2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
39 #include "mgmt_config.h"
42 #define MGMT_VERSION 1
43 #define MGMT_REVISION 19
45 static const u16 mgmt_commands[] = {
46 MGMT_OP_READ_INDEX_LIST,
49 MGMT_OP_SET_DISCOVERABLE,
50 MGMT_OP_SET_CONNECTABLE,
51 MGMT_OP_SET_FAST_CONNECTABLE,
53 MGMT_OP_SET_LINK_SECURITY,
57 MGMT_OP_SET_DEV_CLASS,
58 MGMT_OP_SET_LOCAL_NAME,
61 MGMT_OP_LOAD_LINK_KEYS,
62 MGMT_OP_LOAD_LONG_TERM_KEYS,
64 MGMT_OP_GET_CONNECTIONS,
65 MGMT_OP_PIN_CODE_REPLY,
66 MGMT_OP_PIN_CODE_NEG_REPLY,
67 MGMT_OP_SET_IO_CAPABILITY,
69 MGMT_OP_CANCEL_PAIR_DEVICE,
70 MGMT_OP_UNPAIR_DEVICE,
71 MGMT_OP_USER_CONFIRM_REPLY,
72 MGMT_OP_USER_CONFIRM_NEG_REPLY,
73 MGMT_OP_USER_PASSKEY_REPLY,
74 MGMT_OP_USER_PASSKEY_NEG_REPLY,
75 MGMT_OP_READ_LOCAL_OOB_DATA,
76 MGMT_OP_ADD_REMOTE_OOB_DATA,
77 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
78 MGMT_OP_START_DISCOVERY,
79 MGMT_OP_STOP_DISCOVERY,
82 MGMT_OP_UNBLOCK_DEVICE,
83 MGMT_OP_SET_DEVICE_ID,
84 MGMT_OP_SET_ADVERTISING,
86 MGMT_OP_SET_STATIC_ADDRESS,
87 MGMT_OP_SET_SCAN_PARAMS,
88 MGMT_OP_SET_SECURE_CONN,
89 MGMT_OP_SET_DEBUG_KEYS,
92 MGMT_OP_GET_CONN_INFO,
93 MGMT_OP_GET_CLOCK_INFO,
95 MGMT_OP_REMOVE_DEVICE,
96 MGMT_OP_LOAD_CONN_PARAM,
97 MGMT_OP_READ_UNCONF_INDEX_LIST,
98 MGMT_OP_READ_CONFIG_INFO,
99 MGMT_OP_SET_EXTERNAL_CONFIG,
100 MGMT_OP_SET_PUBLIC_ADDRESS,
101 MGMT_OP_START_SERVICE_DISCOVERY,
102 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
103 MGMT_OP_READ_EXT_INDEX_LIST,
104 MGMT_OP_READ_ADV_FEATURES,
105 MGMT_OP_ADD_ADVERTISING,
106 MGMT_OP_REMOVE_ADVERTISING,
107 MGMT_OP_GET_ADV_SIZE_INFO,
108 MGMT_OP_START_LIMITED_DISCOVERY,
109 MGMT_OP_READ_EXT_INFO,
110 MGMT_OP_SET_APPEARANCE,
111 MGMT_OP_GET_PHY_CONFIGURATION,
112 MGMT_OP_SET_PHY_CONFIGURATION,
113 MGMT_OP_SET_BLOCKED_KEYS,
114 MGMT_OP_SET_WIDEBAND_SPEECH,
115 MGMT_OP_READ_CONTROLLER_CAP,
116 MGMT_OP_READ_EXP_FEATURES_INFO,
117 MGMT_OP_SET_EXP_FEATURE,
118 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
119 MGMT_OP_SET_DEF_SYSTEM_CONFIG,
120 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
121 MGMT_OP_SET_DEF_RUNTIME_CONFIG,
122 MGMT_OP_GET_DEVICE_FLAGS,
123 MGMT_OP_SET_DEVICE_FLAGS,
124 MGMT_OP_READ_ADV_MONITOR_FEATURES,
125 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
126 MGMT_OP_REMOVE_ADV_MONITOR,
127 MGMT_OP_ADD_EXT_ADV_PARAMS,
128 MGMT_OP_ADD_EXT_ADV_DATA,
129 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI,
132 static const u16 mgmt_events[] = {
133 MGMT_EV_CONTROLLER_ERROR,
135 MGMT_EV_INDEX_REMOVED,
136 MGMT_EV_NEW_SETTINGS,
137 MGMT_EV_CLASS_OF_DEV_CHANGED,
138 MGMT_EV_LOCAL_NAME_CHANGED,
139 MGMT_EV_NEW_LINK_KEY,
140 MGMT_EV_NEW_LONG_TERM_KEY,
141 MGMT_EV_DEVICE_CONNECTED,
142 MGMT_EV_DEVICE_DISCONNECTED,
143 MGMT_EV_CONNECT_FAILED,
144 MGMT_EV_PIN_CODE_REQUEST,
145 MGMT_EV_USER_CONFIRM_REQUEST,
146 MGMT_EV_USER_PASSKEY_REQUEST,
148 MGMT_EV_DEVICE_FOUND,
150 MGMT_EV_DEVICE_BLOCKED,
151 MGMT_EV_DEVICE_UNBLOCKED,
152 MGMT_EV_DEVICE_UNPAIRED,
153 MGMT_EV_PASSKEY_NOTIFY,
156 MGMT_EV_DEVICE_ADDED,
157 MGMT_EV_DEVICE_REMOVED,
158 MGMT_EV_NEW_CONN_PARAM,
159 MGMT_EV_UNCONF_INDEX_ADDED,
160 MGMT_EV_UNCONF_INDEX_REMOVED,
161 MGMT_EV_NEW_CONFIG_OPTIONS,
162 MGMT_EV_EXT_INDEX_ADDED,
163 MGMT_EV_EXT_INDEX_REMOVED,
164 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
165 MGMT_EV_ADVERTISING_ADDED,
166 MGMT_EV_ADVERTISING_REMOVED,
167 MGMT_EV_EXT_INFO_CHANGED,
168 MGMT_EV_PHY_CONFIGURATION_CHANGED,
169 MGMT_EV_EXP_FEATURE_CHANGED,
170 MGMT_EV_DEVICE_FLAGS_CHANGED,
171 MGMT_EV_ADV_MONITOR_ADDED,
172 MGMT_EV_ADV_MONITOR_REMOVED,
173 MGMT_EV_CONTROLLER_SUSPEND,
174 MGMT_EV_CONTROLLER_RESUME,
177 static const u16 mgmt_untrusted_commands[] = {
178 MGMT_OP_READ_INDEX_LIST,
180 MGMT_OP_READ_UNCONF_INDEX_LIST,
181 MGMT_OP_READ_CONFIG_INFO,
182 MGMT_OP_READ_EXT_INDEX_LIST,
183 MGMT_OP_READ_EXT_INFO,
184 MGMT_OP_READ_CONTROLLER_CAP,
185 MGMT_OP_READ_EXP_FEATURES_INFO,
186 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
187 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
190 static const u16 mgmt_untrusted_events[] = {
192 MGMT_EV_INDEX_REMOVED,
193 MGMT_EV_NEW_SETTINGS,
194 MGMT_EV_CLASS_OF_DEV_CHANGED,
195 MGMT_EV_LOCAL_NAME_CHANGED,
196 MGMT_EV_UNCONF_INDEX_ADDED,
197 MGMT_EV_UNCONF_INDEX_REMOVED,
198 MGMT_EV_NEW_CONFIG_OPTIONS,
199 MGMT_EV_EXT_INDEX_ADDED,
200 MGMT_EV_EXT_INDEX_REMOVED,
201 MGMT_EV_EXT_INFO_CHANGED,
202 MGMT_EV_EXP_FEATURE_CHANGED,
205 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
207 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
208 "\x00\x00\x00\x00\x00\x00\x00\x00"
210 /* HCI to MGMT error code conversion table */
211 static const u8 mgmt_status_table[] = {
213 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
214 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
215 MGMT_STATUS_FAILED, /* Hardware Failure */
216 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
217 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
218 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
219 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
220 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
221 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
222 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
223 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
224 MGMT_STATUS_BUSY, /* Command Disallowed */
225 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
226 MGMT_STATUS_REJECTED, /* Rejected Security */
227 MGMT_STATUS_REJECTED, /* Rejected Personal */
228 MGMT_STATUS_TIMEOUT, /* Host Timeout */
229 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
230 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
231 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
232 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
233 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
234 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
235 MGMT_STATUS_BUSY, /* Repeated Attempts */
236 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
237 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
238 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
239 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
240 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
241 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
242 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
243 MGMT_STATUS_FAILED, /* Unspecified Error */
244 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
245 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
246 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
247 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
248 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
249 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
250 MGMT_STATUS_FAILED, /* Unit Link Key Used */
251 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
252 MGMT_STATUS_TIMEOUT, /* Instant Passed */
253 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
254 MGMT_STATUS_FAILED, /* Transaction Collision */
255 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
256 MGMT_STATUS_REJECTED, /* QoS Rejected */
257 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
258 MGMT_STATUS_REJECTED, /* Insufficient Security */
259 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
260 MGMT_STATUS_BUSY, /* Role Switch Pending */
261 MGMT_STATUS_FAILED, /* Slot Violation */
262 MGMT_STATUS_FAILED, /* Role Switch Failed */
263 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
264 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
265 MGMT_STATUS_BUSY, /* Host Busy Pairing */
266 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
267 MGMT_STATUS_BUSY, /* Controller Busy */
268 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
269 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
270 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
271 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
272 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
275 static u8 mgmt_status(u8 hci_status)
277 if (hci_status < ARRAY_SIZE(mgmt_status_table))
278 return mgmt_status_table[hci_status];
280 return MGMT_STATUS_FAILED;
283 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
286 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
290 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
291 u16 len, int flag, struct sock *skip_sk)
293 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
297 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
298 struct sock *skip_sk)
300 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
301 HCI_SOCK_TRUSTED, skip_sk);
304 static u8 le_addr_type(u8 mgmt_addr_type)
306 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
307 return ADDR_LE_DEV_PUBLIC;
309 return ADDR_LE_DEV_RANDOM;
312 void mgmt_fill_version_info(void *ver)
314 struct mgmt_rp_read_version *rp = ver;
316 rp->version = MGMT_VERSION;
317 rp->revision = cpu_to_le16(MGMT_REVISION);
320 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
323 struct mgmt_rp_read_version rp;
325 bt_dev_dbg(hdev, "sock %p", sk);
327 mgmt_fill_version_info(&rp);
329 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
333 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
336 struct mgmt_rp_read_commands *rp;
337 u16 num_commands, num_events;
341 bt_dev_dbg(hdev, "sock %p", sk);
343 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
344 num_commands = ARRAY_SIZE(mgmt_commands);
345 num_events = ARRAY_SIZE(mgmt_events);
347 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
348 num_events = ARRAY_SIZE(mgmt_untrusted_events);
351 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
353 rp = kmalloc(rp_size, GFP_KERNEL);
357 rp->num_commands = cpu_to_le16(num_commands);
358 rp->num_events = cpu_to_le16(num_events);
360 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
361 __le16 *opcode = rp->opcodes;
363 for (i = 0; i < num_commands; i++, opcode++)
364 put_unaligned_le16(mgmt_commands[i], opcode);
366 for (i = 0; i < num_events; i++, opcode++)
367 put_unaligned_le16(mgmt_events[i], opcode);
369 __le16 *opcode = rp->opcodes;
371 for (i = 0; i < num_commands; i++, opcode++)
372 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
374 for (i = 0; i < num_events; i++, opcode++)
375 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
378 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
385 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
388 struct mgmt_rp_read_index_list *rp;
394 bt_dev_dbg(hdev, "sock %p", sk);
396 read_lock(&hci_dev_list_lock);
399 list_for_each_entry(d, &hci_dev_list, list) {
400 if (d->dev_type == HCI_PRIMARY &&
401 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
405 rp_len = sizeof(*rp) + (2 * count);
406 rp = kmalloc(rp_len, GFP_ATOMIC);
408 read_unlock(&hci_dev_list_lock);
413 list_for_each_entry(d, &hci_dev_list, list) {
414 if (hci_dev_test_flag(d, HCI_SETUP) ||
415 hci_dev_test_flag(d, HCI_CONFIG) ||
416 hci_dev_test_flag(d, HCI_USER_CHANNEL))
419 /* Devices marked as raw-only are neither configured
420 * nor unconfigured controllers.
422 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
425 if (d->dev_type == HCI_PRIMARY &&
426 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
427 rp->index[count++] = cpu_to_le16(d->id);
428 bt_dev_dbg(hdev, "Added hci%u", d->id);
432 rp->num_controllers = cpu_to_le16(count);
433 rp_len = sizeof(*rp) + (2 * count);
435 read_unlock(&hci_dev_list_lock);
437 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
445 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
446 void *data, u16 data_len)
448 struct mgmt_rp_read_unconf_index_list *rp;
454 bt_dev_dbg(hdev, "sock %p", sk);
456 read_lock(&hci_dev_list_lock);
459 list_for_each_entry(d, &hci_dev_list, list) {
460 if (d->dev_type == HCI_PRIMARY &&
461 hci_dev_test_flag(d, HCI_UNCONFIGURED))
465 rp_len = sizeof(*rp) + (2 * count);
466 rp = kmalloc(rp_len, GFP_ATOMIC);
468 read_unlock(&hci_dev_list_lock);
473 list_for_each_entry(d, &hci_dev_list, list) {
474 if (hci_dev_test_flag(d, HCI_SETUP) ||
475 hci_dev_test_flag(d, HCI_CONFIG) ||
476 hci_dev_test_flag(d, HCI_USER_CHANNEL))
479 /* Devices marked as raw-only are neither configured
480 * nor unconfigured controllers.
482 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
485 if (d->dev_type == HCI_PRIMARY &&
486 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
487 rp->index[count++] = cpu_to_le16(d->id);
488 bt_dev_dbg(hdev, "Added hci%u", d->id);
492 rp->num_controllers = cpu_to_le16(count);
493 rp_len = sizeof(*rp) + (2 * count);
495 read_unlock(&hci_dev_list_lock);
497 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
498 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
505 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
506 void *data, u16 data_len)
508 struct mgmt_rp_read_ext_index_list *rp;
513 bt_dev_dbg(hdev, "sock %p", sk);
515 read_lock(&hci_dev_list_lock);
518 list_for_each_entry(d, &hci_dev_list, list) {
519 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
523 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
525 read_unlock(&hci_dev_list_lock);
530 list_for_each_entry(d, &hci_dev_list, list) {
531 if (hci_dev_test_flag(d, HCI_SETUP) ||
532 hci_dev_test_flag(d, HCI_CONFIG) ||
533 hci_dev_test_flag(d, HCI_USER_CHANNEL))
536 /* Devices marked as raw-only are neither configured
537 * nor unconfigured controllers.
539 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
542 if (d->dev_type == HCI_PRIMARY) {
543 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
544 rp->entry[count].type = 0x01;
546 rp->entry[count].type = 0x00;
547 } else if (d->dev_type == HCI_AMP) {
548 rp->entry[count].type = 0x02;
553 rp->entry[count].bus = d->bus;
554 rp->entry[count++].index = cpu_to_le16(d->id);
555 bt_dev_dbg(hdev, "Added hci%u", d->id);
558 rp->num_controllers = cpu_to_le16(count);
560 read_unlock(&hci_dev_list_lock);
562 /* If this command is called at least once, then all the
563 * default index and unconfigured index events are disabled
564 * and from now on only extended index events are used.
566 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
567 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
568 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
570 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
571 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
572 struct_size(rp, entry, count));
579 static bool is_configured(struct hci_dev *hdev)
581 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
582 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
585 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
586 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
587 !bacmp(&hdev->public_addr, BDADDR_ANY))
593 static __le32 get_missing_options(struct hci_dev *hdev)
597 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
598 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
599 options |= MGMT_OPTION_EXTERNAL_CONFIG;
601 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
602 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
603 !bacmp(&hdev->public_addr, BDADDR_ANY))
604 options |= MGMT_OPTION_PUBLIC_ADDRESS;
606 return cpu_to_le32(options);
609 static int new_options(struct hci_dev *hdev, struct sock *skip)
611 __le32 options = get_missing_options(hdev);
613 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
614 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
617 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
619 __le32 options = get_missing_options(hdev);
621 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
625 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
626 void *data, u16 data_len)
628 struct mgmt_rp_read_config_info rp;
631 bt_dev_dbg(hdev, "sock %p", sk);
635 memset(&rp, 0, sizeof(rp));
636 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
638 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
639 options |= MGMT_OPTION_EXTERNAL_CONFIG;
641 if (hdev->set_bdaddr)
642 options |= MGMT_OPTION_PUBLIC_ADDRESS;
644 rp.supported_options = cpu_to_le32(options);
645 rp.missing_options = get_missing_options(hdev);
647 hci_dev_unlock(hdev);
649 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
653 static u32 get_supported_phys(struct hci_dev *hdev)
655 u32 supported_phys = 0;
657 if (lmp_bredr_capable(hdev)) {
658 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
660 if (hdev->features[0][0] & LMP_3SLOT)
661 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
663 if (hdev->features[0][0] & LMP_5SLOT)
664 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
666 if (lmp_edr_2m_capable(hdev)) {
667 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
669 if (lmp_edr_3slot_capable(hdev))
670 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
672 if (lmp_edr_5slot_capable(hdev))
673 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
675 if (lmp_edr_3m_capable(hdev)) {
676 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
678 if (lmp_edr_3slot_capable(hdev))
679 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
681 if (lmp_edr_5slot_capable(hdev))
682 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
687 if (lmp_le_capable(hdev)) {
688 supported_phys |= MGMT_PHY_LE_1M_TX;
689 supported_phys |= MGMT_PHY_LE_1M_RX;
691 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
692 supported_phys |= MGMT_PHY_LE_2M_TX;
693 supported_phys |= MGMT_PHY_LE_2M_RX;
696 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
697 supported_phys |= MGMT_PHY_LE_CODED_TX;
698 supported_phys |= MGMT_PHY_LE_CODED_RX;
702 return supported_phys;
705 static u32 get_selected_phys(struct hci_dev *hdev)
707 u32 selected_phys = 0;
709 if (lmp_bredr_capable(hdev)) {
710 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
712 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
713 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
715 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
716 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
718 if (lmp_edr_2m_capable(hdev)) {
719 if (!(hdev->pkt_type & HCI_2DH1))
720 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
722 if (lmp_edr_3slot_capable(hdev) &&
723 !(hdev->pkt_type & HCI_2DH3))
724 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
726 if (lmp_edr_5slot_capable(hdev) &&
727 !(hdev->pkt_type & HCI_2DH5))
728 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
730 if (lmp_edr_3m_capable(hdev)) {
731 if (!(hdev->pkt_type & HCI_3DH1))
732 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
734 if (lmp_edr_3slot_capable(hdev) &&
735 !(hdev->pkt_type & HCI_3DH3))
736 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
738 if (lmp_edr_5slot_capable(hdev) &&
739 !(hdev->pkt_type & HCI_3DH5))
740 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
745 if (lmp_le_capable(hdev)) {
746 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
747 selected_phys |= MGMT_PHY_LE_1M_TX;
749 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
750 selected_phys |= MGMT_PHY_LE_1M_RX;
752 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
753 selected_phys |= MGMT_PHY_LE_2M_TX;
755 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
756 selected_phys |= MGMT_PHY_LE_2M_RX;
758 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
759 selected_phys |= MGMT_PHY_LE_CODED_TX;
761 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
762 selected_phys |= MGMT_PHY_LE_CODED_RX;
765 return selected_phys;
768 static u32 get_configurable_phys(struct hci_dev *hdev)
770 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
771 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
774 static u32 get_supported_settings(struct hci_dev *hdev)
778 settings |= MGMT_SETTING_POWERED;
779 settings |= MGMT_SETTING_BONDABLE;
780 settings |= MGMT_SETTING_DEBUG_KEYS;
781 settings |= MGMT_SETTING_CONNECTABLE;
782 settings |= MGMT_SETTING_DISCOVERABLE;
784 if (lmp_bredr_capable(hdev)) {
785 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
786 settings |= MGMT_SETTING_FAST_CONNECTABLE;
787 settings |= MGMT_SETTING_BREDR;
788 settings |= MGMT_SETTING_LINK_SECURITY;
790 if (lmp_ssp_capable(hdev)) {
791 settings |= MGMT_SETTING_SSP;
792 if (IS_ENABLED(CONFIG_BT_HS))
793 settings |= MGMT_SETTING_HS;
796 if (lmp_sc_capable(hdev))
797 settings |= MGMT_SETTING_SECURE_CONN;
799 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
801 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
804 if (lmp_le_capable(hdev)) {
805 settings |= MGMT_SETTING_LE;
806 settings |= MGMT_SETTING_SECURE_CONN;
807 settings |= MGMT_SETTING_PRIVACY;
808 settings |= MGMT_SETTING_STATIC_ADDRESS;
810 /* When the experimental feature for LL Privacy support is
811 * enabled, then advertising is no longer supported.
813 if (!hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
814 settings |= MGMT_SETTING_ADVERTISING;
817 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
819 settings |= MGMT_SETTING_CONFIGURATION;
821 settings |= MGMT_SETTING_PHY_CONFIGURATION;
826 static u32 get_current_settings(struct hci_dev *hdev)
830 if (hdev_is_powered(hdev))
831 settings |= MGMT_SETTING_POWERED;
833 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
834 settings |= MGMT_SETTING_CONNECTABLE;
836 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
837 settings |= MGMT_SETTING_FAST_CONNECTABLE;
839 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
840 settings |= MGMT_SETTING_DISCOVERABLE;
842 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
843 settings |= MGMT_SETTING_BONDABLE;
845 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
846 settings |= MGMT_SETTING_BREDR;
848 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
849 settings |= MGMT_SETTING_LE;
851 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
852 settings |= MGMT_SETTING_LINK_SECURITY;
854 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
855 settings |= MGMT_SETTING_SSP;
857 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
858 settings |= MGMT_SETTING_HS;
860 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
861 settings |= MGMT_SETTING_ADVERTISING;
863 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
864 settings |= MGMT_SETTING_SECURE_CONN;
866 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
867 settings |= MGMT_SETTING_DEBUG_KEYS;
869 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
870 settings |= MGMT_SETTING_PRIVACY;
872 /* The current setting for static address has two purposes. The
873 * first is to indicate if the static address will be used and
874 * the second is to indicate if it is actually set.
876 * This means if the static address is not configured, this flag
877 * will never be set. If the address is configured, then if the
878 * address is actually used decides if the flag is set or not.
880 * For single mode LE only controllers and dual-mode controllers
881 * with BR/EDR disabled, the existence of the static address will
884 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
885 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
886 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
887 if (bacmp(&hdev->static_addr, BDADDR_ANY))
888 settings |= MGMT_SETTING_STATIC_ADDRESS;
891 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
892 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
897 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
899 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
902 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
903 struct hci_dev *hdev,
906 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
909 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
911 struct mgmt_pending_cmd *cmd;
913 /* If there's a pending mgmt command the flags will not yet have
914 * their final values, so check for this first.
916 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
918 struct mgmt_mode *cp = cmd->param;
920 return LE_AD_GENERAL;
921 else if (cp->val == 0x02)
922 return LE_AD_LIMITED;
924 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
925 return LE_AD_LIMITED;
926 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
927 return LE_AD_GENERAL;
933 bool mgmt_get_connectable(struct hci_dev *hdev)
935 struct mgmt_pending_cmd *cmd;
937 /* If there's a pending mgmt command the flag will not yet have
938 * it's final value, so check for this first.
940 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
942 struct mgmt_mode *cp = cmd->param;
947 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
950 static void service_cache_off(struct work_struct *work)
952 struct hci_dev *hdev = container_of(work, struct hci_dev,
954 struct hci_request req;
956 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
959 hci_req_init(&req, hdev);
963 __hci_req_update_eir(&req);
964 __hci_req_update_class(&req);
966 hci_dev_unlock(hdev);
968 hci_req_run(&req, NULL);
971 static void rpa_expired(struct work_struct *work)
973 struct hci_dev *hdev = container_of(work, struct hci_dev,
975 struct hci_request req;
977 bt_dev_dbg(hdev, "");
979 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
981 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
984 /* The generation of a new RPA and programming it into the
985 * controller happens in the hci_req_enable_advertising()
988 hci_req_init(&req, hdev);
989 if (ext_adv_capable(hdev))
990 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
992 __hci_req_enable_advertising(&req);
993 hci_req_run(&req, NULL);
996 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
998 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
1001 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1002 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1004 /* Non-mgmt controlled devices get this bit set
1005 * implicitly so that pairing works for them, however
1006 * for mgmt we require user-space to explicitly enable
1009 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1012 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1013 void *data, u16 data_len)
1015 struct mgmt_rp_read_info rp;
1017 bt_dev_dbg(hdev, "sock %p", sk);
1021 memset(&rp, 0, sizeof(rp));
1023 bacpy(&rp.bdaddr, &hdev->bdaddr);
1025 rp.version = hdev->hci_ver;
1026 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1028 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1029 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1031 memcpy(rp.dev_class, hdev->dev_class, 3);
1033 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1034 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1036 hci_dev_unlock(hdev);
1038 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1042 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1047 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1048 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1049 hdev->dev_class, 3);
1051 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1052 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1055 name_len = strlen(hdev->dev_name);
1056 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1057 hdev->dev_name, name_len);
1059 name_len = strlen(hdev->short_name);
1060 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1061 hdev->short_name, name_len);
1066 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1067 void *data, u16 data_len)
1070 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1073 bt_dev_dbg(hdev, "sock %p", sk);
1075 memset(&buf, 0, sizeof(buf));
1079 bacpy(&rp->bdaddr, &hdev->bdaddr);
1081 rp->version = hdev->hci_ver;
1082 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1084 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1085 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1088 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1089 rp->eir_len = cpu_to_le16(eir_len);
1091 hci_dev_unlock(hdev);
1093 /* If this command is called at least once, then the events
1094 * for class of device and local name changes are disabled
1095 * and only the new extended controller information event
1098 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1099 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1100 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1102 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1103 sizeof(*rp) + eir_len);
1106 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1109 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1112 memset(buf, 0, sizeof(buf));
1114 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1115 ev->eir_len = cpu_to_le16(eir_len);
1117 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1118 sizeof(*ev) + eir_len,
1119 HCI_MGMT_EXT_INFO_EVENTS, skip);
1122 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1124 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1126 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1130 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1132 bt_dev_dbg(hdev, "status 0x%02x", status);
1134 if (hci_conn_count(hdev) == 0) {
1135 cancel_delayed_work(&hdev->power_off);
1136 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1140 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1142 struct mgmt_ev_advertising_added ev;
1144 ev.instance = instance;
1146 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1149 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1152 struct mgmt_ev_advertising_removed ev;
1154 ev.instance = instance;
1156 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1159 static void cancel_adv_timeout(struct hci_dev *hdev)
1161 if (hdev->adv_instance_timeout) {
1162 hdev->adv_instance_timeout = 0;
1163 cancel_delayed_work(&hdev->adv_instance_expire);
1167 static int clean_up_hci_state(struct hci_dev *hdev)
1169 struct hci_request req;
1170 struct hci_conn *conn;
1171 bool discov_stopped;
1174 hci_req_init(&req, hdev);
1176 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1177 test_bit(HCI_PSCAN, &hdev->flags)) {
1179 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1182 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1184 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1185 __hci_req_disable_advertising(&req);
1187 discov_stopped = hci_req_stop_discovery(&req);
1189 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1190 /* 0x15 == Terminated due to Power Off */
1191 __hci_abort_conn(&req, conn, 0x15);
1194 err = hci_req_run(&req, clean_up_hci_complete);
1195 if (!err && discov_stopped)
1196 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1201 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1204 struct mgmt_mode *cp = data;
1205 struct mgmt_pending_cmd *cmd;
1208 bt_dev_dbg(hdev, "sock %p", sk);
1210 if (cp->val != 0x00 && cp->val != 0x01)
1211 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1212 MGMT_STATUS_INVALID_PARAMS);
1216 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1217 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1222 if (!!cp->val == hdev_is_powered(hdev)) {
1223 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1227 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1234 queue_work(hdev->req_workqueue, &hdev->power_on);
1237 /* Disconnect connections, stop scans, etc */
1238 err = clean_up_hci_state(hdev);
1240 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1241 HCI_POWER_OFF_TIMEOUT);
1243 /* ENODATA means there were no HCI commands queued */
1244 if (err == -ENODATA) {
1245 cancel_delayed_work(&hdev->power_off);
1246 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1252 hci_dev_unlock(hdev);
1256 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1258 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1260 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1261 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1264 int mgmt_new_settings(struct hci_dev *hdev)
1266 return new_settings(hdev, NULL);
1271 struct hci_dev *hdev;
1275 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1277 struct cmd_lookup *match = data;
1279 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1281 list_del(&cmd->list);
1283 if (match->sk == NULL) {
1284 match->sk = cmd->sk;
1285 sock_hold(match->sk);
1288 mgmt_pending_free(cmd);
1291 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1295 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1296 mgmt_pending_remove(cmd);
1299 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1301 if (cmd->cmd_complete) {
1304 cmd->cmd_complete(cmd, *status);
1305 mgmt_pending_remove(cmd);
1310 cmd_status_rsp(cmd, data);
1313 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1315 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1316 cmd->param, cmd->param_len);
1319 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1321 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1322 cmd->param, sizeof(struct mgmt_addr_info));
1325 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1327 if (!lmp_bredr_capable(hdev))
1328 return MGMT_STATUS_NOT_SUPPORTED;
1329 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1330 return MGMT_STATUS_REJECTED;
1332 return MGMT_STATUS_SUCCESS;
1335 static u8 mgmt_le_support(struct hci_dev *hdev)
1337 if (!lmp_le_capable(hdev))
1338 return MGMT_STATUS_NOT_SUPPORTED;
1339 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1340 return MGMT_STATUS_REJECTED;
1342 return MGMT_STATUS_SUCCESS;
1345 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1347 struct mgmt_pending_cmd *cmd;
1349 bt_dev_dbg(hdev, "status 0x%02x", status);
1353 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1358 u8 mgmt_err = mgmt_status(status);
1359 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1360 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1364 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1365 hdev->discov_timeout > 0) {
1366 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1367 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1370 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1371 new_settings(hdev, cmd->sk);
1374 mgmt_pending_remove(cmd);
1377 hci_dev_unlock(hdev);
1380 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1383 struct mgmt_cp_set_discoverable *cp = data;
1384 struct mgmt_pending_cmd *cmd;
1388 bt_dev_dbg(hdev, "sock %p", sk);
1390 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1391 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1392 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1393 MGMT_STATUS_REJECTED);
1395 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1396 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1397 MGMT_STATUS_INVALID_PARAMS);
1399 timeout = __le16_to_cpu(cp->timeout);
1401 /* Disabling discoverable requires that no timeout is set,
1402 * and enabling limited discoverable requires a timeout.
1404 if ((cp->val == 0x00 && timeout > 0) ||
1405 (cp->val == 0x02 && timeout == 0))
1406 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1407 MGMT_STATUS_INVALID_PARAMS);
1411 if (!hdev_is_powered(hdev) && timeout > 0) {
1412 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1413 MGMT_STATUS_NOT_POWERED);
1417 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1418 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1419 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1424 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1425 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1426 MGMT_STATUS_REJECTED);
1430 if (hdev->advertising_paused) {
1431 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1436 if (!hdev_is_powered(hdev)) {
1437 bool changed = false;
1439 /* Setting limited discoverable when powered off is
1440 * not a valid operation since it requires a timeout
1441 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1443 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1444 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1448 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1453 err = new_settings(hdev, sk);
1458 /* If the current mode is the same, then just update the timeout
1459 * value with the new value. And if only the timeout gets updated,
1460 * then no need for any HCI transactions.
1462 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1463 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1464 HCI_LIMITED_DISCOVERABLE)) {
1465 cancel_delayed_work(&hdev->discov_off);
1466 hdev->discov_timeout = timeout;
1468 if (cp->val && hdev->discov_timeout > 0) {
1469 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1470 queue_delayed_work(hdev->req_workqueue,
1471 &hdev->discov_off, to);
1474 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1478 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1484 /* Cancel any potential discoverable timeout that might be
1485 * still active and store new timeout value. The arming of
1486 * the timeout happens in the complete handler.
1488 cancel_delayed_work(&hdev->discov_off);
1489 hdev->discov_timeout = timeout;
1492 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1494 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1496 /* Limited discoverable mode */
1497 if (cp->val == 0x02)
1498 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1500 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1502 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1506 hci_dev_unlock(hdev);
1510 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1512 struct mgmt_pending_cmd *cmd;
1514 bt_dev_dbg(hdev, "status 0x%02x", status);
1518 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1523 u8 mgmt_err = mgmt_status(status);
1524 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1528 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1529 new_settings(hdev, cmd->sk);
1532 mgmt_pending_remove(cmd);
1535 hci_dev_unlock(hdev);
1538 static int set_connectable_update_settings(struct hci_dev *hdev,
1539 struct sock *sk, u8 val)
1541 bool changed = false;
1544 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1548 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1550 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1551 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1554 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1559 hci_req_update_scan(hdev);
1560 hci_update_background_scan(hdev);
1561 return new_settings(hdev, sk);
1567 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1570 struct mgmt_mode *cp = data;
1571 struct mgmt_pending_cmd *cmd;
1574 bt_dev_dbg(hdev, "sock %p", sk);
1576 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1577 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1578 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1579 MGMT_STATUS_REJECTED);
1581 if (cp->val != 0x00 && cp->val != 0x01)
1582 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1583 MGMT_STATUS_INVALID_PARAMS);
1587 if (!hdev_is_powered(hdev)) {
1588 err = set_connectable_update_settings(hdev, sk, cp->val);
1592 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1593 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1594 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1599 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1606 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1608 if (hdev->discov_timeout > 0)
1609 cancel_delayed_work(&hdev->discov_off);
1611 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1612 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1613 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1616 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1620 hci_dev_unlock(hdev);
1624 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1627 struct mgmt_mode *cp = data;
1631 bt_dev_dbg(hdev, "sock %p", sk);
1633 if (cp->val != 0x00 && cp->val != 0x01)
1634 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1635 MGMT_STATUS_INVALID_PARAMS);
1640 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1642 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1644 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1649 /* In limited privacy mode the change of bondable mode
1650 * may affect the local advertising address.
1652 if (hdev_is_powered(hdev) &&
1653 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1654 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1655 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1656 queue_work(hdev->req_workqueue,
1657 &hdev->discoverable_update);
1659 err = new_settings(hdev, sk);
1663 hci_dev_unlock(hdev);
1667 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1670 struct mgmt_mode *cp = data;
1671 struct mgmt_pending_cmd *cmd;
1675 bt_dev_dbg(hdev, "sock %p", sk);
1677 status = mgmt_bredr_support(hdev);
1679 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1682 if (cp->val != 0x00 && cp->val != 0x01)
1683 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1684 MGMT_STATUS_INVALID_PARAMS);
1688 if (!hdev_is_powered(hdev)) {
1689 bool changed = false;
1691 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1692 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1696 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1701 err = new_settings(hdev, sk);
1706 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1707 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1714 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1715 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1719 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1725 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1727 mgmt_pending_remove(cmd);
1732 hci_dev_unlock(hdev);
1736 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1738 struct mgmt_mode *cp = data;
1739 struct mgmt_pending_cmd *cmd;
1743 bt_dev_dbg(hdev, "sock %p", sk);
1745 status = mgmt_bredr_support(hdev);
1747 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1749 if (!lmp_ssp_capable(hdev))
1750 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1751 MGMT_STATUS_NOT_SUPPORTED);
1753 if (cp->val != 0x00 && cp->val != 0x01)
1754 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1755 MGMT_STATUS_INVALID_PARAMS);
1759 if (!hdev_is_powered(hdev)) {
1763 changed = !hci_dev_test_and_set_flag(hdev,
1766 changed = hci_dev_test_and_clear_flag(hdev,
1769 changed = hci_dev_test_and_clear_flag(hdev,
1772 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1775 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1780 err = new_settings(hdev, sk);
1785 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1786 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1791 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1792 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1796 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1802 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1803 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1804 sizeof(cp->val), &cp->val);
1806 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1808 mgmt_pending_remove(cmd);
1813 hci_dev_unlock(hdev);
1817 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1819 struct mgmt_mode *cp = data;
1824 bt_dev_dbg(hdev, "sock %p", sk);
1826 if (!IS_ENABLED(CONFIG_BT_HS))
1827 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1828 MGMT_STATUS_NOT_SUPPORTED);
1830 status = mgmt_bredr_support(hdev);
1832 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1834 if (!lmp_ssp_capable(hdev))
1835 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1836 MGMT_STATUS_NOT_SUPPORTED);
1838 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1839 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1840 MGMT_STATUS_REJECTED);
1842 if (cp->val != 0x00 && cp->val != 0x01)
1843 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1844 MGMT_STATUS_INVALID_PARAMS);
1848 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1849 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1855 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1857 if (hdev_is_powered(hdev)) {
1858 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1859 MGMT_STATUS_REJECTED);
1863 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1866 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1871 err = new_settings(hdev, sk);
1874 hci_dev_unlock(hdev);
1878 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1880 struct cmd_lookup match = { NULL, hdev };
1885 u8 mgmt_err = mgmt_status(status);
1887 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1892 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1894 new_settings(hdev, match.sk);
1899 /* Make sure the controller has a good default for
1900 * advertising data. Restrict the update to when LE
1901 * has actually been enabled. During power on, the
1902 * update in powered_update_hci will take care of it.
1904 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1905 struct hci_request req;
1906 hci_req_init(&req, hdev);
1907 if (ext_adv_capable(hdev)) {
1910 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1912 __hci_req_update_scan_rsp_data(&req, 0x00);
1914 __hci_req_update_adv_data(&req, 0x00);
1915 __hci_req_update_scan_rsp_data(&req, 0x00);
1917 hci_req_run(&req, NULL);
1918 hci_update_background_scan(hdev);
1922 hci_dev_unlock(hdev);
1925 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1927 struct mgmt_mode *cp = data;
1928 struct hci_cp_write_le_host_supported hci_cp;
1929 struct mgmt_pending_cmd *cmd;
1930 struct hci_request req;
1934 bt_dev_dbg(hdev, "sock %p", sk);
1936 if (!lmp_le_capable(hdev))
1937 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1938 MGMT_STATUS_NOT_SUPPORTED);
1940 if (cp->val != 0x00 && cp->val != 0x01)
1941 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1942 MGMT_STATUS_INVALID_PARAMS);
1944 /* Bluetooth single mode LE only controllers or dual-mode
1945 * controllers configured as LE only devices, do not allow
1946 * switching LE off. These have either LE enabled explicitly
1947 * or BR/EDR has been previously switched off.
1949 * When trying to enable an already enabled LE, then gracefully
1950 * send a positive response. Trying to disable it however will
1951 * result into rejection.
1953 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1954 if (cp->val == 0x01)
1955 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1957 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1958 MGMT_STATUS_REJECTED);
1964 enabled = lmp_host_le_capable(hdev);
1967 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1969 if (!hdev_is_powered(hdev) || val == enabled) {
1970 bool changed = false;
1972 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1973 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1977 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1978 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1982 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1987 err = new_settings(hdev, sk);
1992 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1993 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1994 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1999 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2005 hci_req_init(&req, hdev);
2007 memset(&hci_cp, 0, sizeof(hci_cp));
2011 hci_cp.simul = 0x00;
2013 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2014 __hci_req_disable_advertising(&req);
2016 if (ext_adv_capable(hdev))
2017 __hci_req_clear_ext_adv_sets(&req);
2020 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2023 err = hci_req_run(&req, le_enable_complete);
2025 mgmt_pending_remove(cmd);
2028 hci_dev_unlock(hdev);
2032 /* This is a helper function to test for pending mgmt commands that can
2033 * cause CoD or EIR HCI commands. We can only allow one such pending
2034 * mgmt command at a time since otherwise we cannot easily track what
2035 * the current values are, will be, and based on that calculate if a new
2036 * HCI command needs to be sent and if yes with what value.
2038 static bool pending_eir_or_class(struct hci_dev *hdev)
2040 struct mgmt_pending_cmd *cmd;
2042 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2043 switch (cmd->opcode) {
2044 case MGMT_OP_ADD_UUID:
2045 case MGMT_OP_REMOVE_UUID:
2046 case MGMT_OP_SET_DEV_CLASS:
2047 case MGMT_OP_SET_POWERED:
2055 static const u8 bluetooth_base_uuid[] = {
2056 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2057 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2060 static u8 get_uuid_size(const u8 *uuid)
2064 if (memcmp(uuid, bluetooth_base_uuid, 12))
2067 val = get_unaligned_le32(&uuid[12]);
2074 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2076 struct mgmt_pending_cmd *cmd;
2080 cmd = pending_find(mgmt_op, hdev);
2084 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2085 mgmt_status(status), hdev->dev_class, 3);
2087 mgmt_pending_remove(cmd);
2090 hci_dev_unlock(hdev);
2093 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2095 bt_dev_dbg(hdev, "status 0x%02x", status);
2097 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2100 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2102 struct mgmt_cp_add_uuid *cp = data;
2103 struct mgmt_pending_cmd *cmd;
2104 struct hci_request req;
2105 struct bt_uuid *uuid;
2108 bt_dev_dbg(hdev, "sock %p", sk);
2112 if (pending_eir_or_class(hdev)) {
2113 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2118 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2124 memcpy(uuid->uuid, cp->uuid, 16);
2125 uuid->svc_hint = cp->svc_hint;
2126 uuid->size = get_uuid_size(cp->uuid);
2128 list_add_tail(&uuid->list, &hdev->uuids);
2130 hci_req_init(&req, hdev);
2132 __hci_req_update_class(&req);
2133 __hci_req_update_eir(&req);
2135 err = hci_req_run(&req, add_uuid_complete);
2137 if (err != -ENODATA)
2140 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2141 hdev->dev_class, 3);
2145 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2154 hci_dev_unlock(hdev);
2158 static bool enable_service_cache(struct hci_dev *hdev)
2160 if (!hdev_is_powered(hdev))
2163 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2164 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2172 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2174 bt_dev_dbg(hdev, "status 0x%02x", status);
2176 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2179 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2182 struct mgmt_cp_remove_uuid *cp = data;
2183 struct mgmt_pending_cmd *cmd;
2184 struct bt_uuid *match, *tmp;
2185 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2186 struct hci_request req;
2189 bt_dev_dbg(hdev, "sock %p", sk);
2193 if (pending_eir_or_class(hdev)) {
2194 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2199 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2200 hci_uuids_clear(hdev);
2202 if (enable_service_cache(hdev)) {
2203 err = mgmt_cmd_complete(sk, hdev->id,
2204 MGMT_OP_REMOVE_UUID,
2205 0, hdev->dev_class, 3);
2214 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2215 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2218 list_del(&match->list);
2224 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2225 MGMT_STATUS_INVALID_PARAMS);
2230 hci_req_init(&req, hdev);
2232 __hci_req_update_class(&req);
2233 __hci_req_update_eir(&req);
2235 err = hci_req_run(&req, remove_uuid_complete);
2237 if (err != -ENODATA)
2240 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2241 hdev->dev_class, 3);
2245 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2254 hci_dev_unlock(hdev);
2258 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2260 bt_dev_dbg(hdev, "status 0x%02x", status);
2262 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2265 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2268 struct mgmt_cp_set_dev_class *cp = data;
2269 struct mgmt_pending_cmd *cmd;
2270 struct hci_request req;
2273 bt_dev_dbg(hdev, "sock %p", sk);
2275 if (!lmp_bredr_capable(hdev))
2276 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2277 MGMT_STATUS_NOT_SUPPORTED);
2281 if (pending_eir_or_class(hdev)) {
2282 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2287 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2288 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2289 MGMT_STATUS_INVALID_PARAMS);
2293 hdev->major_class = cp->major;
2294 hdev->minor_class = cp->minor;
2296 if (!hdev_is_powered(hdev)) {
2297 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2298 hdev->dev_class, 3);
2302 hci_req_init(&req, hdev);
2304 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2305 hci_dev_unlock(hdev);
2306 cancel_delayed_work_sync(&hdev->service_cache);
2308 __hci_req_update_eir(&req);
2311 __hci_req_update_class(&req);
2313 err = hci_req_run(&req, set_class_complete);
2315 if (err != -ENODATA)
2318 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2319 hdev->dev_class, 3);
2323 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2332 hci_dev_unlock(hdev);
2336 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2339 struct mgmt_cp_load_link_keys *cp = data;
2340 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2341 sizeof(struct mgmt_link_key_info));
2342 u16 key_count, expected_len;
2346 bt_dev_dbg(hdev, "sock %p", sk);
2348 if (!lmp_bredr_capable(hdev))
2349 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2350 MGMT_STATUS_NOT_SUPPORTED);
2352 key_count = __le16_to_cpu(cp->key_count);
2353 if (key_count > max_key_count) {
2354 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2356 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2357 MGMT_STATUS_INVALID_PARAMS);
2360 expected_len = struct_size(cp, keys, key_count);
2361 if (expected_len != len) {
2362 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2364 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2365 MGMT_STATUS_INVALID_PARAMS);
2368 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2369 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2370 MGMT_STATUS_INVALID_PARAMS);
2372 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2375 for (i = 0; i < key_count; i++) {
2376 struct mgmt_link_key_info *key = &cp->keys[i];
2378 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2379 return mgmt_cmd_status(sk, hdev->id,
2380 MGMT_OP_LOAD_LINK_KEYS,
2381 MGMT_STATUS_INVALID_PARAMS);
2386 hci_link_keys_clear(hdev);
2389 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2391 changed = hci_dev_test_and_clear_flag(hdev,
2392 HCI_KEEP_DEBUG_KEYS);
2395 new_settings(hdev, NULL);
2397 for (i = 0; i < key_count; i++) {
2398 struct mgmt_link_key_info *key = &cp->keys[i];
2400 if (hci_is_blocked_key(hdev,
2401 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2403 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2408 /* Always ignore debug keys and require a new pairing if
2409 * the user wants to use them.
2411 if (key->type == HCI_LK_DEBUG_COMBINATION)
2414 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2415 key->type, key->pin_len, NULL);
2418 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2420 hci_dev_unlock(hdev);
2425 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2426 u8 addr_type, struct sock *skip_sk)
2428 struct mgmt_ev_device_unpaired ev;
2430 bacpy(&ev.addr.bdaddr, bdaddr);
2431 ev.addr.type = addr_type;
2433 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2437 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2440 struct mgmt_cp_unpair_device *cp = data;
2441 struct mgmt_rp_unpair_device rp;
2442 struct hci_conn_params *params;
2443 struct mgmt_pending_cmd *cmd;
2444 struct hci_conn *conn;
2448 memset(&rp, 0, sizeof(rp));
2449 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2450 rp.addr.type = cp->addr.type;
2452 if (!bdaddr_type_is_valid(cp->addr.type))
2453 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2454 MGMT_STATUS_INVALID_PARAMS,
2457 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2458 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2459 MGMT_STATUS_INVALID_PARAMS,
2464 if (!hdev_is_powered(hdev)) {
2465 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2466 MGMT_STATUS_NOT_POWERED, &rp,
2471 if (cp->addr.type == BDADDR_BREDR) {
2472 /* If disconnection is requested, then look up the
2473 * connection. If the remote device is connected, it
2474 * will be later used to terminate the link.
2476 * Setting it to NULL explicitly will cause no
2477 * termination of the link.
2480 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2485 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2487 err = mgmt_cmd_complete(sk, hdev->id,
2488 MGMT_OP_UNPAIR_DEVICE,
2489 MGMT_STATUS_NOT_PAIRED, &rp,
2497 /* LE address type */
2498 addr_type = le_addr_type(cp->addr.type);
2500 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2501 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2503 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2504 MGMT_STATUS_NOT_PAIRED, &rp,
2509 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2511 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2516 /* Defer clearing up the connection parameters until closing to
2517 * give a chance of keeping them if a repairing happens.
2519 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2521 /* Disable auto-connection parameters if present */
2522 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2524 if (params->explicit_connect)
2525 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2527 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2530 /* If disconnection is not requested, then clear the connection
2531 * variable so that the link is not terminated.
2533 if (!cp->disconnect)
2537 /* If the connection variable is set, then termination of the
2538 * link is requested.
2541 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2543 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2547 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2554 cmd->cmd_complete = addr_cmd_complete;
2556 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2558 mgmt_pending_remove(cmd);
2561 hci_dev_unlock(hdev);
2565 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2568 struct mgmt_cp_disconnect *cp = data;
2569 struct mgmt_rp_disconnect rp;
2570 struct mgmt_pending_cmd *cmd;
2571 struct hci_conn *conn;
2574 bt_dev_dbg(hdev, "sock %p", sk);
2576 memset(&rp, 0, sizeof(rp));
2577 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2578 rp.addr.type = cp->addr.type;
2580 if (!bdaddr_type_is_valid(cp->addr.type))
2581 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2582 MGMT_STATUS_INVALID_PARAMS,
2587 if (!test_bit(HCI_UP, &hdev->flags)) {
2588 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2589 MGMT_STATUS_NOT_POWERED, &rp,
2594 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2595 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2596 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2600 if (cp->addr.type == BDADDR_BREDR)
2601 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2604 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2605 le_addr_type(cp->addr.type));
2607 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2608 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2609 MGMT_STATUS_NOT_CONNECTED, &rp,
2614 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2620 cmd->cmd_complete = generic_cmd_complete;
2622 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2624 mgmt_pending_remove(cmd);
2627 hci_dev_unlock(hdev);
2631 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2633 switch (link_type) {
2635 switch (addr_type) {
2636 case ADDR_LE_DEV_PUBLIC:
2637 return BDADDR_LE_PUBLIC;
2640 /* Fallback to LE Random address type */
2641 return BDADDR_LE_RANDOM;
2645 /* Fallback to BR/EDR type */
2646 return BDADDR_BREDR;
2650 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2653 struct mgmt_rp_get_connections *rp;
2658 bt_dev_dbg(hdev, "sock %p", sk);
2662 if (!hdev_is_powered(hdev)) {
2663 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2664 MGMT_STATUS_NOT_POWERED);
2669 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2670 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2674 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
2681 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2682 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2684 bacpy(&rp->addr[i].bdaddr, &c->dst);
2685 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2686 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2691 rp->conn_count = cpu_to_le16(i);
2693 /* Recalculate length in case of filtered SCO connections, etc */
2694 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2695 struct_size(rp, addr, i));
2700 hci_dev_unlock(hdev);
2704 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2705 struct mgmt_cp_pin_code_neg_reply *cp)
2707 struct mgmt_pending_cmd *cmd;
2710 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2715 cmd->cmd_complete = addr_cmd_complete;
2717 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2718 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2720 mgmt_pending_remove(cmd);
2725 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2728 struct hci_conn *conn;
2729 struct mgmt_cp_pin_code_reply *cp = data;
2730 struct hci_cp_pin_code_reply reply;
2731 struct mgmt_pending_cmd *cmd;
2734 bt_dev_dbg(hdev, "sock %p", sk);
2738 if (!hdev_is_powered(hdev)) {
2739 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2740 MGMT_STATUS_NOT_POWERED);
2744 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2746 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2747 MGMT_STATUS_NOT_CONNECTED);
2751 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2752 struct mgmt_cp_pin_code_neg_reply ncp;
2754 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2756 bt_dev_err(hdev, "PIN code is not 16 bytes long");
2758 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2760 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2761 MGMT_STATUS_INVALID_PARAMS);
2766 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2772 cmd->cmd_complete = addr_cmd_complete;
2774 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2775 reply.pin_len = cp->pin_len;
2776 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2778 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2780 mgmt_pending_remove(cmd);
2783 hci_dev_unlock(hdev);
2787 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2790 struct mgmt_cp_set_io_capability *cp = data;
2792 bt_dev_dbg(hdev, "sock %p", sk);
2794 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2795 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2796 MGMT_STATUS_INVALID_PARAMS);
2800 hdev->io_capability = cp->io_capability;
2802 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
2804 hci_dev_unlock(hdev);
2806 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2810 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2812 struct hci_dev *hdev = conn->hdev;
2813 struct mgmt_pending_cmd *cmd;
2815 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2816 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2819 if (cmd->user_data != conn)
2828 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2830 struct mgmt_rp_pair_device rp;
2831 struct hci_conn *conn = cmd->user_data;
2834 bacpy(&rp.addr.bdaddr, &conn->dst);
2835 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2837 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2838 status, &rp, sizeof(rp));
2840 /* So we don't get further callbacks for this connection */
2841 conn->connect_cfm_cb = NULL;
2842 conn->security_cfm_cb = NULL;
2843 conn->disconn_cfm_cb = NULL;
2845 hci_conn_drop(conn);
2847 /* The device is paired so there is no need to remove
2848 * its connection parameters anymore.
2850 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2857 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2859 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2860 struct mgmt_pending_cmd *cmd;
2862 cmd = find_pairing(conn);
2864 cmd->cmd_complete(cmd, status);
2865 mgmt_pending_remove(cmd);
2869 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2871 struct mgmt_pending_cmd *cmd;
2873 BT_DBG("status %u", status);
2875 cmd = find_pairing(conn);
2877 BT_DBG("Unable to find a pending command");
2881 cmd->cmd_complete(cmd, mgmt_status(status));
2882 mgmt_pending_remove(cmd);
2885 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2887 struct mgmt_pending_cmd *cmd;
2889 BT_DBG("status %u", status);
2894 cmd = find_pairing(conn);
2896 BT_DBG("Unable to find a pending command");
2900 cmd->cmd_complete(cmd, mgmt_status(status));
2901 mgmt_pending_remove(cmd);
2904 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2907 struct mgmt_cp_pair_device *cp = data;
2908 struct mgmt_rp_pair_device rp;
2909 struct mgmt_pending_cmd *cmd;
2910 u8 sec_level, auth_type;
2911 struct hci_conn *conn;
2914 bt_dev_dbg(hdev, "sock %p", sk);
2916 memset(&rp, 0, sizeof(rp));
2917 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2918 rp.addr.type = cp->addr.type;
2920 if (!bdaddr_type_is_valid(cp->addr.type))
2921 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2922 MGMT_STATUS_INVALID_PARAMS,
2925 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2926 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2927 MGMT_STATUS_INVALID_PARAMS,
2932 if (!hdev_is_powered(hdev)) {
2933 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2934 MGMT_STATUS_NOT_POWERED, &rp,
2939 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2940 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2941 MGMT_STATUS_ALREADY_PAIRED, &rp,
2946 sec_level = BT_SECURITY_MEDIUM;
2947 auth_type = HCI_AT_DEDICATED_BONDING;
2949 if (cp->addr.type == BDADDR_BREDR) {
2950 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2951 auth_type, CONN_REASON_PAIR_DEVICE);
2953 u8 addr_type = le_addr_type(cp->addr.type);
2954 struct hci_conn_params *p;
2956 /* When pairing a new device, it is expected to remember
2957 * this device for future connections. Adding the connection
2958 * parameter information ahead of time allows tracking
2959 * of the slave preferred values and will speed up any
2960 * further connection establishment.
2962 * If connection parameters already exist, then they
2963 * will be kept and this function does nothing.
2965 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2967 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2968 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2970 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type,
2971 sec_level, HCI_LE_CONN_TIMEOUT,
2972 CONN_REASON_PAIR_DEVICE);
2978 if (PTR_ERR(conn) == -EBUSY)
2979 status = MGMT_STATUS_BUSY;
2980 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2981 status = MGMT_STATUS_NOT_SUPPORTED;
2982 else if (PTR_ERR(conn) == -ECONNREFUSED)
2983 status = MGMT_STATUS_REJECTED;
2985 status = MGMT_STATUS_CONNECT_FAILED;
2987 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2988 status, &rp, sizeof(rp));
2992 if (conn->connect_cfm_cb) {
2993 hci_conn_drop(conn);
2994 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2995 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2999 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3002 hci_conn_drop(conn);
3006 cmd->cmd_complete = pairing_complete;
3008 /* For LE, just connecting isn't a proof that the pairing finished */
3009 if (cp->addr.type == BDADDR_BREDR) {
3010 conn->connect_cfm_cb = pairing_complete_cb;
3011 conn->security_cfm_cb = pairing_complete_cb;
3012 conn->disconn_cfm_cb = pairing_complete_cb;
3014 conn->connect_cfm_cb = le_pairing_complete_cb;
3015 conn->security_cfm_cb = le_pairing_complete_cb;
3016 conn->disconn_cfm_cb = le_pairing_complete_cb;
3019 conn->io_capability = cp->io_cap;
3020 cmd->user_data = hci_conn_get(conn);
3022 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3023 hci_conn_security(conn, sec_level, auth_type, true)) {
3024 cmd->cmd_complete(cmd, 0);
3025 mgmt_pending_remove(cmd);
3031 hci_dev_unlock(hdev);
3035 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3038 struct mgmt_addr_info *addr = data;
3039 struct mgmt_pending_cmd *cmd;
3040 struct hci_conn *conn;
3043 bt_dev_dbg(hdev, "sock %p", sk);
3047 if (!hdev_is_powered(hdev)) {
3048 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3049 MGMT_STATUS_NOT_POWERED);
3053 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3055 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3056 MGMT_STATUS_INVALID_PARAMS);
3060 conn = cmd->user_data;
3062 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3063 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3064 MGMT_STATUS_INVALID_PARAMS);
3068 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3069 mgmt_pending_remove(cmd);
3071 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3072 addr, sizeof(*addr));
3074 /* Since user doesn't want to proceed with the connection, abort any
3075 * ongoing pairing and then terminate the link if it was created
3076 * because of the pair device action.
3078 if (addr->type == BDADDR_BREDR)
3079 hci_remove_link_key(hdev, &addr->bdaddr);
3081 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr,
3082 le_addr_type(addr->type));
3084 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE)
3085 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
3088 hci_dev_unlock(hdev);
3092 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3093 struct mgmt_addr_info *addr, u16 mgmt_op,
3094 u16 hci_op, __le32 passkey)
3096 struct mgmt_pending_cmd *cmd;
3097 struct hci_conn *conn;
3102 if (!hdev_is_powered(hdev)) {
3103 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3104 MGMT_STATUS_NOT_POWERED, addr,
3109 if (addr->type == BDADDR_BREDR)
3110 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3112 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3113 le_addr_type(addr->type));
3116 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3117 MGMT_STATUS_NOT_CONNECTED, addr,
3122 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3123 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3125 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3126 MGMT_STATUS_SUCCESS, addr,
3129 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3130 MGMT_STATUS_FAILED, addr,
3136 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3142 cmd->cmd_complete = addr_cmd_complete;
3144 /* Continue with pairing via HCI */
3145 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3146 struct hci_cp_user_passkey_reply cp;
3148 bacpy(&cp.bdaddr, &addr->bdaddr);
3149 cp.passkey = passkey;
3150 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3152 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3156 mgmt_pending_remove(cmd);
3159 hci_dev_unlock(hdev);
3163 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3164 void *data, u16 len)
3166 struct mgmt_cp_pin_code_neg_reply *cp = data;
3168 bt_dev_dbg(hdev, "sock %p", sk);
3170 return user_pairing_resp(sk, hdev, &cp->addr,
3171 MGMT_OP_PIN_CODE_NEG_REPLY,
3172 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3175 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3178 struct mgmt_cp_user_confirm_reply *cp = data;
3180 bt_dev_dbg(hdev, "sock %p", sk);
3182 if (len != sizeof(*cp))
3183 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3184 MGMT_STATUS_INVALID_PARAMS);
3186 return user_pairing_resp(sk, hdev, &cp->addr,
3187 MGMT_OP_USER_CONFIRM_REPLY,
3188 HCI_OP_USER_CONFIRM_REPLY, 0);
3191 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3192 void *data, u16 len)
3194 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3196 bt_dev_dbg(hdev, "sock %p", sk);
3198 return user_pairing_resp(sk, hdev, &cp->addr,
3199 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3200 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3203 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3206 struct mgmt_cp_user_passkey_reply *cp = data;
3208 bt_dev_dbg(hdev, "sock %p", sk);
3210 return user_pairing_resp(sk, hdev, &cp->addr,
3211 MGMT_OP_USER_PASSKEY_REPLY,
3212 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3215 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3216 void *data, u16 len)
3218 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3220 bt_dev_dbg(hdev, "sock %p", sk);
3222 return user_pairing_resp(sk, hdev, &cp->addr,
3223 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3224 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3227 static void adv_expire(struct hci_dev *hdev, u32 flags)
3229 struct adv_info *adv_instance;
3230 struct hci_request req;
3233 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3237 /* stop if current instance doesn't need to be changed */
3238 if (!(adv_instance->flags & flags))
3241 cancel_adv_timeout(hdev);
3243 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3247 hci_req_init(&req, hdev);
3248 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3253 hci_req_run(&req, NULL);
3256 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3258 struct mgmt_cp_set_local_name *cp;
3259 struct mgmt_pending_cmd *cmd;
3261 bt_dev_dbg(hdev, "status 0x%02x", status);
3265 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3272 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3273 mgmt_status(status));
3275 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3278 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3279 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3282 mgmt_pending_remove(cmd);
3285 hci_dev_unlock(hdev);
3288 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3291 struct mgmt_cp_set_local_name *cp = data;
3292 struct mgmt_pending_cmd *cmd;
3293 struct hci_request req;
3296 bt_dev_dbg(hdev, "sock %p", sk);
3300 /* If the old values are the same as the new ones just return a
3301 * direct command complete event.
3303 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3304 !memcmp(hdev->short_name, cp->short_name,
3305 sizeof(hdev->short_name))) {
3306 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3311 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3313 if (!hdev_is_powered(hdev)) {
3314 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3316 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3321 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3322 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3323 ext_info_changed(hdev, sk);
3328 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3334 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3336 hci_req_init(&req, hdev);
3338 if (lmp_bredr_capable(hdev)) {
3339 __hci_req_update_name(&req);
3340 __hci_req_update_eir(&req);
3343 /* The name is stored in the scan response data and so
3344 * no need to udpate the advertising data here.
3346 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3347 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3349 err = hci_req_run(&req, set_name_complete);
3351 mgmt_pending_remove(cmd);
3354 hci_dev_unlock(hdev);
3358 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3361 struct mgmt_cp_set_appearance *cp = data;
3365 bt_dev_dbg(hdev, "sock %p", sk);
3367 if (!lmp_le_capable(hdev))
3368 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3369 MGMT_STATUS_NOT_SUPPORTED);
3371 appearance = le16_to_cpu(cp->appearance);
3375 if (hdev->appearance != appearance) {
3376 hdev->appearance = appearance;
3378 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3379 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3381 ext_info_changed(hdev, sk);
3384 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3387 hci_dev_unlock(hdev);
3392 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3393 void *data, u16 len)
3395 struct mgmt_rp_get_phy_configuration rp;
3397 bt_dev_dbg(hdev, "sock %p", sk);
3401 memset(&rp, 0, sizeof(rp));
3403 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3404 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3405 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3407 hci_dev_unlock(hdev);
3409 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3413 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3415 struct mgmt_ev_phy_configuration_changed ev;
3417 memset(&ev, 0, sizeof(ev));
3419 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3421 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3425 static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3426 u16 opcode, struct sk_buff *skb)
3428 struct mgmt_pending_cmd *cmd;
3430 bt_dev_dbg(hdev, "status 0x%02x", status);
3434 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3439 mgmt_cmd_status(cmd->sk, hdev->id,
3440 MGMT_OP_SET_PHY_CONFIGURATION,
3441 mgmt_status(status));
3443 mgmt_cmd_complete(cmd->sk, hdev->id,
3444 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3447 mgmt_phy_configuration_changed(hdev, cmd->sk);
3450 mgmt_pending_remove(cmd);
3453 hci_dev_unlock(hdev);
3456 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3457 void *data, u16 len)
3459 struct mgmt_cp_set_phy_configuration *cp = data;
3460 struct hci_cp_le_set_default_phy cp_phy;
3461 struct mgmt_pending_cmd *cmd;
3462 struct hci_request req;
3463 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3464 u16 pkt_type = (HCI_DH1 | HCI_DM1);
3465 bool changed = false;
3468 bt_dev_dbg(hdev, "sock %p", sk);
3470 configurable_phys = get_configurable_phys(hdev);
3471 supported_phys = get_supported_phys(hdev);
3472 selected_phys = __le32_to_cpu(cp->selected_phys);
3474 if (selected_phys & ~supported_phys)
3475 return mgmt_cmd_status(sk, hdev->id,
3476 MGMT_OP_SET_PHY_CONFIGURATION,
3477 MGMT_STATUS_INVALID_PARAMS);
3479 unconfigure_phys = supported_phys & ~configurable_phys;
3481 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3482 return mgmt_cmd_status(sk, hdev->id,
3483 MGMT_OP_SET_PHY_CONFIGURATION,
3484 MGMT_STATUS_INVALID_PARAMS);
3486 if (selected_phys == get_selected_phys(hdev))
3487 return mgmt_cmd_complete(sk, hdev->id,
3488 MGMT_OP_SET_PHY_CONFIGURATION,
3493 if (!hdev_is_powered(hdev)) {
3494 err = mgmt_cmd_status(sk, hdev->id,
3495 MGMT_OP_SET_PHY_CONFIGURATION,
3496 MGMT_STATUS_REJECTED);
3500 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3501 err = mgmt_cmd_status(sk, hdev->id,
3502 MGMT_OP_SET_PHY_CONFIGURATION,
3507 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3508 pkt_type |= (HCI_DH3 | HCI_DM3);
3510 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3512 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3513 pkt_type |= (HCI_DH5 | HCI_DM5);
3515 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3517 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3518 pkt_type &= ~HCI_2DH1;
3520 pkt_type |= HCI_2DH1;
3522 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3523 pkt_type &= ~HCI_2DH3;
3525 pkt_type |= HCI_2DH3;
3527 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3528 pkt_type &= ~HCI_2DH5;
3530 pkt_type |= HCI_2DH5;
3532 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3533 pkt_type &= ~HCI_3DH1;
3535 pkt_type |= HCI_3DH1;
3537 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3538 pkt_type &= ~HCI_3DH3;
3540 pkt_type |= HCI_3DH3;
3542 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3543 pkt_type &= ~HCI_3DH5;
3545 pkt_type |= HCI_3DH5;
3547 if (pkt_type != hdev->pkt_type) {
3548 hdev->pkt_type = pkt_type;
3552 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3553 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
3555 mgmt_phy_configuration_changed(hdev, sk);
3557 err = mgmt_cmd_complete(sk, hdev->id,
3558 MGMT_OP_SET_PHY_CONFIGURATION,
3564 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3571 hci_req_init(&req, hdev);
3573 memset(&cp_phy, 0, sizeof(cp_phy));
3575 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3576 cp_phy.all_phys |= 0x01;
3578 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3579 cp_phy.all_phys |= 0x02;
3581 if (selected_phys & MGMT_PHY_LE_1M_TX)
3582 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3584 if (selected_phys & MGMT_PHY_LE_2M_TX)
3585 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3587 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3588 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3590 if (selected_phys & MGMT_PHY_LE_1M_RX)
3591 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3593 if (selected_phys & MGMT_PHY_LE_2M_RX)
3594 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3596 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3597 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3599 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3601 err = hci_req_run_skb(&req, set_default_phy_complete);
3603 mgmt_pending_remove(cmd);
3606 hci_dev_unlock(hdev);
3611 static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
3614 int err = MGMT_STATUS_SUCCESS;
3615 struct mgmt_cp_set_blocked_keys *keys = data;
3616 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
3617 sizeof(struct mgmt_blocked_key_info));
3618 u16 key_count, expected_len;
3621 bt_dev_dbg(hdev, "sock %p", sk);
3623 key_count = __le16_to_cpu(keys->key_count);
3624 if (key_count > max_key_count) {
3625 bt_dev_err(hdev, "too big key_count value %u", key_count);
3626 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3627 MGMT_STATUS_INVALID_PARAMS);
3630 expected_len = struct_size(keys, keys, key_count);
3631 if (expected_len != len) {
3632 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
3634 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3635 MGMT_STATUS_INVALID_PARAMS);
3640 hci_blocked_keys_clear(hdev);
3642 for (i = 0; i < keys->key_count; ++i) {
3643 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
3646 err = MGMT_STATUS_NO_RESOURCES;
3650 b->type = keys->keys[i].type;
3651 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
3652 list_add_rcu(&b->list, &hdev->blocked_keys);
3654 hci_dev_unlock(hdev);
3656 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3660 static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
3661 void *data, u16 len)
3663 struct mgmt_mode *cp = data;
3665 bool changed = false;
3667 bt_dev_dbg(hdev, "sock %p", sk);
3669 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
3670 return mgmt_cmd_status(sk, hdev->id,
3671 MGMT_OP_SET_WIDEBAND_SPEECH,
3672 MGMT_STATUS_NOT_SUPPORTED);
3674 if (cp->val != 0x00 && cp->val != 0x01)
3675 return mgmt_cmd_status(sk, hdev->id,
3676 MGMT_OP_SET_WIDEBAND_SPEECH,
3677 MGMT_STATUS_INVALID_PARAMS);
3681 if (pending_find(MGMT_OP_SET_WIDEBAND_SPEECH, hdev)) {
3682 err = mgmt_cmd_status(sk, hdev->id,
3683 MGMT_OP_SET_WIDEBAND_SPEECH,
3688 if (hdev_is_powered(hdev) &&
3689 !!cp->val != hci_dev_test_flag(hdev,
3690 HCI_WIDEBAND_SPEECH_ENABLED)) {
3691 err = mgmt_cmd_status(sk, hdev->id,
3692 MGMT_OP_SET_WIDEBAND_SPEECH,
3693 MGMT_STATUS_REJECTED);
3698 changed = !hci_dev_test_and_set_flag(hdev,
3699 HCI_WIDEBAND_SPEECH_ENABLED);
3701 changed = hci_dev_test_and_clear_flag(hdev,
3702 HCI_WIDEBAND_SPEECH_ENABLED);
3704 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
3709 err = new_settings(hdev, sk);
3712 hci_dev_unlock(hdev);
3716 static int read_controller_cap(struct sock *sk, struct hci_dev *hdev,
3717 void *data, u16 data_len)
3720 struct mgmt_rp_read_controller_cap *rp = (void *)buf;
3723 u8 tx_power_range[2];
3725 bt_dev_dbg(hdev, "sock %p", sk);
3727 memset(&buf, 0, sizeof(buf));
3731 /* When the Read Simple Pairing Options command is supported, then
3732 * the remote public key validation is supported.
3734 if (hdev->commands[41] & 0x08)
3735 flags |= 0x01; /* Remote public key validation (BR/EDR) */
3737 flags |= 0x02; /* Remote public key validation (LE) */
3739 /* When the Read Encryption Key Size command is supported, then the
3740 * encryption key size is enforced.
3742 if (hdev->commands[20] & 0x10)
3743 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
3745 flags |= 0x08; /* Encryption key size enforcement (LE) */
3747 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS,
3750 /* When the Read Simple Pairing Options command is supported, then
3751 * also max encryption key size information is provided.
3753 if (hdev->commands[41] & 0x08)
3754 cap_len = eir_append_le16(rp->cap, cap_len,
3755 MGMT_CAP_MAX_ENC_KEY_SIZE,
3756 hdev->max_enc_key_size);
3758 cap_len = eir_append_le16(rp->cap, cap_len,
3759 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE,
3760 SMP_MAX_ENC_KEY_SIZE);
3762 /* Append the min/max LE tx power parameters if we were able to fetch
3763 * it from the controller
3765 if (hdev->commands[38] & 0x80) {
3766 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1);
3767 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1);
3768 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR,
3772 rp->cap_len = cpu_to_le16(cap_len);
3774 hci_dev_unlock(hdev);
3776 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0,
3777 rp, sizeof(*rp) + cap_len);
3780 #ifdef CONFIG_BT_FEATURE_DEBUG
3781 /* d4992530-b9ec-469f-ab01-6c481c47da1c */
3782 static const u8 debug_uuid[16] = {
3783 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab,
3784 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4,
3788 /* 671b10b5-42c0-4696-9227-eb28d1b049d6 */
3789 static const u8 simult_central_periph_uuid[16] = {
3790 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92,
3791 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67,
3794 /* 15c0a148-c273-11ea-b3de-0242ac130004 */
3795 static const u8 rpa_resolution_uuid[16] = {
3796 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3,
3797 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15,
3800 static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
3801 void *data, u16 data_len)
3803 char buf[62]; /* Enough space for 3 features */
3804 struct mgmt_rp_read_exp_features_info *rp = (void *)buf;
3808 bt_dev_dbg(hdev, "sock %p", sk);
3810 memset(&buf, 0, sizeof(buf));
3812 #ifdef CONFIG_BT_FEATURE_DEBUG
3814 flags = bt_dbg_get() ? BIT(0) : 0;
3816 memcpy(rp->features[idx].uuid, debug_uuid, 16);
3817 rp->features[idx].flags = cpu_to_le32(flags);
3823 if (test_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks) &&
3824 (hdev->le_states[4] & 0x08) && /* Central */
3825 (hdev->le_states[4] & 0x40) && /* Peripheral */
3826 (hdev->le_states[3] & 0x10)) /* Simultaneous */
3831 memcpy(rp->features[idx].uuid, simult_central_periph_uuid, 16);
3832 rp->features[idx].flags = cpu_to_le32(flags);
3836 if (hdev && use_ll_privacy(hdev)) {
3837 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
3838 flags = BIT(0) | BIT(1);
3842 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16);
3843 rp->features[idx].flags = cpu_to_le32(flags);
3847 rp->feature_count = cpu_to_le16(idx);
3849 /* After reading the experimental features information, enable
3850 * the events to update client on any future change.
3852 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3854 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
3855 MGMT_OP_READ_EXP_FEATURES_INFO,
3856 0, rp, sizeof(*rp) + (20 * idx));
3859 static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev,
3862 struct mgmt_ev_exp_feature_changed ev;
3864 memset(&ev, 0, sizeof(ev));
3865 memcpy(ev.uuid, rpa_resolution_uuid, 16);
3866 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1));
3868 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
3870 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
3874 #ifdef CONFIG_BT_FEATURE_DEBUG
3875 static int exp_debug_feature_changed(bool enabled, struct sock *skip)
3877 struct mgmt_ev_exp_feature_changed ev;
3879 memset(&ev, 0, sizeof(ev));
3880 memcpy(ev.uuid, debug_uuid, 16);
3881 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
3883 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, NULL,
3885 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
3889 static int set_exp_feature(struct sock *sk, struct hci_dev *hdev,
3890 void *data, u16 data_len)
3892 struct mgmt_cp_set_exp_feature *cp = data;
3893 struct mgmt_rp_set_exp_feature rp;
3895 bt_dev_dbg(hdev, "sock %p", sk);
3897 if (!memcmp(cp->uuid, ZERO_KEY, 16)) {
3898 memset(rp.uuid, 0, 16);
3899 rp.flags = cpu_to_le32(0);
3901 #ifdef CONFIG_BT_FEATURE_DEBUG
3903 bool changed = bt_dbg_get();
3908 exp_debug_feature_changed(false, sk);
3912 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) {
3913 bool changed = hci_dev_test_flag(hdev,
3914 HCI_ENABLE_LL_PRIVACY);
3916 hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY);
3919 exp_ll_privacy_feature_changed(false, hdev, sk);
3922 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3924 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
3925 MGMT_OP_SET_EXP_FEATURE, 0,
3929 #ifdef CONFIG_BT_FEATURE_DEBUG
3930 if (!memcmp(cp->uuid, debug_uuid, 16)) {
3934 /* Command requires to use the non-controller index */
3936 return mgmt_cmd_status(sk, hdev->id,
3937 MGMT_OP_SET_EXP_FEATURE,
3938 MGMT_STATUS_INVALID_INDEX);
3940 /* Parameters are limited to a single octet */
3941 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
3942 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3943 MGMT_OP_SET_EXP_FEATURE,
3944 MGMT_STATUS_INVALID_PARAMS);
3946 /* Only boolean on/off is supported */
3947 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
3948 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3949 MGMT_OP_SET_EXP_FEATURE,
3950 MGMT_STATUS_INVALID_PARAMS);
3952 val = !!cp->param[0];
3953 changed = val ? !bt_dbg_get() : bt_dbg_get();
3956 memcpy(rp.uuid, debug_uuid, 16);
3957 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
3959 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3961 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
3962 MGMT_OP_SET_EXP_FEATURE, 0,
3966 exp_debug_feature_changed(val, sk);
3972 if (!memcmp(cp->uuid, rpa_resolution_uuid, 16)) {
3977 /* Command requires to use the controller index */
3979 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3980 MGMT_OP_SET_EXP_FEATURE,
3981 MGMT_STATUS_INVALID_INDEX);
3983 /* Changes can only be made when controller is powered down */
3984 if (hdev_is_powered(hdev))
3985 return mgmt_cmd_status(sk, hdev->id,
3986 MGMT_OP_SET_EXP_FEATURE,
3987 MGMT_STATUS_REJECTED);
3989 /* Parameters are limited to a single octet */
3990 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
3991 return mgmt_cmd_status(sk, hdev->id,
3992 MGMT_OP_SET_EXP_FEATURE,
3993 MGMT_STATUS_INVALID_PARAMS);
3995 /* Only boolean on/off is supported */
3996 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
3997 return mgmt_cmd_status(sk, hdev->id,
3998 MGMT_OP_SET_EXP_FEATURE,
3999 MGMT_STATUS_INVALID_PARAMS);
4001 val = !!cp->param[0];
4004 changed = !hci_dev_test_flag(hdev,
4005 HCI_ENABLE_LL_PRIVACY);
4006 hci_dev_set_flag(hdev, HCI_ENABLE_LL_PRIVACY);
4007 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4009 /* Enable LL privacy + supported settings changed */
4010 flags = BIT(0) | BIT(1);
4012 changed = hci_dev_test_flag(hdev,
4013 HCI_ENABLE_LL_PRIVACY);
4014 hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY);
4016 /* Disable LL privacy + supported settings changed */
4020 memcpy(rp.uuid, rpa_resolution_uuid, 16);
4021 rp.flags = cpu_to_le32(flags);
4023 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4025 err = mgmt_cmd_complete(sk, hdev->id,
4026 MGMT_OP_SET_EXP_FEATURE, 0,
4030 exp_ll_privacy_feature_changed(val, hdev, sk);
4035 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4036 MGMT_OP_SET_EXP_FEATURE,
4037 MGMT_STATUS_NOT_SUPPORTED);
4040 #define SUPPORTED_DEVICE_FLAGS() ((1U << HCI_CONN_FLAG_MAX) - 1)
4042 static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
4045 struct mgmt_cp_get_device_flags *cp = data;
4046 struct mgmt_rp_get_device_flags rp;
4047 struct bdaddr_list_with_flags *br_params;
4048 struct hci_conn_params *params;
4049 u32 supported_flags = SUPPORTED_DEVICE_FLAGS();
4050 u32 current_flags = 0;
4051 u8 status = MGMT_STATUS_INVALID_PARAMS;
4053 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n",
4054 &cp->addr.bdaddr, cp->addr.type);
4058 if (cp->addr.type == BDADDR_BREDR) {
4059 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->whitelist,
4065 current_flags = br_params->current_flags;
4067 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
4068 le_addr_type(cp->addr.type));
4073 current_flags = params->current_flags;
4076 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4077 rp.addr.type = cp->addr.type;
4078 rp.supported_flags = cpu_to_le32(supported_flags);
4079 rp.current_flags = cpu_to_le32(current_flags);
4081 status = MGMT_STATUS_SUCCESS;
4084 hci_dev_unlock(hdev);
4086 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status,
4090 static void device_flags_changed(struct sock *sk, struct hci_dev *hdev,
4091 bdaddr_t *bdaddr, u8 bdaddr_type,
4092 u32 supported_flags, u32 current_flags)
4094 struct mgmt_ev_device_flags_changed ev;
4096 bacpy(&ev.addr.bdaddr, bdaddr);
4097 ev.addr.type = bdaddr_type;
4098 ev.supported_flags = cpu_to_le32(supported_flags);
4099 ev.current_flags = cpu_to_le32(current_flags);
4101 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk);
4104 static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
4107 struct mgmt_cp_set_device_flags *cp = data;
4108 struct bdaddr_list_with_flags *br_params;
4109 struct hci_conn_params *params;
4110 u8 status = MGMT_STATUS_INVALID_PARAMS;
4111 u32 supported_flags = SUPPORTED_DEVICE_FLAGS();
4112 u32 current_flags = __le32_to_cpu(cp->current_flags);
4114 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x",
4115 &cp->addr.bdaddr, cp->addr.type,
4116 __le32_to_cpu(current_flags));
4118 if ((supported_flags | current_flags) != supported_flags) {
4119 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
4120 current_flags, supported_flags);
4126 if (cp->addr.type == BDADDR_BREDR) {
4127 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->whitelist,
4132 br_params->current_flags = current_flags;
4133 status = MGMT_STATUS_SUCCESS;
4135 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)",
4136 &cp->addr.bdaddr, cp->addr.type);
4139 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
4140 le_addr_type(cp->addr.type));
4142 params->current_flags = current_flags;
4143 status = MGMT_STATUS_SUCCESS;
4145 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)",
4147 le_addr_type(cp->addr.type));
4152 hci_dev_unlock(hdev);
4154 if (status == MGMT_STATUS_SUCCESS)
4155 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
4156 supported_flags, current_flags);
4158 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status,
4159 &cp->addr, sizeof(cp->addr));
4162 static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev,
4165 struct mgmt_ev_adv_monitor_added ev;
4167 ev.monitor_handle = cpu_to_le16(handle);
4169 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk);
4172 void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle)
4174 struct mgmt_ev_adv_monitor_removed ev;
4175 struct mgmt_pending_cmd *cmd;
4176 struct sock *sk_skip = NULL;
4177 struct mgmt_cp_remove_adv_monitor *cp;
4179 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
4183 if (cp->monitor_handle)
4187 ev.monitor_handle = cpu_to_le16(handle);
4189 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip);
4192 static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
4193 void *data, u16 len)
4195 struct adv_monitor *monitor = NULL;
4196 struct mgmt_rp_read_adv_monitor_features *rp = NULL;
4199 __u32 supported = 0;
4201 __u16 num_handles = 0;
4202 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES];
4204 BT_DBG("request for %s", hdev->name);
4208 if (msft_monitor_supported(hdev))
4209 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS;
4211 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle)
4212 handles[num_handles++] = monitor->handle;
4214 hci_dev_unlock(hdev);
4216 rp_size = sizeof(*rp) + (num_handles * sizeof(u16));
4217 rp = kmalloc(rp_size, GFP_KERNEL);
4221 /* All supported features are currently enabled */
4222 enabled = supported;
4224 rp->supported_features = cpu_to_le32(supported);
4225 rp->enabled_features = cpu_to_le32(enabled);
4226 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES);
4227 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS;
4228 rp->num_handles = cpu_to_le16(num_handles);
4230 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
4232 err = mgmt_cmd_complete(sk, hdev->id,
4233 MGMT_OP_READ_ADV_MONITOR_FEATURES,
4234 MGMT_STATUS_SUCCESS, rp, rp_size);
4241 int mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev, u8 status)
4243 struct mgmt_rp_add_adv_patterns_monitor rp;
4244 struct mgmt_pending_cmd *cmd;
4245 struct adv_monitor *monitor;
4250 cmd = pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev);
4252 cmd = pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev);
4257 monitor = cmd->user_data;
4258 rp.monitor_handle = cpu_to_le16(monitor->handle);
4261 mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle);
4262 hdev->adv_monitors_cnt++;
4263 if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED)
4264 monitor->state = ADV_MONITOR_STATE_REGISTERED;
4265 hci_update_background_scan(hdev);
4268 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
4269 mgmt_status(status), &rp, sizeof(rp));
4270 mgmt_pending_remove(cmd);
4273 hci_dev_unlock(hdev);
4274 bt_dev_dbg(hdev, "add monitor %d complete, status %d",
4275 rp.monitor_handle, status);
4280 static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
4281 struct adv_monitor *m, u8 status,
4282 void *data, u16 len, u16 op)
4284 struct mgmt_rp_add_adv_patterns_monitor rp;
4285 struct mgmt_pending_cmd *cmd;
4294 if (pending_find(MGMT_OP_SET_LE, hdev) ||
4295 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
4296 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) ||
4297 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) {
4298 status = MGMT_STATUS_BUSY;
4302 cmd = mgmt_pending_add(sk, op, hdev, data, len);
4304 status = MGMT_STATUS_NO_RESOURCES;
4309 pending = hci_add_adv_monitor(hdev, m, &err);
4311 if (err == -ENOSPC || err == -ENOMEM)
4312 status = MGMT_STATUS_NO_RESOURCES;
4313 else if (err == -EINVAL)
4314 status = MGMT_STATUS_INVALID_PARAMS;
4316 status = MGMT_STATUS_FAILED;
4318 mgmt_pending_remove(cmd);
4323 mgmt_pending_remove(cmd);
4324 rp.monitor_handle = cpu_to_le16(m->handle);
4325 mgmt_adv_monitor_added(sk, hdev, m->handle);
4326 m->state = ADV_MONITOR_STATE_REGISTERED;
4327 hdev->adv_monitors_cnt++;
4329 hci_dev_unlock(hdev);
4330 return mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_SUCCESS,
4334 hci_dev_unlock(hdev);
4339 hci_free_adv_monitor(hdev, m);
4340 hci_dev_unlock(hdev);
4341 return mgmt_cmd_status(sk, hdev->id, op, status);
4344 static void parse_adv_monitor_rssi(struct adv_monitor *m,
4345 struct mgmt_adv_rssi_thresholds *rssi)
4348 m->rssi.low_threshold = rssi->low_threshold;
4349 m->rssi.low_threshold_timeout =
4350 __le16_to_cpu(rssi->low_threshold_timeout);
4351 m->rssi.high_threshold = rssi->high_threshold;
4352 m->rssi.high_threshold_timeout =
4353 __le16_to_cpu(rssi->high_threshold_timeout);
4354 m->rssi.sampling_period = rssi->sampling_period;
4356 /* Default values. These numbers are the least constricting
4357 * parameters for MSFT API to work, so it behaves as if there
4358 * are no rssi parameter to consider. May need to be changed
4359 * if other API are to be supported.
4361 m->rssi.low_threshold = -127;
4362 m->rssi.low_threshold_timeout = 60;
4363 m->rssi.high_threshold = -127;
4364 m->rssi.high_threshold_timeout = 0;
4365 m->rssi.sampling_period = 0;
4369 static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count,
4370 struct mgmt_adv_pattern *patterns)
4372 u8 offset = 0, length = 0;
4373 struct adv_pattern *p = NULL;
4376 for (i = 0; i < pattern_count; i++) {
4377 offset = patterns[i].offset;
4378 length = patterns[i].length;
4379 if (offset >= HCI_MAX_AD_LENGTH ||
4380 length > HCI_MAX_AD_LENGTH ||
4381 (offset + length) > HCI_MAX_AD_LENGTH)
4382 return MGMT_STATUS_INVALID_PARAMS;
4384 p = kmalloc(sizeof(*p), GFP_KERNEL);
4386 return MGMT_STATUS_NO_RESOURCES;
4388 p->ad_type = patterns[i].ad_type;
4389 p->offset = patterns[i].offset;
4390 p->length = patterns[i].length;
4391 memcpy(p->value, patterns[i].value, p->length);
4393 INIT_LIST_HEAD(&p->list);
4394 list_add(&p->list, &m->patterns);
4397 return MGMT_STATUS_SUCCESS;
4400 static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
4401 void *data, u16 len)
4403 struct mgmt_cp_add_adv_patterns_monitor *cp = data;
4404 struct adv_monitor *m = NULL;
4405 u8 status = MGMT_STATUS_SUCCESS;
4406 size_t expected_size = sizeof(*cp);
4408 BT_DBG("request for %s", hdev->name);
4410 if (len <= sizeof(*cp)) {
4411 status = MGMT_STATUS_INVALID_PARAMS;
4415 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
4416 if (len != expected_size) {
4417 status = MGMT_STATUS_INVALID_PARAMS;
4421 m = kzalloc(sizeof(*m), GFP_KERNEL);
4423 status = MGMT_STATUS_NO_RESOURCES;
4427 INIT_LIST_HEAD(&m->patterns);
4429 parse_adv_monitor_rssi(m, NULL);
4430 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
4433 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
4434 MGMT_OP_ADD_ADV_PATTERNS_MONITOR);
4437 static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev,
4438 void *data, u16 len)
4440 struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data;
4441 struct adv_monitor *m = NULL;
4442 u8 status = MGMT_STATUS_SUCCESS;
4443 size_t expected_size = sizeof(*cp);
4445 BT_DBG("request for %s", hdev->name);
4447 if (len <= sizeof(*cp)) {
4448 status = MGMT_STATUS_INVALID_PARAMS;
4452 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
4453 if (len != expected_size) {
4454 status = MGMT_STATUS_INVALID_PARAMS;
4458 m = kzalloc(sizeof(*m), GFP_KERNEL);
4460 status = MGMT_STATUS_NO_RESOURCES;
4464 INIT_LIST_HEAD(&m->patterns);
4466 parse_adv_monitor_rssi(m, &cp->rssi);
4467 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
4470 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
4471 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI);
4474 int mgmt_remove_adv_monitor_complete(struct hci_dev *hdev, u8 status)
4476 struct mgmt_rp_remove_adv_monitor rp;
4477 struct mgmt_cp_remove_adv_monitor *cp;
4478 struct mgmt_pending_cmd *cmd;
4483 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
4488 rp.monitor_handle = cp->monitor_handle;
4491 hci_update_background_scan(hdev);
4493 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
4494 mgmt_status(status), &rp, sizeof(rp));
4495 mgmt_pending_remove(cmd);
4498 hci_dev_unlock(hdev);
4499 bt_dev_dbg(hdev, "remove monitor %d complete, status %d",
4500 rp.monitor_handle, status);
4505 static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev,
4506 void *data, u16 len)
4508 struct mgmt_cp_remove_adv_monitor *cp = data;
4509 struct mgmt_rp_remove_adv_monitor rp;
4510 struct mgmt_pending_cmd *cmd;
4511 u16 handle = __le16_to_cpu(cp->monitor_handle);
4515 BT_DBG("request for %s", hdev->name);
4516 rp.monitor_handle = cp->monitor_handle;
4520 if (pending_find(MGMT_OP_SET_LE, hdev) ||
4521 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) ||
4522 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
4523 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) {
4524 status = MGMT_STATUS_BUSY;
4528 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len);
4530 status = MGMT_STATUS_NO_RESOURCES;
4535 pending = hci_remove_single_adv_monitor(hdev, handle, &err);
4537 pending = hci_remove_all_adv_monitor(hdev, &err);
4540 mgmt_pending_remove(cmd);
4543 status = MGMT_STATUS_INVALID_INDEX;
4545 status = MGMT_STATUS_FAILED;
4550 /* monitor can be removed without forwarding request to controller */
4552 mgmt_pending_remove(cmd);
4553 hci_dev_unlock(hdev);
4555 return mgmt_cmd_complete(sk, hdev->id,
4556 MGMT_OP_REMOVE_ADV_MONITOR,
4557 MGMT_STATUS_SUCCESS,
4561 hci_dev_unlock(hdev);
4565 hci_dev_unlock(hdev);
4566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
4570 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
4571 u16 opcode, struct sk_buff *skb)
4573 struct mgmt_rp_read_local_oob_data mgmt_rp;
4574 size_t rp_size = sizeof(mgmt_rp);
4575 struct mgmt_pending_cmd *cmd;
4577 bt_dev_dbg(hdev, "status %u", status);
4579 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4583 if (status || !skb) {
4584 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4585 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
4589 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
4591 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
4592 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
4594 if (skb->len < sizeof(*rp)) {
4595 mgmt_cmd_status(cmd->sk, hdev->id,
4596 MGMT_OP_READ_LOCAL_OOB_DATA,
4597 MGMT_STATUS_FAILED);
4601 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
4602 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
4604 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
4606 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
4608 if (skb->len < sizeof(*rp)) {
4609 mgmt_cmd_status(cmd->sk, hdev->id,
4610 MGMT_OP_READ_LOCAL_OOB_DATA,
4611 MGMT_STATUS_FAILED);
4615 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
4616 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
4618 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
4619 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
4622 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4623 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
4626 mgmt_pending_remove(cmd);
4629 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
4630 void *data, u16 data_len)
4632 struct mgmt_pending_cmd *cmd;
4633 struct hci_request req;
4636 bt_dev_dbg(hdev, "sock %p", sk);
4640 if (!hdev_is_powered(hdev)) {
4641 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4642 MGMT_STATUS_NOT_POWERED);
4646 if (!lmp_ssp_capable(hdev)) {
4647 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4648 MGMT_STATUS_NOT_SUPPORTED);
4652 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
4653 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4658 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
4664 hci_req_init(&req, hdev);
4666 if (bredr_sc_enabled(hdev))
4667 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4669 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4671 err = hci_req_run_skb(&req, read_local_oob_data_complete);
4673 mgmt_pending_remove(cmd);
4676 hci_dev_unlock(hdev);
4680 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4681 void *data, u16 len)
4683 struct mgmt_addr_info *addr = data;
4686 bt_dev_dbg(hdev, "sock %p", sk);
4688 if (!bdaddr_type_is_valid(addr->type))
4689 return mgmt_cmd_complete(sk, hdev->id,
4690 MGMT_OP_ADD_REMOTE_OOB_DATA,
4691 MGMT_STATUS_INVALID_PARAMS,
4692 addr, sizeof(*addr));
4696 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
4697 struct mgmt_cp_add_remote_oob_data *cp = data;
4700 if (cp->addr.type != BDADDR_BREDR) {
4701 err = mgmt_cmd_complete(sk, hdev->id,
4702 MGMT_OP_ADD_REMOTE_OOB_DATA,
4703 MGMT_STATUS_INVALID_PARAMS,
4704 &cp->addr, sizeof(cp->addr));
4708 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4709 cp->addr.type, cp->hash,
4710 cp->rand, NULL, NULL);
4712 status = MGMT_STATUS_FAILED;
4714 status = MGMT_STATUS_SUCCESS;
4716 err = mgmt_cmd_complete(sk, hdev->id,
4717 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
4718 &cp->addr, sizeof(cp->addr));
4719 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
4720 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
4721 u8 *rand192, *hash192, *rand256, *hash256;
4724 if (bdaddr_type_is_le(cp->addr.type)) {
4725 /* Enforce zero-valued 192-bit parameters as
4726 * long as legacy SMP OOB isn't implemented.
4728 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
4729 memcmp(cp->hash192, ZERO_KEY, 16)) {
4730 err = mgmt_cmd_complete(sk, hdev->id,
4731 MGMT_OP_ADD_REMOTE_OOB_DATA,
4732 MGMT_STATUS_INVALID_PARAMS,
4733 addr, sizeof(*addr));
4740 /* In case one of the P-192 values is set to zero,
4741 * then just disable OOB data for P-192.
4743 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
4744 !memcmp(cp->hash192, ZERO_KEY, 16)) {
4748 rand192 = cp->rand192;
4749 hash192 = cp->hash192;
4753 /* In case one of the P-256 values is set to zero, then just
4754 * disable OOB data for P-256.
4756 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
4757 !memcmp(cp->hash256, ZERO_KEY, 16)) {
4761 rand256 = cp->rand256;
4762 hash256 = cp->hash256;
4765 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4766 cp->addr.type, hash192, rand192,
4769 status = MGMT_STATUS_FAILED;
4771 status = MGMT_STATUS_SUCCESS;
4773 err = mgmt_cmd_complete(sk, hdev->id,
4774 MGMT_OP_ADD_REMOTE_OOB_DATA,
4775 status, &cp->addr, sizeof(cp->addr));
4777 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
4779 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
4780 MGMT_STATUS_INVALID_PARAMS);
4784 hci_dev_unlock(hdev);
4788 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4789 void *data, u16 len)
4791 struct mgmt_cp_remove_remote_oob_data *cp = data;
4795 bt_dev_dbg(hdev, "sock %p", sk);
4797 if (cp->addr.type != BDADDR_BREDR)
4798 return mgmt_cmd_complete(sk, hdev->id,
4799 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4800 MGMT_STATUS_INVALID_PARAMS,
4801 &cp->addr, sizeof(cp->addr));
4805 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4806 hci_remote_oob_data_clear(hdev);
4807 status = MGMT_STATUS_SUCCESS;
4811 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
4813 status = MGMT_STATUS_INVALID_PARAMS;
4815 status = MGMT_STATUS_SUCCESS;
4818 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4819 status, &cp->addr, sizeof(cp->addr));
4821 hci_dev_unlock(hdev);
4825 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
4827 struct mgmt_pending_cmd *cmd;
4829 bt_dev_dbg(hdev, "status %d", status);
4833 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
4835 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4838 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
4841 cmd->cmd_complete(cmd, mgmt_status(status));
4842 mgmt_pending_remove(cmd);
4845 hci_dev_unlock(hdev);
4847 /* Handle suspend notifier */
4848 if (test_and_clear_bit(SUSPEND_UNPAUSE_DISCOVERY,
4849 hdev->suspend_tasks)) {
4850 bt_dev_dbg(hdev, "Unpaused discovery");
4851 wake_up(&hdev->suspend_wait_q);
4855 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
4856 uint8_t *mgmt_status)
4859 case DISCOV_TYPE_LE:
4860 *mgmt_status = mgmt_le_support(hdev);
4864 case DISCOV_TYPE_INTERLEAVED:
4865 *mgmt_status = mgmt_le_support(hdev);
4869 case DISCOV_TYPE_BREDR:
4870 *mgmt_status = mgmt_bredr_support(hdev);
4875 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
4882 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
4883 u16 op, void *data, u16 len)
4885 struct mgmt_cp_start_discovery *cp = data;
4886 struct mgmt_pending_cmd *cmd;
4890 bt_dev_dbg(hdev, "sock %p", sk);
4894 if (!hdev_is_powered(hdev)) {
4895 err = mgmt_cmd_complete(sk, hdev->id, op,
4896 MGMT_STATUS_NOT_POWERED,
4897 &cp->type, sizeof(cp->type));
4901 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4902 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4903 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
4904 &cp->type, sizeof(cp->type));
4908 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4909 err = mgmt_cmd_complete(sk, hdev->id, op, status,
4910 &cp->type, sizeof(cp->type));
4914 /* Can't start discovery when it is paused */
4915 if (hdev->discovery_paused) {
4916 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
4917 &cp->type, sizeof(cp->type));
4921 /* Clear the discovery filter first to free any previously
4922 * allocated memory for the UUID list.
4924 hci_discovery_filter_clear(hdev);
4926 hdev->discovery.type = cp->type;
4927 hdev->discovery.report_invalid_rssi = false;
4928 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
4929 hdev->discovery.limited = true;
4931 hdev->discovery.limited = false;
4933 cmd = mgmt_pending_add(sk, op, hdev, data, len);
4939 cmd->cmd_complete = generic_cmd_complete;
4941 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4942 queue_work(hdev->req_workqueue, &hdev->discov_update);
4946 hci_dev_unlock(hdev);
4950 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4951 void *data, u16 len)
4953 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
4957 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
4958 void *data, u16 len)
4960 return start_discovery_internal(sk, hdev,
4961 MGMT_OP_START_LIMITED_DISCOVERY,
4965 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4968 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4972 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4973 void *data, u16 len)
4975 struct mgmt_cp_start_service_discovery *cp = data;
4976 struct mgmt_pending_cmd *cmd;
4977 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4978 u16 uuid_count, expected_len;
4982 bt_dev_dbg(hdev, "sock %p", sk);
4986 if (!hdev_is_powered(hdev)) {
4987 err = mgmt_cmd_complete(sk, hdev->id,
4988 MGMT_OP_START_SERVICE_DISCOVERY,
4989 MGMT_STATUS_NOT_POWERED,
4990 &cp->type, sizeof(cp->type));
4994 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4995 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4996 err = mgmt_cmd_complete(sk, hdev->id,
4997 MGMT_OP_START_SERVICE_DISCOVERY,
4998 MGMT_STATUS_BUSY, &cp->type,
5003 if (hdev->discovery_paused) {
5004 err = mgmt_cmd_complete(sk, hdev->id,
5005 MGMT_OP_START_SERVICE_DISCOVERY,
5006 MGMT_STATUS_BUSY, &cp->type,
5011 uuid_count = __le16_to_cpu(cp->uuid_count);
5012 if (uuid_count > max_uuid_count) {
5013 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
5015 err = mgmt_cmd_complete(sk, hdev->id,
5016 MGMT_OP_START_SERVICE_DISCOVERY,
5017 MGMT_STATUS_INVALID_PARAMS, &cp->type,
5022 expected_len = sizeof(*cp) + uuid_count * 16;
5023 if (expected_len != len) {
5024 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
5026 err = mgmt_cmd_complete(sk, hdev->id,
5027 MGMT_OP_START_SERVICE_DISCOVERY,
5028 MGMT_STATUS_INVALID_PARAMS, &cp->type,
5033 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
5034 err = mgmt_cmd_complete(sk, hdev->id,
5035 MGMT_OP_START_SERVICE_DISCOVERY,
5036 status, &cp->type, sizeof(cp->type));
5040 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
5047 cmd->cmd_complete = service_discovery_cmd_complete;
5049 /* Clear the discovery filter first to free any previously
5050 * allocated memory for the UUID list.
5052 hci_discovery_filter_clear(hdev);
5054 hdev->discovery.result_filtering = true;
5055 hdev->discovery.type = cp->type;
5056 hdev->discovery.rssi = cp->rssi;
5057 hdev->discovery.uuid_count = uuid_count;
5059 if (uuid_count > 0) {
5060 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
5062 if (!hdev->discovery.uuids) {
5063 err = mgmt_cmd_complete(sk, hdev->id,
5064 MGMT_OP_START_SERVICE_DISCOVERY,
5066 &cp->type, sizeof(cp->type));
5067 mgmt_pending_remove(cmd);
5072 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
5073 queue_work(hdev->req_workqueue, &hdev->discov_update);
5077 hci_dev_unlock(hdev);
5081 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
5083 struct mgmt_pending_cmd *cmd;
5085 bt_dev_dbg(hdev, "status %d", status);
5089 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
5091 cmd->cmd_complete(cmd, mgmt_status(status));
5092 mgmt_pending_remove(cmd);
5095 hci_dev_unlock(hdev);
5097 /* Handle suspend notifier */
5098 if (test_and_clear_bit(SUSPEND_PAUSE_DISCOVERY, hdev->suspend_tasks)) {
5099 bt_dev_dbg(hdev, "Paused discovery");
5100 wake_up(&hdev->suspend_wait_q);
5104 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
5107 struct mgmt_cp_stop_discovery *mgmt_cp = data;
5108 struct mgmt_pending_cmd *cmd;
5111 bt_dev_dbg(hdev, "sock %p", sk);
5115 if (!hci_discovery_active(hdev)) {
5116 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
5117 MGMT_STATUS_REJECTED, &mgmt_cp->type,
5118 sizeof(mgmt_cp->type));
5122 if (hdev->discovery.type != mgmt_cp->type) {
5123 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
5124 MGMT_STATUS_INVALID_PARAMS,
5125 &mgmt_cp->type, sizeof(mgmt_cp->type));
5129 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
5135 cmd->cmd_complete = generic_cmd_complete;
5137 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
5138 queue_work(hdev->req_workqueue, &hdev->discov_update);
5142 hci_dev_unlock(hdev);
5146 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
5149 struct mgmt_cp_confirm_name *cp = data;
5150 struct inquiry_entry *e;
5153 bt_dev_dbg(hdev, "sock %p", sk);
5157 if (!hci_discovery_active(hdev)) {
5158 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
5159 MGMT_STATUS_FAILED, &cp->addr,
5164 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
5166 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
5167 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
5172 if (cp->name_known) {
5173 e->name_state = NAME_KNOWN;
5176 e->name_state = NAME_NEEDED;
5177 hci_inquiry_cache_update_resolve(hdev, e);
5180 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
5181 &cp->addr, sizeof(cp->addr));
5184 hci_dev_unlock(hdev);
5188 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
5191 struct mgmt_cp_block_device *cp = data;
5195 bt_dev_dbg(hdev, "sock %p", sk);
5197 if (!bdaddr_type_is_valid(cp->addr.type))
5198 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
5199 MGMT_STATUS_INVALID_PARAMS,
5200 &cp->addr, sizeof(cp->addr));
5204 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
5207 status = MGMT_STATUS_FAILED;
5211 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
5213 status = MGMT_STATUS_SUCCESS;
5216 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
5217 &cp->addr, sizeof(cp->addr));
5219 hci_dev_unlock(hdev);
5224 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
5227 struct mgmt_cp_unblock_device *cp = data;
5231 bt_dev_dbg(hdev, "sock %p", sk);
5233 if (!bdaddr_type_is_valid(cp->addr.type))
5234 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
5235 MGMT_STATUS_INVALID_PARAMS,
5236 &cp->addr, sizeof(cp->addr));
5240 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
5243 status = MGMT_STATUS_INVALID_PARAMS;
5247 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
5249 status = MGMT_STATUS_SUCCESS;
5252 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
5253 &cp->addr, sizeof(cp->addr));
5255 hci_dev_unlock(hdev);
5260 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
5263 struct mgmt_cp_set_device_id *cp = data;
5264 struct hci_request req;
5268 bt_dev_dbg(hdev, "sock %p", sk);
5270 source = __le16_to_cpu(cp->source);
5272 if (source > 0x0002)
5273 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
5274 MGMT_STATUS_INVALID_PARAMS);
5278 hdev->devid_source = source;
5279 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
5280 hdev->devid_product = __le16_to_cpu(cp->product);
5281 hdev->devid_version = __le16_to_cpu(cp->version);
5283 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
5286 hci_req_init(&req, hdev);
5287 __hci_req_update_eir(&req);
5288 hci_req_run(&req, NULL);
5290 hci_dev_unlock(hdev);
5295 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
5298 bt_dev_dbg(hdev, "status %d", status);
5301 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
5304 struct cmd_lookup match = { NULL, hdev };
5305 struct hci_request req;
5307 struct adv_info *adv_instance;
5313 u8 mgmt_err = mgmt_status(status);
5315 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
5316 cmd_status_rsp, &mgmt_err);
5320 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
5321 hci_dev_set_flag(hdev, HCI_ADVERTISING);
5323 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
5325 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
5328 new_settings(hdev, match.sk);
5333 /* Handle suspend notifier */
5334 if (test_and_clear_bit(SUSPEND_PAUSE_ADVERTISING,
5335 hdev->suspend_tasks)) {
5336 bt_dev_dbg(hdev, "Paused advertising");
5337 wake_up(&hdev->suspend_wait_q);
5338 } else if (test_and_clear_bit(SUSPEND_UNPAUSE_ADVERTISING,
5339 hdev->suspend_tasks)) {
5340 bt_dev_dbg(hdev, "Unpaused advertising");
5341 wake_up(&hdev->suspend_wait_q);
5344 /* If "Set Advertising" was just disabled and instance advertising was
5345 * set up earlier, then re-enable multi-instance advertising.
5347 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
5348 list_empty(&hdev->adv_instances))
5351 instance = hdev->cur_adv_instance;
5353 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
5354 struct adv_info, list);
5358 instance = adv_instance->instance;
5361 hci_req_init(&req, hdev);
5363 err = __hci_req_schedule_adv_instance(&req, instance, true);
5366 err = hci_req_run(&req, enable_advertising_instance);
5369 bt_dev_err(hdev, "failed to re-configure advertising");
5372 hci_dev_unlock(hdev);
5375 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
5378 struct mgmt_mode *cp = data;
5379 struct mgmt_pending_cmd *cmd;
5380 struct hci_request req;
5384 bt_dev_dbg(hdev, "sock %p", sk);
5386 status = mgmt_le_support(hdev);
5388 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5391 /* Enabling the experimental LL Privay support disables support for
5394 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
5395 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5396 MGMT_STATUS_NOT_SUPPORTED);
5398 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5399 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5400 MGMT_STATUS_INVALID_PARAMS);
5402 if (hdev->advertising_paused)
5403 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5410 /* The following conditions are ones which mean that we should
5411 * not do any HCI communication but directly send a mgmt
5412 * response to user space (after toggling the flag if
5415 if (!hdev_is_powered(hdev) ||
5416 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
5417 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
5418 hci_conn_num(hdev, LE_LINK) > 0 ||
5419 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
5420 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
5424 hdev->cur_adv_instance = 0x00;
5425 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
5426 if (cp->val == 0x02)
5427 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5429 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5431 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
5432 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5435 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
5440 err = new_settings(hdev, sk);
5445 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
5446 pending_find(MGMT_OP_SET_LE, hdev)) {
5447 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5452 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
5458 hci_req_init(&req, hdev);
5460 if (cp->val == 0x02)
5461 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5463 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5465 cancel_adv_timeout(hdev);
5468 /* Switch to instance "0" for the Set Advertising setting.
5469 * We cannot use update_[adv|scan_rsp]_data() here as the
5470 * HCI_ADVERTISING flag is not yet set.
5472 hdev->cur_adv_instance = 0x00;
5474 if (ext_adv_capable(hdev)) {
5475 __hci_req_start_ext_adv(&req, 0x00);
5477 __hci_req_update_adv_data(&req, 0x00);
5478 __hci_req_update_scan_rsp_data(&req, 0x00);
5479 __hci_req_enable_advertising(&req);
5482 __hci_req_disable_advertising(&req);
5485 err = hci_req_run(&req, set_advertising_complete);
5487 mgmt_pending_remove(cmd);
5490 hci_dev_unlock(hdev);
5494 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
5495 void *data, u16 len)
5497 struct mgmt_cp_set_static_address *cp = data;
5500 bt_dev_dbg(hdev, "sock %p", sk);
5502 if (!lmp_le_capable(hdev))
5503 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
5504 MGMT_STATUS_NOT_SUPPORTED);
5506 if (hdev_is_powered(hdev))
5507 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
5508 MGMT_STATUS_REJECTED);
5510 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
5511 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
5512 return mgmt_cmd_status(sk, hdev->id,
5513 MGMT_OP_SET_STATIC_ADDRESS,
5514 MGMT_STATUS_INVALID_PARAMS);
5516 /* Two most significant bits shall be set */
5517 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
5518 return mgmt_cmd_status(sk, hdev->id,
5519 MGMT_OP_SET_STATIC_ADDRESS,
5520 MGMT_STATUS_INVALID_PARAMS);
5525 bacpy(&hdev->static_addr, &cp->bdaddr);
5527 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
5531 err = new_settings(hdev, sk);
5534 hci_dev_unlock(hdev);
5538 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
5539 void *data, u16 len)
5541 struct mgmt_cp_set_scan_params *cp = data;
5542 __u16 interval, window;
5545 bt_dev_dbg(hdev, "sock %p", sk);
5547 if (!lmp_le_capable(hdev))
5548 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5549 MGMT_STATUS_NOT_SUPPORTED);
5551 interval = __le16_to_cpu(cp->interval);
5553 if (interval < 0x0004 || interval > 0x4000)
5554 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5555 MGMT_STATUS_INVALID_PARAMS);
5557 window = __le16_to_cpu(cp->window);
5559 if (window < 0x0004 || window > 0x4000)
5560 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5561 MGMT_STATUS_INVALID_PARAMS);
5563 if (window > interval)
5564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5565 MGMT_STATUS_INVALID_PARAMS);
5569 hdev->le_scan_interval = interval;
5570 hdev->le_scan_window = window;
5572 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
5575 /* If background scan is running, restart it so new parameters are
5578 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
5579 hdev->discovery.state == DISCOVERY_STOPPED) {
5580 struct hci_request req;
5582 hci_req_init(&req, hdev);
5584 hci_req_add_le_scan_disable(&req, false);
5585 hci_req_add_le_passive_scan(&req);
5587 hci_req_run(&req, NULL);
5590 hci_dev_unlock(hdev);
5595 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
5598 struct mgmt_pending_cmd *cmd;
5600 bt_dev_dbg(hdev, "status 0x%02x", status);
5604 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5609 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5610 mgmt_status(status));
5612 struct mgmt_mode *cp = cmd->param;
5615 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
5617 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5619 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5620 new_settings(hdev, cmd->sk);
5623 mgmt_pending_remove(cmd);
5626 hci_dev_unlock(hdev);
5629 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
5630 void *data, u16 len)
5632 struct mgmt_mode *cp = data;
5633 struct mgmt_pending_cmd *cmd;
5634 struct hci_request req;
5637 bt_dev_dbg(hdev, "sock %p", sk);
5639 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
5640 hdev->hci_ver < BLUETOOTH_VER_1_2)
5641 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5642 MGMT_STATUS_NOT_SUPPORTED);
5644 if (cp->val != 0x00 && cp->val != 0x01)
5645 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5646 MGMT_STATUS_INVALID_PARAMS);
5650 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
5651 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5656 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
5657 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5662 if (!hdev_is_powered(hdev)) {
5663 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
5664 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5666 new_settings(hdev, sk);
5670 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
5677 hci_req_init(&req, hdev);
5679 __hci_req_write_fast_connectable(&req, cp->val);
5681 err = hci_req_run(&req, fast_connectable_complete);
5683 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5684 MGMT_STATUS_FAILED);
5685 mgmt_pending_remove(cmd);
5689 hci_dev_unlock(hdev);
5694 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5696 struct mgmt_pending_cmd *cmd;
5698 bt_dev_dbg(hdev, "status 0x%02x", status);
5702 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
5707 u8 mgmt_err = mgmt_status(status);
5709 /* We need to restore the flag if related HCI commands
5712 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
5714 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
5716 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5717 new_settings(hdev, cmd->sk);
5720 mgmt_pending_remove(cmd);
5723 hci_dev_unlock(hdev);
5726 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5728 struct mgmt_mode *cp = data;
5729 struct mgmt_pending_cmd *cmd;
5730 struct hci_request req;
5733 bt_dev_dbg(hdev, "sock %p", sk);
5735 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
5736 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5737 MGMT_STATUS_NOT_SUPPORTED);
5739 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5740 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5741 MGMT_STATUS_REJECTED);
5743 if (cp->val != 0x00 && cp->val != 0x01)
5744 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5745 MGMT_STATUS_INVALID_PARAMS);
5749 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5750 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5754 if (!hdev_is_powered(hdev)) {
5756 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
5757 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
5758 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
5759 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5760 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
5763 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
5765 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5769 err = new_settings(hdev, sk);
5773 /* Reject disabling when powered on */
5775 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5776 MGMT_STATUS_REJECTED);
5779 /* When configuring a dual-mode controller to operate
5780 * with LE only and using a static address, then switching
5781 * BR/EDR back on is not allowed.
5783 * Dual-mode controllers shall operate with the public
5784 * address as its identity address for BR/EDR and LE. So
5785 * reject the attempt to create an invalid configuration.
5787 * The same restrictions applies when secure connections
5788 * has been enabled. For BR/EDR this is a controller feature
5789 * while for LE it is a host stack feature. This means that
5790 * switching BR/EDR back on when secure connections has been
5791 * enabled is not a supported transaction.
5793 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5794 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5795 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
5796 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5797 MGMT_STATUS_REJECTED);
5802 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
5803 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5808 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5814 /* We need to flip the bit already here so that
5815 * hci_req_update_adv_data generates the correct flags.
5817 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
5819 hci_req_init(&req, hdev);
5821 __hci_req_write_fast_connectable(&req, false);
5822 __hci_req_update_scan(&req);
5824 /* Since only the advertising data flags will change, there
5825 * is no need to update the scan response data.
5827 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
5829 err = hci_req_run(&req, set_bredr_complete);
5831 mgmt_pending_remove(cmd);
5834 hci_dev_unlock(hdev);
5838 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5840 struct mgmt_pending_cmd *cmd;
5841 struct mgmt_mode *cp;
5843 bt_dev_dbg(hdev, "status %u", status);
5847 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5852 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5853 mgmt_status(status));
5861 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5862 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5865 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5866 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5869 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5870 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5874 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5875 new_settings(hdev, cmd->sk);
5878 mgmt_pending_remove(cmd);
5880 hci_dev_unlock(hdev);
5883 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5884 void *data, u16 len)
5886 struct mgmt_mode *cp = data;
5887 struct mgmt_pending_cmd *cmd;
5888 struct hci_request req;
5892 bt_dev_dbg(hdev, "sock %p", sk);
5894 if (!lmp_sc_capable(hdev) &&
5895 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5896 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5897 MGMT_STATUS_NOT_SUPPORTED);
5899 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5900 lmp_sc_capable(hdev) &&
5901 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
5902 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5903 MGMT_STATUS_REJECTED);
5905 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5906 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5907 MGMT_STATUS_INVALID_PARAMS);
5911 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5912 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5916 changed = !hci_dev_test_and_set_flag(hdev,
5918 if (cp->val == 0x02)
5919 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5921 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5923 changed = hci_dev_test_and_clear_flag(hdev,
5925 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5928 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5933 err = new_settings(hdev, sk);
5938 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5939 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5946 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5947 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5948 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5952 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5958 hci_req_init(&req, hdev);
5959 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5960 err = hci_req_run(&req, sc_enable_complete);
5962 mgmt_pending_remove(cmd);
5967 hci_dev_unlock(hdev);
5971 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5972 void *data, u16 len)
5974 struct mgmt_mode *cp = data;
5975 bool changed, use_changed;
5978 bt_dev_dbg(hdev, "sock %p", sk);
5980 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5981 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5982 MGMT_STATUS_INVALID_PARAMS);
5987 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5989 changed = hci_dev_test_and_clear_flag(hdev,
5990 HCI_KEEP_DEBUG_KEYS);
5992 if (cp->val == 0x02)
5993 use_changed = !hci_dev_test_and_set_flag(hdev,
5994 HCI_USE_DEBUG_KEYS);
5996 use_changed = hci_dev_test_and_clear_flag(hdev,
5997 HCI_USE_DEBUG_KEYS);
5999 if (hdev_is_powered(hdev) && use_changed &&
6000 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6001 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
6002 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
6003 sizeof(mode), &mode);
6006 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
6011 err = new_settings(hdev, sk);
6014 hci_dev_unlock(hdev);
6018 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
6021 struct mgmt_cp_set_privacy *cp = cp_data;
6025 bt_dev_dbg(hdev, "sock %p", sk);
6027 if (!lmp_le_capable(hdev))
6028 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6029 MGMT_STATUS_NOT_SUPPORTED);
6031 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
6032 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6033 MGMT_STATUS_INVALID_PARAMS);
6035 if (hdev_is_powered(hdev))
6036 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6037 MGMT_STATUS_REJECTED);
6041 /* If user space supports this command it is also expected to
6042 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
6044 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
6047 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
6048 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
6049 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
6050 hci_adv_instances_set_rpa_expired(hdev, true);
6051 if (cp->privacy == 0x02)
6052 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
6054 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
6056 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
6057 memset(hdev->irk, 0, sizeof(hdev->irk));
6058 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
6059 hci_adv_instances_set_rpa_expired(hdev, false);
6060 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
6063 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
6068 err = new_settings(hdev, sk);
6071 hci_dev_unlock(hdev);
6075 static bool irk_is_valid(struct mgmt_irk_info *irk)
6077 switch (irk->addr.type) {
6078 case BDADDR_LE_PUBLIC:
6081 case BDADDR_LE_RANDOM:
6082 /* Two most significant bits shall be set */
6083 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
6091 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
6094 struct mgmt_cp_load_irks *cp = cp_data;
6095 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
6096 sizeof(struct mgmt_irk_info));
6097 u16 irk_count, expected_len;
6100 bt_dev_dbg(hdev, "sock %p", sk);
6102 if (!lmp_le_capable(hdev))
6103 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6104 MGMT_STATUS_NOT_SUPPORTED);
6106 irk_count = __le16_to_cpu(cp->irk_count);
6107 if (irk_count > max_irk_count) {
6108 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
6110 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6111 MGMT_STATUS_INVALID_PARAMS);
6114 expected_len = struct_size(cp, irks, irk_count);
6115 if (expected_len != len) {
6116 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
6118 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6119 MGMT_STATUS_INVALID_PARAMS);
6122 bt_dev_dbg(hdev, "irk_count %u", irk_count);
6124 for (i = 0; i < irk_count; i++) {
6125 struct mgmt_irk_info *key = &cp->irks[i];
6127 if (!irk_is_valid(key))
6128 return mgmt_cmd_status(sk, hdev->id,
6130 MGMT_STATUS_INVALID_PARAMS);
6135 hci_smp_irks_clear(hdev);
6137 for (i = 0; i < irk_count; i++) {
6138 struct mgmt_irk_info *irk = &cp->irks[i];
6140 if (hci_is_blocked_key(hdev,
6141 HCI_BLOCKED_KEY_TYPE_IRK,
6143 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
6148 hci_add_irk(hdev, &irk->addr.bdaddr,
6149 le_addr_type(irk->addr.type), irk->val,
6153 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
6155 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
6157 hci_dev_unlock(hdev);
6162 static bool ltk_is_valid(struct mgmt_ltk_info *key)
6164 if (key->master != 0x00 && key->master != 0x01)
6167 switch (key->addr.type) {
6168 case BDADDR_LE_PUBLIC:
6171 case BDADDR_LE_RANDOM:
6172 /* Two most significant bits shall be set */
6173 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
6181 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
6182 void *cp_data, u16 len)
6184 struct mgmt_cp_load_long_term_keys *cp = cp_data;
6185 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
6186 sizeof(struct mgmt_ltk_info));
6187 u16 key_count, expected_len;
6190 bt_dev_dbg(hdev, "sock %p", sk);
6192 if (!lmp_le_capable(hdev))
6193 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6194 MGMT_STATUS_NOT_SUPPORTED);
6196 key_count = __le16_to_cpu(cp->key_count);
6197 if (key_count > max_key_count) {
6198 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
6200 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6201 MGMT_STATUS_INVALID_PARAMS);
6204 expected_len = struct_size(cp, keys, key_count);
6205 if (expected_len != len) {
6206 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
6208 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6209 MGMT_STATUS_INVALID_PARAMS);
6212 bt_dev_dbg(hdev, "key_count %u", key_count);
6214 for (i = 0; i < key_count; i++) {
6215 struct mgmt_ltk_info *key = &cp->keys[i];
6217 if (!ltk_is_valid(key))
6218 return mgmt_cmd_status(sk, hdev->id,
6219 MGMT_OP_LOAD_LONG_TERM_KEYS,
6220 MGMT_STATUS_INVALID_PARAMS);
6225 hci_smp_ltks_clear(hdev);
6227 for (i = 0; i < key_count; i++) {
6228 struct mgmt_ltk_info *key = &cp->keys[i];
6229 u8 type, authenticated;
6231 if (hci_is_blocked_key(hdev,
6232 HCI_BLOCKED_KEY_TYPE_LTK,
6234 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
6239 switch (key->type) {
6240 case MGMT_LTK_UNAUTHENTICATED:
6241 authenticated = 0x00;
6242 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
6244 case MGMT_LTK_AUTHENTICATED:
6245 authenticated = 0x01;
6246 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
6248 case MGMT_LTK_P256_UNAUTH:
6249 authenticated = 0x00;
6250 type = SMP_LTK_P256;
6252 case MGMT_LTK_P256_AUTH:
6253 authenticated = 0x01;
6254 type = SMP_LTK_P256;
6256 case MGMT_LTK_P256_DEBUG:
6257 authenticated = 0x00;
6258 type = SMP_LTK_P256_DEBUG;
6264 hci_add_ltk(hdev, &key->addr.bdaddr,
6265 le_addr_type(key->addr.type), type, authenticated,
6266 key->val, key->enc_size, key->ediv, key->rand);
6269 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
6272 hci_dev_unlock(hdev);
6277 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
6279 struct hci_conn *conn = cmd->user_data;
6280 struct mgmt_rp_get_conn_info rp;
6283 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
6285 if (status == MGMT_STATUS_SUCCESS) {
6286 rp.rssi = conn->rssi;
6287 rp.tx_power = conn->tx_power;
6288 rp.max_tx_power = conn->max_tx_power;
6290 rp.rssi = HCI_RSSI_INVALID;
6291 rp.tx_power = HCI_TX_POWER_INVALID;
6292 rp.max_tx_power = HCI_TX_POWER_INVALID;
6295 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
6296 status, &rp, sizeof(rp));
6298 hci_conn_drop(conn);
6304 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
6307 struct hci_cp_read_rssi *cp;
6308 struct mgmt_pending_cmd *cmd;
6309 struct hci_conn *conn;
6313 bt_dev_dbg(hdev, "status 0x%02x", hci_status);
6317 /* Commands sent in request are either Read RSSI or Read Transmit Power
6318 * Level so we check which one was last sent to retrieve connection
6319 * handle. Both commands have handle as first parameter so it's safe to
6320 * cast data on the same command struct.
6322 * First command sent is always Read RSSI and we fail only if it fails.
6323 * In other case we simply override error to indicate success as we
6324 * already remembered if TX power value is actually valid.
6326 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
6328 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
6329 status = MGMT_STATUS_SUCCESS;
6331 status = mgmt_status(hci_status);
6335 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
6339 handle = __le16_to_cpu(cp->handle);
6340 conn = hci_conn_hash_lookup_handle(hdev, handle);
6342 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
6347 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
6351 cmd->cmd_complete(cmd, status);
6352 mgmt_pending_remove(cmd);
6355 hci_dev_unlock(hdev);
6358 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
6361 struct mgmt_cp_get_conn_info *cp = data;
6362 struct mgmt_rp_get_conn_info rp;
6363 struct hci_conn *conn;
6364 unsigned long conn_info_age;
6367 bt_dev_dbg(hdev, "sock %p", sk);
6369 memset(&rp, 0, sizeof(rp));
6370 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6371 rp.addr.type = cp->addr.type;
6373 if (!bdaddr_type_is_valid(cp->addr.type))
6374 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6375 MGMT_STATUS_INVALID_PARAMS,
6380 if (!hdev_is_powered(hdev)) {
6381 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6382 MGMT_STATUS_NOT_POWERED, &rp,
6387 if (cp->addr.type == BDADDR_BREDR)
6388 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6391 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
6393 if (!conn || conn->state != BT_CONNECTED) {
6394 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6395 MGMT_STATUS_NOT_CONNECTED, &rp,
6400 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
6401 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6402 MGMT_STATUS_BUSY, &rp, sizeof(rp));
6406 /* To avoid client trying to guess when to poll again for information we
6407 * calculate conn info age as random value between min/max set in hdev.
6409 conn_info_age = hdev->conn_info_min_age +
6410 prandom_u32_max(hdev->conn_info_max_age -
6411 hdev->conn_info_min_age);
6413 /* Query controller to refresh cached values if they are too old or were
6416 if (time_after(jiffies, conn->conn_info_timestamp +
6417 msecs_to_jiffies(conn_info_age)) ||
6418 !conn->conn_info_timestamp) {
6419 struct hci_request req;
6420 struct hci_cp_read_tx_power req_txp_cp;
6421 struct hci_cp_read_rssi req_rssi_cp;
6422 struct mgmt_pending_cmd *cmd;
6424 hci_req_init(&req, hdev);
6425 req_rssi_cp.handle = cpu_to_le16(conn->handle);
6426 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
6429 /* For LE links TX power does not change thus we don't need to
6430 * query for it once value is known.
6432 if (!bdaddr_type_is_le(cp->addr.type) ||
6433 conn->tx_power == HCI_TX_POWER_INVALID) {
6434 req_txp_cp.handle = cpu_to_le16(conn->handle);
6435 req_txp_cp.type = 0x00;
6436 hci_req_add(&req, HCI_OP_READ_TX_POWER,
6437 sizeof(req_txp_cp), &req_txp_cp);
6440 /* Max TX power needs to be read only once per connection */
6441 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
6442 req_txp_cp.handle = cpu_to_le16(conn->handle);
6443 req_txp_cp.type = 0x01;
6444 hci_req_add(&req, HCI_OP_READ_TX_POWER,
6445 sizeof(req_txp_cp), &req_txp_cp);
6448 err = hci_req_run(&req, conn_info_refresh_complete);
6452 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
6459 hci_conn_hold(conn);
6460 cmd->user_data = hci_conn_get(conn);
6461 cmd->cmd_complete = conn_info_cmd_complete;
6463 conn->conn_info_timestamp = jiffies;
6465 /* Cache is valid, just reply with values cached in hci_conn */
6466 rp.rssi = conn->rssi;
6467 rp.tx_power = conn->tx_power;
6468 rp.max_tx_power = conn->max_tx_power;
6470 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6471 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6475 hci_dev_unlock(hdev);
6479 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
6481 struct hci_conn *conn = cmd->user_data;
6482 struct mgmt_rp_get_clock_info rp;
6483 struct hci_dev *hdev;
6486 memset(&rp, 0, sizeof(rp));
6487 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
6492 hdev = hci_dev_get(cmd->index);
6494 rp.local_clock = cpu_to_le32(hdev->clock);
6499 rp.piconet_clock = cpu_to_le32(conn->clock);
6500 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
6504 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
6508 hci_conn_drop(conn);
6515 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6517 struct hci_cp_read_clock *hci_cp;
6518 struct mgmt_pending_cmd *cmd;
6519 struct hci_conn *conn;
6521 bt_dev_dbg(hdev, "status %u", status);
6525 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
6529 if (hci_cp->which) {
6530 u16 handle = __le16_to_cpu(hci_cp->handle);
6531 conn = hci_conn_hash_lookup_handle(hdev, handle);
6536 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
6540 cmd->cmd_complete(cmd, mgmt_status(status));
6541 mgmt_pending_remove(cmd);
6544 hci_dev_unlock(hdev);
6547 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
6550 struct mgmt_cp_get_clock_info *cp = data;
6551 struct mgmt_rp_get_clock_info rp;
6552 struct hci_cp_read_clock hci_cp;
6553 struct mgmt_pending_cmd *cmd;
6554 struct hci_request req;
6555 struct hci_conn *conn;
6558 bt_dev_dbg(hdev, "sock %p", sk);
6560 memset(&rp, 0, sizeof(rp));
6561 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6562 rp.addr.type = cp->addr.type;
6564 if (cp->addr.type != BDADDR_BREDR)
6565 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6566 MGMT_STATUS_INVALID_PARAMS,
6571 if (!hdev_is_powered(hdev)) {
6572 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6573 MGMT_STATUS_NOT_POWERED, &rp,
6578 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6579 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6581 if (!conn || conn->state != BT_CONNECTED) {
6582 err = mgmt_cmd_complete(sk, hdev->id,
6583 MGMT_OP_GET_CLOCK_INFO,
6584 MGMT_STATUS_NOT_CONNECTED,
6592 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
6598 cmd->cmd_complete = clock_info_cmd_complete;
6600 hci_req_init(&req, hdev);
6602 memset(&hci_cp, 0, sizeof(hci_cp));
6603 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6606 hci_conn_hold(conn);
6607 cmd->user_data = hci_conn_get(conn);
6609 hci_cp.handle = cpu_to_le16(conn->handle);
6610 hci_cp.which = 0x01; /* Piconet clock */
6611 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6614 err = hci_req_run(&req, get_clock_info_complete);
6616 mgmt_pending_remove(cmd);
6619 hci_dev_unlock(hdev);
6623 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
6625 struct hci_conn *conn;
6627 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
6631 if (conn->dst_type != type)
6634 if (conn->state != BT_CONNECTED)
6640 /* This function requires the caller holds hdev->lock */
6641 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
6642 u8 addr_type, u8 auto_connect)
6644 struct hci_conn_params *params;
6646 params = hci_conn_params_add(hdev, addr, addr_type);
6650 if (params->auto_connect == auto_connect)
6653 list_del_init(¶ms->action);
6655 switch (auto_connect) {
6656 case HCI_AUTO_CONN_DISABLED:
6657 case HCI_AUTO_CONN_LINK_LOSS:
6658 /* If auto connect is being disabled when we're trying to
6659 * connect to device, keep connecting.
6661 if (params->explicit_connect)
6662 list_add(¶ms->action, &hdev->pend_le_conns);
6664 case HCI_AUTO_CONN_REPORT:
6665 if (params->explicit_connect)
6666 list_add(¶ms->action, &hdev->pend_le_conns);
6668 list_add(¶ms->action, &hdev->pend_le_reports);
6670 case HCI_AUTO_CONN_DIRECT:
6671 case HCI_AUTO_CONN_ALWAYS:
6672 if (!is_connected(hdev, addr, addr_type))
6673 list_add(¶ms->action, &hdev->pend_le_conns);
6677 params->auto_connect = auto_connect;
6679 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
6680 addr, addr_type, auto_connect);
6685 static void device_added(struct sock *sk, struct hci_dev *hdev,
6686 bdaddr_t *bdaddr, u8 type, u8 action)
6688 struct mgmt_ev_device_added ev;
6690 bacpy(&ev.addr.bdaddr, bdaddr);
6691 ev.addr.type = type;
6694 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
6697 static int add_device(struct sock *sk, struct hci_dev *hdev,
6698 void *data, u16 len)
6700 struct mgmt_cp_add_device *cp = data;
6701 u8 auto_conn, addr_type;
6702 struct hci_conn_params *params;
6704 u32 current_flags = 0;
6706 bt_dev_dbg(hdev, "sock %p", sk);
6708 if (!bdaddr_type_is_valid(cp->addr.type) ||
6709 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
6710 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6711 MGMT_STATUS_INVALID_PARAMS,
6712 &cp->addr, sizeof(cp->addr));
6714 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
6715 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6716 MGMT_STATUS_INVALID_PARAMS,
6717 &cp->addr, sizeof(cp->addr));
6721 if (cp->addr.type == BDADDR_BREDR) {
6722 /* Only incoming connections action is supported for now */
6723 if (cp->action != 0x01) {
6724 err = mgmt_cmd_complete(sk, hdev->id,
6726 MGMT_STATUS_INVALID_PARAMS,
6727 &cp->addr, sizeof(cp->addr));
6731 err = hci_bdaddr_list_add_with_flags(&hdev->whitelist,
6737 hci_req_update_scan(hdev);
6742 addr_type = le_addr_type(cp->addr.type);
6744 if (cp->action == 0x02)
6745 auto_conn = HCI_AUTO_CONN_ALWAYS;
6746 else if (cp->action == 0x01)
6747 auto_conn = HCI_AUTO_CONN_DIRECT;
6749 auto_conn = HCI_AUTO_CONN_REPORT;
6751 /* Kernel internally uses conn_params with resolvable private
6752 * address, but Add Device allows only identity addresses.
6753 * Make sure it is enforced before calling
6754 * hci_conn_params_lookup.
6756 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
6757 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6758 MGMT_STATUS_INVALID_PARAMS,
6759 &cp->addr, sizeof(cp->addr));
6763 /* If the connection parameters don't exist for this device,
6764 * they will be created and configured with defaults.
6766 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
6768 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6769 MGMT_STATUS_FAILED, &cp->addr,
6773 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6776 current_flags = params->current_flags;
6779 hci_update_background_scan(hdev);
6782 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
6783 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type,
6784 SUPPORTED_DEVICE_FLAGS(), current_flags);
6786 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6787 MGMT_STATUS_SUCCESS, &cp->addr,
6791 hci_dev_unlock(hdev);
6795 static void device_removed(struct sock *sk, struct hci_dev *hdev,
6796 bdaddr_t *bdaddr, u8 type)
6798 struct mgmt_ev_device_removed ev;
6800 bacpy(&ev.addr.bdaddr, bdaddr);
6801 ev.addr.type = type;
6803 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6806 static int remove_device(struct sock *sk, struct hci_dev *hdev,
6807 void *data, u16 len)
6809 struct mgmt_cp_remove_device *cp = data;
6812 bt_dev_dbg(hdev, "sock %p", sk);
6816 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6817 struct hci_conn_params *params;
6820 if (!bdaddr_type_is_valid(cp->addr.type)) {
6821 err = mgmt_cmd_complete(sk, hdev->id,
6822 MGMT_OP_REMOVE_DEVICE,
6823 MGMT_STATUS_INVALID_PARAMS,
6824 &cp->addr, sizeof(cp->addr));
6828 if (cp->addr.type == BDADDR_BREDR) {
6829 err = hci_bdaddr_list_del(&hdev->whitelist,
6833 err = mgmt_cmd_complete(sk, hdev->id,
6834 MGMT_OP_REMOVE_DEVICE,
6835 MGMT_STATUS_INVALID_PARAMS,
6841 hci_req_update_scan(hdev);
6843 device_removed(sk, hdev, &cp->addr.bdaddr,
6848 addr_type = le_addr_type(cp->addr.type);
6850 /* Kernel internally uses conn_params with resolvable private
6851 * address, but Remove Device allows only identity addresses.
6852 * Make sure it is enforced before calling
6853 * hci_conn_params_lookup.
6855 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
6856 err = mgmt_cmd_complete(sk, hdev->id,
6857 MGMT_OP_REMOVE_DEVICE,
6858 MGMT_STATUS_INVALID_PARAMS,
6859 &cp->addr, sizeof(cp->addr));
6863 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6866 err = mgmt_cmd_complete(sk, hdev->id,
6867 MGMT_OP_REMOVE_DEVICE,
6868 MGMT_STATUS_INVALID_PARAMS,
6869 &cp->addr, sizeof(cp->addr));
6873 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
6874 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
6875 err = mgmt_cmd_complete(sk, hdev->id,
6876 MGMT_OP_REMOVE_DEVICE,
6877 MGMT_STATUS_INVALID_PARAMS,
6878 &cp->addr, sizeof(cp->addr));
6882 list_del(¶ms->action);
6883 list_del(¶ms->list);
6885 hci_update_background_scan(hdev);
6887 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
6889 struct hci_conn_params *p, *tmp;
6890 struct bdaddr_list *b, *btmp;
6892 if (cp->addr.type) {
6893 err = mgmt_cmd_complete(sk, hdev->id,
6894 MGMT_OP_REMOVE_DEVICE,
6895 MGMT_STATUS_INVALID_PARAMS,
6896 &cp->addr, sizeof(cp->addr));
6900 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6901 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6906 hci_req_update_scan(hdev);
6908 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6909 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6911 device_removed(sk, hdev, &p->addr, p->addr_type);
6912 if (p->explicit_connect) {
6913 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
6916 list_del(&p->action);
6921 bt_dev_dbg(hdev, "All LE connection parameters were removed");
6923 hci_update_background_scan(hdev);
6927 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
6928 MGMT_STATUS_SUCCESS, &cp->addr,
6931 hci_dev_unlock(hdev);
6935 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6938 struct mgmt_cp_load_conn_param *cp = data;
6939 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6940 sizeof(struct mgmt_conn_param));
6941 u16 param_count, expected_len;
6944 if (!lmp_le_capable(hdev))
6945 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6946 MGMT_STATUS_NOT_SUPPORTED);
6948 param_count = __le16_to_cpu(cp->param_count);
6949 if (param_count > max_param_count) {
6950 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
6952 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6953 MGMT_STATUS_INVALID_PARAMS);
6956 expected_len = struct_size(cp, params, param_count);
6957 if (expected_len != len) {
6958 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
6960 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6961 MGMT_STATUS_INVALID_PARAMS);
6964 bt_dev_dbg(hdev, "param_count %u", param_count);
6968 hci_conn_params_clear_disabled(hdev);
6970 for (i = 0; i < param_count; i++) {
6971 struct mgmt_conn_param *param = &cp->params[i];
6972 struct hci_conn_params *hci_param;
6973 u16 min, max, latency, timeout;
6976 bt_dev_dbg(hdev, "Adding %pMR (type %u)", ¶m->addr.bdaddr,
6979 if (param->addr.type == BDADDR_LE_PUBLIC) {
6980 addr_type = ADDR_LE_DEV_PUBLIC;
6981 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6982 addr_type = ADDR_LE_DEV_RANDOM;
6984 bt_dev_err(hdev, "ignoring invalid connection parameters");
6988 min = le16_to_cpu(param->min_interval);
6989 max = le16_to_cpu(param->max_interval);
6990 latency = le16_to_cpu(param->latency);
6991 timeout = le16_to_cpu(param->timeout);
6993 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6994 min, max, latency, timeout);
6996 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6997 bt_dev_err(hdev, "ignoring invalid connection parameters");
7001 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
7004 bt_dev_err(hdev, "failed to add connection parameters");
7008 hci_param->conn_min_interval = min;
7009 hci_param->conn_max_interval = max;
7010 hci_param->conn_latency = latency;
7011 hci_param->supervision_timeout = timeout;
7014 hci_dev_unlock(hdev);
7016 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
7020 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
7021 void *data, u16 len)
7023 struct mgmt_cp_set_external_config *cp = data;
7027 bt_dev_dbg(hdev, "sock %p", sk);
7029 if (hdev_is_powered(hdev))
7030 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7031 MGMT_STATUS_REJECTED);
7033 if (cp->config != 0x00 && cp->config != 0x01)
7034 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7035 MGMT_STATUS_INVALID_PARAMS);
7037 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
7038 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7039 MGMT_STATUS_NOT_SUPPORTED);
7044 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
7046 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
7048 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
7055 err = new_options(hdev, sk);
7057 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
7058 mgmt_index_removed(hdev);
7060 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
7061 hci_dev_set_flag(hdev, HCI_CONFIG);
7062 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
7064 queue_work(hdev->req_workqueue, &hdev->power_on);
7066 set_bit(HCI_RAW, &hdev->flags);
7067 mgmt_index_added(hdev);
7072 hci_dev_unlock(hdev);
7076 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
7077 void *data, u16 len)
7079 struct mgmt_cp_set_public_address *cp = data;
7083 bt_dev_dbg(hdev, "sock %p", sk);
7085 if (hdev_is_powered(hdev))
7086 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7087 MGMT_STATUS_REJECTED);
7089 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
7090 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7091 MGMT_STATUS_INVALID_PARAMS);
7093 if (!hdev->set_bdaddr)
7094 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7095 MGMT_STATUS_NOT_SUPPORTED);
7099 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
7100 bacpy(&hdev->public_addr, &cp->bdaddr);
7102 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
7109 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
7110 err = new_options(hdev, sk);
7112 if (is_configured(hdev)) {
7113 mgmt_index_removed(hdev);
7115 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
7117 hci_dev_set_flag(hdev, HCI_CONFIG);
7118 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
7120 queue_work(hdev->req_workqueue, &hdev->power_on);
7124 hci_dev_unlock(hdev);
7128 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
7129 u16 opcode, struct sk_buff *skb)
7131 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
7132 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
7133 u8 *h192, *r192, *h256, *r256;
7134 struct mgmt_pending_cmd *cmd;
7138 bt_dev_dbg(hdev, "status %u", status);
7140 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
7144 mgmt_cp = cmd->param;
7147 status = mgmt_status(status);
7154 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
7155 struct hci_rp_read_local_oob_data *rp;
7157 if (skb->len != sizeof(*rp)) {
7158 status = MGMT_STATUS_FAILED;
7161 status = MGMT_STATUS_SUCCESS;
7162 rp = (void *)skb->data;
7164 eir_len = 5 + 18 + 18;
7171 struct hci_rp_read_local_oob_ext_data *rp;
7173 if (skb->len != sizeof(*rp)) {
7174 status = MGMT_STATUS_FAILED;
7177 status = MGMT_STATUS_SUCCESS;
7178 rp = (void *)skb->data;
7180 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
7181 eir_len = 5 + 18 + 18;
7185 eir_len = 5 + 18 + 18 + 18 + 18;
7195 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
7202 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
7203 hdev->dev_class, 3);
7206 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7207 EIR_SSP_HASH_C192, h192, 16);
7208 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7209 EIR_SSP_RAND_R192, r192, 16);
7213 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7214 EIR_SSP_HASH_C256, h256, 16);
7215 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7216 EIR_SSP_RAND_R256, r256, 16);
7220 mgmt_rp->type = mgmt_cp->type;
7221 mgmt_rp->eir_len = cpu_to_le16(eir_len);
7223 err = mgmt_cmd_complete(cmd->sk, hdev->id,
7224 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
7225 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
7226 if (err < 0 || status)
7229 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
7231 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
7232 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
7233 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
7236 mgmt_pending_remove(cmd);
7239 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
7240 struct mgmt_cp_read_local_oob_ext_data *cp)
7242 struct mgmt_pending_cmd *cmd;
7243 struct hci_request req;
7246 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
7251 hci_req_init(&req, hdev);
7253 if (bredr_sc_enabled(hdev))
7254 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
7256 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
7258 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
7260 mgmt_pending_remove(cmd);
7267 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
7268 void *data, u16 data_len)
7270 struct mgmt_cp_read_local_oob_ext_data *cp = data;
7271 struct mgmt_rp_read_local_oob_ext_data *rp;
7274 u8 status, flags, role, addr[7], hash[16], rand[16];
7277 bt_dev_dbg(hdev, "sock %p", sk);
7279 if (hdev_is_powered(hdev)) {
7281 case BIT(BDADDR_BREDR):
7282 status = mgmt_bredr_support(hdev);
7288 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
7289 status = mgmt_le_support(hdev);
7293 eir_len = 9 + 3 + 18 + 18 + 3;
7296 status = MGMT_STATUS_INVALID_PARAMS;
7301 status = MGMT_STATUS_NOT_POWERED;
7305 rp_len = sizeof(*rp) + eir_len;
7306 rp = kmalloc(rp_len, GFP_ATOMIC);
7317 case BIT(BDADDR_BREDR):
7318 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7319 err = read_local_ssp_oob_req(hdev, sk, cp);
7320 hci_dev_unlock(hdev);
7324 status = MGMT_STATUS_FAILED;
7327 eir_len = eir_append_data(rp->eir, eir_len,
7329 hdev->dev_class, 3);
7332 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
7333 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
7334 smp_generate_oob(hdev, hash, rand) < 0) {
7335 hci_dev_unlock(hdev);
7336 status = MGMT_STATUS_FAILED;
7340 /* This should return the active RPA, but since the RPA
7341 * is only programmed on demand, it is really hard to fill
7342 * this in at the moment. For now disallow retrieving
7343 * local out-of-band data when privacy is in use.
7345 * Returning the identity address will not help here since
7346 * pairing happens before the identity resolving key is
7347 * known and thus the connection establishment happens
7348 * based on the RPA and not the identity address.
7350 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
7351 hci_dev_unlock(hdev);
7352 status = MGMT_STATUS_REJECTED;
7356 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
7357 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
7358 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
7359 bacmp(&hdev->static_addr, BDADDR_ANY))) {
7360 memcpy(addr, &hdev->static_addr, 6);
7363 memcpy(addr, &hdev->bdaddr, 6);
7367 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
7368 addr, sizeof(addr));
7370 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7375 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
7376 &role, sizeof(role));
7378 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
7379 eir_len = eir_append_data(rp->eir, eir_len,
7381 hash, sizeof(hash));
7383 eir_len = eir_append_data(rp->eir, eir_len,
7385 rand, sizeof(rand));
7388 flags = mgmt_get_adv_discov_flags(hdev);
7390 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
7391 flags |= LE_AD_NO_BREDR;
7393 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
7394 &flags, sizeof(flags));
7398 hci_dev_unlock(hdev);
7400 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
7402 status = MGMT_STATUS_SUCCESS;
7405 rp->type = cp->type;
7406 rp->eir_len = cpu_to_le16(eir_len);
7408 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
7409 status, rp, sizeof(*rp) + eir_len);
7410 if (err < 0 || status)
7413 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
7414 rp, sizeof(*rp) + eir_len,
7415 HCI_MGMT_OOB_DATA_EVENTS, sk);
7423 static u32 get_supported_adv_flags(struct hci_dev *hdev)
7427 flags |= MGMT_ADV_FLAG_CONNECTABLE;
7428 flags |= MGMT_ADV_FLAG_DISCOV;
7429 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
7430 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
7431 flags |= MGMT_ADV_FLAG_APPEARANCE;
7432 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
7433 flags |= MGMT_ADV_PARAM_DURATION;
7434 flags |= MGMT_ADV_PARAM_TIMEOUT;
7435 flags |= MGMT_ADV_PARAM_INTERVALS;
7436 flags |= MGMT_ADV_PARAM_TX_POWER;
7437 flags |= MGMT_ADV_PARAM_SCAN_RSP;
7439 /* In extended adv TX_POWER returned from Set Adv Param
7440 * will be always valid.
7442 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
7443 ext_adv_capable(hdev))
7444 flags |= MGMT_ADV_FLAG_TX_POWER;
7446 if (ext_adv_capable(hdev)) {
7447 flags |= MGMT_ADV_FLAG_SEC_1M;
7448 flags |= MGMT_ADV_FLAG_HW_OFFLOAD;
7449 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER;
7451 if (hdev->le_features[1] & HCI_LE_PHY_2M)
7452 flags |= MGMT_ADV_FLAG_SEC_2M;
7454 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
7455 flags |= MGMT_ADV_FLAG_SEC_CODED;
7461 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
7462 void *data, u16 data_len)
7464 struct mgmt_rp_read_adv_features *rp;
7467 struct adv_info *adv_instance;
7468 u32 supported_flags;
7471 bt_dev_dbg(hdev, "sock %p", sk);
7473 if (!lmp_le_capable(hdev))
7474 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7475 MGMT_STATUS_REJECTED);
7477 /* Enabling the experimental LL Privay support disables support for
7480 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
7481 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7482 MGMT_STATUS_NOT_SUPPORTED);
7486 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
7487 rp = kmalloc(rp_len, GFP_ATOMIC);
7489 hci_dev_unlock(hdev);
7493 supported_flags = get_supported_adv_flags(hdev);
7495 rp->supported_flags = cpu_to_le32(supported_flags);
7496 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
7497 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
7498 rp->max_instances = hdev->le_num_of_adv_sets;
7499 rp->num_instances = hdev->adv_instance_cnt;
7501 instance = rp->instance;
7502 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
7503 *instance = adv_instance->instance;
7507 hci_dev_unlock(hdev);
7509 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7510 MGMT_STATUS_SUCCESS, rp, rp_len);
7517 static u8 calculate_name_len(struct hci_dev *hdev)
7519 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
7521 return append_local_name(hdev, buf, 0);
7524 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
7527 u8 max_len = HCI_MAX_AD_LENGTH;
7530 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
7531 MGMT_ADV_FLAG_LIMITED_DISCOV |
7532 MGMT_ADV_FLAG_MANAGED_FLAGS))
7535 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
7538 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
7539 max_len -= calculate_name_len(hdev);
7541 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
7548 static bool flags_managed(u32 adv_flags)
7550 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
7551 MGMT_ADV_FLAG_LIMITED_DISCOV |
7552 MGMT_ADV_FLAG_MANAGED_FLAGS);
7555 static bool tx_power_managed(u32 adv_flags)
7557 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
7560 static bool name_managed(u32 adv_flags)
7562 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
7565 static bool appearance_managed(u32 adv_flags)
7567 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
7570 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
7571 u8 len, bool is_adv_data)
7576 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
7581 /* Make sure that the data is correctly formatted. */
7582 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
7585 if (data[i + 1] == EIR_FLAGS &&
7586 (!is_adv_data || flags_managed(adv_flags)))
7589 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
7592 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
7595 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
7598 if (data[i + 1] == EIR_APPEARANCE &&
7599 appearance_managed(adv_flags))
7602 /* If the current field length would exceed the total data
7603 * length, then it's invalid.
7605 if (i + cur_len >= len)
7612 static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags)
7614 u32 supported_flags, phy_flags;
7616 /* The current implementation only supports a subset of the specified
7617 * flags. Also need to check mutual exclusiveness of sec flags.
7619 supported_flags = get_supported_adv_flags(hdev);
7620 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK;
7621 if (adv_flags & ~supported_flags ||
7622 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
7628 static bool adv_busy(struct hci_dev *hdev)
7630 return (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7631 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7632 pending_find(MGMT_OP_SET_LE, hdev) ||
7633 pending_find(MGMT_OP_ADD_EXT_ADV_PARAMS, hdev) ||
7634 pending_find(MGMT_OP_ADD_EXT_ADV_DATA, hdev));
7637 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
7640 struct mgmt_pending_cmd *cmd;
7641 struct mgmt_cp_add_advertising *cp;
7642 struct mgmt_rp_add_advertising rp;
7643 struct adv_info *adv_instance, *n;
7646 bt_dev_dbg(hdev, "status %d", status);
7650 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
7652 cmd = pending_find(MGMT_OP_ADD_EXT_ADV_DATA, hdev);
7654 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
7655 if (!adv_instance->pending)
7659 adv_instance->pending = false;
7663 instance = adv_instance->instance;
7665 if (hdev->cur_adv_instance == instance)
7666 cancel_adv_timeout(hdev);
7668 hci_remove_adv_instance(hdev, instance);
7669 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
7676 rp.instance = cp->instance;
7679 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
7680 mgmt_status(status));
7682 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
7683 mgmt_status(status), &rp, sizeof(rp));
7685 mgmt_pending_remove(cmd);
7688 hci_dev_unlock(hdev);
7691 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
7692 void *data, u16 data_len)
7694 struct mgmt_cp_add_advertising *cp = data;
7695 struct mgmt_rp_add_advertising rp;
7698 u16 timeout, duration;
7699 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
7700 u8 schedule_instance = 0;
7701 struct adv_info *next_instance;
7703 struct mgmt_pending_cmd *cmd;
7704 struct hci_request req;
7706 bt_dev_dbg(hdev, "sock %p", sk);
7708 status = mgmt_le_support(hdev);
7710 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7713 /* Enabling the experimental LL Privay support disables support for
7716 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
7717 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
7718 MGMT_STATUS_NOT_SUPPORTED);
7720 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
7721 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7722 MGMT_STATUS_INVALID_PARAMS);
7724 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
7725 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7726 MGMT_STATUS_INVALID_PARAMS);
7728 flags = __le32_to_cpu(cp->flags);
7729 timeout = __le16_to_cpu(cp->timeout);
7730 duration = __le16_to_cpu(cp->duration);
7732 if (!requested_adv_flags_are_valid(hdev, flags))
7733 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7734 MGMT_STATUS_INVALID_PARAMS);
7738 if (timeout && !hdev_is_powered(hdev)) {
7739 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7740 MGMT_STATUS_REJECTED);
7744 if (adv_busy(hdev)) {
7745 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7750 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
7751 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
7752 cp->scan_rsp_len, false)) {
7753 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7754 MGMT_STATUS_INVALID_PARAMS);
7758 err = hci_add_adv_instance(hdev, cp->instance, flags,
7759 cp->adv_data_len, cp->data,
7761 cp->data + cp->adv_data_len,
7763 HCI_ADV_TX_POWER_NO_PREFERENCE,
7764 hdev->le_adv_min_interval,
7765 hdev->le_adv_max_interval);
7767 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7768 MGMT_STATUS_FAILED);
7772 /* Only trigger an advertising added event if a new instance was
7775 if (hdev->adv_instance_cnt > prev_instance_cnt)
7776 mgmt_advertising_added(sk, hdev, cp->instance);
7778 if (hdev->cur_adv_instance == cp->instance) {
7779 /* If the currently advertised instance is being changed then
7780 * cancel the current advertising and schedule the next
7781 * instance. If there is only one instance then the overridden
7782 * advertising data will be visible right away.
7784 cancel_adv_timeout(hdev);
7786 next_instance = hci_get_next_instance(hdev, cp->instance);
7788 schedule_instance = next_instance->instance;
7789 } else if (!hdev->adv_instance_timeout) {
7790 /* Immediately advertise the new instance if no other
7791 * instance is currently being advertised.
7793 schedule_instance = cp->instance;
7796 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
7797 * there is no instance to be advertised then we have no HCI
7798 * communication to make. Simply return.
7800 if (!hdev_is_powered(hdev) ||
7801 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7802 !schedule_instance) {
7803 rp.instance = cp->instance;
7804 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7805 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7809 /* We're good to go, update advertising data, parameters, and start
7812 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
7819 hci_req_init(&req, hdev);
7821 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
7824 err = hci_req_run(&req, add_advertising_complete);
7827 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7828 MGMT_STATUS_FAILED);
7829 mgmt_pending_remove(cmd);
7833 hci_dev_unlock(hdev);
7838 static void add_ext_adv_params_complete(struct hci_dev *hdev, u8 status,
7841 struct mgmt_pending_cmd *cmd;
7842 struct mgmt_cp_add_ext_adv_params *cp;
7843 struct mgmt_rp_add_ext_adv_params rp;
7844 struct adv_info *adv_instance;
7847 BT_DBG("%s", hdev->name);
7851 cmd = pending_find(MGMT_OP_ADD_EXT_ADV_PARAMS, hdev);
7856 adv_instance = hci_find_adv_instance(hdev, cp->instance);
7860 rp.instance = cp->instance;
7861 rp.tx_power = adv_instance->tx_power;
7863 /* While we're at it, inform userspace of the available space for this
7864 * advertisement, given the flags that will be used.
7866 flags = __le32_to_cpu(cp->flags);
7867 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
7868 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
7871 /* If this advertisement was previously advertising and we
7872 * failed to update it, we signal that it has been removed and
7873 * delete its structure
7875 if (!adv_instance->pending)
7876 mgmt_advertising_removed(cmd->sk, hdev, cp->instance);
7878 hci_remove_adv_instance(hdev, cp->instance);
7880 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
7881 mgmt_status(status));
7884 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
7885 mgmt_status(status), &rp, sizeof(rp));
7890 mgmt_pending_remove(cmd);
7892 hci_dev_unlock(hdev);
7895 static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev,
7896 void *data, u16 data_len)
7898 struct mgmt_cp_add_ext_adv_params *cp = data;
7899 struct mgmt_rp_add_ext_adv_params rp;
7900 struct mgmt_pending_cmd *cmd = NULL;
7901 struct adv_info *adv_instance;
7902 struct hci_request req;
7903 u32 flags, min_interval, max_interval;
7904 u16 timeout, duration;
7909 BT_DBG("%s", hdev->name);
7911 status = mgmt_le_support(hdev);
7913 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7916 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
7917 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7918 MGMT_STATUS_INVALID_PARAMS);
7920 /* The purpose of breaking add_advertising into two separate MGMT calls
7921 * for params and data is to allow more parameters to be added to this
7922 * structure in the future. For this reason, we verify that we have the
7923 * bare minimum structure we know of when the interface was defined. Any
7924 * extra parameters we don't know about will be ignored in this request.
7926 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE)
7927 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7928 MGMT_STATUS_INVALID_PARAMS);
7930 flags = __le32_to_cpu(cp->flags);
7932 if (!requested_adv_flags_are_valid(hdev, flags))
7933 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7934 MGMT_STATUS_INVALID_PARAMS);
7938 /* In new interface, we require that we are powered to register */
7939 if (!hdev_is_powered(hdev)) {
7940 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7941 MGMT_STATUS_REJECTED);
7945 if (adv_busy(hdev)) {
7946 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7951 /* Parse defined parameters from request, use defaults otherwise */
7952 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ?
7953 __le16_to_cpu(cp->timeout) : 0;
7955 duration = (flags & MGMT_ADV_PARAM_DURATION) ?
7956 __le16_to_cpu(cp->duration) :
7957 hdev->def_multi_adv_rotation_duration;
7959 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
7960 __le32_to_cpu(cp->min_interval) :
7961 hdev->le_adv_min_interval;
7963 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
7964 __le32_to_cpu(cp->max_interval) :
7965 hdev->le_adv_max_interval;
7967 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ?
7969 HCI_ADV_TX_POWER_NO_PREFERENCE;
7971 /* Create advertising instance with no advertising or response data */
7972 err = hci_add_adv_instance(hdev, cp->instance, flags,
7973 0, NULL, 0, NULL, timeout, duration,
7974 tx_power, min_interval, max_interval);
7977 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7978 MGMT_STATUS_FAILED);
7982 hdev->cur_adv_instance = cp->instance;
7983 /* Submit request for advertising params if ext adv available */
7984 if (ext_adv_capable(hdev)) {
7985 hci_req_init(&req, hdev);
7986 adv_instance = hci_find_adv_instance(hdev, cp->instance);
7988 /* Updating parameters of an active instance will return a
7989 * Command Disallowed error, so we must first disable the
7990 * instance if it is active.
7992 if (!adv_instance->pending)
7993 __hci_req_disable_ext_adv_instance(&req, cp->instance);
7995 __hci_req_setup_ext_adv_instance(&req, cp->instance);
7997 err = hci_req_run(&req, add_ext_adv_params_complete);
8000 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_EXT_ADV_PARAMS,
8001 hdev, data, data_len);
8004 hci_remove_adv_instance(hdev, cp->instance);
8009 rp.instance = cp->instance;
8010 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE;
8011 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8012 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8013 err = mgmt_cmd_complete(sk, hdev->id,
8014 MGMT_OP_ADD_EXT_ADV_PARAMS,
8015 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8019 hci_dev_unlock(hdev);
8024 static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data,
8027 struct mgmt_cp_add_ext_adv_data *cp = data;
8028 struct mgmt_rp_add_ext_adv_data rp;
8029 u8 schedule_instance = 0;
8030 struct adv_info *next_instance;
8031 struct adv_info *adv_instance;
8033 struct mgmt_pending_cmd *cmd;
8034 struct hci_request req;
8036 BT_DBG("%s", hdev->name);
8040 adv_instance = hci_find_adv_instance(hdev, cp->instance);
8042 if (!adv_instance) {
8043 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8044 MGMT_STATUS_INVALID_PARAMS);
8048 /* In new interface, we require that we are powered to register */
8049 if (!hdev_is_powered(hdev)) {
8050 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8051 MGMT_STATUS_REJECTED);
8052 goto clear_new_instance;
8055 if (adv_busy(hdev)) {
8056 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8058 goto clear_new_instance;
8061 /* Validate new data */
8062 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data,
8063 cp->adv_data_len, true) ||
8064 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data +
8065 cp->adv_data_len, cp->scan_rsp_len, false)) {
8066 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8067 MGMT_STATUS_INVALID_PARAMS);
8068 goto clear_new_instance;
8071 /* Set the data in the advertising instance */
8072 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len,
8073 cp->data, cp->scan_rsp_len,
8074 cp->data + cp->adv_data_len);
8076 /* We're good to go, update advertising data, parameters, and start
8080 hci_req_init(&req, hdev);
8082 hci_req_add(&req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
8084 if (ext_adv_capable(hdev)) {
8085 __hci_req_update_adv_data(&req, cp->instance);
8086 __hci_req_update_scan_rsp_data(&req, cp->instance);
8087 __hci_req_enable_ext_advertising(&req, cp->instance);
8090 /* If using software rotation, determine next instance to use */
8092 if (hdev->cur_adv_instance == cp->instance) {
8093 /* If the currently advertised instance is being changed
8094 * then cancel the current advertising and schedule the
8095 * next instance. If there is only one instance then the
8096 * overridden advertising data will be visible right
8099 cancel_adv_timeout(hdev);
8101 next_instance = hci_get_next_instance(hdev,
8104 schedule_instance = next_instance->instance;
8105 } else if (!hdev->adv_instance_timeout) {
8106 /* Immediately advertise the new instance if no other
8107 * instance is currently being advertised.
8109 schedule_instance = cp->instance;
8112 /* If the HCI_ADVERTISING flag is set or there is no instance to
8113 * be advertised then we have no HCI communication to make.
8116 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
8117 !schedule_instance) {
8118 if (adv_instance->pending) {
8119 mgmt_advertising_added(sk, hdev, cp->instance);
8120 adv_instance->pending = false;
8122 rp.instance = cp->instance;
8123 err = mgmt_cmd_complete(sk, hdev->id,
8124 MGMT_OP_ADD_EXT_ADV_DATA,
8125 MGMT_STATUS_SUCCESS, &rp,
8130 err = __hci_req_schedule_adv_instance(&req, schedule_instance,
8134 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data,
8138 goto clear_new_instance;
8142 err = hci_req_run(&req, add_advertising_complete);
8145 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8146 MGMT_STATUS_FAILED);
8147 mgmt_pending_remove(cmd);
8148 goto clear_new_instance;
8151 /* We were successful in updating data, so trigger advertising_added
8152 * event if this is an instance that wasn't previously advertising. If
8153 * a failure occurs in the requests we initiated, we will remove the
8154 * instance again in add_advertising_complete
8156 if (adv_instance->pending)
8157 mgmt_advertising_added(sk, hdev, cp->instance);
8162 hci_remove_adv_instance(hdev, cp->instance);
8165 hci_dev_unlock(hdev);
8170 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
8173 struct mgmt_pending_cmd *cmd;
8174 struct mgmt_cp_remove_advertising *cp;
8175 struct mgmt_rp_remove_advertising rp;
8177 bt_dev_dbg(hdev, "status %d", status);
8181 /* A failure status here only means that we failed to disable
8182 * advertising. Otherwise, the advertising instance has been removed,
8183 * so report success.
8185 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
8190 rp.instance = cp->instance;
8192 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
8194 mgmt_pending_remove(cmd);
8197 hci_dev_unlock(hdev);
8200 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
8201 void *data, u16 data_len)
8203 struct mgmt_cp_remove_advertising *cp = data;
8204 struct mgmt_rp_remove_advertising rp;
8205 struct mgmt_pending_cmd *cmd;
8206 struct hci_request req;
8209 bt_dev_dbg(hdev, "sock %p", sk);
8211 /* Enabling the experimental LL Privay support disables support for
8214 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
8215 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
8216 MGMT_STATUS_NOT_SUPPORTED);
8220 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
8221 err = mgmt_cmd_status(sk, hdev->id,
8222 MGMT_OP_REMOVE_ADVERTISING,
8223 MGMT_STATUS_INVALID_PARAMS);
8227 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
8228 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
8229 pending_find(MGMT_OP_SET_LE, hdev)) {
8230 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
8235 if (list_empty(&hdev->adv_instances)) {
8236 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
8237 MGMT_STATUS_INVALID_PARAMS);
8241 hci_req_init(&req, hdev);
8243 /* If we use extended advertising, instance is disabled and removed */
8244 if (ext_adv_capable(hdev)) {
8245 __hci_req_disable_ext_adv_instance(&req, cp->instance);
8246 __hci_req_remove_ext_adv_instance(&req, cp->instance);
8249 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
8251 if (list_empty(&hdev->adv_instances))
8252 __hci_req_disable_advertising(&req);
8254 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
8255 * flag is set or the device isn't powered then we have no HCI
8256 * communication to make. Simply return.
8258 if (skb_queue_empty(&req.cmd_q) ||
8259 !hdev_is_powered(hdev) ||
8260 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
8261 hci_req_purge(&req);
8262 rp.instance = cp->instance;
8263 err = mgmt_cmd_complete(sk, hdev->id,
8264 MGMT_OP_REMOVE_ADVERTISING,
8265 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8269 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
8276 err = hci_req_run(&req, remove_advertising_complete);
8278 mgmt_pending_remove(cmd);
8281 hci_dev_unlock(hdev);
8286 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
8287 void *data, u16 data_len)
8289 struct mgmt_cp_get_adv_size_info *cp = data;
8290 struct mgmt_rp_get_adv_size_info rp;
8291 u32 flags, supported_flags;
8294 bt_dev_dbg(hdev, "sock %p", sk);
8296 if (!lmp_le_capable(hdev))
8297 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8298 MGMT_STATUS_REJECTED);
8300 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
8301 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8302 MGMT_STATUS_INVALID_PARAMS);
8304 flags = __le32_to_cpu(cp->flags);
8306 /* The current implementation only supports a subset of the specified
8309 supported_flags = get_supported_adv_flags(hdev);
8310 if (flags & ~supported_flags)
8311 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8312 MGMT_STATUS_INVALID_PARAMS);
8314 rp.instance = cp->instance;
8315 rp.flags = cp->flags;
8316 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8317 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8319 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8320 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8325 static const struct hci_mgmt_handler mgmt_handlers[] = {
8326 { NULL }, /* 0x0000 (no command) */
8327 { read_version, MGMT_READ_VERSION_SIZE,
8329 HCI_MGMT_UNTRUSTED },
8330 { read_commands, MGMT_READ_COMMANDS_SIZE,
8332 HCI_MGMT_UNTRUSTED },
8333 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
8335 HCI_MGMT_UNTRUSTED },
8336 { read_controller_info, MGMT_READ_INFO_SIZE,
8337 HCI_MGMT_UNTRUSTED },
8338 { set_powered, MGMT_SETTING_SIZE },
8339 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
8340 { set_connectable, MGMT_SETTING_SIZE },
8341 { set_fast_connectable, MGMT_SETTING_SIZE },
8342 { set_bondable, MGMT_SETTING_SIZE },
8343 { set_link_security, MGMT_SETTING_SIZE },
8344 { set_ssp, MGMT_SETTING_SIZE },
8345 { set_hs, MGMT_SETTING_SIZE },
8346 { set_le, MGMT_SETTING_SIZE },
8347 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
8348 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
8349 { add_uuid, MGMT_ADD_UUID_SIZE },
8350 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
8351 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
8353 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
8355 { disconnect, MGMT_DISCONNECT_SIZE },
8356 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
8357 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
8358 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
8359 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
8360 { pair_device, MGMT_PAIR_DEVICE_SIZE },
8361 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
8362 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
8363 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
8364 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
8365 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
8366 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
8367 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
8368 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
8370 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
8371 { start_discovery, MGMT_START_DISCOVERY_SIZE },
8372 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
8373 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
8374 { block_device, MGMT_BLOCK_DEVICE_SIZE },
8375 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
8376 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
8377 { set_advertising, MGMT_SETTING_SIZE },
8378 { set_bredr, MGMT_SETTING_SIZE },
8379 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
8380 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
8381 { set_secure_conn, MGMT_SETTING_SIZE },
8382 { set_debug_keys, MGMT_SETTING_SIZE },
8383 { set_privacy, MGMT_SET_PRIVACY_SIZE },
8384 { load_irks, MGMT_LOAD_IRKS_SIZE,
8386 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
8387 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
8388 { add_device, MGMT_ADD_DEVICE_SIZE },
8389 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
8390 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
8392 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
8394 HCI_MGMT_UNTRUSTED },
8395 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
8396 HCI_MGMT_UNCONFIGURED |
8397 HCI_MGMT_UNTRUSTED },
8398 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
8399 HCI_MGMT_UNCONFIGURED },
8400 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
8401 HCI_MGMT_UNCONFIGURED },
8402 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
8404 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
8405 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
8407 HCI_MGMT_UNTRUSTED },
8408 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
8409 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
8411 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
8412 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
8413 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
8414 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
8415 HCI_MGMT_UNTRUSTED },
8416 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
8417 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
8418 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
8419 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
8421 { set_wideband_speech, MGMT_SETTING_SIZE },
8422 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE,
8423 HCI_MGMT_UNTRUSTED },
8424 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE,
8425 HCI_MGMT_UNTRUSTED |
8426 HCI_MGMT_HDEV_OPTIONAL },
8427 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE,
8429 HCI_MGMT_HDEV_OPTIONAL },
8430 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE,
8431 HCI_MGMT_UNTRUSTED },
8432 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE,
8434 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE,
8435 HCI_MGMT_UNTRUSTED },
8436 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE,
8438 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE },
8439 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE },
8440 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE },
8441 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE,
8443 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE },
8444 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE,
8446 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE,
8448 { add_adv_patterns_monitor_rssi,
8449 MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE,
8453 void mgmt_index_added(struct hci_dev *hdev)
8455 struct mgmt_ev_ext_index ev;
8457 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8460 switch (hdev->dev_type) {
8462 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
8463 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
8464 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
8467 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
8468 HCI_MGMT_INDEX_EVENTS);
8481 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
8482 HCI_MGMT_EXT_INDEX_EVENTS);
8485 void mgmt_index_removed(struct hci_dev *hdev)
8487 struct mgmt_ev_ext_index ev;
8488 u8 status = MGMT_STATUS_INVALID_INDEX;
8490 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8493 switch (hdev->dev_type) {
8495 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8497 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
8498 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
8499 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
8502 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
8503 HCI_MGMT_INDEX_EVENTS);
8516 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
8517 HCI_MGMT_EXT_INDEX_EVENTS);
8520 /* This function requires the caller holds hdev->lock */
8521 static void restart_le_actions(struct hci_dev *hdev)
8523 struct hci_conn_params *p;
8525 list_for_each_entry(p, &hdev->le_conn_params, list) {
8526 /* Needed for AUTO_OFF case where might not "really"
8527 * have been powered off.
8529 list_del_init(&p->action);
8531 switch (p->auto_connect) {
8532 case HCI_AUTO_CONN_DIRECT:
8533 case HCI_AUTO_CONN_ALWAYS:
8534 list_add(&p->action, &hdev->pend_le_conns);
8536 case HCI_AUTO_CONN_REPORT:
8537 list_add(&p->action, &hdev->pend_le_reports);
8545 void mgmt_power_on(struct hci_dev *hdev, int err)
8547 struct cmd_lookup match = { NULL, hdev };
8549 bt_dev_dbg(hdev, "err %d", err);
8554 restart_le_actions(hdev);
8555 hci_update_background_scan(hdev);
8558 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8560 new_settings(hdev, match.sk);
8565 hci_dev_unlock(hdev);
8568 void __mgmt_power_off(struct hci_dev *hdev)
8570 struct cmd_lookup match = { NULL, hdev };
8571 u8 status, zero_cod[] = { 0, 0, 0 };
8573 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8575 /* If the power off is because of hdev unregistration let
8576 * use the appropriate INVALID_INDEX status. Otherwise use
8577 * NOT_POWERED. We cover both scenarios here since later in
8578 * mgmt_index_removed() any hci_conn callbacks will have already
8579 * been triggered, potentially causing misleading DISCONNECTED
8582 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
8583 status = MGMT_STATUS_INVALID_INDEX;
8585 status = MGMT_STATUS_NOT_POWERED;
8587 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8589 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
8590 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8591 zero_cod, sizeof(zero_cod),
8592 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
8593 ext_info_changed(hdev, NULL);
8596 new_settings(hdev, match.sk);
8602 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
8604 struct mgmt_pending_cmd *cmd;
8607 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
8611 if (err == -ERFKILL)
8612 status = MGMT_STATUS_RFKILLED;
8614 status = MGMT_STATUS_FAILED;
8616 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
8618 mgmt_pending_remove(cmd);
8621 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
8624 struct mgmt_ev_new_link_key ev;
8626 memset(&ev, 0, sizeof(ev));
8628 ev.store_hint = persistent;
8629 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8630 ev.key.addr.type = BDADDR_BREDR;
8631 ev.key.type = key->type;
8632 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
8633 ev.key.pin_len = key->pin_len;
8635 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
8638 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
8640 switch (ltk->type) {
8643 if (ltk->authenticated)
8644 return MGMT_LTK_AUTHENTICATED;
8645 return MGMT_LTK_UNAUTHENTICATED;
8647 if (ltk->authenticated)
8648 return MGMT_LTK_P256_AUTH;
8649 return MGMT_LTK_P256_UNAUTH;
8650 case SMP_LTK_P256_DEBUG:
8651 return MGMT_LTK_P256_DEBUG;
8654 return MGMT_LTK_UNAUTHENTICATED;
8657 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
8659 struct mgmt_ev_new_long_term_key ev;
8661 memset(&ev, 0, sizeof(ev));
8663 /* Devices using resolvable or non-resolvable random addresses
8664 * without providing an identity resolving key don't require
8665 * to store long term keys. Their addresses will change the
8668 * Only when a remote device provides an identity address
8669 * make sure the long term key is stored. If the remote
8670 * identity is known, the long term keys are internally
8671 * mapped to the identity address. So allow static random
8672 * and public addresses here.
8674 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8675 (key->bdaddr.b[5] & 0xc0) != 0xc0)
8676 ev.store_hint = 0x00;
8678 ev.store_hint = persistent;
8680 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8681 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
8682 ev.key.type = mgmt_ltk_type(key);
8683 ev.key.enc_size = key->enc_size;
8684 ev.key.ediv = key->ediv;
8685 ev.key.rand = key->rand;
8687 if (key->type == SMP_LTK)
8690 /* Make sure we copy only the significant bytes based on the
8691 * encryption key size, and set the rest of the value to zeroes.
8693 memcpy(ev.key.val, key->val, key->enc_size);
8694 memset(ev.key.val + key->enc_size, 0,
8695 sizeof(ev.key.val) - key->enc_size);
8697 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
8700 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
8702 struct mgmt_ev_new_irk ev;
8704 memset(&ev, 0, sizeof(ev));
8706 ev.store_hint = persistent;
8708 bacpy(&ev.rpa, &irk->rpa);
8709 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
8710 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
8711 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
8713 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
8716 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
8719 struct mgmt_ev_new_csrk ev;
8721 memset(&ev, 0, sizeof(ev));
8723 /* Devices using resolvable or non-resolvable random addresses
8724 * without providing an identity resolving key don't require
8725 * to store signature resolving keys. Their addresses will change
8726 * the next time around.
8728 * Only when a remote device provides an identity address
8729 * make sure the signature resolving key is stored. So allow
8730 * static random and public addresses here.
8732 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8733 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
8734 ev.store_hint = 0x00;
8736 ev.store_hint = persistent;
8738 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
8739 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
8740 ev.key.type = csrk->type;
8741 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
8743 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
8746 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
8747 u8 bdaddr_type, u8 store_hint, u16 min_interval,
8748 u16 max_interval, u16 latency, u16 timeout)
8750 struct mgmt_ev_new_conn_param ev;
8752 if (!hci_is_identity_address(bdaddr, bdaddr_type))
8755 memset(&ev, 0, sizeof(ev));
8756 bacpy(&ev.addr.bdaddr, bdaddr);
8757 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
8758 ev.store_hint = store_hint;
8759 ev.min_interval = cpu_to_le16(min_interval);
8760 ev.max_interval = cpu_to_le16(max_interval);
8761 ev.latency = cpu_to_le16(latency);
8762 ev.timeout = cpu_to_le16(timeout);
8764 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
8767 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
8768 u32 flags, u8 *name, u8 name_len)
8771 struct mgmt_ev_device_connected *ev = (void *) buf;
8774 bacpy(&ev->addr.bdaddr, &conn->dst);
8775 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8777 ev->flags = __cpu_to_le32(flags);
8779 /* We must ensure that the EIR Data fields are ordered and
8780 * unique. Keep it simple for now and avoid the problem by not
8781 * adding any BR/EDR data to the LE adv.
8783 if (conn->le_adv_data_len > 0) {
8784 memcpy(&ev->eir[eir_len],
8785 conn->le_adv_data, conn->le_adv_data_len);
8786 eir_len = conn->le_adv_data_len;
8789 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
8792 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
8793 eir_len = eir_append_data(ev->eir, eir_len,
8795 conn->dev_class, 3);
8798 ev->eir_len = cpu_to_le16(eir_len);
8800 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
8801 sizeof(*ev) + eir_len, NULL);
8804 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8806 struct sock **sk = data;
8808 cmd->cmd_complete(cmd, 0);
8813 mgmt_pending_remove(cmd);
8816 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
8818 struct hci_dev *hdev = data;
8819 struct mgmt_cp_unpair_device *cp = cmd->param;
8821 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
8823 cmd->cmd_complete(cmd, 0);
8824 mgmt_pending_remove(cmd);
8827 bool mgmt_powering_down(struct hci_dev *hdev)
8829 struct mgmt_pending_cmd *cmd;
8830 struct mgmt_mode *cp;
8832 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
8843 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
8844 u8 link_type, u8 addr_type, u8 reason,
8845 bool mgmt_connected)
8847 struct mgmt_ev_device_disconnected ev;
8848 struct sock *sk = NULL;
8850 /* The connection is still in hci_conn_hash so test for 1
8851 * instead of 0 to know if this is the last one.
8853 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8854 cancel_delayed_work(&hdev->power_off);
8855 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8858 if (!mgmt_connected)
8861 if (link_type != ACL_LINK && link_type != LE_LINK)
8864 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
8866 bacpy(&ev.addr.bdaddr, bdaddr);
8867 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8870 /* Report disconnects due to suspend */
8871 if (hdev->suspended)
8872 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND;
8874 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8879 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8883 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
8884 u8 link_type, u8 addr_type, u8 status)
8886 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
8887 struct mgmt_cp_disconnect *cp;
8888 struct mgmt_pending_cmd *cmd;
8890 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8893 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8899 if (bacmp(bdaddr, &cp->addr.bdaddr))
8902 if (cp->addr.type != bdaddr_type)
8905 cmd->cmd_complete(cmd, mgmt_status(status));
8906 mgmt_pending_remove(cmd);
8909 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8910 u8 addr_type, u8 status)
8912 struct mgmt_ev_connect_failed ev;
8914 /* The connection is still in hci_conn_hash so test for 1
8915 * instead of 0 to know if this is the last one.
8917 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8918 cancel_delayed_work(&hdev->power_off);
8919 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8922 bacpy(&ev.addr.bdaddr, bdaddr);
8923 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8924 ev.status = mgmt_status(status);
8926 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
8929 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
8931 struct mgmt_ev_pin_code_request ev;
8933 bacpy(&ev.addr.bdaddr, bdaddr);
8934 ev.addr.type = BDADDR_BREDR;
8937 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
8940 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8943 struct mgmt_pending_cmd *cmd;
8945 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
8949 cmd->cmd_complete(cmd, mgmt_status(status));
8950 mgmt_pending_remove(cmd);
8953 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8956 struct mgmt_pending_cmd *cmd;
8958 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
8962 cmd->cmd_complete(cmd, mgmt_status(status));
8963 mgmt_pending_remove(cmd);
8966 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8967 u8 link_type, u8 addr_type, u32 value,
8970 struct mgmt_ev_user_confirm_request ev;
8972 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
8974 bacpy(&ev.addr.bdaddr, bdaddr);
8975 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8976 ev.confirm_hint = confirm_hint;
8977 ev.value = cpu_to_le32(value);
8979 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
8983 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8984 u8 link_type, u8 addr_type)
8986 struct mgmt_ev_user_passkey_request ev;
8988 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
8990 bacpy(&ev.addr.bdaddr, bdaddr);
8991 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8993 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
8997 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8998 u8 link_type, u8 addr_type, u8 status,
9001 struct mgmt_pending_cmd *cmd;
9003 cmd = pending_find(opcode, hdev);
9007 cmd->cmd_complete(cmd, mgmt_status(status));
9008 mgmt_pending_remove(cmd);
9013 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9014 u8 link_type, u8 addr_type, u8 status)
9016 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9017 status, MGMT_OP_USER_CONFIRM_REPLY);
9020 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9021 u8 link_type, u8 addr_type, u8 status)
9023 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9025 MGMT_OP_USER_CONFIRM_NEG_REPLY);
9028 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9029 u8 link_type, u8 addr_type, u8 status)
9031 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9032 status, MGMT_OP_USER_PASSKEY_REPLY);
9035 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9036 u8 link_type, u8 addr_type, u8 status)
9038 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9040 MGMT_OP_USER_PASSKEY_NEG_REPLY);
9043 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
9044 u8 link_type, u8 addr_type, u32 passkey,
9047 struct mgmt_ev_passkey_notify ev;
9049 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
9051 bacpy(&ev.addr.bdaddr, bdaddr);
9052 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9053 ev.passkey = __cpu_to_le32(passkey);
9054 ev.entered = entered;
9056 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
9059 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
9061 struct mgmt_ev_auth_failed ev;
9062 struct mgmt_pending_cmd *cmd;
9063 u8 status = mgmt_status(hci_status);
9065 bacpy(&ev.addr.bdaddr, &conn->dst);
9066 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
9069 cmd = find_pairing(conn);
9071 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
9072 cmd ? cmd->sk : NULL);
9075 cmd->cmd_complete(cmd, status);
9076 mgmt_pending_remove(cmd);
9080 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
9082 struct cmd_lookup match = { NULL, hdev };
9086 u8 mgmt_err = mgmt_status(status);
9087 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
9088 cmd_status_rsp, &mgmt_err);
9092 if (test_bit(HCI_AUTH, &hdev->flags))
9093 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
9095 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
9097 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
9101 new_settings(hdev, match.sk);
9107 static void clear_eir(struct hci_request *req)
9109 struct hci_dev *hdev = req->hdev;
9110 struct hci_cp_write_eir cp;
9112 if (!lmp_ext_inq_capable(hdev))
9115 memset(hdev->eir, 0, sizeof(hdev->eir));
9117 memset(&cp, 0, sizeof(cp));
9119 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
9122 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
9124 struct cmd_lookup match = { NULL, hdev };
9125 struct hci_request req;
9126 bool changed = false;
9129 u8 mgmt_err = mgmt_status(status);
9131 if (enable && hci_dev_test_and_clear_flag(hdev,
9133 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
9134 new_settings(hdev, NULL);
9137 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
9143 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
9145 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9147 changed = hci_dev_test_and_clear_flag(hdev,
9150 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
9153 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
9156 new_settings(hdev, match.sk);
9161 hci_req_init(&req, hdev);
9163 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
9164 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
9165 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
9166 sizeof(enable), &enable);
9167 __hci_req_update_eir(&req);
9172 hci_req_run(&req, NULL);
9175 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
9177 struct cmd_lookup *match = data;
9179 if (match->sk == NULL) {
9180 match->sk = cmd->sk;
9181 sock_hold(match->sk);
9185 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
9188 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
9190 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
9191 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
9192 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
9195 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
9196 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
9197 ext_info_changed(hdev, NULL);
9204 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
9206 struct mgmt_cp_set_local_name ev;
9207 struct mgmt_pending_cmd *cmd;
9212 memset(&ev, 0, sizeof(ev));
9213 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
9214 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
9216 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
9218 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
9220 /* If this is a HCI command related to powering on the
9221 * HCI dev don't send any mgmt signals.
9223 if (pending_find(MGMT_OP_SET_POWERED, hdev))
9227 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
9228 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
9229 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
9232 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
9236 for (i = 0; i < uuid_count; i++) {
9237 if (!memcmp(uuid, uuids[i], 16))
9244 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
9248 while (parsed < eir_len) {
9249 u8 field_len = eir[0];
9256 if (eir_len - parsed < field_len + 1)
9260 case EIR_UUID16_ALL:
9261 case EIR_UUID16_SOME:
9262 for (i = 0; i + 3 <= field_len; i += 2) {
9263 memcpy(uuid, bluetooth_base_uuid, 16);
9264 uuid[13] = eir[i + 3];
9265 uuid[12] = eir[i + 2];
9266 if (has_uuid(uuid, uuid_count, uuids))
9270 case EIR_UUID32_ALL:
9271 case EIR_UUID32_SOME:
9272 for (i = 0; i + 5 <= field_len; i += 4) {
9273 memcpy(uuid, bluetooth_base_uuid, 16);
9274 uuid[15] = eir[i + 5];
9275 uuid[14] = eir[i + 4];
9276 uuid[13] = eir[i + 3];
9277 uuid[12] = eir[i + 2];
9278 if (has_uuid(uuid, uuid_count, uuids))
9282 case EIR_UUID128_ALL:
9283 case EIR_UUID128_SOME:
9284 for (i = 0; i + 17 <= field_len; i += 16) {
9285 memcpy(uuid, eir + i + 2, 16);
9286 if (has_uuid(uuid, uuid_count, uuids))
9292 parsed += field_len + 1;
9293 eir += field_len + 1;
9299 static void restart_le_scan(struct hci_dev *hdev)
9301 /* If controller is not scanning we are done. */
9302 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
9305 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
9306 hdev->discovery.scan_start +
9307 hdev->discovery.scan_duration))
9310 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
9311 DISCOV_LE_RESTART_DELAY);
9314 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
9315 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
9317 /* If a RSSI threshold has been specified, and
9318 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
9319 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
9320 * is set, let it through for further processing, as we might need to
9323 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
9324 * the results are also dropped.
9326 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
9327 (rssi == HCI_RSSI_INVALID ||
9328 (rssi < hdev->discovery.rssi &&
9329 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
9332 if (hdev->discovery.uuid_count != 0) {
9333 /* If a list of UUIDs is provided in filter, results with no
9334 * matching UUID should be dropped.
9336 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
9337 hdev->discovery.uuids) &&
9338 !eir_has_uuids(scan_rsp, scan_rsp_len,
9339 hdev->discovery.uuid_count,
9340 hdev->discovery.uuids))
9344 /* If duplicate filtering does not report RSSI changes, then restart
9345 * scanning to ensure updated result with updated RSSI values.
9347 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
9348 restart_le_scan(hdev);
9350 /* Validate RSSI value against the RSSI threshold once more. */
9351 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
9352 rssi < hdev->discovery.rssi)
9359 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9360 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
9361 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
9364 struct mgmt_ev_device_found *ev = (void *)buf;
9367 /* Don't send events for a non-kernel initiated discovery. With
9368 * LE one exception is if we have pend_le_reports > 0 in which
9369 * case we're doing passive scanning and want these events.
9371 if (!hci_discovery_active(hdev)) {
9372 if (link_type == ACL_LINK)
9374 if (link_type == LE_LINK &&
9375 list_empty(&hdev->pend_le_reports) &&
9376 !hci_is_adv_monitoring(hdev)) {
9381 if (hdev->discovery.result_filtering) {
9382 /* We are using service discovery */
9383 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
9388 if (hdev->discovery.limited) {
9389 /* Check for limited discoverable bit */
9391 if (!(dev_class[1] & 0x20))
9394 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
9395 if (!flags || !(flags[0] & LE_AD_LIMITED))
9400 /* Make sure that the buffer is big enough. The 5 extra bytes
9401 * are for the potential CoD field.
9403 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
9406 memset(buf, 0, sizeof(buf));
9408 /* In case of device discovery with BR/EDR devices (pre 1.2), the
9409 * RSSI value was reported as 0 when not available. This behavior
9410 * is kept when using device discovery. This is required for full
9411 * backwards compatibility with the API.
9413 * However when using service discovery, the value 127 will be
9414 * returned when the RSSI is not available.
9416 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
9417 link_type == ACL_LINK)
9420 bacpy(&ev->addr.bdaddr, bdaddr);
9421 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9423 ev->flags = cpu_to_le32(flags);
9426 /* Copy EIR or advertising data into event */
9427 memcpy(ev->eir, eir, eir_len);
9429 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9431 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9434 if (scan_rsp_len > 0)
9435 /* Append scan response data to event */
9436 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
9438 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
9439 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
9441 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
9444 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9445 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
9447 struct mgmt_ev_device_found *ev;
9448 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
9451 ev = (struct mgmt_ev_device_found *) buf;
9453 memset(buf, 0, sizeof(buf));
9455 bacpy(&ev->addr.bdaddr, bdaddr);
9456 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9459 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
9462 ev->eir_len = cpu_to_le16(eir_len);
9464 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
9467 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
9469 struct mgmt_ev_discovering ev;
9471 bt_dev_dbg(hdev, "discovering %u", discovering);
9473 memset(&ev, 0, sizeof(ev));
9474 ev.type = hdev->discovery.type;
9475 ev.discovering = discovering;
9477 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
9480 void mgmt_suspending(struct hci_dev *hdev, u8 state)
9482 struct mgmt_ev_controller_suspend ev;
9484 ev.suspend_state = state;
9485 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL);
9488 void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr,
9491 struct mgmt_ev_controller_resume ev;
9493 ev.wake_reason = reason;
9495 bacpy(&ev.addr.bdaddr, bdaddr);
9496 ev.addr.type = addr_type;
9498 memset(&ev.addr, 0, sizeof(ev.addr));
9501 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL);
9504 static struct hci_mgmt_chan chan = {
9505 .channel = HCI_CHANNEL_CONTROL,
9506 .handler_count = ARRAY_SIZE(mgmt_handlers),
9507 .handlers = mgmt_handlers,
9508 .hdev_init = mgmt_init_hdev,
9513 return hci_mgmt_chan_register(&chan);
9516 void mgmt_exit(void)
9518 hci_mgmt_chan_unregister(&chan);
projects / linux-2.6-microblaze.git / blob