edr_3slot_capable(hdev))
651 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
653 if (lmp_edr_5slot_capable(hdev))
654 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
659 if (lmp_le_capable(hdev)) {
660 supported_phys |= MGMT_PHY_LE_1M_TX;
661 supported_phys |= MGMT_PHY_LE_1M_RX;
663 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
664 supported_phys |= MGMT_PHY_LE_2M_TX;
665 supported_phys |= MGMT_PHY_LE_2M_RX;
668 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
669 supported_phys |= MGMT_PHY_LE_CODED_TX;
670 supported_phys |= MGMT_PHY_LE_CODED_RX;
674 return supported_phys;
677 static u32 get_selected_phys(struct hci_dev *hdev)
679 u32 selected_phys = 0;
681 if (lmp_bredr_capable(hdev)) {
682 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
684 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
685 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
687 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
688 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
690 if (lmp_edr_2m_capable(hdev)) {
691 if (!(hdev->pkt_type & HCI_2DH1))
692 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
694 if (lmp_edr_3slot_capable(hdev) &&
695 !(hdev->pkt_type & HCI_2DH3))
696 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
698 if (lmp_edr_5slot_capable(hdev) &&
699 !(hdev->pkt_type & HCI_2DH5))
700 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
702 if (lmp_edr_3m_capable(hdev)) {
703 if (!(hdev->pkt_type & HCI_3DH1))
704 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
706 if (lmp_edr_3slot_capable(hdev) &&
707 !(hdev->pkt_type & HCI_3DH3))
708 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
710 if (lmp_edr_5slot_capable(hdev) &&
711 !(hdev->pkt_type & HCI_3DH5))
712 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
717 if (lmp_le_capable(hdev)) {
718 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
719 selected_phys |= MGMT_PHY_LE_1M_TX;
721 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
722 selected_phys |= MGMT_PHY_LE_1M_RX;
724 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
725 selected_phys |= MGMT_PHY_LE_2M_TX;
727 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
728 selected_phys |= MGMT_PHY_LE_2M_RX;
730 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
731 selected_phys |= MGMT_PHY_LE_CODED_TX;
733 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
734 selected_phys |= MGMT_PHY_LE_CODED_RX;
737 return selected_phys;
740 static u32 get_configurable_phys(struct hci_dev *hdev)
742 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
743 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
746 static u32 get_supported_settings(struct hci_dev *hdev)
750 settings |= MGMT_SETTING_POWERED;
751 settings |= MGMT_SETTING_BONDABLE;
752 settings |= MGMT_SETTING_DEBUG_KEYS;
753 settings |= MGMT_SETTING_CONNECTABLE;
754 settings |= MGMT_SETTING_DISCOVERABLE;
756 if (lmp_bredr_capable(hdev)) {
757 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
758 settings |= MGMT_SETTING_FAST_CONNECTABLE;
759 settings |= MGMT_SETTING_BREDR;
760 settings |= MGMT_SETTING_LINK_SECURITY;
762 if (lmp_ssp_capable(hdev)) {
763 settings |= MGMT_SETTING_SSP;
764 settings |= MGMT_SETTING_HS;
767 if (lmp_sc_capable(hdev))
768 settings |= MGMT_SETTING_SECURE_CONN;
770 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
772 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
775 if (lmp_le_capable(hdev)) {
776 settings |= MGMT_SETTING_LE;
777 settings |= MGMT_SETTING_ADVERTISING;
778 settings |= MGMT_SETTING_SECURE_CONN;
779 settings |= MGMT_SETTING_PRIVACY;
780 settings |= MGMT_SETTING_STATIC_ADDRESS;
783 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
785 settings |= MGMT_SETTING_CONFIGURATION;
787 settings |= MGMT_SETTING_PHY_CONFIGURATION;
792 static u32 get_current_settings(struct hci_dev *hdev)
796 if (hdev_is_powered(hdev))
797 settings |= MGMT_SETTING_POWERED;
799 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
800 settings |= MGMT_SETTING_CONNECTABLE;
802 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
803 settings |= MGMT_SETTING_FAST_CONNECTABLE;
805 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
806 settings |= MGMT_SETTING_DISCOVERABLE;
808 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
809 settings |= MGMT_SETTING_BONDABLE;
811 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
812 settings |= MGMT_SETTING_BREDR;
814 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
815 settings |= MGMT_SETTING_LE;
817 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
818 settings |= MGMT_SETTING_LINK_SECURITY;
820 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
821 settings |= MGMT_SETTING_SSP;
823 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
824 settings |= MGMT_SETTING_HS;
826 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
827 settings |= MGMT_SETTING_ADVERTISING;
829 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
830 settings |= MGMT_SETTING_SECURE_CONN;
832 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
833 settings |= MGMT_SETTING_DEBUG_KEYS;
835 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
836 settings |= MGMT_SETTING_PRIVACY;
838 /* The current setting for static address has two purposes. The
839 * first is to indicate if the static address will be used and
840 * the second is to indicate if it is actually set.
842 * This means if the static address is not configured, this flag
843 * will never be set. If the address is configured, then if the
844 * address is actually used decides if the flag is set or not.
846 * For single mode LE only controllers and dual-mode controllers
847 * with BR/EDR disabled, the existence of the static address will
850 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
851 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
852 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
853 if (bacmp(&hdev->static_addr, BDADDR_ANY))
854 settings |= MGMT_SETTING_STATIC_ADDRESS;
857 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
858 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
863 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
865 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
868 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
869 struct hci_dev *hdev,
872 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
875 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
877 struct mgmt_pending_cmd *cmd;
879 /* If there's a pending mgmt command the flags will not yet have
880 * their final values, so check for this first.
882 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
884 struct mgmt_mode *cp = cmd->param;
886 return LE_AD_GENERAL;
887 else if (cp->val == 0x02)
888 return LE_AD_LIMITED;
890 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
891 return LE_AD_LIMITED;
892 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
893 return LE_AD_GENERAL;
899 bool mgmt_get_connectable(struct hci_dev *hdev)
901 struct mgmt_pending_cmd *cmd;
903 /* If there's a pending mgmt command the flag will not yet have
904 * it's final value, so check for this first.
906 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
908 struct mgmt_mode *cp = cmd->param;
913 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
916 static void service_cache_off(struct work_struct *work)
918 struct hci_dev *hdev = container_of(work, struct hci_dev,
920 struct hci_request req;
922 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
925 hci_req_init(&req, hdev);
929 __hci_req_update_eir(&req);
930 __hci_req_update_class(&req);
932 hci_dev_unlock(hdev);
934 hci_req_run(&req, NULL);
937 static void rpa_expired(struct work_struct *work)
939 struct hci_dev *hdev = container_of(work, struct hci_dev,
941 struct hci_request req;
943 bt_dev_dbg(hdev, "");
945 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
947 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
950 /* The generation of a new RPA and programming it into the
951 * controller happens in the hci_req_enable_advertising()
954 hci_req_init(&req, hdev);
955 if (ext_adv_capable(hdev))
956 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
958 __hci_req_enable_advertising(&req);
959 hci_req_run(&req, NULL);
962 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
964 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
967 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
968 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
970 /* Non-mgmt controlled devices get this bit set
971 * implicitly so that pairing works for them, however
972 * for mgmt we require user-space to explicitly enable
975 hci_dev_clear_flag(hdev, HCI_BONDABLE);
978 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
979 void *data, u16 data_len)
981 struct mgmt_rp_read_info rp;
983 bt_dev_dbg(hdev, "sock %p", sk);
987 memset(&rp, 0, sizeof(rp));
989 bacpy(&rp.bdaddr, &hdev->bdaddr);
991 rp.version = hdev->hci_ver;
992 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
994 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
995 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
997 memcpy(rp.dev_class, hdev->dev_class, 3);
999 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1000 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1002 hci_dev_unlock(hdev);
1004 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1008 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1013 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1014 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1015 hdev->dev_class, 3);
1017 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1018 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1021 name_len = strlen(hdev->dev_name);
1022 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1023 hdev->dev_name, name_len);
1025 name_len = strlen(hdev->short_name);
1026 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1027 hdev->short_name, name_len);
1032 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1033 void *data, u16 data_len)
1036 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1039 bt_dev_dbg(hdev, "sock %p", sk);
1041 memset(&buf, 0, sizeof(buf));
1045 bacpy(&rp->bdaddr, &hdev->bdaddr);
1047 rp->version = hdev->hci_ver;
1048 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1050 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1051 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1054 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1055 rp->eir_len = cpu_to_le16(eir_len);
1057 hci_dev_unlock(hdev);
1059 /* If this command is called at least once, then the events
1060 * for class of device and local name changes are disabled
1061 * and only the new extended controller information event
1064 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1065 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1066 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1068 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1069 sizeof(*rp) + eir_len);
1072 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1075 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1078 memset(buf, 0, sizeof(buf));
1080 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1081 ev->eir_len = cpu_to_le16(eir_len);
1083 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1084 sizeof(*ev) + eir_len,
1085 HCI_MGMT_EXT_INFO_EVENTS, skip);
1088 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1090 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1092 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1096 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1098 bt_dev_dbg(hdev, "status 0x%02x", status);
1100 if (hci_conn_count(hdev) == 0) {
1101 cancel_delayed_work(&hdev->power_off);
1102 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1106 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1108 struct mgmt_ev_advertising_added ev;
1110 ev.instance = instance;
1112 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1115 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1118 struct mgmt_ev_advertising_removed ev;
1120 ev.instance = instance;
1122 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1125 static void cancel_adv_timeout(struct hci_dev *hdev)
1127 if (hdev->adv_instance_timeout) {
1128 hdev->adv_instance_timeout = 0;
1129 cancel_delayed_work(&hdev->adv_instance_expire);
1133 static int clean_up_hci_state(struct hci_dev *hdev)
1135 struct hci_request req;
1136 struct hci_conn *conn;
1137 bool discov_stopped;
1140 hci_req_init(&req, hdev);
1142 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1143 test_bit(HCI_PSCAN, &hdev->flags)) {
1145 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1148 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1150 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1151 __hci_req_disable_advertising(&req);
1153 discov_stopped = hci_req_stop_discovery(&req);
1155 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1156 /* 0x15 == Terminated due to Power Off */
1157 __hci_abort_conn(&req, conn, 0x15);
1160 err = hci_req_run(&req, clean_up_hci_complete);
1161 if (!err && discov_stopped)
1162 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1167 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1170 struct mgmt_mode *cp = data;
1171 struct mgmt_pending_cmd *cmd;
1174 bt_dev_dbg(hdev, "sock %p", sk);
1176 if (cp->val != 0x00 && cp->val != 0x01)
1177 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1178 MGMT_STATUS_INVALID_PARAMS);
1182 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1183 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1188 if (!!cp->val == hdev_is_powered(hdev)) {
1189 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1193 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1200 queue_work(hdev->req_workqueue, &hdev->power_on);
1203 /* Disconnect connections, stop scans, etc */
1204 err = clean_up_hci_state(hdev);
1206 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1207 HCI_POWER_OFF_TIMEOUT);
1209 /* ENODATA means there were no HCI commands queued */
1210 if (err == -ENODATA) {
1211 cancel_delayed_work(&hdev->power_off);
1212 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1218 hci_dev_unlock(hdev);
1222 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1224 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1226 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1227 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1230 int mgmt_new_settings(struct hci_dev *hdev)
1232 return new_settings(hdev, NULL);
1237 struct hci_dev *hdev;
1241 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1243 struct cmd_lookup *match = data;
1245 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1247 list_del(&cmd->list);
1249 if (match->sk == NULL) {
1250 match->sk = cmd->sk;
1251 sock_hold(match->sk);
1254 mgmt_pending_free(cmd);
1257 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1261 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1262 mgmt_pending_remove(cmd);
1265 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1267 if (cmd->cmd_complete) {
1270 cmd->cmd_complete(cmd, *status);
1271 mgmt_pending_remove(cmd);
1276 cmd_status_rsp(cmd, data);
1279 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1281 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1282 cmd->param, cmd->param_len);
1285 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1287 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1288 cmd->param, sizeof(struct mgmt_addr_info));
1291 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1293 if (!lmp_bredr_capable(hdev))
1294 return MGMT_STATUS_NOT_SUPPORTED;
1295 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1296 return MGMT_STATUS_REJECTED;
1298 return MGMT_STATUS_SUCCESS;
1301 static u8 mgmt_le_support(struct hci_dev *hdev)
1303 if (!lmp_le_capable(hdev))
1304 return MGMT_STATUS_NOT_SUPPORTED;
1305 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1306 return MGMT_STATUS_REJECTED;
1308 return MGMT_STATUS_SUCCESS;
1311 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1313 struct mgmt_pending_cmd *cmd;
1315 bt_dev_dbg(hdev, "status 0x%02x", status);
1319 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1324 u8 mgmt_err = mgmt_status(status);
1325 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1326 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1330 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1331 hdev->discov_timeout > 0) {
1332 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1333 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1336 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1337 new_settings(hdev, cmd->sk);
1340 mgmt_pending_remove(cmd);
1343 hci_dev_unlock(hdev);
1346 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1349 struct mgmt_cp_set_discoverable *cp = data;
1350 struct mgmt_pending_cmd *cmd;
1354 bt_dev_dbg(hdev, "sock %p", sk);
1356 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1357 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1358 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1359 MGMT_STATUS_REJECTED);
1361 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1362 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1363 MGMT_STATUS_INVALID_PARAMS);
1365 timeout = __le16_to_cpu(cp->timeout);
1367 /* Disabling discoverable requires that no timeout is set,
1368 * and enabling limited discoverable requires a timeout.
1370 if ((cp->val == 0x00 && timeout > 0) ||
1371 (cp->val == 0x02 && timeout == 0))
1372 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1373 MGMT_STATUS_INVALID_PARAMS);
1377 if (!hdev_is_powered(hdev) && timeout > 0) {
1378 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1379 MGMT_STATUS_NOT_POWERED);
1383 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1384 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1385 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1390 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1391 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1392 MGMT_STATUS_REJECTED);
1396 if (hdev->advertising_paused) {
1397 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1402 if (!hdev_is_powered(hdev)) {
1403 bool changed = false;
1405 /* Setting limited discoverable when powered off is
1406 * not a valid operation since it requires a timeout
1407 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1409 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1410 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1414 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1419 err = new_settings(hdev, sk);
1424 /* If the current mode is the same, then just update the timeout
1425 * value with the new value. And if only the timeout gets updated,
1426 * then no need for any HCI transactions.
1428 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1429 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1430 HCI_LIMITED_DISCOVERABLE)) {
1431 cancel_delayed_work(&hdev->discov_off);
1432 hdev->discov_timeout = timeout;
1434 if (cp->val && hdev->discov_timeout > 0) {
1435 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1436 queue_delayed_work(hdev->req_workqueue,
1437 &hdev->discov_off, to);
1440 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1444 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1450 /* Cancel any potential discoverable timeout that might be
1451 * still active and store new timeout value. The arming of
1452 * the timeout happens in the complete handler.
1454 cancel_delayed_work(&hdev->discov_off);
1455 hdev->discov_timeout = timeout;
1458 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1460 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1462 /* Limited discoverable mode */
1463 if (cp->val == 0x02)
1464 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1466 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1468 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1472 hci_dev_unlock(hdev);
1476 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1478 struct mgmt_pending_cmd *cmd;
1480 bt_dev_dbg(hdev, "status 0x%02x", status);
1484 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1489 u8 mgmt_err = mgmt_status(status);
1490 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1494 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1495 new_settings(hdev, cmd->sk);
1498 mgmt_pending_remove(cmd);
1501 hci_dev_unlock(hdev);
1504 static int set_connectable_update_settings(struct hci_dev *hdev,
1505 struct sock *sk, u8 val)
1507 bool changed = false;
1510 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1514 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1516 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1517 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1520 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1525 hci_req_update_scan(hdev);
1526 hci_update_background_scan(hdev);
1527 return new_settings(hdev, sk);
1533 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1536 struct mgmt_mode *cp = data;
1537 struct mgmt_pending_cmd *cmd;
1540 bt_dev_dbg(hdev, "sock %p", sk);
1542 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1543 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1544 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1545 MGMT_STATUS_REJECTED);
1547 if (cp->val != 0x00 && cp->val != 0x01)
1548 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1549 MGMT_STATUS_INVALID_PARAMS);
1553 if (!hdev_is_powered(hdev)) {
1554 err = set_connectable_update_settings(hdev, sk, cp->val);
1558 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1559 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1560 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1565 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1572 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1574 if (hdev->discov_timeout > 0)
1575 cancel_delayed_work(&hdev->discov_off);
1577 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1578 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1579 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1582 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1586 hci_dev_unlock(hdev);
1590 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1593 struct mgmt_mode *cp = data;
1597 bt_dev_dbg(hdev, "sock %p", sk);
1599 if (cp->val != 0x00 && cp->val != 0x01)
1600 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1601 MGMT_STATUS_INVALID_PARAMS);
1606 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1608 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1610 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1615 /* In limited privacy mode the change of bondable mode
1616 * may affect the local advertising address.
1618 if (hdev_is_powered(hdev) &&
1619 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1620 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1621 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1622 queue_work(hdev->req_workqueue,
1623 &hdev->discoverable_update);
1625 err = new_settings(hdev, sk);
1629 hci_dev_unlock(hdev);
1633 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1636 struct mgmt_mode *cp = data;
1637 struct mgmt_pending_cmd *cmd;
1641 bt_dev_dbg(hdev, "sock %p", sk);
1643 status = mgmt_bredr_support(hdev);
1645 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1648 if (cp->val != 0x00 && cp->val != 0x01)
1649 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1650 MGMT_STATUS_INVALID_PARAMS);
1654 if (!hdev_is_powered(hdev)) {
1655 bool changed = false;
1657 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1658 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1662 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1667 err = new_settings(hdev, sk);
1672 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1673 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1680 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1681 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1685 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1691 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1693 mgmt_pending_remove(cmd);
1698 hci_dev_unlock(hdev);
1702 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1704 struct mgmt_mode *cp = data;
1705 struct mgmt_pending_cmd *cmd;
1709 bt_dev_dbg(hdev, "sock %p", sk);
1711 status = mgmt_bredr_support(hdev);
1713 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1715 if (!lmp_ssp_capable(hdev))
1716 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1717 MGMT_STATUS_NOT_SUPPORTED);
1719 if (cp->val != 0x00 && cp->val != 0x01)
1720 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1721 MGMT_STATUS_INVALID_PARAMS);
1725 if (!hdev_is_powered(hdev)) {
1729 changed = !hci_dev_test_and_set_flag(hdev,
1732 changed = hci_dev_test_and_clear_flag(hdev,
1735 changed = hci_dev_test_and_clear_flag(hdev,
1738 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1741 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1746 err = new_settings(hdev, sk);
1751 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1752 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1757 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1758 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1762 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1768 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1769 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1770 sizeof(cp->val), &cp->val);
1772 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1774 mgmt_pending_remove(cmd);
1779 hci_dev_unlock(hdev);
1783 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1785 struct mgmt_mode *cp = data;
1790 bt_dev_dbg(hdev, "sock %p", sk);
1792 status = mgmt_bredr_support(hdev);
1794 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1796 if (!lmp_ssp_capable(hdev))
1797 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1798 MGMT_STATUS_NOT_SUPPORTED);
1800 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1801 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1802 MGMT_STATUS_REJECTED);
1804 if (cp->val != 0x00 && cp->val != 0x01)
1805 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1806 MGMT_STATUS_INVALID_PARAMS);
1810 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1811 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1817 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1819 if (hdev_is_powered(hdev)) {
1820 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1821 MGMT_STATUS_REJECTED);
1825 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1828 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1833 err = new_settings(hdev, sk);
1836 hci_dev_unlock(hdev);
1840 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1842 struct cmd_lookup match = { NULL, hdev };
1847 u8 mgmt_err = mgmt_status(status);
1849 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1854 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1856 new_settings(hdev, match.sk);
1861 /* Make sure the controller has a good default for
1862 * advertising data. Restrict the update to when LE
1863 * has actually been enabled. During power on, the
1864 * update in powered_update_hci will take care of it.
1866 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1867 struct hci_request req;
1868 hci_req_init(&req, hdev);
1869 if (ext_adv_capable(hdev)) {
1872 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1874 __hci_req_update_scan_rsp_data(&req, 0x00);
1876 __hci_req_update_adv_data(&req, 0x00);
1877 __hci_req_update_scan_rsp_data(&req, 0x00);
1879 hci_req_run(&req, NULL);
1880 hci_update_background_scan(hdev);
1884 hci_dev_unlock(hdev);
1887 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1889 struct mgmt_mode *cp = data;
1890 struct hci_cp_write_le_host_supported hci_cp;
1891 struct mgmt_pending_cmd *cmd;
1892 struct hci_request req;
1896 bt_dev_dbg(hdev, "sock %p", sk);
1898 if (!lmp_le_capable(hdev))
1899 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1900 MGMT_STATUS_NOT_SUPPORTED);
1902 if (cp->val != 0x00 && cp->val != 0x01)
1903 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1904 MGMT_STATUS_INVALID_PARAMS);
1906 /* Bluetooth single mode LE only controllers or dual-mode
1907 * controllers configured as LE only devices, do not allow
1908 * switching LE off. These have either LE enabled explicitly
1909 * or BR/EDR has been previously switched off.
1911 * When trying to enable an already enabled LE, then gracefully
1912 * send a positive response. Trying to disable it however will
1913 * result into rejection.
1915 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1916 if (cp->val == 0x01)
1917 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1919 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1920 MGMT_STATUS_REJECTED);
1926 enabled = lmp_host_le_capable(hdev);
1929 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1931 if (!hdev_is_powered(hdev) || val == enabled) {
1932 bool changed = false;
1934 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1935 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1939 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1940 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1944 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1949 err = new_settings(hdev, sk);
1954 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1955 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1956 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1961 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1967 hci_req_init(&req, hdev);
1969 memset(&hci_cp, 0, sizeof(hci_cp));
1973 hci_cp.simul = 0x00;
1975 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1976 __hci_req_disable_advertising(&req);
1978 if (ext_adv_capable(hdev))
1979 __hci_req_clear_ext_adv_sets(&req);
1982 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1985 err = hci_req_run(&req, le_enable_complete);
1987 mgmt_pending_remove(cmd);
1990 hci_dev_unlock(hdev);
1994 /* This is a helper function to test for pending mgmt commands that can
1995 * cause CoD or EIR HCI commands. We can only allow one such pending
1996 * mgmt command at a time since otherwise we cannot easily track what
1997 * the current values are, will be, and based on that calculate if a new
1998 * HCI command needs to be sent and if yes with what value.
2000 static bool pending_eir_or_class(struct hci_dev *hdev)
2002 struct mgmt_pending_cmd *cmd;
2004 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2005 switch (cmd->opcode) {
2006 case MGMT_OP_ADD_UUID:
2007 case MGMT_OP_REMOVE_UUID:
2008 case MGMT_OP_SET_DEV_CLASS:
2009 case MGMT_OP_SET_POWERED:
2017 static const u8 bluetooth_base_uuid[] = {
2018 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2019 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2022 static u8 get_uuid_size(const u8 *uuid)
2026 if (memcmp(uuid, bluetooth_base_uuid, 12))
2029 val = get_unaligned_le32(&uuid[12]);
2036 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2038 struct mgmt_pending_cmd *cmd;
2042 cmd = pending_find(mgmt_op, hdev);
2046 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2047 mgmt_status(status), hdev->dev_class, 3);
2049 mgmt_pending_remove(cmd);
2052 hci_dev_unlock(hdev);
2055 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2057 bt_dev_dbg(hdev, "status 0x%02x", status);
2059 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2062 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2064 struct mgmt_cp_add_uuid *cp = data;
2065 struct mgmt_pending_cmd *cmd;
2066 struct hci_request req;
2067 struct bt_uuid *uuid;
2070 bt_dev_dbg(hdev, "sock %p", sk);
2074 if (pending_eir_or_class(hdev)) {
2075 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2080 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2086 memcpy(uuid->uuid, cp->uuid, 16);
2087 uuid->svc_hint = cp->svc_hint;
2088 uuid->size = get_uuid_size(cp->uuid);
2090 list_add_tail(&uuid->list, &hdev->uuids);
2092 hci_req_init(&req, hdev);
2094 __hci_req_update_class(&req);
2095 __hci_req_update_eir(&req);
2097 err = hci_req_run(&req, add_uuid_complete);
2099 if (err != -ENODATA)
2102 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2103 hdev->dev_class, 3);
2107 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2116 hci_dev_unlock(hdev);
2120 static bool enable_service_cache(struct hci_dev *hdev)
2122 if (!hdev_is_powered(hdev))
2125 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2126 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2134 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2136 bt_dev_dbg(hdev, "status 0x%02x", status);
2138 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2141 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2144 struct mgmt_cp_remove_uuid *cp = data;
2145 struct mgmt_pending_cmd *cmd;
2146 struct bt_uuid *match, *tmp;
2147 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2148 struct hci_request req;
2151 bt_dev_dbg(hdev, "sock %p", sk);
2155 if (pending_eir_or_class(hdev)) {
2156 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2161 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2162 hci_uuids_clear(hdev);
2164 if (enable_service_cache(hdev)) {
2165 err = mgmt_cmd_complete(sk, hdev->id,
2166 MGMT_OP_REMOVE_UUID,
2167 0, hdev->dev_class, 3);
2176 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2177 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2180 list_del(&match->list);
2186 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2187 MGMT_STATUS_INVALID_PARAMS);
2192 hci_req_init(&req, hdev);
2194 __hci_req_update_class(&req);
2195 __hci_req_update_eir(&req);
2197 err = hci_req_run(&req, remove_uuid_complete);
2199 if (err != -ENODATA)
2202 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2203 hdev->dev_class, 3);
2207 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2216 hci_dev_unlock(hdev);
2220 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2222 bt_dev_dbg(hdev, "status 0x%02x", status);
2224 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2227 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2230 struct mgmt_cp_set_dev_class *cp = data;
2231 struct mgmt_pending_cmd *cmd;
2232 struct hci_request req;
2235 bt_dev_dbg(hdev, "sock %p", sk);
2237 if (!lmp_bredr_capable(hdev))
2238 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2239 MGMT_STATUS_NOT_SUPPORTED);
2243 if (pending_eir_or_class(hdev)) {
2244 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2249 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2250 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2251 MGMT_STATUS_INVALID_PARAMS);
2255 hdev->major_class = cp->major;
2256 hdev->minor_class = cp->minor;
2258 if (!hdev_is_powered(hdev)) {
2259 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2260 hdev->dev_class, 3);
2264 hci_req_init(&req, hdev);
2266 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2267 hci_dev_unlock(hdev);
2268 cancel_delayed_work_sync(&hdev->service_cache);
2270 __hci_req_update_eir(&req);
2273 __hci_req_update_class(&req);
2275 err = hci_req_run(&req, set_class_complete);
2277 if (err != -ENODATA)
2280 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2281 hdev->dev_class, 3);
2285 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2294 hci_dev_unlock(hdev);
2298 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2301 struct mgmt_cp_load_link_keys *cp = data;
2302 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2303 sizeof(struct mgmt_link_key_info));
2304 u16 key_count, expected_len;
2308 bt_dev_dbg(hdev, "sock %p", sk);
2310 if (!lmp_bredr_capable(hdev))
2311 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2312 MGMT_STATUS_NOT_SUPPORTED);
2314 key_count = __le16_to_cpu(cp->key_count);
2315 if (key_count > max_key_count) {
2316 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2318 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2319 MGMT_STATUS_INVALID_PARAMS);
2322 expected_len = struct_size(cp, keys, key_count);
2323 if (expected_len != len) {
2324 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2326 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2327 MGMT_STATUS_INVALID_PARAMS);
2330 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2331 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2332 MGMT_STATUS_INVALID_PARAMS);
2334 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2337 for (i = 0; i < key_count; i++) {
2338 struct mgmt_link_key_info *key = &cp->keys[i];
2340 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2341 return mgmt_cmd_status(sk, hdev->id,
2342 MGMT_OP_LOAD_LINK_KEYS,
2343 MGMT_STATUS_INVALID_PARAMS);
2348 hci_link_keys_clear(hdev);
2351 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2353 changed = hci_dev_test_and_clear_flag(hdev,
2354 HCI_KEEP_DEBUG_KEYS);
2357 new_settings(hdev, NULL);
2359 for (i = 0; i < key_count; i++) {
2360 struct mgmt_link_key_info *key = &cp->keys[i];
2362 if (hci_is_blocked_key(hdev,
2363 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2365 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2370 /* Always ignore debug keys and require a new pairing if
2371 * the user wants to use them.
2373 if (key->type == HCI_LK_DEBUG_COMBINATION)
2376 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2377 key->type, key->pin_len, NULL);
2380 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2382 hci_dev_unlock(hdev);
2387 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2388 u8 addr_type, struct sock *skip_sk)
2390 struct mgmt_ev_device_unpaired ev;
2392 bacpy(&ev.addr.bdaddr, bdaddr);
2393 ev.addr.type = addr_type;
2395 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2399 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2402 struct mgmt_cp_unpair_device *cp = data;
2403 struct mgmt_rp_unpair_device rp;
2404 struct hci_conn_params *params;
2405 struct mgmt_pending_cmd *cmd;
2406 struct hci_conn *conn;
2410 memset(&rp, 0, sizeof(rp));
2411 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2412 rp.addr.type = cp->addr.type;
2414 if (!bdaddr_type_is_valid(cp->addr.type))
2415 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2416 MGMT_STATUS_INVALID_PARAMS,
2419 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2420 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2421 MGMT_STATUS_INVALID_PARAMS,
2426 if (!hdev_is_powered(hdev)) {
2427 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2428 MGMT_STATUS_NOT_POWERED, &rp,
2433 if (cp->addr.type == BDADDR_BREDR) {
2434 /* If disconnection is requested, then look up the
2435 * connection. If the remote device is connected, it
2436 * will be later used to terminate the link.
2438 * Setting it to NULL explicitly will cause no
2439 * termination of the link.
2442 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2447 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2449 err = mgmt_cmd_complete(sk, hdev->id,
2450 MGMT_OP_UNPAIR_DEVICE,
2451 MGMT_STATUS_NOT_PAIRED, &rp,
2459 /* LE address type */
2460 addr_type = le_addr_type(cp->addr.type);
2462 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2463 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2465 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2466 MGMT_STATUS_NOT_PAIRED, &rp,
2471 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2473 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2478 /* Defer clearing up the connection parameters until closing to
2479 * give a chance of keeping them if a repairing happens.
2481 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2483 /* Disable auto-connection parameters if present */
2484 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2486 if (params->explicit_connect)
2487 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2489 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2492 /* If disconnection is not requested, then clear the connection
2493 * variable so that the link is not terminated.
2495 if (!cp->disconnect)
2499 /* If the connection variable is set, then termination of the
2500 * link is requested.
2503 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2505 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2509 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2516 cmd->cmd_complete = addr_cmd_complete;
2518 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2520 mgmt_pending_remove(cmd);
2523 hci_dev_unlock(hdev);
2527 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2530 struct mgmt_cp_disconnect *cp = data;
2531 struct mgmt_rp_disconnect rp;
2532 struct mgmt_pending_cmd *cmd;
2533 struct hci_conn *conn;
2536 bt_dev_dbg(hdev, "sock %p", sk);
2538 memset(&rp, 0, sizeof(rp));
2539 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2540 rp.addr.type = cp->addr.type;
2542 if (!bdaddr_type_is_valid(cp->addr.type))
2543 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2544 MGMT_STATUS_INVALID_PARAMS,
2549 if (!test_bit(HCI_UP, &hdev->flags)) {
2550 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2551 MGMT_STATUS_NOT_POWERED, &rp,
2556 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2557 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2558 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2562 if (cp->addr.type == BDADDR_BREDR)
2563 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2566 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2567 le_addr_type(cp->addr.type));
2569 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2570 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2571 MGMT_STATUS_NOT_CONNECTED, &rp,
2576 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2582 cmd->cmd_complete = generic_cmd_complete;
2584 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2586 mgmt_pending_remove(cmd);
2589 hci_dev_unlock(hdev);
2593 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2595 switch (link_type) {
2597 switch (addr_type) {
2598 case ADDR_LE_DEV_PUBLIC:
2599 return BDADDR_LE_PUBLIC;
2602 /* Fallback to LE Random address type */
2603 return BDADDR_LE_RANDOM;
2607 /* Fallback to BR/EDR type */
2608 return BDADDR_BREDR;
2612 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2615 struct mgmt_rp_get_connections *rp;
2620 bt_dev_dbg(hdev, "sock %p", sk);
2624 if (!hdev_is_powered(hdev)) {
2625 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2626 MGMT_STATUS_NOT_POWERED);
2631 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2632 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2636 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
2643 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2644 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2646 bacpy(&rp->addr[i].bdaddr, &c->dst);
2647 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2648 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2653 rp->conn_count = cpu_to_le16(i);
2655 /* Recalculate length in case of filtered SCO connections, etc */
2656 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2657 struct_size(rp, addr, i));
2662 hci_dev_unlock(hdev);
2666 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2667 struct mgmt_cp_pin_code_neg_reply *cp)
2669 struct mgmt_pending_cmd *cmd;
2672 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2677 cmd->cmd_complete = addr_cmd_complete;
2679 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2680 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2682 mgmt_pending_remove(cmd);
2687 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2690 struct hci_conn *conn;
2691 struct mgmt_cp_pin_code_reply *cp = data;
2692 struct hci_cp_pin_code_reply reply;
2693 struct mgmt_pending_cmd *cmd;
2696 bt_dev_dbg(hdev, "sock %p", sk);
2700 if (!hdev_is_powered(hdev)) {
2701 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2702 MGMT_STATUS_NOT_POWERED);
2706 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2708 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2709 MGMT_STATUS_NOT_CONNECTED);
2713 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2714 struct mgmt_cp_pin_code_neg_reply ncp;
2716 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2718 bt_dev_err(hdev, "PIN code is not 16 bytes long");
2720 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2722 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2723 MGMT_STATUS_INVALID_PARAMS);
2728 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2734 cmd->cmd_complete = addr_cmd_complete;
2736 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2737 reply.pin_len = cp->pin_len;
2738 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2740 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2742 mgmt_pending_remove(cmd);
2745 hci_dev_unlock(hdev);
2749 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2752 struct mgmt_cp_set_io_capability *cp = data;
2754 bt_dev_dbg(hdev, "sock %p", sk);
2756 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2757 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2758 MGMT_STATUS_INVALID_PARAMS);
2762 hdev->io_capability = cp->io_capability;
2764 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
2766 hci_dev_unlock(hdev);
2768 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2772 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2774 struct hci_dev *hdev = conn->hdev;
2775 struct mgmt_pending_cmd *cmd;
2777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2778 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2781 if (cmd->user_data != conn)
2790 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2792 struct mgmt_rp_pair_device rp;
2793 struct hci_conn *conn = cmd->user_data;
2796 bacpy(&rp.addr.bdaddr, &conn->dst);
2797 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2799 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2800 status, &rp, sizeof(rp));
2802 /* So we don't get further callbacks for this connection */
2803 conn->connect_cfm_cb = NULL;
2804 conn->security_cfm_cb = NULL;
2805 conn->disconn_cfm_cb = NULL;
2807 hci_conn_drop(conn);
2809 /* The device is paired so there is no need to remove
2810 * its connection parameters anymore.
2812 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2819 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2821 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2822 struct mgmt_pending_cmd *cmd;
2824 cmd = find_pairing(conn);
2826 cmd->cmd_complete(cmd, status);
2827 mgmt_pending_remove(cmd);
2831 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2833 struct mgmt_pending_cmd *cmd;
2835 BT_DBG("status %u", status);
2837 cmd = find_pairing(conn);
2839 BT_DBG("Unable to find a pending command");
2843 cmd->cmd_complete(cmd, mgmt_status(status));
2844 mgmt_pending_remove(cmd);
2847 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2849 struct mgmt_pending_cmd *cmd;
2851 BT_DBG("status %u", status);
2856 cmd = find_pairing(conn);
2858 BT_DBG("Unable to find a pending command");
2862 cmd->cmd_complete(cmd, mgmt_status(status));
2863 mgmt_pending_remove(cmd);
2866 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2869 struct mgmt_cp_pair_device *cp = data;
2870 struct mgmt_rp_pair_device rp;
2871 struct mgmt_pending_cmd *cmd;
2872 u8 sec_level, auth_type;
2873 struct hci_conn *conn;
2876 bt_dev_dbg(hdev, "sock %p", sk);
2878 memset(&rp, 0, sizeof(rp));
2879 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2880 rp.addr.type = cp->addr.type;
2882 if (!bdaddr_type_is_valid(cp->addr.type))
2883 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2884 MGMT_STATUS_INVALID_PARAMS,
2887 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2888 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2889 MGMT_STATUS_INVALID_PARAMS,
2894 if (!hdev_is_powered(hdev)) {
2895 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2896 MGMT_STATUS_NOT_POWERED, &rp,
2901 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2902 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2903 MGMT_STATUS_ALREADY_PAIRED, &rp,
2908 sec_level = BT_SECURITY_MEDIUM;
2909 auth_type = HCI_AT_DEDICATED_BONDING;
2911 if (cp->addr.type == BDADDR_BREDR) {
2912 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2915 u8 addr_type = le_addr_type(cp->addr.type);
2916 struct hci_conn_params *p;
2918 /* When pairing a new device, it is expected to remember
2919 * this device for future connections. Adding the connection
2920 * parameter information ahead of time allows tracking
2921 * of the slave preferred values and will speed up any
2922 * further connection establishment.
2924 * If connection parameters already exist, then they
2925 * will be kept and this function does nothing.
2927 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2929 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2930 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2932 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2933 addr_type, sec_level,
2934 HCI_LE_CONN_TIMEOUT);
2940 if (PTR_ERR(conn) == -EBUSY)
2941 status = MGMT_STATUS_BUSY;
2942 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2943 status = MGMT_STATUS_NOT_SUPPORTED;
2944 else if (PTR_ERR(conn) == -ECONNREFUSED)
2945 status = MGMT_STATUS_REJECTED;
2947 status = MGMT_STATUS_CONNECT_FAILED;
2949 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2950 status, &rp, sizeof(rp));
2954 if (conn->connect_cfm_cb) {
2955 hci_conn_drop(conn);
2956 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2957 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2961 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2964 hci_conn_drop(conn);
2968 cmd->cmd_complete = pairing_complete;
2970 /* For LE, just connecting isn't a proof that the pairing finished */
2971 if (cp->addr.type == BDADDR_BREDR) {
2972 conn->connect_cfm_cb = pairing_complete_cb;
2973 conn->security_cfm_cb = pairing_complete_cb;
2974 conn->disconn_cfm_cb = pairing_complete_cb;
2976 conn->connect_cfm_cb = le_pairing_complete_cb;
2977 conn->security_cfm_cb = le_pairing_complete_cb;
2978 conn->disconn_cfm_cb = le_pairing_complete_cb;
2981 conn->io_capability = cp->io_cap;
2982 cmd->user_data = hci_conn_get(conn);
2984 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2985 hci_conn_security(conn, sec_level, auth_type, true)) {
2986 cmd->cmd_complete(cmd, 0);
2987 mgmt_pending_remove(cmd);
2993 hci_dev_unlock(hdev);
2997 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3000 struct mgmt_addr_info *addr = data;
3001 struct mgmt_pending_cmd *cmd;
3002 struct hci_conn *conn;
3005 bt_dev_dbg(hdev, "sock %p", sk);
3009 if (!hdev_is_powered(hdev)) {
3010 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3011 MGMT_STATUS_NOT_POWERED);
3015 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3017 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3018 MGMT_STATUS_INVALID_PARAMS);
3022 conn = cmd->user_data;
3024 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3025 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3026 MGMT_STATUS_INVALID_PARAMS);
3030 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3031 mgmt_pending_remove(cmd);
3033 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3034 addr, sizeof(*addr));
3036 hci_dev_unlock(hdev);
3040 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3041 struct mgmt_addr_info *addr, u16 mgmt_op,
3042 u16 hci_op, __le32 passkey)
3044 struct mgmt_pending_cmd *cmd;
3045 struct hci_conn *conn;
3050 if (!hdev_is_powered(hdev)) {
3051 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3052 MGMT_STATUS_NOT_POWERED, addr,
3057 if (addr->type == BDADDR_BREDR)
3058 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3060 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3061 le_addr_type(addr->type));
3064 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3065 MGMT_STATUS_NOT_CONNECTED, addr,
3070 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3071 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3073 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3074 MGMT_STATUS_SUCCESS, addr,
3077 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3078 MGMT_STATUS_FAILED, addr,
3084 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3090 cmd->cmd_complete = addr_cmd_complete;
3092 /* Continue with pairing via HCI */
3093 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3094 struct hci_cp_user_passkey_reply cp;
3096 bacpy(&cp.bdaddr, &addr->bdaddr);
3097 cp.passkey = passkey;
3098 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3100 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3104 mgmt_pending_remove(cmd);
3107 hci_dev_unlock(hdev);
3111 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3112 void *data, u16 len)
3114 struct mgmt_cp_pin_code_neg_reply *cp = data;
3116 bt_dev_dbg(hdev, "sock %p", sk);
3118 return user_pairing_resp(sk, hdev, &cp->addr,
3119 MGMT_OP_PIN_CODE_NEG_REPLY,
3120 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3123 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3126 struct mgmt_cp_user_confirm_reply *cp = data;
3128 bt_dev_dbg(hdev, "sock %p", sk);
3130 if (len != sizeof(*cp))
3131 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3132 MGMT_STATUS_INVALID_PARAMS);
3134 return user_pairing_resp(sk, hdev, &cp->addr,
3135 MGMT_OP_USER_CONFIRM_REPLY,
3136 HCI_OP_USER_CONFIRM_REPLY, 0);
3139 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3140 void *data, u16 len)
3142 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3144 bt_dev_dbg(hdev, "sock %p", sk);
3146 return user_pairing_resp(sk, hdev, &cp->addr,
3147 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3148 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3151 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3154 struct mgmt_cp_user_passkey_reply *cp = data;
3156 bt_dev_dbg(hdev, "sock %p", sk);
3158 return user_pairing_resp(sk, hdev, &cp->addr,
3159 MGMT_OP_USER_PASSKEY_REPLY,
3160 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3163 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3164 void *data, u16 len)
3166 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3168 bt_dev_dbg(hdev, "sock %p", sk);
3170 return user_pairing_resp(sk, hdev, &cp->addr,
3171 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3172 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3175 static void adv_expire(struct hci_dev *hdev, u32 flags)
3177 struct adv_info *adv_instance;
3178 struct hci_request req;
3181 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3185 /* stop if current instance doesn't need to be changed */
3186 if (!(adv_instance->flags & flags))
3189 cancel_adv_timeout(hdev);
3191 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3195 hci_req_init(&req, hdev);
3196 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3201 hci_req_run(&req, NULL);
3204 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3206 struct mgmt_cp_set_local_name *cp;
3207 struct mgmt_pending_cmd *cmd;
3209 bt_dev_dbg(hdev, "status 0x%02x", status);
3213 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3220 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3221 mgmt_status(status));
3223 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3226 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3227 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3230 mgmt_pending_remove(cmd);
3233 hci_dev_unlock(hdev);
3236 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3239 struct mgmt_cp_set_local_name *cp = data;
3240 struct mgmt_pending_cmd *cmd;
3241 struct hci_request req;
3244 bt_dev_dbg(hdev, "sock %p", sk);
3248 /* If the old values are the same as the new ones just return a
3249 * direct command complete event.
3251 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3252 !memcmp(hdev->short_name, cp->short_name,
3253 sizeof(hdev->short_name))) {
3254 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3259 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3261 if (!hdev_is_powered(hdev)) {
3262 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3264 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3269 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3270 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3271 ext_info_changed(hdev, sk);
3276 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3282 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3284 hci_req_init(&req, hdev);
3286 if (lmp_bredr_capable(hdev)) {
3287 __hci_req_update_name(&req);
3288 __hci_req_update_eir(&req);
3291 /* The name is stored in the scan response data and so
3292 * no need to udpate the advertising data here.
3294 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3295 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3297 err = hci_req_run(&req, set_name_complete);
3299 mgmt_pending_remove(cmd);
3302 hci_dev_unlock(hdev);
3306 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3309 struct mgmt_cp_set_appearance *cp = data;
3313 bt_dev_dbg(hdev, "sock %p", sk);
3315 if (!lmp_le_capable(hdev))
3316 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3317 MGMT_STATUS_NOT_SUPPORTED);
3319 appearance = le16_to_cpu(cp->appearance);
3323 if (hdev->appearance != appearance) {
3324 hdev->appearance = appearance;
3326 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3327 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3329 ext_info_changed(hdev, sk);
3332 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3335 hci_dev_unlock(hdev);
3340 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3341 void *data, u16 len)
3343 struct mgmt_rp_get_phy_confguration rp;
3345 bt_dev_dbg(hdev, "sock %p", sk);
3349 memset(&rp, 0, sizeof(rp));
3351 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3352 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3353 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3355 hci_dev_unlock(hdev);
3357 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3361 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3363 struct mgmt_ev_phy_configuration_changed ev;
3365 memset(&ev, 0, sizeof(ev));
3367 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3369 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3373 static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3374 u16 opcode, struct sk_buff *skb)
3376 struct mgmt_pending_cmd *cmd;
3378 bt_dev_dbg(hdev, "status 0x%02x", status);
3382 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3387 mgmt_cmd_status(cmd->sk, hdev->id,
3388 MGMT_OP_SET_PHY_CONFIGURATION,
3389 mgmt_status(status));
3391 mgmt_cmd_complete(cmd->sk, hdev->id,
3392 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3395 mgmt_phy_configuration_changed(hdev, cmd->sk);
3398 mgmt_pending_remove(cmd);
3401 hci_dev_unlock(hdev);
3404 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3405 void *data, u16 len)
3407 struct mgmt_cp_set_phy_confguration *cp = data;
3408 struct hci_cp_le_set_default_phy cp_phy;
3409 struct mgmt_pending_cmd *cmd;
3410 struct hci_request req;
3411 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3412 u16 pkt_type = (HCI_DH1 | HCI_DM1);
3413 bool changed = false;
3416 bt_dev_dbg(hdev, "sock %p", sk);
3418 configurable_phys = get_configurable_phys(hdev);
3419 supported_phys = get_supported_phys(hdev);
3420 selected_phys = __le32_to_cpu(cp->selected_phys);
3422 if (selected_phys & ~supported_phys)
3423 return mgmt_cmd_status(sk, hdev->id,
3424 MGMT_OP_SET_PHY_CONFIGURATION,
3425 MGMT_STATUS_INVALID_PARAMS);
3427 unconfigure_phys = supported_phys & ~configurable_phys;
3429 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3430 return mgmt_cmd_status(sk, hdev->id,
3431 MGMT_OP_SET_PHY_CONFIGURATION,
3432 MGMT_STATUS_INVALID_PARAMS);
3434 if (selected_phys == get_selected_phys(hdev))
3435 return mgmt_cmd_complete(sk, hdev->id,
3436 MGMT_OP_SET_PHY_CONFIGURATION,
3441 if (!hdev_is_powered(hdev)) {
3442 err = mgmt_cmd_status(sk, hdev->id,
3443 MGMT_OP_SET_PHY_CONFIGURATION,
3444 MGMT_STATUS_REJECTED);
3448 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3449 err = mgmt_cmd_status(sk, hdev->id,
3450 MGMT_OP_SET_PHY_CONFIGURATION,
3455 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3456 pkt_type |= (HCI_DH3 | HCI_DM3);
3458 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3460 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3461 pkt_type |= (HCI_DH5 | HCI_DM5);
3463 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3465 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3466 pkt_type &= ~HCI_2DH1;
3468 pkt_type |= HCI_2DH1;
3470 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3471 pkt_type &= ~HCI_2DH3;
3473 pkt_type |= HCI_2DH3;
3475 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3476 pkt_type &= ~HCI_2DH5;
3478 pkt_type |= HCI_2DH5;
3480 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3481 pkt_type &= ~HCI_3DH1;
3483 pkt_type |= HCI_3DH1;
3485 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3486 pkt_type &= ~HCI_3DH3;
3488 pkt_type |= HCI_3DH3;
3490 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3491 pkt_type &= ~HCI_3DH5;
3493 pkt_type |= HCI_3DH5;
3495 if (pkt_type != hdev->pkt_type) {
3496 hdev->pkt_type = pkt_type;
3500 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3501 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
3503 mgmt_phy_configuration_changed(hdev, sk);
3505 err = mgmt_cmd_complete(sk, hdev->id,
3506 MGMT_OP_SET_PHY_CONFIGURATION,
3512 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3519 hci_req_init(&req, hdev);
3521 memset(&cp_phy, 0, sizeof(cp_phy));
3523 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3524 cp_phy.all_phys |= 0x01;
3526 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3527 cp_phy.all_phys |= 0x02;
3529 if (selected_phys & MGMT_PHY_LE_1M_TX)
3530 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3532 if (selected_phys & MGMT_PHY_LE_2M_TX)
3533 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3535 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3536 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3538 if (selected_phys & MGMT_PHY_LE_1M_RX)
3539 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3541 if (selected_phys & MGMT_PHY_LE_2M_RX)
3542 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3544 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3545 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3547 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3549 err = hci_req_run_skb(&req, set_default_phy_complete);
3551 mgmt_pending_remove(cmd);
3554 hci_dev_unlock(hdev);
3559 static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
3562 int err = MGMT_STATUS_SUCCESS;
3563 struct mgmt_cp_set_blocked_keys *keys = data;
3564 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
3565 sizeof(struct mgmt_blocked_key_info));
3566 u16 key_count, expected_len;
3569 bt_dev_dbg(hdev, "sock %p", sk);
3571 key_count = __le16_to_cpu(keys->key_count);
3572 if (key_count > max_key_count) {
3573 bt_dev_err(hdev, "too big key_count value %u", key_count);
3574 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3575 MGMT_STATUS_INVALID_PARAMS);
3578 expected_len = struct_size(keys, keys, key_count);
3579 if (expected_len != len) {
3580 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
3582 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3583 MGMT_STATUS_INVALID_PARAMS);
3588 hci_blocked_keys_clear(hdev);
3590 for (i = 0; i < keys->key_count; ++i) {
3591 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
3594 err = MGMT_STATUS_NO_RESOURCES;
3598 b->type = keys->keys[i].type;
3599 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
3600 list_add_rcu(&b->list, &hdev->blocked_keys);
3602 hci_dev_unlock(hdev);
3604 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3608 static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
3609 void *data, u16 len)
3611 struct mgmt_mode *cp = data;
3613 bool changed = false;
3615 bt_dev_dbg(hdev, "sock %p", sk);
3617 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
3618 return mgmt_cmd_status(sk, hdev->id,
3619 MGMT_OP_SET_WIDEBAND_SPEECH,
3620 MGMT_STATUS_NOT_SUPPORTED);
3622 if (cp->val != 0x00 && cp->val != 0x01)
3623 return mgmt_cmd_status(sk, hdev->id,
3624 MGMT_OP_SET_WIDEBAND_SPEECH,
3625 MGMT_STATUS_INVALID_PARAMS);
3629 if (pending_find(MGMT_OP_SET_WIDEBAND_SPEECH, hdev)) {
3630 err = mgmt_cmd_status(sk, hdev->id,
3631 MGMT_OP_SET_WIDEBAND_SPEECH,
3636 if (hdev_is_powered(hdev) &&
3637 !!cp->val != hci_dev_test_flag(hdev,
3638 HCI_WIDEBAND_SPEECH_ENABLED)) {
3639 err = mgmt_cmd_status(sk, hdev->id,
3640 MGMT_OP_SET_WIDEBAND_SPEECH,
3641 MGMT_STATUS_REJECTED);
3646 changed = !hci_dev_test_and_set_flag(hdev,
3647 HCI_WIDEBAND_SPEECH_ENABLED);
3649 changed = hci_dev_test_and_clear_flag(hdev,
3650 HCI_WIDEBAND_SPEECH_ENABLED);
3652 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
3657 err = new_settings(hdev, sk);
3660 hci_dev_unlock(hdev);
3664 static int read_security_info(struct sock *sk, struct hci_dev *hdev,
3665 void *data, u16 data_len)
3668 struct mgmt_rp_read_security_info *rp = (void *)buf;
3672 bt_dev_dbg(hdev, "sock %p", sk);
3674 memset(&buf, 0, sizeof(buf));
3678 /* When the Read Simple Pairing Options command is supported, then
3679 * the remote public key validation is supported.
3681 if (hdev->commands[41] & 0x08)
3682 flags |= 0x01; /* Remote public key validation (BR/EDR) */
3684 flags |= 0x02; /* Remote public key validation (LE) */
3686 /* When the Read Encryption Key Size command is supported, then the
3687 * encryption key size is enforced.
3689 if (hdev->commands[20] & 0x10)
3690 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
3692 flags |= 0x08; /* Encryption key size enforcement (LE) */
3694 sec_len = eir_append_data(rp->sec, sec_len, 0x01, &flags, 1);
3696 /* When the Read Simple Pairing Options command is supported, then
3697 * also max encryption key size information is provided.
3699 if (hdev->commands[41] & 0x08)
3700 sec_len = eir_append_le16(rp->sec, sec_len, 0x02,
3701 hdev->max_enc_key_size);
3703 sec_len = eir_append_le16(rp->sec, sec_len, 0x03, SMP_MAX_ENC_KEY_SIZE);
3705 rp->sec_len = cpu_to_le16(sec_len);
3707 hci_dev_unlock(hdev);
3709 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_SECURITY_INFO, 0,
3710 rp, sizeof(*rp) + sec_len);
3713 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3714 u16 opcode, struct sk_buff *skb)
3716 struct mgmt_rp_read_local_oob_data mgmt_rp;
3717 size_t rp_size = sizeof(mgmt_rp);
3718 struct mgmt_pending_cmd *cmd;
3720 bt_dev_dbg(hdev, "status %u", status);
3722 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3726 if (status || !skb) {
3727 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3728 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3732 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3734 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3735 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3737 if (skb->len < sizeof(*rp)) {
3738 mgmt_cmd_status(cmd->sk, hdev->id,
3739 MGMT_OP_READ_LOCAL_OOB_DATA,
3740 MGMT_STATUS_FAILED);
3744 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3745 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3747 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3749 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3751 if (skb->len < sizeof(*rp)) {
3752 mgmt_cmd_status(cmd->sk, hdev->id,
3753 MGMT_OP_READ_LOCAL_OOB_DATA,
3754 MGMT_STATUS_FAILED);
3758 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3759 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3761 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3762 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3765 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3766 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3769 mgmt_pending_remove(cmd);
3772 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3773 void *data, u16 data_len)
3775 struct mgmt_pending_cmd *cmd;
3776 struct hci_request req;
3779 bt_dev_dbg(hdev, "sock %p", sk);
3783 if (!hdev_is_powered(hdev)) {
3784 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3785 MGMT_STATUS_NOT_POWERED);
3789 if (!lmp_ssp_capable(hdev)) {
3790 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3791 MGMT_STATUS_NOT_SUPPORTED);
3795 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3796 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3801 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3807 hci_req_init(&req, hdev);
3809 if (bredr_sc_enabled(hdev))
3810 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3812 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3814 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3816 mgmt_pending_remove(cmd);
3819 hci_dev_unlock(hdev);
3823 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3824 void *data, u16 len)
3826 struct mgmt_addr_info *addr = data;
3829 bt_dev_dbg(hdev, "sock %p", sk);
3831 if (!bdaddr_type_is_valid(addr->type))
3832 return mgmt_cmd_complete(sk, hdev->id,
3833 MGMT_OP_ADD_REMOTE_OOB_DATA,
3834 MGMT_STATUS_INVALID_PARAMS,
3835 addr, sizeof(*addr));
3839 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3840 struct mgmt_cp_add_remote_oob_data *cp = data;
3843 if (cp->addr.type != BDADDR_BREDR) {
3844 err = mgmt_cmd_complete(sk, hdev->id,
3845 MGMT_OP_ADD_REMOTE_OOB_DATA,
3846 MGMT_STATUS_INVALID_PARAMS,
3847 &cp->addr, sizeof(cp->addr));
3851 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3852 cp->addr.type, cp->hash,
3853 cp->rand, NULL, NULL);
3855 status = MGMT_STATUS_FAILED;
3857 status = MGMT_STATUS_SUCCESS;
3859 err = mgmt_cmd_complete(sk, hdev->id,
3860 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3861 &cp->addr, sizeof(cp->addr));
3862 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3863 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3864 u8 *rand192, *hash192, *rand256, *hash256;
3867 if (bdaddr_type_is_le(cp->addr.type)) {
3868 /* Enforce zero-valued 192-bit parameters as
3869 * long as legacy SMP OOB isn't implemented.
3871 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3872 memcmp(cp->hash192, ZERO_KEY, 16)) {
3873 err = mgmt_cmd_complete(sk, hdev->id,
3874 MGMT_OP_ADD_REMOTE_OOB_DATA,
3875 MGMT_STATUS_INVALID_PARAMS,
3876 addr, sizeof(*addr));
3883 /* In case one of the P-192 values is set to zero,
3884 * then just disable OOB data for P-192.
3886 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3887 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3891 rand192 = cp->rand192;
3892 hash192 = cp->hash192;
3896 /* In case one of the P-256 values is set to zero, then just
3897 * disable OOB data for P-256.
3899 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3900 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3904 rand256 = cp->rand256;
3905 hash256 = cp->hash256;
3908 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3909 cp->addr.type, hash192, rand192,
3912 status = MGMT_STATUS_FAILED;
3914 status = MGMT_STATUS_SUCCESS;
3916 err = mgmt_cmd_complete(sk, hdev->id,
3917 MGMT_OP_ADD_REMOTE_OOB_DATA,
3918 status, &cp->addr, sizeof(cp->addr));
3920 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
3922 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3923 MGMT_STATUS_INVALID_PARAMS);
3927 hci_dev_unlock(hdev);
3931 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3932 void *data, u16 len)
3934 struct mgmt_cp_remove_remote_oob_data *cp = data;
3938 bt_dev_dbg(hdev, "sock %p", sk);
3940 if (cp->addr.type != BDADDR_BREDR)
3941 return mgmt_cmd_complete(sk, hdev->id,
3942 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3943 MGMT_STATUS_INVALID_PARAMS,
3944 &cp->addr, sizeof(cp->addr));
3948 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3949 hci_remote_oob_data_clear(hdev);
3950 status = MGMT_STATUS_SUCCESS;
3954 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3956 status = MGMT_STATUS_INVALID_PARAMS;
3958 status = MGMT_STATUS_SUCCESS;
3961 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3962 status, &cp->addr, sizeof(cp->addr));
3964 hci_dev_unlock(hdev);
3968 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3970 struct mgmt_pending_cmd *cmd;
3972 bt_dev_dbg(hdev, "status %d", status);
3976 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3978 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3981 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3984 cmd->cmd_complete(cmd, mgmt_status(status));
3985 mgmt_pending_remove(cmd);
3988 hci_dev_unlock(hdev);
3990 /* Handle suspend notifier */
3991 if (test_and_clear_bit(SUSPEND_UNPAUSE_DISCOVERY,
3992 hdev->suspend_tasks)) {
3993 bt_dev_dbg(hdev, "Unpaused discovery");
3994 wake_up(&hdev->suspend_wait_q);
3998 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3999 uint8_t *mgmt_status)
4002 case DISCOV_TYPE_LE:
4003 *mgmt_status = mgmt_le_support(hdev);
4007 case DISCOV_TYPE_INTERLEAVED:
4008 *mgmt_status = mgmt_le_support(hdev);
4011 /* Intentional fall-through */
4012 case DISCOV_TYPE_BREDR:
4013 *mgmt_status = mgmt_bredr_support(hdev);
4018 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
4025 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
4026 u16 op, void *data, u16 len)
4028 struct mgmt_cp_start_discovery *cp = data;
4029 struct mgmt_pending_cmd *cmd;
4033 bt_dev_dbg(hdev, "sock %p", sk);
4037 if (!hdev_is_powered(hdev)) {
4038 err = mgmt_cmd_complete(sk, hdev->id, op,
4039 MGMT_STATUS_NOT_POWERED,
4040 &cp->type, sizeof(cp->type));
4044 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4045 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4046 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
4047 &cp->type, sizeof(cp->type));
4051 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4052 err = mgmt_cmd_complete(sk, hdev->id, op, status,
4053 &cp->type, sizeof(cp->type));
4057 /* Can't start discovery when it is paused */
4058 if (hdev->discovery_paused) {
4059 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
4060 &cp->type, sizeof(cp->type));
4064 /* Clear the discovery filter first to free any previously
4065 * allocated memory for the UUID list.
4067 hci_discovery_filter_clear(hdev);
4069 hdev->discovery.type = cp->type;
4070 hdev->discovery.report_invalid_rssi = false;
4071 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
4072 hdev->discovery.limited = true;
4074 hdev->discovery.limited = false;
4076 cmd = mgmt_pending_add(sk, op, hdev, data, len);
4082 cmd->cmd_complete = generic_cmd_complete;
4084 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4085 queue_work(hdev->req_workqueue, &hdev->discov_update);
4089 hci_dev_unlock(hdev);
4093 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4094 void *data, u16 len)
4096 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
4100 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
4101 void *data, u16 len)
4103 return start_discovery_internal(sk, hdev,
4104 MGMT_OP_START_LIMITED_DISCOVERY,
4108 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4111 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4115 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4116 void *data, u16 len)
4118 struct mgmt_cp_start_service_discovery *cp = data;
4119 struct mgmt_pending_cmd *cmd;
4120 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4121 u16 uuid_count, expected_len;
4125 bt_dev_dbg(hdev, "sock %p", sk);
4129 if (!hdev_is_powered(hdev)) {
4130 err = mgmt_cmd_complete(sk, hdev->id,
4131 MGMT_OP_START_SERVICE_DISCOVERY,
4132 MGMT_STATUS_NOT_POWERED,
4133 &cp->type, sizeof(cp->type));
4137 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4138 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4139 err = mgmt_cmd_complete(sk, hdev->id,
4140 MGMT_OP_START_SERVICE_DISCOVERY,
4141 MGMT_STATUS_BUSY, &cp->type,
4146 uuid_count = __le16_to_cpu(cp->uuid_count);
4147 if (uuid_count > max_uuid_count) {
4148 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
4150 err = mgmt_cmd_complete(sk, hdev->id,
4151 MGMT_OP_START_SERVICE_DISCOVERY,
4152 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4157 expected_len = sizeof(*cp) + uuid_count * 16;
4158 if (expected_len != len) {
4159 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
4161 err = mgmt_cmd_complete(sk, hdev->id,
4162 MGMT_OP_START_SERVICE_DISCOVERY,
4163 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4168 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4169 err = mgmt_cmd_complete(sk, hdev->id,
4170 MGMT_OP_START_SERVICE_DISCOVERY,
4171 status, &cp->type, sizeof(cp->type));
4175 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4182 cmd->cmd_complete = service_discovery_cmd_complete;
4184 /* Clear the discovery filter first to free any previously
4185 * allocated memory for the UUID list.
4187 hci_discovery_filter_clear(hdev);
4189 hdev->discovery.result_filtering = true;
4190 hdev->discovery.type = cp->type;
4191 hdev->discovery.rssi = cp->rssi;
4192 hdev->discovery.uuid_count = uuid_count;
4194 if (uuid_count > 0) {
4195 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4197 if (!hdev->discovery.uuids) {
4198 err = mgmt_cmd_complete(sk, hdev->id,
4199 MGMT_OP_START_SERVICE_DISCOVERY,
4201 &cp->type, sizeof(cp->type));
4202 mgmt_pending_remove(cmd);
4207 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4208 queue_work(hdev->req_workqueue, &hdev->discov_update);
4212 hci_dev_unlock(hdev);
4216 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
4218 struct mgmt_pending_cmd *cmd;
4220 bt_dev_dbg(hdev, "status %d", status);
4224 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4226 cmd->cmd_complete(cmd, mgmt_status(status));
4227 mgmt_pending_remove(cmd);
4230 hci_dev_unlock(hdev);
4232 /* Handle suspend notifier */
4233 if (test_and_clear_bit(SUSPEND_PAUSE_DISCOVERY, hdev->suspend_tasks)) {
4234 bt_dev_dbg(hdev, "Paused discovery");
4235 wake_up(&hdev->suspend_wait_q);
4239 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4242 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4243 struct mgmt_pending_cmd *cmd;
4246 bt_dev_dbg(hdev, "sock %p", sk);
4250 if (!hci_discovery_active(hdev)) {
4251 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4252 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4253 sizeof(mgmt_cp->type));
4257 if (hdev->discovery.type != mgmt_cp->type) {
4258 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4259 MGMT_STATUS_INVALID_PARAMS,
4260 &mgmt_cp->type, sizeof(mgmt_cp->type));
4264 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4270 cmd->cmd_complete = generic_cmd_complete;
4272 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4273 queue_work(hdev->req_workqueue, &hdev->discov_update);
4277 hci_dev_unlock(hdev);
4281 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4284 struct mgmt_cp_confirm_name *cp = data;
4285 struct inquiry_entry *e;
4288 bt_dev_dbg(hdev, "sock %p", sk);
4292 if (!hci_discovery_active(hdev)) {
4293 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4294 MGMT_STATUS_FAILED, &cp->addr,
4299 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4301 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4302 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4307 if (cp->name_known) {
4308 e->name_state = NAME_KNOWN;
4311 e->name_state = NAME_NEEDED;
4312 hci_inquiry_cache_update_resolve(hdev, e);
4315 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4316 &cp->addr, sizeof(cp->addr));
4319 hci_dev_unlock(hdev);
4323 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4326 struct mgmt_cp_block_device *cp = data;
4330 bt_dev_dbg(hdev, "sock %p", sk);
4332 if (!bdaddr_type_is_valid(cp->addr.type))
4333 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4334 MGMT_STATUS_INVALID_PARAMS,
4335 &cp->addr, sizeof(cp->addr));
4339 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4342 status = MGMT_STATUS_FAILED;
4346 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4348 status = MGMT_STATUS_SUCCESS;
4351 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4352 &cp->addr, sizeof(cp->addr));
4354 hci_dev_unlock(hdev);
4359 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4362 struct mgmt_cp_unblock_device *cp = data;
4366 bt_dev_dbg(hdev, "sock %p", sk);
4368 if (!bdaddr_type_is_valid(cp->addr.type))
4369 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4370 MGMT_STATUS_INVALID_PARAMS,
4371 &cp->addr, sizeof(cp->addr));
4375 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4378 status = MGMT_STATUS_INVALID_PARAMS;
4382 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4384 status = MGMT_STATUS_SUCCESS;
4387 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4388 &cp->addr, sizeof(cp->addr));
4390 hci_dev_unlock(hdev);
4395 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4398 struct mgmt_cp_set_device_id *cp = data;
4399 struct hci_request req;
4403 bt_dev_dbg(hdev, "sock %p", sk);
4405 source = __le16_to_cpu(cp->source);
4407 if (source > 0x0002)
4408 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4409 MGMT_STATUS_INVALID_PARAMS);
4413 hdev->devid_source = source;
4414 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4415 hdev->devid_product = __le16_to_cpu(cp->product);
4416 hdev->devid_version = __le16_to_cpu(cp->version);
4418 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4421 hci_req_init(&req, hdev);
4422 __hci_req_update_eir(&req);
4423 hci_req_run(&req, NULL);
4425 hci_dev_unlock(hdev);
4430 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4433 bt_dev_dbg(hdev, "status %d", status);
4436 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4439 struct cmd_lookup match = { NULL, hdev };
4440 struct hci_request req;
4442 struct adv_info *adv_instance;
4448 u8 mgmt_err = mgmt_status(status);
4450 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4451 cmd_status_rsp, &mgmt_err);
4455 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4456 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4458 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4460 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4463 new_settings(hdev, match.sk);
4468 /* Handle suspend notifier */
4469 if (test_and_clear_bit(SUSPEND_PAUSE_ADVERTISING,
4470 hdev->suspend_tasks)) {
4471 bt_dev_dbg(hdev, "Paused advertising");
4472 wake_up(&hdev->suspend_wait_q);
4473 } else if (test_and_clear_bit(SUSPEND_UNPAUSE_ADVERTISING,
4474 hdev->suspend_tasks)) {
4475 bt_dev_dbg(hdev, "Unpaused advertising");
4476 wake_up(&hdev->suspend_wait_q);
4479 /* If "Set Advertising" was just disabled and instance advertising was
4480 * set up earlier, then re-enable multi-instance advertising.
4482 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4483 list_empty(&hdev->adv_instances))
4486 instance = hdev->cur_adv_instance;
4488 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4489 struct adv_info, list);
4493 instance = adv_instance->instance;
4496 hci_req_init(&req, hdev);
4498 err = __hci_req_schedule_adv_instance(&req, instance, true);
4501 err = hci_req_run(&req, enable_advertising_instance);
4504 bt_dev_err(hdev, "failed to re-configure advertising");
4507 hci_dev_unlock(hdev);
4510 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4513 struct mgmt_mode *cp = data;
4514 struct mgmt_pending_cmd *cmd;
4515 struct hci_request req;
4519 bt_dev_dbg(hdev, "sock %p", sk);
4521 status = mgmt_le_support(hdev);
4523 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4526 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4527 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4528 MGMT_STATUS_INVALID_PARAMS);
4530 if (hdev->advertising_paused)
4531 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4538 /* The following conditions are ones which mean that we should
4539 * not do any HCI communication but directly send a mgmt
4540 * response to user space (after toggling the flag if
4543 if (!hdev_is_powered(hdev) ||
4544 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4545 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4546 hci_conn_num(hdev, LE_LINK) > 0 ||
4547 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4548 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4552 hdev->cur_adv_instance = 0x00;
4553 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4554 if (cp->val == 0x02)
4555 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4557 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4559 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4560 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4563 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4568 err = new_settings(hdev, sk);
4573 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4574 pending_find(MGMT_OP_SET_LE, hdev)) {
4575 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4580 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4586 hci_req_init(&req, hdev);
4588 if (cp->val == 0x02)
4589 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4591 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4593 cancel_adv_timeout(hdev);
4596 /* Switch to instance "0" for the Set Advertising setting.
4597 * We cannot use update_[adv|scan_rsp]_data() here as the
4598 * HCI_ADVERTISING flag is not yet set.
4600 hdev->cur_adv_instance = 0x00;
4602 if (ext_adv_capable(hdev)) {
4603 __hci_req_start_ext_adv(&req, 0x00);
4605 __hci_req_update_adv_data(&req, 0x00);
4606 __hci_req_update_scan_rsp_data(&req, 0x00);
4607 __hci_req_enable_advertising(&req);
4610 __hci_req_disable_advertising(&req);
4613 err = hci_req_run(&req, set_advertising_complete);
4615 mgmt_pending_remove(cmd);
4618 hci_dev_unlock(hdev);
4622 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4623 void *data, u16 len)
4625 struct mgmt_cp_set_static_address *cp = data;
4628 bt_dev_dbg(hdev, "sock %p", sk);
4630 if (!lmp_le_capable(hdev))
4631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4632 MGMT_STATUS_NOT_SUPPORTED);
4634 if (hdev_is_powered(hdev))
4635 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4636 MGMT_STATUS_REJECTED);
4638 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4639 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4640 return mgmt_cmd_status(sk, hdev->id,
4641 MGMT_OP_SET_STATIC_ADDRESS,
4642 MGMT_STATUS_INVALID_PARAMS);
4644 /* Two most significant bits shall be set */
4645 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4646 return mgmt_cmd_status(sk, hdev->id,
4647 MGMT_OP_SET_STATIC_ADDRESS,
4648 MGMT_STATUS_INVALID_PARAMS);
4653 bacpy(&hdev->static_addr, &cp->bdaddr);
4655 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4659 err = new_settings(hdev, sk);
4662 hci_dev_unlock(hdev);
4666 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4667 void *data, u16 len)
4669 struct mgmt_cp_set_scan_params *cp = data;
4670 __u16 interval, window;
4673 bt_dev_dbg(hdev, "sock %p", sk);
4675 if (!lmp_le_capable(hdev))
4676 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4677 MGMT_STATUS_NOT_SUPPORTED);
4679 interval = __le16_to_cpu(cp->interval);
4681 if (interval < 0x0004 || interval > 0x4000)
4682 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4683 MGMT_STATUS_INVALID_PARAMS);
4685 window = __le16_to_cpu(cp->window);
4687 if (window < 0x0004 || window > 0x4000)
4688 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4689 MGMT_STATUS_INVALID_PARAMS);
4691 if (window > interval)
4692 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4693 MGMT_STATUS_INVALID_PARAMS);
4697 hdev->le_scan_interval = interval;
4698 hdev->le_scan_window = window;
4700 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4703 /* If background scan is running, restart it so new parameters are
4706 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4707 hdev->discovery.state == DISCOVERY_STOPPED) {
4708 struct hci_request req;
4710 hci_req_init(&req, hdev);
4712 hci_req_add_le_scan_disable(&req);
4713 hci_req_add_le_passive_scan(&req);
4715 hci_req_run(&req, NULL);
4718 hci_dev_unlock(hdev);
4723 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4726 struct mgmt_pending_cmd *cmd;
4728 bt_dev_dbg(hdev, "status 0x%02x", status);
4732 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4737 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4738 mgmt_status(status));
4740 struct mgmt_mode *cp = cmd->param;
4743 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4745 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4747 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4748 new_settings(hdev, cmd->sk);
4751 mgmt_pending_remove(cmd);
4754 hci_dev_unlock(hdev);
4757 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4758 void *data, u16 len)
4760 struct mgmt_mode *cp = data;
4761 struct mgmt_pending_cmd *cmd;
4762 struct hci_request req;
4765 bt_dev_dbg(hdev, "sock %p", sk);
4767 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4768 hdev->hci_ver < BLUETOOTH_VER_1_2)
4769 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4770 MGMT_STATUS_NOT_SUPPORTED);
4772 if (cp->val != 0x00 && cp->val != 0x01)
4773 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4774 MGMT_STATUS_INVALID_PARAMS);
4778 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4779 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4784 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4785 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4790 if (!hdev_is_powered(hdev)) {
4791 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4792 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4794 new_settings(hdev, sk);
4798 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4805 hci_req_init(&req, hdev);
4807 __hci_req_write_fast_connectable(&req, cp->val);
4809 err = hci_req_run(&req, fast_connectable_complete);
4811 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4812 MGMT_STATUS_FAILED);
4813 mgmt_pending_remove(cmd);
4817 hci_dev_unlock(hdev);
4822 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4824 struct mgmt_pending_cmd *cmd;
4826 bt_dev_dbg(hdev, "status 0x%02x", status);
4830 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4835 u8 mgmt_err = mgmt_status(status);
4837 /* We need to restore the flag if related HCI commands
4840 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4842 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4844 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4845 new_settings(hdev, cmd->sk);
4848 mgmt_pending_remove(cmd);
4851 hci_dev_unlock(hdev);
4854 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4856 struct mgmt_mode *cp = data;
4857 struct mgmt_pending_cmd *cmd;
4858 struct hci_request req;
4861 bt_dev_dbg(hdev, "sock %p", sk);
4863 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4864 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4865 MGMT_STATUS_NOT_SUPPORTED);
4867 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4868 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4869 MGMT_STATUS_REJECTED);
4871 if (cp->val != 0x00 && cp->val != 0x01)
4872 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4873 MGMT_STATUS_INVALID_PARAMS);
4877 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4878 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4882 if (!hdev_is_powered(hdev)) {
4884 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4885 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4886 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4887 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4888 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4891 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4893 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4897 err = new_settings(hdev, sk);
4901 /* Reject disabling when powered on */
4903 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4904 MGMT_STATUS_REJECTED);
4907 /* When configuring a dual-mode controller to operate
4908 * with LE only and using a static address, then switching
4909 * BR/EDR back on is not allowed.
4911 * Dual-mode controllers shall operate with the public
4912 * address as its identity address for BR/EDR and LE. So
4913 * reject the attempt to create an invalid configuration.
4915 * The same restrictions applies when secure connections
4916 * has been enabled. For BR/EDR this is a controller feature
4917 * while for LE it is a host stack feature. This means that
4918 * switching BR/EDR back on when secure connections has been
4919 * enabled is not a supported transaction.
4921 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4922 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4923 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4924 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4925 MGMT_STATUS_REJECTED);
4930 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4931 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4936 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4942 /* We need to flip the bit already here so that
4943 * hci_req_update_adv_data generates the correct flags.
4945 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4947 hci_req_init(&req, hdev);
4949 __hci_req_write_fast_connectable(&req, false);
4950 __hci_req_update_scan(&req);
4952 /* Since only the advertising data flags will change, there
4953 * is no need to update the scan response data.
4955 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4957 err = hci_req_run(&req, set_bredr_complete);
4959 mgmt_pending_remove(cmd);
4962 hci_dev_unlock(hdev);
4966 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4968 struct mgmt_pending_cmd *cmd;
4969 struct mgmt_mode *cp;
4971 bt_dev_dbg(hdev, "status %u", status);
4975 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4980 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4981 mgmt_status(status));
4989 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4990 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4993 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4994 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4997 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4998 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5002 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5003 new_settings(hdev, cmd->sk);
5006 mgmt_pending_remove(cmd);
5008 hci_dev_unlock(hdev);
5011 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5012 void *data, u16 len)
5014 struct mgmt_mode *cp = data;
5015 struct mgmt_pending_cmd *cmd;
5016 struct hci_request req;
5020 bt_dev_dbg(hdev, "sock %p", sk);
5022 if (!lmp_sc_capable(hdev) &&
5023 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5024 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5025 MGMT_STATUS_NOT_SUPPORTED);
5027 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5028 lmp_sc_capable(hdev) &&
5029 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
5030 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5031 MGMT_STATUS_REJECTED);
5033 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5034 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5035 MGMT_STATUS_INVALID_PARAMS);
5039 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5040 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5044 changed = !hci_dev_test_and_set_flag(hdev,
5046 if (cp->val == 0x02)
5047 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5049 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5051 changed = hci_dev_test_and_clear_flag(hdev,
5053 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5056 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5061 err = new_settings(hdev, sk);
5066 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5067 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5074 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5075 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5076 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5080 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5086 hci_req_init(&req, hdev);
5087 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5088 err = hci_req_run(&req, sc_enable_complete);
5090 mgmt_pending_remove(cmd);
5095 hci_dev_unlock(hdev);
5099 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5100 void *data, u16 len)
5102 struct mgmt_mode *cp = data;
5103 bool changed, use_changed;
5106 bt_dev_dbg(hdev, "sock %p", sk);
5108 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5109 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5110 MGMT_STATUS_INVALID_PARAMS);
5115 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5117 changed = hci_dev_test_and_clear_flag(hdev,
5118 HCI_KEEP_DEBUG_KEYS);
5120 if (cp->val == 0x02)
5121 use_changed = !hci_dev_test_and_set_flag(hdev,
5122 HCI_USE_DEBUG_KEYS);
5124 use_changed = hci_dev_test_and_clear_flag(hdev,
5125 HCI_USE_DEBUG_KEYS);
5127 if (hdev_is_powered(hdev) && use_changed &&
5128 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5129 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5130 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5131 sizeof(mode), &mode);
5134 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5139 err = new_settings(hdev, sk);
5142 hci_dev_unlock(hdev);
5146 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5149 struct mgmt_cp_set_privacy *cp = cp_data;
5153 bt_dev_dbg(hdev, "sock %p", sk);
5155 if (!lmp_le_capable(hdev))
5156 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5157 MGMT_STATUS_NOT_SUPPORTED);
5159 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
5160 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5161 MGMT_STATUS_INVALID_PARAMS);
5163 if (hdev_is_powered(hdev))
5164 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5165 MGMT_STATUS_REJECTED);
5169 /* If user space supports this command it is also expected to
5170 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5172 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5175 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
5176 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5177 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5178 hci_adv_instances_set_rpa_expired(hdev, true);
5179 if (cp->privacy == 0x02)
5180 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
5182 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
5184 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
5185 memset(hdev->irk, 0, sizeof(hdev->irk));
5186 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
5187 hci_adv_instances_set_rpa_expired(hdev, false);
5188 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
5191 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5196 err = new_settings(hdev, sk);
5199 hci_dev_unlock(hdev);
5203 static bool irk_is_valid(struct mgmt_irk_info *irk)
5205 switch (irk->addr.type) {
5206 case BDADDR_LE_PUBLIC:
5209 case BDADDR_LE_RANDOM:
5210 /* Two most significant bits shall be set */
5211 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5219 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5222 struct mgmt_cp_load_irks *cp = cp_data;
5223 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5224 sizeof(struct mgmt_irk_info));
5225 u16 irk_count, expected_len;
5228 bt_dev_dbg(hdev, "sock %p", sk);
5230 if (!lmp_le_capable(hdev))
5231 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5232 MGMT_STATUS_NOT_SUPPORTED);
5234 irk_count = __le16_to_cpu(cp->irk_count);
5235 if (irk_count > max_irk_count) {
5236 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
5238 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5239 MGMT_STATUS_INVALID_PARAMS);
5242 expected_len = struct_size(cp, irks, irk_count);
5243 if (expected_len != len) {
5244 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
5246 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5247 MGMT_STATUS_INVALID_PARAMS);
5250 bt_dev_dbg(hdev, "irk_count %u", irk_count);
5252 for (i = 0; i < irk_count; i++) {
5253 struct mgmt_irk_info *key = &cp->irks[i];
5255 if (!irk_is_valid(key))
5256 return mgmt_cmd_status(sk, hdev->id,
5258 MGMT_STATUS_INVALID_PARAMS);
5263 hci_smp_irks_clear(hdev);
5265 for (i = 0; i < irk_count; i++) {
5266 struct mgmt_irk_info *irk = &cp->irks[i];
5268 if (hci_is_blocked_key(hdev,
5269 HCI_BLOCKED_KEY_TYPE_IRK,
5271 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
5276 hci_add_irk(hdev, &irk->addr.bdaddr,
5277 le_addr_type(irk->addr.type), irk->val,
5281 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5283 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5285 hci_dev_unlock(hdev);
5290 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5292 if (key->master != 0x00 && key->master != 0x01)
5295 switch (key->addr.type) {
5296 case BDADDR_LE_PUBLIC:
5299 case BDADDR_LE_RANDOM:
5300 /* Two most significant bits shall be set */
5301 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5309 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5310 void *cp_data, u16 len)
5312 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5313 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5314 sizeof(struct mgmt_ltk_info));
5315 u16 key_count, expected_len;
5318 bt_dev_dbg(hdev, "sock %p", sk);
5320 if (!lmp_le_capable(hdev))
5321 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5322 MGMT_STATUS_NOT_SUPPORTED);
5324 key_count = __le16_to_cpu(cp->key_count);
5325 if (key_count > max_key_count) {
5326 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
5328 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5329 MGMT_STATUS_INVALID_PARAMS);
5332 expected_len = struct_size(cp, keys, key_count);
5333 if (expected_len != len) {
5334 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
5336 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5337 MGMT_STATUS_INVALID_PARAMS);
5340 bt_dev_dbg(hdev, "key_count %u", key_count);
5342 for (i = 0; i < key_count; i++) {
5343 struct mgmt_ltk_info *key = &cp->keys[i];
5345 if (!ltk_is_valid(key))
5346 return mgmt_cmd_status(sk, hdev->id,
5347 MGMT_OP_LOAD_LONG_TERM_KEYS,
5348 MGMT_STATUS_INVALID_PARAMS);
5353 hci_smp_ltks_clear(hdev);
5355 for (i = 0; i < key_count; i++) {
5356 struct mgmt_ltk_info *key = &cp->keys[i];
5357 u8 type, authenticated;
5359 if (hci_is_blocked_key(hdev,
5360 HCI_BLOCKED_KEY_TYPE_LTK,
5362 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
5367 switch (key->type) {
5368 case MGMT_LTK_UNAUTHENTICATED:
5369 authenticated = 0x00;
5370 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5372 case MGMT_LTK_AUTHENTICATED:
5373 authenticated = 0x01;
5374 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5376 case MGMT_LTK_P256_UNAUTH:
5377 authenticated = 0x00;
5378 type = SMP_LTK_P256;
5380 case MGMT_LTK_P256_AUTH:
5381 authenticated = 0x01;
5382 type = SMP_LTK_P256;
5384 case MGMT_LTK_P256_DEBUG:
5385 authenticated = 0x00;
5386 type = SMP_LTK_P256_DEBUG;
5392 hci_add_ltk(hdev, &key->addr.bdaddr,
5393 le_addr_type(key->addr.type), type, authenticated,
5394 key->val, key->enc_size, key->ediv, key->rand);
5397 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5400 hci_dev_unlock(hdev);
5405 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5407 struct hci_conn *conn = cmd->user_data;
5408 struct mgmt_rp_get_conn_info rp;
5411 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5413 if (status == MGMT_STATUS_SUCCESS) {
5414 rp.rssi = conn->rssi;
5415 rp.tx_power = conn->tx_power;
5416 rp.max_tx_power = conn->max_tx_power;
5418 rp.rssi = HCI_RSSI_INVALID;
5419 rp.tx_power = HCI_TX_POWER_INVALID;
5420 rp.max_tx_power = HCI_TX_POWER_INVALID;
5423 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5424 status, &rp, sizeof(rp));
5426 hci_conn_drop(conn);
5432 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5435 struct hci_cp_read_rssi *cp;
5436 struct mgmt_pending_cmd *cmd;
5437 struct hci_conn *conn;
5441 bt_dev_dbg(hdev, "status 0x%02x", hci_status);
5445 /* Commands sent in request are either Read RSSI or Read Transmit Power
5446 * Level so we check which one was last sent to retrieve connection
5447 * handle. Both commands have handle as first parameter so it's safe to
5448 * cast data on the same command struct.
5450 * First command sent is always Read RSSI and we fail only if it fails.
5451 * In other case we simply override error to indicate success as we
5452 * already remembered if TX power value is actually valid.
5454 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5456 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5457 status = MGMT_STATUS_SUCCESS;
5459 status = mgmt_status(hci_status);
5463 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
5467 handle = __le16_to_cpu(cp->handle);
5468 conn = hci_conn_hash_lookup_handle(hdev, handle);
5470 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
5475 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5479 cmd->cmd_complete(cmd, status);
5480 mgmt_pending_remove(cmd);
5483 hci_dev_unlock(hdev);
5486 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5489 struct mgmt_cp_get_conn_info *cp = data;
5490 struct mgmt_rp_get_conn_info rp;
5491 struct hci_conn *conn;
5492 unsigned long conn_info_age;
5495 bt_dev_dbg(hdev, "sock %p", sk);
5497 memset(&rp, 0, sizeof(rp));
5498 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5499 rp.addr.type = cp->addr.type;
5501 if (!bdaddr_type_is_valid(cp->addr.type))
5502 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5503 MGMT_STATUS_INVALID_PARAMS,
5508 if (!hdev_is_powered(hdev)) {
5509 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5510 MGMT_STATUS_NOT_POWERED, &rp,
5515 if (cp->addr.type == BDADDR_BREDR)
5516 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5519 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5521 if (!conn || conn->state != BT_CONNECTED) {
5522 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5523 MGMT_STATUS_NOT_CONNECTED, &rp,
5528 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5529 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5530 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5534 /* To avoid client trying to guess when to poll again for information we
5535 * calculate conn info age as random value between min/max set in hdev.
5537 conn_info_age = hdev->conn_info_min_age +
5538 prandom_u32_max(hdev->conn_info_max_age -
5539 hdev->conn_info_min_age);
5541 /* Query controller to refresh cached values if they are too old or were
5544 if (time_after(jiffies, conn->conn_info_timestamp +
5545 msecs_to_jiffies(conn_info_age)) ||
5546 !conn->conn_info_timestamp) {
5547 struct hci_request req;
5548 struct hci_cp_read_tx_power req_txp_cp;
5549 struct hci_cp_read_rssi req_rssi_cp;
5550 struct mgmt_pending_cmd *cmd;
5552 hci_req_init(&req, hdev);
5553 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5554 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5557 /* For LE links TX power does not change thus we don't need to
5558 * query for it once value is known.
5560 if (!bdaddr_type_is_le(cp->addr.type) ||
5561 conn->tx_power == HCI_TX_POWER_INVALID) {
5562 req_txp_cp.handle = cpu_to_le16(conn->handle);
5563 req_txp_cp.type = 0x00;
5564 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5565 sizeof(req_txp_cp), &req_txp_cp);
5568 /* Max TX power needs to be read only once per connection */
5569 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5570 req_txp_cp.handle = cpu_to_le16(conn->handle);
5571 req_txp_cp.type = 0x01;
5572 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5573 sizeof(req_txp_cp), &req_txp_cp);
5576 err = hci_req_run(&req, conn_info_refresh_complete);
5580 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5587 hci_conn_hold(conn);
5588 cmd->user_data = hci_conn_get(conn);
5589 cmd->cmd_complete = conn_info_cmd_complete;
5591 conn->conn_info_timestamp = jiffies;
5593 /* Cache is valid, just reply with values cached in hci_conn */
5594 rp.rssi = conn->rssi;
5595 rp.tx_power = conn->tx_power;
5596 rp.max_tx_power = conn->max_tx_power;
5598 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5599 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5603 hci_dev_unlock(hdev);
5607 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5609 struct hci_conn *conn = cmd->user_data;
5610 struct mgmt_rp_get_clock_info rp;
5611 struct hci_dev *hdev;
5614 memset(&rp, 0, sizeof(rp));
5615 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5620 hdev = hci_dev_get(cmd->index);
5622 rp.local_clock = cpu_to_le32(hdev->clock);
5627 rp.piconet_clock = cpu_to_le32(conn->clock);
5628 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5632 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5636 hci_conn_drop(conn);
5643 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5645 struct hci_cp_read_clock *hci_cp;
5646 struct mgmt_pending_cmd *cmd;
5647 struct hci_conn *conn;
5649 bt_dev_dbg(hdev, "status %u", status);
5653 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5657 if (hci_cp->which) {
5658 u16 handle = __le16_to_cpu(hci_cp->handle);
5659 conn = hci_conn_hash_lookup_handle(hdev, handle);
5664 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5668 cmd->cmd_complete(cmd, mgmt_status(status));
5669 mgmt_pending_remove(cmd);
5672 hci_dev_unlock(hdev);
5675 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5678 struct mgmt_cp_get_clock_info *cp = data;
5679 struct mgmt_rp_get_clock_info rp;
5680 struct hci_cp_read_clock hci_cp;
5681 struct mgmt_pending_cmd *cmd;
5682 struct hci_request req;
5683 struct hci_conn *conn;
5686 bt_dev_dbg(hdev, "sock %p", sk);
5688 memset(&rp, 0, sizeof(rp));
5689 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5690 rp.addr.type = cp->addr.type;
5692 if (cp->addr.type != BDADDR_BREDR)
5693 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5694 MGMT_STATUS_INVALID_PARAMS,
5699 if (!hdev_is_powered(hdev)) {
5700 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5701 MGMT_STATUS_NOT_POWERED, &rp,
5706 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5707 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5709 if (!conn || conn->state != BT_CONNECTED) {
5710 err = mgmt_cmd_complete(sk, hdev->id,
5711 MGMT_OP_GET_CLOCK_INFO,
5712 MGMT_STATUS_NOT_CONNECTED,
5720 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5726 cmd->cmd_complete = clock_info_cmd_complete;
5728 hci_req_init(&req, hdev);
5730 memset(&hci_cp, 0, sizeof(hci_cp));
5731 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5734 hci_conn_hold(conn);
5735 cmd->user_data = hci_conn_get(conn);
5737 hci_cp.handle = cpu_to_le16(conn->handle);
5738 hci_cp.which = 0x01; /* Piconet clock */
5739 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5742 err = hci_req_run(&req, get_clock_info_complete);
5744 mgmt_pending_remove(cmd);
5747 hci_dev_unlock(hdev);
5751 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5753 struct hci_conn *conn;
5755 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5759 if (conn->dst_type != type)
5762 if (conn->state != BT_CONNECTED)
5768 /* This function requires the caller holds hdev->lock */
5769 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5770 u8 addr_type, u8 auto_connect)
5772 struct hci_conn_params *params;
5774 params = hci_conn_params_add(hdev, addr, addr_type);
5778 if (params->auto_connect == auto_connect)
5781 list_del_init(¶ms->action);
5783 switch (auto_connect) {
5784 case HCI_AUTO_CONN_DISABLED:
5785 case HCI_AUTO_CONN_LINK_LOSS:
5786 /* If auto connect is being disabled when we're trying to
5787 * connect to device, keep connecting.
5789 if (params->explicit_connect)
5790 list_add(¶ms->action, &hdev->pend_le_conns);
5792 case HCI_AUTO_CONN_REPORT:
5793 if (params->explicit_connect)
5794 list_add(¶ms->action, &hdev->pend_le_conns);
5796 list_add(¶ms->action, &hdev->pend_le_reports);
5798 case HCI_AUTO_CONN_DIRECT:
5799 case HCI_AUTO_CONN_ALWAYS:
5800 if (!is_connected(hdev, addr, addr_type))
5801 list_add(¶ms->action, &hdev->pend_le_conns);
5805 params->auto_connect = auto_connect;
5807 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
5808 addr, addr_type, auto_connect);
5813 static void device_added(struct sock *sk, struct hci_dev *hdev,
5814 bdaddr_t *bdaddr, u8 type, u8 action)
5816 struct mgmt_ev_device_added ev;
5818 bacpy(&ev.addr.bdaddr, bdaddr);
5819 ev.addr.type = type;
5822 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5825 static int add_device(struct sock *sk, struct hci_dev *hdev,
5826 void *data, u16 len)
5828 struct mgmt_cp_add_device *cp = data;
5829 u8 auto_conn, addr_type;
5832 bt_dev_dbg(hdev, "sock %p", sk);
5834 if (!bdaddr_type_is_valid(cp->addr.type) ||
5835 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5836 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5837 MGMT_STATUS_INVALID_PARAMS,
5838 &cp->addr, sizeof(cp->addr));
5840 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5841 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5842 MGMT_STATUS_INVALID_PARAMS,
5843 &cp->addr, sizeof(cp->addr));
5847 if (cp->addr.type == BDADDR_BREDR) {
5848 /* Only incoming connections action is supported for now */
5849 if (cp->action != 0x01) {
5850 err = mgmt_cmd_complete(sk, hdev->id,
5852 MGMT_STATUS_INVALID_PARAMS,
5853 &cp->addr, sizeof(cp->addr));
5857 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5862 hci_req_update_scan(hdev);
5867 addr_type = le_addr_type(cp->addr.type);
5869 if (cp->action == 0x02)
5870 auto_conn = HCI_AUTO_CONN_ALWAYS;
5871 else if (cp->action == 0x01)
5872 auto_conn = HCI_AUTO_CONN_DIRECT;
5874 auto_conn = HCI_AUTO_CONN_REPORT;
5876 /* Kernel internally uses conn_params with resolvable private
5877 * address, but Add Device allows only identity addresses.
5878 * Make sure it is enforced before calling
5879 * hci_conn_params_lookup.
5881 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5882 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5883 MGMT_STATUS_INVALID_PARAMS,
5884 &cp->addr, sizeof(cp->addr));
5888 /* If the connection parameters don't exist for this device,
5889 * they will be created and configured with defaults.
5891 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5893 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5894 MGMT_STATUS_FAILED, &cp->addr,
5899 hci_update_background_scan(hdev);
5902 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5904 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5905 MGMT_STATUS_SUCCESS, &cp->addr,
5909 hci_dev_unlock(hdev);
5913 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5914 bdaddr_t *bdaddr, u8 type)
5916 struct mgmt_ev_device_removed ev;
5918 bacpy(&ev.addr.bdaddr, bdaddr);
5919 ev.addr.type = type;
5921 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5924 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5925 void *data, u16 len)
5927 struct mgmt_cp_remove_device *cp = data;
5930 bt_dev_dbg(hdev, "sock %p", sk);
5934 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5935 struct hci_conn_params *params;
5938 if (!bdaddr_type_is_valid(cp->addr.type)) {
5939 err = mgmt_cmd_complete(sk, hdev->id,
5940 MGMT_OP_REMOVE_DEVICE,
5941 MGMT_STATUS_INVALID_PARAMS,
5942 &cp->addr, sizeof(cp->addr));
5946 if (cp->addr.type == BDADDR_BREDR) {
5947 err = hci_bdaddr_list_del(&hdev->whitelist,
5951 err = mgmt_cmd_complete(sk, hdev->id,
5952 MGMT_OP_REMOVE_DEVICE,
5953 MGMT_STATUS_INVALID_PARAMS,
5959 hci_req_update_scan(hdev);
5961 device_removed(sk, hdev, &cp->addr.bdaddr,
5966 addr_type = le_addr_type(cp->addr.type);
5968 /* Kernel internally uses conn_params with resolvable private
5969 * address, but Remove Device allows only identity addresses.
5970 * Make sure it is enforced before calling
5971 * hci_conn_params_lookup.
5973 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5974 err = mgmt_cmd_complete(sk, hdev->id,
5975 MGMT_OP_REMOVE_DEVICE,
5976 MGMT_STATUS_INVALID_PARAMS,
5977 &cp->addr, sizeof(cp->addr));
5981 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5984 err = mgmt_cmd_complete(sk, hdev->id,
5985 MGMT_OP_REMOVE_DEVICE,
5986 MGMT_STATUS_INVALID_PARAMS,
5987 &cp->addr, sizeof(cp->addr));
5991 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5992 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5993 err = mgmt_cmd_complete(sk, hdev->id,
5994 MGMT_OP_REMOVE_DEVICE,
5995 MGMT_STATUS_INVALID_PARAMS,
5996 &cp->addr, sizeof(cp->addr));
6000 list_del(¶ms->action);
6001 list_del(¶ms->list);
6003 hci_update_background_scan(hdev);
6005 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
6007 struct hci_conn_params *p, *tmp;
6008 struct bdaddr_list *b, *btmp;
6010 if (cp->addr.type) {
6011 err = mgmt_cmd_complete(sk, hdev->id,
6012 MGMT_OP_REMOVE_DEVICE,
6013 MGMT_STATUS_INVALID_PARAMS,
6014 &cp->addr, sizeof(cp->addr));
6018 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6019 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6024 hci_req_update_scan(hdev);
6026 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6027 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6029 device_removed(sk, hdev, &p->addr, p->addr_type);
6030 if (p->explicit_connect) {
6031 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
6034 list_del(&p->action);
6039 bt_dev_dbg(hdev, "All LE connection parameters were removed");
6041 hci_update_background_scan(hdev);
6045 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
6046 MGMT_STATUS_SUCCESS, &cp->addr,
6049 hci_dev_unlock(hdev);
6053 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6056 struct mgmt_cp_load_conn_param *cp = data;
6057 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6058 sizeof(struct mgmt_conn_param));
6059 u16 param_count, expected_len;
6062 if (!lmp_le_capable(hdev))
6063 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6064 MGMT_STATUS_NOT_SUPPORTED);
6066 param_count = __le16_to_cpu(cp->param_count);
6067 if (param_count > max_param_count) {
6068 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
6070 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6071 MGMT_STATUS_INVALID_PARAMS);
6074 expected_len = struct_size(cp, params, param_count);
6075 if (expected_len != len) {
6076 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
6078 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6079 MGMT_STATUS_INVALID_PARAMS);
6082 bt_dev_dbg(hdev, "param_count %u", param_count);
6086 hci_conn_params_clear_disabled(hdev);
6088 for (i = 0; i < param_count; i++) {
6089 struct mgmt_conn_param *param = &cp->params[i];
6090 struct hci_conn_params *hci_param;
6091 u16 min, max, latency, timeout;
6094 bt_dev_dbg(hdev, "Adding %pMR (type %u)", ¶m->addr.bdaddr,
6097 if (param->addr.type == BDADDR_LE_PUBLIC) {
6098 addr_type = ADDR_LE_DEV_PUBLIC;
6099 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6100 addr_type = ADDR_LE_DEV_RANDOM;
6102 bt_dev_err(hdev, "ignoring invalid connection parameters");
6106 min = le16_to_cpu(param->min_interval);
6107 max = le16_to_cpu(param->max_interval);
6108 latency = le16_to_cpu(param->latency);
6109 timeout = le16_to_cpu(param->timeout);
6111 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6112 min, max, latency, timeout);
6114 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6115 bt_dev_err(hdev, "ignoring invalid connection parameters");
6119 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
6122 bt_dev_err(hdev, "failed to add connection parameters");
6126 hci_param->conn_min_interval = min;
6127 hci_param->conn_max_interval = max;
6128 hci_param->conn_latency = latency;
6129 hci_param->supervision_timeout = timeout;
6132 hci_dev_unlock(hdev);
6134 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6138 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6139 void *data, u16 len)
6141 struct mgmt_cp_set_external_config *cp = data;
6145 bt_dev_dbg(hdev, "sock %p", sk);
6147 if (hdev_is_powered(hdev))
6148 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6149 MGMT_STATUS_REJECTED);
6151 if (cp->config != 0x00 && cp->config != 0x01)
6152 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6153 MGMT_STATUS_INVALID_PARAMS);
6155 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6156 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6157 MGMT_STATUS_NOT_SUPPORTED);
6162 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6164 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6166 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6173 err = new_options(hdev, sk);
6175 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6176 mgmt_index_removed(hdev);
6178 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6179 hci_dev_set_flag(hdev, HCI_CONFIG);
6180 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6182 queue_work(hdev->req_workqueue, &hdev->power_on);
6184 set_bit(HCI_RAW, &hdev->flags);
6185 mgmt_index_added(hdev);
6190 hci_dev_unlock(hdev);
6194 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6195 void *data, u16 len)
6197 struct mgmt_cp_set_public_address *cp = data;
6201 bt_dev_dbg(hdev, "sock %p", sk);
6203 if (hdev_is_powered(hdev))
6204 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6205 MGMT_STATUS_REJECTED);
6207 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6208 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6209 MGMT_STATUS_INVALID_PARAMS);
6211 if (!hdev->set_bdaddr)
6212 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6213 MGMT_STATUS_NOT_SUPPORTED);
6217 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6218 bacpy(&hdev->public_addr, &cp->bdaddr);
6220 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6227 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6228 err = new_options(hdev, sk);
6230 if (is_configured(hdev)) {
6231 mgmt_index_removed(hdev);
6233 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6235 hci_dev_set_flag(hdev, HCI_CONFIG);
6236 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6238 queue_work(hdev->req_workqueue, &hdev->power_on);
6242 hci_dev_unlock(hdev);
6246 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6247 u16 opcode, struct sk_buff *skb)
6249 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6250 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6251 u8 *h192, *r192, *h256, *r256;
6252 struct mgmt_pending_cmd *cmd;
6256 bt_dev_dbg(hdev, "status %u", status);
6258 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6262 mgmt_cp = cmd->param;
6265 status = mgmt_status(status);
6272 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6273 struct hci_rp_read_local_oob_data *rp;
6275 if (skb->len != sizeof(*rp)) {
6276 status = MGMT_STATUS_FAILED;
6279 status = MGMT_STATUS_SUCCESS;
6280 rp = (void *)skb->data;
6282 eir_len = 5 + 18 + 18;
6289 struct hci_rp_read_local_oob_ext_data *rp;
6291 if (skb->len != sizeof(*rp)) {
6292 status = MGMT_STATUS_FAILED;
6295 status = MGMT_STATUS_SUCCESS;
6296 rp = (void *)skb->data;
6298 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6299 eir_len = 5 + 18 + 18;
6303 eir_len = 5 + 18 + 18 + 18 + 18;
6313 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6320 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6321 hdev->dev_class, 3);
6324 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6325 EIR_SSP_HASH_C192, h192, 16);
6326 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6327 EIR_SSP_RAND_R192, r192, 16);
6331 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6332 EIR_SSP_HASH_C256, h256, 16);
6333 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6334 EIR_SSP_RAND_R256, r256, 16);
6338 mgmt_rp->type = mgmt_cp->type;
6339 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6341 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6342 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6343 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6344 if (err < 0 || status)
6347 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6349 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6350 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6351 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6354 mgmt_pending_remove(cmd);
6357 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6358 struct mgmt_cp_read_local_oob_ext_data *cp)
6360 struct mgmt_pending_cmd *cmd;
6361 struct hci_request req;
6364 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6369 hci_req_init(&req, hdev);
6371 if (bredr_sc_enabled(hdev))
6372 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6374 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6376 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6378 mgmt_pending_remove(cmd);
6385 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6386 void *data, u16 data_len)
6388 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6389 struct mgmt_rp_read_local_oob_ext_data *rp;
6392 u8 status, flags, role, addr[7], hash[16], rand[16];
6395 bt_dev_dbg(hdev, "sock %p", sk);
6397 if (hdev_is_powered(hdev)) {
6399 case BIT(BDADDR_BREDR):
6400 status = mgmt_bredr_support(hdev);
6406 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6407 status = mgmt_le_support(hdev);
6411 eir_len = 9 + 3 + 18 + 18 + 3;
6414 status = MGMT_STATUS_INVALID_PARAMS;
6419 status = MGMT_STATUS_NOT_POWERED;
6423 rp_len = sizeof(*rp) + eir_len;
6424 rp = kmalloc(rp_len, GFP_ATOMIC);
6435 case BIT(BDADDR_BREDR):
6436 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6437 err = read_local_ssp_oob_req(hdev, sk, cp);
6438 hci_dev_unlock(hdev);
6442 status = MGMT_STATUS_FAILED;
6445 eir_len = eir_append_data(rp->eir, eir_len,
6447 hdev->dev_class, 3);
6450 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6451 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6452 smp_generate_oob(hdev, hash, rand) < 0) {
6453 hci_dev_unlock(hdev);
6454 status = MGMT_STATUS_FAILED;
6458 /* This should return the active RPA, but since the RPA
6459 * is only programmed on demand, it is really hard to fill
6460 * this in at the moment. For now disallow retrieving
6461 * local out-of-band data when privacy is in use.
6463 * Returning the identity address will not help here since
6464 * pairing happens before the identity resolving key is
6465 * known and thus the connection establishment happens
6466 * based on the RPA and not the identity address.
6468 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6469 hci_dev_unlock(hdev);
6470 status = MGMT_STATUS_REJECTED;
6474 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6475 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6476 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6477 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6478 memcpy(addr, &hdev->static_addr, 6);
6481 memcpy(addr, &hdev->bdaddr, 6);
6485 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6486 addr, sizeof(addr));
6488 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6493 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6494 &role, sizeof(role));
6496 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6497 eir_len = eir_append_data(rp->eir, eir_len,
6499 hash, sizeof(hash));
6501 eir_len = eir_append_data(rp->eir, eir_len,
6503 rand, sizeof(rand));
6506 flags = mgmt_get_adv_discov_flags(hdev);
6508 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6509 flags |= LE_AD_NO_BREDR;
6511 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6512 &flags, sizeof(flags));
6516 hci_dev_unlock(hdev);
6518 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6520 status = MGMT_STATUS_SUCCESS;
6523 rp->type = cp->type;
6524 rp->eir_len = cpu_to_le16(eir_len);
6526 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6527 status, rp, sizeof(*rp) + eir_len);
6528 if (err < 0 || status)
6531 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6532 rp, sizeof(*rp) + eir_len,
6533 HCI_MGMT_OOB_DATA_EVENTS, sk);
6541 static u32 get_supported_adv_flags(struct hci_dev *hdev)
6545 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6546 flags |= MGMT_ADV_FLAG_DISCOV;
6547 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6548 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6549 flags |= MGMT_ADV_FLAG_APPEARANCE;
6550 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
6552 /* In extended adv TX_POWER returned from Set Adv Param
6553 * will be always valid.
6555 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
6556 ext_adv_capable(hdev))
6557 flags |= MGMT_ADV_FLAG_TX_POWER;
6559 if (ext_adv_capable(hdev)) {
6560 flags |= MGMT_ADV_FLAG_SEC_1M;
6562 if (hdev->le_features[1] & HCI_LE_PHY_2M)
6563 flags |= MGMT_ADV_FLAG_SEC_2M;
6565 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
6566 flags |= MGMT_ADV_FLAG_SEC_CODED;
6572 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6573 void *data, u16 data_len)
6575 struct mgmt_rp_read_adv_features *rp;
6578 struct adv_info *adv_instance;
6579 u32 supported_flags;
6582 bt_dev_dbg(hdev, "sock %p", sk);
6584 if (!lmp_le_capable(hdev))
6585 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6586 MGMT_STATUS_REJECTED);
6590 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
6591 rp = kmalloc(rp_len, GFP_ATOMIC);
6593 hci_dev_unlock(hdev);
6597 supported_flags = get_supported_adv_flags(hdev);
6599 rp->supported_flags = cpu_to_le32(supported_flags);
6600 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6601 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6602 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6603 rp->num_instances = hdev->adv_instance_cnt;
6605 instance = rp->instance;
6606 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6607 *instance = adv_instance->instance;
6611 hci_dev_unlock(hdev);
6613 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6614 MGMT_STATUS_SUCCESS, rp, rp_len);
6621 static u8 calculate_name_len(struct hci_dev *hdev)
6623 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6625 return append_local_name(hdev, buf, 0);
6628 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6631 u8 max_len = HCI_MAX_AD_LENGTH;
6634 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6635 MGMT_ADV_FLAG_LIMITED_DISCOV |
6636 MGMT_ADV_FLAG_MANAGED_FLAGS))
6639 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6642 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6643 max_len -= calculate_name_len(hdev);
6645 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6652 static bool flags_managed(u32 adv_flags)
6654 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6655 MGMT_ADV_FLAG_LIMITED_DISCOV |
6656 MGMT_ADV_FLAG_MANAGED_FLAGS);
6659 static bool tx_power_managed(u32 adv_flags)
6661 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6664 static bool name_managed(u32 adv_flags)
6666 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6669 static bool appearance_managed(u32 adv_flags)
6671 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6674 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6675 u8 len, bool is_adv_data)
6680 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
6685 /* Make sure that the data is correctly formatted. */
6686 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6689 if (data[i + 1] == EIR_FLAGS &&
6690 (!is_adv_data || flags_managed(adv_flags)))
6693 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6696 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6699 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6702 if (data[i + 1] == EIR_APPEARANCE &&
6703 appearance_managed(adv_flags))
6706 /* If the current field length would exceed the total data
6707 * length, then it's invalid.
6709 if (i + cur_len >= len)
6716 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6719 struct mgmt_pending_cmd *cmd;
6720 struct mgmt_cp_add_advertising *cp;
6721 struct mgmt_rp_add_advertising rp;
6722 struct adv_info *adv_instance, *n;
6725 bt_dev_dbg(hdev, "status %d", status);
6729 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6731 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6732 if (!adv_instance->pending)
6736 adv_instance->pending = false;
6740 instance = adv_instance->instance;
6742 if (hdev->cur_adv_instance == instance)
6743 cancel_adv_timeout(hdev);
6745 hci_remove_adv_instance(hdev, instance);
6746 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6753 rp.instance = cp->instance;
6756 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6757 mgmt_status(status));
6759 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6760 mgmt_status(status), &rp, sizeof(rp));
6762 mgmt_pending_remove(cmd);
6765 hci_dev_unlock(hdev);
6768 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6769 void *data, u16 data_len)
6771 struct mgmt_cp_add_advertising *cp = data;
6772 struct mgmt_rp_add_advertising rp;
6774 u32 supported_flags, phy_flags;
6776 u16 timeout, duration;
6777 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6778 u8 schedule_instance = 0;
6779 struct adv_info *next_instance;
6781 struct mgmt_pending_cmd *cmd;
6782 struct hci_request req;
6784 bt_dev_dbg(hdev, "sock %p", sk);
6786 status = mgmt_le_support(hdev);
6788 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6791 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6792 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6793 MGMT_STATUS_INVALID_PARAMS);
6795 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6796 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6797 MGMT_STATUS_INVALID_PARAMS);
6799 flags = __le32_to_cpu(cp->flags);
6800 timeout = __le16_to_cpu(cp->timeout);
6801 duration = __le16_to_cpu(cp->duration);
6803 /* The current implementation only supports a subset of the specified
6804 * flags. Also need to check mutual exclusiveness of sec flags.
6806 supported_flags = get_supported_adv_flags(hdev);
6807 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK;
6808 if (flags & ~supported_flags ||
6809 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
6810 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6811 MGMT_STATUS_INVALID_PARAMS);
6815 if (timeout && !hdev_is_powered(hdev)) {
6816 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6817 MGMT_STATUS_REJECTED);
6821 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6822 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6823 pending_find(MGMT_OP_SET_LE, hdev)) {
6824 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6829 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6830 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6831 cp->scan_rsp_len, false)) {
6832 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6833 MGMT_STATUS_INVALID_PARAMS);
6837 err = hci_add_adv_instance(hdev, cp->instance, flags,
6838 cp->adv_data_len, cp->data,
6840 cp->data + cp->adv_data_len,
6843 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6844 MGMT_STATUS_FAILED);
6848 /* Only trigger an advertising added event if a new instance was
6851 if (hdev->adv_instance_cnt > prev_instance_cnt)
6852 mgmt_advertising_added(sk, hdev, cp->instance);
6854 if (hdev->cur_adv_instance == cp->instance) {
6855 /* If the currently advertised instance is being changed then
6856 * cancel the current advertising and schedule the next
6857 * instance. If there is only one instance then the overridden
6858 * advertising data will be visible right away.
6860 cancel_adv_timeout(hdev);
6862 next_instance = hci_get_next_instance(hdev, cp->instance);
6864 schedule_instance = next_instance->instance;
6865 } else if (!hdev->adv_instance_timeout) {
6866 /* Immediately advertise the new instance if no other
6867 * instance is currently being advertised.
6869 schedule_instance = cp->instance;
6872 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6873 * there is no instance to be advertised then we have no HCI
6874 * communication to make. Simply return.
6876 if (!hdev_is_powered(hdev) ||
6877 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6878 !schedule_instance) {
6879 rp.instance = cp->instance;
6880 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6881 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6885 /* We're good to go, update advertising data, parameters, and start
6888 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6895 hci_req_init(&req, hdev);
6897 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6900 err = hci_req_run(&req, add_advertising_complete);
6903 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6904 MGMT_STATUS_FAILED);
6905 mgmt_pending_remove(cmd);
6909 hci_dev_unlock(hdev);
6914 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6917 struct mgmt_pending_cmd *cmd;
6918 struct mgmt_cp_remove_advertising *cp;
6919 struct mgmt_rp_remove_advertising rp;
6921 bt_dev_dbg(hdev, "status %d", status);
6925 /* A failure status here only means that we failed to disable
6926 * advertising. Otherwise, the advertising instance has been removed,
6927 * so report success.
6929 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6934 rp.instance = cp->instance;
6936 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6938 mgmt_pending_remove(cmd);
6941 hci_dev_unlock(hdev);
6944 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6945 void *data, u16 data_len)
6947 struct mgmt_cp_remove_advertising *cp = data;
6948 struct mgmt_rp_remove_advertising rp;
6949 struct mgmt_pending_cmd *cmd;
6950 struct hci_request req;
6953 bt_dev_dbg(hdev, "sock %p", sk);
6957 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6958 err = mgmt_cmd_status(sk, hdev->id,
6959 MGMT_OP_REMOVE_ADVERTISING,
6960 MGMT_STATUS_INVALID_PARAMS);
6964 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6965 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6966 pending_find(MGMT_OP_SET_LE, hdev)) {
6967 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6972 if (list_empty(&hdev->adv_instances)) {
6973 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6974 MGMT_STATUS_INVALID_PARAMS);
6978 hci_req_init(&req, hdev);
6980 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6982 if (list_empty(&hdev->adv_instances))
6983 __hci_req_disable_advertising(&req);
6985 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6986 * flag is set or the device isn't powered then we have no HCI
6987 * communication to make. Simply return.
6989 if (skb_queue_empty(&req.cmd_q) ||
6990 !hdev_is_powered(hdev) ||
6991 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6992 hci_req_purge(&req);
6993 rp.instance = cp->instance;
6994 err = mgmt_cmd_complete(sk, hdev->id,
6995 MGMT_OP_REMOVE_ADVERTISING,
6996 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7000 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
7007 err = hci_req_run(&req, remove_advertising_complete);
7009 mgmt_pending_remove(cmd);
7012 hci_dev_unlock(hdev);
7017 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
7018 void *data, u16 data_len)
7020 struct mgmt_cp_get_adv_size_info *cp = data;
7021 struct mgmt_rp_get_adv_size_info rp;
7022 u32 flags, supported_flags;
7025 bt_dev_dbg(hdev, "sock %p", sk);
7027 if (!lmp_le_capable(hdev))
7028 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7029 MGMT_STATUS_REJECTED);
7031 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
7032 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7033 MGMT_STATUS_INVALID_PARAMS);
7035 flags = __le32_to_cpu(cp->flags);
7037 /* The current implementation only supports a subset of the specified
7040 supported_flags = get_supported_adv_flags(hdev);
7041 if (flags & ~supported_flags)
7042 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7043 MGMT_STATUS_INVALID_PARAMS);
7045 rp.instance = cp->instance;
7046 rp.flags = cp->flags;
7047 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
7048 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
7050 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7051 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7056 static const struct hci_mgmt_handler mgmt_handlers[] = {
7057 { NULL }, /* 0x0000 (no command) */
7058 { read_version, MGMT_READ_VERSION_SIZE,
7060 HCI_MGMT_UNTRUSTED },
7061 { read_commands, MGMT_READ_COMMANDS_SIZE,
7063 HCI_MGMT_UNTRUSTED },
7064 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
7066 HCI_MGMT_UNTRUSTED },
7067 { read_controller_info, MGMT_READ_INFO_SIZE,
7068 HCI_MGMT_UNTRUSTED },
7069 { set_powered, MGMT_SETTING_SIZE },
7070 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
7071 { set_connectable, MGMT_SETTING_SIZE },
7072 { set_fast_connectable, MGMT_SETTING_SIZE },
7073 { set_bondable, MGMT_SETTING_SIZE },
7074 { set_link_security, MGMT_SETTING_SIZE },
7075 { set_ssp, MGMT_SETTING_SIZE },
7076 { set_hs, MGMT_SETTING_SIZE },
7077 { set_le, MGMT_SETTING_SIZE },
7078 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
7079 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
7080 { add_uuid, MGMT_ADD_UUID_SIZE },
7081 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
7082 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
7084 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
7086 { disconnect, MGMT_DISCONNECT_SIZE },
7087 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
7088 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
7089 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7090 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
7091 { pair_device, MGMT_PAIR_DEVICE_SIZE },
7092 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7093 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
7094 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
7095 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7096 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
7097 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
7098 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7099 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
7101 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7102 { start_discovery, MGMT_START_DISCOVERY_SIZE },
7103 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
7104 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
7105 { block_device, MGMT_BLOCK_DEVICE_SIZE },
7106 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
7107 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
7108 { set_advertising, MGMT_SETTING_SIZE },
7109 { set_bredr, MGMT_SETTING_SIZE },
7110 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
7111 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
7112 { set_secure_conn, MGMT_SETTING_SIZE },
7113 { set_debug_keys, MGMT_SETTING_SIZE },
7114 { set_privacy, MGMT_SET_PRIVACY_SIZE },
7115 { load_irks, MGMT_LOAD_IRKS_SIZE,
7117 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
7118 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
7119 { add_device, MGMT_ADD_DEVICE_SIZE },
7120 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
7121 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
7123 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
7125 HCI_MGMT_UNTRUSTED },
7126 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
7127 HCI_MGMT_UNCONFIGURED |
7128 HCI_MGMT_UNTRUSTED },
7129 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
7130 HCI_MGMT_UNCONFIGURED },
7131 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
7132 HCI_MGMT_UNCONFIGURED },
7133 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7135 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
7136 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
7138 HCI_MGMT_UNTRUSTED },
7139 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
7140 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7142 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
7143 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
7144 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
7145 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
7146 HCI_MGMT_UNTRUSTED },
7147 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
7148 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
7149 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
7150 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
7152 { set_wideband_speech, MGMT_SETTING_SIZE },
7153 { read_security_info, MGMT_READ_SECURITY_INFO_SIZE,
7154 HCI_MGMT_UNTRUSTED },
7157 void mgmt_index_added(struct hci_dev *hdev)
7159 struct mgmt_ev_ext_index ev;
7161 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7164 switch (hdev->dev_type) {
7166 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7167 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7168 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7171 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7172 HCI_MGMT_INDEX_EVENTS);
7185 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7186 HCI_MGMT_EXT_INDEX_EVENTS);
7189 void mgmt_index_removed(struct hci_dev *hdev)
7191 struct mgmt_ev_ext_index ev;
7192 u8 status = MGMT_STATUS_INVALID_INDEX;
7194 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7197 switch (hdev->dev_type) {
7199 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7201 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7202 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7203 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7206 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7207 HCI_MGMT_INDEX_EVENTS);
7220 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7221 HCI_MGMT_EXT_INDEX_EVENTS);
7224 /* This function requires the caller holds hdev->lock */
7225 static void restart_le_actions(struct hci_dev *hdev)
7227 struct hci_conn_params *p;
7229 list_for_each_entry(p, &hdev->le_conn_params, list) {
7230 /* Needed for AUTO_OFF case where might not "really"
7231 * have been powered off.
7233 list_del_init(&p->action);
7235 switch (p->auto_connect) {
7236 case HCI_AUTO_CONN_DIRECT:
7237 case HCI_AUTO_CONN_ALWAYS:
7238 list_add(&p->action, &hdev->pend_le_conns);
7240 case HCI_AUTO_CONN_REPORT:
7241 list_add(&p->action, &hdev->pend_le_reports);
7249 void mgmt_power_on(struct hci_dev *hdev, int err)
7251 struct cmd_lookup match = { NULL, hdev };
7253 bt_dev_dbg(hdev, "err %d", err);
7258 restart_le_actions(hdev);
7259 hci_update_background_scan(hdev);
7262 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7264 new_settings(hdev, match.sk);
7269 hci_dev_unlock(hdev);
7272 void __mgmt_power_off(struct hci_dev *hdev)
7274 struct cmd_lookup match = { NULL, hdev };
7275 u8 status, zero_cod[] = { 0, 0, 0 };
7277 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7279 /* If the power off is because of hdev unregistration let
7280 * use the appropriate INVALID_INDEX status. Otherwise use
7281 * NOT_POWERED. We cover both scenarios here since later in
7282 * mgmt_index_removed() any hci_conn callbacks will have already
7283 * been triggered, potentially causing misleading DISCONNECTED
7286 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7287 status = MGMT_STATUS_INVALID_INDEX;
7289 status = MGMT_STATUS_NOT_POWERED;
7291 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7293 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
7294 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7295 zero_cod, sizeof(zero_cod),
7296 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7297 ext_info_changed(hdev, NULL);
7300 new_settings(hdev, match.sk);
7306 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7308 struct mgmt_pending_cmd *cmd;
7311 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7315 if (err == -ERFKILL)
7316 status = MGMT_STATUS_RFKILLED;
7318 status = MGMT_STATUS_FAILED;
7320 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7322 mgmt_pending_remove(cmd);
7325 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7328 struct mgmt_ev_new_link_key ev;
7330 memset(&ev, 0, sizeof(ev));
7332 ev.store_hint = persistent;
7333 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7334 ev.key.addr.type = BDADDR_BREDR;
7335 ev.key.type = key->type;
7336 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7337 ev.key.pin_len = key->pin_len;
7339 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7342 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7344 switch (ltk->type) {
7347 if (ltk->authenticated)
7348 return MGMT_LTK_AUTHENTICATED;
7349 return MGMT_LTK_UNAUTHENTICATED;
7351 if (ltk->authenticated)
7352 return MGMT_LTK_P256_AUTH;
7353 return MGMT_LTK_P256_UNAUTH;
7354 case SMP_LTK_P256_DEBUG:
7355 return MGMT_LTK_P256_DEBUG;
7358 return MGMT_LTK_UNAUTHENTICATED;
7361 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7363 struct mgmt_ev_new_long_term_key ev;
7365 memset(&ev, 0, sizeof(ev));
7367 /* Devices using resolvable or non-resolvable random addresses
7368 * without providing an identity resolving key don't require
7369 * to store long term keys. Their addresses will change the
7372 * Only when a remote device provides an identity address
7373 * make sure the long term key is stored. If the remote
7374 * identity is known, the long term keys are internally
7375 * mapped to the identity address. So allow static random
7376 * and public addresses here.
7378 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7379 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7380 ev.store_hint = 0x00;
7382 ev.store_hint = persistent;
7384 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7385 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7386 ev.key.type = mgmt_ltk_type(key);
7387 ev.key.enc_size = key->enc_size;
7388 ev.key.ediv = key->ediv;
7389 ev.key.rand = key->rand;
7391 if (key->type == SMP_LTK)
7394 /* Make sure we copy only the significant bytes based on the
7395 * encryption key size, and set the rest of the value to zeroes.
7397 memcpy(ev.key.val, key->val, key->enc_size);
7398 memset(ev.key.val + key->enc_size, 0,
7399 sizeof(ev.key.val) - key->enc_size);
7401 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7404 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
7406 struct mgmt_ev_new_irk ev;
7408 memset(&ev, 0, sizeof(ev));
7410 ev.store_hint = persistent;
7412 bacpy(&ev.rpa, &irk->rpa);
7413 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7414 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7415 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7417 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7420 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7423 struct mgmt_ev_new_csrk ev;
7425 memset(&ev, 0, sizeof(ev));
7427 /* Devices using resolvable or non-resolvable random addresses
7428 * without providing an identity resolving key don't require
7429 * to store signature resolving keys. Their addresses will change
7430 * the next time around.
7432 * Only when a remote device provides an identity address
7433 * make sure the signature resolving key is stored. So allow
7434 * static random and public addresses here.
7436 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7437 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7438 ev.store_hint = 0x00;
7440 ev.store_hint = persistent;
7442 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7443 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7444 ev.key.type = csrk->type;
7445 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7447 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7450 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7451 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7452 u16 max_interval, u16 latency, u16 timeout)
7454 struct mgmt_ev_new_conn_param ev;
7456 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7459 memset(&ev, 0, sizeof(ev));
7460 bacpy(&ev.addr.bdaddr, bdaddr);
7461 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7462 ev.store_hint = store_hint;
7463 ev.min_interval = cpu_to_le16(min_interval);
7464 ev.max_interval = cpu_to_le16(max_interval);
7465 ev.latency = cpu_to_le16(latency);
7466 ev.timeout = cpu_to_le16(timeout);
7468 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7471 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7472 u32 flags, u8 *name, u8 name_len)
7475 struct mgmt_ev_device_connected *ev = (void *) buf;
7478 bacpy(&ev->addr.bdaddr, &conn->dst);
7479 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7481 ev->flags = __cpu_to_le32(flags);
7483 /* We must ensure that the EIR Data fields are ordered and
7484 * unique. Keep it simple for now and avoid the problem by not
7485 * adding any BR/EDR data to the LE adv.
7487 if (conn->le_adv_data_len > 0) {
7488 memcpy(&ev->eir[eir_len],
7489 conn->le_adv_data, conn->le_adv_data_len);
7490 eir_len = conn->le_adv_data_len;
7493 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7496 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7497 eir_len = eir_append_data(ev->eir, eir_len,
7499 conn->dev_class, 3);
7502 ev->eir_len = cpu_to_le16(eir_len);
7504 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7505 sizeof(*ev) + eir_len, NULL);
7508 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7510 struct sock **sk = data;
7512 cmd->cmd_complete(cmd, 0);
7517 mgmt_pending_remove(cmd);
7520 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7522 struct hci_dev *hdev = data;
7523 struct mgmt_cp_unpair_device *cp = cmd->param;
7525 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7527 cmd->cmd_complete(cmd, 0);
7528 mgmt_pending_remove(cmd);
7531 bool mgmt_powering_down(struct hci_dev *hdev)
7533 struct mgmt_pending_cmd *cmd;
7534 struct mgmt_mode *cp;
7536 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7547 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7548 u8 link_type, u8 addr_type, u8 reason,
7549 bool mgmt_connected)
7551 struct mgmt_ev_device_disconnected ev;
7552 struct sock *sk = NULL;
7554 /* The connection is still in hci_conn_hash so test for 1
7555 * instead of 0 to know if this is the last one.
7557 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7558 cancel_delayed_work(&hdev->power_off);
7559 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7562 if (!mgmt_connected)
7565 if (link_type != ACL_LINK && link_type != LE_LINK)
7568 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
7570 bacpy(&ev.addr.bdaddr, bdaddr);
7571 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7574 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
7579 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7583 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7584 u8 link_type, u8 addr_type, u8 status)
7586 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7587 struct mgmt_cp_disconnect *cp;
7588 struct mgmt_pending_cmd *cmd;
7590 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7593 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
7599 if (bacmp(bdaddr, &cp->addr.bdaddr))
7602 if (cp->addr.type != bdaddr_type)
7605 cmd->cmd_complete(cmd, mgmt_status(status));
7606 mgmt_pending_remove(cmd);
7609 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7610 u8 addr_type, u8 status)
7612 struct mgmt_ev_connect_failed ev;
7614 /* The connection is still in hci_conn_hash so test for 1
7615 * instead of 0 to know if this is the last one.
7617 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7618 cancel_delayed_work(&hdev->power_off);
7619 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7622 bacpy(&ev.addr.bdaddr, bdaddr);
7623 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7624 ev.status = mgmt_status(status);
7626 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7629 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7631 struct mgmt_ev_pin_code_request ev;
7633 bacpy(&ev.addr.bdaddr, bdaddr);
7634 ev.addr.type = BDADDR_BREDR;
7637 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7640 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7643 struct mgmt_pending_cmd *cmd;
7645 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7649 cmd->cmd_complete(cmd, mgmt_status(status));
7650 mgmt_pending_remove(cmd);
7653 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7656 struct mgmt_pending_cmd *cmd;
7658 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7662 cmd->cmd_complete(cmd, mgmt_status(status));
7663 mgmt_pending_remove(cmd);
7666 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7667 u8 link_type, u8 addr_type, u32 value,
7670 struct mgmt_ev_user_confirm_request ev;
7672 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
7674 bacpy(&ev.addr.bdaddr, bdaddr);
7675 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7676 ev.confirm_hint = confirm_hint;
7677 ev.value = cpu_to_le32(value);
7679 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7683 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7684 u8 link_type, u8 addr_type)
7686 struct mgmt_ev_user_passkey_request ev;
7688 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
7690 bacpy(&ev.addr.bdaddr, bdaddr);
7691 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7693 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7697 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7698 u8 link_type, u8 addr_type, u8 status,
7701 struct mgmt_pending_cmd *cmd;
7703 cmd = pending_find(opcode, hdev);
7707 cmd->cmd_complete(cmd, mgmt_status(status));
7708 mgmt_pending_remove(cmd);
7713 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7714 u8 link_type, u8 addr_type, u8 status)
7716 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7717 status, MGMT_OP_USER_CONFIRM_REPLY);
7720 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7721 u8 link_type, u8 addr_type, u8 status)
7723 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7725 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7728 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7729 u8 link_type, u8 addr_type, u8 status)
7731 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7732 status, MGMT_OP_USER_PASSKEY_REPLY);
7735 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7736 u8 link_type, u8 addr_type, u8 status)
7738 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7740 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7743 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7744 u8 link_type, u8 addr_type, u32 passkey,
7747 struct mgmt_ev_passkey_notify ev;
7749 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
7751 bacpy(&ev.addr.bdaddr, bdaddr);
7752 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7753 ev.passkey = __cpu_to_le32(passkey);
7754 ev.entered = entered;
7756 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7759 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7761 struct mgmt_ev_auth_failed ev;
7762 struct mgmt_pending_cmd *cmd;
7763 u8 status = mgmt_status(hci_status);
7765 bacpy(&ev.addr.bdaddr, &conn->dst);
7766 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7769 cmd = find_pairing(conn);
7771 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7772 cmd ? cmd->sk : NULL);
7775 cmd->cmd_complete(cmd, status);
7776 mgmt_pending_remove(cmd);
7780 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7782 struct cmd_lookup match = { NULL, hdev };
7786 u8 mgmt_err = mgmt_status(status);
7787 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7788 cmd_status_rsp, &mgmt_err);
7792 if (test_bit(HCI_AUTH, &hdev->flags))
7793 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7795 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7797 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7801 new_settings(hdev, match.sk);
7807 static void clear_eir(struct hci_request *req)
7809 struct hci_dev *hdev = req->hdev;
7810 struct hci_cp_write_eir cp;
7812 if (!lmp_ext_inq_capable(hdev))
7815 memset(hdev->eir, 0, sizeof(hdev->eir));
7817 memset(&cp, 0, sizeof(cp));
7819 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7822 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7824 struct cmd_lookup match = { NULL, hdev };
7825 struct hci_request req;
7826 bool changed = false;
7829 u8 mgmt_err = mgmt_status(status);
7831 if (enable && hci_dev_test_and_clear_flag(hdev,
7833 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7834 new_settings(hdev, NULL);
7837 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7843 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7845 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7847 changed = hci_dev_test_and_clear_flag(hdev,
7850 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7853 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7856 new_settings(hdev, match.sk);
7861 hci_req_init(&req, hdev);
7863 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7864 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7865 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7866 sizeof(enable), &enable);
7867 __hci_req_update_eir(&req);
7872 hci_req_run(&req, NULL);
7875 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7877 struct cmd_lookup *match = data;
7879 if (match->sk == NULL) {
7880 match->sk = cmd->sk;
7881 sock_hold(match->sk);
7885 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7888 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7890 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7891 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7892 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7895 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7896 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7897 ext_info_changed(hdev, NULL);
7904 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7906 struct mgmt_cp_set_local_name ev;
7907 struct mgmt_pending_cmd *cmd;
7912 memset(&ev, 0, sizeof(ev));
7913 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7914 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7916 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7918 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7920 /* If this is a HCI command related to powering on the
7921 * HCI dev don't send any mgmt signals.
7923 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7927 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7928 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7929 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7932 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7936 for (i = 0; i < uuid_count; i++) {
7937 if (!memcmp(uuid, uuids[i], 16))
7944 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7948 while (parsed < eir_len) {
7949 u8 field_len = eir[0];
7956 if (eir_len - parsed < field_len + 1)
7960 case EIR_UUID16_ALL:
7961 case EIR_UUID16_SOME:
7962 for (i = 0; i + 3 <= field_len; i += 2) {
7963 memcpy(uuid, bluetooth_base_uuid, 16);
7964 uuid[13] = eir[i + 3];
7965 uuid[12] = eir[i + 2];
7966 if (has_uuid(uuid, uuid_count, uuids))
7970 case EIR_UUID32_ALL:
7971 case EIR_UUID32_SOME:
7972 for (i = 0; i + 5 <= field_len; i += 4) {
7973 memcpy(uuid, bluetooth_base_uuid, 16);
7974 uuid[15] = eir[i + 5];
7975 uuid[14] = eir[i + 4];
7976 uuid[13] = eir[i + 3];
7977 uuid[12] = eir[i + 2];
7978 if (has_uuid(uuid, uuid_count, uuids))
7982 case EIR_UUID128_ALL:
7983 case EIR_UUID128_SOME:
7984 for (i = 0; i + 17 <= field_len; i += 16) {
7985 memcpy(uuid, eir + i + 2, 16);
7986 if (has_uuid(uuid, uuid_count, uuids))
7992 parsed += field_len + 1;
7993 eir += field_len + 1;
7999 static void restart_le_scan(struct hci_dev *hdev)
8001 /* If controller is not scanning we are done. */
8002 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
8005 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8006 hdev->discovery.scan_start +
8007 hdev->discovery.scan_duration))
8010 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
8011 DISCOV_LE_RESTART_DELAY);
8014 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8015 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8017 /* If a RSSI threshold has been specified, and
8018 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
8019 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
8020 * is set, let it through for further processing, as we might need to
8023 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
8024 * the results are also dropped.
8026 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8027 (rssi == HCI_RSSI_INVALID ||
8028 (rssi < hdev->discovery.rssi &&
8029 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
8032 if (hdev->discovery.uuid_count != 0) {
8033 /* If a list of UUIDs is provided in filter, results with no
8034 * matching UUID should be dropped.
8036 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8037 hdev->discovery.uuids) &&
8038 !eir_has_uuids(scan_rsp, scan_rsp_len,
8039 hdev->discovery.uuid_count,
8040 hdev->discovery.uuids))
8044 /* If duplicate filtering does not report RSSI changes, then restart
8045 * scanning to ensure updated result with updated RSSI values.
8047 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8048 restart_le_scan(hdev);
8050 /* Validate RSSI value against the RSSI threshold once more. */
8051 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8052 rssi < hdev->discovery.rssi)
8059 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8060 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8061 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8064 struct mgmt_ev_device_found *ev = (void *)buf;
8067 /* Don't send events for a non-kernel initiated discovery. With
8068 * LE one exception is if we have pend_le_reports > 0 in which
8069 * case we're doing passive scanning and want these events.
8071 if (!hci_discovery_active(hdev)) {
8072 if (link_type == ACL_LINK)
8074 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8078 if (hdev->discovery.result_filtering) {
8079 /* We are using service discovery */
8080 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8085 if (hdev->discovery.limited) {
8086 /* Check for limited discoverable bit */
8088 if (!(dev_class[1] & 0x20))
8091 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
8092 if (!flags || !(flags[0] & LE_AD_LIMITED))
8097 /* Make sure that the buffer is big enough. The 5 extra bytes
8098 * are for the potential CoD field.
8100 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
8103 memset(buf, 0, sizeof(buf));
8105 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8106 * RSSI value was reported as 0 when not available. This behavior
8107 * is kept when using device discovery. This is required for full
8108 * backwards compatibility with the API.
8110 * However when using service discovery, the value 127 will be
8111 * returned when the RSSI is not available.
8113 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8114 link_type == ACL_LINK)
8117 bacpy(&ev->addr.bdaddr, bdaddr);
8118 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8120 ev->flags = cpu_to_le32(flags);
8123 /* Copy EIR or advertising data into event */
8124 memcpy(ev->eir, eir, eir_len);
8126 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8128 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8131 if (scan_rsp_len > 0)
8132 /* Append scan response data to event */
8133 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8135 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8136 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
8138 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
8141 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8142 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
8144 struct mgmt_ev_device_found *ev;
8145 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8148 ev = (struct mgmt_ev_device_found *) buf;
8150 memset(buf, 0, sizeof(buf));
8152 bacpy(&ev->addr.bdaddr, bdaddr);
8153 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8156 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8159 ev->eir_len = cpu_to_le16(eir_len);
8161 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
8164 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
8166 struct mgmt_ev_discovering ev;
8168 bt_dev_dbg(hdev, "discovering %u", discovering);
8170 memset(&ev, 0, sizeof(ev));
8171 ev.type = hdev->discovery.type;
8172 ev.discovering = discovering;
8174 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8177 static struct hci_mgmt_chan chan = {
8178 .channel = HCI_CHANNEL_CONTROL,
8179 .handler_count = ARRAY_SIZE(mgmt_handlers),
8180 .handlers = mgmt_handlers,
8181 .hdev_init = mgmt_init_hdev,
8186 return hci_mgmt_chan_register(&chan);
8189 void mgmt_exit(void)
8191 hci_mgmt_chan_unregister(&chan);
projects / linux-2.6-microblaze.git / blob