2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 17
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
109 MGMT_OP_SET_BLOCKED_KEYS,
110 MGMT_OP_SET_WIDEBAND_SPEECH,
111 MGMT_OP_READ_SECURITY_INFO,
114 static const u16 mgmt_events[] = {
115 MGMT_EV_CONTROLLER_ERROR,
117 MGMT_EV_INDEX_REMOVED,
118 MGMT_EV_NEW_SETTINGS,
119 MGMT_EV_CLASS_OF_DEV_CHANGED,
120 MGMT_EV_LOCAL_NAME_CHANGED,
121 MGMT_EV_NEW_LINK_KEY,
122 MGMT_EV_NEW_LONG_TERM_KEY,
123 MGMT_EV_DEVICE_CONNECTED,
124 MGMT_EV_DEVICE_DISCONNECTED,
125 MGMT_EV_CONNECT_FAILED,
126 MGMT_EV_PIN_CODE_REQUEST,
127 MGMT_EV_USER_CONFIRM_REQUEST,
128 MGMT_EV_USER_PASSKEY_REQUEST,
130 MGMT_EV_DEVICE_FOUND,
132 MGMT_EV_DEVICE_BLOCKED,
133 MGMT_EV_DEVICE_UNBLOCKED,
134 MGMT_EV_DEVICE_UNPAIRED,
135 MGMT_EV_PASSKEY_NOTIFY,
138 MGMT_EV_DEVICE_ADDED,
139 MGMT_EV_DEVICE_REMOVED,
140 MGMT_EV_NEW_CONN_PARAM,
141 MGMT_EV_UNCONF_INDEX_ADDED,
142 MGMT_EV_UNCONF_INDEX_REMOVED,
143 MGMT_EV_NEW_CONFIG_OPTIONS,
144 MGMT_EV_EXT_INDEX_ADDED,
145 MGMT_EV_EXT_INDEX_REMOVED,
146 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
147 MGMT_EV_ADVERTISING_ADDED,
148 MGMT_EV_ADVERTISING_REMOVED,
149 MGMT_EV_EXT_INFO_CHANGED,
152 static const u16 mgmt_untrusted_commands[] = {
153 MGMT_OP_READ_INDEX_LIST,
155 MGMT_OP_READ_UNCONF_INDEX_LIST,
156 MGMT_OP_READ_CONFIG_INFO,
157 MGMT_OP_READ_EXT_INDEX_LIST,
158 MGMT_OP_READ_EXT_INFO,
159 MGMT_OP_READ_SECURITY_INFO,
162 static const u16 mgmt_untrusted_events[] = {
164 MGMT_EV_INDEX_REMOVED,
165 MGMT_EV_NEW_SETTINGS,
166 MGMT_EV_CLASS_OF_DEV_CHANGED,
167 MGMT_EV_LOCAL_NAME_CHANGED,
168 MGMT_EV_UNCONF_INDEX_ADDED,
169 MGMT_EV_UNCONF_INDEX_REMOVED,
170 MGMT_EV_NEW_CONFIG_OPTIONS,
171 MGMT_EV_EXT_INDEX_ADDED,
172 MGMT_EV_EXT_INDEX_REMOVED,
173 MGMT_EV_EXT_INFO_CHANGED,
176 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
178 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
179 "\x00\x00\x00\x00\x00\x00\x00\x00"
181 /* HCI to MGMT error code conversion table */
182 static const u8 mgmt_status_table[] = {
184 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
185 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
186 MGMT_STATUS_FAILED, /* Hardware Failure */
187 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
188 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
189 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
190 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
191 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
192 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
193 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
194 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
195 MGMT_STATUS_BUSY, /* Command Disallowed */
196 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
197 MGMT_STATUS_REJECTED, /* Rejected Security */
198 MGMT_STATUS_REJECTED, /* Rejected Personal */
199 MGMT_STATUS_TIMEOUT, /* Host Timeout */
200 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
201 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
202 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
203 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
204 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
205 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
206 MGMT_STATUS_BUSY, /* Repeated Attempts */
207 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
208 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
209 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
210 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
211 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
212 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
213 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
214 MGMT_STATUS_FAILED, /* Unspecified Error */
215 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
216 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
217 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
218 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
219 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
220 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
221 MGMT_STATUS_FAILED, /* Unit Link Key Used */
222 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
223 MGMT_STATUS_TIMEOUT, /* Instant Passed */
224 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
225 MGMT_STATUS_FAILED, /* Transaction Collision */
226 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
227 MGMT_STATUS_REJECTED, /* QoS Rejected */
228 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
229 MGMT_STATUS_REJECTED, /* Insufficient Security */
230 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
231 MGMT_STATUS_BUSY, /* Role Switch Pending */
232 MGMT_STATUS_FAILED, /* Slot Violation */
233 MGMT_STATUS_FAILED, /* Role Switch Failed */
234 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
235 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
236 MGMT_STATUS_BUSY, /* Host Busy Pairing */
237 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
238 MGMT_STATUS_BUSY, /* Controller Busy */
239 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
240 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
241 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
242 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
243 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
246 static u8 mgmt_status(u8 hci_status)
248 if (hci_status < ARRAY_SIZE(mgmt_status_table))
249 return mgmt_status_table[hci_status];
251 return MGMT_STATUS_FAILED;
254 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
257 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
262 u16 len, int flag, struct sock *skip_sk)
264 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
269 struct sock *skip_sk)
271 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
272 HCI_SOCK_TRUSTED, skip_sk);
275 static u8 le_addr_type(u8 mgmt_addr_type)
277 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
278 return ADDR_LE_DEV_PUBLIC;
280 return ADDR_LE_DEV_RANDOM;
283 void mgmt_fill_version_info(void *ver)
285 struct mgmt_rp_read_version *rp = ver;
287 rp->version = MGMT_VERSION;
288 rp->revision = cpu_to_le16(MGMT_REVISION);
291 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
294 struct mgmt_rp_read_version rp;
296 BT_DBG("sock %p", sk);
298 mgmt_fill_version_info(&rp);
300 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
304 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
307 struct mgmt_rp_read_commands *rp;
308 u16 num_commands, num_events;
312 BT_DBG("sock %p", sk);
314 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
315 num_commands = ARRAY_SIZE(mgmt_commands);
316 num_events = ARRAY_SIZE(mgmt_events);
318 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
319 num_events = ARRAY_SIZE(mgmt_untrusted_events);
322 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
324 rp = kmalloc(rp_size, GFP_KERNEL);
328 rp->num_commands = cpu_to_le16(num_commands);
329 rp->num_events = cpu_to_le16(num_events);
331 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
332 __le16 *opcode = rp->opcodes;
334 for (i = 0; i < num_commands; i++, opcode++)
335 put_unaligned_le16(mgmt_commands[i], opcode);
337 for (i = 0; i < num_events; i++, opcode++)
338 put_unaligned_le16(mgmt_events[i], opcode);
340 __le16 *opcode = rp->opcodes;
342 for (i = 0; i < num_commands; i++, opcode++)
343 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
345 for (i = 0; i < num_events; i++, opcode++)
346 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
349 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
356 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
359 struct mgmt_rp_read_index_list *rp;
365 BT_DBG("sock %p", sk);
367 read_lock(&hci_dev_list_lock);
370 list_for_each_entry(d, &hci_dev_list, list) {
371 if (d->dev_type == HCI_PRIMARY &&
372 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
376 rp_len = sizeof(*rp) + (2 * count);
377 rp = kmalloc(rp_len, GFP_ATOMIC);
379 read_unlock(&hci_dev_list_lock);
384 list_for_each_entry(d, &hci_dev_list, list) {
385 if (hci_dev_test_flag(d, HCI_SETUP) ||
386 hci_dev_test_flag(d, HCI_CONFIG) ||
387 hci_dev_test_flag(d, HCI_USER_CHANNEL))
390 /* Devices marked as raw-only are neither configured
391 * nor unconfigured controllers.
393 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
396 if (d->dev_type == HCI_PRIMARY &&
397 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
398 rp->index[count++] = cpu_to_le16(d->id);
399 BT_DBG("Added hci%u", d->id);
403 rp->num_controllers = cpu_to_le16(count);
404 rp_len = sizeof(*rp) + (2 * count);
406 read_unlock(&hci_dev_list_lock);
408 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
416 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
417 void *data, u16 data_len)
419 struct mgmt_rp_read_unconf_index_list *rp;
425 BT_DBG("sock %p", sk);
427 read_lock(&hci_dev_list_lock);
430 list_for_each_entry(d, &hci_dev_list, list) {
431 if (d->dev_type == HCI_PRIMARY &&
432 hci_dev_test_flag(d, HCI_UNCONFIGURED))
436 rp_len = sizeof(*rp) + (2 * count);
437 rp = kmalloc(rp_len, GFP_ATOMIC);
439 read_unlock(&hci_dev_list_lock);
444 list_for_each_entry(d, &hci_dev_list, list) {
445 if (hci_dev_test_flag(d, HCI_SETUP) ||
446 hci_dev_test_flag(d, HCI_CONFIG) ||
447 hci_dev_test_flag(d, HCI_USER_CHANNEL))
450 /* Devices marked as raw-only are neither configured
451 * nor unconfigured controllers.
453 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
456 if (d->dev_type == HCI_PRIMARY &&
457 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
458 rp->index[count++] = cpu_to_le16(d->id);
459 BT_DBG("Added hci%u", d->id);
463 rp->num_controllers = cpu_to_le16(count);
464 rp_len = sizeof(*rp) + (2 * count);
466 read_unlock(&hci_dev_list_lock);
468 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
469 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
476 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
477 void *data, u16 data_len)
479 struct mgmt_rp_read_ext_index_list *rp;
484 BT_DBG("sock %p", sk);
486 read_lock(&hci_dev_list_lock);
489 list_for_each_entry(d, &hci_dev_list, list) {
490 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
494 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
496 read_unlock(&hci_dev_list_lock);
501 list_for_each_entry(d, &hci_dev_list, list) {
502 if (hci_dev_test_flag(d, HCI_SETUP) ||
503 hci_dev_test_flag(d, HCI_CONFIG) ||
504 hci_dev_test_flag(d, HCI_USER_CHANNEL))
507 /* Devices marked as raw-only are neither configured
508 * nor unconfigured controllers.
510 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
513 if (d->dev_type == HCI_PRIMARY) {
514 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
515 rp->entry[count].type = 0x01;
517 rp->entry[count].type = 0x00;
518 } else if (d->dev_type == HCI_AMP) {
519 rp->entry[count].type = 0x02;
524 rp->entry[count].bus = d->bus;
525 rp->entry[count++].index = cpu_to_le16(d->id);
526 BT_DBG("Added hci%u", d->id);
529 rp->num_controllers = cpu_to_le16(count);
531 read_unlock(&hci_dev_list_lock);
533 /* If this command is called at least once, then all the
534 * default index and unconfigured index events are disabled
535 * and from now on only extended index events are used.
537 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
538 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
539 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
541 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
542 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
543 struct_size(rp, entry, count));
550 static bool is_configured(struct hci_dev *hdev)
552 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
553 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
556 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
557 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
558 !bacmp(&hdev->public_addr, BDADDR_ANY))
564 static __le32 get_missing_options(struct hci_dev *hdev)
568 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
569 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
570 options |= MGMT_OPTION_EXTERNAL_CONFIG;
572 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
573 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
574 !bacmp(&hdev->public_addr, BDADDR_ANY))
575 options |= MGMT_OPTION_PUBLIC_ADDRESS;
577 return cpu_to_le32(options);
580 static int new_options(struct hci_dev *hdev, struct sock *skip)
582 __le32 options = get_missing_options(hdev);
584 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
585 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
588 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
590 __le32 options = get_missing_options(hdev);
592 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
596 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
597 void *data, u16 data_len)
599 struct mgmt_rp_read_config_info rp;
602 BT_DBG("sock %p %s", sk, hdev->name);
606 memset(&rp, 0, sizeof(rp));
607 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
609 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
610 options |= MGMT_OPTION_EXTERNAL_CONFIG;
612 if (hdev->set_bdaddr)
613 options |= MGMT_OPTION_PUBLIC_ADDRESS;
615 rp.supported_options = cpu_to_le32(options);
616 rp.missing_options = get_missing_options(hdev);
618 hci_dev_unlock(hdev);
620 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
624 static u32 get_supported_phys(struct hci_dev *hdev)
626 u32 supported_phys = 0;
628 if (lmp_bredr_capable(hdev)) {
629 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
631 if (hdev->features[0][0] & LMP_3SLOT)
632 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
634 if (hdev->features[0][0] & LMP_5SLOT)
635 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
637 if (lmp_edr_2m_capable(hdev)) {
638 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
640 if (lmp_edr_3slot_capable(hdev))
641 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
643 if (lmp_edr_5slot_capable(hdev))
644 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
646 if (lmp_edr_3m_capable(hdev)) {
647 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
649 if (lmp_edr_3slot_capable(hdev))
650 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
652 if (lmp_edr_5slot_capable(hdev))
653 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
658 if (lmp_le_capable(hdev)) {
659 supported_phys |= MGMT_PHY_LE_1M_TX;
660 supported_phys |= MGMT_PHY_LE_1M_RX;
662 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
663 supported_phys |= MGMT_PHY_LE_2M_TX;
664 supported_phys |= MGMT_PHY_LE_2M_RX;
667 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
668 supported_phys |= MGMT_PHY_LE_CODED_TX;
669 supported_phys |= MGMT_PHY_LE_CODED_RX;
673 return supported_phys;
676 static u32 get_selected_phys(struct hci_dev *hdev)
678 u32 selected_phys = 0;
680 if (lmp_bredr_capable(hdev)) {
681 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
683 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
684 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
686 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
687 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
689 if (lmp_edr_2m_capable(hdev)) {
690 if (!(hdev->pkt_type & HCI_2DH1))
691 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
693 if (lmp_edr_3slot_capable(hdev) &&
694 !(hdev->pkt_type & HCI_2DH3))
695 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
697 if (lmp_edr_5slot_capable(hdev) &&
698 !(hdev->pkt_type & HCI_2DH5))
699 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
701 if (lmp_edr_3m_capable(hdev)) {
702 if (!(hdev->pkt_type & HCI_3DH1))
703 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
705 if (lmp_edr_3slot_capable(hdev) &&
706 !(hdev->pkt_type & HCI_3DH3))
707 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
709 if (lmp_edr_5slot_capable(hdev) &&
710 !(hdev->pkt_type & HCI_3DH5))
711 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
716 if (lmp_le_capable(hdev)) {
717 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
718 selected_phys |= MGMT_PHY_LE_1M_TX;
720 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
721 selected_phys |= MGMT_PHY_LE_1M_RX;
723 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
724 selected_phys |= MGMT_PHY_LE_2M_TX;
726 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
727 selected_phys |= MGMT_PHY_LE_2M_RX;
729 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
730 selected_phys |= MGMT_PHY_LE_CODED_TX;
732 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
733 selected_phys |= MGMT_PHY_LE_CODED_RX;
736 return selected_phys;
739 static u32 get_configurable_phys(struct hci_dev *hdev)
741 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
742 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
745 static u32 get_supported_settings(struct hci_dev *hdev)
749 settings |= MGMT_SETTING_POWERED;
750 settings |= MGMT_SETTING_BONDABLE;
751 settings |= MGMT_SETTING_DEBUG_KEYS;
752 settings |= MGMT_SETTING_CONNECTABLE;
753 settings |= MGMT_SETTING_DISCOVERABLE;
755 if (lmp_bredr_capable(hdev)) {
756 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
757 settings |= MGMT_SETTING_FAST_CONNECTABLE;
758 settings |= MGMT_SETTING_BREDR;
759 settings |= MGMT_SETTING_LINK_SECURITY;
761 if (lmp_ssp_capable(hdev)) {
762 settings |= MGMT_SETTING_SSP;
763 settings |= MGMT_SETTING_HS;
766 if (lmp_sc_capable(hdev))
767 settings |= MGMT_SETTING_SECURE_CONN;
769 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
771 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
774 if (lmp_le_capable(hdev)) {
775 settings |= MGMT_SETTING_LE;
776 settings |= MGMT_SETTING_ADVERTISING;
777 settings |= MGMT_SETTING_SECURE_CONN;
778 settings |= MGMT_SETTING_PRIVACY;
779 settings |= MGMT_SETTING_STATIC_ADDRESS;
782 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
784 settings |= MGMT_SETTING_CONFIGURATION;
786 settings |= MGMT_SETTING_PHY_CONFIGURATION;
791 static u32 get_current_settings(struct hci_dev *hdev)
795 if (hdev_is_powered(hdev))
796 settings |= MGMT_SETTING_POWERED;
798 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
799 settings |= MGMT_SETTING_CONNECTABLE;
801 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
802 settings |= MGMT_SETTING_FAST_CONNECTABLE;
804 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
805 settings |= MGMT_SETTING_DISCOVERABLE;
807 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
808 settings |= MGMT_SETTING_BONDABLE;
810 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
811 settings |= MGMT_SETTING_BREDR;
813 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
814 settings |= MGMT_SETTING_LE;
816 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
817 settings |= MGMT_SETTING_LINK_SECURITY;
819 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
820 settings |= MGMT_SETTING_SSP;
822 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
823 settings |= MGMT_SETTING_HS;
825 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
826 settings |= MGMT_SETTING_ADVERTISING;
828 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
829 settings |= MGMT_SETTING_SECURE_CONN;
831 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
832 settings |= MGMT_SETTING_DEBUG_KEYS;
834 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
835 settings |= MGMT_SETTING_PRIVACY;
837 /* The current setting for static address has two purposes. The
838 * first is to indicate if the static address will be used and
839 * the second is to indicate if it is actually set.
841 * This means if the static address is not configured, this flag
842 * will never be set. If the address is configured, then if the
843 * address is actually used decides if the flag is set or not.
845 * For single mode LE only controllers and dual-mode controllers
846 * with BR/EDR disabled, the existence of the static address will
849 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
850 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
851 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
852 if (bacmp(&hdev->static_addr, BDADDR_ANY))
853 settings |= MGMT_SETTING_STATIC_ADDRESS;
856 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
857 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
862 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
864 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
867 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
868 struct hci_dev *hdev,
871 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
874 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
876 struct mgmt_pending_cmd *cmd;
878 /* If there's a pending mgmt command the flags will not yet have
879 * their final values, so check for this first.
881 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
883 struct mgmt_mode *cp = cmd->param;
885 return LE_AD_GENERAL;
886 else if (cp->val == 0x02)
887 return LE_AD_LIMITED;
889 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
890 return LE_AD_LIMITED;
891 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
892 return LE_AD_GENERAL;
898 bool mgmt_get_connectable(struct hci_dev *hdev)
900 struct mgmt_pending_cmd *cmd;
902 /* If there's a pending mgmt command the flag will not yet have
903 * it's final value, so check for this first.
905 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
907 struct mgmt_mode *cp = cmd->param;
912 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
915 static void service_cache_off(struct work_struct *work)
917 struct hci_dev *hdev = container_of(work, struct hci_dev,
919 struct hci_request req;
921 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
924 hci_req_init(&req, hdev);
928 __hci_req_update_eir(&req);
929 __hci_req_update_class(&req);
931 hci_dev_unlock(hdev);
933 hci_req_run(&req, NULL);
936 static void rpa_expired(struct work_struct *work)
938 struct hci_dev *hdev = container_of(work, struct hci_dev,
940 struct hci_request req;
944 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
946 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
949 /* The generation of a new RPA and programming it into the
950 * controller happens in the hci_req_enable_advertising()
953 hci_req_init(&req, hdev);
954 if (ext_adv_capable(hdev))
955 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
957 __hci_req_enable_advertising(&req);
958 hci_req_run(&req, NULL);
961 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
963 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
966 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
967 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
969 /* Non-mgmt controlled devices get this bit set
970 * implicitly so that pairing works for them, however
971 * for mgmt we require user-space to explicitly enable
974 hci_dev_clear_flag(hdev, HCI_BONDABLE);
977 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
978 void *data, u16 data_len)
980 struct mgmt_rp_read_info rp;
982 BT_DBG("sock %p %s", sk, hdev->name);
986 memset(&rp, 0, sizeof(rp));
988 bacpy(&rp.bdaddr, &hdev->bdaddr);
990 rp.version = hdev->hci_ver;
991 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
993 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
994 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
996 memcpy(rp.dev_class, hdev->dev_class, 3);
998 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
999 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1001 hci_dev_unlock(hdev);
1003 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1007 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1012 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1013 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1014 hdev->dev_class, 3);
1016 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1017 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1020 name_len = strlen(hdev->dev_name);
1021 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1022 hdev->dev_name, name_len);
1024 name_len = strlen(hdev->short_name);
1025 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1026 hdev->short_name, name_len);
1031 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1032 void *data, u16 data_len)
1035 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1038 BT_DBG("sock %p %s", sk, hdev->name);
1040 memset(&buf, 0, sizeof(buf));
1044 bacpy(&rp->bdaddr, &hdev->bdaddr);
1046 rp->version = hdev->hci_ver;
1047 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1049 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1050 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1053 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1054 rp->eir_len = cpu_to_le16(eir_len);
1056 hci_dev_unlock(hdev);
1058 /* If this command is called at least once, then the events
1059 * for class of device and local name changes are disabled
1060 * and only the new extended controller information event
1063 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1064 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1065 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1067 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1068 sizeof(*rp) + eir_len);
1071 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1074 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1077 memset(buf, 0, sizeof(buf));
1079 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1080 ev->eir_len = cpu_to_le16(eir_len);
1082 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1083 sizeof(*ev) + eir_len,
1084 HCI_MGMT_EXT_INFO_EVENTS, skip);
1087 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1089 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1091 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1095 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1097 BT_DBG("%s status 0x%02x", hdev->name, status);
1099 if (hci_conn_count(hdev) == 0) {
1100 cancel_delayed_work(&hdev->power_off);
1101 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1105 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1107 struct mgmt_ev_advertising_added ev;
1109 ev.instance = instance;
1111 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1114 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1117 struct mgmt_ev_advertising_removed ev;
1119 ev.instance = instance;
1121 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1124 static void cancel_adv_timeout(struct hci_dev *hdev)
1126 if (hdev->adv_instance_timeout) {
1127 hdev->adv_instance_timeout = 0;
1128 cancel_delayed_work(&hdev->adv_instance_expire);
1132 static int clean_up_hci_state(struct hci_dev *hdev)
1134 struct hci_request req;
1135 struct hci_conn *conn;
1136 bool discov_stopped;
1139 hci_req_init(&req, hdev);
1141 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1142 test_bit(HCI_PSCAN, &hdev->flags)) {
1144 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1147 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1149 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1150 __hci_req_disable_advertising(&req);
1152 discov_stopped = hci_req_stop_discovery(&req);
1154 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1155 /* 0x15 == Terminated due to Power Off */
1156 __hci_abort_conn(&req, conn, 0x15);
1159 err = hci_req_run(&req, clean_up_hci_complete);
1160 if (!err && discov_stopped)
1161 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1166 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1169 struct mgmt_mode *cp = data;
1170 struct mgmt_pending_cmd *cmd;
1173 BT_DBG("request for %s", hdev->name);
1175 if (cp->val != 0x00 && cp->val != 0x01)
1176 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1177 MGMT_STATUS_INVALID_PARAMS);
1181 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1182 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1187 if (!!cp->val == hdev_is_powered(hdev)) {
1188 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1192 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1199 queue_work(hdev->req_workqueue, &hdev->power_on);
1202 /* Disconnect connections, stop scans, etc */
1203 err = clean_up_hci_state(hdev);
1205 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1206 HCI_POWER_OFF_TIMEOUT);
1208 /* ENODATA means there were no HCI commands queued */
1209 if (err == -ENODATA) {
1210 cancel_delayed_work(&hdev->power_off);
1211 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1217 hci_dev_unlock(hdev);
1221 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1223 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1225 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1226 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1229 int mgmt_new_settings(struct hci_dev *hdev)
1231 return new_settings(hdev, NULL);
1236 struct hci_dev *hdev;
1240 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1242 struct cmd_lookup *match = data;
1244 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1246 list_del(&cmd->list);
1248 if (match->sk == NULL) {
1249 match->sk = cmd->sk;
1250 sock_hold(match->sk);
1253 mgmt_pending_free(cmd);
1256 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1260 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1261 mgmt_pending_remove(cmd);
1264 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1266 if (cmd->cmd_complete) {
1269 cmd->cmd_complete(cmd, *status);
1270 mgmt_pending_remove(cmd);
1275 cmd_status_rsp(cmd, data);
1278 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1280 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1281 cmd->param, cmd->param_len);
1284 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1286 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1287 cmd->param, sizeof(struct mgmt_addr_info));
1290 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1292 if (!lmp_bredr_capable(hdev))
1293 return MGMT_STATUS_NOT_SUPPORTED;
1294 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1295 return MGMT_STATUS_REJECTED;
1297 return MGMT_STATUS_SUCCESS;
1300 static u8 mgmt_le_support(struct hci_dev *hdev)
1302 if (!lmp_le_capable(hdev))
1303 return MGMT_STATUS_NOT_SUPPORTED;
1304 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1305 return MGMT_STATUS_REJECTED;
1307 return MGMT_STATUS_SUCCESS;
1310 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1312 struct mgmt_pending_cmd *cmd;
1314 BT_DBG("status 0x%02x", status);
1318 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1323 u8 mgmt_err = mgmt_status(status);
1324 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1325 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1329 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1330 hdev->discov_timeout > 0) {
1331 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1332 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1335 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1336 new_settings(hdev, cmd->sk);
1339 mgmt_pending_remove(cmd);
1342 hci_dev_unlock(hdev);
1345 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1348 struct mgmt_cp_set_discoverable *cp = data;
1349 struct mgmt_pending_cmd *cmd;
1353 BT_DBG("request for %s", hdev->name);
1355 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1356 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1357 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1358 MGMT_STATUS_REJECTED);
1360 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1361 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1362 MGMT_STATUS_INVALID_PARAMS);
1364 timeout = __le16_to_cpu(cp->timeout);
1366 /* Disabling discoverable requires that no timeout is set,
1367 * and enabling limited discoverable requires a timeout.
1369 if ((cp->val == 0x00 && timeout > 0) ||
1370 (cp->val == 0x02 && timeout == 0))
1371 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1372 MGMT_STATUS_INVALID_PARAMS);
1376 if (!hdev_is_powered(hdev) && timeout > 0) {
1377 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1378 MGMT_STATUS_NOT_POWERED);
1382 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1383 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1384 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1389 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1390 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1391 MGMT_STATUS_REJECTED);
1395 if (hdev->advertising_paused) {
1396 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1401 if (!hdev_is_powered(hdev)) {
1402 bool changed = false;
1404 /* Setting limited discoverable when powered off is
1405 * not a valid operation since it requires a timeout
1406 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1408 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1409 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1413 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1418 err = new_settings(hdev, sk);
1423 /* If the current mode is the same, then just update the timeout
1424 * value with the new value. And if only the timeout gets updated,
1425 * then no need for any HCI transactions.
1427 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1428 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1429 HCI_LIMITED_DISCOVERABLE)) {
1430 cancel_delayed_work(&hdev->discov_off);
1431 hdev->discov_timeout = timeout;
1433 if (cp->val && hdev->discov_timeout > 0) {
1434 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1435 queue_delayed_work(hdev->req_workqueue,
1436 &hdev->discov_off, to);
1439 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1443 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1449 /* Cancel any potential discoverable timeout that might be
1450 * still active and store new timeout value. The arming of
1451 * the timeout happens in the complete handler.
1453 cancel_delayed_work(&hdev->discov_off);
1454 hdev->discov_timeout = timeout;
1457 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1459 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1461 /* Limited discoverable mode */
1462 if (cp->val == 0x02)
1463 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1465 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1467 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1471 hci_dev_unlock(hdev);
1475 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1477 struct mgmt_pending_cmd *cmd;
1479 BT_DBG("status 0x%02x", status);
1483 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1488 u8 mgmt_err = mgmt_status(status);
1489 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1493 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1494 new_settings(hdev, cmd->sk);
1497 mgmt_pending_remove(cmd);
1500 hci_dev_unlock(hdev);
1503 static int set_connectable_update_settings(struct hci_dev *hdev,
1504 struct sock *sk, u8 val)
1506 bool changed = false;
1509 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1513 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1515 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1516 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1519 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1524 hci_req_update_scan(hdev);
1525 hci_update_background_scan(hdev);
1526 return new_settings(hdev, sk);
1532 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1535 struct mgmt_mode *cp = data;
1536 struct mgmt_pending_cmd *cmd;
1539 BT_DBG("request for %s", hdev->name);
1541 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1542 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1543 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1544 MGMT_STATUS_REJECTED);
1546 if (cp->val != 0x00 && cp->val != 0x01)
1547 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1548 MGMT_STATUS_INVALID_PARAMS);
1552 if (!hdev_is_powered(hdev)) {
1553 err = set_connectable_update_settings(hdev, sk, cp->val);
1557 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1558 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1559 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1564 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1571 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1573 if (hdev->discov_timeout > 0)
1574 cancel_delayed_work(&hdev->discov_off);
1576 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1577 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1578 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1581 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1585 hci_dev_unlock(hdev);
1589 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1592 struct mgmt_mode *cp = data;
1596 BT_DBG("request for %s", hdev->name);
1598 if (cp->val != 0x00 && cp->val != 0x01)
1599 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1600 MGMT_STATUS_INVALID_PARAMS);
1605 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1607 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1609 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1614 /* In limited privacy mode the change of bondable mode
1615 * may affect the local advertising address.
1617 if (hdev_is_powered(hdev) &&
1618 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1619 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1620 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1621 queue_work(hdev->req_workqueue,
1622 &hdev->discoverable_update);
1624 err = new_settings(hdev, sk);
1628 hci_dev_unlock(hdev);
1632 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1635 struct mgmt_mode *cp = data;
1636 struct mgmt_pending_cmd *cmd;
1640 BT_DBG("request for %s", hdev->name);
1642 status = mgmt_bredr_support(hdev);
1644 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1647 if (cp->val != 0x00 && cp->val != 0x01)
1648 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1649 MGMT_STATUS_INVALID_PARAMS);
1653 if (!hdev_is_powered(hdev)) {
1654 bool changed = false;
1656 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1657 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1661 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1666 err = new_settings(hdev, sk);
1671 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1672 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1679 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1680 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1684 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1690 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1692 mgmt_pending_remove(cmd);
1697 hci_dev_unlock(hdev);
1701 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1703 struct mgmt_mode *cp = data;
1704 struct mgmt_pending_cmd *cmd;
1708 BT_DBG("request for %s", hdev->name);
1710 status = mgmt_bredr_support(hdev);
1712 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1714 if (!lmp_ssp_capable(hdev))
1715 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1716 MGMT_STATUS_NOT_SUPPORTED);
1718 if (cp->val != 0x00 && cp->val != 0x01)
1719 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1720 MGMT_STATUS_INVALID_PARAMS);
1724 if (!hdev_is_powered(hdev)) {
1728 changed = !hci_dev_test_and_set_flag(hdev,
1731 changed = hci_dev_test_and_clear_flag(hdev,
1734 changed = hci_dev_test_and_clear_flag(hdev,
1737 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1740 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1745 err = new_settings(hdev, sk);
1750 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1751 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1756 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1757 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1761 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1767 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1768 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1769 sizeof(cp->val), &cp->val);
1771 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1773 mgmt_pending_remove(cmd);
1778 hci_dev_unlock(hdev);
1782 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1784 struct mgmt_mode *cp = data;
1789 BT_DBG("request for %s", hdev->name);
1791 status = mgmt_bredr_support(hdev);
1793 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1795 if (!lmp_ssp_capable(hdev))
1796 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1797 MGMT_STATUS_NOT_SUPPORTED);
1799 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1800 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1801 MGMT_STATUS_REJECTED);
1803 if (cp->val != 0x00 && cp->val != 0x01)
1804 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1805 MGMT_STATUS_INVALID_PARAMS);
1809 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1810 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1816 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1818 if (hdev_is_powered(hdev)) {
1819 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1820 MGMT_STATUS_REJECTED);
1824 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1827 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1832 err = new_settings(hdev, sk);
1835 hci_dev_unlock(hdev);
1839 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1841 struct cmd_lookup match = { NULL, hdev };
1846 u8 mgmt_err = mgmt_status(status);
1848 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1853 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1855 new_settings(hdev, match.sk);
1860 /* Make sure the controller has a good default for
1861 * advertising data. Restrict the update to when LE
1862 * has actually been enabled. During power on, the
1863 * update in powered_update_hci will take care of it.
1865 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1866 struct hci_request req;
1867 hci_req_init(&req, hdev);
1868 if (ext_adv_capable(hdev)) {
1871 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1873 __hci_req_update_scan_rsp_data(&req, 0x00);
1875 __hci_req_update_adv_data(&req, 0x00);
1876 __hci_req_update_scan_rsp_data(&req, 0x00);
1878 hci_req_run(&req, NULL);
1879 hci_update_background_scan(hdev);
1883 hci_dev_unlock(hdev);
1886 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1888 struct mgmt_mode *cp = data;
1889 struct hci_cp_write_le_host_supported hci_cp;
1890 struct mgmt_pending_cmd *cmd;
1891 struct hci_request req;
1895 BT_DBG("request for %s", hdev->name);
1897 if (!lmp_le_capable(hdev))
1898 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1899 MGMT_STATUS_NOT_SUPPORTED);
1901 if (cp->val != 0x00 && cp->val != 0x01)
1902 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1903 MGMT_STATUS_INVALID_PARAMS);
1905 /* Bluetooth single mode LE only controllers or dual-mode
1906 * controllers configured as LE only devices, do not allow
1907 * switching LE off. These have either LE enabled explicitly
1908 * or BR/EDR has been previously switched off.
1910 * When trying to enable an already enabled LE, then gracefully
1911 * send a positive response. Trying to disable it however will
1912 * result into rejection.
1914 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1915 if (cp->val == 0x01)
1916 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1918 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1919 MGMT_STATUS_REJECTED);
1925 enabled = lmp_host_le_capable(hdev);
1928 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1930 if (!hdev_is_powered(hdev) || val == enabled) {
1931 bool changed = false;
1933 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1934 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1938 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1939 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1943 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1948 err = new_settings(hdev, sk);
1953 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1954 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1955 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1960 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1966 hci_req_init(&req, hdev);
1968 memset(&hci_cp, 0, sizeof(hci_cp));
1972 hci_cp.simul = 0x00;
1974 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1975 __hci_req_disable_advertising(&req);
1977 if (ext_adv_capable(hdev))
1978 __hci_req_clear_ext_adv_sets(&req);
1981 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1984 err = hci_req_run(&req, le_enable_complete);
1986 mgmt_pending_remove(cmd);
1989 hci_dev_unlock(hdev);
1993 /* This is a helper function to test for pending mgmt commands that can
1994 * cause CoD or EIR HCI commands. We can only allow one such pending
1995 * mgmt command at a time since otherwise we cannot easily track what
1996 * the current values are, will be, and based on that calculate if a new
1997 * HCI command needs to be sent and if yes with what value.
1999 static bool pending_eir_or_class(struct hci_dev *hdev)
2001 struct mgmt_pending_cmd *cmd;
2003 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2004 switch (cmd->opcode) {
2005 case MGMT_OP_ADD_UUID:
2006 case MGMT_OP_REMOVE_UUID:
2007 case MGMT_OP_SET_DEV_CLASS:
2008 case MGMT_OP_SET_POWERED:
2016 static const u8 bluetooth_base_uuid[] = {
2017 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2018 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2021 static u8 get_uuid_size(const u8 *uuid)
2025 if (memcmp(uuid, bluetooth_base_uuid, 12))
2028 val = get_unaligned_le32(&uuid[12]);
2035 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2037 struct mgmt_pending_cmd *cmd;
2041 cmd = pending_find(mgmt_op, hdev);
2045 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2046 mgmt_status(status), hdev->dev_class, 3);
2048 mgmt_pending_remove(cmd);
2051 hci_dev_unlock(hdev);
2054 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2056 BT_DBG("status 0x%02x", status);
2058 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2061 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2063 struct mgmt_cp_add_uuid *cp = data;
2064 struct mgmt_pending_cmd *cmd;
2065 struct hci_request req;
2066 struct bt_uuid *uuid;
2069 BT_DBG("request for %s", hdev->name);
2073 if (pending_eir_or_class(hdev)) {
2074 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2079 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2085 memcpy(uuid->uuid, cp->uuid, 16);
2086 uuid->svc_hint = cp->svc_hint;
2087 uuid->size = get_uuid_size(cp->uuid);
2089 list_add_tail(&uuid->list, &hdev->uuids);
2091 hci_req_init(&req, hdev);
2093 __hci_req_update_class(&req);
2094 __hci_req_update_eir(&req);
2096 err = hci_req_run(&req, add_uuid_complete);
2098 if (err != -ENODATA)
2101 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2102 hdev->dev_class, 3);
2106 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2115 hci_dev_unlock(hdev);
2119 static bool enable_service_cache(struct hci_dev *hdev)
2121 if (!hdev_is_powered(hdev))
2124 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2125 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2133 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2135 BT_DBG("status 0x%02x", status);
2137 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2140 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2143 struct mgmt_cp_remove_uuid *cp = data;
2144 struct mgmt_pending_cmd *cmd;
2145 struct bt_uuid *match, *tmp;
2146 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2147 struct hci_request req;
2150 BT_DBG("request for %s", hdev->name);
2154 if (pending_eir_or_class(hdev)) {
2155 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2160 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2161 hci_uuids_clear(hdev);
2163 if (enable_service_cache(hdev)) {
2164 err = mgmt_cmd_complete(sk, hdev->id,
2165 MGMT_OP_REMOVE_UUID,
2166 0, hdev->dev_class, 3);
2175 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2176 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2179 list_del(&match->list);
2185 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2186 MGMT_STATUS_INVALID_PARAMS);
2191 hci_req_init(&req, hdev);
2193 __hci_req_update_class(&req);
2194 __hci_req_update_eir(&req);
2196 err = hci_req_run(&req, remove_uuid_complete);
2198 if (err != -ENODATA)
2201 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2202 hdev->dev_class, 3);
2206 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2215 hci_dev_unlock(hdev);
2219 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2221 BT_DBG("status 0x%02x", status);
2223 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2226 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2229 struct mgmt_cp_set_dev_class *cp = data;
2230 struct mgmt_pending_cmd *cmd;
2231 struct hci_request req;
2234 BT_DBG("request for %s", hdev->name);
2236 if (!lmp_bredr_capable(hdev))
2237 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2238 MGMT_STATUS_NOT_SUPPORTED);
2242 if (pending_eir_or_class(hdev)) {
2243 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2248 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2249 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2250 MGMT_STATUS_INVALID_PARAMS);
2254 hdev->major_class = cp->major;
2255 hdev->minor_class = cp->minor;
2257 if (!hdev_is_powered(hdev)) {
2258 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2259 hdev->dev_class, 3);
2263 hci_req_init(&req, hdev);
2265 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2266 hci_dev_unlock(hdev);
2267 cancel_delayed_work_sync(&hdev->service_cache);
2269 __hci_req_update_eir(&req);
2272 __hci_req_update_class(&req);
2274 err = hci_req_run(&req, set_class_complete);
2276 if (err != -ENODATA)
2279 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2280 hdev->dev_class, 3);
2284 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2293 hci_dev_unlock(hdev);
2297 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2300 struct mgmt_cp_load_link_keys *cp = data;
2301 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2302 sizeof(struct mgmt_link_key_info));
2303 u16 key_count, expected_len;
2307 BT_DBG("request for %s", hdev->name);
2309 if (!lmp_bredr_capable(hdev))
2310 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2311 MGMT_STATUS_NOT_SUPPORTED);
2313 key_count = __le16_to_cpu(cp->key_count);
2314 if (key_count > max_key_count) {
2315 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2317 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2318 MGMT_STATUS_INVALID_PARAMS);
2321 expected_len = struct_size(cp, keys, key_count);
2322 if (expected_len != len) {
2323 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2325 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2326 MGMT_STATUS_INVALID_PARAMS);
2329 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2330 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2331 MGMT_STATUS_INVALID_PARAMS);
2333 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2336 for (i = 0; i < key_count; i++) {
2337 struct mgmt_link_key_info *key = &cp->keys[i];
2339 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2340 return mgmt_cmd_status(sk, hdev->id,
2341 MGMT_OP_LOAD_LINK_KEYS,
2342 MGMT_STATUS_INVALID_PARAMS);
2347 hci_link_keys_clear(hdev);
2350 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2352 changed = hci_dev_test_and_clear_flag(hdev,
2353 HCI_KEEP_DEBUG_KEYS);
2356 new_settings(hdev, NULL);
2358 for (i = 0; i < key_count; i++) {
2359 struct mgmt_link_key_info *key = &cp->keys[i];
2361 if (hci_is_blocked_key(hdev,
2362 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2364 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2369 /* Always ignore debug keys and require a new pairing if
2370 * the user wants to use them.
2372 if (key->type == HCI_LK_DEBUG_COMBINATION)
2375 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2376 key->type, key->pin_len, NULL);
2379 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2381 hci_dev_unlock(hdev);
2386 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2387 u8 addr_type, struct sock *skip_sk)
2389 struct mgmt_ev_device_unpaired ev;
2391 bacpy(&ev.addr.bdaddr, bdaddr);
2392 ev.addr.type = addr_type;
2394 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2398 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2401 struct mgmt_cp_unpair_device *cp = data;
2402 struct mgmt_rp_unpair_device rp;
2403 struct hci_conn_params *params;
2404 struct mgmt_pending_cmd *cmd;
2405 struct hci_conn *conn;
2409 memset(&rp, 0, sizeof(rp));
2410 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2411 rp.addr.type = cp->addr.type;
2413 if (!bdaddr_type_is_valid(cp->addr.type))
2414 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2415 MGMT_STATUS_INVALID_PARAMS,
2418 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2419 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2420 MGMT_STATUS_INVALID_PARAMS,
2425 if (!hdev_is_powered(hdev)) {
2426 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2427 MGMT_STATUS_NOT_POWERED, &rp,
2432 if (cp->addr.type == BDADDR_BREDR) {
2433 /* If disconnection is requested, then look up the
2434 * connection. If the remote device is connected, it
2435 * will be later used to terminate the link.
2437 * Setting it to NULL explicitly will cause no
2438 * termination of the link.
2441 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2446 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2448 err = mgmt_cmd_complete(sk, hdev->id,
2449 MGMT_OP_UNPAIR_DEVICE,
2450 MGMT_STATUS_NOT_PAIRED, &rp,
2458 /* LE address type */
2459 addr_type = le_addr_type(cp->addr.type);
2461 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2462 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2464 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2465 MGMT_STATUS_NOT_PAIRED, &rp,
2470 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2472 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2477 /* Defer clearing up the connection parameters until closing to
2478 * give a chance of keeping them if a repairing happens.
2480 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2482 /* Disable auto-connection parameters if present */
2483 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2485 if (params->explicit_connect)
2486 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2488 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2491 /* If disconnection is not requested, then clear the connection
2492 * variable so that the link is not terminated.
2494 if (!cp->disconnect)
2498 /* If the connection variable is set, then termination of the
2499 * link is requested.
2502 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2504 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2508 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2515 cmd->cmd_complete = addr_cmd_complete;
2517 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2519 mgmt_pending_remove(cmd);
2522 hci_dev_unlock(hdev);
2526 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2529 struct mgmt_cp_disconnect *cp = data;
2530 struct mgmt_rp_disconnect rp;
2531 struct mgmt_pending_cmd *cmd;
2532 struct hci_conn *conn;
2537 memset(&rp, 0, sizeof(rp));
2538 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2539 rp.addr.type = cp->addr.type;
2541 if (!bdaddr_type_is_valid(cp->addr.type))
2542 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2543 MGMT_STATUS_INVALID_PARAMS,
2548 if (!test_bit(HCI_UP, &hdev->flags)) {
2549 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2550 MGMT_STATUS_NOT_POWERED, &rp,
2555 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2556 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2557 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2561 if (cp->addr.type == BDADDR_BREDR)
2562 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2565 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2566 le_addr_type(cp->addr.type));
2568 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2569 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2570 MGMT_STATUS_NOT_CONNECTED, &rp,
2575 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2581 cmd->cmd_complete = generic_cmd_complete;
2583 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2585 mgmt_pending_remove(cmd);
2588 hci_dev_unlock(hdev);
2592 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2594 switch (link_type) {
2596 switch (addr_type) {
2597 case ADDR_LE_DEV_PUBLIC:
2598 return BDADDR_LE_PUBLIC;
2601 /* Fallback to LE Random address type */
2602 return BDADDR_LE_RANDOM;
2606 /* Fallback to BR/EDR type */
2607 return BDADDR_BREDR;
2611 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2614 struct mgmt_rp_get_connections *rp;
2623 if (!hdev_is_powered(hdev)) {
2624 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2625 MGMT_STATUS_NOT_POWERED);
2630 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2631 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2635 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
2642 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2643 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2645 bacpy(&rp->addr[i].bdaddr, &c->dst);
2646 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2647 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2652 rp->conn_count = cpu_to_le16(i);
2654 /* Recalculate length in case of filtered SCO connections, etc */
2655 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2656 struct_size(rp, addr, i));
2661 hci_dev_unlock(hdev);
2665 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2666 struct mgmt_cp_pin_code_neg_reply *cp)
2668 struct mgmt_pending_cmd *cmd;
2671 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2676 cmd->cmd_complete = addr_cmd_complete;
2678 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2679 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2681 mgmt_pending_remove(cmd);
2686 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2689 struct hci_conn *conn;
2690 struct mgmt_cp_pin_code_reply *cp = data;
2691 struct hci_cp_pin_code_reply reply;
2692 struct mgmt_pending_cmd *cmd;
2699 if (!hdev_is_powered(hdev)) {
2700 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2701 MGMT_STATUS_NOT_POWERED);
2705 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2707 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2708 MGMT_STATUS_NOT_CONNECTED);
2712 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2713 struct mgmt_cp_pin_code_neg_reply ncp;
2715 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2717 bt_dev_err(hdev, "PIN code is not 16 bytes long");
2719 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2721 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2722 MGMT_STATUS_INVALID_PARAMS);
2727 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2733 cmd->cmd_complete = addr_cmd_complete;
2735 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2736 reply.pin_len = cp->pin_len;
2737 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2739 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2741 mgmt_pending_remove(cmd);
2744 hci_dev_unlock(hdev);
2748 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2751 struct mgmt_cp_set_io_capability *cp = data;
2755 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2756 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2757 MGMT_STATUS_INVALID_PARAMS);
2761 hdev->io_capability = cp->io_capability;
2763 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2764 hdev->io_capability);
2766 hci_dev_unlock(hdev);
2768 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2772 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2774 struct hci_dev *hdev = conn->hdev;
2775 struct mgmt_pending_cmd *cmd;
2777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2778 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2781 if (cmd->user_data != conn)
2790 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2792 struct mgmt_rp_pair_device rp;
2793 struct hci_conn *conn = cmd->user_data;
2796 bacpy(&rp.addr.bdaddr, &conn->dst);
2797 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2799 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2800 status, &rp, sizeof(rp));
2802 /* So we don't get further callbacks for this connection */
2803 conn->connect_cfm_cb = NULL;
2804 conn->security_cfm_cb = NULL;
2805 conn->disconn_cfm_cb = NULL;
2807 hci_conn_drop(conn);
2809 /* The device is paired so there is no need to remove
2810 * its connection parameters anymore.
2812 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2819 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2821 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2822 struct mgmt_pending_cmd *cmd;
2824 cmd = find_pairing(conn);
2826 cmd->cmd_complete(cmd, status);
2827 mgmt_pending_remove(cmd);
2831 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2833 struct mgmt_pending_cmd *cmd;
2835 BT_DBG("status %u", status);
2837 cmd = find_pairing(conn);
2839 BT_DBG("Unable to find a pending command");
2843 cmd->cmd_complete(cmd, mgmt_status(status));
2844 mgmt_pending_remove(cmd);
2847 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2849 struct mgmt_pending_cmd *cmd;
2851 BT_DBG("status %u", status);
2856 cmd = find_pairing(conn);
2858 BT_DBG("Unable to find a pending command");
2862 cmd->cmd_complete(cmd, mgmt_status(status));
2863 mgmt_pending_remove(cmd);
2866 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2869 struct mgmt_cp_pair_device *cp = data;
2870 struct mgmt_rp_pair_device rp;
2871 struct mgmt_pending_cmd *cmd;
2872 u8 sec_level, auth_type;
2873 struct hci_conn *conn;
2878 memset(&rp, 0, sizeof(rp));
2879 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2880 rp.addr.type = cp->addr.type;
2882 if (!bdaddr_type_is_valid(cp->addr.type))
2883 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2884 MGMT_STATUS_INVALID_PARAMS,
2887 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2888 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2889 MGMT_STATUS_INVALID_PARAMS,
2894 if (!hdev_is_powered(hdev)) {
2895 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2896 MGMT_STATUS_NOT_POWERED, &rp,
2901 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2902 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2903 MGMT_STATUS_ALREADY_PAIRED, &rp,
2908 sec_level = BT_SECURITY_MEDIUM;
2909 auth_type = HCI_AT_DEDICATED_BONDING;
2911 if (cp->addr.type == BDADDR_BREDR) {
2912 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2915 u8 addr_type = le_addr_type(cp->addr.type);
2916 struct hci_conn_params *p;
2918 /* When pairing a new device, it is expected to remember
2919 * this device for future connections. Adding the connection
2920 * parameter information ahead of time allows tracking
2921 * of the slave preferred values and will speed up any
2922 * further connection establishment.
2924 * If connection parameters already exist, then they
2925 * will be kept and this function does nothing.
2927 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2929 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2930 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2932 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2933 addr_type, sec_level,
2934 HCI_LE_CONN_TIMEOUT);
2940 if (PTR_ERR(conn) == -EBUSY)
2941 status = MGMT_STATUS_BUSY;
2942 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2943 status = MGMT_STATUS_NOT_SUPPORTED;
2944 else if (PTR_ERR(conn) == -ECONNREFUSED)
2945 status = MGMT_STATUS_REJECTED;
2947 status = MGMT_STATUS_CONNECT_FAILED;
2949 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2950 status, &rp, sizeof(rp));
2954 if (conn->connect_cfm_cb) {
2955 hci_conn_drop(conn);
2956 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2957 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2961 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2964 hci_conn_drop(conn);
2968 cmd->cmd_complete = pairing_complete;
2970 /* For LE, just connecting isn't a proof that the pairing finished */
2971 if (cp->addr.type == BDADDR_BREDR) {
2972 conn->connect_cfm_cb = pairing_complete_cb;
2973 conn->security_cfm_cb = pairing_complete_cb;
2974 conn->disconn_cfm_cb = pairing_complete_cb;
2976 conn->connect_cfm_cb = le_pairing_complete_cb;
2977 conn->security_cfm_cb = le_pairing_complete_cb;
2978 conn->disconn_cfm_cb = le_pairing_complete_cb;
2981 conn->io_capability = cp->io_cap;
2982 cmd->user_data = hci_conn_get(conn);
2984 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2985 hci_conn_security(conn, sec_level, auth_type, true)) {
2986 cmd->cmd_complete(cmd, 0);
2987 mgmt_pending_remove(cmd);
2993 hci_dev_unlock(hdev);
2997 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3000 struct mgmt_addr_info *addr = data;
3001 struct mgmt_pending_cmd *cmd;
3002 struct hci_conn *conn;
3009 if (!hdev_is_powered(hdev)) {
3010 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3011 MGMT_STATUS_NOT_POWERED);
3015 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3017 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3018 MGMT_STATUS_INVALID_PARAMS);
3022 conn = cmd->user_data;
3024 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3025 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3026 MGMT_STATUS_INVALID_PARAMS);
3030 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3031 mgmt_pending_remove(cmd);
3033 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3034 addr, sizeof(*addr));
3036 hci_dev_unlock(hdev);
3040 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3041 struct mgmt_addr_info *addr, u16 mgmt_op,
3042 u16 hci_op, __le32 passkey)
3044 struct mgmt_pending_cmd *cmd;
3045 struct hci_conn *conn;
3050 if (!hdev_is_powered(hdev)) {
3051 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3052 MGMT_STATUS_NOT_POWERED, addr,
3057 if (addr->type == BDADDR_BREDR)
3058 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3060 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3061 le_addr_type(addr->type));
3064 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3065 MGMT_STATUS_NOT_CONNECTED, addr,
3070 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3071 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3073 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3074 MGMT_STATUS_SUCCESS, addr,
3077 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3078 MGMT_STATUS_FAILED, addr,
3084 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3090 cmd->cmd_complete = addr_cmd_complete;
3092 /* Continue with pairing via HCI */
3093 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3094 struct hci_cp_user_passkey_reply cp;
3096 bacpy(&cp.bdaddr, &addr->bdaddr);
3097 cp.passkey = passkey;
3098 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3100 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3104 mgmt_pending_remove(cmd);
3107 hci_dev_unlock(hdev);
3111 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3112 void *data, u16 len)
3114 struct mgmt_cp_pin_code_neg_reply *cp = data;
3118 return user_pairing_resp(sk, hdev, &cp->addr,
3119 MGMT_OP_PIN_CODE_NEG_REPLY,
3120 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3123 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3126 struct mgmt_cp_user_confirm_reply *cp = data;
3130 if (len != sizeof(*cp))
3131 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3132 MGMT_STATUS_INVALID_PARAMS);
3134 return user_pairing_resp(sk, hdev, &cp->addr,
3135 MGMT_OP_USER_CONFIRM_REPLY,
3136 HCI_OP_USER_CONFIRM_REPLY, 0);
3139 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3140 void *data, u16 len)
3142 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3146 return user_pairing_resp(sk, hdev, &cp->addr,
3147 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3148 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3151 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3154 struct mgmt_cp_user_passkey_reply *cp = data;
3158 return user_pairing_resp(sk, hdev, &cp->addr,
3159 MGMT_OP_USER_PASSKEY_REPLY,
3160 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3163 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3164 void *data, u16 len)
3166 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3170 return user_pairing_resp(sk, hdev, &cp->addr,
3171 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3172 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3175 static void adv_expire(struct hci_dev *hdev, u32 flags)
3177 struct adv_info *adv_instance;
3178 struct hci_request req;
3181 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3185 /* stop if current instance doesn't need to be changed */
3186 if (!(adv_instance->flags & flags))
3189 cancel_adv_timeout(hdev);
3191 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3195 hci_req_init(&req, hdev);
3196 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3201 hci_req_run(&req, NULL);
3204 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3206 struct mgmt_cp_set_local_name *cp;
3207 struct mgmt_pending_cmd *cmd;
3209 BT_DBG("status 0x%02x", status);
3213 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3220 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3221 mgmt_status(status));
3223 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3226 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3227 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3230 mgmt_pending_remove(cmd);
3233 hci_dev_unlock(hdev);
3236 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3239 struct mgmt_cp_set_local_name *cp = data;
3240 struct mgmt_pending_cmd *cmd;
3241 struct hci_request req;
3248 /* If the old values are the same as the new ones just return a
3249 * direct command complete event.
3251 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3252 !memcmp(hdev->short_name, cp->short_name,
3253 sizeof(hdev->short_name))) {
3254 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3259 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3261 if (!hdev_is_powered(hdev)) {
3262 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3264 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3269 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3270 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3271 ext_info_changed(hdev, sk);
3276 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3282 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3284 hci_req_init(&req, hdev);
3286 if (lmp_bredr_capable(hdev)) {
3287 __hci_req_update_name(&req);
3288 __hci_req_update_eir(&req);
3291 /* The name is stored in the scan response data and so
3292 * no need to udpate the advertising data here.
3294 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3295 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3297 err = hci_req_run(&req, set_name_complete);
3299 mgmt_pending_remove(cmd);
3302 hci_dev_unlock(hdev);
3306 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3309 struct mgmt_cp_set_appearance *cp = data;
3315 if (!lmp_le_capable(hdev))
3316 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3317 MGMT_STATUS_NOT_SUPPORTED);
3319 appearance = le16_to_cpu(cp->appearance);
3323 if (hdev->appearance != appearance) {
3324 hdev->appearance = appearance;
3326 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3327 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3329 ext_info_changed(hdev, sk);
3332 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3335 hci_dev_unlock(hdev);
3340 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3341 void *data, u16 len)
3343 struct mgmt_rp_get_phy_confguration rp;
3345 BT_DBG("sock %p %s", sk, hdev->name);
3349 memset(&rp, 0, sizeof(rp));
3351 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3352 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3353 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3355 hci_dev_unlock(hdev);
3357 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3361 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3363 struct mgmt_ev_phy_configuration_changed ev;
3365 memset(&ev, 0, sizeof(ev));
3367 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3369 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3373 static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3374 u16 opcode, struct sk_buff *skb)
3376 struct mgmt_pending_cmd *cmd;
3378 BT_DBG("status 0x%02x", status);
3382 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3387 mgmt_cmd_status(cmd->sk, hdev->id,
3388 MGMT_OP_SET_PHY_CONFIGURATION,
3389 mgmt_status(status));
3391 mgmt_cmd_complete(cmd->sk, hdev->id,
3392 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3395 mgmt_phy_configuration_changed(hdev, cmd->sk);
3398 mgmt_pending_remove(cmd);
3401 hci_dev_unlock(hdev);
3404 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3405 void *data, u16 len)
3407 struct mgmt_cp_set_phy_confguration *cp = data;
3408 struct hci_cp_le_set_default_phy cp_phy;
3409 struct mgmt_pending_cmd *cmd;
3410 struct hci_request req;
3411 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3412 u16 pkt_type = (HCI_DH1 | HCI_DM1);
3413 bool changed = false;
3416 BT_DBG("sock %p %s", sk, hdev->name);
3418 configurable_phys = get_configurable_phys(hdev);
3419 supported_phys = get_supported_phys(hdev);
3420 selected_phys = __le32_to_cpu(cp->selected_phys);
3422 if (selected_phys & ~supported_phys)
3423 return mgmt_cmd_status(sk, hdev->id,
3424 MGMT_OP_SET_PHY_CONFIGURATION,
3425 MGMT_STATUS_INVALID_PARAMS);
3427 unconfigure_phys = supported_phys & ~configurable_phys;
3429 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3430 return mgmt_cmd_status(sk, hdev->id,
3431 MGMT_OP_SET_PHY_CONFIGURATION,
3432 MGMT_STATUS_INVALID_PARAMS);
3434 if (selected_phys == get_selected_phys(hdev))
3435 return mgmt_cmd_complete(sk, hdev->id,
3436 MGMT_OP_SET_PHY_CONFIGURATION,
3441 if (!hdev_is_powered(hdev)) {
3442 err = mgmt_cmd_status(sk, hdev->id,
3443 MGMT_OP_SET_PHY_CONFIGURATION,
3444 MGMT_STATUS_REJECTED);
3448 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3449 err = mgmt_cmd_status(sk, hdev->id,
3450 MGMT_OP_SET_PHY_CONFIGURATION,
3455 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3456 pkt_type |= (HCI_DH3 | HCI_DM3);
3458 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3460 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3461 pkt_type |= (HCI_DH5 | HCI_DM5);
3463 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3465 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3466 pkt_type &= ~HCI_2DH1;
3468 pkt_type |= HCI_2DH1;
3470 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3471 pkt_type &= ~HCI_2DH3;
3473 pkt_type |= HCI_2DH3;
3475 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3476 pkt_type &= ~HCI_2DH5;
3478 pkt_type |= HCI_2DH5;
3480 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3481 pkt_type &= ~HCI_3DH1;
3483 pkt_type |= HCI_3DH1;
3485 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3486 pkt_type &= ~HCI_3DH3;
3488 pkt_type |= HCI_3DH3;
3490 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3491 pkt_type &= ~HCI_3DH5;
3493 pkt_type |= HCI_3DH5;
3495 if (pkt_type != hdev->pkt_type) {
3496 hdev->pkt_type = pkt_type;
3500 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3501 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
3503 mgmt_phy_configuration_changed(hdev, sk);
3505 err = mgmt_cmd_complete(sk, hdev->id,
3506 MGMT_OP_SET_PHY_CONFIGURATION,
3512 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3519 hci_req_init(&req, hdev);
3521 memset(&cp_phy, 0, sizeof(cp_phy));
3523 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3524 cp_phy.all_phys |= 0x01;
3526 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3527 cp_phy.all_phys |= 0x02;
3529 if (selected_phys & MGMT_PHY_LE_1M_TX)
3530 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3532 if (selected_phys & MGMT_PHY_LE_2M_TX)
3533 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3535 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3536 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3538 if (selected_phys & MGMT_PHY_LE_1M_RX)
3539 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3541 if (selected_phys & MGMT_PHY_LE_2M_RX)
3542 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3544 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3545 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3547 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3549 err = hci_req_run_skb(&req, set_default_phy_complete);
3551 mgmt_pending_remove(cmd);
3554 hci_dev_unlock(hdev);
3559 static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
3562 int err = MGMT_STATUS_SUCCESS;
3563 struct mgmt_cp_set_blocked_keys *keys = data;
3564 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
3565 sizeof(struct mgmt_blocked_key_info));
3566 u16 key_count, expected_len;
3569 BT_DBG("request for %s", hdev->name);
3571 key_count = __le16_to_cpu(keys->key_count);
3572 if (key_count > max_key_count) {
3573 bt_dev_err(hdev, "too big key_count value %u", key_count);
3574 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3575 MGMT_STATUS_INVALID_PARAMS);
3578 expected_len = struct_size(keys, keys, key_count);
3579 if (expected_len != len) {
3580 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
3582 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3583 MGMT_STATUS_INVALID_PARAMS);
3588 hci_blocked_keys_clear(hdev);
3590 for (i = 0; i < keys->key_count; ++i) {
3591 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
3594 err = MGMT_STATUS_NO_RESOURCES;
3598 b->type = keys->keys[i].type;
3599 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
3600 list_add_rcu(&b->list, &hdev->blocked_keys);
3602 hci_dev_unlock(hdev);
3604 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3608 static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
3609 void *data, u16 len)
3611 struct mgmt_mode *cp = data;
3613 bool changed = false;
3615 BT_DBG("request for %s", hdev->name);
3617 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
3618 return mgmt_cmd_status(sk, hdev->id,
3619 MGMT_OP_SET_WIDEBAND_SPEECH,
3620 MGMT_STATUS_NOT_SUPPORTED);
3622 if (cp->val != 0x00 && cp->val != 0x01)
3623 return mgmt_cmd_status(sk, hdev->id,
3624 MGMT_OP_SET_WIDEBAND_SPEECH,
3625 MGMT_STATUS_INVALID_PARAMS);
3629 if (pending_find(MGMT_OP_SET_WIDEBAND_SPEECH, hdev)) {
3630 err = mgmt_cmd_status(sk, hdev->id,
3631 MGMT_OP_SET_WIDEBAND_SPEECH,
3636 if (hdev_is_powered(hdev) &&
3637 !!cp->val != hci_dev_test_flag(hdev,
3638 HCI_WIDEBAND_SPEECH_ENABLED)) {
3639 err = mgmt_cmd_status(sk, hdev->id,
3640 MGMT_OP_SET_WIDEBAND_SPEECH,
3641 MGMT_STATUS_REJECTED);
3646 changed = !hci_dev_test_and_set_flag(hdev,
3647 HCI_WIDEBAND_SPEECH_ENABLED);
3649 changed = hci_dev_test_and_clear_flag(hdev,
3650 HCI_WIDEBAND_SPEECH_ENABLED);
3652 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
3657 err = new_settings(hdev, sk);
3660 hci_dev_unlock(hdev);
3664 static int read_security_info(struct sock *sk, struct hci_dev *hdev,
3665 void *data, u16 data_len)
3668 struct mgmt_rp_read_security_info *rp = (void *)buf;
3672 bt_dev_dbg(hdev, "sock %p", sk);
3674 memset(&buf, 0, sizeof(buf));
3678 /* When the Read Simple Pairing Options command is supported, then
3679 * the remote public key validation is supported.
3681 if (hdev->commands[41] & 0x08)
3682 flags |= 0x01; /* Remote public key validation (BR/EDR) */
3684 flags |= 0x02; /* Remote public key validation (LE) */
3686 /* When the Read Encryption Key Size command is supported, then the
3687 * encryption key size is enforced.
3689 if (hdev->commands[20] & 0x10)
3690 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
3692 flags |= 0x08; /* Encryption key size enforcement (LE) */
3694 sec_len = eir_append_data(rp->sec, sec_len, 0x01, &flags, 1);
3696 /* When the Read Simple Pairing Options command is supported, then
3697 * also max encryption key size information is provided.
3699 if (hdev->commands[41] & 0x08)
3700 sec_len = eir_append_le16(rp->sec, sec_len, 0x02,
3701 hdev->max_enc_key_size);
3703 sec_len = eir_append_le16(rp->sec, sec_len, 0x03, SMP_MAX_ENC_KEY_SIZE);
3705 rp->sec_len = cpu_to_le16(sec_len);
3707 hci_dev_unlock(hdev);
3709 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_SECURITY_INFO, 0,
3710 rp, sizeof(*rp) + sec_len);
3713 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3714 u16 opcode, struct sk_buff *skb)
3716 struct mgmt_rp_read_local_oob_data mgmt_rp;
3717 size_t rp_size = sizeof(mgmt_rp);
3718 struct mgmt_pending_cmd *cmd;
3720 BT_DBG("%s status %u", hdev->name, status);
3722 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3726 if (status || !skb) {
3727 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3728 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3732 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3734 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3735 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3737 if (skb->len < sizeof(*rp)) {
3738 mgmt_cmd_status(cmd->sk, hdev->id,
3739 MGMT_OP_READ_LOCAL_OOB_DATA,
3740 MGMT_STATUS_FAILED);
3744 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3745 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3747 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3749 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3751 if (skb->len < sizeof(*rp)) {
3752 mgmt_cmd_status(cmd->sk, hdev->id,
3753 MGMT_OP_READ_LOCAL_OOB_DATA,
3754 MGMT_STATUS_FAILED);
3758 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3759 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3761 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3762 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3765 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3766 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3769 mgmt_pending_remove(cmd);
3772 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3773 void *data, u16 data_len)
3775 struct mgmt_pending_cmd *cmd;
3776 struct hci_request req;
3779 BT_DBG("%s", hdev->name);
3783 if (!hdev_is_powered(hdev)) {
3784 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3785 MGMT_STATUS_NOT_POWERED);
3789 if (!lmp_ssp_capable(hdev)) {
3790 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3791 MGMT_STATUS_NOT_SUPPORTED);
3795 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3796 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3801 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3807 hci_req_init(&req, hdev);
3809 if (bredr_sc_enabled(hdev))
3810 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3812 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3814 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3816 mgmt_pending_remove(cmd);
3819 hci_dev_unlock(hdev);
3823 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3824 void *data, u16 len)
3826 struct mgmt_addr_info *addr = data;
3829 BT_DBG("%s ", hdev->name);
3831 if (!bdaddr_type_is_valid(addr->type))
3832 return mgmt_cmd_complete(sk, hdev->id,
3833 MGMT_OP_ADD_REMOTE_OOB_DATA,
3834 MGMT_STATUS_INVALID_PARAMS,
3835 addr, sizeof(*addr));
3839 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3840 struct mgmt_cp_add_remote_oob_data *cp = data;
3843 if (cp->addr.type != BDADDR_BREDR) {
3844 err = mgmt_cmd_complete(sk, hdev->id,
3845 MGMT_OP_ADD_REMOTE_OOB_DATA,
3846 MGMT_STATUS_INVALID_PARAMS,
3847 &cp->addr, sizeof(cp->addr));
3851 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3852 cp->addr.type, cp->hash,
3853 cp->rand, NULL, NULL);
3855 status = MGMT_STATUS_FAILED;
3857 status = MGMT_STATUS_SUCCESS;
3859 err = mgmt_cmd_complete(sk, hdev->id,
3860 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3861 &cp->addr, sizeof(cp->addr));
3862 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3863 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3864 u8 *rand192, *hash192, *rand256, *hash256;
3867 if (bdaddr_type_is_le(cp->addr.type)) {
3868 /* Enforce zero-valued 192-bit parameters as
3869 * long as legacy SMP OOB isn't implemented.
3871 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3872 memcmp(cp->hash192, ZERO_KEY, 16)) {
3873 err = mgmt_cmd_complete(sk, hdev->id,
3874 MGMT_OP_ADD_REMOTE_OOB_DATA,
3875 MGMT_STATUS_INVALID_PARAMS,
3876 addr, sizeof(*addr));
3883 /* In case one of the P-192 values is set to zero,
3884 * then just disable OOB data for P-192.
3886 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3887 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3891 rand192 = cp->rand192;
3892 hash192 = cp->hash192;
3896 /* In case one of the P-256 values is set to zero, then just
3897 * disable OOB data for P-256.
3899 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3900 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3904 rand256 = cp->rand256;
3905 hash256 = cp->hash256;
3908 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3909 cp->addr.type, hash192, rand192,
3912 status = MGMT_STATUS_FAILED;
3914 status = MGMT_STATUS_SUCCESS;
3916 err = mgmt_cmd_complete(sk, hdev->id,
3917 MGMT_OP_ADD_REMOTE_OOB_DATA,
3918 status, &cp->addr, sizeof(cp->addr));
3920 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
3922 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3923 MGMT_STATUS_INVALID_PARAMS);
3927 hci_dev_unlock(hdev);
3931 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3932 void *data, u16 len)
3934 struct mgmt_cp_remove_remote_oob_data *cp = data;
3938 BT_DBG("%s", hdev->name);
3940 if (cp->addr.type != BDADDR_BREDR)
3941 return mgmt_cmd_complete(sk, hdev->id,
3942 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3943 MGMT_STATUS_INVALID_PARAMS,
3944 &cp->addr, sizeof(cp->addr));
3948 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3949 hci_remote_oob_data_clear(hdev);
3950 status = MGMT_STATUS_SUCCESS;
3954 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3956 status = MGMT_STATUS_INVALID_PARAMS;
3958 status = MGMT_STATUS_SUCCESS;
3961 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3962 status, &cp->addr, sizeof(cp->addr));
3964 hci_dev_unlock(hdev);
3968 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3970 struct mgmt_pending_cmd *cmd;
3972 BT_DBG("status %d", status);
3976 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3978 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3981 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3984 cmd->cmd_complete(cmd, mgmt_status(status));
3985 mgmt_pending_remove(cmd);
3988 hci_dev_unlock(hdev);
3990 /* Handle suspend notifier */
3991 if (test_and_clear_bit(SUSPEND_UNPAUSE_DISCOVERY,
3992 hdev->suspend_tasks)) {
3993 bt_dev_dbg(hdev, "Unpaused discovery");
3994 wake_up(&hdev->suspend_wait_q);
3998 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3999 uint8_t *mgmt_status)
4002 case DISCOV_TYPE_LE:
4003 *mgmt_status = mgmt_le_support(hdev);
4007 case DISCOV_TYPE_INTERLEAVED:
4008 *mgmt_status = mgmt_le_support(hdev);
4011 /* Intentional fall-through */
4012 case DISCOV_TYPE_BREDR:
4013 *mgmt_status = mgmt_bredr_support(hdev);
4018 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
4025 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
4026 u16 op, void *data, u16 len)
4028 struct mgmt_cp_start_discovery *cp = data;
4029 struct mgmt_pending_cmd *cmd;
4033 BT_DBG("%s", hdev->name);
4037 if (!hdev_is_powered(hdev)) {
4038 err = mgmt_cmd_complete(sk, hdev->id, op,
4039 MGMT_STATUS_NOT_POWERED,
4040 &cp->type, sizeof(cp->type));
4044 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4045 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4046 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
4047 &cp->type, sizeof(cp->type));
4051 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4052 err = mgmt_cmd_complete(sk, hdev->id, op, status,
4053 &cp->type, sizeof(cp->type));
4057 /* Can't start discovery when it is paused */
4058 if (hdev->discovery_paused) {
4059 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
4060 &cp->type, sizeof(cp->type));
4064 /* Clear the discovery filter first to free any previously
4065 * allocated memory for the UUID list.
4067 hci_discovery_filter_clear(hdev);
4069 hdev->discovery.type = cp->type;
4070 hdev->discovery.report_invalid_rssi = false;
4071 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
4072 hdev->discovery.limited = true;
4074 hdev->discovery.limited = false;
4076 cmd = mgmt_pending_add(sk, op, hdev, data, len);
4082 cmd->cmd_complete = generic_cmd_complete;
4084 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4085 queue_work(hdev->req_workqueue, &hdev->discov_update);
4089 hci_dev_unlock(hdev);
4093 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4094 void *data, u16 len)
4096 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
4100 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
4101 void *data, u16 len)
4103 return start_discovery_internal(sk, hdev,
4104 MGMT_OP_START_LIMITED_DISCOVERY,
4108 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4111 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4115 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4116 void *data, u16 len)
4118 struct mgmt_cp_start_service_discovery *cp = data;
4119 struct mgmt_pending_cmd *cmd;
4120 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4121 u16 uuid_count, expected_len;
4125 BT_DBG("%s", hdev->name);
4129 if (!hdev_is_powered(hdev)) {
4130 err = mgmt_cmd_complete(sk, hdev->id,
4131 MGMT_OP_START_SERVICE_DISCOVERY,
4132 MGMT_STATUS_NOT_POWERED,
4133 &cp->type, sizeof(cp->type));
4137 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4138 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4139 err = mgmt_cmd_complete(sk, hdev->id,
4140 MGMT_OP_START_SERVICE_DISCOVERY,
4141 MGMT_STATUS_BUSY, &cp->type,
4146 uuid_count = __le16_to_cpu(cp->uuid_count);
4147 if (uuid_count > max_uuid_count) {
4148 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
4150 err = mgmt_cmd_complete(sk, hdev->id,
4151 MGMT_OP_START_SERVICE_DISCOVERY,
4152 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4157 expected_len = sizeof(*cp) + uuid_count * 16;
4158 if (expected_len != len) {
4159 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
4161 err = mgmt_cmd_complete(sk, hdev->id,
4162 MGMT_OP_START_SERVICE_DISCOVERY,
4163 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4168 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4169 err = mgmt_cmd_complete(sk, hdev->id,
4170 MGMT_OP_START_SERVICE_DISCOVERY,
4171 status, &cp->type, sizeof(cp->type));
4175 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4182 cmd->cmd_complete = service_discovery_cmd_complete;
4184 /* Clear the discovery filter first to free any previously
4185 * allocated memory for the UUID list.
4187 hci_discovery_filter_clear(hdev);
4189 hdev->discovery.result_filtering = true;
4190 hdev->discovery.type = cp->type;
4191 hdev->discovery.rssi = cp->rssi;
4192 hdev->discovery.uuid_count = uuid_count;
4194 if (uuid_count > 0) {
4195 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4197 if (!hdev->discovery.uuids) {
4198 err = mgmt_cmd_complete(sk, hdev->id,
4199 MGMT_OP_START_SERVICE_DISCOVERY,
4201 &cp->type, sizeof(cp->type));
4202 mgmt_pending_remove(cmd);
4207 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4208 queue_work(hdev->req_workqueue, &hdev->discov_update);
4212 hci_dev_unlock(hdev);
4216 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
4218 struct mgmt_pending_cmd *cmd;
4220 BT_DBG("status %d", status);
4224 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4226 cmd->cmd_complete(cmd, mgmt_status(status));
4227 mgmt_pending_remove(cmd);
4230 hci_dev_unlock(hdev);
4232 /* Handle suspend notifier */
4233 if (test_and_clear_bit(SUSPEND_PAUSE_DISCOVERY, hdev->suspend_tasks)) {
4234 bt_dev_dbg(hdev, "Paused discovery");
4235 wake_up(&hdev->suspend_wait_q);
4239 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4242 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4243 struct mgmt_pending_cmd *cmd;
4246 BT_DBG("%s", hdev->name);
4250 if (!hci_discovery_active(hdev)) {
4251 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4252 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4253 sizeof(mgmt_cp->type));
4257 if (hdev->discovery.type != mgmt_cp->type) {
4258 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4259 MGMT_STATUS_INVALID_PARAMS,
4260 &mgmt_cp->type, sizeof(mgmt_cp->type));
4264 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4270 cmd->cmd_complete = generic_cmd_complete;
4272 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4273 queue_work(hdev->req_workqueue, &hdev->discov_update);
4277 hci_dev_unlock(hdev);
4281 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4284 struct mgmt_cp_confirm_name *cp = data;
4285 struct inquiry_entry *e;
4288 BT_DBG("%s", hdev->name);
4292 if (!hci_discovery_active(hdev)) {
4293 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4294 MGMT_STATUS_FAILED, &cp->addr,
4299 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4301 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4302 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4307 if (cp->name_known) {
4308 e->name_state = NAME_KNOWN;
4311 e->name_state = NAME_NEEDED;
4312 hci_inquiry_cache_update_resolve(hdev, e);
4315 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4316 &cp->addr, sizeof(cp->addr));
4319 hci_dev_unlock(hdev);
4323 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4326 struct mgmt_cp_block_device *cp = data;
4330 BT_DBG("%s", hdev->name);
4332 if (!bdaddr_type_is_valid(cp->addr.type))
4333 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4334 MGMT_STATUS_INVALID_PARAMS,
4335 &cp->addr, sizeof(cp->addr));
4339 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4342 status = MGMT_STATUS_FAILED;
4346 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4348 status = MGMT_STATUS_SUCCESS;
4351 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4352 &cp->addr, sizeof(cp->addr));
4354 hci_dev_unlock(hdev);
4359 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4362 struct mgmt_cp_unblock_device *cp = data;
4366 BT_DBG("%s", hdev->name);
4368 if (!bdaddr_type_is_valid(cp->addr.type))
4369 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4370 MGMT_STATUS_INVALID_PARAMS,
4371 &cp->addr, sizeof(cp->addr));
4375 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4378 status = MGMT_STATUS_INVALID_PARAMS;
4382 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4384 status = MGMT_STATUS_SUCCESS;
4387 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4388 &cp->addr, sizeof(cp->addr));
4390 hci_dev_unlock(hdev);
4395 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4398 struct mgmt_cp_set_device_id *cp = data;
4399 struct hci_request req;
4403 BT_DBG("%s", hdev->name);
4405 source = __le16_to_cpu(cp->source);
4407 if (source > 0x0002)
4408 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4409 MGMT_STATUS_INVALID_PARAMS);
4413 hdev->devid_source = source;
4414 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4415 hdev->devid_product = __le16_to_cpu(cp->product);
4416 hdev->devid_version = __le16_to_cpu(cp->version);
4418 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4421 hci_req_init(&req, hdev);
4422 __hci_req_update_eir(&req);
4423 hci_req_run(&req, NULL);
4425 hci_dev_unlock(hdev);
4430 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4433 BT_DBG("status %d", status);
4436 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4439 struct cmd_lookup match = { NULL, hdev };
4440 struct hci_request req;
4442 struct adv_info *adv_instance;
4448 u8 mgmt_err = mgmt_status(status);
4450 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4451 cmd_status_rsp, &mgmt_err);
4455 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4456 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4458 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4460 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4463 new_settings(hdev, match.sk);
4468 /* Handle suspend notifier */
4469 if (test_and_clear_bit(SUSPEND_PAUSE_ADVERTISING,
4470 hdev->suspend_tasks)) {
4471 bt_dev_dbg(hdev, "Paused advertising");
4472 wake_up(&hdev->suspend_wait_q);
4473 } else if (test_and_clear_bit(SUSPEND_UNPAUSE_ADVERTISING,
4474 hdev->suspend_tasks)) {
4475 bt_dev_dbg(hdev, "Unpaused advertising");
4476 wake_up(&hdev->suspend_wait_q);
4479 /* If "Set Advertising" was just disabled and instance advertising was
4480 * set up earlier, then re-enable multi-instance advertising.
4482 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4483 list_empty(&hdev->adv_instances))
4486 instance = hdev->cur_adv_instance;
4488 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4489 struct adv_info, list);
4493 instance = adv_instance->instance;
4496 hci_req_init(&req, hdev);
4498 err = __hci_req_schedule_adv_instance(&req, instance, true);
4501 err = hci_req_run(&req, enable_advertising_instance);
4504 bt_dev_err(hdev, "failed to re-configure advertising");
4507 hci_dev_unlock(hdev);
4510 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4513 struct mgmt_mode *cp = data;
4514 struct mgmt_pending_cmd *cmd;
4515 struct hci_request req;
4519 BT_DBG("request for %s", hdev->name);
4521 status = mgmt_le_support(hdev);
4523 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4526 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4527 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4528 MGMT_STATUS_INVALID_PARAMS);
4530 if (hdev->advertising_paused)
4531 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4538 /* The following conditions are ones which mean that we should
4539 * not do any HCI communication but directly send a mgmt
4540 * response to user space (after toggling the flag if
4543 if (!hdev_is_powered(hdev) ||
4544 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4545 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4546 hci_conn_num(hdev, LE_LINK) > 0 ||
4547 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4548 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4552 hdev->cur_adv_instance = 0x00;
4553 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4554 if (cp->val == 0x02)
4555 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4557 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4559 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4560 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4563 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4568 err = new_settings(hdev, sk);
4573 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4574 pending_find(MGMT_OP_SET_LE, hdev)) {
4575 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4580 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4586 hci_req_init(&req, hdev);
4588 if (cp->val == 0x02)
4589 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4591 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4593 cancel_adv_timeout(hdev);
4596 /* Switch to instance "0" for the Set Advertising setting.
4597 * We cannot use update_[adv|scan_rsp]_data() here as the
4598 * HCI_ADVERTISING flag is not yet set.
4600 hdev->cur_adv_instance = 0x00;
4602 if (ext_adv_capable(hdev)) {
4603 __hci_req_start_ext_adv(&req, 0x00);
4605 __hci_req_update_adv_data(&req, 0x00);
4606 __hci_req_update_scan_rsp_data(&req, 0x00);
4607 __hci_req_enable_advertising(&req);
4610 __hci_req_disable_advertising(&req);
4613 err = hci_req_run(&req, set_advertising_complete);
4615 mgmt_pending_remove(cmd);
4618 hci_dev_unlock(hdev);
4622 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4623 void *data, u16 len)
4625 struct mgmt_cp_set_static_address *cp = data;
4628 BT_DBG("%s", hdev->name);
4630 if (!lmp_le_capable(hdev))
4631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4632 MGMT_STATUS_NOT_SUPPORTED);
4634 if (hdev_is_powered(hdev))
4635 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4636 MGMT_STATUS_REJECTED);
4638 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4639 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4640 return mgmt_cmd_status(sk, hdev->id,
4641 MGMT_OP_SET_STATIC_ADDRESS,
4642 MGMT_STATUS_INVALID_PARAMS);
4644 /* Two most significant bits shall be set */
4645 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4646 return mgmt_cmd_status(sk, hdev->id,
4647 MGMT_OP_SET_STATIC_ADDRESS,
4648 MGMT_STATUS_INVALID_PARAMS);
4653 bacpy(&hdev->static_addr, &cp->bdaddr);
4655 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4659 err = new_settings(hdev, sk);
4662 hci_dev_unlock(hdev);
4666 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4667 void *data, u16 len)
4669 struct mgmt_cp_set_scan_params *cp = data;
4670 __u16 interval, window;
4673 BT_DBG("%s", hdev->name);
4675 if (!lmp_le_capable(hdev))
4676 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4677 MGMT_STATUS_NOT_SUPPORTED);
4679 interval = __le16_to_cpu(cp->interval);
4681 if (interval < 0x0004 || interval > 0x4000)
4682 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4683 MGMT_STATUS_INVALID_PARAMS);
4685 window = __le16_to_cpu(cp->window);
4687 if (window < 0x0004 || window > 0x4000)
4688 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4689 MGMT_STATUS_INVALID_PARAMS);
4691 if (window > interval)
4692 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4693 MGMT_STATUS_INVALID_PARAMS);
4697 hdev->le_scan_interval = interval;
4698 hdev->le_scan_window = window;
4700 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4703 /* If background scan is running, restart it so new parameters are
4706 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4707 hdev->discovery.state == DISCOVERY_STOPPED) {
4708 struct hci_request req;
4710 hci_req_init(&req, hdev);
4712 hci_req_add_le_scan_disable(&req);
4713 hci_req_add_le_passive_scan(&req);
4715 hci_req_run(&req, NULL);
4718 hci_dev_unlock(hdev);
4723 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4726 struct mgmt_pending_cmd *cmd;
4728 BT_DBG("status 0x%02x", status);
4732 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4737 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4738 mgmt_status(status));
4740 struct mgmt_mode *cp = cmd->param;
4743 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4745 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4747 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4748 new_settings(hdev, cmd->sk);
4751 mgmt_pending_remove(cmd);
4754 hci_dev_unlock(hdev);
4757 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4758 void *data, u16 len)
4760 struct mgmt_mode *cp = data;
4761 struct mgmt_pending_cmd *cmd;
4762 struct hci_request req;
4765 BT_DBG("%s", hdev->name);
4767 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4768 hdev->hci_ver < BLUETOOTH_VER_1_2)
4769 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4770 MGMT_STATUS_NOT_SUPPORTED);
4772 if (cp->val != 0x00 && cp->val != 0x01)
4773 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4774 MGMT_STATUS_INVALID_PARAMS);
4778 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4779 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4784 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4785 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4790 if (!hdev_is_powered(hdev)) {
4791 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4792 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4794 new_settings(hdev, sk);
4798 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4805 hci_req_init(&req, hdev);
4807 __hci_req_write_fast_connectable(&req, cp->val);
4809 err = hci_req_run(&req, fast_connectable_complete);
4811 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4812 MGMT_STATUS_FAILED);
4813 mgmt_pending_remove(cmd);
4817 hci_dev_unlock(hdev);
4822 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4824 struct mgmt_pending_cmd *cmd;
4826 BT_DBG("status 0x%02x", status);
4830 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4835 u8 mgmt_err = mgmt_status(status);
4837 /* We need to restore the flag if related HCI commands
4840 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4842 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4844 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4845 new_settings(hdev, cmd->sk);
4848 mgmt_pending_remove(cmd);
4851 hci_dev_unlock(hdev);
4854 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4856 struct mgmt_mode *cp = data;
4857 struct mgmt_pending_cmd *cmd;
4858 struct hci_request req;
4861 BT_DBG("request for %s", hdev->name);
4863 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4864 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4865 MGMT_STATUS_NOT_SUPPORTED);
4867 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4868 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4869 MGMT_STATUS_REJECTED);
4871 if (cp->val != 0x00 && cp->val != 0x01)
4872 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4873 MGMT_STATUS_INVALID_PARAMS);
4877 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4878 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4882 if (!hdev_is_powered(hdev)) {
4884 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4885 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4886 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4887 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4888 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4891 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4893 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4897 err = new_settings(hdev, sk);
4901 /* Reject disabling when powered on */
4903 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4904 MGMT_STATUS_REJECTED);
4907 /* When configuring a dual-mode controller to operate
4908 * with LE only and using a static address, then switching
4909 * BR/EDR back on is not allowed.
4911 * Dual-mode controllers shall operate with the public
4912 * address as its identity address for BR/EDR and LE. So
4913 * reject the attempt to create an invalid configuration.
4915 * The same restrictions applies when secure connections
4916 * has been enabled. For BR/EDR this is a controller feature
4917 * while for LE it is a host stack feature. This means that
4918 * switching BR/EDR back on when secure connections has been
4919 * enabled is not a supported transaction.
4921 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4922 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4923 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4924 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4925 MGMT_STATUS_REJECTED);
4930 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4931 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4936 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4942 /* We need to flip the bit already here so that
4943 * hci_req_update_adv_data generates the correct flags.
4945 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4947 hci_req_init(&req, hdev);
4949 __hci_req_write_fast_connectable(&req, false);
4950 __hci_req_update_scan(&req);
4952 /* Since only the advertising data flags will change, there
4953 * is no need to update the scan response data.
4955 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4957 err = hci_req_run(&req, set_bredr_complete);
4959 mgmt_pending_remove(cmd);
4962 hci_dev_unlock(hdev);
4966 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4968 struct mgmt_pending_cmd *cmd;
4969 struct mgmt_mode *cp;
4971 BT_DBG("%s status %u", hdev->name, status);
4975 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4980 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4981 mgmt_status(status));
4989 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4990 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4993 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4994 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4997 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4998 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5002 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5003 new_settings(hdev, cmd->sk);
5006 mgmt_pending_remove(cmd);
5008 hci_dev_unlock(hdev);
5011 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5012 void *data, u16 len)
5014 struct mgmt_mode *cp = data;
5015 struct mgmt_pending_cmd *cmd;
5016 struct hci_request req;
5020 BT_DBG("request for %s", hdev->name);
5022 if (!lmp_sc_capable(hdev) &&
5023 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5024 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5025 MGMT_STATUS_NOT_SUPPORTED);
5027 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5028 lmp_sc_capable(hdev) &&
5029 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
5030 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5031 MGMT_STATUS_REJECTED);
5033 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5034 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5035 MGMT_STATUS_INVALID_PARAMS);
5039 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5040 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5044 changed = !hci_dev_test_and_set_flag(hdev,
5046 if (cp->val == 0x02)
5047 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5049 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5051 changed = hci_dev_test_and_clear_flag(hdev,
5053 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5056 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5061 err = new_settings(hdev, sk);
5066 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5067 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5074 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5075 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5076 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5080 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5086 hci_req_init(&req, hdev);
5087 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5088 err = hci_req_run(&req, sc_enable_complete);
5090 mgmt_pending_remove(cmd);
5095 hci_dev_unlock(hdev);
5099 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5100 void *data, u16 len)
5102 struct mgmt_mode *cp = data;
5103 bool changed, use_changed;
5106 BT_DBG("request for %s", hdev->name);
5108 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5109 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5110 MGMT_STATUS_INVALID_PARAMS);
5115 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5117 changed = hci_dev_test_and_clear_flag(hdev,
5118 HCI_KEEP_DEBUG_KEYS);
5120 if (cp->val == 0x02)
5121 use_changed = !hci_dev_test_and_set_flag(hdev,
5122 HCI_USE_DEBUG_KEYS);
5124 use_changed = hci_dev_test_and_clear_flag(hdev,
5125 HCI_USE_DEBUG_KEYS);
5127 if (hdev_is_powered(hdev) && use_changed &&
5128 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5129 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5130 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5131 sizeof(mode), &mode);
5134 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5139 err = new_settings(hdev, sk);
5142 hci_dev_unlock(hdev);
5146 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5149 struct mgmt_cp_set_privacy *cp = cp_data;
5153 BT_DBG("request for %s", hdev->name);
5155 if (!lmp_le_capable(hdev))
5156 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5157 MGMT_STATUS_NOT_SUPPORTED);
5159 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
5160 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5161 MGMT_STATUS_INVALID_PARAMS);
5163 if (hdev_is_powered(hdev))
5164 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5165 MGMT_STATUS_REJECTED);
5169 /* If user space supports this command it is also expected to
5170 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5172 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5175 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
5176 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5177 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5178 hci_adv_instances_set_rpa_expired(hdev, true);
5179 if (cp->privacy == 0x02)
5180 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
5182 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
5184 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
5185 memset(hdev->irk, 0, sizeof(hdev->irk));
5186 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
5187 hci_adv_instances_set_rpa_expired(hdev, false);
5188 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
5191 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5196 err = new_settings(hdev, sk);
5199 hci_dev_unlock(hdev);
5203 static bool irk_is_valid(struct mgmt_irk_info *irk)
5205 switch (irk->addr.type) {
5206 case BDADDR_LE_PUBLIC:
5209 case BDADDR_LE_RANDOM:
5210 /* Two most significant bits shall be set */
5211 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5219 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5222 struct mgmt_cp_load_irks *cp = cp_data;
5223 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5224 sizeof(struct mgmt_irk_info));
5225 u16 irk_count, expected_len;
5228 BT_DBG("request for %s", hdev->name);
5230 if (!lmp_le_capable(hdev))
5231 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5232 MGMT_STATUS_NOT_SUPPORTED);
5234 irk_count = __le16_to_cpu(cp->irk_count);
5235 if (irk_count > max_irk_count) {
5236 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
5238 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5239 MGMT_STATUS_INVALID_PARAMS);
5242 expected_len = struct_size(cp, irks, irk_count);
5243 if (expected_len != len) {
5244 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
5246 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5247 MGMT_STATUS_INVALID_PARAMS);
5250 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5252 for (i = 0; i < irk_count; i++) {
5253 struct mgmt_irk_info *key = &cp->irks[i];
5255 if (!irk_is_valid(key))
5256 return mgmt_cmd_status(sk, hdev->id,
5258 MGMT_STATUS_INVALID_PARAMS);
5263 hci_smp_irks_clear(hdev);
5265 for (i = 0; i < irk_count; i++) {
5266 struct mgmt_irk_info *irk = &cp->irks[i];
5268 if (hci_is_blocked_key(hdev,
5269 HCI_BLOCKED_KEY_TYPE_IRK,
5271 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
5276 hci_add_irk(hdev, &irk->addr.bdaddr,
5277 le_addr_type(irk->addr.type), irk->val,
5281 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5283 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5285 hci_dev_unlock(hdev);
5290 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5292 if (key->master != 0x00 && key->master != 0x01)
5295 switch (key->addr.type) {
5296 case BDADDR_LE_PUBLIC:
5299 case BDADDR_LE_RANDOM:
5300 /* Two most significant bits shall be set */
5301 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5309 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5310 void *cp_data, u16 len)
5312 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5313 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5314 sizeof(struct mgmt_ltk_info));
5315 u16 key_count, expected_len;
5318 BT_DBG("request for %s", hdev->name);
5320 if (!lmp_le_capable(hdev))
5321 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5322 MGMT_STATUS_NOT_SUPPORTED);
5324 key_count = __le16_to_cpu(cp->key_count);
5325 if (key_count > max_key_count) {
5326 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
5328 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5329 MGMT_STATUS_INVALID_PARAMS);
5332 expected_len = struct_size(cp, keys, key_count);
5333 if (expected_len != len) {
5334 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
5336 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5337 MGMT_STATUS_INVALID_PARAMS);
5340 BT_DBG("%s key_count %u", hdev->name, key_count);
5342 for (i = 0; i < key_count; i++) {
5343 struct mgmt_ltk_info *key = &cp->keys[i];
5345 if (!ltk_is_valid(key))
5346 return mgmt_cmd_status(sk, hdev->id,
5347 MGMT_OP_LOAD_LONG_TERM_KEYS,
5348 MGMT_STATUS_INVALID_PARAMS);
5353 hci_smp_ltks_clear(hdev);
5355 for (i = 0; i < key_count; i++) {
5356 struct mgmt_ltk_info *key = &cp->keys[i];
5357 u8 type, authenticated;
5359 if (hci_is_blocked_key(hdev,
5360 HCI_BLOCKED_KEY_TYPE_LTK,
5362 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
5367 switch (key->type) {
5368 case MGMT_LTK_UNAUTHENTICATED:
5369 authenticated = 0x00;
5370 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5372 case MGMT_LTK_AUTHENTICATED:
5373 authenticated = 0x01;
5374 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5376 case MGMT_LTK_P256_UNAUTH:
5377 authenticated = 0x00;
5378 type = SMP_LTK_P256;
5380 case MGMT_LTK_P256_AUTH:
5381 authenticated = 0x01;
5382 type = SMP_LTK_P256;
5384 case MGMT_LTK_P256_DEBUG:
5385 authenticated = 0x00;
5386 type = SMP_LTK_P256_DEBUG;
5392 hci_add_ltk(hdev, &key->addr.bdaddr,
5393 le_addr_type(key->addr.type), type, authenticated,
5394 key->val, key->enc_size, key->ediv, key->rand);
5397 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5400 hci_dev_unlock(hdev);
5405 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5407 struct hci_conn *conn = cmd->user_data;
5408 struct mgmt_rp_get_conn_info rp;
5411 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5413 if (status == MGMT_STATUS_SUCCESS) {
5414 rp.rssi = conn->rssi;
5415 rp.tx_power = conn->tx_power;
5416 rp.max_tx_power = conn->max_tx_power;
5418 rp.rssi = HCI_RSSI_INVALID;
5419 rp.tx_power = HCI_TX_POWER_INVALID;
5420 rp.max_tx_power = HCI_TX_POWER_INVALID;
5423 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5424 status, &rp, sizeof(rp));
5426 hci_conn_drop(conn);
5432 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5435 struct hci_cp_read_rssi *cp;
5436 struct mgmt_pending_cmd *cmd;
5437 struct hci_conn *conn;
5441 BT_DBG("status 0x%02x", hci_status);
5445 /* Commands sent in request are either Read RSSI or Read Transmit Power
5446 * Level so we check which one was last sent to retrieve connection
5447 * handle. Both commands have handle as first parameter so it's safe to
5448 * cast data on the same command struct.
5450 * First command sent is always Read RSSI and we fail only if it fails.
5451 * In other case we simply override error to indicate success as we
5452 * already remembered if TX power value is actually valid.
5454 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5456 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5457 status = MGMT_STATUS_SUCCESS;
5459 status = mgmt_status(hci_status);
5463 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
5467 handle = __le16_to_cpu(cp->handle);
5468 conn = hci_conn_hash_lookup_handle(hdev, handle);
5470 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
5475 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5479 cmd->cmd_complete(cmd, status);
5480 mgmt_pending_remove(cmd);
5483 hci_dev_unlock(hdev);
5486 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5489 struct mgmt_cp_get_conn_info *cp = data;
5490 struct mgmt_rp_get_conn_info rp;
5491 struct hci_conn *conn;
5492 unsigned long conn_info_age;
5495 BT_DBG("%s", hdev->name);
5497 memset(&rp, 0, sizeof(rp));
5498 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5499 rp.addr.type = cp->addr.type;
5501 if (!bdaddr_type_is_valid(cp->addr.type))
5502 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5503 MGMT_STATUS_INVALID_PARAMS,
5508 if (!hdev_is_powered(hdev)) {
5509 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5510 MGMT_STATUS_NOT_POWERED, &rp,
5515 if (cp->addr.type == BDADDR_BREDR)
5516 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5519 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5521 if (!conn || conn->state != BT_CONNECTED) {
5522 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5523 MGMT_STATUS_NOT_CONNECTED, &rp,
5528 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5529 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5530 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5534 /* To avoid client trying to guess when to poll again for information we
5535 * calculate conn info age as random value between min/max set in hdev.
5537 conn_info_age = hdev->conn_info_min_age +
5538 prandom_u32_max(hdev->conn_info_max_age -
5539 hdev->conn_info_min_age);
5541 /* Query controller to refresh cached values if they are too old or were
5544 if (time_after(jiffies, conn->conn_info_timestamp +
5545 msecs_to_jiffies(conn_info_age)) ||
5546 !conn->conn_info_timestamp) {
5547 struct hci_request req;
5548 struct hci_cp_read_tx_power req_txp_cp;
5549 struct hci_cp_read_rssi req_rssi_cp;
5550 struct mgmt_pending_cmd *cmd;
5552 hci_req_init(&req, hdev);
5553 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5554 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5557 /* For LE links TX power does not change thus we don't need to
5558 * query for it once value is known.
5560 if (!bdaddr_type_is_le(cp->addr.type) ||
5561 conn->tx_power == HCI_TX_POWER_INVALID) {
5562 req_txp_cp.handle = cpu_to_le16(conn->handle);
5563 req_txp_cp.type = 0x00;
5564 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5565 sizeof(req_txp_cp), &req_txp_cp);
5568 /* Max TX power needs to be read only once per connection */
5569 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5570 req_txp_cp.handle = cpu_to_le16(conn->handle);
5571 req_txp_cp.type = 0x01;
5572 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5573 sizeof(req_txp_cp), &req_txp_cp);
5576 err = hci_req_run(&req, conn_info_refresh_complete);
5580 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5587 hci_conn_hold(conn);
5588 cmd->user_data = hci_conn_get(conn);
5589 cmd->cmd_complete = conn_info_cmd_complete;
5591 conn->conn_info_timestamp = jiffies;
5593 /* Cache is valid, just reply with values cached in hci_conn */
5594 rp.rssi = conn->rssi;
5595 rp.tx_power = conn->tx_power;
5596 rp.max_tx_power = conn->max_tx_power;
5598 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5599 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5603 hci_dev_unlock(hdev);
5607 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5609 struct hci_conn *conn = cmd->user_data;
5610 struct mgmt_rp_get_clock_info rp;
5611 struct hci_dev *hdev;
5614 memset(&rp, 0, sizeof(rp));
5615 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5620 hdev = hci_dev_get(cmd->index);
5622 rp.local_clock = cpu_to_le32(hdev->clock);
5627 rp.piconet_clock = cpu_to_le32(conn->clock);
5628 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5632 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5636 hci_conn_drop(conn);
5643 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5645 struct hci_cp_read_clock *hci_cp;
5646 struct mgmt_pending_cmd *cmd;
5647 struct hci_conn *conn;
5649 BT_DBG("%s status %u", hdev->name, status);
5653 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5657 if (hci_cp->which) {
5658 u16 handle = __le16_to_cpu(hci_cp->handle);
5659 conn = hci_conn_hash_lookup_handle(hdev, handle);
5664 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5668 cmd->cmd_complete(cmd, mgmt_status(status));
5669 mgmt_pending_remove(cmd);
5672 hci_dev_unlock(hdev);
5675 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5678 struct mgmt_cp_get_clock_info *cp = data;
5679 struct mgmt_rp_get_clock_info rp;
5680 struct hci_cp_read_clock hci_cp;
5681 struct mgmt_pending_cmd *cmd;
5682 struct hci_request req;
5683 struct hci_conn *conn;
5686 BT_DBG("%s", hdev->name);
5688 memset(&rp, 0, sizeof(rp));
5689 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5690 rp.addr.type = cp->addr.type;
5692 if (cp->addr.type != BDADDR_BREDR)
5693 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5694 MGMT_STATUS_INVALID_PARAMS,
5699 if (!hdev_is_powered(hdev)) {
5700 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5701 MGMT_STATUS_NOT_POWERED, &rp,
5706 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5707 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5709 if (!conn || conn->state != BT_CONNECTED) {
5710 err = mgmt_cmd_complete(sk, hdev->id,
5711 MGMT_OP_GET_CLOCK_INFO,
5712 MGMT_STATUS_NOT_CONNECTED,
5720 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5726 cmd->cmd_complete = clock_info_cmd_complete;
5728 hci_req_init(&req, hdev);
5730 memset(&hci_cp, 0, sizeof(hci_cp));
5731 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5734 hci_conn_hold(conn);
5735 cmd->user_data = hci_conn_get(conn);
5737 hci_cp.handle = cpu_to_le16(conn->handle);
5738 hci_cp.which = 0x01; /* Piconet clock */
5739 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5742 err = hci_req_run(&req, get_clock_info_complete);
5744 mgmt_pending_remove(cmd);
5747 hci_dev_unlock(hdev);
5751 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5753 struct hci_conn *conn;
5755 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5759 if (conn->dst_type != type)
5762 if (conn->state != BT_CONNECTED)
5768 /* This function requires the caller holds hdev->lock */
5769 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5770 u8 addr_type, u8 auto_connect)
5772 struct hci_conn_params *params;
5774 params = hci_conn_params_add(hdev, addr, addr_type);
5778 if (params->auto_connect == auto_connect)
5781 list_del_init(¶ms->action);
5783 switch (auto_connect) {
5784 case HCI_AUTO_CONN_DISABLED:
5785 case HCI_AUTO_CONN_LINK_LOSS:
5786 /* If auto connect is being disabled when we're trying to
5787 * connect to device, keep connecting.
5789 if (params->explicit_connect)
5790 list_add(¶ms->action, &hdev->pend_le_conns);
5792 case HCI_AUTO_CONN_REPORT:
5793 if (params->explicit_connect)
5794 list_add(¶ms->action, &hdev->pend_le_conns);
5796 list_add(¶ms->action, &hdev->pend_le_reports);
5798 case HCI_AUTO_CONN_DIRECT:
5799 case HCI_AUTO_CONN_ALWAYS:
5800 if (!is_connected(hdev, addr, addr_type))
5801 list_add(¶ms->action, &hdev->pend_le_conns);
5805 params->auto_connect = auto_connect;
5807 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5813 static void device_added(struct sock *sk, struct hci_dev *hdev,
5814 bdaddr_t *bdaddr, u8 type, u8 action)
5816 struct mgmt_ev_device_added ev;
5818 bacpy(&ev.addr.bdaddr, bdaddr);
5819 ev.addr.type = type;
5822 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5825 static int add_device(struct sock *sk, struct hci_dev *hdev,
5826 void *data, u16 len)
5828 struct mgmt_cp_add_device *cp = data;
5829 u8 auto_conn, addr_type;
5832 BT_DBG("%s", hdev->name);
5834 if (!bdaddr_type_is_valid(cp->addr.type) ||
5835 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5836 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5837 MGMT_STATUS_INVALID_PARAMS,
5838 &cp->addr, sizeof(cp->addr));
5840 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5841 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5842 MGMT_STATUS_INVALID_PARAMS,
5843 &cp->addr, sizeof(cp->addr));
5847 if (cp->addr.type == BDADDR_BREDR) {
5848 /* Only incoming connections action is supported for now */
5849 if (cp->action != 0x01) {
5850 err = mgmt_cmd_complete(sk, hdev->id,
5852 MGMT_STATUS_INVALID_PARAMS,
5853 &cp->addr, sizeof(cp->addr));
5857 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5862 hci_req_update_scan(hdev);
5867 addr_type = le_addr_type(cp->addr.type);
5869 if (cp->action == 0x02)
5870 auto_conn = HCI_AUTO_CONN_ALWAYS;
5871 else if (cp->action == 0x01)
5872 auto_conn = HCI_AUTO_CONN_DIRECT;
5874 auto_conn = HCI_AUTO_CONN_REPORT;
5876 /* Kernel internally uses conn_params with resolvable private
5877 * address, but Add Device allows only identity addresses.
5878 * Make sure it is enforced before calling
5879 * hci_conn_params_lookup.
5881 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5882 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5883 MGMT_STATUS_INVALID_PARAMS,
5884 &cp->addr, sizeof(cp->addr));
5888 /* If the connection parameters don't exist for this device,
5889 * they will be created and configured with defaults.
5891 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5893 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5894 MGMT_STATUS_FAILED, &cp->addr,
5899 hci_update_background_scan(hdev);
5902 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5904 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5905 MGMT_STATUS_SUCCESS, &cp->addr,
5909 hci_dev_unlock(hdev);
5913 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5914 bdaddr_t *bdaddr, u8 type)
5916 struct mgmt_ev_device_removed ev;
5918 bacpy(&ev.addr.bdaddr, bdaddr);
5919 ev.addr.type = type;
5921 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5924 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5925 void *data, u16 len)
5927 struct mgmt_cp_remove_device *cp = data;
5930 BT_DBG("%s", hdev->name);
5934 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5935 struct hci_conn_params *params;
5938 if (!bdaddr_type_is_valid(cp->addr.type)) {
5939 err = mgmt_cmd_complete(sk, hdev->id,
5940 MGMT_OP_REMOVE_DEVICE,
5941 MGMT_STATUS_INVALID_PARAMS,
5942 &cp->addr, sizeof(cp->addr));
5946 if (cp->addr.type == BDADDR_BREDR) {
5947 err = hci_bdaddr_list_del(&hdev->whitelist,
5951 err = mgmt_cmd_complete(sk, hdev->id,
5952 MGMT_OP_REMOVE_DEVICE,
5953 MGMT_STATUS_INVALID_PARAMS,
5959 hci_req_update_scan(hdev);
5961 device_removed(sk, hdev, &cp->addr.bdaddr,
5966 addr_type = le_addr_type(cp->addr.type);
5968 /* Kernel internally uses conn_params with resolvable private
5969 * address, but Remove Device allows only identity addresses.
5970 * Make sure it is enforced before calling
5971 * hci_conn_params_lookup.
5973 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5974 err = mgmt_cmd_complete(sk, hdev->id,
5975 MGMT_OP_REMOVE_DEVICE,
5976 MGMT_STATUS_INVALID_PARAMS,
5977 &cp->addr, sizeof(cp->addr));
5981 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5984 err = mgmt_cmd_complete(sk, hdev->id,
5985 MGMT_OP_REMOVE_DEVICE,
5986 MGMT_STATUS_INVALID_PARAMS,
5987 &cp->addr, sizeof(cp->addr));
5991 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5992 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5993 err = mgmt_cmd_complete(sk, hdev->id,
5994 MGMT_OP_REMOVE_DEVICE,
5995 MGMT_STATUS_INVALID_PARAMS,
5996 &cp->addr, sizeof(cp->addr));
6000 list_del(¶ms->action);
6001 list_del(¶ms->list);
6003 hci_update_background_scan(hdev);
6005 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
6007 struct hci_conn_params *p, *tmp;
6008 struct bdaddr_list *b, *btmp;
6010 if (cp->addr.type) {
6011 err = mgmt_cmd_complete(sk, hdev->id,
6012 MGMT_OP_REMOVE_DEVICE,
6013 MGMT_STATUS_INVALID_PARAMS,
6014 &cp->addr, sizeof(cp->addr));
6018 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6019 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6024 hci_req_update_scan(hdev);
6026 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6027 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6029 device_removed(sk, hdev, &p->addr, p->addr_type);
6030 if (p->explicit_connect) {
6031 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
6034 list_del(&p->action);
6039 BT_DBG("All LE connection parameters were removed");
6041 hci_update_background_scan(hdev);
6045 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
6046 MGMT_STATUS_SUCCESS, &cp->addr,
6049 hci_dev_unlock(hdev);
6053 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6056 struct mgmt_cp_load_conn_param *cp = data;
6057 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6058 sizeof(struct mgmt_conn_param));
6059 u16 param_count, expected_len;
6062 if (!lmp_le_capable(hdev))
6063 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6064 MGMT_STATUS_NOT_SUPPORTED);
6066 param_count = __le16_to_cpu(cp->param_count);
6067 if (param_count > max_param_count) {
6068 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
6070 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6071 MGMT_STATUS_INVALID_PARAMS);
6074 expected_len = struct_size(cp, params, param_count);
6075 if (expected_len != len) {
6076 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
6078 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6079 MGMT_STATUS_INVALID_PARAMS);
6082 BT_DBG("%s param_count %u", hdev->name, param_count);
6086 hci_conn_params_clear_disabled(hdev);
6088 for (i = 0; i < param_count; i++) {
6089 struct mgmt_conn_param *param = &cp->params[i];
6090 struct hci_conn_params *hci_param;
6091 u16 min, max, latency, timeout;
6094 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
6097 if (param->addr.type == BDADDR_LE_PUBLIC) {
6098 addr_type = ADDR_LE_DEV_PUBLIC;
6099 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6100 addr_type = ADDR_LE_DEV_RANDOM;
6102 bt_dev_err(hdev, "ignoring invalid connection parameters");
6106 min = le16_to_cpu(param->min_interval);
6107 max = le16_to_cpu(param->max_interval);
6108 latency = le16_to_cpu(param->latency);
6109 timeout = le16_to_cpu(param->timeout);
6111 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6112 min, max, latency, timeout);
6114 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6115 bt_dev_err(hdev, "ignoring invalid connection parameters");
6119 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
6122 bt_dev_err(hdev, "failed to add connection parameters");
6126 hci_param->conn_min_interval = min;
6127 hci_param->conn_max_interval = max;
6128 hci_param->conn_latency = latency;
6129 hci_param->supervision_timeout = timeout;
6132 hci_dev_unlock(hdev);
6134 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6138 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6139 void *data, u16 len)
6141 struct mgmt_cp_set_external_config *cp = data;
6145 BT_DBG("%s", hdev->name);
6147 if (hdev_is_powered(hdev))
6148 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6149 MGMT_STATUS_REJECTED);
6151 if (cp->config != 0x00 && cp->config != 0x01)
6152 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6153 MGMT_STATUS_INVALID_PARAMS);
6155 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6156 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6157 MGMT_STATUS_NOT_SUPPORTED);
6162 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6164 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6166 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6173 err = new_options(hdev, sk);
6175 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6176 mgmt_index_removed(hdev);
6178 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6179 hci_dev_set_flag(hdev, HCI_CONFIG);
6180 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6182 queue_work(hdev->req_workqueue, &hdev->power_on);
6184 set_bit(HCI_RAW, &hdev->flags);
6185 mgmt_index_added(hdev);
6190 hci_dev_unlock(hdev);
6194 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6195 void *data, u16 len)
6197 struct mgmt_cp_set_public_address *cp = data;
6201 BT_DBG("%s", hdev->name);
6203 if (hdev_is_powered(hdev))
6204 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6205 MGMT_STATUS_REJECTED);
6207 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6208 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6209 MGMT_STATUS_INVALID_PARAMS);
6211 if (!hdev->set_bdaddr)
6212 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6213 MGMT_STATUS_NOT_SUPPORTED);
6217 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6218 bacpy(&hdev->public_addr, &cp->bdaddr);
6220 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6227 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6228 err = new_options(hdev, sk);
6230 if (is_configured(hdev)) {
6231 mgmt_index_removed(hdev);
6233 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6235 hci_dev_set_flag(hdev, HCI_CONFIG);
6236 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6238 queue_work(hdev->req_workqueue, &hdev->power_on);
6242 hci_dev_unlock(hdev);
6246 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6247 u16 opcode, struct sk_buff *skb)
6249 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6250 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6251 u8 *h192, *r192, *h256, *r256;
6252 struct mgmt_pending_cmd *cmd;
6256 BT_DBG("%s status %u", hdev->name, status);
6258 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6262 mgmt_cp = cmd->param;
6265 status = mgmt_status(status);
6272 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6273 struct hci_rp_read_local_oob_data *rp;
6275 if (skb->len != sizeof(*rp)) {
6276 status = MGMT_STATUS_FAILED;
6279 status = MGMT_STATUS_SUCCESS;
6280 rp = (void *)skb->data;
6282 eir_len = 5 + 18 + 18;
6289 struct hci_rp_read_local_oob_ext_data *rp;
6291 if (skb->len != sizeof(*rp)) {
6292 status = MGMT_STATUS_FAILED;
6295 status = MGMT_STATUS_SUCCESS;
6296 rp = (void *)skb->data;
6298 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6299 eir_len = 5 + 18 + 18;
6303 eir_len = 5 + 18 + 18 + 18 + 18;
6313 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6320 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6321 hdev->dev_class, 3);
6324 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6325 EIR_SSP_HASH_C192, h192, 16);
6326 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6327 EIR_SSP_RAND_R192, r192, 16);
6331 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6332 EIR_SSP_HASH_C256, h256, 16);
6333 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6334 EIR_SSP_RAND_R256, r256, 16);
6338 mgmt_rp->type = mgmt_cp->type;
6339 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6341 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6342 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6343 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6344 if (err < 0 || status)
6347 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6349 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6350 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6351 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6354 mgmt_pending_remove(cmd);
6357 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6358 struct mgmt_cp_read_local_oob_ext_data *cp)
6360 struct mgmt_pending_cmd *cmd;
6361 struct hci_request req;
6364 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6369 hci_req_init(&req, hdev);
6371 if (bredr_sc_enabled(hdev))
6372 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6374 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6376 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6378 mgmt_pending_remove(cmd);
6385 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6386 void *data, u16 data_len)
6388 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6389 struct mgmt_rp_read_local_oob_ext_data *rp;
6392 u8 status, flags, role, addr[7], hash[16], rand[16];
6395 BT_DBG("%s", hdev->name);
6397 if (hdev_is_powered(hdev)) {
6399 case BIT(BDADDR_BREDR):
6400 status = mgmt_bredr_support(hdev);
6406 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6407 status = mgmt_le_support(hdev);
6411 eir_len = 9 + 3 + 18 + 18 + 3;
6414 status = MGMT_STATUS_INVALID_PARAMS;
6419 status = MGMT_STATUS_NOT_POWERED;
6423 rp_len = sizeof(*rp) + eir_len;
6424 rp = kmalloc(rp_len, GFP_ATOMIC);
6435 case BIT(BDADDR_BREDR):
6436 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6437 err = read_local_ssp_oob_req(hdev, sk, cp);
6438 hci_dev_unlock(hdev);
6442 status = MGMT_STATUS_FAILED;
6445 eir_len = eir_append_data(rp->eir, eir_len,
6447 hdev->dev_class, 3);
6450 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6451 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6452 smp_generate_oob(hdev, hash, rand) < 0) {
6453 hci_dev_unlock(hdev);
6454 status = MGMT_STATUS_FAILED;
6458 /* This should return the active RPA, but since the RPA
6459 * is only programmed on demand, it is really hard to fill
6460 * this in at the moment. For now disallow retrieving
6461 * local out-of-band data when privacy is in use.
6463 * Returning the identity address will not help here since
6464 * pairing happens before the identity resolving key is
6465 * known and thus the connection establishment happens
6466 * based on the RPA and not the identity address.
6468 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6469 hci_dev_unlock(hdev);
6470 status = MGMT_STATUS_REJECTED;
6474 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6475 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6476 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6477 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6478 memcpy(addr, &hdev->static_addr, 6);
6481 memcpy(addr, &hdev->bdaddr, 6);
6485 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6486 addr, sizeof(addr));
6488 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6493 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6494 &role, sizeof(role));
6496 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6497 eir_len = eir_append_data(rp->eir, eir_len,
6499 hash, sizeof(hash));
6501 eir_len = eir_append_data(rp->eir, eir_len,
6503 rand, sizeof(rand));
6506 flags = mgmt_get_adv_discov_flags(hdev);
6508 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6509 flags |= LE_AD_NO_BREDR;
6511 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6512 &flags, sizeof(flags));
6516 hci_dev_unlock(hdev);
6518 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6520 status = MGMT_STATUS_SUCCESS;
6523 rp->type = cp->type;
6524 rp->eir_len = cpu_to_le16(eir_len);
6526 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6527 status, rp, sizeof(*rp) + eir_len);
6528 if (err < 0 || status)
6531 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6532 rp, sizeof(*rp) + eir_len,
6533 HCI_MGMT_OOB_DATA_EVENTS, sk);
6541 static u32 get_supported_adv_flags(struct hci_dev *hdev)
6545 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6546 flags |= MGMT_ADV_FLAG_DISCOV;
6547 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6548 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6549 flags |= MGMT_ADV_FLAG_APPEARANCE;
6550 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
6552 /* In extended adv TX_POWER returned from Set Adv Param
6553 * will be always valid.
6555 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
6556 ext_adv_capable(hdev))
6557 flags |= MGMT_ADV_FLAG_TX_POWER;
6559 if (ext_adv_capable(hdev)) {
6560 flags |= MGMT_ADV_FLAG_SEC_1M;
6562 if (hdev->le_features[1] & HCI_LE_PHY_2M)
6563 flags |= MGMT_ADV_FLAG_SEC_2M;
6565 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
6566 flags |= MGMT_ADV_FLAG_SEC_CODED;
6572 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6573 void *data, u16 data_len)
6575 struct mgmt_rp_read_adv_features *rp;
6578 struct adv_info *adv_instance;
6579 u32 supported_flags;
6582 BT_DBG("%s", hdev->name);
6584 if (!lmp_le_capable(hdev))
6585 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6586 MGMT_STATUS_REJECTED);
6590 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
6591 rp = kmalloc(rp_len, GFP_ATOMIC);
6593 hci_dev_unlock(hdev);
6597 supported_flags = get_supported_adv_flags(hdev);
6599 rp->supported_flags = cpu_to_le32(supported_flags);
6600 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6601 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6602 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6603 rp->num_instances = hdev->adv_instance_cnt;
6605 instance = rp->instance;
6606 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6607 *instance = adv_instance->instance;
6611 hci_dev_unlock(hdev);
6613 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6614 MGMT_STATUS_SUCCESS, rp, rp_len);
6621 static u8 calculate_name_len(struct hci_dev *hdev)
6623 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6625 return append_local_name(hdev, buf, 0);
6628 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6631 u8 max_len = HCI_MAX_AD_LENGTH;
6634 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6635 MGMT_ADV_FLAG_LIMITED_DISCOV |
6636 MGMT_ADV_FLAG_MANAGED_FLAGS))
6639 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6642 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6643 max_len -= calculate_name_len(hdev);
6645 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6652 static bool flags_managed(u32 adv_flags)
6654 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6655 MGMT_ADV_FLAG_LIMITED_DISCOV |
6656 MGMT_ADV_FLAG_MANAGED_FLAGS);
6659 static bool tx_power_managed(u32 adv_flags)
6661 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6664 static bool name_managed(u32 adv_flags)
6666 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6669 static bool appearance_managed(u32 adv_flags)
6671 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6674 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6675 u8 len, bool is_adv_data)
6680 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
6685 /* Make sure that the data is correctly formatted. */
6686 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6689 if (data[i + 1] == EIR_FLAGS &&
6690 (!is_adv_data || flags_managed(adv_flags)))
6693 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6696 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6699 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6702 if (data[i + 1] == EIR_APPEARANCE &&
6703 appearance_managed(adv_flags))
6706 /* If the current field length would exceed the total data
6707 * length, then it's invalid.
6709 if (i + cur_len >= len)
6716 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6719 struct mgmt_pending_cmd *cmd;
6720 struct mgmt_cp_add_advertising *cp;
6721 struct mgmt_rp_add_advertising rp;
6722 struct adv_info *adv_instance, *n;
6725 BT_DBG("status %d", status);
6729 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6731 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6732 if (!adv_instance->pending)
6736 adv_instance->pending = false;
6740 instance = adv_instance->instance;
6742 if (hdev->cur_adv_instance == instance)
6743 cancel_adv_timeout(hdev);
6745 hci_remove_adv_instance(hdev, instance);
6746 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6753 rp.instance = cp->instance;
6756 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6757 mgmt_status(status));
6759 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6760 mgmt_status(status), &rp, sizeof(rp));
6762 mgmt_pending_remove(cmd);
6765 hci_dev_unlock(hdev);
6768 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6769 void *data, u16 data_len)
6771 struct mgmt_cp_add_advertising *cp = data;
6772 struct mgmt_rp_add_advertising rp;
6774 u32 supported_flags, phy_flags;
6776 u16 timeout, duration;
6777 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6778 u8 schedule_instance = 0;
6779 struct adv_info *next_instance;
6781 struct mgmt_pending_cmd *cmd;
6782 struct hci_request req;
6784 BT_DBG("%s", hdev->name);
6786 status = mgmt_le_support(hdev);
6788 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6791 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6792 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6793 MGMT_STATUS_INVALID_PARAMS);
6795 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6796 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6797 MGMT_STATUS_INVALID_PARAMS);
6799 flags = __le32_to_cpu(cp->flags);
6800 timeout = __le16_to_cpu(cp->timeout);
6801 duration = __le16_to_cpu(cp->duration);
6803 /* The current implementation only supports a subset of the specified
6804 * flags. Also need to check mutual exclusiveness of sec flags.
6806 supported_flags = get_supported_adv_flags(hdev);
6807 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK;
6808 if (flags & ~supported_flags ||
6809 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
6810 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6811 MGMT_STATUS_INVALID_PARAMS);
6815 if (timeout && !hdev_is_powered(hdev)) {
6816 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6817 MGMT_STATUS_REJECTED);
6821 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6822 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6823 pending_find(MGMT_OP_SET_LE, hdev)) {
6824 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6829 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6830 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6831 cp->scan_rsp_len, false)) {
6832 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6833 MGMT_STATUS_INVALID_PARAMS);
6837 err = hci_add_adv_instance(hdev, cp->instance, flags,
6838 cp->adv_data_len, cp->data,
6840 cp->data + cp->adv_data_len,
6843 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6844 MGMT_STATUS_FAILED);
6848 /* Only trigger an advertising added event if a new instance was
6851 if (hdev->adv_instance_cnt > prev_instance_cnt)
6852 mgmt_advertising_added(sk, hdev, cp->instance);
6854 if (hdev->cur_adv_instance == cp->instance) {
6855 /* If the currently advertised instance is being changed then
6856 * cancel the current advertising and schedule the next
6857 * instance. If there is only one instance then the overridden
6858 * advertising data will be visible right away.
6860 cancel_adv_timeout(hdev);
6862 next_instance = hci_get_next_instance(hdev, cp->instance);
6864 schedule_instance = next_instance->instance;
6865 } else if (!hdev->adv_instance_timeout) {
6866 /* Immediately advertise the new instance if no other
6867 * instance is currently being advertised.
6869 schedule_instance = cp->instance;
6872 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6873 * there is no instance to be advertised then we have no HCI
6874 * communication to make. Simply return.
6876 if (!hdev_is_powered(hdev) ||
6877 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6878 !schedule_instance) {
6879 rp.instance = cp->instance;
6880 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6881 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6885 /* We're good to go, update advertising data, parameters, and start
6888 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6895 hci_req_init(&req, hdev);
6897 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6900 err = hci_req_run(&req, add_advertising_complete);
6903 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6904 MGMT_STATUS_FAILED);
6905 mgmt_pending_remove(cmd);
6909 hci_dev_unlock(hdev);
6914 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6917 struct mgmt_pending_cmd *cmd;
6918 struct mgmt_cp_remove_advertising *cp;
6919 struct mgmt_rp_remove_advertising rp;
6921 BT_DBG("status %d", status);
6925 /* A failure status here only means that we failed to disable
6926 * advertising. Otherwise, the advertising instance has been removed,
6927 * so report success.
6929 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6934 rp.instance = cp->instance;
6936 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6938 mgmt_pending_remove(cmd);
6941 hci_dev_unlock(hdev);
6944 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6945 void *data, u16 data_len)
6947 struct mgmt_cp_remove_advertising *cp = data;
6948 struct mgmt_rp_remove_advertising rp;
6949 struct mgmt_pending_cmd *cmd;
6950 struct hci_request req;
6953 BT_DBG("%s", hdev->name);
6957 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6958 err = mgmt_cmd_status(sk, hdev->id,
6959 MGMT_OP_REMOVE_ADVERTISING,
6960 MGMT_STATUS_INVALID_PARAMS);
6964 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6965 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6966 pending_find(MGMT_OP_SET_LE, hdev)) {
6967 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6972 if (list_empty(&hdev->adv_instances)) {
6973 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6974 MGMT_STATUS_INVALID_PARAMS);
6978 hci_req_init(&req, hdev);
6980 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6982 if (list_empty(&hdev->adv_instances))
6983 __hci_req_disable_advertising(&req);
6985 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6986 * flag is set or the device isn't powered then we have no HCI
6987 * communication to make. Simply return.
6989 if (skb_queue_empty(&req.cmd_q) ||
6990 !hdev_is_powered(hdev) ||
6991 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6992 hci_req_purge(&req);
6993 rp.instance = cp->instance;
6994 err = mgmt_cmd_complete(sk, hdev->id,
6995 MGMT_OP_REMOVE_ADVERTISING,
6996 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7000 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
7007 err = hci_req_run(&req, remove_advertising_complete);
7009 mgmt_pending_remove(cmd);
7012 hci_dev_unlock(hdev);
7017 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
7018 void *data, u16 data_len)
7020 struct mgmt_cp_get_adv_size_info *cp = data;
7021 struct mgmt_rp_get_adv_size_info rp;
7022 u32 flags, supported_flags;
7025 BT_DBG("%s", hdev->name);
7027 if (!lmp_le_capable(hdev))
7028 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7029 MGMT_STATUS_REJECTED);
7031 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
7032 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7033 MGMT_STATUS_INVALID_PARAMS);
7035 flags = __le32_to_cpu(cp->flags);
7037 /* The current implementation only supports a subset of the specified
7040 supported_flags = get_supported_adv_flags(hdev);
7041 if (flags & ~supported_flags)
7042 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7043 MGMT_STATUS_INVALID_PARAMS);
7045 rp.instance = cp->instance;
7046 rp.flags = cp->flags;
7047 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
7048 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
7050 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7051 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7056 static const struct hci_mgmt_handler mgmt_handlers[] = {
7057 { NULL }, /* 0x0000 (no command) */
7058 { read_version, MGMT_READ_VERSION_SIZE,
7060 HCI_MGMT_UNTRUSTED },
7061 { read_commands, MGMT_READ_COMMANDS_SIZE,
7063 HCI_MGMT_UNTRUSTED },
7064 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
7066 HCI_MGMT_UNTRUSTED },
7067 { read_controller_info, MGMT_READ_INFO_SIZE,
7068 HCI_MGMT_UNTRUSTED },
7069 { set_powered, MGMT_SETTING_SIZE },
7070 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
7071 { set_connectable, MGMT_SETTING_SIZE },
7072 { set_fast_connectable, MGMT_SETTING_SIZE },
7073 { set_bondable, MGMT_SETTING_SIZE },
7074 { set_link_security, MGMT_SETTING_SIZE },
7075 { set_ssp, MGMT_SETTING_SIZE },
7076 { set_hs, MGMT_SETTING_SIZE },
7077 { set_le, MGMT_SETTING_SIZE },
7078 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
7079 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
7080 { add_uuid, MGMT_ADD_UUID_SIZE },
7081 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
7082 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
7084 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
7086 { disconnect, MGMT_DISCONNECT_SIZE },
7087 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
7088 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
7089 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7090 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
7091 { pair_device, MGMT_PAIR_DEVICE_SIZE },
7092 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7093 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
7094 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
7095 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7096 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
7097 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
7098 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7099 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
7101 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7102 { start_discovery, MGMT_START_DISCOVERY_SIZE },
7103 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
7104 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
7105 { block_device, MGMT_BLOCK_DEVICE_SIZE },
7106 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
7107 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
7108 { set_advertising, MGMT_SETTING_SIZE },
7109 { set_bredr, MGMT_SETTING_SIZE },
7110 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
7111 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
7112 { set_secure_conn, MGMT_SETTING_SIZE },
7113 { set_debug_keys, MGMT_SETTING_SIZE },
7114 { set_privacy, MGMT_SET_PRIVACY_SIZE },
7115 { load_irks, MGMT_LOAD_IRKS_SIZE,
7117 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
7118 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
7119 { add_device, MGMT_ADD_DEVICE_SIZE },
7120 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
7121 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
7123 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
7125 HCI_MGMT_UNTRUSTED },
7126 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
7127 HCI_MGMT_UNCONFIGURED |
7128 HCI_MGMT_UNTRUSTED },
7129 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
7130 HCI_MGMT_UNCONFIGURED },
7131 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
7132 HCI_MGMT_UNCONFIGURED },
7133 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7135 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
7136 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
7138 HCI_MGMT_UNTRUSTED },
7139 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
7140 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7142 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
7143 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
7144 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
7145 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
7146 HCI_MGMT_UNTRUSTED },
7147 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
7148 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
7149 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
7150 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
7152 { set_wideband_speech, MGMT_SETTING_SIZE },
7153 { read_security_info, MGMT_READ_SECURITY_INFO_SIZE,
7154 HCI_MGMT_UNTRUSTED },
7157 void mgmt_index_added(struct hci_dev *hdev)
7159 struct mgmt_ev_ext_index ev;
7161 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7164 switch (hdev->dev_type) {
7166 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7167 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7168 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7171 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7172 HCI_MGMT_INDEX_EVENTS);
7185 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7186 HCI_MGMT_EXT_INDEX_EVENTS);
7189 void mgmt_index_removed(struct hci_dev *hdev)
7191 struct mgmt_ev_ext_index ev;
7192 u8 status = MGMT_STATUS_INVALID_INDEX;
7194 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7197 switch (hdev->dev_type) {
7199 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7201 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7202 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7203 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7206 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7207 HCI_MGMT_INDEX_EVENTS);
7220 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7221 HCI_MGMT_EXT_INDEX_EVENTS);
7224 /* This function requires the caller holds hdev->lock */
7225 static void restart_le_actions(struct hci_dev *hdev)
7227 struct hci_conn_params *p;
7229 list_for_each_entry(p, &hdev->le_conn_params, list) {
7230 /* Needed for AUTO_OFF case where might not "really"
7231 * have been powered off.
7233 list_del_init(&p->action);
7235 switch (p->auto_connect) {
7236 case HCI_AUTO_CONN_DIRECT:
7237 case HCI_AUTO_CONN_ALWAYS:
7238 list_add(&p->action, &hdev->pend_le_conns);
7240 case HCI_AUTO_CONN_REPORT:
7241 list_add(&p->action, &hdev->pend_le_reports);
7249 void mgmt_power_on(struct hci_dev *hdev, int err)
7251 struct cmd_lookup match = { NULL, hdev };
7253 BT_DBG("err %d", err);
7258 restart_le_actions(hdev);
7259 hci_update_background_scan(hdev);
7262 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7264 new_settings(hdev, match.sk);
7269 hci_dev_unlock(hdev);
7272 void __mgmt_power_off(struct hci_dev *hdev)
7274 struct cmd_lookup match = { NULL, hdev };
7275 u8 status, zero_cod[] = { 0, 0, 0 };
7277 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7279 /* If the power off is because of hdev unregistration let
7280 * use the appropriate INVALID_INDEX status. Otherwise use
7281 * NOT_POWERED. We cover both scenarios here since later in
7282 * mgmt_index_removed() any hci_conn callbacks will have already
7283 * been triggered, potentially causing misleading DISCONNECTED
7286 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7287 status = MGMT_STATUS_INVALID_INDEX;
7289 status = MGMT_STATUS_NOT_POWERED;
7291 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7293 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
7294 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7295 zero_cod, sizeof(zero_cod),
7296 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7297 ext_info_changed(hdev, NULL);
7300 new_settings(hdev, match.sk);
7306 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7308 struct mgmt_pending_cmd *cmd;
7311 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7315 if (err == -ERFKILL)
7316 status = MGMT_STATUS_RFKILLED;
7318 status = MGMT_STATUS_FAILED;
7320 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7322 mgmt_pending_remove(cmd);
7325 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7328 struct mgmt_ev_new_link_key ev;
7330 memset(&ev, 0, sizeof(ev));
7332 ev.store_hint = persistent;
7333 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7334 ev.key.addr.type = BDADDR_BREDR;
7335 ev.key.type = key->type;
7336 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7337 ev.key.pin_len = key->pin_len;
7339 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7342 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7344 switch (ltk->type) {
7347 if (ltk->authenticated)
7348 return MGMT_LTK_AUTHENTICATED;
7349 return MGMT_LTK_UNAUTHENTICATED;
7351 if (ltk->authenticated)
7352 return MGMT_LTK_P256_AUTH;
7353 return MGMT_LTK_P256_UNAUTH;
7354 case SMP_LTK_P256_DEBUG:
7355 return MGMT_LTK_P256_DEBUG;
7358 return MGMT_LTK_UNAUTHENTICATED;
7361 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7363 struct mgmt_ev_new_long_term_key ev;
7365 memset(&ev, 0, sizeof(ev));
7367 /* Devices using resolvable or non-resolvable random addresses
7368 * without providing an identity resolving key don't require
7369 * to store long term keys. Their addresses will change the
7372 * Only when a remote device provides an identity address
7373 * make sure the long term key is stored. If the remote
7374 * identity is known, the long term keys are internally
7375 * mapped to the identity address. So allow static random
7376 * and public addresses here.
7378 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7379 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7380 ev.store_hint = 0x00;
7382 ev.store_hint = persistent;
7384 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7385 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7386 ev.key.type = mgmt_ltk_type(key);
7387 ev.key.enc_size = key->enc_size;
7388 ev.key.ediv = key->ediv;
7389 ev.key.rand = key->rand;
7391 if (key->type == SMP_LTK)
7394 /* Make sure we copy only the significant bytes based on the
7395 * encryption key size, and set the rest of the value to zeroes.
7397 memcpy(ev.key.val, key->val, key->enc_size);
7398 memset(ev.key.val + key->enc_size, 0,
7399 sizeof(ev.key.val) - key->enc_size);
7401 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7404 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
7406 struct mgmt_ev_new_irk ev;
7408 memset(&ev, 0, sizeof(ev));
7410 ev.store_hint = persistent;
7412 bacpy(&ev.rpa, &irk->rpa);
7413 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7414 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7415 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7417 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7420 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7423 struct mgmt_ev_new_csrk ev;
7425 memset(&ev, 0, sizeof(ev));
7427 /* Devices using resolvable or non-resolvable random addresses
7428 * without providing an identity resolving key don't require
7429 * to store signature resolving keys. Their addresses will change
7430 * the next time around.
7432 * Only when a remote device provides an identity address
7433 * make sure the signature resolving key is stored. So allow
7434 * static random and public addresses here.
7436 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7437 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7438 ev.store_hint = 0x00;
7440 ev.store_hint = persistent;
7442 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7443 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7444 ev.key.type = csrk->type;
7445 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7447 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7450 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7451 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7452 u16 max_interval, u16 latency, u16 timeout)
7454 struct mgmt_ev_new_conn_param ev;
7456 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7459 memset(&ev, 0, sizeof(ev));
7460 bacpy(&ev.addr.bdaddr, bdaddr);
7461 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7462 ev.store_hint = store_hint;
7463 ev.min_interval = cpu_to_le16(min_interval);
7464 ev.max_interval = cpu_to_le16(max_interval);
7465 ev.latency = cpu_to_le16(latency);
7466 ev.timeout = cpu_to_le16(timeout);
7468 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7471 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7472 u32 flags, u8 *name, u8 name_len)
7475 struct mgmt_ev_device_connected *ev = (void *) buf;
7478 bacpy(&ev->addr.bdaddr, &conn->dst);
7479 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7481 ev->flags = __cpu_to_le32(flags);
7483 /* We must ensure that the EIR Data fields are ordered and
7484 * unique. Keep it simple for now and avoid the problem by not
7485 * adding any BR/EDR data to the LE adv.
7487 if (conn->le_adv_data_len > 0) {
7488 memcpy(&ev->eir[eir_len],
7489 conn->le_adv_data, conn->le_adv_data_len);
7490 eir_len = conn->le_adv_data_len;
7493 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7496 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7497 eir_len = eir_append_data(ev->eir, eir_len,
7499 conn->dev_class, 3);
7502 ev->eir_len = cpu_to_le16(eir_len);
7504 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7505 sizeof(*ev) + eir_len, NULL);
7508 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7510 struct sock **sk = data;
7512 cmd->cmd_complete(cmd, 0);
7517 mgmt_pending_remove(cmd);
7520 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7522 struct hci_dev *hdev = data;
7523 struct mgmt_cp_unpair_device *cp = cmd->param;
7525 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7527 cmd->cmd_complete(cmd, 0);
7528 mgmt_pending_remove(cmd);
7531 bool mgmt_powering_down(struct hci_dev *hdev)
7533 struct mgmt_pending_cmd *cmd;
7534 struct mgmt_mode *cp;
7536 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7547 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7548 u8 link_type, u8 addr_type, u8 reason,
7549 bool mgmt_connected)
7551 struct mgmt_ev_device_disconnected ev;
7552 struct sock *sk = NULL;
7554 /* The connection is still in hci_conn_hash so test for 1
7555 * instead of 0 to know if this is the last one.
7557 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7558 cancel_delayed_work(&hdev->power_off);
7559 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7562 if (!mgmt_connected)
7565 if (link_type != ACL_LINK && link_type != LE_LINK)
7568 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
7570 bacpy(&ev.addr.bdaddr, bdaddr);
7571 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7574 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
7579 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7583 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7584 u8 link_type, u8 addr_type, u8 status)
7586 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7587 struct mgmt_cp_disconnect *cp;
7588 struct mgmt_pending_cmd *cmd;
7590 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7593 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
7599 if (bacmp(bdaddr, &cp->addr.bdaddr))
7602 if (cp->addr.type != bdaddr_type)
7605 cmd->cmd_complete(cmd, mgmt_status(status));
7606 mgmt_pending_remove(cmd);
7609 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7610 u8 addr_type, u8 status)
7612 struct mgmt_ev_connect_failed ev;
7614 /* The connection is still in hci_conn_hash so test for 1
7615 * instead of 0 to know if this is the last one.
7617 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7618 cancel_delayed_work(&hdev->power_off);
7619 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7622 bacpy(&ev.addr.bdaddr, bdaddr);
7623 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7624 ev.status = mgmt_status(status);
7626 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7629 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7631 struct mgmt_ev_pin_code_request ev;
7633 bacpy(&ev.addr.bdaddr, bdaddr);
7634 ev.addr.type = BDADDR_BREDR;
7637 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7640 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7643 struct mgmt_pending_cmd *cmd;
7645 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7649 cmd->cmd_complete(cmd, mgmt_status(status));
7650 mgmt_pending_remove(cmd);
7653 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7656 struct mgmt_pending_cmd *cmd;
7658 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7662 cmd->cmd_complete(cmd, mgmt_status(status));
7663 mgmt_pending_remove(cmd);
7666 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7667 u8 link_type, u8 addr_type, u32 value,
7670 struct mgmt_ev_user_confirm_request ev;
7672 BT_DBG("%s", hdev->name);
7674 bacpy(&ev.addr.bdaddr, bdaddr);
7675 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7676 ev.confirm_hint = confirm_hint;
7677 ev.value = cpu_to_le32(value);
7679 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7683 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7684 u8 link_type, u8 addr_type)
7686 struct mgmt_ev_user_passkey_request ev;
7688 BT_DBG("%s", hdev->name);
7690 bacpy(&ev.addr.bdaddr, bdaddr);
7691 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7693 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7697 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7698 u8 link_type, u8 addr_type, u8 status,
7701 struct mgmt_pending_cmd *cmd;
7703 cmd = pending_find(opcode, hdev);
7707 cmd->cmd_complete(cmd, mgmt_status(status));
7708 mgmt_pending_remove(cmd);
7713 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7714 u8 link_type, u8 addr_type, u8 status)
7716 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7717 status, MGMT_OP_USER_CONFIRM_REPLY);
7720 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7721 u8 link_type, u8 addr_type, u8 status)
7723 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7725 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7728 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7729 u8 link_type, u8 addr_type, u8 status)
7731 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7732 status, MGMT_OP_USER_PASSKEY_REPLY);
7735 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7736 u8 link_type, u8 addr_type, u8 status)
7738 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7740 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7743 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7744 u8 link_type, u8 addr_type, u32 passkey,
7747 struct mgmt_ev_passkey_notify ev;
7749 BT_DBG("%s", hdev->name);
7751 bacpy(&ev.addr.bdaddr, bdaddr);
7752 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7753 ev.passkey = __cpu_to_le32(passkey);
7754 ev.entered = entered;
7756 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7759 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7761 struct mgmt_ev_auth_failed ev;
7762 struct mgmt_pending_cmd *cmd;
7763 u8 status = mgmt_status(hci_status);
7765 bacpy(&ev.addr.bdaddr, &conn->dst);
7766 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7769 cmd = find_pairing(conn);
7771 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7772 cmd ? cmd->sk : NULL);
7775 cmd->cmd_complete(cmd, status);
7776 mgmt_pending_remove(cmd);
7780 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7782 struct cmd_lookup match = { NULL, hdev };
7786 u8 mgmt_err = mgmt_status(status);
7787 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7788 cmd_status_rsp, &mgmt_err);
7792 if (test_bit(HCI_AUTH, &hdev->flags))
7793 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7795 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7797 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7801 new_settings(hdev, match.sk);
7807 static void clear_eir(struct hci_request *req)
7809 struct hci_dev *hdev = req->hdev;
7810 struct hci_cp_write_eir cp;
7812 if (!lmp_ext_inq_capable(hdev))
7815 memset(hdev->eir, 0, sizeof(hdev->eir));
7817 memset(&cp, 0, sizeof(cp));
7819 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7822 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7824 struct cmd_lookup match = { NULL, hdev };
7825 struct hci_request req;
7826 bool changed = false;
7829 u8 mgmt_err = mgmt_status(status);
7831 if (enable && hci_dev_test_and_clear_flag(hdev,
7833 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7834 new_settings(hdev, NULL);
7837 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7843 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7845 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7847 changed = hci_dev_test_and_clear_flag(hdev,
7850 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7853 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7856 new_settings(hdev, match.sk);
7861 hci_req_init(&req, hdev);
7863 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7864 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7865 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7866 sizeof(enable), &enable);
7867 __hci_req_update_eir(&req);
7872 hci_req_run(&req, NULL);
7875 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7877 struct cmd_lookup *match = data;
7879 if (match->sk == NULL) {
7880 match->sk = cmd->sk;
7881 sock_hold(match->sk);
7885 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7888 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7890 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7891 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7892 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7895 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7896 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7897 ext_info_changed(hdev, NULL);
7904 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7906 struct mgmt_cp_set_local_name ev;
7907 struct mgmt_pending_cmd *cmd;
7912 memset(&ev, 0, sizeof(ev));
7913 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7914 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7916 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7918 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7920 /* If this is a HCI command related to powering on the
7921 * HCI dev don't send any mgmt signals.
7923 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7927 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7928 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7929 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7932 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7936 for (i = 0; i < uuid_count; i++) {
7937 if (!memcmp(uuid, uuids[i], 16))
7944 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7948 while (parsed < eir_len) {
7949 u8 field_len = eir[0];
7956 if (eir_len - parsed < field_len + 1)
7960 case EIR_UUID16_ALL:
7961 case EIR_UUID16_SOME:
7962 for (i = 0; i + 3 <= field_len; i += 2) {
7963 memcpy(uuid, bluetooth_base_uuid, 16);
7964 uuid[13] = eir[i + 3];
7965 uuid[12] = eir[i + 2];
7966 if (has_uuid(uuid, uuid_count, uuids))
7970 case EIR_UUID32_ALL:
7971 case EIR_UUID32_SOME:
7972 for (i = 0; i + 5 <= field_len; i += 4) {
7973 memcpy(uuid, bluetooth_base_uuid, 16);
7974 uuid[15] = eir[i + 5];
7975 uuid[14] = eir[i + 4];
7976 uuid[13] = eir[i + 3];
7977 uuid[12] = eir[i + 2];
7978 if (has_uuid(uuid, uuid_count, uuids))
7982 case EIR_UUID128_ALL:
7983 case EIR_UUID128_SOME:
7984 for (i = 0; i + 17 <= field_len; i += 16) {
7985 memcpy(uuid, eir + i + 2, 16);
7986 if (has_uuid(uuid, uuid_count, uuids))
7992 parsed += field_len + 1;
7993 eir += field_len + 1;
7999 static void restart_le_scan(struct hci_dev *hdev)
8001 /* If controller is not scanning we are done. */
8002 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
8005 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8006 hdev->discovery.scan_start +
8007 hdev->discovery.scan_duration))
8010 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
8011 DISCOV_LE_RESTART_DELAY);
8014 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8015 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8017 /* If a RSSI threshold has been specified, and
8018 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
8019 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
8020 * is set, let it through for further processing, as we might need to
8023 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
8024 * the results are also dropped.
8026 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8027 (rssi == HCI_RSSI_INVALID ||
8028 (rssi < hdev->discovery.rssi &&
8029 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
8032 if (hdev->discovery.uuid_count != 0) {
8033 /* If a list of UUIDs is provided in filter, results with no
8034 * matching UUID should be dropped.
8036 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8037 hdev->discovery.uuids) &&
8038 !eir_has_uuids(scan_rsp, scan_rsp_len,
8039 hdev->discovery.uuid_count,
8040 hdev->discovery.uuids))
8044 /* If duplicate filtering does not report RSSI changes, then restart
8045 * scanning to ensure updated result with updated RSSI values.
8047 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8048 restart_le_scan(hdev);
8050 /* Validate RSSI value against the RSSI threshold once more. */
8051 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8052 rssi < hdev->discovery.rssi)
8059 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8060 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8061 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8064 struct mgmt_ev_device_found *ev = (void *)buf;
8067 /* Don't send events for a non-kernel initiated discovery. With
8068 * LE one exception is if we have pend_le_reports > 0 in which
8069 * case we're doing passive scanning and want these events.
8071 if (!hci_discovery_active(hdev)) {
8072 if (link_type == ACL_LINK)
8074 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8078 if (hdev->discovery.result_filtering) {
8079 /* We are using service discovery */
8080 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8085 if (hdev->discovery.limited) {
8086 /* Check for limited discoverable bit */
8088 if (!(dev_class[1] & 0x20))
8091 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
8092 if (!flags || !(flags[0] & LE_AD_LIMITED))
8097 /* Make sure that the buffer is big enough. The 5 extra bytes
8098 * are for the potential CoD field.
8100 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
8103 memset(buf, 0, sizeof(buf));
8105 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8106 * RSSI value was reported as 0 when not available. This behavior
8107 * is kept when using device discovery. This is required for full
8108 * backwards compatibility with the API.
8110 * However when using service discovery, the value 127 will be
8111 * returned when the RSSI is not available.
8113 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8114 link_type == ACL_LINK)
8117 bacpy(&ev->addr.bdaddr, bdaddr);
8118 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8120 ev->flags = cpu_to_le32(flags);
8123 /* Copy EIR or advertising data into event */
8124 memcpy(ev->eir, eir, eir_len);
8126 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8128 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8131 if (scan_rsp_len > 0)
8132 /* Append scan response data to event */
8133 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8135 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8136 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
8138 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
8141 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8142 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
8144 struct mgmt_ev_device_found *ev;
8145 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8148 ev = (struct mgmt_ev_device_found *) buf;
8150 memset(buf, 0, sizeof(buf));
8152 bacpy(&ev->addr.bdaddr, bdaddr);
8153 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8156 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8159 ev->eir_len = cpu_to_le16(eir_len);
8161 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
8164 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
8166 struct mgmt_ev_discovering ev;
8168 BT_DBG("%s discovering %u", hdev->name, discovering);
8170 memset(&ev, 0, sizeof(ev));
8171 ev.type = hdev->discovery.type;
8172 ev.discovering = discovering;
8174 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8177 static struct hci_mgmt_chan chan = {
8178 .channel = HCI_CHANNEL_CONTROL,
8179 .handler_count = ARRAY_SIZE(mgmt_handlers),
8180 .handlers = mgmt_handlers,
8181 .hdev_init = mgmt_init_hdev,
8186 return hci_mgmt_chan_register(&chan);
8189 void mgmt_exit(void)
8191 hci_mgmt_chan_unregister(&chan);