2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 14
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
111 static const u16 mgmt_events[] = {
112 MGMT_EV_CONTROLLER_ERROR,
114 MGMT_EV_INDEX_REMOVED,
115 MGMT_EV_NEW_SETTINGS,
116 MGMT_EV_CLASS_OF_DEV_CHANGED,
117 MGMT_EV_LOCAL_NAME_CHANGED,
118 MGMT_EV_NEW_LINK_KEY,
119 MGMT_EV_NEW_LONG_TERM_KEY,
120 MGMT_EV_DEVICE_CONNECTED,
121 MGMT_EV_DEVICE_DISCONNECTED,
122 MGMT_EV_CONNECT_FAILED,
123 MGMT_EV_PIN_CODE_REQUEST,
124 MGMT_EV_USER_CONFIRM_REQUEST,
125 MGMT_EV_USER_PASSKEY_REQUEST,
127 MGMT_EV_DEVICE_FOUND,
129 MGMT_EV_DEVICE_BLOCKED,
130 MGMT_EV_DEVICE_UNBLOCKED,
131 MGMT_EV_DEVICE_UNPAIRED,
132 MGMT_EV_PASSKEY_NOTIFY,
135 MGMT_EV_DEVICE_ADDED,
136 MGMT_EV_DEVICE_REMOVED,
137 MGMT_EV_NEW_CONN_PARAM,
138 MGMT_EV_UNCONF_INDEX_ADDED,
139 MGMT_EV_UNCONF_INDEX_REMOVED,
140 MGMT_EV_NEW_CONFIG_OPTIONS,
141 MGMT_EV_EXT_INDEX_ADDED,
142 MGMT_EV_EXT_INDEX_REMOVED,
143 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
144 MGMT_EV_ADVERTISING_ADDED,
145 MGMT_EV_ADVERTISING_REMOVED,
146 MGMT_EV_EXT_INFO_CHANGED,
149 static const u16 mgmt_untrusted_commands[] = {
150 MGMT_OP_READ_INDEX_LIST,
152 MGMT_OP_READ_UNCONF_INDEX_LIST,
153 MGMT_OP_READ_CONFIG_INFO,
154 MGMT_OP_READ_EXT_INDEX_LIST,
155 MGMT_OP_READ_EXT_INFO,
158 static const u16 mgmt_untrusted_events[] = {
160 MGMT_EV_INDEX_REMOVED,
161 MGMT_EV_NEW_SETTINGS,
162 MGMT_EV_CLASS_OF_DEV_CHANGED,
163 MGMT_EV_LOCAL_NAME_CHANGED,
164 MGMT_EV_UNCONF_INDEX_ADDED,
165 MGMT_EV_UNCONF_INDEX_REMOVED,
166 MGMT_EV_NEW_CONFIG_OPTIONS,
167 MGMT_EV_EXT_INDEX_ADDED,
168 MGMT_EV_EXT_INDEX_REMOVED,
169 MGMT_EV_EXT_INFO_CHANGED,
172 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
174 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
175 "\x00\x00\x00\x00\x00\x00\x00\x00"
177 /* HCI to MGMT error code conversion table */
178 static u8 mgmt_status_table[] = {
180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
182 MGMT_STATUS_FAILED, /* Hardware Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
191 MGMT_STATUS_BUSY, /* Command Disallowed */
192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
193 MGMT_STATUS_REJECTED, /* Rejected Security */
194 MGMT_STATUS_REJECTED, /* Rejected Personal */
195 MGMT_STATUS_TIMEOUT, /* Host Timeout */
196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
202 MGMT_STATUS_BUSY, /* Repeated Attempts */
203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
210 MGMT_STATUS_FAILED, /* Unspecified Error */
211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
217 MGMT_STATUS_FAILED, /* Unit Link Key Used */
218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
219 MGMT_STATUS_TIMEOUT, /* Instant Passed */
220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
221 MGMT_STATUS_FAILED, /* Transaction Collision */
222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
223 MGMT_STATUS_REJECTED, /* QoS Rejected */
224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
225 MGMT_STATUS_REJECTED, /* Insufficient Security */
226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
227 MGMT_STATUS_BUSY, /* Role Switch Pending */
228 MGMT_STATUS_FAILED, /* Slot Violation */
229 MGMT_STATUS_FAILED, /* Role Switch Failed */
230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
232 MGMT_STATUS_BUSY, /* Host Busy Pairing */
233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
234 MGMT_STATUS_BUSY, /* Controller Busy */
235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
242 static u8 mgmt_status(u8 hci_status)
244 if (hci_status < ARRAY_SIZE(mgmt_status_table))
245 return mgmt_status_table[hci_status];
247 return MGMT_STATUS_FAILED;
250 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, int flag, struct sock *skip_sk)
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
271 static u8 le_addr_type(u8 mgmt_addr_type)
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
276 return ADDR_LE_DEV_RANDOM;
279 void mgmt_fill_version_info(void *ver)
281 struct mgmt_rp_read_version *rp = ver;
283 rp->version = MGMT_VERSION;
284 rp->revision = cpu_to_le16(MGMT_REVISION);
287 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
290 struct mgmt_rp_read_version rp;
292 BT_DBG("sock %p", sk);
294 mgmt_fill_version_info(&rp);
296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
300 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
303 struct mgmt_rp_read_commands *rp;
304 u16 num_commands, num_events;
308 BT_DBG("sock %p", sk);
310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
311 num_commands = ARRAY_SIZE(mgmt_commands);
312 num_events = ARRAY_SIZE(mgmt_events);
314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
315 num_events = ARRAY_SIZE(mgmt_untrusted_events);
318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
320 rp = kmalloc(rp_size, GFP_KERNEL);
324 rp->num_commands = cpu_to_le16(num_commands);
325 rp->num_events = cpu_to_le16(num_events);
327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
328 __le16 *opcode = rp->opcodes;
330 for (i = 0; i < num_commands; i++, opcode++)
331 put_unaligned_le16(mgmt_commands[i], opcode);
333 for (i = 0; i < num_events; i++, opcode++)
334 put_unaligned_le16(mgmt_events[i], opcode);
336 __le16 *opcode = rp->opcodes;
338 for (i = 0; i < num_commands; i++, opcode++)
339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
341 for (i = 0; i < num_events; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
352 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
355 struct mgmt_rp_read_index_list *rp;
361 BT_DBG("sock %p", sk);
363 read_lock(&hci_dev_list_lock);
366 list_for_each_entry(d, &hci_dev_list, list) {
367 if (d->dev_type == HCI_PRIMARY &&
368 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
372 rp_len = sizeof(*rp) + (2 * count);
373 rp = kmalloc(rp_len, GFP_ATOMIC);
375 read_unlock(&hci_dev_list_lock);
380 list_for_each_entry(d, &hci_dev_list, list) {
381 if (hci_dev_test_flag(d, HCI_SETUP) ||
382 hci_dev_test_flag(d, HCI_CONFIG) ||
383 hci_dev_test_flag(d, HCI_USER_CHANNEL))
386 /* Devices marked as raw-only are neither configured
387 * nor unconfigured controllers.
389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
392 if (d->dev_type == HCI_PRIMARY &&
393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
394 rp->index[count++] = cpu_to_le16(d->id);
395 BT_DBG("Added hci%u", d->id);
399 rp->num_controllers = cpu_to_le16(count);
400 rp_len = sizeof(*rp) + (2 * count);
402 read_unlock(&hci_dev_list_lock);
404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
412 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
413 void *data, u16 data_len)
415 struct mgmt_rp_read_unconf_index_list *rp;
421 BT_DBG("sock %p", sk);
423 read_lock(&hci_dev_list_lock);
426 list_for_each_entry(d, &hci_dev_list, list) {
427 if (d->dev_type == HCI_PRIMARY &&
428 hci_dev_test_flag(d, HCI_UNCONFIGURED))
432 rp_len = sizeof(*rp) + (2 * count);
433 rp = kmalloc(rp_len, GFP_ATOMIC);
435 read_unlock(&hci_dev_list_lock);
440 list_for_each_entry(d, &hci_dev_list, list) {
441 if (hci_dev_test_flag(d, HCI_SETUP) ||
442 hci_dev_test_flag(d, HCI_CONFIG) ||
443 hci_dev_test_flag(d, HCI_USER_CHANNEL))
446 /* Devices marked as raw-only are neither configured
447 * nor unconfigured controllers.
449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
452 if (d->dev_type == HCI_PRIMARY &&
453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
454 rp->index[count++] = cpu_to_le16(d->id);
455 BT_DBG("Added hci%u", d->id);
459 rp->num_controllers = cpu_to_le16(count);
460 rp_len = sizeof(*rp) + (2 * count);
462 read_unlock(&hci_dev_list_lock);
464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
472 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
473 void *data, u16 data_len)
475 struct mgmt_rp_read_ext_index_list *rp;
481 BT_DBG("sock %p", sk);
483 read_lock(&hci_dev_list_lock);
486 list_for_each_entry(d, &hci_dev_list, list) {
487 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
491 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
492 rp = kmalloc(rp_len, GFP_ATOMIC);
494 read_unlock(&hci_dev_list_lock);
499 list_for_each_entry(d, &hci_dev_list, list) {
500 if (hci_dev_test_flag(d, HCI_SETUP) ||
501 hci_dev_test_flag(d, HCI_CONFIG) ||
502 hci_dev_test_flag(d, HCI_USER_CHANNEL))
505 /* Devices marked as raw-only are neither configured
506 * nor unconfigured controllers.
508 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
511 if (d->dev_type == HCI_PRIMARY) {
512 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
513 rp->entry[count].type = 0x01;
515 rp->entry[count].type = 0x00;
516 } else if (d->dev_type == HCI_AMP) {
517 rp->entry[count].type = 0x02;
522 rp->entry[count].bus = d->bus;
523 rp->entry[count++].index = cpu_to_le16(d->id);
524 BT_DBG("Added hci%u", d->id);
527 rp->num_controllers = cpu_to_le16(count);
528 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
530 read_unlock(&hci_dev_list_lock);
532 /* If this command is called at least once, then all the
533 * default index and unconfigured index events are disabled
534 * and from now on only extended index events are used.
536 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
537 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
538 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
540 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
541 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
548 static bool is_configured(struct hci_dev *hdev)
550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
561 static __le32 get_missing_options(struct hci_dev *hdev)
565 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
566 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
567 options |= MGMT_OPTION_EXTERNAL_CONFIG;
569 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
570 !bacmp(&hdev->public_addr, BDADDR_ANY))
571 options |= MGMT_OPTION_PUBLIC_ADDRESS;
573 return cpu_to_le32(options);
576 static int new_options(struct hci_dev *hdev, struct sock *skip)
578 __le32 options = get_missing_options(hdev);
580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
584 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
586 __le32 options = get_missing_options(hdev);
588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
592 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
593 void *data, u16 data_len)
595 struct mgmt_rp_read_config_info rp;
598 BT_DBG("sock %p %s", sk, hdev->name);
602 memset(&rp, 0, sizeof(rp));
603 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
606 options |= MGMT_OPTION_EXTERNAL_CONFIG;
608 if (hdev->set_bdaddr)
609 options |= MGMT_OPTION_PUBLIC_ADDRESS;
611 rp.supported_options = cpu_to_le32(options);
612 rp.missing_options = get_missing_options(hdev);
614 hci_dev_unlock(hdev);
616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
620 static u32 get_supported_settings(struct hci_dev *hdev)
624 settings |= MGMT_SETTING_POWERED;
625 settings |= MGMT_SETTING_BONDABLE;
626 settings |= MGMT_SETTING_DEBUG_KEYS;
627 settings |= MGMT_SETTING_CONNECTABLE;
628 settings |= MGMT_SETTING_DISCOVERABLE;
630 if (lmp_bredr_capable(hdev)) {
631 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
632 settings |= MGMT_SETTING_FAST_CONNECTABLE;
633 settings |= MGMT_SETTING_BREDR;
634 settings |= MGMT_SETTING_LINK_SECURITY;
636 if (lmp_ssp_capable(hdev)) {
637 settings |= MGMT_SETTING_SSP;
638 settings |= MGMT_SETTING_HS;
641 if (lmp_sc_capable(hdev))
642 settings |= MGMT_SETTING_SECURE_CONN;
645 if (lmp_le_capable(hdev)) {
646 settings |= MGMT_SETTING_LE;
647 settings |= MGMT_SETTING_ADVERTISING;
648 settings |= MGMT_SETTING_SECURE_CONN;
649 settings |= MGMT_SETTING_PRIVACY;
650 settings |= MGMT_SETTING_STATIC_ADDRESS;
653 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
655 settings |= MGMT_SETTING_CONFIGURATION;
660 static u32 get_current_settings(struct hci_dev *hdev)
664 if (hdev_is_powered(hdev))
665 settings |= MGMT_SETTING_POWERED;
667 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
668 settings |= MGMT_SETTING_CONNECTABLE;
670 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
671 settings |= MGMT_SETTING_FAST_CONNECTABLE;
673 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
674 settings |= MGMT_SETTING_DISCOVERABLE;
676 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
677 settings |= MGMT_SETTING_BONDABLE;
679 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
680 settings |= MGMT_SETTING_BREDR;
682 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
683 settings |= MGMT_SETTING_LE;
685 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
686 settings |= MGMT_SETTING_LINK_SECURITY;
688 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
689 settings |= MGMT_SETTING_SSP;
691 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
692 settings |= MGMT_SETTING_HS;
694 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
695 settings |= MGMT_SETTING_ADVERTISING;
697 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
698 settings |= MGMT_SETTING_SECURE_CONN;
700 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
701 settings |= MGMT_SETTING_DEBUG_KEYS;
703 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
704 settings |= MGMT_SETTING_PRIVACY;
706 /* The current setting for static address has two purposes. The
707 * first is to indicate if the static address will be used and
708 * the second is to indicate if it is actually set.
710 * This means if the static address is not configured, this flag
711 * will never be set. If the address is configured, then if the
712 * address is actually used decides if the flag is set or not.
714 * For single mode LE only controllers and dual-mode controllers
715 * with BR/EDR disabled, the existence of the static address will
718 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
719 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
720 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
721 if (bacmp(&hdev->static_addr, BDADDR_ANY))
722 settings |= MGMT_SETTING_STATIC_ADDRESS;
728 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
730 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
733 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
734 struct hci_dev *hdev,
737 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
740 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
742 struct mgmt_pending_cmd *cmd;
744 /* If there's a pending mgmt command the flags will not yet have
745 * their final values, so check for this first.
747 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
749 struct mgmt_mode *cp = cmd->param;
751 return LE_AD_GENERAL;
752 else if (cp->val == 0x02)
753 return LE_AD_LIMITED;
755 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
756 return LE_AD_LIMITED;
757 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
758 return LE_AD_GENERAL;
764 bool mgmt_get_connectable(struct hci_dev *hdev)
766 struct mgmt_pending_cmd *cmd;
768 /* If there's a pending mgmt command the flag will not yet have
769 * it's final value, so check for this first.
771 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
773 struct mgmt_mode *cp = cmd->param;
778 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
781 static void service_cache_off(struct work_struct *work)
783 struct hci_dev *hdev = container_of(work, struct hci_dev,
785 struct hci_request req;
787 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
790 hci_req_init(&req, hdev);
794 __hci_req_update_eir(&req);
795 __hci_req_update_class(&req);
797 hci_dev_unlock(hdev);
799 hci_req_run(&req, NULL);
802 static void rpa_expired(struct work_struct *work)
804 struct hci_dev *hdev = container_of(work, struct hci_dev,
806 struct hci_request req;
810 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
812 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
815 /* The generation of a new RPA and programming it into the
816 * controller happens in the hci_req_enable_advertising()
819 hci_req_init(&req, hdev);
820 __hci_req_enable_advertising(&req);
821 hci_req_run(&req, NULL);
824 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
826 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
829 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
830 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
832 /* Non-mgmt controlled devices get this bit set
833 * implicitly so that pairing works for them, however
834 * for mgmt we require user-space to explicitly enable
837 hci_dev_clear_flag(hdev, HCI_BONDABLE);
840 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
841 void *data, u16 data_len)
843 struct mgmt_rp_read_info rp;
845 BT_DBG("sock %p %s", sk, hdev->name);
849 memset(&rp, 0, sizeof(rp));
851 bacpy(&rp.bdaddr, &hdev->bdaddr);
853 rp.version = hdev->hci_ver;
854 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
856 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
857 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
859 memcpy(rp.dev_class, hdev->dev_class, 3);
861 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
862 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
864 hci_dev_unlock(hdev);
866 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
870 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
875 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
876 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
879 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
880 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
883 name_len = strlen(hdev->dev_name);
884 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
885 hdev->dev_name, name_len);
887 name_len = strlen(hdev->short_name);
888 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
889 hdev->short_name, name_len);
894 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
895 void *data, u16 data_len)
898 struct mgmt_rp_read_ext_info *rp = (void *)buf;
901 BT_DBG("sock %p %s", sk, hdev->name);
903 memset(&buf, 0, sizeof(buf));
907 bacpy(&rp->bdaddr, &hdev->bdaddr);
909 rp->version = hdev->hci_ver;
910 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
912 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
913 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
916 eir_len = append_eir_data_to_buf(hdev, rp->eir);
917 rp->eir_len = cpu_to_le16(eir_len);
919 hci_dev_unlock(hdev);
921 /* If this command is called at least once, then the events
922 * for class of device and local name changes are disabled
923 * and only the new extended controller information event
926 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
927 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
928 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
930 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
931 sizeof(*rp) + eir_len);
934 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
937 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
940 memset(buf, 0, sizeof(buf));
942 eir_len = append_eir_data_to_buf(hdev, ev->eir);
943 ev->eir_len = cpu_to_le16(eir_len);
945 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
946 sizeof(*ev) + eir_len,
947 HCI_MGMT_EXT_INFO_EVENTS, skip);
950 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
952 __le32 settings = cpu_to_le32(get_current_settings(hdev));
954 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
958 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
960 BT_DBG("%s status 0x%02x", hdev->name, status);
962 if (hci_conn_count(hdev) == 0) {
963 cancel_delayed_work(&hdev->power_off);
964 queue_work(hdev->req_workqueue, &hdev->power_off.work);
968 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
970 struct mgmt_ev_advertising_added ev;
972 ev.instance = instance;
974 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
977 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
980 struct mgmt_ev_advertising_removed ev;
982 ev.instance = instance;
984 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
987 static void cancel_adv_timeout(struct hci_dev *hdev)
989 if (hdev->adv_instance_timeout) {
990 hdev->adv_instance_timeout = 0;
991 cancel_delayed_work(&hdev->adv_instance_expire);
995 static int clean_up_hci_state(struct hci_dev *hdev)
997 struct hci_request req;
998 struct hci_conn *conn;
1002 hci_req_init(&req, hdev);
1004 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1005 test_bit(HCI_PSCAN, &hdev->flags)) {
1007 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1010 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1012 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1013 __hci_req_disable_advertising(&req);
1015 discov_stopped = hci_req_stop_discovery(&req);
1017 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1018 /* 0x15 == Terminated due to Power Off */
1019 __hci_abort_conn(&req, conn, 0x15);
1022 err = hci_req_run(&req, clean_up_hci_complete);
1023 if (!err && discov_stopped)
1024 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1029 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1032 struct mgmt_mode *cp = data;
1033 struct mgmt_pending_cmd *cmd;
1036 BT_DBG("request for %s", hdev->name);
1038 if (cp->val != 0x00 && cp->val != 0x01)
1039 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1040 MGMT_STATUS_INVALID_PARAMS);
1044 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1045 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1050 if (!!cp->val == hdev_is_powered(hdev)) {
1051 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1055 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1062 queue_work(hdev->req_workqueue, &hdev->power_on);
1065 /* Disconnect connections, stop scans, etc */
1066 err = clean_up_hci_state(hdev);
1068 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1069 HCI_POWER_OFF_TIMEOUT);
1071 /* ENODATA means there were no HCI commands queued */
1072 if (err == -ENODATA) {
1073 cancel_delayed_work(&hdev->power_off);
1074 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1080 hci_dev_unlock(hdev);
1084 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1086 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1088 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1089 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1092 int mgmt_new_settings(struct hci_dev *hdev)
1094 return new_settings(hdev, NULL);
1099 struct hci_dev *hdev;
1103 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1105 struct cmd_lookup *match = data;
1107 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1109 list_del(&cmd->list);
1111 if (match->sk == NULL) {
1112 match->sk = cmd->sk;
1113 sock_hold(match->sk);
1116 mgmt_pending_free(cmd);
1119 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1123 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1124 mgmt_pending_remove(cmd);
1127 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1129 if (cmd->cmd_complete) {
1132 cmd->cmd_complete(cmd, *status);
1133 mgmt_pending_remove(cmd);
1138 cmd_status_rsp(cmd, data);
1141 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1143 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1144 cmd->param, cmd->param_len);
1147 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1149 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1150 cmd->param, sizeof(struct mgmt_addr_info));
1153 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1155 if (!lmp_bredr_capable(hdev))
1156 return MGMT_STATUS_NOT_SUPPORTED;
1157 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1158 return MGMT_STATUS_REJECTED;
1160 return MGMT_STATUS_SUCCESS;
1163 static u8 mgmt_le_support(struct hci_dev *hdev)
1165 if (!lmp_le_capable(hdev))
1166 return MGMT_STATUS_NOT_SUPPORTED;
1167 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1168 return MGMT_STATUS_REJECTED;
1170 return MGMT_STATUS_SUCCESS;
1173 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1175 struct mgmt_pending_cmd *cmd;
1177 BT_DBG("status 0x%02x", status);
1181 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1186 u8 mgmt_err = mgmt_status(status);
1187 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1188 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1192 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1193 hdev->discov_timeout > 0) {
1194 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1195 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1198 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1199 new_settings(hdev, cmd->sk);
1202 mgmt_pending_remove(cmd);
1205 hci_dev_unlock(hdev);
1208 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1211 struct mgmt_cp_set_discoverable *cp = data;
1212 struct mgmt_pending_cmd *cmd;
1216 BT_DBG("request for %s", hdev->name);
1218 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1219 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1221 MGMT_STATUS_REJECTED);
1223 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1224 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1225 MGMT_STATUS_INVALID_PARAMS);
1227 timeout = __le16_to_cpu(cp->timeout);
1229 /* Disabling discoverable requires that no timeout is set,
1230 * and enabling limited discoverable requires a timeout.
1232 if ((cp->val == 0x00 && timeout > 0) ||
1233 (cp->val == 0x02 && timeout == 0))
1234 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1235 MGMT_STATUS_INVALID_PARAMS);
1239 if (!hdev_is_powered(hdev) && timeout > 0) {
1240 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1241 MGMT_STATUS_NOT_POWERED);
1245 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1246 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1247 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1252 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1253 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1254 MGMT_STATUS_REJECTED);
1258 if (!hdev_is_powered(hdev)) {
1259 bool changed = false;
1261 /* Setting limited discoverable when powered off is
1262 * not a valid operation since it requires a timeout
1263 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1265 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1266 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1270 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1275 err = new_settings(hdev, sk);
1280 /* If the current mode is the same, then just update the timeout
1281 * value with the new value. And if only the timeout gets updated,
1282 * then no need for any HCI transactions.
1284 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1285 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1286 HCI_LIMITED_DISCOVERABLE)) {
1287 cancel_delayed_work(&hdev->discov_off);
1288 hdev->discov_timeout = timeout;
1290 if (cp->val && hdev->discov_timeout > 0) {
1291 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1292 queue_delayed_work(hdev->req_workqueue,
1293 &hdev->discov_off, to);
1296 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1300 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1306 /* Cancel any potential discoverable timeout that might be
1307 * still active and store new timeout value. The arming of
1308 * the timeout happens in the complete handler.
1310 cancel_delayed_work(&hdev->discov_off);
1311 hdev->discov_timeout = timeout;
1314 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1316 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1318 /* Limited discoverable mode */
1319 if (cp->val == 0x02)
1320 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1322 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1324 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1328 hci_dev_unlock(hdev);
1332 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1334 struct mgmt_pending_cmd *cmd;
1336 BT_DBG("status 0x%02x", status);
1340 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1345 u8 mgmt_err = mgmt_status(status);
1346 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1350 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1351 new_settings(hdev, cmd->sk);
1354 mgmt_pending_remove(cmd);
1357 hci_dev_unlock(hdev);
1360 static int set_connectable_update_settings(struct hci_dev *hdev,
1361 struct sock *sk, u8 val)
1363 bool changed = false;
1366 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1370 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1372 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1373 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1376 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1381 hci_req_update_scan(hdev);
1382 hci_update_background_scan(hdev);
1383 return new_settings(hdev, sk);
1389 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1392 struct mgmt_mode *cp = data;
1393 struct mgmt_pending_cmd *cmd;
1396 BT_DBG("request for %s", hdev->name);
1398 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1399 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1401 MGMT_STATUS_REJECTED);
1403 if (cp->val != 0x00 && cp->val != 0x01)
1404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1405 MGMT_STATUS_INVALID_PARAMS);
1409 if (!hdev_is_powered(hdev)) {
1410 err = set_connectable_update_settings(hdev, sk, cp->val);
1414 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1415 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1416 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1421 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1428 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1430 if (hdev->discov_timeout > 0)
1431 cancel_delayed_work(&hdev->discov_off);
1433 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1434 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1435 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1438 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1442 hci_dev_unlock(hdev);
1446 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1449 struct mgmt_mode *cp = data;
1453 BT_DBG("request for %s", hdev->name);
1455 if (cp->val != 0x00 && cp->val != 0x01)
1456 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1457 MGMT_STATUS_INVALID_PARAMS);
1462 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1464 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1466 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1471 /* In limited privacy mode the change of bondable mode
1472 * may affect the local advertising address.
1474 if (hdev_is_powered(hdev) &&
1475 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1476 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1477 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1478 queue_work(hdev->req_workqueue,
1479 &hdev->discoverable_update);
1481 err = new_settings(hdev, sk);
1485 hci_dev_unlock(hdev);
1489 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1492 struct mgmt_mode *cp = data;
1493 struct mgmt_pending_cmd *cmd;
1497 BT_DBG("request for %s", hdev->name);
1499 status = mgmt_bredr_support(hdev);
1501 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1504 if (cp->val != 0x00 && cp->val != 0x01)
1505 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1506 MGMT_STATUS_INVALID_PARAMS);
1510 if (!hdev_is_powered(hdev)) {
1511 bool changed = false;
1513 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1514 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1518 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1523 err = new_settings(hdev, sk);
1528 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1529 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1536 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1537 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1541 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1547 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1549 mgmt_pending_remove(cmd);
1554 hci_dev_unlock(hdev);
1558 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1560 struct mgmt_mode *cp = data;
1561 struct mgmt_pending_cmd *cmd;
1565 BT_DBG("request for %s", hdev->name);
1567 status = mgmt_bredr_support(hdev);
1569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1571 if (!lmp_ssp_capable(hdev))
1572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1573 MGMT_STATUS_NOT_SUPPORTED);
1575 if (cp->val != 0x00 && cp->val != 0x01)
1576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1577 MGMT_STATUS_INVALID_PARAMS);
1581 if (!hdev_is_powered(hdev)) {
1585 changed = !hci_dev_test_and_set_flag(hdev,
1588 changed = hci_dev_test_and_clear_flag(hdev,
1591 changed = hci_dev_test_and_clear_flag(hdev,
1594 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1597 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1602 err = new_settings(hdev, sk);
1607 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1608 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1613 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1614 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1618 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1624 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1625 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1626 sizeof(cp->val), &cp->val);
1628 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1630 mgmt_pending_remove(cmd);
1635 hci_dev_unlock(hdev);
1639 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1641 struct mgmt_mode *cp = data;
1646 BT_DBG("request for %s", hdev->name);
1648 status = mgmt_bredr_support(hdev);
1650 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1652 if (!lmp_ssp_capable(hdev))
1653 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1654 MGMT_STATUS_NOT_SUPPORTED);
1656 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1657 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1658 MGMT_STATUS_REJECTED);
1660 if (cp->val != 0x00 && cp->val != 0x01)
1661 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1662 MGMT_STATUS_INVALID_PARAMS);
1666 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1667 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1673 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1675 if (hdev_is_powered(hdev)) {
1676 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1677 MGMT_STATUS_REJECTED);
1681 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1684 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1689 err = new_settings(hdev, sk);
1692 hci_dev_unlock(hdev);
1696 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1698 struct cmd_lookup match = { NULL, hdev };
1703 u8 mgmt_err = mgmt_status(status);
1705 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1710 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1712 new_settings(hdev, match.sk);
1717 /* Make sure the controller has a good default for
1718 * advertising data. Restrict the update to when LE
1719 * has actually been enabled. During power on, the
1720 * update in powered_update_hci will take care of it.
1722 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1723 struct hci_request req;
1725 hci_req_init(&req, hdev);
1726 __hci_req_update_adv_data(&req, 0x00);
1727 __hci_req_update_scan_rsp_data(&req, 0x00);
1728 hci_req_run(&req, NULL);
1729 hci_update_background_scan(hdev);
1733 hci_dev_unlock(hdev);
1736 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1738 struct mgmt_mode *cp = data;
1739 struct hci_cp_write_le_host_supported hci_cp;
1740 struct mgmt_pending_cmd *cmd;
1741 struct hci_request req;
1745 BT_DBG("request for %s", hdev->name);
1747 if (!lmp_le_capable(hdev))
1748 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1749 MGMT_STATUS_NOT_SUPPORTED);
1751 if (cp->val != 0x00 && cp->val != 0x01)
1752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1753 MGMT_STATUS_INVALID_PARAMS);
1755 /* Bluetooth single mode LE only controllers or dual-mode
1756 * controllers configured as LE only devices, do not allow
1757 * switching LE off. These have either LE enabled explicitly
1758 * or BR/EDR has been previously switched off.
1760 * When trying to enable an already enabled LE, then gracefully
1761 * send a positive response. Trying to disable it however will
1762 * result into rejection.
1764 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1765 if (cp->val == 0x01)
1766 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1768 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1769 MGMT_STATUS_REJECTED);
1775 enabled = lmp_host_le_capable(hdev);
1778 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1780 if (!hdev_is_powered(hdev) || val == enabled) {
1781 bool changed = false;
1783 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1784 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1788 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1789 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1793 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1798 err = new_settings(hdev, sk);
1803 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1804 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1805 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1810 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1816 hci_req_init(&req, hdev);
1818 memset(&hci_cp, 0, sizeof(hci_cp));
1822 hci_cp.simul = 0x00;
1824 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1825 __hci_req_disable_advertising(&req);
1828 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1831 err = hci_req_run(&req, le_enable_complete);
1833 mgmt_pending_remove(cmd);
1836 hci_dev_unlock(hdev);
1840 /* This is a helper function to test for pending mgmt commands that can
1841 * cause CoD or EIR HCI commands. We can only allow one such pending
1842 * mgmt command at a time since otherwise we cannot easily track what
1843 * the current values are, will be, and based on that calculate if a new
1844 * HCI command needs to be sent and if yes with what value.
1846 static bool pending_eir_or_class(struct hci_dev *hdev)
1848 struct mgmt_pending_cmd *cmd;
1850 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1851 switch (cmd->opcode) {
1852 case MGMT_OP_ADD_UUID:
1853 case MGMT_OP_REMOVE_UUID:
1854 case MGMT_OP_SET_DEV_CLASS:
1855 case MGMT_OP_SET_POWERED:
1863 static const u8 bluetooth_base_uuid[] = {
1864 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1865 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1868 static u8 get_uuid_size(const u8 *uuid)
1872 if (memcmp(uuid, bluetooth_base_uuid, 12))
1875 val = get_unaligned_le32(&uuid[12]);
1882 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1884 struct mgmt_pending_cmd *cmd;
1888 cmd = pending_find(mgmt_op, hdev);
1892 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
1893 mgmt_status(status), hdev->dev_class, 3);
1895 mgmt_pending_remove(cmd);
1898 hci_dev_unlock(hdev);
1901 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1903 BT_DBG("status 0x%02x", status);
1905 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1908 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1910 struct mgmt_cp_add_uuid *cp = data;
1911 struct mgmt_pending_cmd *cmd;
1912 struct hci_request req;
1913 struct bt_uuid *uuid;
1916 BT_DBG("request for %s", hdev->name);
1920 if (pending_eir_or_class(hdev)) {
1921 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1926 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1932 memcpy(uuid->uuid, cp->uuid, 16);
1933 uuid->svc_hint = cp->svc_hint;
1934 uuid->size = get_uuid_size(cp->uuid);
1936 list_add_tail(&uuid->list, &hdev->uuids);
1938 hci_req_init(&req, hdev);
1940 __hci_req_update_class(&req);
1941 __hci_req_update_eir(&req);
1943 err = hci_req_run(&req, add_uuid_complete);
1945 if (err != -ENODATA)
1948 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1949 hdev->dev_class, 3);
1953 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1962 hci_dev_unlock(hdev);
1966 static bool enable_service_cache(struct hci_dev *hdev)
1968 if (!hdev_is_powered(hdev))
1971 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
1972 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1980 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1982 BT_DBG("status 0x%02x", status);
1984 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1987 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1990 struct mgmt_cp_remove_uuid *cp = data;
1991 struct mgmt_pending_cmd *cmd;
1992 struct bt_uuid *match, *tmp;
1993 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1994 struct hci_request req;
1997 BT_DBG("request for %s", hdev->name);
2001 if (pending_eir_or_class(hdev)) {
2002 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2007 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2008 hci_uuids_clear(hdev);
2010 if (enable_service_cache(hdev)) {
2011 err = mgmt_cmd_complete(sk, hdev->id,
2012 MGMT_OP_REMOVE_UUID,
2013 0, hdev->dev_class, 3);
2022 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2023 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2026 list_del(&match->list);
2032 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2033 MGMT_STATUS_INVALID_PARAMS);
2038 hci_req_init(&req, hdev);
2040 __hci_req_update_class(&req);
2041 __hci_req_update_eir(&req);
2043 err = hci_req_run(&req, remove_uuid_complete);
2045 if (err != -ENODATA)
2048 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2049 hdev->dev_class, 3);
2053 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2062 hci_dev_unlock(hdev);
2066 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2068 BT_DBG("status 0x%02x", status);
2070 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2073 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2076 struct mgmt_cp_set_dev_class *cp = data;
2077 struct mgmt_pending_cmd *cmd;
2078 struct hci_request req;
2081 BT_DBG("request for %s", hdev->name);
2083 if (!lmp_bredr_capable(hdev))
2084 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2085 MGMT_STATUS_NOT_SUPPORTED);
2089 if (pending_eir_or_class(hdev)) {
2090 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2095 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2096 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2097 MGMT_STATUS_INVALID_PARAMS);
2101 hdev->major_class = cp->major;
2102 hdev->minor_class = cp->minor;
2104 if (!hdev_is_powered(hdev)) {
2105 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2106 hdev->dev_class, 3);
2110 hci_req_init(&req, hdev);
2112 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2113 hci_dev_unlock(hdev);
2114 cancel_delayed_work_sync(&hdev->service_cache);
2116 __hci_req_update_eir(&req);
2119 __hci_req_update_class(&req);
2121 err = hci_req_run(&req, set_class_complete);
2123 if (err != -ENODATA)
2126 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2127 hdev->dev_class, 3);
2131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2140 hci_dev_unlock(hdev);
2144 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2147 struct mgmt_cp_load_link_keys *cp = data;
2148 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2149 sizeof(struct mgmt_link_key_info));
2150 u16 key_count, expected_len;
2154 BT_DBG("request for %s", hdev->name);
2156 if (!lmp_bredr_capable(hdev))
2157 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2158 MGMT_STATUS_NOT_SUPPORTED);
2160 key_count = __le16_to_cpu(cp->key_count);
2161 if (key_count > max_key_count) {
2162 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2164 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2165 MGMT_STATUS_INVALID_PARAMS);
2168 expected_len = sizeof(*cp) + key_count *
2169 sizeof(struct mgmt_link_key_info);
2170 if (expected_len != len) {
2171 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2173 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2174 MGMT_STATUS_INVALID_PARAMS);
2177 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2178 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2179 MGMT_STATUS_INVALID_PARAMS);
2181 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2184 for (i = 0; i < key_count; i++) {
2185 struct mgmt_link_key_info *key = &cp->keys[i];
2187 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2188 return mgmt_cmd_status(sk, hdev->id,
2189 MGMT_OP_LOAD_LINK_KEYS,
2190 MGMT_STATUS_INVALID_PARAMS);
2195 hci_link_keys_clear(hdev);
2198 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2200 changed = hci_dev_test_and_clear_flag(hdev,
2201 HCI_KEEP_DEBUG_KEYS);
2204 new_settings(hdev, NULL);
2206 for (i = 0; i < key_count; i++) {
2207 struct mgmt_link_key_info *key = &cp->keys[i];
2209 /* Always ignore debug keys and require a new pairing if
2210 * the user wants to use them.
2212 if (key->type == HCI_LK_DEBUG_COMBINATION)
2215 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2216 key->type, key->pin_len, NULL);
2219 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2221 hci_dev_unlock(hdev);
2226 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2227 u8 addr_type, struct sock *skip_sk)
2229 struct mgmt_ev_device_unpaired ev;
2231 bacpy(&ev.addr.bdaddr, bdaddr);
2232 ev.addr.type = addr_type;
2234 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2238 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2241 struct mgmt_cp_unpair_device *cp = data;
2242 struct mgmt_rp_unpair_device rp;
2243 struct hci_conn_params *params;
2244 struct mgmt_pending_cmd *cmd;
2245 struct hci_conn *conn;
2249 memset(&rp, 0, sizeof(rp));
2250 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2251 rp.addr.type = cp->addr.type;
2253 if (!bdaddr_type_is_valid(cp->addr.type))
2254 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2255 MGMT_STATUS_INVALID_PARAMS,
2258 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2259 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2260 MGMT_STATUS_INVALID_PARAMS,
2265 if (!hdev_is_powered(hdev)) {
2266 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2267 MGMT_STATUS_NOT_POWERED, &rp,
2272 if (cp->addr.type == BDADDR_BREDR) {
2273 /* If disconnection is requested, then look up the
2274 * connection. If the remote device is connected, it
2275 * will be later used to terminate the link.
2277 * Setting it to NULL explicitly will cause no
2278 * termination of the link.
2281 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2286 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2288 err = mgmt_cmd_complete(sk, hdev->id,
2289 MGMT_OP_UNPAIR_DEVICE,
2290 MGMT_STATUS_NOT_PAIRED, &rp,
2298 /* LE address type */
2299 addr_type = le_addr_type(cp->addr.type);
2301 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2303 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2305 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2306 MGMT_STATUS_NOT_PAIRED, &rp,
2311 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2313 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2317 /* Abort any ongoing SMP pairing */
2318 smp_cancel_pairing(conn);
2320 /* Defer clearing up the connection parameters until closing to
2321 * give a chance of keeping them if a repairing happens.
2323 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2325 /* Disable auto-connection parameters if present */
2326 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2328 if (params->explicit_connect)
2329 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2331 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2334 /* If disconnection is not requested, then clear the connection
2335 * variable so that the link is not terminated.
2337 if (!cp->disconnect)
2341 /* If the connection variable is set, then termination of the
2342 * link is requested.
2345 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2347 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2351 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2358 cmd->cmd_complete = addr_cmd_complete;
2360 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2362 mgmt_pending_remove(cmd);
2365 hci_dev_unlock(hdev);
2369 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2372 struct mgmt_cp_disconnect *cp = data;
2373 struct mgmt_rp_disconnect rp;
2374 struct mgmt_pending_cmd *cmd;
2375 struct hci_conn *conn;
2380 memset(&rp, 0, sizeof(rp));
2381 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2382 rp.addr.type = cp->addr.type;
2384 if (!bdaddr_type_is_valid(cp->addr.type))
2385 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2386 MGMT_STATUS_INVALID_PARAMS,
2391 if (!test_bit(HCI_UP, &hdev->flags)) {
2392 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2393 MGMT_STATUS_NOT_POWERED, &rp,
2398 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2399 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2400 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2404 if (cp->addr.type == BDADDR_BREDR)
2405 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2408 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2409 le_addr_type(cp->addr.type));
2411 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2412 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2413 MGMT_STATUS_NOT_CONNECTED, &rp,
2418 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2424 cmd->cmd_complete = generic_cmd_complete;
2426 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2428 mgmt_pending_remove(cmd);
2431 hci_dev_unlock(hdev);
2435 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2437 switch (link_type) {
2439 switch (addr_type) {
2440 case ADDR_LE_DEV_PUBLIC:
2441 return BDADDR_LE_PUBLIC;
2444 /* Fallback to LE Random address type */
2445 return BDADDR_LE_RANDOM;
2449 /* Fallback to BR/EDR type */
2450 return BDADDR_BREDR;
2454 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2457 struct mgmt_rp_get_connections *rp;
2467 if (!hdev_is_powered(hdev)) {
2468 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2469 MGMT_STATUS_NOT_POWERED);
2474 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2475 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2479 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2480 rp = kmalloc(rp_len, GFP_KERNEL);
2487 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2488 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2490 bacpy(&rp->addr[i].bdaddr, &c->dst);
2491 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2492 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2497 rp->conn_count = cpu_to_le16(i);
2499 /* Recalculate length in case of filtered SCO connections, etc */
2500 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2502 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2508 hci_dev_unlock(hdev);
2512 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2513 struct mgmt_cp_pin_code_neg_reply *cp)
2515 struct mgmt_pending_cmd *cmd;
2518 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2523 cmd->cmd_complete = addr_cmd_complete;
2525 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2526 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2528 mgmt_pending_remove(cmd);
2533 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2536 struct hci_conn *conn;
2537 struct mgmt_cp_pin_code_reply *cp = data;
2538 struct hci_cp_pin_code_reply reply;
2539 struct mgmt_pending_cmd *cmd;
2546 if (!hdev_is_powered(hdev)) {
2547 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2548 MGMT_STATUS_NOT_POWERED);
2552 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2554 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2555 MGMT_STATUS_NOT_CONNECTED);
2559 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2560 struct mgmt_cp_pin_code_neg_reply ncp;
2562 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2564 bt_dev_err(hdev, "PIN code is not 16 bytes long");
2566 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2568 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2569 MGMT_STATUS_INVALID_PARAMS);
2574 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2580 cmd->cmd_complete = addr_cmd_complete;
2582 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2583 reply.pin_len = cp->pin_len;
2584 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2586 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2588 mgmt_pending_remove(cmd);
2591 hci_dev_unlock(hdev);
2595 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2598 struct mgmt_cp_set_io_capability *cp = data;
2602 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2603 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2604 MGMT_STATUS_INVALID_PARAMS);
2608 hdev->io_capability = cp->io_capability;
2610 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2611 hdev->io_capability);
2613 hci_dev_unlock(hdev);
2615 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2619 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2621 struct hci_dev *hdev = conn->hdev;
2622 struct mgmt_pending_cmd *cmd;
2624 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2625 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2628 if (cmd->user_data != conn)
2637 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2639 struct mgmt_rp_pair_device rp;
2640 struct hci_conn *conn = cmd->user_data;
2643 bacpy(&rp.addr.bdaddr, &conn->dst);
2644 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2646 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2647 status, &rp, sizeof(rp));
2649 /* So we don't get further callbacks for this connection */
2650 conn->connect_cfm_cb = NULL;
2651 conn->security_cfm_cb = NULL;
2652 conn->disconn_cfm_cb = NULL;
2654 hci_conn_drop(conn);
2656 /* The device is paired so there is no need to remove
2657 * its connection parameters anymore.
2659 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2666 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2668 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2669 struct mgmt_pending_cmd *cmd;
2671 cmd = find_pairing(conn);
2673 cmd->cmd_complete(cmd, status);
2674 mgmt_pending_remove(cmd);
2678 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2680 struct mgmt_pending_cmd *cmd;
2682 BT_DBG("status %u", status);
2684 cmd = find_pairing(conn);
2686 BT_DBG("Unable to find a pending command");
2690 cmd->cmd_complete(cmd, mgmt_status(status));
2691 mgmt_pending_remove(cmd);
2694 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2696 struct mgmt_pending_cmd *cmd;
2698 BT_DBG("status %u", status);
2703 cmd = find_pairing(conn);
2705 BT_DBG("Unable to find a pending command");
2709 cmd->cmd_complete(cmd, mgmt_status(status));
2710 mgmt_pending_remove(cmd);
2713 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2716 struct mgmt_cp_pair_device *cp = data;
2717 struct mgmt_rp_pair_device rp;
2718 struct mgmt_pending_cmd *cmd;
2719 u8 sec_level, auth_type;
2720 struct hci_conn *conn;
2725 memset(&rp, 0, sizeof(rp));
2726 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2727 rp.addr.type = cp->addr.type;
2729 if (!bdaddr_type_is_valid(cp->addr.type))
2730 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2731 MGMT_STATUS_INVALID_PARAMS,
2734 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2735 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2736 MGMT_STATUS_INVALID_PARAMS,
2741 if (!hdev_is_powered(hdev)) {
2742 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2743 MGMT_STATUS_NOT_POWERED, &rp,
2748 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2749 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2750 MGMT_STATUS_ALREADY_PAIRED, &rp,
2755 sec_level = BT_SECURITY_MEDIUM;
2756 auth_type = HCI_AT_DEDICATED_BONDING;
2758 if (cp->addr.type == BDADDR_BREDR) {
2759 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2762 u8 addr_type = le_addr_type(cp->addr.type);
2763 struct hci_conn_params *p;
2765 /* When pairing a new device, it is expected to remember
2766 * this device for future connections. Adding the connection
2767 * parameter information ahead of time allows tracking
2768 * of the slave preferred values and will speed up any
2769 * further connection establishment.
2771 * If connection parameters already exist, then they
2772 * will be kept and this function does nothing.
2774 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2776 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2777 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2779 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2780 addr_type, sec_level,
2781 HCI_LE_CONN_TIMEOUT);
2787 if (PTR_ERR(conn) == -EBUSY)
2788 status = MGMT_STATUS_BUSY;
2789 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2790 status = MGMT_STATUS_NOT_SUPPORTED;
2791 else if (PTR_ERR(conn) == -ECONNREFUSED)
2792 status = MGMT_STATUS_REJECTED;
2794 status = MGMT_STATUS_CONNECT_FAILED;
2796 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2797 status, &rp, sizeof(rp));
2801 if (conn->connect_cfm_cb) {
2802 hci_conn_drop(conn);
2803 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2804 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2808 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2811 hci_conn_drop(conn);
2815 cmd->cmd_complete = pairing_complete;
2817 /* For LE, just connecting isn't a proof that the pairing finished */
2818 if (cp->addr.type == BDADDR_BREDR) {
2819 conn->connect_cfm_cb = pairing_complete_cb;
2820 conn->security_cfm_cb = pairing_complete_cb;
2821 conn->disconn_cfm_cb = pairing_complete_cb;
2823 conn->connect_cfm_cb = le_pairing_complete_cb;
2824 conn->security_cfm_cb = le_pairing_complete_cb;
2825 conn->disconn_cfm_cb = le_pairing_complete_cb;
2828 conn->io_capability = cp->io_cap;
2829 cmd->user_data = hci_conn_get(conn);
2831 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2832 hci_conn_security(conn, sec_level, auth_type, true)) {
2833 cmd->cmd_complete(cmd, 0);
2834 mgmt_pending_remove(cmd);
2840 hci_dev_unlock(hdev);
2844 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2847 struct mgmt_addr_info *addr = data;
2848 struct mgmt_pending_cmd *cmd;
2849 struct hci_conn *conn;
2856 if (!hdev_is_powered(hdev)) {
2857 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2858 MGMT_STATUS_NOT_POWERED);
2862 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2864 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2865 MGMT_STATUS_INVALID_PARAMS);
2869 conn = cmd->user_data;
2871 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2872 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2873 MGMT_STATUS_INVALID_PARAMS);
2877 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
2878 mgmt_pending_remove(cmd);
2880 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2881 addr, sizeof(*addr));
2883 hci_dev_unlock(hdev);
2887 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2888 struct mgmt_addr_info *addr, u16 mgmt_op,
2889 u16 hci_op, __le32 passkey)
2891 struct mgmt_pending_cmd *cmd;
2892 struct hci_conn *conn;
2897 if (!hdev_is_powered(hdev)) {
2898 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2899 MGMT_STATUS_NOT_POWERED, addr,
2904 if (addr->type == BDADDR_BREDR)
2905 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2907 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
2908 le_addr_type(addr->type));
2911 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2912 MGMT_STATUS_NOT_CONNECTED, addr,
2917 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2918 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2920 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2921 MGMT_STATUS_SUCCESS, addr,
2924 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2925 MGMT_STATUS_FAILED, addr,
2931 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2937 cmd->cmd_complete = addr_cmd_complete;
2939 /* Continue with pairing via HCI */
2940 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2941 struct hci_cp_user_passkey_reply cp;
2943 bacpy(&cp.bdaddr, &addr->bdaddr);
2944 cp.passkey = passkey;
2945 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2947 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2951 mgmt_pending_remove(cmd);
2954 hci_dev_unlock(hdev);
2958 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2959 void *data, u16 len)
2961 struct mgmt_cp_pin_code_neg_reply *cp = data;
2965 return user_pairing_resp(sk, hdev, &cp->addr,
2966 MGMT_OP_PIN_CODE_NEG_REPLY,
2967 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2970 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2973 struct mgmt_cp_user_confirm_reply *cp = data;
2977 if (len != sizeof(*cp))
2978 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2979 MGMT_STATUS_INVALID_PARAMS);
2981 return user_pairing_resp(sk, hdev, &cp->addr,
2982 MGMT_OP_USER_CONFIRM_REPLY,
2983 HCI_OP_USER_CONFIRM_REPLY, 0);
2986 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2987 void *data, u16 len)
2989 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2993 return user_pairing_resp(sk, hdev, &cp->addr,
2994 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2995 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2998 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3001 struct mgmt_cp_user_passkey_reply *cp = data;
3005 return user_pairing_resp(sk, hdev, &cp->addr,
3006 MGMT_OP_USER_PASSKEY_REPLY,
3007 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3010 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3011 void *data, u16 len)
3013 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3017 return user_pairing_resp(sk, hdev, &cp->addr,
3018 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3019 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3022 static void adv_expire(struct hci_dev *hdev, u32 flags)
3024 struct adv_info *adv_instance;
3025 struct hci_request req;
3028 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3032 /* stop if current instance doesn't need to be changed */
3033 if (!(adv_instance->flags & flags))
3036 cancel_adv_timeout(hdev);
3038 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3042 hci_req_init(&req, hdev);
3043 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3048 hci_req_run(&req, NULL);
3051 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3053 struct mgmt_cp_set_local_name *cp;
3054 struct mgmt_pending_cmd *cmd;
3056 BT_DBG("status 0x%02x", status);
3060 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3067 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3068 mgmt_status(status));
3070 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3073 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3074 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3077 mgmt_pending_remove(cmd);
3080 hci_dev_unlock(hdev);
3083 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3086 struct mgmt_cp_set_local_name *cp = data;
3087 struct mgmt_pending_cmd *cmd;
3088 struct hci_request req;
3095 /* If the old values are the same as the new ones just return a
3096 * direct command complete event.
3098 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3099 !memcmp(hdev->short_name, cp->short_name,
3100 sizeof(hdev->short_name))) {
3101 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3106 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3108 if (!hdev_is_powered(hdev)) {
3109 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3111 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3116 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3117 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3118 ext_info_changed(hdev, sk);
3123 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3129 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3131 hci_req_init(&req, hdev);
3133 if (lmp_bredr_capable(hdev)) {
3134 __hci_req_update_name(&req);
3135 __hci_req_update_eir(&req);
3138 /* The name is stored in the scan response data and so
3139 * no need to udpate the advertising data here.
3141 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3142 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3144 err = hci_req_run(&req, set_name_complete);
3146 mgmt_pending_remove(cmd);
3149 hci_dev_unlock(hdev);
3153 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3156 struct mgmt_cp_set_appearance *cp = data;
3162 if (!lmp_le_capable(hdev))
3163 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3164 MGMT_STATUS_NOT_SUPPORTED);
3166 apperance = le16_to_cpu(cp->appearance);
3170 if (hdev->appearance != apperance) {
3171 hdev->appearance = apperance;
3173 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3174 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3176 ext_info_changed(hdev, sk);
3179 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3182 hci_dev_unlock(hdev);
3187 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3188 u16 opcode, struct sk_buff *skb)
3190 struct mgmt_rp_read_local_oob_data mgmt_rp;
3191 size_t rp_size = sizeof(mgmt_rp);
3192 struct mgmt_pending_cmd *cmd;
3194 BT_DBG("%s status %u", hdev->name, status);
3196 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3200 if (status || !skb) {
3201 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3202 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3206 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3208 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3209 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3211 if (skb->len < sizeof(*rp)) {
3212 mgmt_cmd_status(cmd->sk, hdev->id,
3213 MGMT_OP_READ_LOCAL_OOB_DATA,
3214 MGMT_STATUS_FAILED);
3218 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3219 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3221 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3223 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3225 if (skb->len < sizeof(*rp)) {
3226 mgmt_cmd_status(cmd->sk, hdev->id,
3227 MGMT_OP_READ_LOCAL_OOB_DATA,
3228 MGMT_STATUS_FAILED);
3232 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3233 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3235 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3236 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3239 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3240 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3243 mgmt_pending_remove(cmd);
3246 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3247 void *data, u16 data_len)
3249 struct mgmt_pending_cmd *cmd;
3250 struct hci_request req;
3253 BT_DBG("%s", hdev->name);
3257 if (!hdev_is_powered(hdev)) {
3258 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3259 MGMT_STATUS_NOT_POWERED);
3263 if (!lmp_ssp_capable(hdev)) {
3264 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3265 MGMT_STATUS_NOT_SUPPORTED);
3269 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3270 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3275 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3281 hci_req_init(&req, hdev);
3283 if (bredr_sc_enabled(hdev))
3284 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3286 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3288 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3290 mgmt_pending_remove(cmd);
3293 hci_dev_unlock(hdev);
3297 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3298 void *data, u16 len)
3300 struct mgmt_addr_info *addr = data;
3303 BT_DBG("%s ", hdev->name);
3305 if (!bdaddr_type_is_valid(addr->type))
3306 return mgmt_cmd_complete(sk, hdev->id,
3307 MGMT_OP_ADD_REMOTE_OOB_DATA,
3308 MGMT_STATUS_INVALID_PARAMS,
3309 addr, sizeof(*addr));
3313 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3314 struct mgmt_cp_add_remote_oob_data *cp = data;
3317 if (cp->addr.type != BDADDR_BREDR) {
3318 err = mgmt_cmd_complete(sk, hdev->id,
3319 MGMT_OP_ADD_REMOTE_OOB_DATA,
3320 MGMT_STATUS_INVALID_PARAMS,
3321 &cp->addr, sizeof(cp->addr));
3325 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3326 cp->addr.type, cp->hash,
3327 cp->rand, NULL, NULL);
3329 status = MGMT_STATUS_FAILED;
3331 status = MGMT_STATUS_SUCCESS;
3333 err = mgmt_cmd_complete(sk, hdev->id,
3334 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3335 &cp->addr, sizeof(cp->addr));
3336 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3337 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3338 u8 *rand192, *hash192, *rand256, *hash256;
3341 if (bdaddr_type_is_le(cp->addr.type)) {
3342 /* Enforce zero-valued 192-bit parameters as
3343 * long as legacy SMP OOB isn't implemented.
3345 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3346 memcmp(cp->hash192, ZERO_KEY, 16)) {
3347 err = mgmt_cmd_complete(sk, hdev->id,
3348 MGMT_OP_ADD_REMOTE_OOB_DATA,
3349 MGMT_STATUS_INVALID_PARAMS,
3350 addr, sizeof(*addr));
3357 /* In case one of the P-192 values is set to zero,
3358 * then just disable OOB data for P-192.
3360 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3361 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3365 rand192 = cp->rand192;
3366 hash192 = cp->hash192;
3370 /* In case one of the P-256 values is set to zero, then just
3371 * disable OOB data for P-256.
3373 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3374 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3378 rand256 = cp->rand256;
3379 hash256 = cp->hash256;
3382 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3383 cp->addr.type, hash192, rand192,
3386 status = MGMT_STATUS_FAILED;
3388 status = MGMT_STATUS_SUCCESS;
3390 err = mgmt_cmd_complete(sk, hdev->id,
3391 MGMT_OP_ADD_REMOTE_OOB_DATA,
3392 status, &cp->addr, sizeof(cp->addr));
3394 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
3396 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3397 MGMT_STATUS_INVALID_PARAMS);
3401 hci_dev_unlock(hdev);
3405 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3406 void *data, u16 len)
3408 struct mgmt_cp_remove_remote_oob_data *cp = data;
3412 BT_DBG("%s", hdev->name);
3414 if (cp->addr.type != BDADDR_BREDR)
3415 return mgmt_cmd_complete(sk, hdev->id,
3416 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3417 MGMT_STATUS_INVALID_PARAMS,
3418 &cp->addr, sizeof(cp->addr));
3422 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3423 hci_remote_oob_data_clear(hdev);
3424 status = MGMT_STATUS_SUCCESS;
3428 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3430 status = MGMT_STATUS_INVALID_PARAMS;
3432 status = MGMT_STATUS_SUCCESS;
3435 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3436 status, &cp->addr, sizeof(cp->addr));
3438 hci_dev_unlock(hdev);
3442 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3444 struct mgmt_pending_cmd *cmd;
3446 BT_DBG("status %d", status);
3450 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3452 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3455 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3458 cmd->cmd_complete(cmd, mgmt_status(status));
3459 mgmt_pending_remove(cmd);
3462 hci_dev_unlock(hdev);
3465 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3466 uint8_t *mgmt_status)
3469 case DISCOV_TYPE_LE:
3470 *mgmt_status = mgmt_le_support(hdev);
3474 case DISCOV_TYPE_INTERLEAVED:
3475 *mgmt_status = mgmt_le_support(hdev);
3478 /* Intentional fall-through */
3479 case DISCOV_TYPE_BREDR:
3480 *mgmt_status = mgmt_bredr_support(hdev);
3485 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3492 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3493 u16 op, void *data, u16 len)
3495 struct mgmt_cp_start_discovery *cp = data;
3496 struct mgmt_pending_cmd *cmd;
3500 BT_DBG("%s", hdev->name);
3504 if (!hdev_is_powered(hdev)) {
3505 err = mgmt_cmd_complete(sk, hdev->id, op,
3506 MGMT_STATUS_NOT_POWERED,
3507 &cp->type, sizeof(cp->type));
3511 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3512 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3513 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3514 &cp->type, sizeof(cp->type));
3518 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3519 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3520 &cp->type, sizeof(cp->type));
3524 /* Clear the discovery filter first to free any previously
3525 * allocated memory for the UUID list.
3527 hci_discovery_filter_clear(hdev);
3529 hdev->discovery.type = cp->type;
3530 hdev->discovery.report_invalid_rssi = false;
3531 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3532 hdev->discovery.limited = true;
3534 hdev->discovery.limited = false;
3536 cmd = mgmt_pending_add(sk, op, hdev, data, len);
3542 cmd->cmd_complete = generic_cmd_complete;
3544 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3545 queue_work(hdev->req_workqueue, &hdev->discov_update);
3549 hci_dev_unlock(hdev);
3553 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3554 void *data, u16 len)
3556 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3560 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3561 void *data, u16 len)
3563 return start_discovery_internal(sk, hdev,
3564 MGMT_OP_START_LIMITED_DISCOVERY,
3568 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3571 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3575 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3576 void *data, u16 len)
3578 struct mgmt_cp_start_service_discovery *cp = data;
3579 struct mgmt_pending_cmd *cmd;
3580 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3581 u16 uuid_count, expected_len;
3585 BT_DBG("%s", hdev->name);
3589 if (!hdev_is_powered(hdev)) {
3590 err = mgmt_cmd_complete(sk, hdev->id,
3591 MGMT_OP_START_SERVICE_DISCOVERY,
3592 MGMT_STATUS_NOT_POWERED,
3593 &cp->type, sizeof(cp->type));
3597 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3598 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3599 err = mgmt_cmd_complete(sk, hdev->id,
3600 MGMT_OP_START_SERVICE_DISCOVERY,
3601 MGMT_STATUS_BUSY, &cp->type,
3606 uuid_count = __le16_to_cpu(cp->uuid_count);
3607 if (uuid_count > max_uuid_count) {
3608 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
3610 err = mgmt_cmd_complete(sk, hdev->id,
3611 MGMT_OP_START_SERVICE_DISCOVERY,
3612 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3617 expected_len = sizeof(*cp) + uuid_count * 16;
3618 if (expected_len != len) {
3619 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
3621 err = mgmt_cmd_complete(sk, hdev->id,
3622 MGMT_OP_START_SERVICE_DISCOVERY,
3623 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3628 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3629 err = mgmt_cmd_complete(sk, hdev->id,
3630 MGMT_OP_START_SERVICE_DISCOVERY,
3631 status, &cp->type, sizeof(cp->type));
3635 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3642 cmd->cmd_complete = service_discovery_cmd_complete;
3644 /* Clear the discovery filter first to free any previously
3645 * allocated memory for the UUID list.
3647 hci_discovery_filter_clear(hdev);
3649 hdev->discovery.result_filtering = true;
3650 hdev->discovery.type = cp->type;
3651 hdev->discovery.rssi = cp->rssi;
3652 hdev->discovery.uuid_count = uuid_count;
3654 if (uuid_count > 0) {
3655 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3657 if (!hdev->discovery.uuids) {
3658 err = mgmt_cmd_complete(sk, hdev->id,
3659 MGMT_OP_START_SERVICE_DISCOVERY,
3661 &cp->type, sizeof(cp->type));
3662 mgmt_pending_remove(cmd);
3667 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3668 queue_work(hdev->req_workqueue, &hdev->discov_update);
3672 hci_dev_unlock(hdev);
3676 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
3678 struct mgmt_pending_cmd *cmd;
3680 BT_DBG("status %d", status);
3684 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3686 cmd->cmd_complete(cmd, mgmt_status(status));
3687 mgmt_pending_remove(cmd);
3690 hci_dev_unlock(hdev);
3693 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3696 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3697 struct mgmt_pending_cmd *cmd;
3700 BT_DBG("%s", hdev->name);
3704 if (!hci_discovery_active(hdev)) {
3705 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3706 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3707 sizeof(mgmt_cp->type));
3711 if (hdev->discovery.type != mgmt_cp->type) {
3712 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3713 MGMT_STATUS_INVALID_PARAMS,
3714 &mgmt_cp->type, sizeof(mgmt_cp->type));
3718 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
3724 cmd->cmd_complete = generic_cmd_complete;
3726 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3727 queue_work(hdev->req_workqueue, &hdev->discov_update);
3731 hci_dev_unlock(hdev);
3735 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3738 struct mgmt_cp_confirm_name *cp = data;
3739 struct inquiry_entry *e;
3742 BT_DBG("%s", hdev->name);
3746 if (!hci_discovery_active(hdev)) {
3747 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3748 MGMT_STATUS_FAILED, &cp->addr,
3753 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3755 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3756 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3761 if (cp->name_known) {
3762 e->name_state = NAME_KNOWN;
3765 e->name_state = NAME_NEEDED;
3766 hci_inquiry_cache_update_resolve(hdev, e);
3769 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3770 &cp->addr, sizeof(cp->addr));
3773 hci_dev_unlock(hdev);
3777 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3780 struct mgmt_cp_block_device *cp = data;
3784 BT_DBG("%s", hdev->name);
3786 if (!bdaddr_type_is_valid(cp->addr.type))
3787 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3788 MGMT_STATUS_INVALID_PARAMS,
3789 &cp->addr, sizeof(cp->addr));
3793 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3796 status = MGMT_STATUS_FAILED;
3800 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3802 status = MGMT_STATUS_SUCCESS;
3805 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3806 &cp->addr, sizeof(cp->addr));
3808 hci_dev_unlock(hdev);
3813 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3816 struct mgmt_cp_unblock_device *cp = data;
3820 BT_DBG("%s", hdev->name);
3822 if (!bdaddr_type_is_valid(cp->addr.type))
3823 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3824 MGMT_STATUS_INVALID_PARAMS,
3825 &cp->addr, sizeof(cp->addr));
3829 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3832 status = MGMT_STATUS_INVALID_PARAMS;
3836 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3838 status = MGMT_STATUS_SUCCESS;
3841 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3842 &cp->addr, sizeof(cp->addr));
3844 hci_dev_unlock(hdev);
3849 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3852 struct mgmt_cp_set_device_id *cp = data;
3853 struct hci_request req;
3857 BT_DBG("%s", hdev->name);
3859 source = __le16_to_cpu(cp->source);
3861 if (source > 0x0002)
3862 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3863 MGMT_STATUS_INVALID_PARAMS);
3867 hdev->devid_source = source;
3868 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3869 hdev->devid_product = __le16_to_cpu(cp->product);
3870 hdev->devid_version = __le16_to_cpu(cp->version);
3872 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3875 hci_req_init(&req, hdev);
3876 __hci_req_update_eir(&req);
3877 hci_req_run(&req, NULL);
3879 hci_dev_unlock(hdev);
3884 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3887 BT_DBG("status %d", status);
3890 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3893 struct cmd_lookup match = { NULL, hdev };
3894 struct hci_request req;
3896 struct adv_info *adv_instance;
3902 u8 mgmt_err = mgmt_status(status);
3904 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3905 cmd_status_rsp, &mgmt_err);
3909 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3910 hci_dev_set_flag(hdev, HCI_ADVERTISING);
3912 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
3914 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3917 new_settings(hdev, match.sk);
3922 /* If "Set Advertising" was just disabled and instance advertising was
3923 * set up earlier, then re-enable multi-instance advertising.
3925 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
3926 list_empty(&hdev->adv_instances))
3929 instance = hdev->cur_adv_instance;
3931 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3932 struct adv_info, list);
3936 instance = adv_instance->instance;
3939 hci_req_init(&req, hdev);
3941 err = __hci_req_schedule_adv_instance(&req, instance, true);
3944 err = hci_req_run(&req, enable_advertising_instance);
3947 bt_dev_err(hdev, "failed to re-configure advertising");
3950 hci_dev_unlock(hdev);
3953 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3956 struct mgmt_mode *cp = data;
3957 struct mgmt_pending_cmd *cmd;
3958 struct hci_request req;
3962 BT_DBG("request for %s", hdev->name);
3964 status = mgmt_le_support(hdev);
3966 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3969 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
3970 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3971 MGMT_STATUS_INVALID_PARAMS);
3977 /* The following conditions are ones which mean that we should
3978 * not do any HCI communication but directly send a mgmt
3979 * response to user space (after toggling the flag if
3982 if (!hdev_is_powered(hdev) ||
3983 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
3984 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
3985 hci_conn_num(hdev, LE_LINK) > 0 ||
3986 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
3987 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
3991 hdev->cur_adv_instance = 0x00;
3992 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
3993 if (cp->val == 0x02)
3994 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3996 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3998 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
3999 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4002 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4007 err = new_settings(hdev, sk);
4012 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4013 pending_find(MGMT_OP_SET_LE, hdev)) {
4014 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4019 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4025 hci_req_init(&req, hdev);
4027 if (cp->val == 0x02)
4028 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4030 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4032 cancel_adv_timeout(hdev);
4035 /* Switch to instance "0" for the Set Advertising setting.
4036 * We cannot use update_[adv|scan_rsp]_data() here as the
4037 * HCI_ADVERTISING flag is not yet set.
4039 hdev->cur_adv_instance = 0x00;
4040 __hci_req_update_adv_data(&req, 0x00);
4041 __hci_req_update_scan_rsp_data(&req, 0x00);
4042 __hci_req_enable_advertising(&req);
4044 __hci_req_disable_advertising(&req);
4047 err = hci_req_run(&req, set_advertising_complete);
4049 mgmt_pending_remove(cmd);
4052 hci_dev_unlock(hdev);
4056 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4057 void *data, u16 len)
4059 struct mgmt_cp_set_static_address *cp = data;
4062 BT_DBG("%s", hdev->name);
4064 if (!lmp_le_capable(hdev))
4065 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4066 MGMT_STATUS_NOT_SUPPORTED);
4068 if (hdev_is_powered(hdev))
4069 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4070 MGMT_STATUS_REJECTED);
4072 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4073 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4074 return mgmt_cmd_status(sk, hdev->id,
4075 MGMT_OP_SET_STATIC_ADDRESS,
4076 MGMT_STATUS_INVALID_PARAMS);
4078 /* Two most significant bits shall be set */
4079 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4080 return mgmt_cmd_status(sk, hdev->id,
4081 MGMT_OP_SET_STATIC_ADDRESS,
4082 MGMT_STATUS_INVALID_PARAMS);
4087 bacpy(&hdev->static_addr, &cp->bdaddr);
4089 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4093 err = new_settings(hdev, sk);
4096 hci_dev_unlock(hdev);
4100 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4101 void *data, u16 len)
4103 struct mgmt_cp_set_scan_params *cp = data;
4104 __u16 interval, window;
4107 BT_DBG("%s", hdev->name);
4109 if (!lmp_le_capable(hdev))
4110 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4111 MGMT_STATUS_NOT_SUPPORTED);
4113 interval = __le16_to_cpu(cp->interval);
4115 if (interval < 0x0004 || interval > 0x4000)
4116 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4117 MGMT_STATUS_INVALID_PARAMS);
4119 window = __le16_to_cpu(cp->window);
4121 if (window < 0x0004 || window > 0x4000)
4122 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4123 MGMT_STATUS_INVALID_PARAMS);
4125 if (window > interval)
4126 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4127 MGMT_STATUS_INVALID_PARAMS);
4131 hdev->le_scan_interval = interval;
4132 hdev->le_scan_window = window;
4134 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4137 /* If background scan is running, restart it so new parameters are
4140 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4141 hdev->discovery.state == DISCOVERY_STOPPED) {
4142 struct hci_request req;
4144 hci_req_init(&req, hdev);
4146 hci_req_add_le_scan_disable(&req);
4147 hci_req_add_le_passive_scan(&req);
4149 hci_req_run(&req, NULL);
4152 hci_dev_unlock(hdev);
4157 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4160 struct mgmt_pending_cmd *cmd;
4162 BT_DBG("status 0x%02x", status);
4166 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4171 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4172 mgmt_status(status));
4174 struct mgmt_mode *cp = cmd->param;
4177 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4179 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4181 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4182 new_settings(hdev, cmd->sk);
4185 mgmt_pending_remove(cmd);
4188 hci_dev_unlock(hdev);
4191 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4192 void *data, u16 len)
4194 struct mgmt_mode *cp = data;
4195 struct mgmt_pending_cmd *cmd;
4196 struct hci_request req;
4199 BT_DBG("%s", hdev->name);
4201 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4202 hdev->hci_ver < BLUETOOTH_VER_1_2)
4203 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4204 MGMT_STATUS_NOT_SUPPORTED);
4206 if (cp->val != 0x00 && cp->val != 0x01)
4207 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4208 MGMT_STATUS_INVALID_PARAMS);
4212 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4213 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4218 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4219 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4224 if (!hdev_is_powered(hdev)) {
4225 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4226 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4228 new_settings(hdev, sk);
4232 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4239 hci_req_init(&req, hdev);
4241 __hci_req_write_fast_connectable(&req, cp->val);
4243 err = hci_req_run(&req, fast_connectable_complete);
4245 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4246 MGMT_STATUS_FAILED);
4247 mgmt_pending_remove(cmd);
4251 hci_dev_unlock(hdev);
4256 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4258 struct mgmt_pending_cmd *cmd;
4260 BT_DBG("status 0x%02x", status);
4264 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4269 u8 mgmt_err = mgmt_status(status);
4271 /* We need to restore the flag if related HCI commands
4274 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4276 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4278 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4279 new_settings(hdev, cmd->sk);
4282 mgmt_pending_remove(cmd);
4285 hci_dev_unlock(hdev);
4288 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4290 struct mgmt_mode *cp = data;
4291 struct mgmt_pending_cmd *cmd;
4292 struct hci_request req;
4295 BT_DBG("request for %s", hdev->name);
4297 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4298 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4299 MGMT_STATUS_NOT_SUPPORTED);
4301 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4302 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4303 MGMT_STATUS_REJECTED);
4305 if (cp->val != 0x00 && cp->val != 0x01)
4306 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4307 MGMT_STATUS_INVALID_PARAMS);
4311 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4312 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4316 if (!hdev_is_powered(hdev)) {
4318 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4319 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4320 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4321 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4322 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4325 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4327 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4331 err = new_settings(hdev, sk);
4335 /* Reject disabling when powered on */
4337 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4338 MGMT_STATUS_REJECTED);
4341 /* When configuring a dual-mode controller to operate
4342 * with LE only and using a static address, then switching
4343 * BR/EDR back on is not allowed.
4345 * Dual-mode controllers shall operate with the public
4346 * address as its identity address for BR/EDR and LE. So
4347 * reject the attempt to create an invalid configuration.
4349 * The same restrictions applies when secure connections
4350 * has been enabled. For BR/EDR this is a controller feature
4351 * while for LE it is a host stack feature. This means that
4352 * switching BR/EDR back on when secure connections has been
4353 * enabled is not a supported transaction.
4355 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4356 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4357 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4358 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4359 MGMT_STATUS_REJECTED);
4364 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4365 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4370 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4376 /* We need to flip the bit already here so that
4377 * hci_req_update_adv_data generates the correct flags.
4379 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4381 hci_req_init(&req, hdev);
4383 __hci_req_write_fast_connectable(&req, false);
4384 __hci_req_update_scan(&req);
4386 /* Since only the advertising data flags will change, there
4387 * is no need to update the scan response data.
4389 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4391 err = hci_req_run(&req, set_bredr_complete);
4393 mgmt_pending_remove(cmd);
4396 hci_dev_unlock(hdev);
4400 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4402 struct mgmt_pending_cmd *cmd;
4403 struct mgmt_mode *cp;
4405 BT_DBG("%s status %u", hdev->name, status);
4409 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4414 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4415 mgmt_status(status));
4423 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4424 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4427 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4428 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4431 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4432 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4436 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4437 new_settings(hdev, cmd->sk);
4440 mgmt_pending_remove(cmd);
4442 hci_dev_unlock(hdev);
4445 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4446 void *data, u16 len)
4448 struct mgmt_mode *cp = data;
4449 struct mgmt_pending_cmd *cmd;
4450 struct hci_request req;
4454 BT_DBG("request for %s", hdev->name);
4456 if (!lmp_sc_capable(hdev) &&
4457 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4458 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4459 MGMT_STATUS_NOT_SUPPORTED);
4461 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4462 lmp_sc_capable(hdev) &&
4463 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4464 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4465 MGMT_STATUS_REJECTED);
4467 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4468 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4469 MGMT_STATUS_INVALID_PARAMS);
4473 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4474 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4478 changed = !hci_dev_test_and_set_flag(hdev,
4480 if (cp->val == 0x02)
4481 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4483 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4485 changed = hci_dev_test_and_clear_flag(hdev,
4487 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4490 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4495 err = new_settings(hdev, sk);
4500 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4501 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4508 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4509 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4510 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4514 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4520 hci_req_init(&req, hdev);
4521 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4522 err = hci_req_run(&req, sc_enable_complete);
4524 mgmt_pending_remove(cmd);
4529 hci_dev_unlock(hdev);
4533 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4534 void *data, u16 len)
4536 struct mgmt_mode *cp = data;
4537 bool changed, use_changed;
4540 BT_DBG("request for %s", hdev->name);
4542 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4543 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4544 MGMT_STATUS_INVALID_PARAMS);
4549 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4551 changed = hci_dev_test_and_clear_flag(hdev,
4552 HCI_KEEP_DEBUG_KEYS);
4554 if (cp->val == 0x02)
4555 use_changed = !hci_dev_test_and_set_flag(hdev,
4556 HCI_USE_DEBUG_KEYS);
4558 use_changed = hci_dev_test_and_clear_flag(hdev,
4559 HCI_USE_DEBUG_KEYS);
4561 if (hdev_is_powered(hdev) && use_changed &&
4562 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
4563 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4564 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4565 sizeof(mode), &mode);
4568 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4573 err = new_settings(hdev, sk);
4576 hci_dev_unlock(hdev);
4580 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4583 struct mgmt_cp_set_privacy *cp = cp_data;
4587 BT_DBG("request for %s", hdev->name);
4589 if (!lmp_le_capable(hdev))
4590 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4591 MGMT_STATUS_NOT_SUPPORTED);
4593 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
4594 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4595 MGMT_STATUS_INVALID_PARAMS);
4597 if (hdev_is_powered(hdev))
4598 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4599 MGMT_STATUS_REJECTED);
4603 /* If user space supports this command it is also expected to
4604 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4606 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4609 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
4610 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4611 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
4612 if (cp->privacy == 0x02)
4613 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4615 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4617 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
4618 memset(hdev->irk, 0, sizeof(hdev->irk));
4619 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
4620 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4623 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4628 err = new_settings(hdev, sk);
4631 hci_dev_unlock(hdev);
4635 static bool irk_is_valid(struct mgmt_irk_info *irk)
4637 switch (irk->addr.type) {
4638 case BDADDR_LE_PUBLIC:
4641 case BDADDR_LE_RANDOM:
4642 /* Two most significant bits shall be set */
4643 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4651 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4654 struct mgmt_cp_load_irks *cp = cp_data;
4655 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4656 sizeof(struct mgmt_irk_info));
4657 u16 irk_count, expected_len;
4660 BT_DBG("request for %s", hdev->name);
4662 if (!lmp_le_capable(hdev))
4663 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4664 MGMT_STATUS_NOT_SUPPORTED);
4666 irk_count = __le16_to_cpu(cp->irk_count);
4667 if (irk_count > max_irk_count) {
4668 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
4670 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4671 MGMT_STATUS_INVALID_PARAMS);
4674 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4675 if (expected_len != len) {
4676 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
4678 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4679 MGMT_STATUS_INVALID_PARAMS);
4682 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4684 for (i = 0; i < irk_count; i++) {
4685 struct mgmt_irk_info *key = &cp->irks[i];
4687 if (!irk_is_valid(key))
4688 return mgmt_cmd_status(sk, hdev->id,
4690 MGMT_STATUS_INVALID_PARAMS);
4695 hci_smp_irks_clear(hdev);
4697 for (i = 0; i < irk_count; i++) {
4698 struct mgmt_irk_info *irk = &cp->irks[i];
4700 hci_add_irk(hdev, &irk->addr.bdaddr,
4701 le_addr_type(irk->addr.type), irk->val,
4705 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4707 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4709 hci_dev_unlock(hdev);
4714 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4716 if (key->master != 0x00 && key->master != 0x01)
4719 switch (key->addr.type) {
4720 case BDADDR_LE_PUBLIC:
4723 case BDADDR_LE_RANDOM:
4724 /* Two most significant bits shall be set */
4725 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4733 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4734 void *cp_data, u16 len)
4736 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4737 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4738 sizeof(struct mgmt_ltk_info));
4739 u16 key_count, expected_len;
4742 BT_DBG("request for %s", hdev->name);
4744 if (!lmp_le_capable(hdev))
4745 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4746 MGMT_STATUS_NOT_SUPPORTED);
4748 key_count = __le16_to_cpu(cp->key_count);
4749 if (key_count > max_key_count) {
4750 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
4752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4753 MGMT_STATUS_INVALID_PARAMS);
4756 expected_len = sizeof(*cp) + key_count *
4757 sizeof(struct mgmt_ltk_info);
4758 if (expected_len != len) {
4759 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
4761 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4762 MGMT_STATUS_INVALID_PARAMS);
4765 BT_DBG("%s key_count %u", hdev->name, key_count);
4767 for (i = 0; i < key_count; i++) {
4768 struct mgmt_ltk_info *key = &cp->keys[i];
4770 if (!ltk_is_valid(key))
4771 return mgmt_cmd_status(sk, hdev->id,
4772 MGMT_OP_LOAD_LONG_TERM_KEYS,
4773 MGMT_STATUS_INVALID_PARAMS);
4778 hci_smp_ltks_clear(hdev);
4780 for (i = 0; i < key_count; i++) {
4781 struct mgmt_ltk_info *key = &cp->keys[i];
4782 u8 type, authenticated;
4784 switch (key->type) {
4785 case MGMT_LTK_UNAUTHENTICATED:
4786 authenticated = 0x00;
4787 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4789 case MGMT_LTK_AUTHENTICATED:
4790 authenticated = 0x01;
4791 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4793 case MGMT_LTK_P256_UNAUTH:
4794 authenticated = 0x00;
4795 type = SMP_LTK_P256;
4797 case MGMT_LTK_P256_AUTH:
4798 authenticated = 0x01;
4799 type = SMP_LTK_P256;
4801 case MGMT_LTK_P256_DEBUG:
4802 authenticated = 0x00;
4803 type = SMP_LTK_P256_DEBUG;
4809 hci_add_ltk(hdev, &key->addr.bdaddr,
4810 le_addr_type(key->addr.type), type, authenticated,
4811 key->val, key->enc_size, key->ediv, key->rand);
4814 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4817 hci_dev_unlock(hdev);
4822 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
4824 struct hci_conn *conn = cmd->user_data;
4825 struct mgmt_rp_get_conn_info rp;
4828 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
4830 if (status == MGMT_STATUS_SUCCESS) {
4831 rp.rssi = conn->rssi;
4832 rp.tx_power = conn->tx_power;
4833 rp.max_tx_power = conn->max_tx_power;
4835 rp.rssi = HCI_RSSI_INVALID;
4836 rp.tx_power = HCI_TX_POWER_INVALID;
4837 rp.max_tx_power = HCI_TX_POWER_INVALID;
4840 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4841 status, &rp, sizeof(rp));
4843 hci_conn_drop(conn);
4849 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4852 struct hci_cp_read_rssi *cp;
4853 struct mgmt_pending_cmd *cmd;
4854 struct hci_conn *conn;
4858 BT_DBG("status 0x%02x", hci_status);
4862 /* Commands sent in request are either Read RSSI or Read Transmit Power
4863 * Level so we check which one was last sent to retrieve connection
4864 * handle. Both commands have handle as first parameter so it's safe to
4865 * cast data on the same command struct.
4867 * First command sent is always Read RSSI and we fail only if it fails.
4868 * In other case we simply override error to indicate success as we
4869 * already remembered if TX power value is actually valid.
4871 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4873 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4874 status = MGMT_STATUS_SUCCESS;
4876 status = mgmt_status(hci_status);
4880 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
4884 handle = __le16_to_cpu(cp->handle);
4885 conn = hci_conn_hash_lookup_handle(hdev, handle);
4887 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
4892 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
4896 cmd->cmd_complete(cmd, status);
4897 mgmt_pending_remove(cmd);
4900 hci_dev_unlock(hdev);
4903 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4906 struct mgmt_cp_get_conn_info *cp = data;
4907 struct mgmt_rp_get_conn_info rp;
4908 struct hci_conn *conn;
4909 unsigned long conn_info_age;
4912 BT_DBG("%s", hdev->name);
4914 memset(&rp, 0, sizeof(rp));
4915 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4916 rp.addr.type = cp->addr.type;
4918 if (!bdaddr_type_is_valid(cp->addr.type))
4919 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4920 MGMT_STATUS_INVALID_PARAMS,
4925 if (!hdev_is_powered(hdev)) {
4926 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4927 MGMT_STATUS_NOT_POWERED, &rp,
4932 if (cp->addr.type == BDADDR_BREDR)
4933 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4936 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4938 if (!conn || conn->state != BT_CONNECTED) {
4939 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4940 MGMT_STATUS_NOT_CONNECTED, &rp,
4945 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
4946 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4947 MGMT_STATUS_BUSY, &rp, sizeof(rp));
4951 /* To avoid client trying to guess when to poll again for information we
4952 * calculate conn info age as random value between min/max set in hdev.
4954 conn_info_age = hdev->conn_info_min_age +
4955 prandom_u32_max(hdev->conn_info_max_age -
4956 hdev->conn_info_min_age);
4958 /* Query controller to refresh cached values if they are too old or were
4961 if (time_after(jiffies, conn->conn_info_timestamp +
4962 msecs_to_jiffies(conn_info_age)) ||
4963 !conn->conn_info_timestamp) {
4964 struct hci_request req;
4965 struct hci_cp_read_tx_power req_txp_cp;
4966 struct hci_cp_read_rssi req_rssi_cp;
4967 struct mgmt_pending_cmd *cmd;
4969 hci_req_init(&req, hdev);
4970 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4971 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4974 /* For LE links TX power does not change thus we don't need to
4975 * query for it once value is known.
4977 if (!bdaddr_type_is_le(cp->addr.type) ||
4978 conn->tx_power == HCI_TX_POWER_INVALID) {
4979 req_txp_cp.handle = cpu_to_le16(conn->handle);
4980 req_txp_cp.type = 0x00;
4981 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4982 sizeof(req_txp_cp), &req_txp_cp);
4985 /* Max TX power needs to be read only once per connection */
4986 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4987 req_txp_cp.handle = cpu_to_le16(conn->handle);
4988 req_txp_cp.type = 0x01;
4989 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4990 sizeof(req_txp_cp), &req_txp_cp);
4993 err = hci_req_run(&req, conn_info_refresh_complete);
4997 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5004 hci_conn_hold(conn);
5005 cmd->user_data = hci_conn_get(conn);
5006 cmd->cmd_complete = conn_info_cmd_complete;
5008 conn->conn_info_timestamp = jiffies;
5010 /* Cache is valid, just reply with values cached in hci_conn */
5011 rp.rssi = conn->rssi;
5012 rp.tx_power = conn->tx_power;
5013 rp.max_tx_power = conn->max_tx_power;
5015 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5016 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5020 hci_dev_unlock(hdev);
5024 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5026 struct hci_conn *conn = cmd->user_data;
5027 struct mgmt_rp_get_clock_info rp;
5028 struct hci_dev *hdev;
5031 memset(&rp, 0, sizeof(rp));
5032 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5037 hdev = hci_dev_get(cmd->index);
5039 rp.local_clock = cpu_to_le32(hdev->clock);
5044 rp.piconet_clock = cpu_to_le32(conn->clock);
5045 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5049 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5053 hci_conn_drop(conn);
5060 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5062 struct hci_cp_read_clock *hci_cp;
5063 struct mgmt_pending_cmd *cmd;
5064 struct hci_conn *conn;
5066 BT_DBG("%s status %u", hdev->name, status);
5070 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5074 if (hci_cp->which) {
5075 u16 handle = __le16_to_cpu(hci_cp->handle);
5076 conn = hci_conn_hash_lookup_handle(hdev, handle);
5081 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5085 cmd->cmd_complete(cmd, mgmt_status(status));
5086 mgmt_pending_remove(cmd);
5089 hci_dev_unlock(hdev);
5092 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5095 struct mgmt_cp_get_clock_info *cp = data;
5096 struct mgmt_rp_get_clock_info rp;
5097 struct hci_cp_read_clock hci_cp;
5098 struct mgmt_pending_cmd *cmd;
5099 struct hci_request req;
5100 struct hci_conn *conn;
5103 BT_DBG("%s", hdev->name);
5105 memset(&rp, 0, sizeof(rp));
5106 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5107 rp.addr.type = cp->addr.type;
5109 if (cp->addr.type != BDADDR_BREDR)
5110 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5111 MGMT_STATUS_INVALID_PARAMS,
5116 if (!hdev_is_powered(hdev)) {
5117 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5118 MGMT_STATUS_NOT_POWERED, &rp,
5123 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5124 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5126 if (!conn || conn->state != BT_CONNECTED) {
5127 err = mgmt_cmd_complete(sk, hdev->id,
5128 MGMT_OP_GET_CLOCK_INFO,
5129 MGMT_STATUS_NOT_CONNECTED,
5137 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5143 cmd->cmd_complete = clock_info_cmd_complete;
5145 hci_req_init(&req, hdev);
5147 memset(&hci_cp, 0, sizeof(hci_cp));
5148 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5151 hci_conn_hold(conn);
5152 cmd->user_data = hci_conn_get(conn);
5154 hci_cp.handle = cpu_to_le16(conn->handle);
5155 hci_cp.which = 0x01; /* Piconet clock */
5156 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5159 err = hci_req_run(&req, get_clock_info_complete);
5161 mgmt_pending_remove(cmd);
5164 hci_dev_unlock(hdev);
5168 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5170 struct hci_conn *conn;
5172 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5176 if (conn->dst_type != type)
5179 if (conn->state != BT_CONNECTED)
5185 /* This function requires the caller holds hdev->lock */
5186 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5187 u8 addr_type, u8 auto_connect)
5189 struct hci_conn_params *params;
5191 params = hci_conn_params_add(hdev, addr, addr_type);
5195 if (params->auto_connect == auto_connect)
5198 list_del_init(¶ms->action);
5200 switch (auto_connect) {
5201 case HCI_AUTO_CONN_DISABLED:
5202 case HCI_AUTO_CONN_LINK_LOSS:
5203 /* If auto connect is being disabled when we're trying to
5204 * connect to device, keep connecting.
5206 if (params->explicit_connect)
5207 list_add(¶ms->action, &hdev->pend_le_conns);
5209 case HCI_AUTO_CONN_REPORT:
5210 if (params->explicit_connect)
5211 list_add(¶ms->action, &hdev->pend_le_conns);
5213 list_add(¶ms->action, &hdev->pend_le_reports);
5215 case HCI_AUTO_CONN_DIRECT:
5216 case HCI_AUTO_CONN_ALWAYS:
5217 if (!is_connected(hdev, addr, addr_type))
5218 list_add(¶ms->action, &hdev->pend_le_conns);
5222 params->auto_connect = auto_connect;
5224 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5230 static void device_added(struct sock *sk, struct hci_dev *hdev,
5231 bdaddr_t *bdaddr, u8 type, u8 action)
5233 struct mgmt_ev_device_added ev;
5235 bacpy(&ev.addr.bdaddr, bdaddr);
5236 ev.addr.type = type;
5239 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5242 static int add_device(struct sock *sk, struct hci_dev *hdev,
5243 void *data, u16 len)
5245 struct mgmt_cp_add_device *cp = data;
5246 u8 auto_conn, addr_type;
5249 BT_DBG("%s", hdev->name);
5251 if (!bdaddr_type_is_valid(cp->addr.type) ||
5252 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5253 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5254 MGMT_STATUS_INVALID_PARAMS,
5255 &cp->addr, sizeof(cp->addr));
5257 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5258 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5259 MGMT_STATUS_INVALID_PARAMS,
5260 &cp->addr, sizeof(cp->addr));
5264 if (cp->addr.type == BDADDR_BREDR) {
5265 /* Only incoming connections action is supported for now */
5266 if (cp->action != 0x01) {
5267 err = mgmt_cmd_complete(sk, hdev->id,
5269 MGMT_STATUS_INVALID_PARAMS,
5270 &cp->addr, sizeof(cp->addr));
5274 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5279 hci_req_update_scan(hdev);
5284 addr_type = le_addr_type(cp->addr.type);
5286 if (cp->action == 0x02)
5287 auto_conn = HCI_AUTO_CONN_ALWAYS;
5288 else if (cp->action == 0x01)
5289 auto_conn = HCI_AUTO_CONN_DIRECT;
5291 auto_conn = HCI_AUTO_CONN_REPORT;
5293 /* Kernel internally uses conn_params with resolvable private
5294 * address, but Add Device allows only identity addresses.
5295 * Make sure it is enforced before calling
5296 * hci_conn_params_lookup.
5298 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5299 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5300 MGMT_STATUS_INVALID_PARAMS,
5301 &cp->addr, sizeof(cp->addr));
5305 /* If the connection parameters don't exist for this device,
5306 * they will be created and configured with defaults.
5308 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5310 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5311 MGMT_STATUS_FAILED, &cp->addr,
5316 hci_update_background_scan(hdev);
5319 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5321 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5322 MGMT_STATUS_SUCCESS, &cp->addr,
5326 hci_dev_unlock(hdev);
5330 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5331 bdaddr_t *bdaddr, u8 type)
5333 struct mgmt_ev_device_removed ev;
5335 bacpy(&ev.addr.bdaddr, bdaddr);
5336 ev.addr.type = type;
5338 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5341 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5342 void *data, u16 len)
5344 struct mgmt_cp_remove_device *cp = data;
5347 BT_DBG("%s", hdev->name);
5351 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5352 struct hci_conn_params *params;
5355 if (!bdaddr_type_is_valid(cp->addr.type)) {
5356 err = mgmt_cmd_complete(sk, hdev->id,
5357 MGMT_OP_REMOVE_DEVICE,
5358 MGMT_STATUS_INVALID_PARAMS,
5359 &cp->addr, sizeof(cp->addr));
5363 if (cp->addr.type == BDADDR_BREDR) {
5364 err = hci_bdaddr_list_del(&hdev->whitelist,
5368 err = mgmt_cmd_complete(sk, hdev->id,
5369 MGMT_OP_REMOVE_DEVICE,
5370 MGMT_STATUS_INVALID_PARAMS,
5376 hci_req_update_scan(hdev);
5378 device_removed(sk, hdev, &cp->addr.bdaddr,
5383 addr_type = le_addr_type(cp->addr.type);
5385 /* Kernel internally uses conn_params with resolvable private
5386 * address, but Remove Device allows only identity addresses.
5387 * Make sure it is enforced before calling
5388 * hci_conn_params_lookup.
5390 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5391 err = mgmt_cmd_complete(sk, hdev->id,
5392 MGMT_OP_REMOVE_DEVICE,
5393 MGMT_STATUS_INVALID_PARAMS,
5394 &cp->addr, sizeof(cp->addr));
5398 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5401 err = mgmt_cmd_complete(sk, hdev->id,
5402 MGMT_OP_REMOVE_DEVICE,
5403 MGMT_STATUS_INVALID_PARAMS,
5404 &cp->addr, sizeof(cp->addr));
5408 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5409 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5410 err = mgmt_cmd_complete(sk, hdev->id,
5411 MGMT_OP_REMOVE_DEVICE,
5412 MGMT_STATUS_INVALID_PARAMS,
5413 &cp->addr, sizeof(cp->addr));
5417 list_del(¶ms->action);
5418 list_del(¶ms->list);
5420 hci_update_background_scan(hdev);
5422 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5424 struct hci_conn_params *p, *tmp;
5425 struct bdaddr_list *b, *btmp;
5427 if (cp->addr.type) {
5428 err = mgmt_cmd_complete(sk, hdev->id,
5429 MGMT_OP_REMOVE_DEVICE,
5430 MGMT_STATUS_INVALID_PARAMS,
5431 &cp->addr, sizeof(cp->addr));
5435 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5436 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5441 hci_req_update_scan(hdev);
5443 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5444 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5446 device_removed(sk, hdev, &p->addr, p->addr_type);
5447 if (p->explicit_connect) {
5448 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5451 list_del(&p->action);
5456 BT_DBG("All LE connection parameters were removed");
5458 hci_update_background_scan(hdev);
5462 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5463 MGMT_STATUS_SUCCESS, &cp->addr,
5466 hci_dev_unlock(hdev);
5470 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5473 struct mgmt_cp_load_conn_param *cp = data;
5474 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5475 sizeof(struct mgmt_conn_param));
5476 u16 param_count, expected_len;
5479 if (!lmp_le_capable(hdev))
5480 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5481 MGMT_STATUS_NOT_SUPPORTED);
5483 param_count = __le16_to_cpu(cp->param_count);
5484 if (param_count > max_param_count) {
5485 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
5487 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5488 MGMT_STATUS_INVALID_PARAMS);
5491 expected_len = sizeof(*cp) + param_count *
5492 sizeof(struct mgmt_conn_param);
5493 if (expected_len != len) {
5494 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
5496 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5497 MGMT_STATUS_INVALID_PARAMS);
5500 BT_DBG("%s param_count %u", hdev->name, param_count);
5504 hci_conn_params_clear_disabled(hdev);
5506 for (i = 0; i < param_count; i++) {
5507 struct mgmt_conn_param *param = &cp->params[i];
5508 struct hci_conn_params *hci_param;
5509 u16 min, max, latency, timeout;
5512 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5515 if (param->addr.type == BDADDR_LE_PUBLIC) {
5516 addr_type = ADDR_LE_DEV_PUBLIC;
5517 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5518 addr_type = ADDR_LE_DEV_RANDOM;
5520 bt_dev_err(hdev, "ignoring invalid connection parameters");
5524 min = le16_to_cpu(param->min_interval);
5525 max = le16_to_cpu(param->max_interval);
5526 latency = le16_to_cpu(param->latency);
5527 timeout = le16_to_cpu(param->timeout);
5529 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5530 min, max, latency, timeout);
5532 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5533 bt_dev_err(hdev, "ignoring invalid connection parameters");
5537 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5540 bt_dev_err(hdev, "failed to add connection parameters");
5544 hci_param->conn_min_interval = min;
5545 hci_param->conn_max_interval = max;
5546 hci_param->conn_latency = latency;
5547 hci_param->supervision_timeout = timeout;
5550 hci_dev_unlock(hdev);
5552 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5556 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5557 void *data, u16 len)
5559 struct mgmt_cp_set_external_config *cp = data;
5563 BT_DBG("%s", hdev->name);
5565 if (hdev_is_powered(hdev))
5566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5567 MGMT_STATUS_REJECTED);
5569 if (cp->config != 0x00 && cp->config != 0x01)
5570 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5571 MGMT_STATUS_INVALID_PARAMS);
5573 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5574 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5575 MGMT_STATUS_NOT_SUPPORTED);
5580 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
5582 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
5584 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5591 err = new_options(hdev, sk);
5593 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
5594 mgmt_index_removed(hdev);
5596 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
5597 hci_dev_set_flag(hdev, HCI_CONFIG);
5598 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5600 queue_work(hdev->req_workqueue, &hdev->power_on);
5602 set_bit(HCI_RAW, &hdev->flags);
5603 mgmt_index_added(hdev);
5608 hci_dev_unlock(hdev);
5612 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5613 void *data, u16 len)
5615 struct mgmt_cp_set_public_address *cp = data;
5619 BT_DBG("%s", hdev->name);
5621 if (hdev_is_powered(hdev))
5622 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5623 MGMT_STATUS_REJECTED);
5625 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5626 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5627 MGMT_STATUS_INVALID_PARAMS);
5629 if (!hdev->set_bdaddr)
5630 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5631 MGMT_STATUS_NOT_SUPPORTED);
5635 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5636 bacpy(&hdev->public_addr, &cp->bdaddr);
5638 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5645 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
5646 err = new_options(hdev, sk);
5648 if (is_configured(hdev)) {
5649 mgmt_index_removed(hdev);
5651 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
5653 hci_dev_set_flag(hdev, HCI_CONFIG);
5654 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5656 queue_work(hdev->req_workqueue, &hdev->power_on);
5660 hci_dev_unlock(hdev);
5664 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5665 u16 opcode, struct sk_buff *skb)
5667 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5668 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5669 u8 *h192, *r192, *h256, *r256;
5670 struct mgmt_pending_cmd *cmd;
5674 BT_DBG("%s status %u", hdev->name, status);
5676 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5680 mgmt_cp = cmd->param;
5683 status = mgmt_status(status);
5690 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5691 struct hci_rp_read_local_oob_data *rp;
5693 if (skb->len != sizeof(*rp)) {
5694 status = MGMT_STATUS_FAILED;
5697 status = MGMT_STATUS_SUCCESS;
5698 rp = (void *)skb->data;
5700 eir_len = 5 + 18 + 18;
5707 struct hci_rp_read_local_oob_ext_data *rp;
5709 if (skb->len != sizeof(*rp)) {
5710 status = MGMT_STATUS_FAILED;
5713 status = MGMT_STATUS_SUCCESS;
5714 rp = (void *)skb->data;
5716 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5717 eir_len = 5 + 18 + 18;
5721 eir_len = 5 + 18 + 18 + 18 + 18;
5731 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5738 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5739 hdev->dev_class, 3);
5742 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5743 EIR_SSP_HASH_C192, h192, 16);
5744 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5745 EIR_SSP_RAND_R192, r192, 16);
5749 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5750 EIR_SSP_HASH_C256, h256, 16);
5751 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5752 EIR_SSP_RAND_R256, r256, 16);
5756 mgmt_rp->type = mgmt_cp->type;
5757 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5759 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5760 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5761 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5762 if (err < 0 || status)
5765 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5767 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5768 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5769 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5772 mgmt_pending_remove(cmd);
5775 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5776 struct mgmt_cp_read_local_oob_ext_data *cp)
5778 struct mgmt_pending_cmd *cmd;
5779 struct hci_request req;
5782 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5787 hci_req_init(&req, hdev);
5789 if (bredr_sc_enabled(hdev))
5790 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5792 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5794 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5796 mgmt_pending_remove(cmd);
5803 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5804 void *data, u16 data_len)
5806 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5807 struct mgmt_rp_read_local_oob_ext_data *rp;
5810 u8 status, flags, role, addr[7], hash[16], rand[16];
5813 BT_DBG("%s", hdev->name);
5815 if (hdev_is_powered(hdev)) {
5817 case BIT(BDADDR_BREDR):
5818 status = mgmt_bredr_support(hdev);
5824 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5825 status = mgmt_le_support(hdev);
5829 eir_len = 9 + 3 + 18 + 18 + 3;
5832 status = MGMT_STATUS_INVALID_PARAMS;
5837 status = MGMT_STATUS_NOT_POWERED;
5841 rp_len = sizeof(*rp) + eir_len;
5842 rp = kmalloc(rp_len, GFP_ATOMIC);
5853 case BIT(BDADDR_BREDR):
5854 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5855 err = read_local_ssp_oob_req(hdev, sk, cp);
5856 hci_dev_unlock(hdev);
5860 status = MGMT_STATUS_FAILED;
5863 eir_len = eir_append_data(rp->eir, eir_len,
5865 hdev->dev_class, 3);
5868 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5869 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5870 smp_generate_oob(hdev, hash, rand) < 0) {
5871 hci_dev_unlock(hdev);
5872 status = MGMT_STATUS_FAILED;
5876 /* This should return the active RPA, but since the RPA
5877 * is only programmed on demand, it is really hard to fill
5878 * this in at the moment. For now disallow retrieving
5879 * local out-of-band data when privacy is in use.
5881 * Returning the identity address will not help here since
5882 * pairing happens before the identity resolving key is
5883 * known and thus the connection establishment happens
5884 * based on the RPA and not the identity address.
5886 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
5887 hci_dev_unlock(hdev);
5888 status = MGMT_STATUS_REJECTED;
5892 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
5893 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
5894 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5895 bacmp(&hdev->static_addr, BDADDR_ANY))) {
5896 memcpy(addr, &hdev->static_addr, 6);
5899 memcpy(addr, &hdev->bdaddr, 6);
5903 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
5904 addr, sizeof(addr));
5906 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
5911 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
5912 &role, sizeof(role));
5914 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
5915 eir_len = eir_append_data(rp->eir, eir_len,
5917 hash, sizeof(hash));
5919 eir_len = eir_append_data(rp->eir, eir_len,
5921 rand, sizeof(rand));
5924 flags = mgmt_get_adv_discov_flags(hdev);
5926 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5927 flags |= LE_AD_NO_BREDR;
5929 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
5930 &flags, sizeof(flags));
5934 hci_dev_unlock(hdev);
5936 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
5938 status = MGMT_STATUS_SUCCESS;
5941 rp->type = cp->type;
5942 rp->eir_len = cpu_to_le16(eir_len);
5944 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
5945 status, rp, sizeof(*rp) + eir_len);
5946 if (err < 0 || status)
5949 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5950 rp, sizeof(*rp) + eir_len,
5951 HCI_MGMT_OOB_DATA_EVENTS, sk);
5959 static u32 get_supported_adv_flags(struct hci_dev *hdev)
5963 flags |= MGMT_ADV_FLAG_CONNECTABLE;
5964 flags |= MGMT_ADV_FLAG_DISCOV;
5965 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
5966 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
5967 flags |= MGMT_ADV_FLAG_APPEARANCE;
5968 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
5970 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
5971 flags |= MGMT_ADV_FLAG_TX_POWER;
5976 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
5977 void *data, u16 data_len)
5979 struct mgmt_rp_read_adv_features *rp;
5982 struct adv_info *adv_instance;
5983 u32 supported_flags;
5986 BT_DBG("%s", hdev->name);
5988 if (!lmp_le_capable(hdev))
5989 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5990 MGMT_STATUS_REJECTED);
5994 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
5995 rp = kmalloc(rp_len, GFP_ATOMIC);
5997 hci_dev_unlock(hdev);
6001 supported_flags = get_supported_adv_flags(hdev);
6003 rp->supported_flags = cpu_to_le32(supported_flags);
6004 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6005 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6006 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6007 rp->num_instances = hdev->adv_instance_cnt;
6009 instance = rp->instance;
6010 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6011 *instance = adv_instance->instance;
6015 hci_dev_unlock(hdev);
6017 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6018 MGMT_STATUS_SUCCESS, rp, rp_len);
6025 static u8 calculate_name_len(struct hci_dev *hdev)
6027 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6029 return append_local_name(hdev, buf, 0);
6032 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6035 u8 max_len = HCI_MAX_AD_LENGTH;
6038 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6039 MGMT_ADV_FLAG_LIMITED_DISCOV |
6040 MGMT_ADV_FLAG_MANAGED_FLAGS))
6043 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6046 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6047 max_len -= calculate_name_len(hdev);
6049 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6056 static bool flags_managed(u32 adv_flags)
6058 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6059 MGMT_ADV_FLAG_LIMITED_DISCOV |
6060 MGMT_ADV_FLAG_MANAGED_FLAGS);
6063 static bool tx_power_managed(u32 adv_flags)
6065 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6068 static bool name_managed(u32 adv_flags)
6070 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6073 static bool appearance_managed(u32 adv_flags)
6075 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6078 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6079 u8 len, bool is_adv_data)
6084 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
6089 /* Make sure that the data is correctly formatted. */
6090 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6093 if (data[i + 1] == EIR_FLAGS &&
6094 (!is_adv_data || flags_managed(adv_flags)))
6097 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6100 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6103 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6106 if (data[i + 1] == EIR_APPEARANCE &&
6107 appearance_managed(adv_flags))
6110 /* If the current field length would exceed the total data
6111 * length, then it's invalid.
6113 if (i + cur_len >= len)
6120 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6123 struct mgmt_pending_cmd *cmd;
6124 struct mgmt_cp_add_advertising *cp;
6125 struct mgmt_rp_add_advertising rp;
6126 struct adv_info *adv_instance, *n;
6129 BT_DBG("status %d", status);
6133 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6135 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6136 if (!adv_instance->pending)
6140 adv_instance->pending = false;
6144 instance = adv_instance->instance;
6146 if (hdev->cur_adv_instance == instance)
6147 cancel_adv_timeout(hdev);
6149 hci_remove_adv_instance(hdev, instance);
6150 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6157 rp.instance = cp->instance;
6160 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6161 mgmt_status(status));
6163 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6164 mgmt_status(status), &rp, sizeof(rp));
6166 mgmt_pending_remove(cmd);
6169 hci_dev_unlock(hdev);
6172 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6173 void *data, u16 data_len)
6175 struct mgmt_cp_add_advertising *cp = data;
6176 struct mgmt_rp_add_advertising rp;
6178 u32 supported_flags;
6180 u16 timeout, duration;
6181 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6182 u8 schedule_instance = 0;
6183 struct adv_info *next_instance;
6185 struct mgmt_pending_cmd *cmd;
6186 struct hci_request req;
6188 BT_DBG("%s", hdev->name);
6190 status = mgmt_le_support(hdev);
6192 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6195 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6196 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6197 MGMT_STATUS_INVALID_PARAMS);
6199 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6200 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6201 MGMT_STATUS_INVALID_PARAMS);
6203 flags = __le32_to_cpu(cp->flags);
6204 timeout = __le16_to_cpu(cp->timeout);
6205 duration = __le16_to_cpu(cp->duration);
6207 /* The current implementation only supports a subset of the specified
6210 supported_flags = get_supported_adv_flags(hdev);
6211 if (flags & ~supported_flags)
6212 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6213 MGMT_STATUS_INVALID_PARAMS);
6217 if (timeout && !hdev_is_powered(hdev)) {
6218 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6219 MGMT_STATUS_REJECTED);
6223 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6224 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6225 pending_find(MGMT_OP_SET_LE, hdev)) {
6226 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6231 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6232 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6233 cp->scan_rsp_len, false)) {
6234 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6235 MGMT_STATUS_INVALID_PARAMS);
6239 err = hci_add_adv_instance(hdev, cp->instance, flags,
6240 cp->adv_data_len, cp->data,
6242 cp->data + cp->adv_data_len,
6245 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6246 MGMT_STATUS_FAILED);
6250 /* Only trigger an advertising added event if a new instance was
6253 if (hdev->adv_instance_cnt > prev_instance_cnt)
6254 mgmt_advertising_added(sk, hdev, cp->instance);
6256 if (hdev->cur_adv_instance == cp->instance) {
6257 /* If the currently advertised instance is being changed then
6258 * cancel the current advertising and schedule the next
6259 * instance. If there is only one instance then the overridden
6260 * advertising data will be visible right away.
6262 cancel_adv_timeout(hdev);
6264 next_instance = hci_get_next_instance(hdev, cp->instance);
6266 schedule_instance = next_instance->instance;
6267 } else if (!hdev->adv_instance_timeout) {
6268 /* Immediately advertise the new instance if no other
6269 * instance is currently being advertised.
6271 schedule_instance = cp->instance;
6274 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6275 * there is no instance to be advertised then we have no HCI
6276 * communication to make. Simply return.
6278 if (!hdev_is_powered(hdev) ||
6279 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6280 !schedule_instance) {
6281 rp.instance = cp->instance;
6282 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6283 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6287 /* We're good to go, update advertising data, parameters, and start
6290 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6297 hci_req_init(&req, hdev);
6299 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6302 err = hci_req_run(&req, add_advertising_complete);
6305 mgmt_pending_remove(cmd);
6308 hci_dev_unlock(hdev);
6313 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6316 struct mgmt_pending_cmd *cmd;
6317 struct mgmt_cp_remove_advertising *cp;
6318 struct mgmt_rp_remove_advertising rp;
6320 BT_DBG("status %d", status);
6324 /* A failure status here only means that we failed to disable
6325 * advertising. Otherwise, the advertising instance has been removed,
6326 * so report success.
6328 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6333 rp.instance = cp->instance;
6335 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6337 mgmt_pending_remove(cmd);
6340 hci_dev_unlock(hdev);
6343 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6344 void *data, u16 data_len)
6346 struct mgmt_cp_remove_advertising *cp = data;
6347 struct mgmt_rp_remove_advertising rp;
6348 struct mgmt_pending_cmd *cmd;
6349 struct hci_request req;
6352 BT_DBG("%s", hdev->name);
6356 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6357 err = mgmt_cmd_status(sk, hdev->id,
6358 MGMT_OP_REMOVE_ADVERTISING,
6359 MGMT_STATUS_INVALID_PARAMS);
6363 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6364 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6365 pending_find(MGMT_OP_SET_LE, hdev)) {
6366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6371 if (list_empty(&hdev->adv_instances)) {
6372 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6373 MGMT_STATUS_INVALID_PARAMS);
6377 hci_req_init(&req, hdev);
6379 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6381 if (list_empty(&hdev->adv_instances))
6382 __hci_req_disable_advertising(&req);
6384 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6385 * flag is set or the device isn't powered then we have no HCI
6386 * communication to make. Simply return.
6388 if (skb_queue_empty(&req.cmd_q) ||
6389 !hdev_is_powered(hdev) ||
6390 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6391 hci_req_purge(&req);
6392 rp.instance = cp->instance;
6393 err = mgmt_cmd_complete(sk, hdev->id,
6394 MGMT_OP_REMOVE_ADVERTISING,
6395 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6399 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6406 err = hci_req_run(&req, remove_advertising_complete);
6408 mgmt_pending_remove(cmd);
6411 hci_dev_unlock(hdev);
6416 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6417 void *data, u16 data_len)
6419 struct mgmt_cp_get_adv_size_info *cp = data;
6420 struct mgmt_rp_get_adv_size_info rp;
6421 u32 flags, supported_flags;
6424 BT_DBG("%s", hdev->name);
6426 if (!lmp_le_capable(hdev))
6427 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6428 MGMT_STATUS_REJECTED);
6430 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6431 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6432 MGMT_STATUS_INVALID_PARAMS);
6434 flags = __le32_to_cpu(cp->flags);
6436 /* The current implementation only supports a subset of the specified
6439 supported_flags = get_supported_adv_flags(hdev);
6440 if (flags & ~supported_flags)
6441 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6442 MGMT_STATUS_INVALID_PARAMS);
6444 rp.instance = cp->instance;
6445 rp.flags = cp->flags;
6446 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
6447 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
6449 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6450 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6455 static const struct hci_mgmt_handler mgmt_handlers[] = {
6456 { NULL }, /* 0x0000 (no command) */
6457 { read_version, MGMT_READ_VERSION_SIZE,
6459 HCI_MGMT_UNTRUSTED },
6460 { read_commands, MGMT_READ_COMMANDS_SIZE,
6462 HCI_MGMT_UNTRUSTED },
6463 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6465 HCI_MGMT_UNTRUSTED },
6466 { read_controller_info, MGMT_READ_INFO_SIZE,
6467 HCI_MGMT_UNTRUSTED },
6468 { set_powered, MGMT_SETTING_SIZE },
6469 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6470 { set_connectable, MGMT_SETTING_SIZE },
6471 { set_fast_connectable, MGMT_SETTING_SIZE },
6472 { set_bondable, MGMT_SETTING_SIZE },
6473 { set_link_security, MGMT_SETTING_SIZE },
6474 { set_ssp, MGMT_SETTING_SIZE },
6475 { set_hs, MGMT_SETTING_SIZE },
6476 { set_le, MGMT_SETTING_SIZE },
6477 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6478 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6479 { add_uuid, MGMT_ADD_UUID_SIZE },
6480 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6481 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6483 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6485 { disconnect, MGMT_DISCONNECT_SIZE },
6486 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6487 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6488 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6489 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6490 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6491 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6492 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6493 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6494 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6495 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6496 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6497 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6498 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6500 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6501 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6502 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6503 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6504 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6505 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6506 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6507 { set_advertising, MGMT_SETTING_SIZE },
6508 { set_bredr, MGMT_SETTING_SIZE },
6509 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6510 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6511 { set_secure_conn, MGMT_SETTING_SIZE },
6512 { set_debug_keys, MGMT_SETTING_SIZE },
6513 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6514 { load_irks, MGMT_LOAD_IRKS_SIZE,
6516 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6517 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6518 { add_device, MGMT_ADD_DEVICE_SIZE },
6519 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6520 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6522 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6524 HCI_MGMT_UNTRUSTED },
6525 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6526 HCI_MGMT_UNCONFIGURED |
6527 HCI_MGMT_UNTRUSTED },
6528 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6529 HCI_MGMT_UNCONFIGURED },
6530 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6531 HCI_MGMT_UNCONFIGURED },
6532 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6534 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6535 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6537 HCI_MGMT_UNTRUSTED },
6538 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6539 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6541 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6542 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
6543 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
6544 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6545 HCI_MGMT_UNTRUSTED },
6546 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6549 void mgmt_index_added(struct hci_dev *hdev)
6551 struct mgmt_ev_ext_index ev;
6553 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6556 switch (hdev->dev_type) {
6558 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6559 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6560 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6563 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6564 HCI_MGMT_INDEX_EVENTS);
6577 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6578 HCI_MGMT_EXT_INDEX_EVENTS);
6581 void mgmt_index_removed(struct hci_dev *hdev)
6583 struct mgmt_ev_ext_index ev;
6584 u8 status = MGMT_STATUS_INVALID_INDEX;
6586 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6589 switch (hdev->dev_type) {
6591 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6593 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6594 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6595 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6598 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6599 HCI_MGMT_INDEX_EVENTS);
6612 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6613 HCI_MGMT_EXT_INDEX_EVENTS);
6616 /* This function requires the caller holds hdev->lock */
6617 static void restart_le_actions(struct hci_dev *hdev)
6619 struct hci_conn_params *p;
6621 list_for_each_entry(p, &hdev->le_conn_params, list) {
6622 /* Needed for AUTO_OFF case where might not "really"
6623 * have been powered off.
6625 list_del_init(&p->action);
6627 switch (p->auto_connect) {
6628 case HCI_AUTO_CONN_DIRECT:
6629 case HCI_AUTO_CONN_ALWAYS:
6630 list_add(&p->action, &hdev->pend_le_conns);
6632 case HCI_AUTO_CONN_REPORT:
6633 list_add(&p->action, &hdev->pend_le_reports);
6641 void mgmt_power_on(struct hci_dev *hdev, int err)
6643 struct cmd_lookup match = { NULL, hdev };
6645 BT_DBG("err %d", err);
6650 restart_le_actions(hdev);
6651 hci_update_background_scan(hdev);
6654 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6656 new_settings(hdev, match.sk);
6661 hci_dev_unlock(hdev);
6664 void __mgmt_power_off(struct hci_dev *hdev)
6666 struct cmd_lookup match = { NULL, hdev };
6667 u8 status, zero_cod[] = { 0, 0, 0 };
6669 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6671 /* If the power off is because of hdev unregistration let
6672 * use the appropriate INVALID_INDEX status. Otherwise use
6673 * NOT_POWERED. We cover both scenarios here since later in
6674 * mgmt_index_removed() any hci_conn callbacks will have already
6675 * been triggered, potentially causing misleading DISCONNECTED
6678 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
6679 status = MGMT_STATUS_INVALID_INDEX;
6681 status = MGMT_STATUS_NOT_POWERED;
6683 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6685 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
6686 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6687 zero_cod, sizeof(zero_cod),
6688 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
6689 ext_info_changed(hdev, NULL);
6692 new_settings(hdev, match.sk);
6698 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
6700 struct mgmt_pending_cmd *cmd;
6703 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6707 if (err == -ERFKILL)
6708 status = MGMT_STATUS_RFKILLED;
6710 status = MGMT_STATUS_FAILED;
6712 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
6714 mgmt_pending_remove(cmd);
6717 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6720 struct mgmt_ev_new_link_key ev;
6722 memset(&ev, 0, sizeof(ev));
6724 ev.store_hint = persistent;
6725 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6726 ev.key.addr.type = BDADDR_BREDR;
6727 ev.key.type = key->type;
6728 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6729 ev.key.pin_len = key->pin_len;
6731 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6734 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6736 switch (ltk->type) {
6739 if (ltk->authenticated)
6740 return MGMT_LTK_AUTHENTICATED;
6741 return MGMT_LTK_UNAUTHENTICATED;
6743 if (ltk->authenticated)
6744 return MGMT_LTK_P256_AUTH;
6745 return MGMT_LTK_P256_UNAUTH;
6746 case SMP_LTK_P256_DEBUG:
6747 return MGMT_LTK_P256_DEBUG;
6750 return MGMT_LTK_UNAUTHENTICATED;
6753 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6755 struct mgmt_ev_new_long_term_key ev;
6757 memset(&ev, 0, sizeof(ev));
6759 /* Devices using resolvable or non-resolvable random addresses
6760 * without providing an identity resolving key don't require
6761 * to store long term keys. Their addresses will change the
6764 * Only when a remote device provides an identity address
6765 * make sure the long term key is stored. If the remote
6766 * identity is known, the long term keys are internally
6767 * mapped to the identity address. So allow static random
6768 * and public addresses here.
6770 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6771 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6772 ev.store_hint = 0x00;
6774 ev.store_hint = persistent;
6776 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6777 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6778 ev.key.type = mgmt_ltk_type(key);
6779 ev.key.enc_size = key->enc_size;
6780 ev.key.ediv = key->ediv;
6781 ev.key.rand = key->rand;
6783 if (key->type == SMP_LTK)
6786 /* Make sure we copy only the significant bytes based on the
6787 * encryption key size, and set the rest of the value to zeroes.
6789 memcpy(ev.key.val, key->val, key->enc_size);
6790 memset(ev.key.val + key->enc_size, 0,
6791 sizeof(ev.key.val) - key->enc_size);
6793 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6796 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
6798 struct mgmt_ev_new_irk ev;
6800 memset(&ev, 0, sizeof(ev));
6802 ev.store_hint = persistent;
6804 bacpy(&ev.rpa, &irk->rpa);
6805 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6806 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6807 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6809 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6812 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6815 struct mgmt_ev_new_csrk ev;
6817 memset(&ev, 0, sizeof(ev));
6819 /* Devices using resolvable or non-resolvable random addresses
6820 * without providing an identity resolving key don't require
6821 * to store signature resolving keys. Their addresses will change
6822 * the next time around.
6824 * Only when a remote device provides an identity address
6825 * make sure the signature resolving key is stored. So allow
6826 * static random and public addresses here.
6828 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6829 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6830 ev.store_hint = 0x00;
6832 ev.store_hint = persistent;
6834 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6835 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6836 ev.key.type = csrk->type;
6837 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6839 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6842 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6843 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6844 u16 max_interval, u16 latency, u16 timeout)
6846 struct mgmt_ev_new_conn_param ev;
6848 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6851 memset(&ev, 0, sizeof(ev));
6852 bacpy(&ev.addr.bdaddr, bdaddr);
6853 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6854 ev.store_hint = store_hint;
6855 ev.min_interval = cpu_to_le16(min_interval);
6856 ev.max_interval = cpu_to_le16(max_interval);
6857 ev.latency = cpu_to_le16(latency);
6858 ev.timeout = cpu_to_le16(timeout);
6860 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6863 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6864 u32 flags, u8 *name, u8 name_len)
6867 struct mgmt_ev_device_connected *ev = (void *) buf;
6870 bacpy(&ev->addr.bdaddr, &conn->dst);
6871 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6873 ev->flags = __cpu_to_le32(flags);
6875 /* We must ensure that the EIR Data fields are ordered and
6876 * unique. Keep it simple for now and avoid the problem by not
6877 * adding any BR/EDR data to the LE adv.
6879 if (conn->le_adv_data_len > 0) {
6880 memcpy(&ev->eir[eir_len],
6881 conn->le_adv_data, conn->le_adv_data_len);
6882 eir_len = conn->le_adv_data_len;
6885 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6888 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
6889 eir_len = eir_append_data(ev->eir, eir_len,
6891 conn->dev_class, 3);
6894 ev->eir_len = cpu_to_le16(eir_len);
6896 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6897 sizeof(*ev) + eir_len, NULL);
6900 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
6902 struct sock **sk = data;
6904 cmd->cmd_complete(cmd, 0);
6909 mgmt_pending_remove(cmd);
6912 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
6914 struct hci_dev *hdev = data;
6915 struct mgmt_cp_unpair_device *cp = cmd->param;
6917 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6919 cmd->cmd_complete(cmd, 0);
6920 mgmt_pending_remove(cmd);
6923 bool mgmt_powering_down(struct hci_dev *hdev)
6925 struct mgmt_pending_cmd *cmd;
6926 struct mgmt_mode *cp;
6928 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6939 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6940 u8 link_type, u8 addr_type, u8 reason,
6941 bool mgmt_connected)
6943 struct mgmt_ev_device_disconnected ev;
6944 struct sock *sk = NULL;
6946 /* The connection is still in hci_conn_hash so test for 1
6947 * instead of 0 to know if this is the last one.
6949 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6950 cancel_delayed_work(&hdev->power_off);
6951 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6954 if (!mgmt_connected)
6957 if (link_type != ACL_LINK && link_type != LE_LINK)
6960 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6962 bacpy(&ev.addr.bdaddr, bdaddr);
6963 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6966 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6971 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6975 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6976 u8 link_type, u8 addr_type, u8 status)
6978 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6979 struct mgmt_cp_disconnect *cp;
6980 struct mgmt_pending_cmd *cmd;
6982 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6985 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
6991 if (bacmp(bdaddr, &cp->addr.bdaddr))
6994 if (cp->addr.type != bdaddr_type)
6997 cmd->cmd_complete(cmd, mgmt_status(status));
6998 mgmt_pending_remove(cmd);
7001 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7002 u8 addr_type, u8 status)
7004 struct mgmt_ev_connect_failed ev;
7006 /* The connection is still in hci_conn_hash so test for 1
7007 * instead of 0 to know if this is the last one.
7009 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7010 cancel_delayed_work(&hdev->power_off);
7011 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7014 bacpy(&ev.addr.bdaddr, bdaddr);
7015 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7016 ev.status = mgmt_status(status);
7018 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7021 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7023 struct mgmt_ev_pin_code_request ev;
7025 bacpy(&ev.addr.bdaddr, bdaddr);
7026 ev.addr.type = BDADDR_BREDR;
7029 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7032 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7035 struct mgmt_pending_cmd *cmd;
7037 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7041 cmd->cmd_complete(cmd, mgmt_status(status));
7042 mgmt_pending_remove(cmd);
7045 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7048 struct mgmt_pending_cmd *cmd;
7050 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7054 cmd->cmd_complete(cmd, mgmt_status(status));
7055 mgmt_pending_remove(cmd);
7058 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7059 u8 link_type, u8 addr_type, u32 value,
7062 struct mgmt_ev_user_confirm_request ev;
7064 BT_DBG("%s", hdev->name);
7066 bacpy(&ev.addr.bdaddr, bdaddr);
7067 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7068 ev.confirm_hint = confirm_hint;
7069 ev.value = cpu_to_le32(value);
7071 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7075 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7076 u8 link_type, u8 addr_type)
7078 struct mgmt_ev_user_passkey_request ev;
7080 BT_DBG("%s", hdev->name);
7082 bacpy(&ev.addr.bdaddr, bdaddr);
7083 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7085 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7089 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7090 u8 link_type, u8 addr_type, u8 status,
7093 struct mgmt_pending_cmd *cmd;
7095 cmd = pending_find(opcode, hdev);
7099 cmd->cmd_complete(cmd, mgmt_status(status));
7100 mgmt_pending_remove(cmd);
7105 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7106 u8 link_type, u8 addr_type, u8 status)
7108 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7109 status, MGMT_OP_USER_CONFIRM_REPLY);
7112 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7113 u8 link_type, u8 addr_type, u8 status)
7115 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7117 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7120 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7121 u8 link_type, u8 addr_type, u8 status)
7123 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7124 status, MGMT_OP_USER_PASSKEY_REPLY);
7127 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7128 u8 link_type, u8 addr_type, u8 status)
7130 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7132 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7135 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7136 u8 link_type, u8 addr_type, u32 passkey,
7139 struct mgmt_ev_passkey_notify ev;
7141 BT_DBG("%s", hdev->name);
7143 bacpy(&ev.addr.bdaddr, bdaddr);
7144 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7145 ev.passkey = __cpu_to_le32(passkey);
7146 ev.entered = entered;
7148 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7151 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7153 struct mgmt_ev_auth_failed ev;
7154 struct mgmt_pending_cmd *cmd;
7155 u8 status = mgmt_status(hci_status);
7157 bacpy(&ev.addr.bdaddr, &conn->dst);
7158 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7161 cmd = find_pairing(conn);
7163 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7164 cmd ? cmd->sk : NULL);
7167 cmd->cmd_complete(cmd, status);
7168 mgmt_pending_remove(cmd);
7172 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7174 struct cmd_lookup match = { NULL, hdev };
7178 u8 mgmt_err = mgmt_status(status);
7179 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7180 cmd_status_rsp, &mgmt_err);
7184 if (test_bit(HCI_AUTH, &hdev->flags))
7185 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7187 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7189 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7193 new_settings(hdev, match.sk);
7199 static void clear_eir(struct hci_request *req)
7201 struct hci_dev *hdev = req->hdev;
7202 struct hci_cp_write_eir cp;
7204 if (!lmp_ext_inq_capable(hdev))
7207 memset(hdev->eir, 0, sizeof(hdev->eir));
7209 memset(&cp, 0, sizeof(cp));
7211 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7214 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7216 struct cmd_lookup match = { NULL, hdev };
7217 struct hci_request req;
7218 bool changed = false;
7221 u8 mgmt_err = mgmt_status(status);
7223 if (enable && hci_dev_test_and_clear_flag(hdev,
7225 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7226 new_settings(hdev, NULL);
7229 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7235 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7237 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7239 changed = hci_dev_test_and_clear_flag(hdev,
7242 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7245 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7248 new_settings(hdev, match.sk);
7253 hci_req_init(&req, hdev);
7255 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7256 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7257 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7258 sizeof(enable), &enable);
7259 __hci_req_update_eir(&req);
7264 hci_req_run(&req, NULL);
7267 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7269 struct cmd_lookup *match = data;
7271 if (match->sk == NULL) {
7272 match->sk = cmd->sk;
7273 sock_hold(match->sk);
7277 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7280 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7282 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7283 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7284 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7287 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7288 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7289 ext_info_changed(hdev, NULL);
7296 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7298 struct mgmt_cp_set_local_name ev;
7299 struct mgmt_pending_cmd *cmd;
7304 memset(&ev, 0, sizeof(ev));
7305 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7306 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7308 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7310 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7312 /* If this is a HCI command related to powering on the
7313 * HCI dev don't send any mgmt signals.
7315 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7319 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7320 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7321 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7324 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7328 for (i = 0; i < uuid_count; i++) {
7329 if (!memcmp(uuid, uuids[i], 16))
7336 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7340 while (parsed < eir_len) {
7341 u8 field_len = eir[0];
7348 if (eir_len - parsed < field_len + 1)
7352 case EIR_UUID16_ALL:
7353 case EIR_UUID16_SOME:
7354 for (i = 0; i + 3 <= field_len; i += 2) {
7355 memcpy(uuid, bluetooth_base_uuid, 16);
7356 uuid[13] = eir[i + 3];
7357 uuid[12] = eir[i + 2];
7358 if (has_uuid(uuid, uuid_count, uuids))
7362 case EIR_UUID32_ALL:
7363 case EIR_UUID32_SOME:
7364 for (i = 0; i + 5 <= field_len; i += 4) {
7365 memcpy(uuid, bluetooth_base_uuid, 16);
7366 uuid[15] = eir[i + 5];
7367 uuid[14] = eir[i + 4];
7368 uuid[13] = eir[i + 3];
7369 uuid[12] = eir[i + 2];
7370 if (has_uuid(uuid, uuid_count, uuids))
7374 case EIR_UUID128_ALL:
7375 case EIR_UUID128_SOME:
7376 for (i = 0; i + 17 <= field_len; i += 16) {
7377 memcpy(uuid, eir + i + 2, 16);
7378 if (has_uuid(uuid, uuid_count, uuids))
7384 parsed += field_len + 1;
7385 eir += field_len + 1;
7391 static void restart_le_scan(struct hci_dev *hdev)
7393 /* If controller is not scanning we are done. */
7394 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7397 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7398 hdev->discovery.scan_start +
7399 hdev->discovery.scan_duration))
7402 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
7403 DISCOV_LE_RESTART_DELAY);
7406 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7407 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7409 /* If a RSSI threshold has been specified, and
7410 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7411 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7412 * is set, let it through for further processing, as we might need to
7415 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7416 * the results are also dropped.
7418 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7419 (rssi == HCI_RSSI_INVALID ||
7420 (rssi < hdev->discovery.rssi &&
7421 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7424 if (hdev->discovery.uuid_count != 0) {
7425 /* If a list of UUIDs is provided in filter, results with no
7426 * matching UUID should be dropped.
7428 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7429 hdev->discovery.uuids) &&
7430 !eir_has_uuids(scan_rsp, scan_rsp_len,
7431 hdev->discovery.uuid_count,
7432 hdev->discovery.uuids))
7436 /* If duplicate filtering does not report RSSI changes, then restart
7437 * scanning to ensure updated result with updated RSSI values.
7439 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7440 restart_le_scan(hdev);
7442 /* Validate RSSI value against the RSSI threshold once more. */
7443 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7444 rssi < hdev->discovery.rssi)
7451 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7452 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7453 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7456 struct mgmt_ev_device_found *ev = (void *)buf;
7459 /* Don't send events for a non-kernel initiated discovery. With
7460 * LE one exception is if we have pend_le_reports > 0 in which
7461 * case we're doing passive scanning and want these events.
7463 if (!hci_discovery_active(hdev)) {
7464 if (link_type == ACL_LINK)
7466 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7470 if (hdev->discovery.result_filtering) {
7471 /* We are using service discovery */
7472 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7477 if (hdev->discovery.limited) {
7478 /* Check for limited discoverable bit */
7480 if (!(dev_class[1] & 0x20))
7483 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7484 if (!flags || !(flags[0] & LE_AD_LIMITED))
7489 /* Make sure that the buffer is big enough. The 5 extra bytes
7490 * are for the potential CoD field.
7492 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7495 memset(buf, 0, sizeof(buf));
7497 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7498 * RSSI value was reported as 0 when not available. This behavior
7499 * is kept when using device discovery. This is required for full
7500 * backwards compatibility with the API.
7502 * However when using service discovery, the value 127 will be
7503 * returned when the RSSI is not available.
7505 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7506 link_type == ACL_LINK)
7509 bacpy(&ev->addr.bdaddr, bdaddr);
7510 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7512 ev->flags = cpu_to_le32(flags);
7515 /* Copy EIR or advertising data into event */
7516 memcpy(ev->eir, eir, eir_len);
7518 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7520 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7523 if (scan_rsp_len > 0)
7524 /* Append scan response data to event */
7525 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7527 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7528 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7530 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7533 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7534 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7536 struct mgmt_ev_device_found *ev;
7537 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7540 ev = (struct mgmt_ev_device_found *) buf;
7542 memset(buf, 0, sizeof(buf));
7544 bacpy(&ev->addr.bdaddr, bdaddr);
7545 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7548 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7551 ev->eir_len = cpu_to_le16(eir_len);
7553 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7556 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7558 struct mgmt_ev_discovering ev;
7560 BT_DBG("%s discovering %u", hdev->name, discovering);
7562 memset(&ev, 0, sizeof(ev));
7563 ev.type = hdev->discovery.type;
7564 ev.discovering = discovering;
7566 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7569 static struct hci_mgmt_chan chan = {
7570 .channel = HCI_CHANNEL_CONTROL,
7571 .handler_count = ARRAY_SIZE(mgmt_handlers),
7572 .handlers = mgmt_handlers,
7573 .hdev_init = mgmt_init_hdev,
7578 return hci_mgmt_chan_register(&chan);
7581 void mgmt_exit(void)
7583 hci_mgmt_chan_unregister(&chan);
projects / linux-2.6-microblaze.git / blob