2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 17
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
109 MGMT_OP_SET_BLOCKED_KEYS,
110 MGMT_OP_SET_WIDEBAND_SPEECH,
111 MGMT_OP_READ_SECURITY_INFO,
112 MGMT_OP_READ_EXP_FEATURES_INFO,
113 MGMT_OP_SET_EXP_FEATURE,
116 static const u16 mgmt_events[] = {
117 MGMT_EV_CONTROLLER_ERROR,
119 MGMT_EV_INDEX_REMOVED,
120 MGMT_EV_NEW_SETTINGS,
121 MGMT_EV_CLASS_OF_DEV_CHANGED,
122 MGMT_EV_LOCAL_NAME_CHANGED,
123 MGMT_EV_NEW_LINK_KEY,
124 MGMT_EV_NEW_LONG_TERM_KEY,
125 MGMT_EV_DEVICE_CONNECTED,
126 MGMT_EV_DEVICE_DISCONNECTED,
127 MGMT_EV_CONNECT_FAILED,
128 MGMT_EV_PIN_CODE_REQUEST,
129 MGMT_EV_USER_CONFIRM_REQUEST,
130 MGMT_EV_USER_PASSKEY_REQUEST,
132 MGMT_EV_DEVICE_FOUND,
134 MGMT_EV_DEVICE_BLOCKED,
135 MGMT_EV_DEVICE_UNBLOCKED,
136 MGMT_EV_DEVICE_UNPAIRED,
137 MGMT_EV_PASSKEY_NOTIFY,
140 MGMT_EV_DEVICE_ADDED,
141 MGMT_EV_DEVICE_REMOVED,
142 MGMT_EV_NEW_CONN_PARAM,
143 MGMT_EV_UNCONF_INDEX_ADDED,
144 MGMT_EV_UNCONF_INDEX_REMOVED,
145 MGMT_EV_NEW_CONFIG_OPTIONS,
146 MGMT_EV_EXT_INDEX_ADDED,
147 MGMT_EV_EXT_INDEX_REMOVED,
148 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
149 MGMT_EV_ADVERTISING_ADDED,
150 MGMT_EV_ADVERTISING_REMOVED,
151 MGMT_EV_EXT_INFO_CHANGED,
152 MGMT_EV_PHY_CONFIGURATION_CHANGED,
153 MGMT_EV_EXP_FEATURE_CHANGED,
156 static const u16 mgmt_untrusted_commands[] = {
157 MGMT_OP_READ_INDEX_LIST,
159 MGMT_OP_READ_UNCONF_INDEX_LIST,
160 MGMT_OP_READ_CONFIG_INFO,
161 MGMT_OP_READ_EXT_INDEX_LIST,
162 MGMT_OP_READ_EXT_INFO,
163 MGMT_OP_READ_SECURITY_INFO,
164 MGMT_OP_READ_EXP_FEATURES_INFO,
167 static const u16 mgmt_untrusted_events[] = {
169 MGMT_EV_INDEX_REMOVED,
170 MGMT_EV_NEW_SETTINGS,
171 MGMT_EV_CLASS_OF_DEV_CHANGED,
172 MGMT_EV_LOCAL_NAME_CHANGED,
173 MGMT_EV_UNCONF_INDEX_ADDED,
174 MGMT_EV_UNCONF_INDEX_REMOVED,
175 MGMT_EV_NEW_CONFIG_OPTIONS,
176 MGMT_EV_EXT_INDEX_ADDED,
177 MGMT_EV_EXT_INDEX_REMOVED,
178 MGMT_EV_EXT_INFO_CHANGED,
179 MGMT_EV_EXP_FEATURE_CHANGED,
182 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
184 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
185 "\x00\x00\x00\x00\x00\x00\x00\x00"
187 /* HCI to MGMT error code conversion table */
188 static const u8 mgmt_status_table[] = {
190 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
191 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
192 MGMT_STATUS_FAILED, /* Hardware Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
194 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
195 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
196 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
197 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
198 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
199 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
200 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
201 MGMT_STATUS_BUSY, /* Command Disallowed */
202 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
203 MGMT_STATUS_REJECTED, /* Rejected Security */
204 MGMT_STATUS_REJECTED, /* Rejected Personal */
205 MGMT_STATUS_TIMEOUT, /* Host Timeout */
206 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
207 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
208 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
209 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
210 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
211 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
212 MGMT_STATUS_BUSY, /* Repeated Attempts */
213 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
214 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
215 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
216 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
217 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
218 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
219 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
220 MGMT_STATUS_FAILED, /* Unspecified Error */
221 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
222 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
223 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
224 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
225 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
226 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
227 MGMT_STATUS_FAILED, /* Unit Link Key Used */
228 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
229 MGMT_STATUS_TIMEOUT, /* Instant Passed */
230 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
231 MGMT_STATUS_FAILED, /* Transaction Collision */
232 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
233 MGMT_STATUS_REJECTED, /* QoS Rejected */
234 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
235 MGMT_STATUS_REJECTED, /* Insufficient Security */
236 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
237 MGMT_STATUS_BUSY, /* Role Switch Pending */
238 MGMT_STATUS_FAILED, /* Slot Violation */
239 MGMT_STATUS_FAILED, /* Role Switch Failed */
240 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
241 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
242 MGMT_STATUS_BUSY, /* Host Busy Pairing */
243 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
244 MGMT_STATUS_BUSY, /* Controller Busy */
245 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
246 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
247 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
248 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
249 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
252 static u8 mgmt_status(u8 hci_status)
254 if (hci_status < ARRAY_SIZE(mgmt_status_table))
255 return mgmt_status_table[hci_status];
257 return MGMT_STATUS_FAILED;
260 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
263 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
267 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
268 u16 len, int flag, struct sock *skip_sk)
270 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
274 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
275 struct sock *skip_sk)
277 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
278 HCI_SOCK_TRUSTED, skip_sk);
281 static u8 le_addr_type(u8 mgmt_addr_type)
283 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
284 return ADDR_LE_DEV_PUBLIC;
286 return ADDR_LE_DEV_RANDOM;
289 void mgmt_fill_version_info(void *ver)
291 struct mgmt_rp_read_version *rp = ver;
293 rp->version = MGMT_VERSION;
294 rp->revision = cpu_to_le16(MGMT_REVISION);
297 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
300 struct mgmt_rp_read_version rp;
302 bt_dev_dbg(hdev, "sock %p", sk);
304 mgmt_fill_version_info(&rp);
306 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
310 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
313 struct mgmt_rp_read_commands *rp;
314 u16 num_commands, num_events;
318 bt_dev_dbg(hdev, "sock %p", sk);
320 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
321 num_commands = ARRAY_SIZE(mgmt_commands);
322 num_events = ARRAY_SIZE(mgmt_events);
324 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
325 num_events = ARRAY_SIZE(mgmt_untrusted_events);
328 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
330 rp = kmalloc(rp_size, GFP_KERNEL);
334 rp->num_commands = cpu_to_le16(num_commands);
335 rp->num_events = cpu_to_le16(num_events);
337 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
338 __le16 *opcode = rp->opcodes;
340 for (i = 0; i < num_commands; i++, opcode++)
341 put_unaligned_le16(mgmt_commands[i], opcode);
343 for (i = 0; i < num_events; i++, opcode++)
344 put_unaligned_le16(mgmt_events[i], opcode);
346 __le16 *opcode = rp->opcodes;
348 for (i = 0; i < num_commands; i++, opcode++)
349 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
351 for (i = 0; i < num_events; i++, opcode++)
352 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
355 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
362 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
365 struct mgmt_rp_read_index_list *rp;
371 bt_dev_dbg(hdev, "sock %p", sk);
373 read_lock(&hci_dev_list_lock);
376 list_for_each_entry(d, &hci_dev_list, list) {
377 if (d->dev_type == HCI_PRIMARY &&
378 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
382 rp_len = sizeof(*rp) + (2 * count);
383 rp = kmalloc(rp_len, GFP_ATOMIC);
385 read_unlock(&hci_dev_list_lock);
390 list_for_each_entry(d, &hci_dev_list, list) {
391 if (hci_dev_test_flag(d, HCI_SETUP) ||
392 hci_dev_test_flag(d, HCI_CONFIG) ||
393 hci_dev_test_flag(d, HCI_USER_CHANNEL))
396 /* Devices marked as raw-only are neither configured
397 * nor unconfigured controllers.
399 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
402 if (d->dev_type == HCI_PRIMARY &&
403 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
404 rp->index[count++] = cpu_to_le16(d->id);
405 bt_dev_dbg(hdev, "Added hci%u", d->id);
409 rp->num_controllers = cpu_to_le16(count);
410 rp_len = sizeof(*rp) + (2 * count);
412 read_unlock(&hci_dev_list_lock);
414 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
422 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
423 void *data, u16 data_len)
425 struct mgmt_rp_read_unconf_index_list *rp;
431 bt_dev_dbg(hdev, "sock %p", sk);
433 read_lock(&hci_dev_list_lock);
436 list_for_each_entry(d, &hci_dev_list, list) {
437 if (d->dev_type == HCI_PRIMARY &&
438 hci_dev_test_flag(d, HCI_UNCONFIGURED))
442 rp_len = sizeof(*rp) + (2 * count);
443 rp = kmalloc(rp_len, GFP_ATOMIC);
445 read_unlock(&hci_dev_list_lock);
450 list_for_each_entry(d, &hci_dev_list, list) {
451 if (hci_dev_test_flag(d, HCI_SETUP) ||
452 hci_dev_test_flag(d, HCI_CONFIG) ||
453 hci_dev_test_flag(d, HCI_USER_CHANNEL))
456 /* Devices marked as raw-only are neither configured
457 * nor unconfigured controllers.
459 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
462 if (d->dev_type == HCI_PRIMARY &&
463 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
464 rp->index[count++] = cpu_to_le16(d->id);
465 bt_dev_dbg(hdev, "Added hci%u", d->id);
469 rp->num_controllers = cpu_to_le16(count);
470 rp_len = sizeof(*rp) + (2 * count);
472 read_unlock(&hci_dev_list_lock);
474 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
475 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
482 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
483 void *data, u16 data_len)
485 struct mgmt_rp_read_ext_index_list *rp;
490 bt_dev_dbg(hdev, "sock %p", sk);
492 read_lock(&hci_dev_list_lock);
495 list_for_each_entry(d, &hci_dev_list, list) {
496 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
500 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
502 read_unlock(&hci_dev_list_lock);
507 list_for_each_entry(d, &hci_dev_list, list) {
508 if (hci_dev_test_flag(d, HCI_SETUP) ||
509 hci_dev_test_flag(d, HCI_CONFIG) ||
510 hci_dev_test_flag(d, HCI_USER_CHANNEL))
513 /* Devices marked as raw-only are neither configured
514 * nor unconfigured controllers.
516 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
519 if (d->dev_type == HCI_PRIMARY) {
520 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
521 rp->entry[count].type = 0x01;
523 rp->entry[count].type = 0x00;
524 } else if (d->dev_type == HCI_AMP) {
525 rp->entry[count].type = 0x02;
530 rp->entry[count].bus = d->bus;
531 rp->entry[count++].index = cpu_to_le16(d->id);
532 bt_dev_dbg(hdev, "Added hci%u", d->id);
535 rp->num_controllers = cpu_to_le16(count);
537 read_unlock(&hci_dev_list_lock);
539 /* If this command is called at least once, then all the
540 * default index and unconfigured index events are disabled
541 * and from now on only extended index events are used.
543 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
544 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
545 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
547 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
548 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
549 struct_size(rp, entry, count));
556 static bool is_configured(struct hci_dev *hdev)
558 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
559 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
562 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
563 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
564 !bacmp(&hdev->public_addr, BDADDR_ANY))
570 static __le32 get_missing_options(struct hci_dev *hdev)
574 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
575 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
576 options |= MGMT_OPTION_EXTERNAL_CONFIG;
578 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
579 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
580 !bacmp(&hdev->public_addr, BDADDR_ANY))
581 options |= MGMT_OPTION_PUBLIC_ADDRESS;
583 return cpu_to_le32(options);
586 static int new_options(struct hci_dev *hdev, struct sock *skip)
588 __le32 options = get_missing_options(hdev);
590 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
591 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
594 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
596 __le32 options = get_missing_options(hdev);
598 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
602 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
603 void *data, u16 data_len)
605 struct mgmt_rp_read_config_info rp;
608 bt_dev_dbg(hdev, "sock %p", sk);
612 memset(&rp, 0, sizeof(rp));
613 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
615 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
616 options |= MGMT_OPTION_EXTERNAL_CONFIG;
618 if (hdev->set_bdaddr)
619 options |= MGMT_OPTION_PUBLIC_ADDRESS;
621 rp.supported_options = cpu_to_le32(options);
622 rp.missing_options = get_missing_options(hdev);
624 hci_dev_unlock(hdev);
626 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
630 static u32 get_supported_phys(struct hci_dev *hdev)
632 u32 supported_phys = 0;
634 if (lmp_bredr_capable(hdev)) {
635 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
637 if (hdev->features[0][0] & LMP_3SLOT)
638 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
640 if (hdev->features[0][0] & LMP_5SLOT)
641 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
643 if (lmp_edr_2m_capable(hdev)) {
644 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
646 if (lmp_edr_3slot_capable(hdev))
647 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
649 if (lmp_edr_5slot_capable(hdev))
650 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
652 if (lmp_edr_3m_capable(hdev)) {
653 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
655 if (lmp_edr_3slot_capable(hdev))
656 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
658 if (lmp_edr_5slot_capable(hdev))
659 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
664 if (lmp_le_capable(hdev)) {
665 supported_phys |= MGMT_PHY_LE_1M_TX;
666 supported_phys |= MGMT_PHY_LE_1M_RX;
668 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
669 supported_phys |= MGMT_PHY_LE_2M_TX;
670 supported_phys |= MGMT_PHY_LE_2M_RX;
673 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
674 supported_phys |= MGMT_PHY_LE_CODED_TX;
675 supported_phys |= MGMT_PHY_LE_CODED_RX;
679 return supported_phys;
682 static u32 get_selected_phys(struct hci_dev *hdev)
684 u32 selected_phys = 0;
686 if (lmp_bredr_capable(hdev)) {
687 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
689 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
690 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
692 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
693 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
695 if (lmp_edr_2m_capable(hdev)) {
696 if (!(hdev->pkt_type & HCI_2DH1))
697 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
699 if (lmp_edr_3slot_capable(hdev) &&
700 !(hdev->pkt_type & HCI_2DH3))
701 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
703 if (lmp_edr_5slot_capable(hdev) &&
704 !(hdev->pkt_type & HCI_2DH5))
705 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
707 if (lmp_edr_3m_capable(hdev)) {
708 if (!(hdev->pkt_type & HCI_3DH1))
709 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
711 if (lmp_edr_3slot_capable(hdev) &&
712 !(hdev->pkt_type & HCI_3DH3))
713 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
715 if (lmp_edr_5slot_capable(hdev) &&
716 !(hdev->pkt_type & HCI_3DH5))
717 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
722 if (lmp_le_capable(hdev)) {
723 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
724 selected_phys |= MGMT_PHY_LE_1M_TX;
726 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
727 selected_phys |= MGMT_PHY_LE_1M_RX;
729 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
730 selected_phys |= MGMT_PHY_LE_2M_TX;
732 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
733 selected_phys |= MGMT_PHY_LE_2M_RX;
735 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
736 selected_phys |= MGMT_PHY_LE_CODED_TX;
738 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
739 selected_phys |= MGMT_PHY_LE_CODED_RX;
742 return selected_phys;
745 static u32 get_configurable_phys(struct hci_dev *hdev)
747 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
748 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
751 static u32 get_supported_settings(struct hci_dev *hdev)
755 settings |= MGMT_SETTING_POWERED;
756 settings |= MGMT_SETTING_BONDABLE;
757 settings |= MGMT_SETTING_DEBUG_KEYS;
758 settings |= MGMT_SETTING_CONNECTABLE;
759 settings |= MGMT_SETTING_DISCOVERABLE;
761 if (lmp_bredr_capable(hdev)) {
762 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
763 settings |= MGMT_SETTING_FAST_CONNECTABLE;
764 settings |= MGMT_SETTING_BREDR;
765 settings |= MGMT_SETTING_LINK_SECURITY;
767 if (lmp_ssp_capable(hdev)) {
768 settings |= MGMT_SETTING_SSP;
769 settings |= MGMT_SETTING_HS;
772 if (lmp_sc_capable(hdev))
773 settings |= MGMT_SETTING_SECURE_CONN;
775 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
777 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
780 if (lmp_le_capable(hdev)) {
781 settings |= MGMT_SETTING_LE;
782 settings |= MGMT_SETTING_ADVERTISING;
783 settings |= MGMT_SETTING_SECURE_CONN;
784 settings |= MGMT_SETTING_PRIVACY;
785 settings |= MGMT_SETTING_STATIC_ADDRESS;
788 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
790 settings |= MGMT_SETTING_CONFIGURATION;
792 settings |= MGMT_SETTING_PHY_CONFIGURATION;
797 static u32 get_current_settings(struct hci_dev *hdev)
801 if (hdev_is_powered(hdev))
802 settings |= MGMT_SETTING_POWERED;
804 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
805 settings |= MGMT_SETTING_CONNECTABLE;
807 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
808 settings |= MGMT_SETTING_FAST_CONNECTABLE;
810 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
811 settings |= MGMT_SETTING_DISCOVERABLE;
813 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
814 settings |= MGMT_SETTING_BONDABLE;
816 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
817 settings |= MGMT_SETTING_BREDR;
819 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
820 settings |= MGMT_SETTING_LE;
822 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
823 settings |= MGMT_SETTING_LINK_SECURITY;
825 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
826 settings |= MGMT_SETTING_SSP;
828 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
829 settings |= MGMT_SETTING_HS;
831 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
832 settings |= MGMT_SETTING_ADVERTISING;
834 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
835 settings |= MGMT_SETTING_SECURE_CONN;
837 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
838 settings |= MGMT_SETTING_DEBUG_KEYS;
840 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
841 settings |= MGMT_SETTING_PRIVACY;
843 /* The current setting for static address has two purposes. The
844 * first is to indicate if the static address will be used and
845 * the second is to indicate if it is actually set.
847 * This means if the static address is not configured, this flag
848 * will never be set. If the address is configured, then if the
849 * address is actually used decides if the flag is set or not.
851 * For single mode LE only controllers and dual-mode controllers
852 * with BR/EDR disabled, the existence of the static address will
855 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
856 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
857 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
858 if (bacmp(&hdev->static_addr, BDADDR_ANY))
859 settings |= MGMT_SETTING_STATIC_ADDRESS;
862 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
863 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
868 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
870 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
873 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
874 struct hci_dev *hdev,
877 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
880 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
882 struct mgmt_pending_cmd *cmd;
884 /* If there's a pending mgmt command the flags will not yet have
885 * their final values, so check for this first.
887 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
889 struct mgmt_mode *cp = cmd->param;
891 return LE_AD_GENERAL;
892 else if (cp->val == 0x02)
893 return LE_AD_LIMITED;
895 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
896 return LE_AD_LIMITED;
897 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
898 return LE_AD_GENERAL;
904 bool mgmt_get_connectable(struct hci_dev *hdev)
906 struct mgmt_pending_cmd *cmd;
908 /* If there's a pending mgmt command the flag will not yet have
909 * it's final value, so check for this first.
911 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
913 struct mgmt_mode *cp = cmd->param;
918 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
921 static void service_cache_off(struct work_struct *work)
923 struct hci_dev *hdev = container_of(work, struct hci_dev,
925 struct hci_request req;
927 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
930 hci_req_init(&req, hdev);
934 __hci_req_update_eir(&req);
935 __hci_req_update_class(&req);
937 hci_dev_unlock(hdev);
939 hci_req_run(&req, NULL);
942 static void rpa_expired(struct work_struct *work)
944 struct hci_dev *hdev = container_of(work, struct hci_dev,
946 struct hci_request req;
948 bt_dev_dbg(hdev, "");
950 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
952 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
955 /* The generation of a new RPA and programming it into the
956 * controller happens in the hci_req_enable_advertising()
959 hci_req_init(&req, hdev);
960 if (ext_adv_capable(hdev))
961 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
963 __hci_req_enable_advertising(&req);
964 hci_req_run(&req, NULL);
967 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
969 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
972 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
973 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
975 /* Non-mgmt controlled devices get this bit set
976 * implicitly so that pairing works for them, however
977 * for mgmt we require user-space to explicitly enable
980 hci_dev_clear_flag(hdev, HCI_BONDABLE);
983 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
984 void *data, u16 data_len)
986 struct mgmt_rp_read_info rp;
988 bt_dev_dbg(hdev, "sock %p", sk);
992 memset(&rp, 0, sizeof(rp));
994 bacpy(&rp.bdaddr, &hdev->bdaddr);
996 rp.version = hdev->hci_ver;
997 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
999 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1000 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1002 memcpy(rp.dev_class, hdev->dev_class, 3);
1004 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1005 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1007 hci_dev_unlock(hdev);
1009 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1013 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1018 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1019 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1020 hdev->dev_class, 3);
1022 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1023 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1026 name_len = strlen(hdev->dev_name);
1027 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1028 hdev->dev_name, name_len);
1030 name_len = strlen(hdev->short_name);
1031 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1032 hdev->short_name, name_len);
1037 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1038 void *data, u16 data_len)
1041 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1044 bt_dev_dbg(hdev, "sock %p", sk);
1046 memset(&buf, 0, sizeof(buf));
1050 bacpy(&rp->bdaddr, &hdev->bdaddr);
1052 rp->version = hdev->hci_ver;
1053 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1055 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1056 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1059 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1060 rp->eir_len = cpu_to_le16(eir_len);
1062 hci_dev_unlock(hdev);
1064 /* If this command is called at least once, then the events
1065 * for class of device and local name changes are disabled
1066 * and only the new extended controller information event
1069 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1070 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1071 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1073 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1074 sizeof(*rp) + eir_len);
1077 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1080 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1083 memset(buf, 0, sizeof(buf));
1085 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1086 ev->eir_len = cpu_to_le16(eir_len);
1088 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1089 sizeof(*ev) + eir_len,
1090 HCI_MGMT_EXT_INFO_EVENTS, skip);
1093 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1095 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1097 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1101 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1103 bt_dev_dbg(hdev, "status 0x%02x", status);
1105 if (hci_conn_count(hdev) == 0) {
1106 cancel_delayed_work(&hdev->power_off);
1107 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1111 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1113 struct mgmt_ev_advertising_added ev;
1115 ev.instance = instance;
1117 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1120 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1123 struct mgmt_ev_advertising_removed ev;
1125 ev.instance = instance;
1127 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1130 static void cancel_adv_timeout(struct hci_dev *hdev)
1132 if (hdev->adv_instance_timeout) {
1133 hdev->adv_instance_timeout = 0;
1134 cancel_delayed_work(&hdev->adv_instance_expire);
1138 static int clean_up_hci_state(struct hci_dev *hdev)
1140 struct hci_request req;
1141 struct hci_conn *conn;
1142 bool discov_stopped;
1145 hci_req_init(&req, hdev);
1147 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1148 test_bit(HCI_PSCAN, &hdev->flags)) {
1150 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1153 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1155 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1156 __hci_req_disable_advertising(&req);
1158 discov_stopped = hci_req_stop_discovery(&req);
1160 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1161 /* 0x15 == Terminated due to Power Off */
1162 __hci_abort_conn(&req, conn, 0x15);
1165 err = hci_req_run(&req, clean_up_hci_complete);
1166 if (!err && discov_stopped)
1167 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1172 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1175 struct mgmt_mode *cp = data;
1176 struct mgmt_pending_cmd *cmd;
1179 bt_dev_dbg(hdev, "sock %p", sk);
1181 if (cp->val != 0x00 && cp->val != 0x01)
1182 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1183 MGMT_STATUS_INVALID_PARAMS);
1187 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1188 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1193 if (!!cp->val == hdev_is_powered(hdev)) {
1194 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1198 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1205 queue_work(hdev->req_workqueue, &hdev->power_on);
1208 /* Disconnect connections, stop scans, etc */
1209 err = clean_up_hci_state(hdev);
1211 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1212 HCI_POWER_OFF_TIMEOUT);
1214 /* ENODATA means there were no HCI commands queued */
1215 if (err == -ENODATA) {
1216 cancel_delayed_work(&hdev->power_off);
1217 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1223 hci_dev_unlock(hdev);
1227 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1229 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1231 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1232 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1235 int mgmt_new_settings(struct hci_dev *hdev)
1237 return new_settings(hdev, NULL);
1242 struct hci_dev *hdev;
1246 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1248 struct cmd_lookup *match = data;
1250 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1252 list_del(&cmd->list);
1254 if (match->sk == NULL) {
1255 match->sk = cmd->sk;
1256 sock_hold(match->sk);
1259 mgmt_pending_free(cmd);
1262 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1266 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1267 mgmt_pending_remove(cmd);
1270 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1272 if (cmd->cmd_complete) {
1275 cmd->cmd_complete(cmd, *status);
1276 mgmt_pending_remove(cmd);
1281 cmd_status_rsp(cmd, data);
1284 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1286 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1287 cmd->param, cmd->param_len);
1290 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1292 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1293 cmd->param, sizeof(struct mgmt_addr_info));
1296 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1298 if (!lmp_bredr_capable(hdev))
1299 return MGMT_STATUS_NOT_SUPPORTED;
1300 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1301 return MGMT_STATUS_REJECTED;
1303 return MGMT_STATUS_SUCCESS;
1306 static u8 mgmt_le_support(struct hci_dev *hdev)
1308 if (!lmp_le_capable(hdev))
1309 return MGMT_STATUS_NOT_SUPPORTED;
1310 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1311 return MGMT_STATUS_REJECTED;
1313 return MGMT_STATUS_SUCCESS;
1316 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1318 struct mgmt_pending_cmd *cmd;
1320 bt_dev_dbg(hdev, "status 0x%02x", status);
1324 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1329 u8 mgmt_err = mgmt_status(status);
1330 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1331 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1335 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1336 hdev->discov_timeout > 0) {
1337 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1338 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1341 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1342 new_settings(hdev, cmd->sk);
1345 mgmt_pending_remove(cmd);
1348 hci_dev_unlock(hdev);
1351 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1354 struct mgmt_cp_set_discoverable *cp = data;
1355 struct mgmt_pending_cmd *cmd;
1359 bt_dev_dbg(hdev, "sock %p", sk);
1361 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1362 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1363 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1364 MGMT_STATUS_REJECTED);
1366 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1367 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1368 MGMT_STATUS_INVALID_PARAMS);
1370 timeout = __le16_to_cpu(cp->timeout);
1372 /* Disabling discoverable requires that no timeout is set,
1373 * and enabling limited discoverable requires a timeout.
1375 if ((cp->val == 0x00 && timeout > 0) ||
1376 (cp->val == 0x02 && timeout == 0))
1377 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1378 MGMT_STATUS_INVALID_PARAMS);
1382 if (!hdev_is_powered(hdev) && timeout > 0) {
1383 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1384 MGMT_STATUS_NOT_POWERED);
1388 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1389 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1390 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1395 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1396 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1397 MGMT_STATUS_REJECTED);
1401 if (hdev->advertising_paused) {
1402 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1407 if (!hdev_is_powered(hdev)) {
1408 bool changed = false;
1410 /* Setting limited discoverable when powered off is
1411 * not a valid operation since it requires a timeout
1412 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1414 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1415 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1419 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1424 err = new_settings(hdev, sk);
1429 /* If the current mode is the same, then just update the timeout
1430 * value with the new value. And if only the timeout gets updated,
1431 * then no need for any HCI transactions.
1433 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1434 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1435 HCI_LIMITED_DISCOVERABLE)) {
1436 cancel_delayed_work(&hdev->discov_off);
1437 hdev->discov_timeout = timeout;
1439 if (cp->val && hdev->discov_timeout > 0) {
1440 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1441 queue_delayed_work(hdev->req_workqueue,
1442 &hdev->discov_off, to);
1445 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1449 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1455 /* Cancel any potential discoverable timeout that might be
1456 * still active and store new timeout value. The arming of
1457 * the timeout happens in the complete handler.
1459 cancel_delayed_work(&hdev->discov_off);
1460 hdev->discov_timeout = timeout;
1463 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1465 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1467 /* Limited discoverable mode */
1468 if (cp->val == 0x02)
1469 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1471 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1473 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1477 hci_dev_unlock(hdev);
1481 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1483 struct mgmt_pending_cmd *cmd;
1485 bt_dev_dbg(hdev, "status 0x%02x", status);
1489 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1494 u8 mgmt_err = mgmt_status(status);
1495 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1499 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1500 new_settings(hdev, cmd->sk);
1503 mgmt_pending_remove(cmd);
1506 hci_dev_unlock(hdev);
1509 static int set_connectable_update_settings(struct hci_dev *hdev,
1510 struct sock *sk, u8 val)
1512 bool changed = false;
1515 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1519 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1521 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1522 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1525 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1530 hci_req_update_scan(hdev);
1531 hci_update_background_scan(hdev);
1532 return new_settings(hdev, sk);
1538 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1541 struct mgmt_mode *cp = data;
1542 struct mgmt_pending_cmd *cmd;
1545 bt_dev_dbg(hdev, "sock %p", sk);
1547 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1548 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1549 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1550 MGMT_STATUS_REJECTED);
1552 if (cp->val != 0x00 && cp->val != 0x01)
1553 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1554 MGMT_STATUS_INVALID_PARAMS);
1558 if (!hdev_is_powered(hdev)) {
1559 err = set_connectable_update_settings(hdev, sk, cp->val);
1563 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1564 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1565 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1570 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1577 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1579 if (hdev->discov_timeout > 0)
1580 cancel_delayed_work(&hdev->discov_off);
1582 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1583 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1584 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1587 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1591 hci_dev_unlock(hdev);
1595 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1598 struct mgmt_mode *cp = data;
1602 bt_dev_dbg(hdev, "sock %p", sk);
1604 if (cp->val != 0x00 && cp->val != 0x01)
1605 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1606 MGMT_STATUS_INVALID_PARAMS);
1611 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1613 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1615 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1620 /* In limited privacy mode the change of bondable mode
1621 * may affect the local advertising address.
1623 if (hdev_is_powered(hdev) &&
1624 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1625 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1626 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1627 queue_work(hdev->req_workqueue,
1628 &hdev->discoverable_update);
1630 err = new_settings(hdev, sk);
1634 hci_dev_unlock(hdev);
1638 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1641 struct mgmt_mode *cp = data;
1642 struct mgmt_pending_cmd *cmd;
1646 bt_dev_dbg(hdev, "sock %p", sk);
1648 status = mgmt_bredr_support(hdev);
1650 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1653 if (cp->val != 0x00 && cp->val != 0x01)
1654 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1655 MGMT_STATUS_INVALID_PARAMS);
1659 if (!hdev_is_powered(hdev)) {
1660 bool changed = false;
1662 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1663 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1667 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1672 err = new_settings(hdev, sk);
1677 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1678 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1685 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1686 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1690 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1696 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1698 mgmt_pending_remove(cmd);
1703 hci_dev_unlock(hdev);
1707 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1709 struct mgmt_mode *cp = data;
1710 struct mgmt_pending_cmd *cmd;
1714 bt_dev_dbg(hdev, "sock %p", sk);
1716 status = mgmt_bredr_support(hdev);
1718 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1720 if (!lmp_ssp_capable(hdev))
1721 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1722 MGMT_STATUS_NOT_SUPPORTED);
1724 if (cp->val != 0x00 && cp->val != 0x01)
1725 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1726 MGMT_STATUS_INVALID_PARAMS);
1730 if (!hdev_is_powered(hdev)) {
1734 changed = !hci_dev_test_and_set_flag(hdev,
1737 changed = hci_dev_test_and_clear_flag(hdev,
1740 changed = hci_dev_test_and_clear_flag(hdev,
1743 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1746 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1751 err = new_settings(hdev, sk);
1756 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1757 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1762 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1763 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1767 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1773 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1774 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1775 sizeof(cp->val), &cp->val);
1777 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1779 mgmt_pending_remove(cmd);
1784 hci_dev_unlock(hdev);
1788 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1790 struct mgmt_mode *cp = data;
1795 bt_dev_dbg(hdev, "sock %p", sk);
1797 status = mgmt_bredr_support(hdev);
1799 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1801 if (!lmp_ssp_capable(hdev))
1802 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1803 MGMT_STATUS_NOT_SUPPORTED);
1805 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1806 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1807 MGMT_STATUS_REJECTED);
1809 if (cp->val != 0x00 && cp->val != 0x01)
1810 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1811 MGMT_STATUS_INVALID_PARAMS);
1815 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1816 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1822 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1824 if (hdev_is_powered(hdev)) {
1825 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1826 MGMT_STATUS_REJECTED);
1830 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1833 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1838 err = new_settings(hdev, sk);
1841 hci_dev_unlock(hdev);
1845 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1847 struct cmd_lookup match = { NULL, hdev };
1852 u8 mgmt_err = mgmt_status(status);
1854 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1859 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1861 new_settings(hdev, match.sk);
1866 /* Make sure the controller has a good default for
1867 * advertising data. Restrict the update to when LE
1868 * has actually been enabled. During power on, the
1869 * update in powered_update_hci will take care of it.
1871 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1872 struct hci_request req;
1873 hci_req_init(&req, hdev);
1874 if (ext_adv_capable(hdev)) {
1877 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1879 __hci_req_update_scan_rsp_data(&req, 0x00);
1881 __hci_req_update_adv_data(&req, 0x00);
1882 __hci_req_update_scan_rsp_data(&req, 0x00);
1884 hci_req_run(&req, NULL);
1885 hci_update_background_scan(hdev);
1889 hci_dev_unlock(hdev);
1892 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1894 struct mgmt_mode *cp = data;
1895 struct hci_cp_write_le_host_supported hci_cp;
1896 struct mgmt_pending_cmd *cmd;
1897 struct hci_request req;
1901 bt_dev_dbg(hdev, "sock %p", sk);
1903 if (!lmp_le_capable(hdev))
1904 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1905 MGMT_STATUS_NOT_SUPPORTED);
1907 if (cp->val != 0x00 && cp->val != 0x01)
1908 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1909 MGMT_STATUS_INVALID_PARAMS);
1911 /* Bluetooth single mode LE only controllers or dual-mode
1912 * controllers configured as LE only devices, do not allow
1913 * switching LE off. These have either LE enabled explicitly
1914 * or BR/EDR has been previously switched off.
1916 * When trying to enable an already enabled LE, then gracefully
1917 * send a positive response. Trying to disable it however will
1918 * result into rejection.
1920 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1921 if (cp->val == 0x01)
1922 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1924 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1925 MGMT_STATUS_REJECTED);
1931 enabled = lmp_host_le_capable(hdev);
1934 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1936 if (!hdev_is_powered(hdev) || val == enabled) {
1937 bool changed = false;
1939 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1940 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1944 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1945 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1949 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1954 err = new_settings(hdev, sk);
1959 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1960 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1961 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1966 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1972 hci_req_init(&req, hdev);
1974 memset(&hci_cp, 0, sizeof(hci_cp));
1978 hci_cp.simul = 0x00;
1980 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1981 __hci_req_disable_advertising(&req);
1983 if (ext_adv_capable(hdev))
1984 __hci_req_clear_ext_adv_sets(&req);
1987 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1990 err = hci_req_run(&req, le_enable_complete);
1992 mgmt_pending_remove(cmd);
1995 hci_dev_unlock(hdev);
1999 /* This is a helper function to test for pending mgmt commands that can
2000 * cause CoD or EIR HCI commands. We can only allow one such pending
2001 * mgmt command at a time since otherwise we cannot easily track what
2002 * the current values are, will be, and based on that calculate if a new
2003 * HCI command needs to be sent and if yes with what value.
2005 static bool pending_eir_or_class(struct hci_dev *hdev)
2007 struct mgmt_pending_cmd *cmd;
2009 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2010 switch (cmd->opcode) {
2011 case MGMT_OP_ADD_UUID:
2012 case MGMT_OP_REMOVE_UUID:
2013 case MGMT_OP_SET_DEV_CLASS:
2014 case MGMT_OP_SET_POWERED:
2022 static const u8 bluetooth_base_uuid[] = {
2023 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2024 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2027 static u8 get_uuid_size(const u8 *uuid)
2031 if (memcmp(uuid, bluetooth_base_uuid, 12))
2034 val = get_unaligned_le32(&uuid[12]);
2041 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2043 struct mgmt_pending_cmd *cmd;
2047 cmd = pending_find(mgmt_op, hdev);
2051 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2052 mgmt_status(status), hdev->dev_class, 3);
2054 mgmt_pending_remove(cmd);
2057 hci_dev_unlock(hdev);
2060 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2062 bt_dev_dbg(hdev, "status 0x%02x", status);
2064 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2067 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2069 struct mgmt_cp_add_uuid *cp = data;
2070 struct mgmt_pending_cmd *cmd;
2071 struct hci_request req;
2072 struct bt_uuid *uuid;
2075 bt_dev_dbg(hdev, "sock %p", sk);
2079 if (pending_eir_or_class(hdev)) {
2080 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2085 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2091 memcpy(uuid->uuid, cp->uuid, 16);
2092 uuid->svc_hint = cp->svc_hint;
2093 uuid->size = get_uuid_size(cp->uuid);
2095 list_add_tail(&uuid->list, &hdev->uuids);
2097 hci_req_init(&req, hdev);
2099 __hci_req_update_class(&req);
2100 __hci_req_update_eir(&req);
2102 err = hci_req_run(&req, add_uuid_complete);
2104 if (err != -ENODATA)
2107 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2108 hdev->dev_class, 3);
2112 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2121 hci_dev_unlock(hdev);
2125 static bool enable_service_cache(struct hci_dev *hdev)
2127 if (!hdev_is_powered(hdev))
2130 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2131 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2139 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2141 bt_dev_dbg(hdev, "status 0x%02x", status);
2143 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2146 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2149 struct mgmt_cp_remove_uuid *cp = data;
2150 struct mgmt_pending_cmd *cmd;
2151 struct bt_uuid *match, *tmp;
2152 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2153 struct hci_request req;
2156 bt_dev_dbg(hdev, "sock %p", sk);
2160 if (pending_eir_or_class(hdev)) {
2161 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2166 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2167 hci_uuids_clear(hdev);
2169 if (enable_service_cache(hdev)) {
2170 err = mgmt_cmd_complete(sk, hdev->id,
2171 MGMT_OP_REMOVE_UUID,
2172 0, hdev->dev_class, 3);
2181 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2182 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2185 list_del(&match->list);
2191 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2192 MGMT_STATUS_INVALID_PARAMS);
2197 hci_req_init(&req, hdev);
2199 __hci_req_update_class(&req);
2200 __hci_req_update_eir(&req);
2202 err = hci_req_run(&req, remove_uuid_complete);
2204 if (err != -ENODATA)
2207 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2208 hdev->dev_class, 3);
2212 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2221 hci_dev_unlock(hdev);
2225 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2227 bt_dev_dbg(hdev, "status 0x%02x", status);
2229 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2232 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2235 struct mgmt_cp_set_dev_class *cp = data;
2236 struct mgmt_pending_cmd *cmd;
2237 struct hci_request req;
2240 bt_dev_dbg(hdev, "sock %p", sk);
2242 if (!lmp_bredr_capable(hdev))
2243 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2244 MGMT_STATUS_NOT_SUPPORTED);
2248 if (pending_eir_or_class(hdev)) {
2249 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2254 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2255 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2256 MGMT_STATUS_INVALID_PARAMS);
2260 hdev->major_class = cp->major;
2261 hdev->minor_class = cp->minor;
2263 if (!hdev_is_powered(hdev)) {
2264 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2265 hdev->dev_class, 3);
2269 hci_req_init(&req, hdev);
2271 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2272 hci_dev_unlock(hdev);
2273 cancel_delayed_work_sync(&hdev->service_cache);
2275 __hci_req_update_eir(&req);
2278 __hci_req_update_class(&req);
2280 err = hci_req_run(&req, set_class_complete);
2282 if (err != -ENODATA)
2285 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2286 hdev->dev_class, 3);
2290 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2299 hci_dev_unlock(hdev);
2303 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2306 struct mgmt_cp_load_link_keys *cp = data;
2307 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2308 sizeof(struct mgmt_link_key_info));
2309 u16 key_count, expected_len;
2313 bt_dev_dbg(hdev, "sock %p", sk);
2315 if (!lmp_bredr_capable(hdev))
2316 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2317 MGMT_STATUS_NOT_SUPPORTED);
2319 key_count = __le16_to_cpu(cp->key_count);
2320 if (key_count > max_key_count) {
2321 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2323 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2324 MGMT_STATUS_INVALID_PARAMS);
2327 expected_len = struct_size(cp, keys, key_count);
2328 if (expected_len != len) {
2329 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2331 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2332 MGMT_STATUS_INVALID_PARAMS);
2335 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2336 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2337 MGMT_STATUS_INVALID_PARAMS);
2339 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2342 for (i = 0; i < key_count; i++) {
2343 struct mgmt_link_key_info *key = &cp->keys[i];
2345 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2346 return mgmt_cmd_status(sk, hdev->id,
2347 MGMT_OP_LOAD_LINK_KEYS,
2348 MGMT_STATUS_INVALID_PARAMS);
2353 hci_link_keys_clear(hdev);
2356 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2358 changed = hci_dev_test_and_clear_flag(hdev,
2359 HCI_KEEP_DEBUG_KEYS);
2362 new_settings(hdev, NULL);
2364 for (i = 0; i < key_count; i++) {
2365 struct mgmt_link_key_info *key = &cp->keys[i];
2367 if (hci_is_blocked_key(hdev,
2368 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2370 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2375 /* Always ignore debug keys and require a new pairing if
2376 * the user wants to use them.
2378 if (key->type == HCI_LK_DEBUG_COMBINATION)
2381 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2382 key->type, key->pin_len, NULL);
2385 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2387 hci_dev_unlock(hdev);
2392 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2393 u8 addr_type, struct sock *skip_sk)
2395 struct mgmt_ev_device_unpaired ev;
2397 bacpy(&ev.addr.bdaddr, bdaddr);
2398 ev.addr.type = addr_type;
2400 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2404 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2407 struct mgmt_cp_unpair_device *cp = data;
2408 struct mgmt_rp_unpair_device rp;
2409 struct hci_conn_params *params;
2410 struct mgmt_pending_cmd *cmd;
2411 struct hci_conn *conn;
2415 memset(&rp, 0, sizeof(rp));
2416 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2417 rp.addr.type = cp->addr.type;
2419 if (!bdaddr_type_is_valid(cp->addr.type))
2420 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2421 MGMT_STATUS_INVALID_PARAMS,
2424 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2425 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2426 MGMT_STATUS_INVALID_PARAMS,
2431 if (!hdev_is_powered(hdev)) {
2432 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2433 MGMT_STATUS_NOT_POWERED, &rp,
2438 if (cp->addr.type == BDADDR_BREDR) {
2439 /* If disconnection is requested, then look up the
2440 * connection. If the remote device is connected, it
2441 * will be later used to terminate the link.
2443 * Setting it to NULL explicitly will cause no
2444 * termination of the link.
2447 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2452 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2454 err = mgmt_cmd_complete(sk, hdev->id,
2455 MGMT_OP_UNPAIR_DEVICE,
2456 MGMT_STATUS_NOT_PAIRED, &rp,
2464 /* LE address type */
2465 addr_type = le_addr_type(cp->addr.type);
2467 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2468 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2470 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2471 MGMT_STATUS_NOT_PAIRED, &rp,
2476 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2478 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2483 /* Defer clearing up the connection parameters until closing to
2484 * give a chance of keeping them if a repairing happens.
2486 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2488 /* Disable auto-connection parameters if present */
2489 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2491 if (params->explicit_connect)
2492 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2494 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2497 /* If disconnection is not requested, then clear the connection
2498 * variable so that the link is not terminated.
2500 if (!cp->disconnect)
2504 /* If the connection variable is set, then termination of the
2505 * link is requested.
2508 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2510 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2514 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2521 cmd->cmd_complete = addr_cmd_complete;
2523 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2525 mgmt_pending_remove(cmd);
2528 hci_dev_unlock(hdev);
2532 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2535 struct mgmt_cp_disconnect *cp = data;
2536 struct mgmt_rp_disconnect rp;
2537 struct mgmt_pending_cmd *cmd;
2538 struct hci_conn *conn;
2541 bt_dev_dbg(hdev, "sock %p", sk);
2543 memset(&rp, 0, sizeof(rp));
2544 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2545 rp.addr.type = cp->addr.type;
2547 if (!bdaddr_type_is_valid(cp->addr.type))
2548 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2549 MGMT_STATUS_INVALID_PARAMS,
2554 if (!test_bit(HCI_UP, &hdev->flags)) {
2555 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2556 MGMT_STATUS_NOT_POWERED, &rp,
2561 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2562 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2563 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2567 if (cp->addr.type == BDADDR_BREDR)
2568 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2571 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2572 le_addr_type(cp->addr.type));
2574 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2575 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2576 MGMT_STATUS_NOT_CONNECTED, &rp,
2581 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2587 cmd->cmd_complete = generic_cmd_complete;
2589 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2591 mgmt_pending_remove(cmd);
2594 hci_dev_unlock(hdev);
2598 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2600 switch (link_type) {
2602 switch (addr_type) {
2603 case ADDR_LE_DEV_PUBLIC:
2604 return BDADDR_LE_PUBLIC;
2607 /* Fallback to LE Random address type */
2608 return BDADDR_LE_RANDOM;
2612 /* Fallback to BR/EDR type */
2613 return BDADDR_BREDR;
2617 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2620 struct mgmt_rp_get_connections *rp;
2625 bt_dev_dbg(hdev, "sock %p", sk);
2629 if (!hdev_is_powered(hdev)) {
2630 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2631 MGMT_STATUS_NOT_POWERED);
2636 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2637 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2641 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
2648 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2649 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2651 bacpy(&rp->addr[i].bdaddr, &c->dst);
2652 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2653 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2658 rp->conn_count = cpu_to_le16(i);
2660 /* Recalculate length in case of filtered SCO connections, etc */
2661 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2662 struct_size(rp, addr, i));
2667 hci_dev_unlock(hdev);
2671 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2672 struct mgmt_cp_pin_code_neg_reply *cp)
2674 struct mgmt_pending_cmd *cmd;
2677 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2682 cmd->cmd_complete = addr_cmd_complete;
2684 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2685 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2687 mgmt_pending_remove(cmd);
2692 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2695 struct hci_conn *conn;
2696 struct mgmt_cp_pin_code_reply *cp = data;
2697 struct hci_cp_pin_code_reply reply;
2698 struct mgmt_pending_cmd *cmd;
2701 bt_dev_dbg(hdev, "sock %p", sk);
2705 if (!hdev_is_powered(hdev)) {
2706 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2707 MGMT_STATUS_NOT_POWERED);
2711 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2713 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2714 MGMT_STATUS_NOT_CONNECTED);
2718 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2719 struct mgmt_cp_pin_code_neg_reply ncp;
2721 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2723 bt_dev_err(hdev, "PIN code is not 16 bytes long");
2725 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2727 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2728 MGMT_STATUS_INVALID_PARAMS);
2733 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2739 cmd->cmd_complete = addr_cmd_complete;
2741 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2742 reply.pin_len = cp->pin_len;
2743 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2745 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2747 mgmt_pending_remove(cmd);
2750 hci_dev_unlock(hdev);
2754 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2757 struct mgmt_cp_set_io_capability *cp = data;
2759 bt_dev_dbg(hdev, "sock %p", sk);
2761 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2762 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2763 MGMT_STATUS_INVALID_PARAMS);
2767 hdev->io_capability = cp->io_capability;
2769 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
2771 hci_dev_unlock(hdev);
2773 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2777 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2779 struct hci_dev *hdev = conn->hdev;
2780 struct mgmt_pending_cmd *cmd;
2782 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2783 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2786 if (cmd->user_data != conn)
2795 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2797 struct mgmt_rp_pair_device rp;
2798 struct hci_conn *conn = cmd->user_data;
2801 bacpy(&rp.addr.bdaddr, &conn->dst);
2802 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2804 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2805 status, &rp, sizeof(rp));
2807 /* So we don't get further callbacks for this connection */
2808 conn->connect_cfm_cb = NULL;
2809 conn->security_cfm_cb = NULL;
2810 conn->disconn_cfm_cb = NULL;
2812 hci_conn_drop(conn);
2814 /* The device is paired so there is no need to remove
2815 * its connection parameters anymore.
2817 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2824 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2826 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2827 struct mgmt_pending_cmd *cmd;
2829 cmd = find_pairing(conn);
2831 cmd->cmd_complete(cmd, status);
2832 mgmt_pending_remove(cmd);
2836 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2838 struct mgmt_pending_cmd *cmd;
2840 BT_DBG("status %u", status);
2842 cmd = find_pairing(conn);
2844 BT_DBG("Unable to find a pending command");
2848 cmd->cmd_complete(cmd, mgmt_status(status));
2849 mgmt_pending_remove(cmd);
2852 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2854 struct mgmt_pending_cmd *cmd;
2856 BT_DBG("status %u", status);
2861 cmd = find_pairing(conn);
2863 BT_DBG("Unable to find a pending command");
2867 cmd->cmd_complete(cmd, mgmt_status(status));
2868 mgmt_pending_remove(cmd);
2871 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2874 struct mgmt_cp_pair_device *cp = data;
2875 struct mgmt_rp_pair_device rp;
2876 struct mgmt_pending_cmd *cmd;
2877 u8 sec_level, auth_type;
2878 struct hci_conn *conn;
2881 bt_dev_dbg(hdev, "sock %p", sk);
2883 memset(&rp, 0, sizeof(rp));
2884 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2885 rp.addr.type = cp->addr.type;
2887 if (!bdaddr_type_is_valid(cp->addr.type))
2888 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2889 MGMT_STATUS_INVALID_PARAMS,
2892 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2893 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2894 MGMT_STATUS_INVALID_PARAMS,
2899 if (!hdev_is_powered(hdev)) {
2900 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2901 MGMT_STATUS_NOT_POWERED, &rp,
2906 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2907 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2908 MGMT_STATUS_ALREADY_PAIRED, &rp,
2913 sec_level = BT_SECURITY_MEDIUM;
2914 auth_type = HCI_AT_DEDICATED_BONDING;
2916 if (cp->addr.type == BDADDR_BREDR) {
2917 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2920 u8 addr_type = le_addr_type(cp->addr.type);
2921 struct hci_conn_params *p;
2923 /* When pairing a new device, it is expected to remember
2924 * this device for future connections. Adding the connection
2925 * parameter information ahead of time allows tracking
2926 * of the slave preferred values and will speed up any
2927 * further connection establishment.
2929 * If connection parameters already exist, then they
2930 * will be kept and this function does nothing.
2932 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2934 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2935 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2937 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2938 addr_type, sec_level,
2939 HCI_LE_CONN_TIMEOUT);
2945 if (PTR_ERR(conn) == -EBUSY)
2946 status = MGMT_STATUS_BUSY;
2947 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2948 status = MGMT_STATUS_NOT_SUPPORTED;
2949 else if (PTR_ERR(conn) == -ECONNREFUSED)
2950 status = MGMT_STATUS_REJECTED;
2952 status = MGMT_STATUS_CONNECT_FAILED;
2954 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2955 status, &rp, sizeof(rp));
2959 if (conn->connect_cfm_cb) {
2960 hci_conn_drop(conn);
2961 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2962 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2966 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2969 hci_conn_drop(conn);
2973 cmd->cmd_complete = pairing_complete;
2975 /* For LE, just connecting isn't a proof that the pairing finished */
2976 if (cp->addr.type == BDADDR_BREDR) {
2977 conn->connect_cfm_cb = pairing_complete_cb;
2978 conn->security_cfm_cb = pairing_complete_cb;
2979 conn->disconn_cfm_cb = pairing_complete_cb;
2981 conn->connect_cfm_cb = le_pairing_complete_cb;
2982 conn->security_cfm_cb = le_pairing_complete_cb;
2983 conn->disconn_cfm_cb = le_pairing_complete_cb;
2986 conn->io_capability = cp->io_cap;
2987 cmd->user_data = hci_conn_get(conn);
2989 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2990 hci_conn_security(conn, sec_level, auth_type, true)) {
2991 cmd->cmd_complete(cmd, 0);
2992 mgmt_pending_remove(cmd);
2998 hci_dev_unlock(hdev);
3002 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3005 struct mgmt_addr_info *addr = data;
3006 struct mgmt_pending_cmd *cmd;
3007 struct hci_conn *conn;
3010 bt_dev_dbg(hdev, "sock %p", sk);
3014 if (!hdev_is_powered(hdev)) {
3015 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3016 MGMT_STATUS_NOT_POWERED);
3020 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3022 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3023 MGMT_STATUS_INVALID_PARAMS);
3027 conn = cmd->user_data;
3029 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3030 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3031 MGMT_STATUS_INVALID_PARAMS);
3035 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3036 mgmt_pending_remove(cmd);
3038 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3039 addr, sizeof(*addr));
3041 hci_dev_unlock(hdev);
3045 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3046 struct mgmt_addr_info *addr, u16 mgmt_op,
3047 u16 hci_op, __le32 passkey)
3049 struct mgmt_pending_cmd *cmd;
3050 struct hci_conn *conn;
3055 if (!hdev_is_powered(hdev)) {
3056 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3057 MGMT_STATUS_NOT_POWERED, addr,
3062 if (addr->type == BDADDR_BREDR)
3063 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3065 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3066 le_addr_type(addr->type));
3069 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3070 MGMT_STATUS_NOT_CONNECTED, addr,
3075 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3076 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3078 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3079 MGMT_STATUS_SUCCESS, addr,
3082 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3083 MGMT_STATUS_FAILED, addr,
3089 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3095 cmd->cmd_complete = addr_cmd_complete;
3097 /* Continue with pairing via HCI */
3098 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3099 struct hci_cp_user_passkey_reply cp;
3101 bacpy(&cp.bdaddr, &addr->bdaddr);
3102 cp.passkey = passkey;
3103 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3105 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3109 mgmt_pending_remove(cmd);
3112 hci_dev_unlock(hdev);
3116 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3117 void *data, u16 len)
3119 struct mgmt_cp_pin_code_neg_reply *cp = data;
3121 bt_dev_dbg(hdev, "sock %p", sk);
3123 return user_pairing_resp(sk, hdev, &cp->addr,
3124 MGMT_OP_PIN_CODE_NEG_REPLY,
3125 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3128 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3131 struct mgmt_cp_user_confirm_reply *cp = data;
3133 bt_dev_dbg(hdev, "sock %p", sk);
3135 if (len != sizeof(*cp))
3136 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3137 MGMT_STATUS_INVALID_PARAMS);
3139 return user_pairing_resp(sk, hdev, &cp->addr,
3140 MGMT_OP_USER_CONFIRM_REPLY,
3141 HCI_OP_USER_CONFIRM_REPLY, 0);
3144 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3145 void *data, u16 len)
3147 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3149 bt_dev_dbg(hdev, "sock %p", sk);
3151 return user_pairing_resp(sk, hdev, &cp->addr,
3152 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3153 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3156 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3159 struct mgmt_cp_user_passkey_reply *cp = data;
3161 bt_dev_dbg(hdev, "sock %p", sk);
3163 return user_pairing_resp(sk, hdev, &cp->addr,
3164 MGMT_OP_USER_PASSKEY_REPLY,
3165 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3168 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3169 void *data, u16 len)
3171 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3173 bt_dev_dbg(hdev, "sock %p", sk);
3175 return user_pairing_resp(sk, hdev, &cp->addr,
3176 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3177 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3180 static void adv_expire(struct hci_dev *hdev, u32 flags)
3182 struct adv_info *adv_instance;
3183 struct hci_request req;
3186 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3190 /* stop if current instance doesn't need to be changed */
3191 if (!(adv_instance->flags & flags))
3194 cancel_adv_timeout(hdev);
3196 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3200 hci_req_init(&req, hdev);
3201 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3206 hci_req_run(&req, NULL);
3209 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3211 struct mgmt_cp_set_local_name *cp;
3212 struct mgmt_pending_cmd *cmd;
3214 bt_dev_dbg(hdev, "status 0x%02x", status);
3218 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3225 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3226 mgmt_status(status));
3228 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3231 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3232 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3235 mgmt_pending_remove(cmd);
3238 hci_dev_unlock(hdev);
3241 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3244 struct mgmt_cp_set_local_name *cp = data;
3245 struct mgmt_pending_cmd *cmd;
3246 struct hci_request req;
3249 bt_dev_dbg(hdev, "sock %p", sk);
3253 /* If the old values are the same as the new ones just return a
3254 * direct command complete event.
3256 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3257 !memcmp(hdev->short_name, cp->short_name,
3258 sizeof(hdev->short_name))) {
3259 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3264 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3266 if (!hdev_is_powered(hdev)) {
3267 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3269 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3274 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3275 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3276 ext_info_changed(hdev, sk);
3281 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3287 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3289 hci_req_init(&req, hdev);
3291 if (lmp_bredr_capable(hdev)) {
3292 __hci_req_update_name(&req);
3293 __hci_req_update_eir(&req);
3296 /* The name is stored in the scan response data and so
3297 * no need to udpate the advertising data here.
3299 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3300 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3302 err = hci_req_run(&req, set_name_complete);
3304 mgmt_pending_remove(cmd);
3307 hci_dev_unlock(hdev);
3311 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3314 struct mgmt_cp_set_appearance *cp = data;
3318 bt_dev_dbg(hdev, "sock %p", sk);
3320 if (!lmp_le_capable(hdev))
3321 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3322 MGMT_STATUS_NOT_SUPPORTED);
3324 appearance = le16_to_cpu(cp->appearance);
3328 if (hdev->appearance != appearance) {
3329 hdev->appearance = appearance;
3331 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3332 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3334 ext_info_changed(hdev, sk);
3337 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3340 hci_dev_unlock(hdev);
3345 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3346 void *data, u16 len)
3348 struct mgmt_rp_get_phy_confguration rp;
3350 bt_dev_dbg(hdev, "sock %p", sk);
3354 memset(&rp, 0, sizeof(rp));
3356 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3357 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3358 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3360 hci_dev_unlock(hdev);
3362 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3366 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3368 struct mgmt_ev_phy_configuration_changed ev;
3370 memset(&ev, 0, sizeof(ev));
3372 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3374 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3378 static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3379 u16 opcode, struct sk_buff *skb)
3381 struct mgmt_pending_cmd *cmd;
3383 bt_dev_dbg(hdev, "status 0x%02x", status);
3387 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3392 mgmt_cmd_status(cmd->sk, hdev->id,
3393 MGMT_OP_SET_PHY_CONFIGURATION,
3394 mgmt_status(status));
3396 mgmt_cmd_complete(cmd->sk, hdev->id,
3397 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3400 mgmt_phy_configuration_changed(hdev, cmd->sk);
3403 mgmt_pending_remove(cmd);
3406 hci_dev_unlock(hdev);
3409 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3410 void *data, u16 len)
3412 struct mgmt_cp_set_phy_confguration *cp = data;
3413 struct hci_cp_le_set_default_phy cp_phy;
3414 struct mgmt_pending_cmd *cmd;
3415 struct hci_request req;
3416 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3417 u16 pkt_type = (HCI_DH1 | HCI_DM1);
3418 bool changed = false;
3421 bt_dev_dbg(hdev, "sock %p", sk);
3423 configurable_phys = get_configurable_phys(hdev);
3424 supported_phys = get_supported_phys(hdev);
3425 selected_phys = __le32_to_cpu(cp->selected_phys);
3427 if (selected_phys & ~supported_phys)
3428 return mgmt_cmd_status(sk, hdev->id,
3429 MGMT_OP_SET_PHY_CONFIGURATION,
3430 MGMT_STATUS_INVALID_PARAMS);
3432 unconfigure_phys = supported_phys & ~configurable_phys;
3434 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3435 return mgmt_cmd_status(sk, hdev->id,
3436 MGMT_OP_SET_PHY_CONFIGURATION,
3437 MGMT_STATUS_INVALID_PARAMS);
3439 if (selected_phys == get_selected_phys(hdev))
3440 return mgmt_cmd_complete(sk, hdev->id,
3441 MGMT_OP_SET_PHY_CONFIGURATION,
3446 if (!hdev_is_powered(hdev)) {
3447 err = mgmt_cmd_status(sk, hdev->id,
3448 MGMT_OP_SET_PHY_CONFIGURATION,
3449 MGMT_STATUS_REJECTED);
3453 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3454 err = mgmt_cmd_status(sk, hdev->id,
3455 MGMT_OP_SET_PHY_CONFIGURATION,
3460 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3461 pkt_type |= (HCI_DH3 | HCI_DM3);
3463 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3465 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3466 pkt_type |= (HCI_DH5 | HCI_DM5);
3468 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3470 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3471 pkt_type &= ~HCI_2DH1;
3473 pkt_type |= HCI_2DH1;
3475 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3476 pkt_type &= ~HCI_2DH3;
3478 pkt_type |= HCI_2DH3;
3480 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3481 pkt_type &= ~HCI_2DH5;
3483 pkt_type |= HCI_2DH5;
3485 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3486 pkt_type &= ~HCI_3DH1;
3488 pkt_type |= HCI_3DH1;
3490 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3491 pkt_type &= ~HCI_3DH3;
3493 pkt_type |= HCI_3DH3;
3495 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3496 pkt_type &= ~HCI_3DH5;
3498 pkt_type |= HCI_3DH5;
3500 if (pkt_type != hdev->pkt_type) {
3501 hdev->pkt_type = pkt_type;
3505 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3506 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
3508 mgmt_phy_configuration_changed(hdev, sk);
3510 err = mgmt_cmd_complete(sk, hdev->id,
3511 MGMT_OP_SET_PHY_CONFIGURATION,
3517 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3524 hci_req_init(&req, hdev);
3526 memset(&cp_phy, 0, sizeof(cp_phy));
3528 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3529 cp_phy.all_phys |= 0x01;
3531 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3532 cp_phy.all_phys |= 0x02;
3534 if (selected_phys & MGMT_PHY_LE_1M_TX)
3535 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3537 if (selected_phys & MGMT_PHY_LE_2M_TX)
3538 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3540 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3541 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3543 if (selected_phys & MGMT_PHY_LE_1M_RX)
3544 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3546 if (selected_phys & MGMT_PHY_LE_2M_RX)
3547 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3549 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3550 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3552 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3554 err = hci_req_run_skb(&req, set_default_phy_complete);
3556 mgmt_pending_remove(cmd);
3559 hci_dev_unlock(hdev);
3564 static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
3567 int err = MGMT_STATUS_SUCCESS;
3568 struct mgmt_cp_set_blocked_keys *keys = data;
3569 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
3570 sizeof(struct mgmt_blocked_key_info));
3571 u16 key_count, expected_len;
3574 bt_dev_dbg(hdev, "sock %p", sk);
3576 key_count = __le16_to_cpu(keys->key_count);
3577 if (key_count > max_key_count) {
3578 bt_dev_err(hdev, "too big key_count value %u", key_count);
3579 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3580 MGMT_STATUS_INVALID_PARAMS);
3583 expected_len = struct_size(keys, keys, key_count);
3584 if (expected_len != len) {
3585 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
3587 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3588 MGMT_STATUS_INVALID_PARAMS);
3593 hci_blocked_keys_clear(hdev);
3595 for (i = 0; i < keys->key_count; ++i) {
3596 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
3599 err = MGMT_STATUS_NO_RESOURCES;
3603 b->type = keys->keys[i].type;
3604 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
3605 list_add_rcu(&b->list, &hdev->blocked_keys);
3607 hci_dev_unlock(hdev);
3609 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3613 static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
3614 void *data, u16 len)
3616 struct mgmt_mode *cp = data;
3618 bool changed = false;
3620 bt_dev_dbg(hdev, "sock %p", sk);
3622 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
3623 return mgmt_cmd_status(sk, hdev->id,
3624 MGMT_OP_SET_WIDEBAND_SPEECH,
3625 MGMT_STATUS_NOT_SUPPORTED);
3627 if (cp->val != 0x00 && cp->val != 0x01)
3628 return mgmt_cmd_status(sk, hdev->id,
3629 MGMT_OP_SET_WIDEBAND_SPEECH,
3630 MGMT_STATUS_INVALID_PARAMS);
3634 if (pending_find(MGMT_OP_SET_WIDEBAND_SPEECH, hdev)) {
3635 err = mgmt_cmd_status(sk, hdev->id,
3636 MGMT_OP_SET_WIDEBAND_SPEECH,
3641 if (hdev_is_powered(hdev) &&
3642 !!cp->val != hci_dev_test_flag(hdev,
3643 HCI_WIDEBAND_SPEECH_ENABLED)) {
3644 err = mgmt_cmd_status(sk, hdev->id,
3645 MGMT_OP_SET_WIDEBAND_SPEECH,
3646 MGMT_STATUS_REJECTED);
3651 changed = !hci_dev_test_and_set_flag(hdev,
3652 HCI_WIDEBAND_SPEECH_ENABLED);
3654 changed = hci_dev_test_and_clear_flag(hdev,
3655 HCI_WIDEBAND_SPEECH_ENABLED);
3657 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
3662 err = new_settings(hdev, sk);
3665 hci_dev_unlock(hdev);
3669 static int read_security_info(struct sock *sk, struct hci_dev *hdev,
3670 void *data, u16 data_len)
3673 struct mgmt_rp_read_security_info *rp = (void *)buf;
3677 bt_dev_dbg(hdev, "sock %p", sk);
3679 memset(&buf, 0, sizeof(buf));
3683 /* When the Read Simple Pairing Options command is supported, then
3684 * the remote public key validation is supported.
3686 if (hdev->commands[41] & 0x08)
3687 flags |= 0x01; /* Remote public key validation (BR/EDR) */
3689 flags |= 0x02; /* Remote public key validation (LE) */
3691 /* When the Read Encryption Key Size command is supported, then the
3692 * encryption key size is enforced.
3694 if (hdev->commands[20] & 0x10)
3695 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
3697 flags |= 0x08; /* Encryption key size enforcement (LE) */
3699 sec_len = eir_append_data(rp->sec, sec_len, 0x01, &flags, 1);
3701 /* When the Read Simple Pairing Options command is supported, then
3702 * also max encryption key size information is provided.
3704 if (hdev->commands[41] & 0x08)
3705 sec_len = eir_append_le16(rp->sec, sec_len, 0x02,
3706 hdev->max_enc_key_size);
3708 sec_len = eir_append_le16(rp->sec, sec_len, 0x03, SMP_MAX_ENC_KEY_SIZE);
3710 rp->sec_len = cpu_to_le16(sec_len);
3712 hci_dev_unlock(hdev);
3714 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_SECURITY_INFO, 0,
3715 rp, sizeof(*rp) + sec_len);
3718 #ifdef CONFIG_BT_FEATURE_DEBUG
3719 /* d4992530-b9ec-469f-ab01-6c481c47da1c */
3720 static const u8 debug_uuid[16] = {
3721 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab,
3722 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4,
3726 static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
3727 void *data, u16 data_len)
3730 struct mgmt_rp_read_exp_features_info *rp = (void *)buf;
3733 bt_dev_dbg(hdev, "sock %p", sk);
3735 memset(&buf, 0, sizeof(buf));
3737 #ifdef CONFIG_BT_FEATURE_DEBUG
3739 u32 flags = bt_dbg_get() ? BIT(0) : 0;
3741 memcpy(rp->features[idx].uuid, debug_uuid, 16);
3742 rp->features[idx].flags = cpu_to_le32(flags);
3747 rp->feature_count = cpu_to_le16(idx);
3749 /* After reading the experimental features information, enable
3750 * the events to update client on any future change.
3752 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3754 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
3755 MGMT_OP_READ_EXP_FEATURES_INFO,
3756 0, rp, sizeof(*rp) + (20 * idx));
3759 #ifdef CONFIG_BT_FEATURE_DEBUG
3760 static int exp_debug_feature_changed(bool enabled, struct sock *skip)
3762 struct mgmt_ev_exp_feature_changed ev;
3764 memset(&ev, 0, sizeof(ev));
3765 memcpy(ev.uuid, debug_uuid, 16);
3766 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
3768 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, NULL,
3770 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
3774 static int set_exp_feature(struct sock *sk, struct hci_dev *hdev,
3775 void *data, u16 data_len)
3777 struct mgmt_cp_set_exp_feature *cp = data;
3778 struct mgmt_rp_set_exp_feature rp;
3780 bt_dev_dbg(hdev, "sock %p", sk);
3782 if (!memcmp(cp->uuid, ZERO_KEY, 16)) {
3783 memset(rp.uuid, 0, 16);
3784 rp.flags = cpu_to_le32(0);
3786 #ifdef CONFIG_BT_FEATURE_DEBUG
3788 bool changed = bt_dbg_get();
3793 exp_debug_feature_changed(false, sk);
3797 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3799 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
3800 MGMT_OP_SET_EXP_FEATURE, 0,
3804 #ifdef CONFIG_BT_FEATURE_DEBUG
3805 if (!memcmp(cp->uuid, debug_uuid, 16)) {
3809 /* Command requires to use the non-controller index */
3811 return mgmt_cmd_status(sk, hdev->id,
3812 MGMT_OP_SET_EXP_FEATURE,
3813 MGMT_STATUS_INVALID_INDEX);
3815 /* Parameters are limited to a single octet */
3816 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
3817 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3818 MGMT_OP_SET_EXP_FEATURE,
3819 MGMT_STATUS_INVALID_PARAMS);
3821 /* Only boolean on/off is supported */
3822 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
3823 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3824 MGMT_OP_SET_EXP_FEATURE,
3825 MGMT_STATUS_INVALID_PARAMS);
3827 val = !!cp->param[0];
3828 changed = val ? !bt_dbg_get() : bt_dbg_get();
3831 memcpy(rp.uuid, debug_uuid, 16);
3832 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
3834 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3836 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
3837 MGMT_OP_SET_EXP_FEATURE, 0,
3841 exp_debug_feature_changed(val, sk);
3847 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
3848 MGMT_OP_SET_EXP_FEATURE,
3849 MGMT_STATUS_NOT_SUPPORTED);
3852 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3853 u16 opcode, struct sk_buff *skb)
3855 struct mgmt_rp_read_local_oob_data mgmt_rp;
3856 size_t rp_size = sizeof(mgmt_rp);
3857 struct mgmt_pending_cmd *cmd;
3859 bt_dev_dbg(hdev, "status %u", status);
3861 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3865 if (status || !skb) {
3866 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3867 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3871 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3873 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3874 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3876 if (skb->len < sizeof(*rp)) {
3877 mgmt_cmd_status(cmd->sk, hdev->id,
3878 MGMT_OP_READ_LOCAL_OOB_DATA,
3879 MGMT_STATUS_FAILED);
3883 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3884 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3886 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3888 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3890 if (skb->len < sizeof(*rp)) {
3891 mgmt_cmd_status(cmd->sk, hdev->id,
3892 MGMT_OP_READ_LOCAL_OOB_DATA,
3893 MGMT_STATUS_FAILED);
3897 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3898 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3900 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3901 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3904 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3905 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3908 mgmt_pending_remove(cmd);
3911 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3912 void *data, u16 data_len)
3914 struct mgmt_pending_cmd *cmd;
3915 struct hci_request req;
3918 bt_dev_dbg(hdev, "sock %p", sk);
3922 if (!hdev_is_powered(hdev)) {
3923 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3924 MGMT_STATUS_NOT_POWERED);
3928 if (!lmp_ssp_capable(hdev)) {
3929 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3930 MGMT_STATUS_NOT_SUPPORTED);
3934 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3935 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3940 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3946 hci_req_init(&req, hdev);
3948 if (bredr_sc_enabled(hdev))
3949 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3951 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3953 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3955 mgmt_pending_remove(cmd);
3958 hci_dev_unlock(hdev);
3962 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3963 void *data, u16 len)
3965 struct mgmt_addr_info *addr = data;
3968 bt_dev_dbg(hdev, "sock %p", sk);
3970 if (!bdaddr_type_is_valid(addr->type))
3971 return mgmt_cmd_complete(sk, hdev->id,
3972 MGMT_OP_ADD_REMOTE_OOB_DATA,
3973 MGMT_STATUS_INVALID_PARAMS,
3974 addr, sizeof(*addr));
3978 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3979 struct mgmt_cp_add_remote_oob_data *cp = data;
3982 if (cp->addr.type != BDADDR_BREDR) {
3983 err = mgmt_cmd_complete(sk, hdev->id,
3984 MGMT_OP_ADD_REMOTE_OOB_DATA,
3985 MGMT_STATUS_INVALID_PARAMS,
3986 &cp->addr, sizeof(cp->addr));
3990 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3991 cp->addr.type, cp->hash,
3992 cp->rand, NULL, NULL);
3994 status = MGMT_STATUS_FAILED;
3996 status = MGMT_STATUS_SUCCESS;
3998 err = mgmt_cmd_complete(sk, hdev->id,
3999 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
4000 &cp->addr, sizeof(cp->addr));
4001 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
4002 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
4003 u8 *rand192, *hash192, *rand256, *hash256;
4006 if (bdaddr_type_is_le(cp->addr.type)) {
4007 /* Enforce zero-valued 192-bit parameters as
4008 * long as legacy SMP OOB isn't implemented.
4010 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
4011 memcmp(cp->hash192, ZERO_KEY, 16)) {
4012 err = mgmt_cmd_complete(sk, hdev->id,
4013 MGMT_OP_ADD_REMOTE_OOB_DATA,
4014 MGMT_STATUS_INVALID_PARAMS,
4015 addr, sizeof(*addr));
4022 /* In case one of the P-192 values is set to zero,
4023 * then just disable OOB data for P-192.
4025 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
4026 !memcmp(cp->hash192, ZERO_KEY, 16)) {
4030 rand192 = cp->rand192;
4031 hash192 = cp->hash192;
4035 /* In case one of the P-256 values is set to zero, then just
4036 * disable OOB data for P-256.
4038 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
4039 !memcmp(cp->hash256, ZERO_KEY, 16)) {
4043 rand256 = cp->rand256;
4044 hash256 = cp->hash256;
4047 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4048 cp->addr.type, hash192, rand192,
4051 status = MGMT_STATUS_FAILED;
4053 status = MGMT_STATUS_SUCCESS;
4055 err = mgmt_cmd_complete(sk, hdev->id,
4056 MGMT_OP_ADD_REMOTE_OOB_DATA,
4057 status, &cp->addr, sizeof(cp->addr));
4059 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
4061 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
4062 MGMT_STATUS_INVALID_PARAMS);
4066 hci_dev_unlock(hdev);
4070 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4071 void *data, u16 len)
4073 struct mgmt_cp_remove_remote_oob_data *cp = data;
4077 bt_dev_dbg(hdev, "sock %p", sk);
4079 if (cp->addr.type != BDADDR_BREDR)
4080 return mgmt_cmd_complete(sk, hdev->id,
4081 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4082 MGMT_STATUS_INVALID_PARAMS,
4083 &cp->addr, sizeof(cp->addr));
4087 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4088 hci_remote_oob_data_clear(hdev);
4089 status = MGMT_STATUS_SUCCESS;
4093 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
4095 status = MGMT_STATUS_INVALID_PARAMS;
4097 status = MGMT_STATUS_SUCCESS;
4100 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4101 status, &cp->addr, sizeof(cp->addr));
4103 hci_dev_unlock(hdev);
4107 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
4109 struct mgmt_pending_cmd *cmd;
4111 bt_dev_dbg(hdev, "status %d", status);
4115 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
4117 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4120 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
4123 cmd->cmd_complete(cmd, mgmt_status(status));
4124 mgmt_pending_remove(cmd);
4127 hci_dev_unlock(hdev);
4129 /* Handle suspend notifier */
4130 if (test_and_clear_bit(SUSPEND_UNPAUSE_DISCOVERY,
4131 hdev->suspend_tasks)) {
4132 bt_dev_dbg(hdev, "Unpaused discovery");
4133 wake_up(&hdev->suspend_wait_q);
4137 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
4138 uint8_t *mgmt_status)
4141 case DISCOV_TYPE_LE:
4142 *mgmt_status = mgmt_le_support(hdev);
4146 case DISCOV_TYPE_INTERLEAVED:
4147 *mgmt_status = mgmt_le_support(hdev);
4150 /* Intentional fall-through */
4151 case DISCOV_TYPE_BREDR:
4152 *mgmt_status = mgmt_bredr_support(hdev);
4157 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
4164 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
4165 u16 op, void *data, u16 len)
4167 struct mgmt_cp_start_discovery *cp = data;
4168 struct mgmt_pending_cmd *cmd;
4172 bt_dev_dbg(hdev, "sock %p", sk);
4176 if (!hdev_is_powered(hdev)) {
4177 err = mgmt_cmd_complete(sk, hdev->id, op,
4178 MGMT_STATUS_NOT_POWERED,
4179 &cp->type, sizeof(cp->type));
4183 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4184 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4185 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
4186 &cp->type, sizeof(cp->type));
4190 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4191 err = mgmt_cmd_complete(sk, hdev->id, op, status,
4192 &cp->type, sizeof(cp->type));
4196 /* Can't start discovery when it is paused */
4197 if (hdev->discovery_paused) {
4198 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
4199 &cp->type, sizeof(cp->type));
4203 /* Clear the discovery filter first to free any previously
4204 * allocated memory for the UUID list.
4206 hci_discovery_filter_clear(hdev);
4208 hdev->discovery.type = cp->type;
4209 hdev->discovery.report_invalid_rssi = false;
4210 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
4211 hdev->discovery.limited = true;
4213 hdev->discovery.limited = false;
4215 cmd = mgmt_pending_add(sk, op, hdev, data, len);
4221 cmd->cmd_complete = generic_cmd_complete;
4223 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4224 queue_work(hdev->req_workqueue, &hdev->discov_update);
4228 hci_dev_unlock(hdev);
4232 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4233 void *data, u16 len)
4235 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
4239 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
4240 void *data, u16 len)
4242 return start_discovery_internal(sk, hdev,
4243 MGMT_OP_START_LIMITED_DISCOVERY,
4247 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4250 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4254 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4255 void *data, u16 len)
4257 struct mgmt_cp_start_service_discovery *cp = data;
4258 struct mgmt_pending_cmd *cmd;
4259 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4260 u16 uuid_count, expected_len;
4264 bt_dev_dbg(hdev, "sock %p", sk);
4268 if (!hdev_is_powered(hdev)) {
4269 err = mgmt_cmd_complete(sk, hdev->id,
4270 MGMT_OP_START_SERVICE_DISCOVERY,
4271 MGMT_STATUS_NOT_POWERED,
4272 &cp->type, sizeof(cp->type));
4276 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4277 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4278 err = mgmt_cmd_complete(sk, hdev->id,
4279 MGMT_OP_START_SERVICE_DISCOVERY,
4280 MGMT_STATUS_BUSY, &cp->type,
4285 uuid_count = __le16_to_cpu(cp->uuid_count);
4286 if (uuid_count > max_uuid_count) {
4287 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
4289 err = mgmt_cmd_complete(sk, hdev->id,
4290 MGMT_OP_START_SERVICE_DISCOVERY,
4291 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4296 expected_len = sizeof(*cp) + uuid_count * 16;
4297 if (expected_len != len) {
4298 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
4300 err = mgmt_cmd_complete(sk, hdev->id,
4301 MGMT_OP_START_SERVICE_DISCOVERY,
4302 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4307 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4308 err = mgmt_cmd_complete(sk, hdev->id,
4309 MGMT_OP_START_SERVICE_DISCOVERY,
4310 status, &cp->type, sizeof(cp->type));
4314 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4321 cmd->cmd_complete = service_discovery_cmd_complete;
4323 /* Clear the discovery filter first to free any previously
4324 * allocated memory for the UUID list.
4326 hci_discovery_filter_clear(hdev);
4328 hdev->discovery.result_filtering = true;
4329 hdev->discovery.type = cp->type;
4330 hdev->discovery.rssi = cp->rssi;
4331 hdev->discovery.uuid_count = uuid_count;
4333 if (uuid_count > 0) {
4334 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4336 if (!hdev->discovery.uuids) {
4337 err = mgmt_cmd_complete(sk, hdev->id,
4338 MGMT_OP_START_SERVICE_DISCOVERY,
4340 &cp->type, sizeof(cp->type));
4341 mgmt_pending_remove(cmd);
4346 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4347 queue_work(hdev->req_workqueue, &hdev->discov_update);
4351 hci_dev_unlock(hdev);
4355 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
4357 struct mgmt_pending_cmd *cmd;
4359 bt_dev_dbg(hdev, "status %d", status);
4363 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4365 cmd->cmd_complete(cmd, mgmt_status(status));
4366 mgmt_pending_remove(cmd);
4369 hci_dev_unlock(hdev);
4371 /* Handle suspend notifier */
4372 if (test_and_clear_bit(SUSPEND_PAUSE_DISCOVERY, hdev->suspend_tasks)) {
4373 bt_dev_dbg(hdev, "Paused discovery");
4374 wake_up(&hdev->suspend_wait_q);
4378 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4381 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4382 struct mgmt_pending_cmd *cmd;
4385 bt_dev_dbg(hdev, "sock %p", sk);
4389 if (!hci_discovery_active(hdev)) {
4390 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4391 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4392 sizeof(mgmt_cp->type));
4396 if (hdev->discovery.type != mgmt_cp->type) {
4397 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4398 MGMT_STATUS_INVALID_PARAMS,
4399 &mgmt_cp->type, sizeof(mgmt_cp->type));
4403 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4409 cmd->cmd_complete = generic_cmd_complete;
4411 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4412 queue_work(hdev->req_workqueue, &hdev->discov_update);
4416 hci_dev_unlock(hdev);
4420 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4423 struct mgmt_cp_confirm_name *cp = data;
4424 struct inquiry_entry *e;
4427 bt_dev_dbg(hdev, "sock %p", sk);
4431 if (!hci_discovery_active(hdev)) {
4432 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4433 MGMT_STATUS_FAILED, &cp->addr,
4438 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4440 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4441 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4446 if (cp->name_known) {
4447 e->name_state = NAME_KNOWN;
4450 e->name_state = NAME_NEEDED;
4451 hci_inquiry_cache_update_resolve(hdev, e);
4454 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4455 &cp->addr, sizeof(cp->addr));
4458 hci_dev_unlock(hdev);
4462 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4465 struct mgmt_cp_block_device *cp = data;
4469 bt_dev_dbg(hdev, "sock %p", sk);
4471 if (!bdaddr_type_is_valid(cp->addr.type))
4472 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4473 MGMT_STATUS_INVALID_PARAMS,
4474 &cp->addr, sizeof(cp->addr));
4478 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4481 status = MGMT_STATUS_FAILED;
4485 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4487 status = MGMT_STATUS_SUCCESS;
4490 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4491 &cp->addr, sizeof(cp->addr));
4493 hci_dev_unlock(hdev);
4498 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4501 struct mgmt_cp_unblock_device *cp = data;
4505 bt_dev_dbg(hdev, "sock %p", sk);
4507 if (!bdaddr_type_is_valid(cp->addr.type))
4508 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4509 MGMT_STATUS_INVALID_PARAMS,
4510 &cp->addr, sizeof(cp->addr));
4514 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4517 status = MGMT_STATUS_INVALID_PARAMS;
4521 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4523 status = MGMT_STATUS_SUCCESS;
4526 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4527 &cp->addr, sizeof(cp->addr));
4529 hci_dev_unlock(hdev);
4534 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4537 struct mgmt_cp_set_device_id *cp = data;
4538 struct hci_request req;
4542 bt_dev_dbg(hdev, "sock %p", sk);
4544 source = __le16_to_cpu(cp->source);
4546 if (source > 0x0002)
4547 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4548 MGMT_STATUS_INVALID_PARAMS);
4552 hdev->devid_source = source;
4553 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4554 hdev->devid_product = __le16_to_cpu(cp->product);
4555 hdev->devid_version = __le16_to_cpu(cp->version);
4557 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4560 hci_req_init(&req, hdev);
4561 __hci_req_update_eir(&req);
4562 hci_req_run(&req, NULL);
4564 hci_dev_unlock(hdev);
4569 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4572 bt_dev_dbg(hdev, "status %d", status);
4575 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4578 struct cmd_lookup match = { NULL, hdev };
4579 struct hci_request req;
4581 struct adv_info *adv_instance;
4587 u8 mgmt_err = mgmt_status(status);
4589 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4590 cmd_status_rsp, &mgmt_err);
4594 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4595 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4597 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4599 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4602 new_settings(hdev, match.sk);
4607 /* Handle suspend notifier */
4608 if (test_and_clear_bit(SUSPEND_PAUSE_ADVERTISING,
4609 hdev->suspend_tasks)) {
4610 bt_dev_dbg(hdev, "Paused advertising");
4611 wake_up(&hdev->suspend_wait_q);
4612 } else if (test_and_clear_bit(SUSPEND_UNPAUSE_ADVERTISING,
4613 hdev->suspend_tasks)) {
4614 bt_dev_dbg(hdev, "Unpaused advertising");
4615 wake_up(&hdev->suspend_wait_q);
4618 /* If "Set Advertising" was just disabled and instance advertising was
4619 * set up earlier, then re-enable multi-instance advertising.
4621 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4622 list_empty(&hdev->adv_instances))
4625 instance = hdev->cur_adv_instance;
4627 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4628 struct adv_info, list);
4632 instance = adv_instance->instance;
4635 hci_req_init(&req, hdev);
4637 err = __hci_req_schedule_adv_instance(&req, instance, true);
4640 err = hci_req_run(&req, enable_advertising_instance);
4643 bt_dev_err(hdev, "failed to re-configure advertising");
4646 hci_dev_unlock(hdev);
4649 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4652 struct mgmt_mode *cp = data;
4653 struct mgmt_pending_cmd *cmd;
4654 struct hci_request req;
4658 bt_dev_dbg(hdev, "sock %p", sk);
4660 status = mgmt_le_support(hdev);
4662 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4665 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4666 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4667 MGMT_STATUS_INVALID_PARAMS);
4669 if (hdev->advertising_paused)
4670 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4677 /* The following conditions are ones which mean that we should
4678 * not do any HCI communication but directly send a mgmt
4679 * response to user space (after toggling the flag if
4682 if (!hdev_is_powered(hdev) ||
4683 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4684 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4685 hci_conn_num(hdev, LE_LINK) > 0 ||
4686 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4687 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4691 hdev->cur_adv_instance = 0x00;
4692 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4693 if (cp->val == 0x02)
4694 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4696 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4698 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4699 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4702 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4707 err = new_settings(hdev, sk);
4712 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4713 pending_find(MGMT_OP_SET_LE, hdev)) {
4714 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4719 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4725 hci_req_init(&req, hdev);
4727 if (cp->val == 0x02)
4728 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4730 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4732 cancel_adv_timeout(hdev);
4735 /* Switch to instance "0" for the Set Advertising setting.
4736 * We cannot use update_[adv|scan_rsp]_data() here as the
4737 * HCI_ADVERTISING flag is not yet set.
4739 hdev->cur_adv_instance = 0x00;
4741 if (ext_adv_capable(hdev)) {
4742 __hci_req_start_ext_adv(&req, 0x00);
4744 __hci_req_update_adv_data(&req, 0x00);
4745 __hci_req_update_scan_rsp_data(&req, 0x00);
4746 __hci_req_enable_advertising(&req);
4749 __hci_req_disable_advertising(&req);
4752 err = hci_req_run(&req, set_advertising_complete);
4754 mgmt_pending_remove(cmd);
4757 hci_dev_unlock(hdev);
4761 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4762 void *data, u16 len)
4764 struct mgmt_cp_set_static_address *cp = data;
4767 bt_dev_dbg(hdev, "sock %p", sk);
4769 if (!lmp_le_capable(hdev))
4770 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4771 MGMT_STATUS_NOT_SUPPORTED);
4773 if (hdev_is_powered(hdev))
4774 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4775 MGMT_STATUS_REJECTED);
4777 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4778 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4779 return mgmt_cmd_status(sk, hdev->id,
4780 MGMT_OP_SET_STATIC_ADDRESS,
4781 MGMT_STATUS_INVALID_PARAMS);
4783 /* Two most significant bits shall be set */
4784 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4785 return mgmt_cmd_status(sk, hdev->id,
4786 MGMT_OP_SET_STATIC_ADDRESS,
4787 MGMT_STATUS_INVALID_PARAMS);
4792 bacpy(&hdev->static_addr, &cp->bdaddr);
4794 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4798 err = new_settings(hdev, sk);
4801 hci_dev_unlock(hdev);
4805 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4806 void *data, u16 len)
4808 struct mgmt_cp_set_scan_params *cp = data;
4809 __u16 interval, window;
4812 bt_dev_dbg(hdev, "sock %p", sk);
4814 if (!lmp_le_capable(hdev))
4815 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4816 MGMT_STATUS_NOT_SUPPORTED);
4818 interval = __le16_to_cpu(cp->interval);
4820 if (interval < 0x0004 || interval > 0x4000)
4821 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4822 MGMT_STATUS_INVALID_PARAMS);
4824 window = __le16_to_cpu(cp->window);
4826 if (window < 0x0004 || window > 0x4000)
4827 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4828 MGMT_STATUS_INVALID_PARAMS);
4830 if (window > interval)
4831 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4832 MGMT_STATUS_INVALID_PARAMS);
4836 hdev->le_scan_interval = interval;
4837 hdev->le_scan_window = window;
4839 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4842 /* If background scan is running, restart it so new parameters are
4845 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4846 hdev->discovery.state == DISCOVERY_STOPPED) {
4847 struct hci_request req;
4849 hci_req_init(&req, hdev);
4851 hci_req_add_le_scan_disable(&req);
4852 hci_req_add_le_passive_scan(&req);
4854 hci_req_run(&req, NULL);
4857 hci_dev_unlock(hdev);
4862 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4865 struct mgmt_pending_cmd *cmd;
4867 bt_dev_dbg(hdev, "status 0x%02x", status);
4871 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4876 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4877 mgmt_status(status));
4879 struct mgmt_mode *cp = cmd->param;
4882 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4884 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4886 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4887 new_settings(hdev, cmd->sk);
4890 mgmt_pending_remove(cmd);
4893 hci_dev_unlock(hdev);
4896 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4897 void *data, u16 len)
4899 struct mgmt_mode *cp = data;
4900 struct mgmt_pending_cmd *cmd;
4901 struct hci_request req;
4904 bt_dev_dbg(hdev, "sock %p", sk);
4906 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4907 hdev->hci_ver < BLUETOOTH_VER_1_2)
4908 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4909 MGMT_STATUS_NOT_SUPPORTED);
4911 if (cp->val != 0x00 && cp->val != 0x01)
4912 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4913 MGMT_STATUS_INVALID_PARAMS);
4917 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4918 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4923 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4924 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4929 if (!hdev_is_powered(hdev)) {
4930 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4931 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4933 new_settings(hdev, sk);
4937 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4944 hci_req_init(&req, hdev);
4946 __hci_req_write_fast_connectable(&req, cp->val);
4948 err = hci_req_run(&req, fast_connectable_complete);
4950 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4951 MGMT_STATUS_FAILED);
4952 mgmt_pending_remove(cmd);
4956 hci_dev_unlock(hdev);
4961 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4963 struct mgmt_pending_cmd *cmd;
4965 bt_dev_dbg(hdev, "status 0x%02x", status);
4969 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4974 u8 mgmt_err = mgmt_status(status);
4976 /* We need to restore the flag if related HCI commands
4979 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4981 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4983 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4984 new_settings(hdev, cmd->sk);
4987 mgmt_pending_remove(cmd);
4990 hci_dev_unlock(hdev);
4993 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4995 struct mgmt_mode *cp = data;
4996 struct mgmt_pending_cmd *cmd;
4997 struct hci_request req;
5000 bt_dev_dbg(hdev, "sock %p", sk);
5002 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
5003 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5004 MGMT_STATUS_NOT_SUPPORTED);
5006 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5007 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5008 MGMT_STATUS_REJECTED);
5010 if (cp->val != 0x00 && cp->val != 0x01)
5011 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5012 MGMT_STATUS_INVALID_PARAMS);
5016 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5017 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5021 if (!hdev_is_powered(hdev)) {
5023 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
5024 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
5025 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
5026 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5027 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
5030 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
5032 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5036 err = new_settings(hdev, sk);
5040 /* Reject disabling when powered on */
5042 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5043 MGMT_STATUS_REJECTED);
5046 /* When configuring a dual-mode controller to operate
5047 * with LE only and using a static address, then switching
5048 * BR/EDR back on is not allowed.
5050 * Dual-mode controllers shall operate with the public
5051 * address as its identity address for BR/EDR and LE. So
5052 * reject the attempt to create an invalid configuration.
5054 * The same restrictions applies when secure connections
5055 * has been enabled. For BR/EDR this is a controller feature
5056 * while for LE it is a host stack feature. This means that
5057 * switching BR/EDR back on when secure connections has been
5058 * enabled is not a supported transaction.
5060 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5061 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5062 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
5063 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5064 MGMT_STATUS_REJECTED);
5069 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
5070 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5075 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5081 /* We need to flip the bit already here so that
5082 * hci_req_update_adv_data generates the correct flags.
5084 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
5086 hci_req_init(&req, hdev);
5088 __hci_req_write_fast_connectable(&req, false);
5089 __hci_req_update_scan(&req);
5091 /* Since only the advertising data flags will change, there
5092 * is no need to update the scan response data.
5094 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
5096 err = hci_req_run(&req, set_bredr_complete);
5098 mgmt_pending_remove(cmd);
5101 hci_dev_unlock(hdev);
5105 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5107 struct mgmt_pending_cmd *cmd;
5108 struct mgmt_mode *cp;
5110 bt_dev_dbg(hdev, "status %u", status);
5114 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5119 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5120 mgmt_status(status));
5128 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5129 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5132 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5133 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5136 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5137 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5141 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5142 new_settings(hdev, cmd->sk);
5145 mgmt_pending_remove(cmd);
5147 hci_dev_unlock(hdev);
5150 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5151 void *data, u16 len)
5153 struct mgmt_mode *cp = data;
5154 struct mgmt_pending_cmd *cmd;
5155 struct hci_request req;
5159 bt_dev_dbg(hdev, "sock %p", sk);
5161 if (!lmp_sc_capable(hdev) &&
5162 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5163 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5164 MGMT_STATUS_NOT_SUPPORTED);
5166 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5167 lmp_sc_capable(hdev) &&
5168 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
5169 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5170 MGMT_STATUS_REJECTED);
5172 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5173 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5174 MGMT_STATUS_INVALID_PARAMS);
5178 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5179 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5183 changed = !hci_dev_test_and_set_flag(hdev,
5185 if (cp->val == 0x02)
5186 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5188 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5190 changed = hci_dev_test_and_clear_flag(hdev,
5192 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5195 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5200 err = new_settings(hdev, sk);
5205 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5206 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5213 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5214 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5215 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5219 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5225 hci_req_init(&req, hdev);
5226 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5227 err = hci_req_run(&req, sc_enable_complete);
5229 mgmt_pending_remove(cmd);
5234 hci_dev_unlock(hdev);
5238 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5239 void *data, u16 len)
5241 struct mgmt_mode *cp = data;
5242 bool changed, use_changed;
5245 bt_dev_dbg(hdev, "sock %p", sk);
5247 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5248 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5249 MGMT_STATUS_INVALID_PARAMS);
5254 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5256 changed = hci_dev_test_and_clear_flag(hdev,
5257 HCI_KEEP_DEBUG_KEYS);
5259 if (cp->val == 0x02)
5260 use_changed = !hci_dev_test_and_set_flag(hdev,
5261 HCI_USE_DEBUG_KEYS);
5263 use_changed = hci_dev_test_and_clear_flag(hdev,
5264 HCI_USE_DEBUG_KEYS);
5266 if (hdev_is_powered(hdev) && use_changed &&
5267 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5268 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5269 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5270 sizeof(mode), &mode);
5273 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5278 err = new_settings(hdev, sk);
5281 hci_dev_unlock(hdev);
5285 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5288 struct mgmt_cp_set_privacy *cp = cp_data;
5292 bt_dev_dbg(hdev, "sock %p", sk);
5294 if (!lmp_le_capable(hdev))
5295 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5296 MGMT_STATUS_NOT_SUPPORTED);
5298 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
5299 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5300 MGMT_STATUS_INVALID_PARAMS);
5302 if (hdev_is_powered(hdev))
5303 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5304 MGMT_STATUS_REJECTED);
5308 /* If user space supports this command it is also expected to
5309 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5311 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5314 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
5315 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5316 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5317 hci_adv_instances_set_rpa_expired(hdev, true);
5318 if (cp->privacy == 0x02)
5319 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
5321 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
5323 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
5324 memset(hdev->irk, 0, sizeof(hdev->irk));
5325 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
5326 hci_adv_instances_set_rpa_expired(hdev, false);
5327 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
5330 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5335 err = new_settings(hdev, sk);
5338 hci_dev_unlock(hdev);
5342 static bool irk_is_valid(struct mgmt_irk_info *irk)
5344 switch (irk->addr.type) {
5345 case BDADDR_LE_PUBLIC:
5348 case BDADDR_LE_RANDOM:
5349 /* Two most significant bits shall be set */
5350 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5358 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5361 struct mgmt_cp_load_irks *cp = cp_data;
5362 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5363 sizeof(struct mgmt_irk_info));
5364 u16 irk_count, expected_len;
5367 bt_dev_dbg(hdev, "sock %p", sk);
5369 if (!lmp_le_capable(hdev))
5370 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5371 MGMT_STATUS_NOT_SUPPORTED);
5373 irk_count = __le16_to_cpu(cp->irk_count);
5374 if (irk_count > max_irk_count) {
5375 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
5377 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5378 MGMT_STATUS_INVALID_PARAMS);
5381 expected_len = struct_size(cp, irks, irk_count);
5382 if (expected_len != len) {
5383 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
5385 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5386 MGMT_STATUS_INVALID_PARAMS);
5389 bt_dev_dbg(hdev, "irk_count %u", irk_count);
5391 for (i = 0; i < irk_count; i++) {
5392 struct mgmt_irk_info *key = &cp->irks[i];
5394 if (!irk_is_valid(key))
5395 return mgmt_cmd_status(sk, hdev->id,
5397 MGMT_STATUS_INVALID_PARAMS);
5402 hci_smp_irks_clear(hdev);
5404 for (i = 0; i < irk_count; i++) {
5405 struct mgmt_irk_info *irk = &cp->irks[i];
5407 if (hci_is_blocked_key(hdev,
5408 HCI_BLOCKED_KEY_TYPE_IRK,
5410 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
5415 hci_add_irk(hdev, &irk->addr.bdaddr,
5416 le_addr_type(irk->addr.type), irk->val,
5420 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5422 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5424 hci_dev_unlock(hdev);
5429 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5431 if (key->master != 0x00 && key->master != 0x01)
5434 switch (key->addr.type) {
5435 case BDADDR_LE_PUBLIC:
5438 case BDADDR_LE_RANDOM:
5439 /* Two most significant bits shall be set */
5440 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5448 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5449 void *cp_data, u16 len)
5451 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5452 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5453 sizeof(struct mgmt_ltk_info));
5454 u16 key_count, expected_len;
5457 bt_dev_dbg(hdev, "sock %p", sk);
5459 if (!lmp_le_capable(hdev))
5460 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5461 MGMT_STATUS_NOT_SUPPORTED);
5463 key_count = __le16_to_cpu(cp->key_count);
5464 if (key_count > max_key_count) {
5465 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
5467 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5468 MGMT_STATUS_INVALID_PARAMS);
5471 expected_len = struct_size(cp, keys, key_count);
5472 if (expected_len != len) {
5473 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
5475 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5476 MGMT_STATUS_INVALID_PARAMS);
5479 bt_dev_dbg(hdev, "key_count %u", key_count);
5481 for (i = 0; i < key_count; i++) {
5482 struct mgmt_ltk_info *key = &cp->keys[i];
5484 if (!ltk_is_valid(key))
5485 return mgmt_cmd_status(sk, hdev->id,
5486 MGMT_OP_LOAD_LONG_TERM_KEYS,
5487 MGMT_STATUS_INVALID_PARAMS);
5492 hci_smp_ltks_clear(hdev);
5494 for (i = 0; i < key_count; i++) {
5495 struct mgmt_ltk_info *key = &cp->keys[i];
5496 u8 type, authenticated;
5498 if (hci_is_blocked_key(hdev,
5499 HCI_BLOCKED_KEY_TYPE_LTK,
5501 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
5506 switch (key->type) {
5507 case MGMT_LTK_UNAUTHENTICATED:
5508 authenticated = 0x00;
5509 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5511 case MGMT_LTK_AUTHENTICATED:
5512 authenticated = 0x01;
5513 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5515 case MGMT_LTK_P256_UNAUTH:
5516 authenticated = 0x00;
5517 type = SMP_LTK_P256;
5519 case MGMT_LTK_P256_AUTH:
5520 authenticated = 0x01;
5521 type = SMP_LTK_P256;
5523 case MGMT_LTK_P256_DEBUG:
5524 authenticated = 0x00;
5525 type = SMP_LTK_P256_DEBUG;
5531 hci_add_ltk(hdev, &key->addr.bdaddr,
5532 le_addr_type(key->addr.type), type, authenticated,
5533 key->val, key->enc_size, key->ediv, key->rand);
5536 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5539 hci_dev_unlock(hdev);
5544 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5546 struct hci_conn *conn = cmd->user_data;
5547 struct mgmt_rp_get_conn_info rp;
5550 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5552 if (status == MGMT_STATUS_SUCCESS) {
5553 rp.rssi = conn->rssi;
5554 rp.tx_power = conn->tx_power;
5555 rp.max_tx_power = conn->max_tx_power;
5557 rp.rssi = HCI_RSSI_INVALID;
5558 rp.tx_power = HCI_TX_POWER_INVALID;
5559 rp.max_tx_power = HCI_TX_POWER_INVALID;
5562 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5563 status, &rp, sizeof(rp));
5565 hci_conn_drop(conn);
5571 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5574 struct hci_cp_read_rssi *cp;
5575 struct mgmt_pending_cmd *cmd;
5576 struct hci_conn *conn;
5580 bt_dev_dbg(hdev, "status 0x%02x", hci_status);
5584 /* Commands sent in request are either Read RSSI or Read Transmit Power
5585 * Level so we check which one was last sent to retrieve connection
5586 * handle. Both commands have handle as first parameter so it's safe to
5587 * cast data on the same command struct.
5589 * First command sent is always Read RSSI and we fail only if it fails.
5590 * In other case we simply override error to indicate success as we
5591 * already remembered if TX power value is actually valid.
5593 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5595 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5596 status = MGMT_STATUS_SUCCESS;
5598 status = mgmt_status(hci_status);
5602 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
5606 handle = __le16_to_cpu(cp->handle);
5607 conn = hci_conn_hash_lookup_handle(hdev, handle);
5609 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
5614 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5618 cmd->cmd_complete(cmd, status);
5619 mgmt_pending_remove(cmd);
5622 hci_dev_unlock(hdev);
5625 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5628 struct mgmt_cp_get_conn_info *cp = data;
5629 struct mgmt_rp_get_conn_info rp;
5630 struct hci_conn *conn;
5631 unsigned long conn_info_age;
5634 bt_dev_dbg(hdev, "sock %p", sk);
5636 memset(&rp, 0, sizeof(rp));
5637 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5638 rp.addr.type = cp->addr.type;
5640 if (!bdaddr_type_is_valid(cp->addr.type))
5641 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5642 MGMT_STATUS_INVALID_PARAMS,
5647 if (!hdev_is_powered(hdev)) {
5648 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5649 MGMT_STATUS_NOT_POWERED, &rp,
5654 if (cp->addr.type == BDADDR_BREDR)
5655 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5658 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5660 if (!conn || conn->state != BT_CONNECTED) {
5661 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5662 MGMT_STATUS_NOT_CONNECTED, &rp,
5667 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5668 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5669 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5673 /* To avoid client trying to guess when to poll again for information we
5674 * calculate conn info age as random value between min/max set in hdev.
5676 conn_info_age = hdev->conn_info_min_age +
5677 prandom_u32_max(hdev->conn_info_max_age -
5678 hdev->conn_info_min_age);
5680 /* Query controller to refresh cached values if they are too old or were
5683 if (time_after(jiffies, conn->conn_info_timestamp +
5684 msecs_to_jiffies(conn_info_age)) ||
5685 !conn->conn_info_timestamp) {
5686 struct hci_request req;
5687 struct hci_cp_read_tx_power req_txp_cp;
5688 struct hci_cp_read_rssi req_rssi_cp;
5689 struct mgmt_pending_cmd *cmd;
5691 hci_req_init(&req, hdev);
5692 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5693 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5696 /* For LE links TX power does not change thus we don't need to
5697 * query for it once value is known.
5699 if (!bdaddr_type_is_le(cp->addr.type) ||
5700 conn->tx_power == HCI_TX_POWER_INVALID) {
5701 req_txp_cp.handle = cpu_to_le16(conn->handle);
5702 req_txp_cp.type = 0x00;
5703 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5704 sizeof(req_txp_cp), &req_txp_cp);
5707 /* Max TX power needs to be read only once per connection */
5708 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5709 req_txp_cp.handle = cpu_to_le16(conn->handle);
5710 req_txp_cp.type = 0x01;
5711 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5712 sizeof(req_txp_cp), &req_txp_cp);
5715 err = hci_req_run(&req, conn_info_refresh_complete);
5719 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5726 hci_conn_hold(conn);
5727 cmd->user_data = hci_conn_get(conn);
5728 cmd->cmd_complete = conn_info_cmd_complete;
5730 conn->conn_info_timestamp = jiffies;
5732 /* Cache is valid, just reply with values cached in hci_conn */
5733 rp.rssi = conn->rssi;
5734 rp.tx_power = conn->tx_power;
5735 rp.max_tx_power = conn->max_tx_power;
5737 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5738 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5742 hci_dev_unlock(hdev);
5746 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5748 struct hci_conn *conn = cmd->user_data;
5749 struct mgmt_rp_get_clock_info rp;
5750 struct hci_dev *hdev;
5753 memset(&rp, 0, sizeof(rp));
5754 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5759 hdev = hci_dev_get(cmd->index);
5761 rp.local_clock = cpu_to_le32(hdev->clock);
5766 rp.piconet_clock = cpu_to_le32(conn->clock);
5767 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5771 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5775 hci_conn_drop(conn);
5782 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5784 struct hci_cp_read_clock *hci_cp;
5785 struct mgmt_pending_cmd *cmd;
5786 struct hci_conn *conn;
5788 bt_dev_dbg(hdev, "status %u", status);
5792 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5796 if (hci_cp->which) {
5797 u16 handle = __le16_to_cpu(hci_cp->handle);
5798 conn = hci_conn_hash_lookup_handle(hdev, handle);
5803 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5807 cmd->cmd_complete(cmd, mgmt_status(status));
5808 mgmt_pending_remove(cmd);
5811 hci_dev_unlock(hdev);
5814 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5817 struct mgmt_cp_get_clock_info *cp = data;
5818 struct mgmt_rp_get_clock_info rp;
5819 struct hci_cp_read_clock hci_cp;
5820 struct mgmt_pending_cmd *cmd;
5821 struct hci_request req;
5822 struct hci_conn *conn;
5825 bt_dev_dbg(hdev, "sock %p", sk);
5827 memset(&rp, 0, sizeof(rp));
5828 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5829 rp.addr.type = cp->addr.type;
5831 if (cp->addr.type != BDADDR_BREDR)
5832 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5833 MGMT_STATUS_INVALID_PARAMS,
5838 if (!hdev_is_powered(hdev)) {
5839 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5840 MGMT_STATUS_NOT_POWERED, &rp,
5845 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5846 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5848 if (!conn || conn->state != BT_CONNECTED) {
5849 err = mgmt_cmd_complete(sk, hdev->id,
5850 MGMT_OP_GET_CLOCK_INFO,
5851 MGMT_STATUS_NOT_CONNECTED,
5859 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5865 cmd->cmd_complete = clock_info_cmd_complete;
5867 hci_req_init(&req, hdev);
5869 memset(&hci_cp, 0, sizeof(hci_cp));
5870 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5873 hci_conn_hold(conn);
5874 cmd->user_data = hci_conn_get(conn);
5876 hci_cp.handle = cpu_to_le16(conn->handle);
5877 hci_cp.which = 0x01; /* Piconet clock */
5878 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5881 err = hci_req_run(&req, get_clock_info_complete);
5883 mgmt_pending_remove(cmd);
5886 hci_dev_unlock(hdev);
5890 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5892 struct hci_conn *conn;
5894 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5898 if (conn->dst_type != type)
5901 if (conn->state != BT_CONNECTED)
5907 /* This function requires the caller holds hdev->lock */
5908 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5909 u8 addr_type, u8 auto_connect)
5911 struct hci_conn_params *params;
5913 params = hci_conn_params_add(hdev, addr, addr_type);
5917 if (params->auto_connect == auto_connect)
5920 list_del_init(¶ms->action);
5922 switch (auto_connect) {
5923 case HCI_AUTO_CONN_DISABLED:
5924 case HCI_AUTO_CONN_LINK_LOSS:
5925 /* If auto connect is being disabled when we're trying to
5926 * connect to device, keep connecting.
5928 if (params->explicit_connect)
5929 list_add(¶ms->action, &hdev->pend_le_conns);
5931 case HCI_AUTO_CONN_REPORT:
5932 if (params->explicit_connect)
5933 list_add(¶ms->action, &hdev->pend_le_conns);
5935 list_add(¶ms->action, &hdev->pend_le_reports);
5937 case HCI_AUTO_CONN_DIRECT:
5938 case HCI_AUTO_CONN_ALWAYS:
5939 if (!is_connected(hdev, addr, addr_type))
5940 list_add(¶ms->action, &hdev->pend_le_conns);
5944 params->auto_connect = auto_connect;
5946 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
5947 addr, addr_type, auto_connect);
5952 static void device_added(struct sock *sk, struct hci_dev *hdev,
5953 bdaddr_t *bdaddr, u8 type, u8 action)
5955 struct mgmt_ev_device_added ev;
5957 bacpy(&ev.addr.bdaddr, bdaddr);
5958 ev.addr.type = type;
5961 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5964 static int add_device(struct sock *sk, struct hci_dev *hdev,
5965 void *data, u16 len)
5967 struct mgmt_cp_add_device *cp = data;
5968 u8 auto_conn, addr_type;
5971 bt_dev_dbg(hdev, "sock %p", sk);
5973 if (!bdaddr_type_is_valid(cp->addr.type) ||
5974 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5975 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5976 MGMT_STATUS_INVALID_PARAMS,
5977 &cp->addr, sizeof(cp->addr));
5979 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5980 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5981 MGMT_STATUS_INVALID_PARAMS,
5982 &cp->addr, sizeof(cp->addr));
5986 if (cp->addr.type == BDADDR_BREDR) {
5987 /* Only incoming connections action is supported for now */
5988 if (cp->action != 0x01) {
5989 err = mgmt_cmd_complete(sk, hdev->id,
5991 MGMT_STATUS_INVALID_PARAMS,
5992 &cp->addr, sizeof(cp->addr));
5996 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
6001 hci_req_update_scan(hdev);
6006 addr_type = le_addr_type(cp->addr.type);
6008 if (cp->action == 0x02)
6009 auto_conn = HCI_AUTO_CONN_ALWAYS;
6010 else if (cp->action == 0x01)
6011 auto_conn = HCI_AUTO_CONN_DIRECT;
6013 auto_conn = HCI_AUTO_CONN_REPORT;
6015 /* Kernel internally uses conn_params with resolvable private
6016 * address, but Add Device allows only identity addresses.
6017 * Make sure it is enforced before calling
6018 * hci_conn_params_lookup.
6020 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
6021 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6022 MGMT_STATUS_INVALID_PARAMS,
6023 &cp->addr, sizeof(cp->addr));
6027 /* If the connection parameters don't exist for this device,
6028 * they will be created and configured with defaults.
6030 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
6032 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6033 MGMT_STATUS_FAILED, &cp->addr,
6038 hci_update_background_scan(hdev);
6041 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
6043 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6044 MGMT_STATUS_SUCCESS, &cp->addr,
6048 hci_dev_unlock(hdev);
6052 static void device_removed(struct sock *sk, struct hci_dev *hdev,
6053 bdaddr_t *bdaddr, u8 type)
6055 struct mgmt_ev_device_removed ev;
6057 bacpy(&ev.addr.bdaddr, bdaddr);
6058 ev.addr.type = type;
6060 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6063 static int remove_device(struct sock *sk, struct hci_dev *hdev,
6064 void *data, u16 len)
6066 struct mgmt_cp_remove_device *cp = data;
6069 bt_dev_dbg(hdev, "sock %p", sk);
6073 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6074 struct hci_conn_params *params;
6077 if (!bdaddr_type_is_valid(cp->addr.type)) {
6078 err = mgmt_cmd_complete(sk, hdev->id,
6079 MGMT_OP_REMOVE_DEVICE,
6080 MGMT_STATUS_INVALID_PARAMS,
6081 &cp->addr, sizeof(cp->addr));
6085 if (cp->addr.type == BDADDR_BREDR) {
6086 err = hci_bdaddr_list_del(&hdev->whitelist,
6090 err = mgmt_cmd_complete(sk, hdev->id,
6091 MGMT_OP_REMOVE_DEVICE,
6092 MGMT_STATUS_INVALID_PARAMS,
6098 hci_req_update_scan(hdev);
6100 device_removed(sk, hdev, &cp->addr.bdaddr,
6105 addr_type = le_addr_type(cp->addr.type);
6107 /* Kernel internally uses conn_params with resolvable private
6108 * address, but Remove Device allows only identity addresses.
6109 * Make sure it is enforced before calling
6110 * hci_conn_params_lookup.
6112 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
6113 err = mgmt_cmd_complete(sk, hdev->id,
6114 MGMT_OP_REMOVE_DEVICE,
6115 MGMT_STATUS_INVALID_PARAMS,
6116 &cp->addr, sizeof(cp->addr));
6120 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6123 err = mgmt_cmd_complete(sk, hdev->id,
6124 MGMT_OP_REMOVE_DEVICE,
6125 MGMT_STATUS_INVALID_PARAMS,
6126 &cp->addr, sizeof(cp->addr));
6130 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
6131 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
6132 err = mgmt_cmd_complete(sk, hdev->id,
6133 MGMT_OP_REMOVE_DEVICE,
6134 MGMT_STATUS_INVALID_PARAMS,
6135 &cp->addr, sizeof(cp->addr));
6139 list_del(¶ms->action);
6140 list_del(¶ms->list);
6142 hci_update_background_scan(hdev);
6144 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
6146 struct hci_conn_params *p, *tmp;
6147 struct bdaddr_list *b, *btmp;
6149 if (cp->addr.type) {
6150 err = mgmt_cmd_complete(sk, hdev->id,
6151 MGMT_OP_REMOVE_DEVICE,
6152 MGMT_STATUS_INVALID_PARAMS,
6153 &cp->addr, sizeof(cp->addr));
6157 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6158 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6163 hci_req_update_scan(hdev);
6165 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6166 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6168 device_removed(sk, hdev, &p->addr, p->addr_type);
6169 if (p->explicit_connect) {
6170 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
6173 list_del(&p->action);
6178 bt_dev_dbg(hdev, "All LE connection parameters were removed");
6180 hci_update_background_scan(hdev);
6184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
6185 MGMT_STATUS_SUCCESS, &cp->addr,
6188 hci_dev_unlock(hdev);
6192 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6195 struct mgmt_cp_load_conn_param *cp = data;
6196 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6197 sizeof(struct mgmt_conn_param));
6198 u16 param_count, expected_len;
6201 if (!lmp_le_capable(hdev))
6202 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6203 MGMT_STATUS_NOT_SUPPORTED);
6205 param_count = __le16_to_cpu(cp->param_count);
6206 if (param_count > max_param_count) {
6207 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
6209 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6210 MGMT_STATUS_INVALID_PARAMS);
6213 expected_len = struct_size(cp, params, param_count);
6214 if (expected_len != len) {
6215 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
6217 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6218 MGMT_STATUS_INVALID_PARAMS);
6221 bt_dev_dbg(hdev, "param_count %u", param_count);
6225 hci_conn_params_clear_disabled(hdev);
6227 for (i = 0; i < param_count; i++) {
6228 struct mgmt_conn_param *param = &cp->params[i];
6229 struct hci_conn_params *hci_param;
6230 u16 min, max, latency, timeout;
6233 bt_dev_dbg(hdev, "Adding %pMR (type %u)", ¶m->addr.bdaddr,
6236 if (param->addr.type == BDADDR_LE_PUBLIC) {
6237 addr_type = ADDR_LE_DEV_PUBLIC;
6238 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6239 addr_type = ADDR_LE_DEV_RANDOM;
6241 bt_dev_err(hdev, "ignoring invalid connection parameters");
6245 min = le16_to_cpu(param->min_interval);
6246 max = le16_to_cpu(param->max_interval);
6247 latency = le16_to_cpu(param->latency);
6248 timeout = le16_to_cpu(param->timeout);
6250 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6251 min, max, latency, timeout);
6253 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6254 bt_dev_err(hdev, "ignoring invalid connection parameters");
6258 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
6261 bt_dev_err(hdev, "failed to add connection parameters");
6265 hci_param->conn_min_interval = min;
6266 hci_param->conn_max_interval = max;
6267 hci_param->conn_latency = latency;
6268 hci_param->supervision_timeout = timeout;
6271 hci_dev_unlock(hdev);
6273 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6277 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6278 void *data, u16 len)
6280 struct mgmt_cp_set_external_config *cp = data;
6284 bt_dev_dbg(hdev, "sock %p", sk);
6286 if (hdev_is_powered(hdev))
6287 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6288 MGMT_STATUS_REJECTED);
6290 if (cp->config != 0x00 && cp->config != 0x01)
6291 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6292 MGMT_STATUS_INVALID_PARAMS);
6294 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6295 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6296 MGMT_STATUS_NOT_SUPPORTED);
6301 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6303 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6305 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6312 err = new_options(hdev, sk);
6314 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6315 mgmt_index_removed(hdev);
6317 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6318 hci_dev_set_flag(hdev, HCI_CONFIG);
6319 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6321 queue_work(hdev->req_workqueue, &hdev->power_on);
6323 set_bit(HCI_RAW, &hdev->flags);
6324 mgmt_index_added(hdev);
6329 hci_dev_unlock(hdev);
6333 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6334 void *data, u16 len)
6336 struct mgmt_cp_set_public_address *cp = data;
6340 bt_dev_dbg(hdev, "sock %p", sk);
6342 if (hdev_is_powered(hdev))
6343 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6344 MGMT_STATUS_REJECTED);
6346 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6347 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6348 MGMT_STATUS_INVALID_PARAMS);
6350 if (!hdev->set_bdaddr)
6351 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6352 MGMT_STATUS_NOT_SUPPORTED);
6356 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6357 bacpy(&hdev->public_addr, &cp->bdaddr);
6359 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6366 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6367 err = new_options(hdev, sk);
6369 if (is_configured(hdev)) {
6370 mgmt_index_removed(hdev);
6372 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6374 hci_dev_set_flag(hdev, HCI_CONFIG);
6375 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6377 queue_work(hdev->req_workqueue, &hdev->power_on);
6381 hci_dev_unlock(hdev);
6385 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6386 u16 opcode, struct sk_buff *skb)
6388 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6389 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6390 u8 *h192, *r192, *h256, *r256;
6391 struct mgmt_pending_cmd *cmd;
6395 bt_dev_dbg(hdev, "status %u", status);
6397 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6401 mgmt_cp = cmd->param;
6404 status = mgmt_status(status);
6411 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6412 struct hci_rp_read_local_oob_data *rp;
6414 if (skb->len != sizeof(*rp)) {
6415 status = MGMT_STATUS_FAILED;
6418 status = MGMT_STATUS_SUCCESS;
6419 rp = (void *)skb->data;
6421 eir_len = 5 + 18 + 18;
6428 struct hci_rp_read_local_oob_ext_data *rp;
6430 if (skb->len != sizeof(*rp)) {
6431 status = MGMT_STATUS_FAILED;
6434 status = MGMT_STATUS_SUCCESS;
6435 rp = (void *)skb->data;
6437 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6438 eir_len = 5 + 18 + 18;
6442 eir_len = 5 + 18 + 18 + 18 + 18;
6452 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6459 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6460 hdev->dev_class, 3);
6463 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6464 EIR_SSP_HASH_C192, h192, 16);
6465 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6466 EIR_SSP_RAND_R192, r192, 16);
6470 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6471 EIR_SSP_HASH_C256, h256, 16);
6472 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6473 EIR_SSP_RAND_R256, r256, 16);
6477 mgmt_rp->type = mgmt_cp->type;
6478 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6480 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6481 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6482 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6483 if (err < 0 || status)
6486 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6488 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6489 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6490 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6493 mgmt_pending_remove(cmd);
6496 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6497 struct mgmt_cp_read_local_oob_ext_data *cp)
6499 struct mgmt_pending_cmd *cmd;
6500 struct hci_request req;
6503 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6508 hci_req_init(&req, hdev);
6510 if (bredr_sc_enabled(hdev))
6511 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6513 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6515 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6517 mgmt_pending_remove(cmd);
6524 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6525 void *data, u16 data_len)
6527 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6528 struct mgmt_rp_read_local_oob_ext_data *rp;
6531 u8 status, flags, role, addr[7], hash[16], rand[16];
6534 bt_dev_dbg(hdev, "sock %p", sk);
6536 if (hdev_is_powered(hdev)) {
6538 case BIT(BDADDR_BREDR):
6539 status = mgmt_bredr_support(hdev);
6545 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6546 status = mgmt_le_support(hdev);
6550 eir_len = 9 + 3 + 18 + 18 + 3;
6553 status = MGMT_STATUS_INVALID_PARAMS;
6558 status = MGMT_STATUS_NOT_POWERED;
6562 rp_len = sizeof(*rp) + eir_len;
6563 rp = kmalloc(rp_len, GFP_ATOMIC);
6574 case BIT(BDADDR_BREDR):
6575 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6576 err = read_local_ssp_oob_req(hdev, sk, cp);
6577 hci_dev_unlock(hdev);
6581 status = MGMT_STATUS_FAILED;
6584 eir_len = eir_append_data(rp->eir, eir_len,
6586 hdev->dev_class, 3);
6589 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6590 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6591 smp_generate_oob(hdev, hash, rand) < 0) {
6592 hci_dev_unlock(hdev);
6593 status = MGMT_STATUS_FAILED;
6597 /* This should return the active RPA, but since the RPA
6598 * is only programmed on demand, it is really hard to fill
6599 * this in at the moment. For now disallow retrieving
6600 * local out-of-band data when privacy is in use.
6602 * Returning the identity address will not help here since
6603 * pairing happens before the identity resolving key is
6604 * known and thus the connection establishment happens
6605 * based on the RPA and not the identity address.
6607 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6608 hci_dev_unlock(hdev);
6609 status = MGMT_STATUS_REJECTED;
6613 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6614 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6615 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6616 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6617 memcpy(addr, &hdev->static_addr, 6);
6620 memcpy(addr, &hdev->bdaddr, 6);
6624 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6625 addr, sizeof(addr));
6627 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6632 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6633 &role, sizeof(role));
6635 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6636 eir_len = eir_append_data(rp->eir, eir_len,
6638 hash, sizeof(hash));
6640 eir_len = eir_append_data(rp->eir, eir_len,
6642 rand, sizeof(rand));
6645 flags = mgmt_get_adv_discov_flags(hdev);
6647 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6648 flags |= LE_AD_NO_BREDR;
6650 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6651 &flags, sizeof(flags));
6655 hci_dev_unlock(hdev);
6657 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6659 status = MGMT_STATUS_SUCCESS;
6662 rp->type = cp->type;
6663 rp->eir_len = cpu_to_le16(eir_len);
6665 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6666 status, rp, sizeof(*rp) + eir_len);
6667 if (err < 0 || status)
6670 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6671 rp, sizeof(*rp) + eir_len,
6672 HCI_MGMT_OOB_DATA_EVENTS, sk);
6680 static u32 get_supported_adv_flags(struct hci_dev *hdev)
6684 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6685 flags |= MGMT_ADV_FLAG_DISCOV;
6686 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6687 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6688 flags |= MGMT_ADV_FLAG_APPEARANCE;
6689 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
6691 /* In extended adv TX_POWER returned from Set Adv Param
6692 * will be always valid.
6694 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
6695 ext_adv_capable(hdev))
6696 flags |= MGMT_ADV_FLAG_TX_POWER;
6698 if (ext_adv_capable(hdev)) {
6699 flags |= MGMT_ADV_FLAG_SEC_1M;
6701 if (hdev->le_features[1] & HCI_LE_PHY_2M)
6702 flags |= MGMT_ADV_FLAG_SEC_2M;
6704 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
6705 flags |= MGMT_ADV_FLAG_SEC_CODED;
6711 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6712 void *data, u16 data_len)
6714 struct mgmt_rp_read_adv_features *rp;
6717 struct adv_info *adv_instance;
6718 u32 supported_flags;
6721 bt_dev_dbg(hdev, "sock %p", sk);
6723 if (!lmp_le_capable(hdev))
6724 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6725 MGMT_STATUS_REJECTED);
6729 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
6730 rp = kmalloc(rp_len, GFP_ATOMIC);
6732 hci_dev_unlock(hdev);
6736 supported_flags = get_supported_adv_flags(hdev);
6738 rp->supported_flags = cpu_to_le32(supported_flags);
6739 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6740 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6741 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6742 rp->num_instances = hdev->adv_instance_cnt;
6744 instance = rp->instance;
6745 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6746 *instance = adv_instance->instance;
6750 hci_dev_unlock(hdev);
6752 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6753 MGMT_STATUS_SUCCESS, rp, rp_len);
6760 static u8 calculate_name_len(struct hci_dev *hdev)
6762 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6764 return append_local_name(hdev, buf, 0);
6767 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6770 u8 max_len = HCI_MAX_AD_LENGTH;
6773 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6774 MGMT_ADV_FLAG_LIMITED_DISCOV |
6775 MGMT_ADV_FLAG_MANAGED_FLAGS))
6778 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6781 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6782 max_len -= calculate_name_len(hdev);
6784 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6791 static bool flags_managed(u32 adv_flags)
6793 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6794 MGMT_ADV_FLAG_LIMITED_DISCOV |
6795 MGMT_ADV_FLAG_MANAGED_FLAGS);
6798 static bool tx_power_managed(u32 adv_flags)
6800 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6803 static bool name_managed(u32 adv_flags)
6805 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6808 static bool appearance_managed(u32 adv_flags)
6810 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6813 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6814 u8 len, bool is_adv_data)
6819 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
6824 /* Make sure that the data is correctly formatted. */
6825 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6828 if (data[i + 1] == EIR_FLAGS &&
6829 (!is_adv_data || flags_managed(adv_flags)))
6832 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6835 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6838 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6841 if (data[i + 1] == EIR_APPEARANCE &&
6842 appearance_managed(adv_flags))
6845 /* If the current field length would exceed the total data
6846 * length, then it's invalid.
6848 if (i + cur_len >= len)
6855 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6858 struct mgmt_pending_cmd *cmd;
6859 struct mgmt_cp_add_advertising *cp;
6860 struct mgmt_rp_add_advertising rp;
6861 struct adv_info *adv_instance, *n;
6864 bt_dev_dbg(hdev, "status %d", status);
6868 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6870 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6871 if (!adv_instance->pending)
6875 adv_instance->pending = false;
6879 instance = adv_instance->instance;
6881 if (hdev->cur_adv_instance == instance)
6882 cancel_adv_timeout(hdev);
6884 hci_remove_adv_instance(hdev, instance);
6885 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6892 rp.instance = cp->instance;
6895 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6896 mgmt_status(status));
6898 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6899 mgmt_status(status), &rp, sizeof(rp));
6901 mgmt_pending_remove(cmd);
6904 hci_dev_unlock(hdev);
6907 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6908 void *data, u16 data_len)
6910 struct mgmt_cp_add_advertising *cp = data;
6911 struct mgmt_rp_add_advertising rp;
6913 u32 supported_flags, phy_flags;
6915 u16 timeout, duration;
6916 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6917 u8 schedule_instance = 0;
6918 struct adv_info *next_instance;
6920 struct mgmt_pending_cmd *cmd;
6921 struct hci_request req;
6923 bt_dev_dbg(hdev, "sock %p", sk);
6925 status = mgmt_le_support(hdev);
6927 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6930 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6931 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6932 MGMT_STATUS_INVALID_PARAMS);
6934 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6935 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6936 MGMT_STATUS_INVALID_PARAMS);
6938 flags = __le32_to_cpu(cp->flags);
6939 timeout = __le16_to_cpu(cp->timeout);
6940 duration = __le16_to_cpu(cp->duration);
6942 /* The current implementation only supports a subset of the specified
6943 * flags. Also need to check mutual exclusiveness of sec flags.
6945 supported_flags = get_supported_adv_flags(hdev);
6946 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK;
6947 if (flags & ~supported_flags ||
6948 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
6949 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6950 MGMT_STATUS_INVALID_PARAMS);
6954 if (timeout && !hdev_is_powered(hdev)) {
6955 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6956 MGMT_STATUS_REJECTED);
6960 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6961 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6962 pending_find(MGMT_OP_SET_LE, hdev)) {
6963 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6968 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6969 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6970 cp->scan_rsp_len, false)) {
6971 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6972 MGMT_STATUS_INVALID_PARAMS);
6976 err = hci_add_adv_instance(hdev, cp->instance, flags,
6977 cp->adv_data_len, cp->data,
6979 cp->data + cp->adv_data_len,
6982 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6983 MGMT_STATUS_FAILED);
6987 /* Only trigger an advertising added event if a new instance was
6990 if (hdev->adv_instance_cnt > prev_instance_cnt)
6991 mgmt_advertising_added(sk, hdev, cp->instance);
6993 if (hdev->cur_adv_instance == cp->instance) {
6994 /* If the currently advertised instance is being changed then
6995 * cancel the current advertising and schedule the next
6996 * instance. If there is only one instance then the overridden
6997 * advertising data will be visible right away.
6999 cancel_adv_timeout(hdev);
7001 next_instance = hci_get_next_instance(hdev, cp->instance);
7003 schedule_instance = next_instance->instance;
7004 } else if (!hdev->adv_instance_timeout) {
7005 /* Immediately advertise the new instance if no other
7006 * instance is currently being advertised.
7008 schedule_instance = cp->instance;
7011 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
7012 * there is no instance to be advertised then we have no HCI
7013 * communication to make. Simply return.
7015 if (!hdev_is_powered(hdev) ||
7016 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7017 !schedule_instance) {
7018 rp.instance = cp->instance;
7019 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7020 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7024 /* We're good to go, update advertising data, parameters, and start
7027 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
7034 hci_req_init(&req, hdev);
7036 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
7039 err = hci_req_run(&req, add_advertising_complete);
7042 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7043 MGMT_STATUS_FAILED);
7044 mgmt_pending_remove(cmd);
7048 hci_dev_unlock(hdev);
7053 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
7056 struct mgmt_pending_cmd *cmd;
7057 struct mgmt_cp_remove_advertising *cp;
7058 struct mgmt_rp_remove_advertising rp;
7060 bt_dev_dbg(hdev, "status %d", status);
7064 /* A failure status here only means that we failed to disable
7065 * advertising. Otherwise, the advertising instance has been removed,
7066 * so report success.
7068 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
7073 rp.instance = cp->instance;
7075 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
7077 mgmt_pending_remove(cmd);
7080 hci_dev_unlock(hdev);
7083 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
7084 void *data, u16 data_len)
7086 struct mgmt_cp_remove_advertising *cp = data;
7087 struct mgmt_rp_remove_advertising rp;
7088 struct mgmt_pending_cmd *cmd;
7089 struct hci_request req;
7092 bt_dev_dbg(hdev, "sock %p", sk);
7096 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
7097 err = mgmt_cmd_status(sk, hdev->id,
7098 MGMT_OP_REMOVE_ADVERTISING,
7099 MGMT_STATUS_INVALID_PARAMS);
7103 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7104 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7105 pending_find(MGMT_OP_SET_LE, hdev)) {
7106 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7111 if (list_empty(&hdev->adv_instances)) {
7112 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7113 MGMT_STATUS_INVALID_PARAMS);
7117 hci_req_init(&req, hdev);
7119 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
7121 if (list_empty(&hdev->adv_instances))
7122 __hci_req_disable_advertising(&req);
7124 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
7125 * flag is set or the device isn't powered then we have no HCI
7126 * communication to make. Simply return.
7128 if (skb_queue_empty(&req.cmd_q) ||
7129 !hdev_is_powered(hdev) ||
7130 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
7131 hci_req_purge(&req);
7132 rp.instance = cp->instance;
7133 err = mgmt_cmd_complete(sk, hdev->id,
7134 MGMT_OP_REMOVE_ADVERTISING,
7135 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7139 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
7146 err = hci_req_run(&req, remove_advertising_complete);
7148 mgmt_pending_remove(cmd);
7151 hci_dev_unlock(hdev);
7156 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
7157 void *data, u16 data_len)
7159 struct mgmt_cp_get_adv_size_info *cp = data;
7160 struct mgmt_rp_get_adv_size_info rp;
7161 u32 flags, supported_flags;
7164 bt_dev_dbg(hdev, "sock %p", sk);
7166 if (!lmp_le_capable(hdev))
7167 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7168 MGMT_STATUS_REJECTED);
7170 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
7171 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7172 MGMT_STATUS_INVALID_PARAMS);
7174 flags = __le32_to_cpu(cp->flags);
7176 /* The current implementation only supports a subset of the specified
7179 supported_flags = get_supported_adv_flags(hdev);
7180 if (flags & ~supported_flags)
7181 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7182 MGMT_STATUS_INVALID_PARAMS);
7184 rp.instance = cp->instance;
7185 rp.flags = cp->flags;
7186 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
7187 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
7189 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7190 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7195 static const struct hci_mgmt_handler mgmt_handlers[] = {
7196 { NULL }, /* 0x0000 (no command) */
7197 { read_version, MGMT_READ_VERSION_SIZE,
7199 HCI_MGMT_UNTRUSTED },
7200 { read_commands, MGMT_READ_COMMANDS_SIZE,
7202 HCI_MGMT_UNTRUSTED },
7203 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
7205 HCI_MGMT_UNTRUSTED },
7206 { read_controller_info, MGMT_READ_INFO_SIZE,
7207 HCI_MGMT_UNTRUSTED },
7208 { set_powered, MGMT_SETTING_SIZE },
7209 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
7210 { set_connectable, MGMT_SETTING_SIZE },
7211 { set_fast_connectable, MGMT_SETTING_SIZE },
7212 { set_bondable, MGMT_SETTING_SIZE },
7213 { set_link_security, MGMT_SETTING_SIZE },
7214 { set_ssp, MGMT_SETTING_SIZE },
7215 { set_hs, MGMT_SETTING_SIZE },
7216 { set_le, MGMT_SETTING_SIZE },
7217 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
7218 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
7219 { add_uuid, MGMT_ADD_UUID_SIZE },
7220 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
7221 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
7223 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
7225 { disconnect, MGMT_DISCONNECT_SIZE },
7226 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
7227 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
7228 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7229 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
7230 { pair_device, MGMT_PAIR_DEVICE_SIZE },
7231 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7232 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
7233 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
7234 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7235 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
7236 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
7237 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7238 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
7240 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7241 { start_discovery, MGMT_START_DISCOVERY_SIZE },
7242 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
7243 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
7244 { block_device, MGMT_BLOCK_DEVICE_SIZE },
7245 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
7246 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
7247 { set_advertising, MGMT_SETTING_SIZE },
7248 { set_bredr, MGMT_SETTING_SIZE },
7249 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
7250 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
7251 { set_secure_conn, MGMT_SETTING_SIZE },
7252 { set_debug_keys, MGMT_SETTING_SIZE },
7253 { set_privacy, MGMT_SET_PRIVACY_SIZE },
7254 { load_irks, MGMT_LOAD_IRKS_SIZE,
7256 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
7257 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
7258 { add_device, MGMT_ADD_DEVICE_SIZE },
7259 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
7260 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
7262 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
7264 HCI_MGMT_UNTRUSTED },
7265 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
7266 HCI_MGMT_UNCONFIGURED |
7267 HCI_MGMT_UNTRUSTED },
7268 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
7269 HCI_MGMT_UNCONFIGURED },
7270 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
7271 HCI_MGMT_UNCONFIGURED },
7272 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7274 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
7275 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
7277 HCI_MGMT_UNTRUSTED },
7278 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
7279 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7281 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
7282 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
7283 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
7284 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
7285 HCI_MGMT_UNTRUSTED },
7286 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
7287 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
7288 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
7289 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
7291 { set_wideband_speech, MGMT_SETTING_SIZE },
7292 { read_security_info, MGMT_READ_SECURITY_INFO_SIZE,
7293 HCI_MGMT_UNTRUSTED },
7294 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE,
7295 HCI_MGMT_UNTRUSTED |
7296 HCI_MGMT_HDEV_OPTIONAL },
7297 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE,
7299 HCI_MGMT_HDEV_OPTIONAL },
7302 void mgmt_index_added(struct hci_dev *hdev)
7304 struct mgmt_ev_ext_index ev;
7306 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7309 switch (hdev->dev_type) {
7311 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7312 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7313 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7316 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7317 HCI_MGMT_INDEX_EVENTS);
7330 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7331 HCI_MGMT_EXT_INDEX_EVENTS);
7334 void mgmt_index_removed(struct hci_dev *hdev)
7336 struct mgmt_ev_ext_index ev;
7337 u8 status = MGMT_STATUS_INVALID_INDEX;
7339 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7342 switch (hdev->dev_type) {
7344 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7346 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7347 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7348 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7351 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7352 HCI_MGMT_INDEX_EVENTS);
7365 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7366 HCI_MGMT_EXT_INDEX_EVENTS);
7369 /* This function requires the caller holds hdev->lock */
7370 static void restart_le_actions(struct hci_dev *hdev)
7372 struct hci_conn_params *p;
7374 list_for_each_entry(p, &hdev->le_conn_params, list) {
7375 /* Needed for AUTO_OFF case where might not "really"
7376 * have been powered off.
7378 list_del_init(&p->action);
7380 switch (p->auto_connect) {
7381 case HCI_AUTO_CONN_DIRECT:
7382 case HCI_AUTO_CONN_ALWAYS:
7383 list_add(&p->action, &hdev->pend_le_conns);
7385 case HCI_AUTO_CONN_REPORT:
7386 list_add(&p->action, &hdev->pend_le_reports);
7394 void mgmt_power_on(struct hci_dev *hdev, int err)
7396 struct cmd_lookup match = { NULL, hdev };
7398 bt_dev_dbg(hdev, "err %d", err);
7403 restart_le_actions(hdev);
7404 hci_update_background_scan(hdev);
7407 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7409 new_settings(hdev, match.sk);
7414 hci_dev_unlock(hdev);
7417 void __mgmt_power_off(struct hci_dev *hdev)
7419 struct cmd_lookup match = { NULL, hdev };
7420 u8 status, zero_cod[] = { 0, 0, 0 };
7422 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7424 /* If the power off is because of hdev unregistration let
7425 * use the appropriate INVALID_INDEX status. Otherwise use
7426 * NOT_POWERED. We cover both scenarios here since later in
7427 * mgmt_index_removed() any hci_conn callbacks will have already
7428 * been triggered, potentially causing misleading DISCONNECTED
7431 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7432 status = MGMT_STATUS_INVALID_INDEX;
7434 status = MGMT_STATUS_NOT_POWERED;
7436 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7438 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
7439 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7440 zero_cod, sizeof(zero_cod),
7441 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7442 ext_info_changed(hdev, NULL);
7445 new_settings(hdev, match.sk);
7451 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7453 struct mgmt_pending_cmd *cmd;
7456 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7460 if (err == -ERFKILL)
7461 status = MGMT_STATUS_RFKILLED;
7463 status = MGMT_STATUS_FAILED;
7465 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7467 mgmt_pending_remove(cmd);
7470 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7473 struct mgmt_ev_new_link_key ev;
7475 memset(&ev, 0, sizeof(ev));
7477 ev.store_hint = persistent;
7478 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7479 ev.key.addr.type = BDADDR_BREDR;
7480 ev.key.type = key->type;
7481 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7482 ev.key.pin_len = key->pin_len;
7484 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7487 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7489 switch (ltk->type) {
7492 if (ltk->authenticated)
7493 return MGMT_LTK_AUTHENTICATED;
7494 return MGMT_LTK_UNAUTHENTICATED;
7496 if (ltk->authenticated)
7497 return MGMT_LTK_P256_AUTH;
7498 return MGMT_LTK_P256_UNAUTH;
7499 case SMP_LTK_P256_DEBUG:
7500 return MGMT_LTK_P256_DEBUG;
7503 return MGMT_LTK_UNAUTHENTICATED;
7506 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7508 struct mgmt_ev_new_long_term_key ev;
7510 memset(&ev, 0, sizeof(ev));
7512 /* Devices using resolvable or non-resolvable random addresses
7513 * without providing an identity resolving key don't require
7514 * to store long term keys. Their addresses will change the
7517 * Only when a remote device provides an identity address
7518 * make sure the long term key is stored. If the remote
7519 * identity is known, the long term keys are internally
7520 * mapped to the identity address. So allow static random
7521 * and public addresses here.
7523 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7524 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7525 ev.store_hint = 0x00;
7527 ev.store_hint = persistent;
7529 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7530 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7531 ev.key.type = mgmt_ltk_type(key);
7532 ev.key.enc_size = key->enc_size;
7533 ev.key.ediv = key->ediv;
7534 ev.key.rand = key->rand;
7536 if (key->type == SMP_LTK)
7539 /* Make sure we copy only the significant bytes based on the
7540 * encryption key size, and set the rest of the value to zeroes.
7542 memcpy(ev.key.val, key->val, key->enc_size);
7543 memset(ev.key.val + key->enc_size, 0,
7544 sizeof(ev.key.val) - key->enc_size);
7546 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7549 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
7551 struct mgmt_ev_new_irk ev;
7553 memset(&ev, 0, sizeof(ev));
7555 ev.store_hint = persistent;
7557 bacpy(&ev.rpa, &irk->rpa);
7558 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7559 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7560 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7562 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7565 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7568 struct mgmt_ev_new_csrk ev;
7570 memset(&ev, 0, sizeof(ev));
7572 /* Devices using resolvable or non-resolvable random addresses
7573 * without providing an identity resolving key don't require
7574 * to store signature resolving keys. Their addresses will change
7575 * the next time around.
7577 * Only when a remote device provides an identity address
7578 * make sure the signature resolving key is stored. So allow
7579 * static random and public addresses here.
7581 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7582 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7583 ev.store_hint = 0x00;
7585 ev.store_hint = persistent;
7587 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7588 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7589 ev.key.type = csrk->type;
7590 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7592 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7595 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7596 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7597 u16 max_interval, u16 latency, u16 timeout)
7599 struct mgmt_ev_new_conn_param ev;
7601 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7604 memset(&ev, 0, sizeof(ev));
7605 bacpy(&ev.addr.bdaddr, bdaddr);
7606 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7607 ev.store_hint = store_hint;
7608 ev.min_interval = cpu_to_le16(min_interval);
7609 ev.max_interval = cpu_to_le16(max_interval);
7610 ev.latency = cpu_to_le16(latency);
7611 ev.timeout = cpu_to_le16(timeout);
7613 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7616 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7617 u32 flags, u8 *name, u8 name_len)
7620 struct mgmt_ev_device_connected *ev = (void *) buf;
7623 bacpy(&ev->addr.bdaddr, &conn->dst);
7624 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7626 ev->flags = __cpu_to_le32(flags);
7628 /* We must ensure that the EIR Data fields are ordered and
7629 * unique. Keep it simple for now and avoid the problem by not
7630 * adding any BR/EDR data to the LE adv.
7632 if (conn->le_adv_data_len > 0) {
7633 memcpy(&ev->eir[eir_len],
7634 conn->le_adv_data, conn->le_adv_data_len);
7635 eir_len = conn->le_adv_data_len;
7638 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7641 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7642 eir_len = eir_append_data(ev->eir, eir_len,
7644 conn->dev_class, 3);
7647 ev->eir_len = cpu_to_le16(eir_len);
7649 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7650 sizeof(*ev) + eir_len, NULL);
7653 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7655 struct sock **sk = data;
7657 cmd->cmd_complete(cmd, 0);
7662 mgmt_pending_remove(cmd);
7665 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7667 struct hci_dev *hdev = data;
7668 struct mgmt_cp_unpair_device *cp = cmd->param;
7670 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7672 cmd->cmd_complete(cmd, 0);
7673 mgmt_pending_remove(cmd);
7676 bool mgmt_powering_down(struct hci_dev *hdev)
7678 struct mgmt_pending_cmd *cmd;
7679 struct mgmt_mode *cp;
7681 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7692 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7693 u8 link_type, u8 addr_type, u8 reason,
7694 bool mgmt_connected)
7696 struct mgmt_ev_device_disconnected ev;
7697 struct sock *sk = NULL;
7699 /* The connection is still in hci_conn_hash so test for 1
7700 * instead of 0 to know if this is the last one.
7702 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7703 cancel_delayed_work(&hdev->power_off);
7704 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7707 if (!mgmt_connected)
7710 if (link_type != ACL_LINK && link_type != LE_LINK)
7713 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
7715 bacpy(&ev.addr.bdaddr, bdaddr);
7716 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7719 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
7724 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7728 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7729 u8 link_type, u8 addr_type, u8 status)
7731 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7732 struct mgmt_cp_disconnect *cp;
7733 struct mgmt_pending_cmd *cmd;
7735 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7738 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
7744 if (bacmp(bdaddr, &cp->addr.bdaddr))
7747 if (cp->addr.type != bdaddr_type)
7750 cmd->cmd_complete(cmd, mgmt_status(status));
7751 mgmt_pending_remove(cmd);
7754 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7755 u8 addr_type, u8 status)
7757 struct mgmt_ev_connect_failed ev;
7759 /* The connection is still in hci_conn_hash so test for 1
7760 * instead of 0 to know if this is the last one.
7762 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7763 cancel_delayed_work(&hdev->power_off);
7764 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7767 bacpy(&ev.addr.bdaddr, bdaddr);
7768 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7769 ev.status = mgmt_status(status);
7771 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7774 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7776 struct mgmt_ev_pin_code_request ev;
7778 bacpy(&ev.addr.bdaddr, bdaddr);
7779 ev.addr.type = BDADDR_BREDR;
7782 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7785 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7788 struct mgmt_pending_cmd *cmd;
7790 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7794 cmd->cmd_complete(cmd, mgmt_status(status));
7795 mgmt_pending_remove(cmd);
7798 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7801 struct mgmt_pending_cmd *cmd;
7803 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7807 cmd->cmd_complete(cmd, mgmt_status(status));
7808 mgmt_pending_remove(cmd);
7811 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7812 u8 link_type, u8 addr_type, u32 value,
7815 struct mgmt_ev_user_confirm_request ev;
7817 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
7819 bacpy(&ev.addr.bdaddr, bdaddr);
7820 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7821 ev.confirm_hint = confirm_hint;
7822 ev.value = cpu_to_le32(value);
7824 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7828 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7829 u8 link_type, u8 addr_type)
7831 struct mgmt_ev_user_passkey_request ev;
7833 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
7835 bacpy(&ev.addr.bdaddr, bdaddr);
7836 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7838 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7842 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7843 u8 link_type, u8 addr_type, u8 status,
7846 struct mgmt_pending_cmd *cmd;
7848 cmd = pending_find(opcode, hdev);
7852 cmd->cmd_complete(cmd, mgmt_status(status));
7853 mgmt_pending_remove(cmd);
7858 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7859 u8 link_type, u8 addr_type, u8 status)
7861 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7862 status, MGMT_OP_USER_CONFIRM_REPLY);
7865 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7866 u8 link_type, u8 addr_type, u8 status)
7868 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7870 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7873 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7874 u8 link_type, u8 addr_type, u8 status)
7876 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7877 status, MGMT_OP_USER_PASSKEY_REPLY);
7880 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7881 u8 link_type, u8 addr_type, u8 status)
7883 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7885 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7888 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7889 u8 link_type, u8 addr_type, u32 passkey,
7892 struct mgmt_ev_passkey_notify ev;
7894 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
7896 bacpy(&ev.addr.bdaddr, bdaddr);
7897 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7898 ev.passkey = __cpu_to_le32(passkey);
7899 ev.entered = entered;
7901 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7904 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7906 struct mgmt_ev_auth_failed ev;
7907 struct mgmt_pending_cmd *cmd;
7908 u8 status = mgmt_status(hci_status);
7910 bacpy(&ev.addr.bdaddr, &conn->dst);
7911 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7914 cmd = find_pairing(conn);
7916 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7917 cmd ? cmd->sk : NULL);
7920 cmd->cmd_complete(cmd, status);
7921 mgmt_pending_remove(cmd);
7925 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7927 struct cmd_lookup match = { NULL, hdev };
7931 u8 mgmt_err = mgmt_status(status);
7932 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7933 cmd_status_rsp, &mgmt_err);
7937 if (test_bit(HCI_AUTH, &hdev->flags))
7938 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7940 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7942 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7946 new_settings(hdev, match.sk);
7952 static void clear_eir(struct hci_request *req)
7954 struct hci_dev *hdev = req->hdev;
7955 struct hci_cp_write_eir cp;
7957 if (!lmp_ext_inq_capable(hdev))
7960 memset(hdev->eir, 0, sizeof(hdev->eir));
7962 memset(&cp, 0, sizeof(cp));
7964 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7967 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7969 struct cmd_lookup match = { NULL, hdev };
7970 struct hci_request req;
7971 bool changed = false;
7974 u8 mgmt_err = mgmt_status(status);
7976 if (enable && hci_dev_test_and_clear_flag(hdev,
7978 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7979 new_settings(hdev, NULL);
7982 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7988 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7990 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7992 changed = hci_dev_test_and_clear_flag(hdev,
7995 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7998 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
8001 new_settings(hdev, match.sk);
8006 hci_req_init(&req, hdev);
8008 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
8009 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
8010 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
8011 sizeof(enable), &enable);
8012 __hci_req_update_eir(&req);
8017 hci_req_run(&req, NULL);
8020 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
8022 struct cmd_lookup *match = data;
8024 if (match->sk == NULL) {
8025 match->sk = cmd->sk;
8026 sock_hold(match->sk);
8030 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
8033 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
8035 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
8036 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
8037 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
8040 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
8041 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
8042 ext_info_changed(hdev, NULL);
8049 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
8051 struct mgmt_cp_set_local_name ev;
8052 struct mgmt_pending_cmd *cmd;
8057 memset(&ev, 0, sizeof(ev));
8058 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
8059 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
8061 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
8063 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
8065 /* If this is a HCI command related to powering on the
8066 * HCI dev don't send any mgmt signals.
8068 if (pending_find(MGMT_OP_SET_POWERED, hdev))
8072 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
8073 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
8074 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
8077 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
8081 for (i = 0; i < uuid_count; i++) {
8082 if (!memcmp(uuid, uuids[i], 16))
8089 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
8093 while (parsed < eir_len) {
8094 u8 field_len = eir[0];
8101 if (eir_len - parsed < field_len + 1)
8105 case EIR_UUID16_ALL:
8106 case EIR_UUID16_SOME:
8107 for (i = 0; i + 3 <= field_len; i += 2) {
8108 memcpy(uuid, bluetooth_base_uuid, 16);
8109 uuid[13] = eir[i + 3];
8110 uuid[12] = eir[i + 2];
8111 if (has_uuid(uuid, uuid_count, uuids))
8115 case EIR_UUID32_ALL:
8116 case EIR_UUID32_SOME:
8117 for (i = 0; i + 5 <= field_len; i += 4) {
8118 memcpy(uuid, bluetooth_base_uuid, 16);
8119 uuid[15] = eir[i + 5];
8120 uuid[14] = eir[i + 4];
8121 uuid[13] = eir[i + 3];
8122 uuid[12] = eir[i + 2];
8123 if (has_uuid(uuid, uuid_count, uuids))
8127 case EIR_UUID128_ALL:
8128 case EIR_UUID128_SOME:
8129 for (i = 0; i + 17 <= field_len; i += 16) {
8130 memcpy(uuid, eir + i + 2, 16);
8131 if (has_uuid(uuid, uuid_count, uuids))
8137 parsed += field_len + 1;
8138 eir += field_len + 1;
8144 static void restart_le_scan(struct hci_dev *hdev)
8146 /* If controller is not scanning we are done. */
8147 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
8150 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8151 hdev->discovery.scan_start +
8152 hdev->discovery.scan_duration))
8155 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
8156 DISCOV_LE_RESTART_DELAY);
8159 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8160 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8162 /* If a RSSI threshold has been specified, and
8163 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
8164 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
8165 * is set, let it through for further processing, as we might need to
8168 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
8169 * the results are also dropped.
8171 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8172 (rssi == HCI_RSSI_INVALID ||
8173 (rssi < hdev->discovery.rssi &&
8174 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
8177 if (hdev->discovery.uuid_count != 0) {
8178 /* If a list of UUIDs is provided in filter, results with no
8179 * matching UUID should be dropped.
8181 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8182 hdev->discovery.uuids) &&
8183 !eir_has_uuids(scan_rsp, scan_rsp_len,
8184 hdev->discovery.uuid_count,
8185 hdev->discovery.uuids))
8189 /* If duplicate filtering does not report RSSI changes, then restart
8190 * scanning to ensure updated result with updated RSSI values.
8192 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8193 restart_le_scan(hdev);
8195 /* Validate RSSI value against the RSSI threshold once more. */
8196 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8197 rssi < hdev->discovery.rssi)
8204 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8205 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8206 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8209 struct mgmt_ev_device_found *ev = (void *)buf;
8212 /* Don't send events for a non-kernel initiated discovery. With
8213 * LE one exception is if we have pend_le_reports > 0 in which
8214 * case we're doing passive scanning and want these events.
8216 if (!hci_discovery_active(hdev)) {
8217 if (link_type == ACL_LINK)
8219 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8223 if (hdev->discovery.result_filtering) {
8224 /* We are using service discovery */
8225 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8230 if (hdev->discovery.limited) {
8231 /* Check for limited discoverable bit */
8233 if (!(dev_class[1] & 0x20))
8236 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
8237 if (!flags || !(flags[0] & LE_AD_LIMITED))
8242 /* Make sure that the buffer is big enough. The 5 extra bytes
8243 * are for the potential CoD field.
8245 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
8248 memset(buf, 0, sizeof(buf));
8250 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8251 * RSSI value was reported as 0 when not available. This behavior
8252 * is kept when using device discovery. This is required for full
8253 * backwards compatibility with the API.
8255 * However when using service discovery, the value 127 will be
8256 * returned when the RSSI is not available.
8258 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8259 link_type == ACL_LINK)
8262 bacpy(&ev->addr.bdaddr, bdaddr);
8263 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8265 ev->flags = cpu_to_le32(flags);
8268 /* Copy EIR or advertising data into event */
8269 memcpy(ev->eir, eir, eir_len);
8271 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8273 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8276 if (scan_rsp_len > 0)
8277 /* Append scan response data to event */
8278 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8280 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8281 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
8283 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
8286 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8287 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
8289 struct mgmt_ev_device_found *ev;
8290 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8293 ev = (struct mgmt_ev_device_found *) buf;
8295 memset(buf, 0, sizeof(buf));
8297 bacpy(&ev->addr.bdaddr, bdaddr);
8298 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8301 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8304 ev->eir_len = cpu_to_le16(eir_len);
8306 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
8309 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
8311 struct mgmt_ev_discovering ev;
8313 bt_dev_dbg(hdev, "discovering %u", discovering);
8315 memset(&ev, 0, sizeof(ev));
8316 ev.type = hdev->discovery.type;
8317 ev.discovering = discovering;
8319 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8322 static struct hci_mgmt_chan chan = {
8323 .channel = HCI_CHANNEL_CONTROL,
8324 .handler_count = ARRAY_SIZE(mgmt_handlers),
8325 .handlers = mgmt_handlers,
8326 .hdev_init = mgmt_init_hdev,
8331 return hci_mgmt_chan_register(&chan);
8334 void mgmt_exit(void)
8336 hci_mgmt_chan_unregister(&chan);
projects / linux-2.6-microblaze.git / blob