2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 14
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
111 static const u16 mgmt_events[] = {
112 MGMT_EV_CONTROLLER_ERROR,
114 MGMT_EV_INDEX_REMOVED,
115 MGMT_EV_NEW_SETTINGS,
116 MGMT_EV_CLASS_OF_DEV_CHANGED,
117 MGMT_EV_LOCAL_NAME_CHANGED,
118 MGMT_EV_NEW_LINK_KEY,
119 MGMT_EV_NEW_LONG_TERM_KEY,
120 MGMT_EV_DEVICE_CONNECTED,
121 MGMT_EV_DEVICE_DISCONNECTED,
122 MGMT_EV_CONNECT_FAILED,
123 MGMT_EV_PIN_CODE_REQUEST,
124 MGMT_EV_USER_CONFIRM_REQUEST,
125 MGMT_EV_USER_PASSKEY_REQUEST,
127 MGMT_EV_DEVICE_FOUND,
129 MGMT_EV_DEVICE_BLOCKED,
130 MGMT_EV_DEVICE_UNBLOCKED,
131 MGMT_EV_DEVICE_UNPAIRED,
132 MGMT_EV_PASSKEY_NOTIFY,
135 MGMT_EV_DEVICE_ADDED,
136 MGMT_EV_DEVICE_REMOVED,
137 MGMT_EV_NEW_CONN_PARAM,
138 MGMT_EV_UNCONF_INDEX_ADDED,
139 MGMT_EV_UNCONF_INDEX_REMOVED,
140 MGMT_EV_NEW_CONFIG_OPTIONS,
141 MGMT_EV_EXT_INDEX_ADDED,
142 MGMT_EV_EXT_INDEX_REMOVED,
143 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
144 MGMT_EV_ADVERTISING_ADDED,
145 MGMT_EV_ADVERTISING_REMOVED,
146 MGMT_EV_EXT_INFO_CHANGED,
149 static const u16 mgmt_untrusted_commands[] = {
150 MGMT_OP_READ_INDEX_LIST,
152 MGMT_OP_READ_UNCONF_INDEX_LIST,
153 MGMT_OP_READ_CONFIG_INFO,
154 MGMT_OP_READ_EXT_INDEX_LIST,
155 MGMT_OP_READ_EXT_INFO,
158 static const u16 mgmt_untrusted_events[] = {
160 MGMT_EV_INDEX_REMOVED,
161 MGMT_EV_NEW_SETTINGS,
162 MGMT_EV_CLASS_OF_DEV_CHANGED,
163 MGMT_EV_LOCAL_NAME_CHANGED,
164 MGMT_EV_UNCONF_INDEX_ADDED,
165 MGMT_EV_UNCONF_INDEX_REMOVED,
166 MGMT_EV_NEW_CONFIG_OPTIONS,
167 MGMT_EV_EXT_INDEX_ADDED,
168 MGMT_EV_EXT_INDEX_REMOVED,
169 MGMT_EV_EXT_INFO_CHANGED,
172 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
174 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
175 "\x00\x00\x00\x00\x00\x00\x00\x00"
177 /* HCI to MGMT error code conversion table */
178 static u8 mgmt_status_table[] = {
180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
182 MGMT_STATUS_FAILED, /* Hardware Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
191 MGMT_STATUS_BUSY, /* Command Disallowed */
192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
193 MGMT_STATUS_REJECTED, /* Rejected Security */
194 MGMT_STATUS_REJECTED, /* Rejected Personal */
195 MGMT_STATUS_TIMEOUT, /* Host Timeout */
196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
202 MGMT_STATUS_BUSY, /* Repeated Attempts */
203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
210 MGMT_STATUS_FAILED, /* Unspecified Error */
211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
217 MGMT_STATUS_FAILED, /* Unit Link Key Used */
218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
219 MGMT_STATUS_TIMEOUT, /* Instant Passed */
220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
221 MGMT_STATUS_FAILED, /* Transaction Collision */
222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
223 MGMT_STATUS_REJECTED, /* QoS Rejected */
224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
225 MGMT_STATUS_REJECTED, /* Insufficient Security */
226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
227 MGMT_STATUS_BUSY, /* Role Switch Pending */
228 MGMT_STATUS_FAILED, /* Slot Violation */
229 MGMT_STATUS_FAILED, /* Role Switch Failed */
230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
232 MGMT_STATUS_BUSY, /* Host Busy Pairing */
233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
234 MGMT_STATUS_BUSY, /* Controller Busy */
235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
242 static u8 mgmt_status(u8 hci_status)
244 if (hci_status < ARRAY_SIZE(mgmt_status_table))
245 return mgmt_status_table[hci_status];
247 return MGMT_STATUS_FAILED;
250 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, int flag, struct sock *skip_sk)
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
271 static u8 le_addr_type(u8 mgmt_addr_type)
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
276 return ADDR_LE_DEV_RANDOM;
279 void mgmt_fill_version_info(void *ver)
281 struct mgmt_rp_read_version *rp = ver;
283 rp->version = MGMT_VERSION;
284 rp->revision = cpu_to_le16(MGMT_REVISION);
287 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
290 struct mgmt_rp_read_version rp;
292 BT_DBG("sock %p", sk);
294 mgmt_fill_version_info(&rp);
296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
300 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
303 struct mgmt_rp_read_commands *rp;
304 u16 num_commands, num_events;
308 BT_DBG("sock %p", sk);
310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
311 num_commands = ARRAY_SIZE(mgmt_commands);
312 num_events = ARRAY_SIZE(mgmt_events);
314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
315 num_events = ARRAY_SIZE(mgmt_untrusted_events);
318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
320 rp = kmalloc(rp_size, GFP_KERNEL);
324 rp->num_commands = cpu_to_le16(num_commands);
325 rp->num_events = cpu_to_le16(num_events);
327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
328 __le16 *opcode = rp->opcodes;
330 for (i = 0; i < num_commands; i++, opcode++)
331 put_unaligned_le16(mgmt_commands[i], opcode);
333 for (i = 0; i < num_events; i++, opcode++)
334 put_unaligned_le16(mgmt_events[i], opcode);
336 __le16 *opcode = rp->opcodes;
338 for (i = 0; i < num_commands; i++, opcode++)
339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
341 for (i = 0; i < num_events; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
352 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
355 struct mgmt_rp_read_index_list *rp;
361 BT_DBG("sock %p", sk);
363 read_lock(&hci_dev_list_lock);
366 list_for_each_entry(d, &hci_dev_list, list) {
367 if (d->dev_type == HCI_PRIMARY &&
368 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
372 rp_len = sizeof(*rp) + (2 * count);
373 rp = kmalloc(rp_len, GFP_ATOMIC);
375 read_unlock(&hci_dev_list_lock);
380 list_for_each_entry(d, &hci_dev_list, list) {
381 if (hci_dev_test_flag(d, HCI_SETUP) ||
382 hci_dev_test_flag(d, HCI_CONFIG) ||
383 hci_dev_test_flag(d, HCI_USER_CHANNEL))
386 /* Devices marked as raw-only are neither configured
387 * nor unconfigured controllers.
389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
392 if (d->dev_type == HCI_PRIMARY &&
393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
394 rp->index[count++] = cpu_to_le16(d->id);
395 BT_DBG("Added hci%u", d->id);
399 rp->num_controllers = cpu_to_le16(count);
400 rp_len = sizeof(*rp) + (2 * count);
402 read_unlock(&hci_dev_list_lock);
404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
412 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
413 void *data, u16 data_len)
415 struct mgmt_rp_read_unconf_index_list *rp;
421 BT_DBG("sock %p", sk);
423 read_lock(&hci_dev_list_lock);
426 list_for_each_entry(d, &hci_dev_list, list) {
427 if (d->dev_type == HCI_PRIMARY &&
428 hci_dev_test_flag(d, HCI_UNCONFIGURED))
432 rp_len = sizeof(*rp) + (2 * count);
433 rp = kmalloc(rp_len, GFP_ATOMIC);
435 read_unlock(&hci_dev_list_lock);
440 list_for_each_entry(d, &hci_dev_list, list) {
441 if (hci_dev_test_flag(d, HCI_SETUP) ||
442 hci_dev_test_flag(d, HCI_CONFIG) ||
443 hci_dev_test_flag(d, HCI_USER_CHANNEL))
446 /* Devices marked as raw-only are neither configured
447 * nor unconfigured controllers.
449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
452 if (d->dev_type == HCI_PRIMARY &&
453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
454 rp->index[count++] = cpu_to_le16(d->id);
455 BT_DBG("Added hci%u", d->id);
459 rp->num_controllers = cpu_to_le16(count);
460 rp_len = sizeof(*rp) + (2 * count);
462 read_unlock(&hci_dev_list_lock);
464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
472 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
473 void *data, u16 data_len)
475 struct mgmt_rp_read_ext_index_list *rp;
480 BT_DBG("sock %p", sk);
482 read_lock(&hci_dev_list_lock);
485 list_for_each_entry(d, &hci_dev_list, list) {
486 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
490 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
492 read_unlock(&hci_dev_list_lock);
497 list_for_each_entry(d, &hci_dev_list, list) {
498 if (hci_dev_test_flag(d, HCI_SETUP) ||
499 hci_dev_test_flag(d, HCI_CONFIG) ||
500 hci_dev_test_flag(d, HCI_USER_CHANNEL))
503 /* Devices marked as raw-only are neither configured
504 * nor unconfigured controllers.
506 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
509 if (d->dev_type == HCI_PRIMARY) {
510 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
511 rp->entry[count].type = 0x01;
513 rp->entry[count].type = 0x00;
514 } else if (d->dev_type == HCI_AMP) {
515 rp->entry[count].type = 0x02;
520 rp->entry[count].bus = d->bus;
521 rp->entry[count++].index = cpu_to_le16(d->id);
522 BT_DBG("Added hci%u", d->id);
525 rp->num_controllers = cpu_to_le16(count);
527 read_unlock(&hci_dev_list_lock);
529 /* If this command is called at least once, then all the
530 * default index and unconfigured index events are disabled
531 * and from now on only extended index events are used.
533 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
534 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
535 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
537 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
538 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
539 struct_size(rp, entry, count));
546 static bool is_configured(struct hci_dev *hdev)
548 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
549 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
552 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
553 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
554 !bacmp(&hdev->public_addr, BDADDR_ANY))
560 static __le32 get_missing_options(struct hci_dev *hdev)
564 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
565 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
566 options |= MGMT_OPTION_EXTERNAL_CONFIG;
568 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
569 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
570 !bacmp(&hdev->public_addr, BDADDR_ANY))
571 options |= MGMT_OPTION_PUBLIC_ADDRESS;
573 return cpu_to_le32(options);
576 static int new_options(struct hci_dev *hdev, struct sock *skip)
578 __le32 options = get_missing_options(hdev);
580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
584 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
586 __le32 options = get_missing_options(hdev);
588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
592 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
593 void *data, u16 data_len)
595 struct mgmt_rp_read_config_info rp;
598 BT_DBG("sock %p %s", sk, hdev->name);
602 memset(&rp, 0, sizeof(rp));
603 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
606 options |= MGMT_OPTION_EXTERNAL_CONFIG;
608 if (hdev->set_bdaddr)
609 options |= MGMT_OPTION_PUBLIC_ADDRESS;
611 rp.supported_options = cpu_to_le32(options);
612 rp.missing_options = get_missing_options(hdev);
614 hci_dev_unlock(hdev);
616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
620 static u32 get_supported_phys(struct hci_dev *hdev)
622 u32 supported_phys = 0;
624 if (lmp_bredr_capable(hdev)) {
625 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
627 if (hdev->features[0][0] & LMP_3SLOT)
628 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
630 if (hdev->features[0][0] & LMP_5SLOT)
631 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
633 if (lmp_edr_2m_capable(hdev)) {
634 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
636 if (lmp_edr_3slot_capable(hdev))
637 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
639 if (lmp_edr_5slot_capable(hdev))
640 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
642 if (lmp_edr_3m_capable(hdev)) {
643 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
645 if (lmp_edr_3slot_capable(hdev))
646 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
648 if (lmp_edr_5slot_capable(hdev))
649 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
654 if (lmp_le_capable(hdev)) {
655 supported_phys |= MGMT_PHY_LE_1M_TX;
656 supported_phys |= MGMT_PHY_LE_1M_RX;
658 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
659 supported_phys |= MGMT_PHY_LE_2M_TX;
660 supported_phys |= MGMT_PHY_LE_2M_RX;
663 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
664 supported_phys |= MGMT_PHY_LE_CODED_TX;
665 supported_phys |= MGMT_PHY_LE_CODED_RX;
669 return supported_phys;
672 static u32 get_selected_phys(struct hci_dev *hdev)
674 u32 selected_phys = 0;
676 if (lmp_bredr_capable(hdev)) {
677 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
679 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
680 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
682 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
683 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
685 if (lmp_edr_2m_capable(hdev)) {
686 if (!(hdev->pkt_type & HCI_2DH1))
687 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
689 if (lmp_edr_3slot_capable(hdev) &&
690 !(hdev->pkt_type & HCI_2DH3))
691 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
693 if (lmp_edr_5slot_capable(hdev) &&
694 !(hdev->pkt_type & HCI_2DH5))
695 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
697 if (lmp_edr_3m_capable(hdev)) {
698 if (!(hdev->pkt_type & HCI_3DH1))
699 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
701 if (lmp_edr_3slot_capable(hdev) &&
702 !(hdev->pkt_type & HCI_3DH3))
703 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
705 if (lmp_edr_5slot_capable(hdev) &&
706 !(hdev->pkt_type & HCI_3DH5))
707 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
712 if (lmp_le_capable(hdev)) {
713 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
714 selected_phys |= MGMT_PHY_LE_1M_TX;
716 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
717 selected_phys |= MGMT_PHY_LE_1M_RX;
719 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
720 selected_phys |= MGMT_PHY_LE_2M_TX;
722 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
723 selected_phys |= MGMT_PHY_LE_2M_RX;
725 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
726 selected_phys |= MGMT_PHY_LE_CODED_TX;
728 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
729 selected_phys |= MGMT_PHY_LE_CODED_RX;
732 return selected_phys;
735 static u32 get_configurable_phys(struct hci_dev *hdev)
737 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
738 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
741 static u32 get_supported_settings(struct hci_dev *hdev)
745 settings |= MGMT_SETTING_POWERED;
746 settings |= MGMT_SETTING_BONDABLE;
747 settings |= MGMT_SETTING_DEBUG_KEYS;
748 settings |= MGMT_SETTING_CONNECTABLE;
749 settings |= MGMT_SETTING_DISCOVERABLE;
751 if (lmp_bredr_capable(hdev)) {
752 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
753 settings |= MGMT_SETTING_FAST_CONNECTABLE;
754 settings |= MGMT_SETTING_BREDR;
755 settings |= MGMT_SETTING_LINK_SECURITY;
757 if (lmp_ssp_capable(hdev)) {
758 settings |= MGMT_SETTING_SSP;
759 settings |= MGMT_SETTING_HS;
762 if (lmp_sc_capable(hdev))
763 settings |= MGMT_SETTING_SECURE_CONN;
766 if (lmp_le_capable(hdev)) {
767 settings |= MGMT_SETTING_LE;
768 settings |= MGMT_SETTING_ADVERTISING;
769 settings |= MGMT_SETTING_SECURE_CONN;
770 settings |= MGMT_SETTING_PRIVACY;
771 settings |= MGMT_SETTING_STATIC_ADDRESS;
774 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
776 settings |= MGMT_SETTING_CONFIGURATION;
778 settings |= MGMT_SETTING_PHY_CONFIGURATION;
783 static u32 get_current_settings(struct hci_dev *hdev)
787 if (hdev_is_powered(hdev))
788 settings |= MGMT_SETTING_POWERED;
790 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
791 settings |= MGMT_SETTING_CONNECTABLE;
793 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
794 settings |= MGMT_SETTING_FAST_CONNECTABLE;
796 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
797 settings |= MGMT_SETTING_DISCOVERABLE;
799 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
800 settings |= MGMT_SETTING_BONDABLE;
802 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
803 settings |= MGMT_SETTING_BREDR;
805 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
806 settings |= MGMT_SETTING_LE;
808 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
809 settings |= MGMT_SETTING_LINK_SECURITY;
811 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
812 settings |= MGMT_SETTING_SSP;
814 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
815 settings |= MGMT_SETTING_HS;
817 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
818 settings |= MGMT_SETTING_ADVERTISING;
820 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
821 settings |= MGMT_SETTING_SECURE_CONN;
823 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
824 settings |= MGMT_SETTING_DEBUG_KEYS;
826 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
827 settings |= MGMT_SETTING_PRIVACY;
829 /* The current setting for static address has two purposes. The
830 * first is to indicate if the static address will be used and
831 * the second is to indicate if it is actually set.
833 * This means if the static address is not configured, this flag
834 * will never be set. If the address is configured, then if the
835 * address is actually used decides if the flag is set or not.
837 * For single mode LE only controllers and dual-mode controllers
838 * with BR/EDR disabled, the existence of the static address will
841 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
842 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
843 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
844 if (bacmp(&hdev->static_addr, BDADDR_ANY))
845 settings |= MGMT_SETTING_STATIC_ADDRESS;
851 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
853 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
856 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
857 struct hci_dev *hdev,
860 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
863 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
865 struct mgmt_pending_cmd *cmd;
867 /* If there's a pending mgmt command the flags will not yet have
868 * their final values, so check for this first.
870 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
872 struct mgmt_mode *cp = cmd->param;
874 return LE_AD_GENERAL;
875 else if (cp->val == 0x02)
876 return LE_AD_LIMITED;
878 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
879 return LE_AD_LIMITED;
880 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
881 return LE_AD_GENERAL;
887 bool mgmt_get_connectable(struct hci_dev *hdev)
889 struct mgmt_pending_cmd *cmd;
891 /* If there's a pending mgmt command the flag will not yet have
892 * it's final value, so check for this first.
894 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
896 struct mgmt_mode *cp = cmd->param;
901 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
904 static void service_cache_off(struct work_struct *work)
906 struct hci_dev *hdev = container_of(work, struct hci_dev,
908 struct hci_request req;
910 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
913 hci_req_init(&req, hdev);
917 __hci_req_update_eir(&req);
918 __hci_req_update_class(&req);
920 hci_dev_unlock(hdev);
922 hci_req_run(&req, NULL);
925 static void rpa_expired(struct work_struct *work)
927 struct hci_dev *hdev = container_of(work, struct hci_dev,
929 struct hci_request req;
933 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
935 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
938 /* The generation of a new RPA and programming it into the
939 * controller happens in the hci_req_enable_advertising()
942 hci_req_init(&req, hdev);
943 if (ext_adv_capable(hdev))
944 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
946 __hci_req_enable_advertising(&req);
947 hci_req_run(&req, NULL);
950 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
952 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
955 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
956 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
958 /* Non-mgmt controlled devices get this bit set
959 * implicitly so that pairing works for them, however
960 * for mgmt we require user-space to explicitly enable
963 hci_dev_clear_flag(hdev, HCI_BONDABLE);
966 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
967 void *data, u16 data_len)
969 struct mgmt_rp_read_info rp;
971 BT_DBG("sock %p %s", sk, hdev->name);
975 memset(&rp, 0, sizeof(rp));
977 bacpy(&rp.bdaddr, &hdev->bdaddr);
979 rp.version = hdev->hci_ver;
980 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
982 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
983 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
985 memcpy(rp.dev_class, hdev->dev_class, 3);
987 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
988 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
990 hci_dev_unlock(hdev);
992 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
996 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1001 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1002 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1003 hdev->dev_class, 3);
1005 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1006 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1009 name_len = strlen(hdev->dev_name);
1010 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1011 hdev->dev_name, name_len);
1013 name_len = strlen(hdev->short_name);
1014 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1015 hdev->short_name, name_len);
1020 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1021 void *data, u16 data_len)
1024 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1027 BT_DBG("sock %p %s", sk, hdev->name);
1029 memset(&buf, 0, sizeof(buf));
1033 bacpy(&rp->bdaddr, &hdev->bdaddr);
1035 rp->version = hdev->hci_ver;
1036 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1038 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1039 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1042 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1043 rp->eir_len = cpu_to_le16(eir_len);
1045 hci_dev_unlock(hdev);
1047 /* If this command is called at least once, then the events
1048 * for class of device and local name changes are disabled
1049 * and only the new extended controller information event
1052 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1053 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1054 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1056 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1057 sizeof(*rp) + eir_len);
1060 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1063 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1066 memset(buf, 0, sizeof(buf));
1068 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1069 ev->eir_len = cpu_to_le16(eir_len);
1071 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1072 sizeof(*ev) + eir_len,
1073 HCI_MGMT_EXT_INFO_EVENTS, skip);
1076 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1078 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1080 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1084 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1086 BT_DBG("%s status 0x%02x", hdev->name, status);
1088 if (hci_conn_count(hdev) == 0) {
1089 cancel_delayed_work(&hdev->power_off);
1090 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1094 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1096 struct mgmt_ev_advertising_added ev;
1098 ev.instance = instance;
1100 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1103 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1106 struct mgmt_ev_advertising_removed ev;
1108 ev.instance = instance;
1110 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1113 static void cancel_adv_timeout(struct hci_dev *hdev)
1115 if (hdev->adv_instance_timeout) {
1116 hdev->adv_instance_timeout = 0;
1117 cancel_delayed_work(&hdev->adv_instance_expire);
1121 static int clean_up_hci_state(struct hci_dev *hdev)
1123 struct hci_request req;
1124 struct hci_conn *conn;
1125 bool discov_stopped;
1128 hci_req_init(&req, hdev);
1130 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1131 test_bit(HCI_PSCAN, &hdev->flags)) {
1133 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1136 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1138 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1139 __hci_req_disable_advertising(&req);
1141 discov_stopped = hci_req_stop_discovery(&req);
1143 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1144 /* 0x15 == Terminated due to Power Off */
1145 __hci_abort_conn(&req, conn, 0x15);
1148 err = hci_req_run(&req, clean_up_hci_complete);
1149 if (!err && discov_stopped)
1150 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1155 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1158 struct mgmt_mode *cp = data;
1159 struct mgmt_pending_cmd *cmd;
1162 BT_DBG("request for %s", hdev->name);
1164 if (cp->val != 0x00 && cp->val != 0x01)
1165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1166 MGMT_STATUS_INVALID_PARAMS);
1170 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1171 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1176 if (!!cp->val == hdev_is_powered(hdev)) {
1177 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1181 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1188 queue_work(hdev->req_workqueue, &hdev->power_on);
1191 /* Disconnect connections, stop scans, etc */
1192 err = clean_up_hci_state(hdev);
1194 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1195 HCI_POWER_OFF_TIMEOUT);
1197 /* ENODATA means there were no HCI commands queued */
1198 if (err == -ENODATA) {
1199 cancel_delayed_work(&hdev->power_off);
1200 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1206 hci_dev_unlock(hdev);
1210 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1212 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1214 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1215 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1218 int mgmt_new_settings(struct hci_dev *hdev)
1220 return new_settings(hdev, NULL);
1225 struct hci_dev *hdev;
1229 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1231 struct cmd_lookup *match = data;
1233 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1235 list_del(&cmd->list);
1237 if (match->sk == NULL) {
1238 match->sk = cmd->sk;
1239 sock_hold(match->sk);
1242 mgmt_pending_free(cmd);
1245 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1249 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1250 mgmt_pending_remove(cmd);
1253 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1255 if (cmd->cmd_complete) {
1258 cmd->cmd_complete(cmd, *status);
1259 mgmt_pending_remove(cmd);
1264 cmd_status_rsp(cmd, data);
1267 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1269 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1270 cmd->param, cmd->param_len);
1273 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1275 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1276 cmd->param, sizeof(struct mgmt_addr_info));
1279 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1281 if (!lmp_bredr_capable(hdev))
1282 return MGMT_STATUS_NOT_SUPPORTED;
1283 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1284 return MGMT_STATUS_REJECTED;
1286 return MGMT_STATUS_SUCCESS;
1289 static u8 mgmt_le_support(struct hci_dev *hdev)
1291 if (!lmp_le_capable(hdev))
1292 return MGMT_STATUS_NOT_SUPPORTED;
1293 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1294 return MGMT_STATUS_REJECTED;
1296 return MGMT_STATUS_SUCCESS;
1299 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1301 struct mgmt_pending_cmd *cmd;
1303 BT_DBG("status 0x%02x", status);
1307 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1312 u8 mgmt_err = mgmt_status(status);
1313 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1314 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1318 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1319 hdev->discov_timeout > 0) {
1320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1321 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1324 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1325 new_settings(hdev, cmd->sk);
1328 mgmt_pending_remove(cmd);
1331 hci_dev_unlock(hdev);
1334 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1337 struct mgmt_cp_set_discoverable *cp = data;
1338 struct mgmt_pending_cmd *cmd;
1342 BT_DBG("request for %s", hdev->name);
1344 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1345 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1346 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1347 MGMT_STATUS_REJECTED);
1349 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1350 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1351 MGMT_STATUS_INVALID_PARAMS);
1353 timeout = __le16_to_cpu(cp->timeout);
1355 /* Disabling discoverable requires that no timeout is set,
1356 * and enabling limited discoverable requires a timeout.
1358 if ((cp->val == 0x00 && timeout > 0) ||
1359 (cp->val == 0x02 && timeout == 0))
1360 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1361 MGMT_STATUS_INVALID_PARAMS);
1365 if (!hdev_is_powered(hdev) && timeout > 0) {
1366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1367 MGMT_STATUS_NOT_POWERED);
1371 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1372 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1373 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1378 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1379 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1380 MGMT_STATUS_REJECTED);
1384 if (!hdev_is_powered(hdev)) {
1385 bool changed = false;
1387 /* Setting limited discoverable when powered off is
1388 * not a valid operation since it requires a timeout
1389 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1391 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1392 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1396 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1401 err = new_settings(hdev, sk);
1406 /* If the current mode is the same, then just update the timeout
1407 * value with the new value. And if only the timeout gets updated,
1408 * then no need for any HCI transactions.
1410 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1411 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1412 HCI_LIMITED_DISCOVERABLE)) {
1413 cancel_delayed_work(&hdev->discov_off);
1414 hdev->discov_timeout = timeout;
1416 if (cp->val && hdev->discov_timeout > 0) {
1417 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1418 queue_delayed_work(hdev->req_workqueue,
1419 &hdev->discov_off, to);
1422 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1426 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1432 /* Cancel any potential discoverable timeout that might be
1433 * still active and store new timeout value. The arming of
1434 * the timeout happens in the complete handler.
1436 cancel_delayed_work(&hdev->discov_off);
1437 hdev->discov_timeout = timeout;
1440 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1442 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1444 /* Limited discoverable mode */
1445 if (cp->val == 0x02)
1446 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1448 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1450 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1454 hci_dev_unlock(hdev);
1458 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1460 struct mgmt_pending_cmd *cmd;
1462 BT_DBG("status 0x%02x", status);
1466 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1471 u8 mgmt_err = mgmt_status(status);
1472 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1476 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1477 new_settings(hdev, cmd->sk);
1480 mgmt_pending_remove(cmd);
1483 hci_dev_unlock(hdev);
1486 static int set_connectable_update_settings(struct hci_dev *hdev,
1487 struct sock *sk, u8 val)
1489 bool changed = false;
1492 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1496 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1498 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1499 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1502 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1507 hci_req_update_scan(hdev);
1508 hci_update_background_scan(hdev);
1509 return new_settings(hdev, sk);
1515 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1518 struct mgmt_mode *cp = data;
1519 struct mgmt_pending_cmd *cmd;
1522 BT_DBG("request for %s", hdev->name);
1524 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1525 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1527 MGMT_STATUS_REJECTED);
1529 if (cp->val != 0x00 && cp->val != 0x01)
1530 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1531 MGMT_STATUS_INVALID_PARAMS);
1535 if (!hdev_is_powered(hdev)) {
1536 err = set_connectable_update_settings(hdev, sk, cp->val);
1540 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1541 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1542 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1547 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1554 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1556 if (hdev->discov_timeout > 0)
1557 cancel_delayed_work(&hdev->discov_off);
1559 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1560 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1561 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1564 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1568 hci_dev_unlock(hdev);
1572 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1575 struct mgmt_mode *cp = data;
1579 BT_DBG("request for %s", hdev->name);
1581 if (cp->val != 0x00 && cp->val != 0x01)
1582 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1583 MGMT_STATUS_INVALID_PARAMS);
1588 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1590 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1592 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1597 /* In limited privacy mode the change of bondable mode
1598 * may affect the local advertising address.
1600 if (hdev_is_powered(hdev) &&
1601 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1602 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1603 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1604 queue_work(hdev->req_workqueue,
1605 &hdev->discoverable_update);
1607 err = new_settings(hdev, sk);
1611 hci_dev_unlock(hdev);
1615 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1618 struct mgmt_mode *cp = data;
1619 struct mgmt_pending_cmd *cmd;
1623 BT_DBG("request for %s", hdev->name);
1625 status = mgmt_bredr_support(hdev);
1627 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1630 if (cp->val != 0x00 && cp->val != 0x01)
1631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1632 MGMT_STATUS_INVALID_PARAMS);
1636 if (!hdev_is_powered(hdev)) {
1637 bool changed = false;
1639 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1640 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1644 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1649 err = new_settings(hdev, sk);
1654 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1662 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1663 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1667 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1673 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1675 mgmt_pending_remove(cmd);
1680 hci_dev_unlock(hdev);
1684 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1686 struct mgmt_mode *cp = data;
1687 struct mgmt_pending_cmd *cmd;
1691 BT_DBG("request for %s", hdev->name);
1693 status = mgmt_bredr_support(hdev);
1695 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1697 if (!lmp_ssp_capable(hdev))
1698 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1699 MGMT_STATUS_NOT_SUPPORTED);
1701 if (cp->val != 0x00 && cp->val != 0x01)
1702 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1703 MGMT_STATUS_INVALID_PARAMS);
1707 if (!hdev_is_powered(hdev)) {
1711 changed = !hci_dev_test_and_set_flag(hdev,
1714 changed = hci_dev_test_and_clear_flag(hdev,
1717 changed = hci_dev_test_and_clear_flag(hdev,
1720 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1723 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1728 err = new_settings(hdev, sk);
1733 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1734 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1739 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1740 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1744 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1750 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1751 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1752 sizeof(cp->val), &cp->val);
1754 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1756 mgmt_pending_remove(cmd);
1761 hci_dev_unlock(hdev);
1765 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1767 struct mgmt_mode *cp = data;
1772 BT_DBG("request for %s", hdev->name);
1774 status = mgmt_bredr_support(hdev);
1776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1778 if (!lmp_ssp_capable(hdev))
1779 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1780 MGMT_STATUS_NOT_SUPPORTED);
1782 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1783 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1784 MGMT_STATUS_REJECTED);
1786 if (cp->val != 0x00 && cp->val != 0x01)
1787 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1788 MGMT_STATUS_INVALID_PARAMS);
1792 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1793 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1799 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1801 if (hdev_is_powered(hdev)) {
1802 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1803 MGMT_STATUS_REJECTED);
1807 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1810 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1815 err = new_settings(hdev, sk);
1818 hci_dev_unlock(hdev);
1822 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1824 struct cmd_lookup match = { NULL, hdev };
1829 u8 mgmt_err = mgmt_status(status);
1831 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1836 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1838 new_settings(hdev, match.sk);
1843 /* Make sure the controller has a good default for
1844 * advertising data. Restrict the update to when LE
1845 * has actually been enabled. During power on, the
1846 * update in powered_update_hci will take care of it.
1848 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1849 struct hci_request req;
1850 hci_req_init(&req, hdev);
1851 if (ext_adv_capable(hdev)) {
1854 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1856 __hci_req_update_scan_rsp_data(&req, 0x00);
1858 __hci_req_update_adv_data(&req, 0x00);
1859 __hci_req_update_scan_rsp_data(&req, 0x00);
1861 hci_req_run(&req, NULL);
1862 hci_update_background_scan(hdev);
1866 hci_dev_unlock(hdev);
1869 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1871 struct mgmt_mode *cp = data;
1872 struct hci_cp_write_le_host_supported hci_cp;
1873 struct mgmt_pending_cmd *cmd;
1874 struct hci_request req;
1878 BT_DBG("request for %s", hdev->name);
1880 if (!lmp_le_capable(hdev))
1881 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1882 MGMT_STATUS_NOT_SUPPORTED);
1884 if (cp->val != 0x00 && cp->val != 0x01)
1885 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1886 MGMT_STATUS_INVALID_PARAMS);
1888 /* Bluetooth single mode LE only controllers or dual-mode
1889 * controllers configured as LE only devices, do not allow
1890 * switching LE off. These have either LE enabled explicitly
1891 * or BR/EDR has been previously switched off.
1893 * When trying to enable an already enabled LE, then gracefully
1894 * send a positive response. Trying to disable it however will
1895 * result into rejection.
1897 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1898 if (cp->val == 0x01)
1899 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1901 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1902 MGMT_STATUS_REJECTED);
1908 enabled = lmp_host_le_capable(hdev);
1911 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1913 if (!hdev_is_powered(hdev) || val == enabled) {
1914 bool changed = false;
1916 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1917 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1921 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1922 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1926 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1931 err = new_settings(hdev, sk);
1936 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1937 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1938 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1943 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1949 hci_req_init(&req, hdev);
1951 memset(&hci_cp, 0, sizeof(hci_cp));
1955 hci_cp.simul = 0x00;
1957 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1958 __hci_req_disable_advertising(&req);
1960 if (ext_adv_capable(hdev))
1961 __hci_req_clear_ext_adv_sets(&req);
1964 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1967 err = hci_req_run(&req, le_enable_complete);
1969 mgmt_pending_remove(cmd);
1972 hci_dev_unlock(hdev);
1976 /* This is a helper function to test for pending mgmt commands that can
1977 * cause CoD or EIR HCI commands. We can only allow one such pending
1978 * mgmt command at a time since otherwise we cannot easily track what
1979 * the current values are, will be, and based on that calculate if a new
1980 * HCI command needs to be sent and if yes with what value.
1982 static bool pending_eir_or_class(struct hci_dev *hdev)
1984 struct mgmt_pending_cmd *cmd;
1986 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1987 switch (cmd->opcode) {
1988 case MGMT_OP_ADD_UUID:
1989 case MGMT_OP_REMOVE_UUID:
1990 case MGMT_OP_SET_DEV_CLASS:
1991 case MGMT_OP_SET_POWERED:
1999 static const u8 bluetooth_base_uuid[] = {
2000 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2001 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2004 static u8 get_uuid_size(const u8 *uuid)
2008 if (memcmp(uuid, bluetooth_base_uuid, 12))
2011 val = get_unaligned_le32(&uuid[12]);
2018 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2020 struct mgmt_pending_cmd *cmd;
2024 cmd = pending_find(mgmt_op, hdev);
2028 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2029 mgmt_status(status), hdev->dev_class, 3);
2031 mgmt_pending_remove(cmd);
2034 hci_dev_unlock(hdev);
2037 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2039 BT_DBG("status 0x%02x", status);
2041 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2044 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2046 struct mgmt_cp_add_uuid *cp = data;
2047 struct mgmt_pending_cmd *cmd;
2048 struct hci_request req;
2049 struct bt_uuid *uuid;
2052 BT_DBG("request for %s", hdev->name);
2056 if (pending_eir_or_class(hdev)) {
2057 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2062 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2068 memcpy(uuid->uuid, cp->uuid, 16);
2069 uuid->svc_hint = cp->svc_hint;
2070 uuid->size = get_uuid_size(cp->uuid);
2072 list_add_tail(&uuid->list, &hdev->uuids);
2074 hci_req_init(&req, hdev);
2076 __hci_req_update_class(&req);
2077 __hci_req_update_eir(&req);
2079 err = hci_req_run(&req, add_uuid_complete);
2081 if (err != -ENODATA)
2084 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2085 hdev->dev_class, 3);
2089 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2098 hci_dev_unlock(hdev);
2102 static bool enable_service_cache(struct hci_dev *hdev)
2104 if (!hdev_is_powered(hdev))
2107 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2108 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2116 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2118 BT_DBG("status 0x%02x", status);
2120 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2123 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2126 struct mgmt_cp_remove_uuid *cp = data;
2127 struct mgmt_pending_cmd *cmd;
2128 struct bt_uuid *match, *tmp;
2129 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2130 struct hci_request req;
2133 BT_DBG("request for %s", hdev->name);
2137 if (pending_eir_or_class(hdev)) {
2138 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2143 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2144 hci_uuids_clear(hdev);
2146 if (enable_service_cache(hdev)) {
2147 err = mgmt_cmd_complete(sk, hdev->id,
2148 MGMT_OP_REMOVE_UUID,
2149 0, hdev->dev_class, 3);
2158 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2159 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2162 list_del(&match->list);
2168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2169 MGMT_STATUS_INVALID_PARAMS);
2174 hci_req_init(&req, hdev);
2176 __hci_req_update_class(&req);
2177 __hci_req_update_eir(&req);
2179 err = hci_req_run(&req, remove_uuid_complete);
2181 if (err != -ENODATA)
2184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2185 hdev->dev_class, 3);
2189 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2198 hci_dev_unlock(hdev);
2202 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2204 BT_DBG("status 0x%02x", status);
2206 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2209 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2212 struct mgmt_cp_set_dev_class *cp = data;
2213 struct mgmt_pending_cmd *cmd;
2214 struct hci_request req;
2217 BT_DBG("request for %s", hdev->name);
2219 if (!lmp_bredr_capable(hdev))
2220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2221 MGMT_STATUS_NOT_SUPPORTED);
2225 if (pending_eir_or_class(hdev)) {
2226 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2231 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2232 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2233 MGMT_STATUS_INVALID_PARAMS);
2237 hdev->major_class = cp->major;
2238 hdev->minor_class = cp->minor;
2240 if (!hdev_is_powered(hdev)) {
2241 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2242 hdev->dev_class, 3);
2246 hci_req_init(&req, hdev);
2248 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2249 hci_dev_unlock(hdev);
2250 cancel_delayed_work_sync(&hdev->service_cache);
2252 __hci_req_update_eir(&req);
2255 __hci_req_update_class(&req);
2257 err = hci_req_run(&req, set_class_complete);
2259 if (err != -ENODATA)
2262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2263 hdev->dev_class, 3);
2267 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2276 hci_dev_unlock(hdev);
2280 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2283 struct mgmt_cp_load_link_keys *cp = data;
2284 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2285 sizeof(struct mgmt_link_key_info));
2286 u16 key_count, expected_len;
2290 BT_DBG("request for %s", hdev->name);
2292 if (!lmp_bredr_capable(hdev))
2293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2294 MGMT_STATUS_NOT_SUPPORTED);
2296 key_count = __le16_to_cpu(cp->key_count);
2297 if (key_count > max_key_count) {
2298 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2300 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2301 MGMT_STATUS_INVALID_PARAMS);
2304 expected_len = struct_size(cp, keys, key_count);
2305 if (expected_len != len) {
2306 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2308 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2309 MGMT_STATUS_INVALID_PARAMS);
2312 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2313 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2314 MGMT_STATUS_INVALID_PARAMS);
2316 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2319 for (i = 0; i < key_count; i++) {
2320 struct mgmt_link_key_info *key = &cp->keys[i];
2322 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2323 return mgmt_cmd_status(sk, hdev->id,
2324 MGMT_OP_LOAD_LINK_KEYS,
2325 MGMT_STATUS_INVALID_PARAMS);
2330 hci_link_keys_clear(hdev);
2333 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2335 changed = hci_dev_test_and_clear_flag(hdev,
2336 HCI_KEEP_DEBUG_KEYS);
2339 new_settings(hdev, NULL);
2341 for (i = 0; i < key_count; i++) {
2342 struct mgmt_link_key_info *key = &cp->keys[i];
2344 /* Always ignore debug keys and require a new pairing if
2345 * the user wants to use them.
2347 if (key->type == HCI_LK_DEBUG_COMBINATION)
2350 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2351 key->type, key->pin_len, NULL);
2354 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2356 hci_dev_unlock(hdev);
2361 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2362 u8 addr_type, struct sock *skip_sk)
2364 struct mgmt_ev_device_unpaired ev;
2366 bacpy(&ev.addr.bdaddr, bdaddr);
2367 ev.addr.type = addr_type;
2369 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2373 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2376 struct mgmt_cp_unpair_device *cp = data;
2377 struct mgmt_rp_unpair_device rp;
2378 struct hci_conn_params *params;
2379 struct mgmt_pending_cmd *cmd;
2380 struct hci_conn *conn;
2384 memset(&rp, 0, sizeof(rp));
2385 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2386 rp.addr.type = cp->addr.type;
2388 if (!bdaddr_type_is_valid(cp->addr.type))
2389 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2390 MGMT_STATUS_INVALID_PARAMS,
2393 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2394 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2395 MGMT_STATUS_INVALID_PARAMS,
2400 if (!hdev_is_powered(hdev)) {
2401 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2402 MGMT_STATUS_NOT_POWERED, &rp,
2407 if (cp->addr.type == BDADDR_BREDR) {
2408 /* If disconnection is requested, then look up the
2409 * connection. If the remote device is connected, it
2410 * will be later used to terminate the link.
2412 * Setting it to NULL explicitly will cause no
2413 * termination of the link.
2416 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2421 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2423 err = mgmt_cmd_complete(sk, hdev->id,
2424 MGMT_OP_UNPAIR_DEVICE,
2425 MGMT_STATUS_NOT_PAIRED, &rp,
2433 /* LE address type */
2434 addr_type = le_addr_type(cp->addr.type);
2436 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2437 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2439 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2440 MGMT_STATUS_NOT_PAIRED, &rp,
2445 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2447 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2452 /* Defer clearing up the connection parameters until closing to
2453 * give a chance of keeping them if a repairing happens.
2455 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2457 /* Disable auto-connection parameters if present */
2458 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2460 if (params->explicit_connect)
2461 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2463 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2466 /* If disconnection is not requested, then clear the connection
2467 * variable so that the link is not terminated.
2469 if (!cp->disconnect)
2473 /* If the connection variable is set, then termination of the
2474 * link is requested.
2477 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2479 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2483 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2490 cmd->cmd_complete = addr_cmd_complete;
2492 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2494 mgmt_pending_remove(cmd);
2497 hci_dev_unlock(hdev);
2501 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2504 struct mgmt_cp_disconnect *cp = data;
2505 struct mgmt_rp_disconnect rp;
2506 struct mgmt_pending_cmd *cmd;
2507 struct hci_conn *conn;
2512 memset(&rp, 0, sizeof(rp));
2513 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2514 rp.addr.type = cp->addr.type;
2516 if (!bdaddr_type_is_valid(cp->addr.type))
2517 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2518 MGMT_STATUS_INVALID_PARAMS,
2523 if (!test_bit(HCI_UP, &hdev->flags)) {
2524 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2525 MGMT_STATUS_NOT_POWERED, &rp,
2530 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2531 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2532 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2536 if (cp->addr.type == BDADDR_BREDR)
2537 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2540 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2541 le_addr_type(cp->addr.type));
2543 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2544 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2545 MGMT_STATUS_NOT_CONNECTED, &rp,
2550 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2556 cmd->cmd_complete = generic_cmd_complete;
2558 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2560 mgmt_pending_remove(cmd);
2563 hci_dev_unlock(hdev);
2567 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2569 switch (link_type) {
2571 switch (addr_type) {
2572 case ADDR_LE_DEV_PUBLIC:
2573 return BDADDR_LE_PUBLIC;
2576 /* Fallback to LE Random address type */
2577 return BDADDR_LE_RANDOM;
2581 /* Fallback to BR/EDR type */
2582 return BDADDR_BREDR;
2586 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2589 struct mgmt_rp_get_connections *rp;
2598 if (!hdev_is_powered(hdev)) {
2599 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2600 MGMT_STATUS_NOT_POWERED);
2605 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2606 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2610 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
2617 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2618 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2620 bacpy(&rp->addr[i].bdaddr, &c->dst);
2621 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2622 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2627 rp->conn_count = cpu_to_le16(i);
2629 /* Recalculate length in case of filtered SCO connections, etc */
2630 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2631 struct_size(rp, addr, i));
2636 hci_dev_unlock(hdev);
2640 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2641 struct mgmt_cp_pin_code_neg_reply *cp)
2643 struct mgmt_pending_cmd *cmd;
2646 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2651 cmd->cmd_complete = addr_cmd_complete;
2653 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2654 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2656 mgmt_pending_remove(cmd);
2661 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2664 struct hci_conn *conn;
2665 struct mgmt_cp_pin_code_reply *cp = data;
2666 struct hci_cp_pin_code_reply reply;
2667 struct mgmt_pending_cmd *cmd;
2674 if (!hdev_is_powered(hdev)) {
2675 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2676 MGMT_STATUS_NOT_POWERED);
2680 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2682 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2683 MGMT_STATUS_NOT_CONNECTED);
2687 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2688 struct mgmt_cp_pin_code_neg_reply ncp;
2690 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2692 bt_dev_err(hdev, "PIN code is not 16 bytes long");
2694 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2696 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2697 MGMT_STATUS_INVALID_PARAMS);
2702 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2708 cmd->cmd_complete = addr_cmd_complete;
2710 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2711 reply.pin_len = cp->pin_len;
2712 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2714 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2716 mgmt_pending_remove(cmd);
2719 hci_dev_unlock(hdev);
2723 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2726 struct mgmt_cp_set_io_capability *cp = data;
2730 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2731 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2732 MGMT_STATUS_INVALID_PARAMS);
2736 hdev->io_capability = cp->io_capability;
2738 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2739 hdev->io_capability);
2741 hci_dev_unlock(hdev);
2743 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2747 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2749 struct hci_dev *hdev = conn->hdev;
2750 struct mgmt_pending_cmd *cmd;
2752 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2753 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2756 if (cmd->user_data != conn)
2765 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2767 struct mgmt_rp_pair_device rp;
2768 struct hci_conn *conn = cmd->user_data;
2771 bacpy(&rp.addr.bdaddr, &conn->dst);
2772 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2774 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2775 status, &rp, sizeof(rp));
2777 /* So we don't get further callbacks for this connection */
2778 conn->connect_cfm_cb = NULL;
2779 conn->security_cfm_cb = NULL;
2780 conn->disconn_cfm_cb = NULL;
2782 hci_conn_drop(conn);
2784 /* The device is paired so there is no need to remove
2785 * its connection parameters anymore.
2787 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2794 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2796 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2797 struct mgmt_pending_cmd *cmd;
2799 cmd = find_pairing(conn);
2801 cmd->cmd_complete(cmd, status);
2802 mgmt_pending_remove(cmd);
2806 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2808 struct mgmt_pending_cmd *cmd;
2810 BT_DBG("status %u", status);
2812 cmd = find_pairing(conn);
2814 BT_DBG("Unable to find a pending command");
2818 cmd->cmd_complete(cmd, mgmt_status(status));
2819 mgmt_pending_remove(cmd);
2822 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2824 struct mgmt_pending_cmd *cmd;
2826 BT_DBG("status %u", status);
2831 cmd = find_pairing(conn);
2833 BT_DBG("Unable to find a pending command");
2837 cmd->cmd_complete(cmd, mgmt_status(status));
2838 mgmt_pending_remove(cmd);
2841 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2844 struct mgmt_cp_pair_device *cp = data;
2845 struct mgmt_rp_pair_device rp;
2846 struct mgmt_pending_cmd *cmd;
2847 u8 sec_level, auth_type;
2848 struct hci_conn *conn;
2853 memset(&rp, 0, sizeof(rp));
2854 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2855 rp.addr.type = cp->addr.type;
2857 if (!bdaddr_type_is_valid(cp->addr.type))
2858 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2859 MGMT_STATUS_INVALID_PARAMS,
2862 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2863 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2864 MGMT_STATUS_INVALID_PARAMS,
2869 if (!hdev_is_powered(hdev)) {
2870 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2871 MGMT_STATUS_NOT_POWERED, &rp,
2876 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2877 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2878 MGMT_STATUS_ALREADY_PAIRED, &rp,
2883 sec_level = BT_SECURITY_MEDIUM;
2884 auth_type = HCI_AT_DEDICATED_BONDING;
2886 if (cp->addr.type == BDADDR_BREDR) {
2887 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2890 u8 addr_type = le_addr_type(cp->addr.type);
2891 struct hci_conn_params *p;
2893 /* When pairing a new device, it is expected to remember
2894 * this device for future connections. Adding the connection
2895 * parameter information ahead of time allows tracking
2896 * of the slave preferred values and will speed up any
2897 * further connection establishment.
2899 * If connection parameters already exist, then they
2900 * will be kept and this function does nothing.
2902 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2904 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2905 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2907 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2908 addr_type, sec_level,
2909 HCI_LE_CONN_TIMEOUT);
2915 if (PTR_ERR(conn) == -EBUSY)
2916 status = MGMT_STATUS_BUSY;
2917 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2918 status = MGMT_STATUS_NOT_SUPPORTED;
2919 else if (PTR_ERR(conn) == -ECONNREFUSED)
2920 status = MGMT_STATUS_REJECTED;
2922 status = MGMT_STATUS_CONNECT_FAILED;
2924 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2925 status, &rp, sizeof(rp));
2929 if (conn->connect_cfm_cb) {
2930 hci_conn_drop(conn);
2931 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2932 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2936 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2939 hci_conn_drop(conn);
2943 cmd->cmd_complete = pairing_complete;
2945 /* For LE, just connecting isn't a proof that the pairing finished */
2946 if (cp->addr.type == BDADDR_BREDR) {
2947 conn->connect_cfm_cb = pairing_complete_cb;
2948 conn->security_cfm_cb = pairing_complete_cb;
2949 conn->disconn_cfm_cb = pairing_complete_cb;
2951 conn->connect_cfm_cb = le_pairing_complete_cb;
2952 conn->security_cfm_cb = le_pairing_complete_cb;
2953 conn->disconn_cfm_cb = le_pairing_complete_cb;
2956 conn->io_capability = cp->io_cap;
2957 cmd->user_data = hci_conn_get(conn);
2959 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2960 hci_conn_security(conn, sec_level, auth_type, true)) {
2961 cmd->cmd_complete(cmd, 0);
2962 mgmt_pending_remove(cmd);
2968 hci_dev_unlock(hdev);
2972 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2975 struct mgmt_addr_info *addr = data;
2976 struct mgmt_pending_cmd *cmd;
2977 struct hci_conn *conn;
2984 if (!hdev_is_powered(hdev)) {
2985 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2986 MGMT_STATUS_NOT_POWERED);
2990 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2992 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2993 MGMT_STATUS_INVALID_PARAMS);
2997 conn = cmd->user_data;
2999 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3000 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3001 MGMT_STATUS_INVALID_PARAMS);
3005 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3006 mgmt_pending_remove(cmd);
3008 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3009 addr, sizeof(*addr));
3011 hci_dev_unlock(hdev);
3015 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3016 struct mgmt_addr_info *addr, u16 mgmt_op,
3017 u16 hci_op, __le32 passkey)
3019 struct mgmt_pending_cmd *cmd;
3020 struct hci_conn *conn;
3025 if (!hdev_is_powered(hdev)) {
3026 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3027 MGMT_STATUS_NOT_POWERED, addr,
3032 if (addr->type == BDADDR_BREDR)
3033 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3035 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3036 le_addr_type(addr->type));
3039 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3040 MGMT_STATUS_NOT_CONNECTED, addr,
3045 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3046 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3048 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3049 MGMT_STATUS_SUCCESS, addr,
3052 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3053 MGMT_STATUS_FAILED, addr,
3059 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3065 cmd->cmd_complete = addr_cmd_complete;
3067 /* Continue with pairing via HCI */
3068 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3069 struct hci_cp_user_passkey_reply cp;
3071 bacpy(&cp.bdaddr, &addr->bdaddr);
3072 cp.passkey = passkey;
3073 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3075 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3079 mgmt_pending_remove(cmd);
3082 hci_dev_unlock(hdev);
3086 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3087 void *data, u16 len)
3089 struct mgmt_cp_pin_code_neg_reply *cp = data;
3093 return user_pairing_resp(sk, hdev, &cp->addr,
3094 MGMT_OP_PIN_CODE_NEG_REPLY,
3095 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3098 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3101 struct mgmt_cp_user_confirm_reply *cp = data;
3105 if (len != sizeof(*cp))
3106 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3107 MGMT_STATUS_INVALID_PARAMS);
3109 return user_pairing_resp(sk, hdev, &cp->addr,
3110 MGMT_OP_USER_CONFIRM_REPLY,
3111 HCI_OP_USER_CONFIRM_REPLY, 0);
3114 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3115 void *data, u16 len)
3117 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3121 return user_pairing_resp(sk, hdev, &cp->addr,
3122 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3123 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3126 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3129 struct mgmt_cp_user_passkey_reply *cp = data;
3133 return user_pairing_resp(sk, hdev, &cp->addr,
3134 MGMT_OP_USER_PASSKEY_REPLY,
3135 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3138 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3139 void *data, u16 len)
3141 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3145 return user_pairing_resp(sk, hdev, &cp->addr,
3146 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3147 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3150 static void adv_expire(struct hci_dev *hdev, u32 flags)
3152 struct adv_info *adv_instance;
3153 struct hci_request req;
3156 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3160 /* stop if current instance doesn't need to be changed */
3161 if (!(adv_instance->flags & flags))
3164 cancel_adv_timeout(hdev);
3166 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3170 hci_req_init(&req, hdev);
3171 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3176 hci_req_run(&req, NULL);
3179 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3181 struct mgmt_cp_set_local_name *cp;
3182 struct mgmt_pending_cmd *cmd;
3184 BT_DBG("status 0x%02x", status);
3188 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3195 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3196 mgmt_status(status));
3198 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3201 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3202 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3205 mgmt_pending_remove(cmd);
3208 hci_dev_unlock(hdev);
3211 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3214 struct mgmt_cp_set_local_name *cp = data;
3215 struct mgmt_pending_cmd *cmd;
3216 struct hci_request req;
3223 /* If the old values are the same as the new ones just return a
3224 * direct command complete event.
3226 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3227 !memcmp(hdev->short_name, cp->short_name,
3228 sizeof(hdev->short_name))) {
3229 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3234 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3236 if (!hdev_is_powered(hdev)) {
3237 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3239 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3244 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3245 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3246 ext_info_changed(hdev, sk);
3251 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3257 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3259 hci_req_init(&req, hdev);
3261 if (lmp_bredr_capable(hdev)) {
3262 __hci_req_update_name(&req);
3263 __hci_req_update_eir(&req);
3266 /* The name is stored in the scan response data and so
3267 * no need to udpate the advertising data here.
3269 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3270 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3272 err = hci_req_run(&req, set_name_complete);
3274 mgmt_pending_remove(cmd);
3277 hci_dev_unlock(hdev);
3281 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3284 struct mgmt_cp_set_appearance *cp = data;
3290 if (!lmp_le_capable(hdev))
3291 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3292 MGMT_STATUS_NOT_SUPPORTED);
3294 apperance = le16_to_cpu(cp->appearance);
3298 if (hdev->appearance != apperance) {
3299 hdev->appearance = apperance;
3301 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3302 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3304 ext_info_changed(hdev, sk);
3307 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3310 hci_dev_unlock(hdev);
3315 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3316 void *data, u16 len)
3318 struct mgmt_rp_get_phy_confguration rp;
3320 BT_DBG("sock %p %s", sk, hdev->name);
3324 memset(&rp, 0, sizeof(rp));
3326 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3327 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3328 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3330 hci_dev_unlock(hdev);
3332 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3336 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3338 struct mgmt_ev_phy_configuration_changed ev;
3340 memset(&ev, 0, sizeof(ev));
3342 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3344 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3348 static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3349 u16 opcode, struct sk_buff *skb)
3351 struct mgmt_pending_cmd *cmd;
3353 BT_DBG("status 0x%02x", status);
3357 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3362 mgmt_cmd_status(cmd->sk, hdev->id,
3363 MGMT_OP_SET_PHY_CONFIGURATION,
3364 mgmt_status(status));
3366 mgmt_cmd_complete(cmd->sk, hdev->id,
3367 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3370 mgmt_phy_configuration_changed(hdev, cmd->sk);
3373 mgmt_pending_remove(cmd);
3376 hci_dev_unlock(hdev);
3379 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3380 void *data, u16 len)
3382 struct mgmt_cp_set_phy_confguration *cp = data;
3383 struct hci_cp_le_set_default_phy cp_phy;
3384 struct mgmt_pending_cmd *cmd;
3385 struct hci_request req;
3386 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3387 u16 pkt_type = (HCI_DH1 | HCI_DM1);
3388 bool changed = false;
3391 BT_DBG("sock %p %s", sk, hdev->name);
3393 configurable_phys = get_configurable_phys(hdev);
3394 supported_phys = get_supported_phys(hdev);
3395 selected_phys = __le32_to_cpu(cp->selected_phys);
3397 if (selected_phys & ~supported_phys)
3398 return mgmt_cmd_status(sk, hdev->id,
3399 MGMT_OP_SET_PHY_CONFIGURATION,
3400 MGMT_STATUS_INVALID_PARAMS);
3402 unconfigure_phys = supported_phys & ~configurable_phys;
3404 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3405 return mgmt_cmd_status(sk, hdev->id,
3406 MGMT_OP_SET_PHY_CONFIGURATION,
3407 MGMT_STATUS_INVALID_PARAMS);
3409 if (selected_phys == get_selected_phys(hdev))
3410 return mgmt_cmd_complete(sk, hdev->id,
3411 MGMT_OP_SET_PHY_CONFIGURATION,
3416 if (!hdev_is_powered(hdev)) {
3417 err = mgmt_cmd_status(sk, hdev->id,
3418 MGMT_OP_SET_PHY_CONFIGURATION,
3419 MGMT_STATUS_REJECTED);
3423 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3424 err = mgmt_cmd_status(sk, hdev->id,
3425 MGMT_OP_SET_PHY_CONFIGURATION,
3430 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3431 pkt_type |= (HCI_DH3 | HCI_DM3);
3433 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3435 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3436 pkt_type |= (HCI_DH5 | HCI_DM5);
3438 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3440 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3441 pkt_type &= ~HCI_2DH1;
3443 pkt_type |= HCI_2DH1;
3445 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3446 pkt_type &= ~HCI_2DH3;
3448 pkt_type |= HCI_2DH3;
3450 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3451 pkt_type &= ~HCI_2DH5;
3453 pkt_type |= HCI_2DH5;
3455 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3456 pkt_type &= ~HCI_3DH1;
3458 pkt_type |= HCI_3DH1;
3460 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3461 pkt_type &= ~HCI_3DH3;
3463 pkt_type |= HCI_3DH3;
3465 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3466 pkt_type &= ~HCI_3DH5;
3468 pkt_type |= HCI_3DH5;
3470 if (pkt_type != hdev->pkt_type) {
3471 hdev->pkt_type = pkt_type;
3475 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3476 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
3478 mgmt_phy_configuration_changed(hdev, sk);
3480 err = mgmt_cmd_complete(sk, hdev->id,
3481 MGMT_OP_SET_PHY_CONFIGURATION,
3487 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3494 hci_req_init(&req, hdev);
3496 memset(&cp_phy, 0, sizeof(cp_phy));
3498 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3499 cp_phy.all_phys |= 0x01;
3501 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3502 cp_phy.all_phys |= 0x02;
3504 if (selected_phys & MGMT_PHY_LE_1M_TX)
3505 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3507 if (selected_phys & MGMT_PHY_LE_2M_TX)
3508 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3510 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3511 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3513 if (selected_phys & MGMT_PHY_LE_1M_RX)
3514 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3516 if (selected_phys & MGMT_PHY_LE_2M_RX)
3517 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3519 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3520 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3522 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3524 err = hci_req_run_skb(&req, set_default_phy_complete);
3526 mgmt_pending_remove(cmd);
3529 hci_dev_unlock(hdev);
3534 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3535 u16 opcode, struct sk_buff *skb)
3537 struct mgmt_rp_read_local_oob_data mgmt_rp;
3538 size_t rp_size = sizeof(mgmt_rp);
3539 struct mgmt_pending_cmd *cmd;
3541 BT_DBG("%s status %u", hdev->name, status);
3543 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3547 if (status || !skb) {
3548 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3549 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3553 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3555 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3556 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3558 if (skb->len < sizeof(*rp)) {
3559 mgmt_cmd_status(cmd->sk, hdev->id,
3560 MGMT_OP_READ_LOCAL_OOB_DATA,
3561 MGMT_STATUS_FAILED);
3565 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3566 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3568 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3570 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3572 if (skb->len < sizeof(*rp)) {
3573 mgmt_cmd_status(cmd->sk, hdev->id,
3574 MGMT_OP_READ_LOCAL_OOB_DATA,
3575 MGMT_STATUS_FAILED);
3579 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3580 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3582 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3583 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3586 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3587 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3590 mgmt_pending_remove(cmd);
3593 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3594 void *data, u16 data_len)
3596 struct mgmt_pending_cmd *cmd;
3597 struct hci_request req;
3600 BT_DBG("%s", hdev->name);
3604 if (!hdev_is_powered(hdev)) {
3605 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3606 MGMT_STATUS_NOT_POWERED);
3610 if (!lmp_ssp_capable(hdev)) {
3611 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3612 MGMT_STATUS_NOT_SUPPORTED);
3616 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3617 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3622 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3628 hci_req_init(&req, hdev);
3630 if (bredr_sc_enabled(hdev))
3631 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3633 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3635 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3637 mgmt_pending_remove(cmd);
3640 hci_dev_unlock(hdev);
3644 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3645 void *data, u16 len)
3647 struct mgmt_addr_info *addr = data;
3650 BT_DBG("%s ", hdev->name);
3652 if (!bdaddr_type_is_valid(addr->type))
3653 return mgmt_cmd_complete(sk, hdev->id,
3654 MGMT_OP_ADD_REMOTE_OOB_DATA,
3655 MGMT_STATUS_INVALID_PARAMS,
3656 addr, sizeof(*addr));
3660 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3661 struct mgmt_cp_add_remote_oob_data *cp = data;
3664 if (cp->addr.type != BDADDR_BREDR) {
3665 err = mgmt_cmd_complete(sk, hdev->id,
3666 MGMT_OP_ADD_REMOTE_OOB_DATA,
3667 MGMT_STATUS_INVALID_PARAMS,
3668 &cp->addr, sizeof(cp->addr));
3672 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3673 cp->addr.type, cp->hash,
3674 cp->rand, NULL, NULL);
3676 status = MGMT_STATUS_FAILED;
3678 status = MGMT_STATUS_SUCCESS;
3680 err = mgmt_cmd_complete(sk, hdev->id,
3681 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3682 &cp->addr, sizeof(cp->addr));
3683 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3684 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3685 u8 *rand192, *hash192, *rand256, *hash256;
3688 if (bdaddr_type_is_le(cp->addr.type)) {
3689 /* Enforce zero-valued 192-bit parameters as
3690 * long as legacy SMP OOB isn't implemented.
3692 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3693 memcmp(cp->hash192, ZERO_KEY, 16)) {
3694 err = mgmt_cmd_complete(sk, hdev->id,
3695 MGMT_OP_ADD_REMOTE_OOB_DATA,
3696 MGMT_STATUS_INVALID_PARAMS,
3697 addr, sizeof(*addr));
3704 /* In case one of the P-192 values is set to zero,
3705 * then just disable OOB data for P-192.
3707 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3708 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3712 rand192 = cp->rand192;
3713 hash192 = cp->hash192;
3717 /* In case one of the P-256 values is set to zero, then just
3718 * disable OOB data for P-256.
3720 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3721 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3725 rand256 = cp->rand256;
3726 hash256 = cp->hash256;
3729 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3730 cp->addr.type, hash192, rand192,
3733 status = MGMT_STATUS_FAILED;
3735 status = MGMT_STATUS_SUCCESS;
3737 err = mgmt_cmd_complete(sk, hdev->id,
3738 MGMT_OP_ADD_REMOTE_OOB_DATA,
3739 status, &cp->addr, sizeof(cp->addr));
3741 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
3743 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3744 MGMT_STATUS_INVALID_PARAMS);
3748 hci_dev_unlock(hdev);
3752 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3753 void *data, u16 len)
3755 struct mgmt_cp_remove_remote_oob_data *cp = data;
3759 BT_DBG("%s", hdev->name);
3761 if (cp->addr.type != BDADDR_BREDR)
3762 return mgmt_cmd_complete(sk, hdev->id,
3763 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3764 MGMT_STATUS_INVALID_PARAMS,
3765 &cp->addr, sizeof(cp->addr));
3769 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3770 hci_remote_oob_data_clear(hdev);
3771 status = MGMT_STATUS_SUCCESS;
3775 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3777 status = MGMT_STATUS_INVALID_PARAMS;
3779 status = MGMT_STATUS_SUCCESS;
3782 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3783 status, &cp->addr, sizeof(cp->addr));
3785 hci_dev_unlock(hdev);
3789 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3791 struct mgmt_pending_cmd *cmd;
3793 BT_DBG("status %d", status);
3797 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3799 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3802 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3805 cmd->cmd_complete(cmd, mgmt_status(status));
3806 mgmt_pending_remove(cmd);
3809 hci_dev_unlock(hdev);
3812 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3813 uint8_t *mgmt_status)
3816 case DISCOV_TYPE_LE:
3817 *mgmt_status = mgmt_le_support(hdev);
3821 case DISCOV_TYPE_INTERLEAVED:
3822 *mgmt_status = mgmt_le_support(hdev);
3825 /* Intentional fall-through */
3826 case DISCOV_TYPE_BREDR:
3827 *mgmt_status = mgmt_bredr_support(hdev);
3832 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3839 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3840 u16 op, void *data, u16 len)
3842 struct mgmt_cp_start_discovery *cp = data;
3843 struct mgmt_pending_cmd *cmd;
3847 BT_DBG("%s", hdev->name);
3851 if (!hdev_is_powered(hdev)) {
3852 err = mgmt_cmd_complete(sk, hdev->id, op,
3853 MGMT_STATUS_NOT_POWERED,
3854 &cp->type, sizeof(cp->type));
3858 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3859 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3860 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3861 &cp->type, sizeof(cp->type));
3865 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3866 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3867 &cp->type, sizeof(cp->type));
3871 /* Clear the discovery filter first to free any previously
3872 * allocated memory for the UUID list.
3874 hci_discovery_filter_clear(hdev);
3876 hdev->discovery.type = cp->type;
3877 hdev->discovery.report_invalid_rssi = false;
3878 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3879 hdev->discovery.limited = true;
3881 hdev->discovery.limited = false;
3883 cmd = mgmt_pending_add(sk, op, hdev, data, len);
3889 cmd->cmd_complete = generic_cmd_complete;
3891 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3892 queue_work(hdev->req_workqueue, &hdev->discov_update);
3896 hci_dev_unlock(hdev);
3900 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3901 void *data, u16 len)
3903 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3907 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3908 void *data, u16 len)
3910 return start_discovery_internal(sk, hdev,
3911 MGMT_OP_START_LIMITED_DISCOVERY,
3915 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3918 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3922 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3923 void *data, u16 len)
3925 struct mgmt_cp_start_service_discovery *cp = data;
3926 struct mgmt_pending_cmd *cmd;
3927 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3928 u16 uuid_count, expected_len;
3932 BT_DBG("%s", hdev->name);
3936 if (!hdev_is_powered(hdev)) {
3937 err = mgmt_cmd_complete(sk, hdev->id,
3938 MGMT_OP_START_SERVICE_DISCOVERY,
3939 MGMT_STATUS_NOT_POWERED,
3940 &cp->type, sizeof(cp->type));
3944 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3945 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3946 err = mgmt_cmd_complete(sk, hdev->id,
3947 MGMT_OP_START_SERVICE_DISCOVERY,
3948 MGMT_STATUS_BUSY, &cp->type,
3953 uuid_count = __le16_to_cpu(cp->uuid_count);
3954 if (uuid_count > max_uuid_count) {
3955 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
3957 err = mgmt_cmd_complete(sk, hdev->id,
3958 MGMT_OP_START_SERVICE_DISCOVERY,
3959 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3964 expected_len = sizeof(*cp) + uuid_count * 16;
3965 if (expected_len != len) {
3966 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
3968 err = mgmt_cmd_complete(sk, hdev->id,
3969 MGMT_OP_START_SERVICE_DISCOVERY,
3970 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3975 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3976 err = mgmt_cmd_complete(sk, hdev->id,
3977 MGMT_OP_START_SERVICE_DISCOVERY,
3978 status, &cp->type, sizeof(cp->type));
3982 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3989 cmd->cmd_complete = service_discovery_cmd_complete;
3991 /* Clear the discovery filter first to free any previously
3992 * allocated memory for the UUID list.
3994 hci_discovery_filter_clear(hdev);
3996 hdev->discovery.result_filtering = true;
3997 hdev->discovery.type = cp->type;
3998 hdev->discovery.rssi = cp->rssi;
3999 hdev->discovery.uuid_count = uuid_count;
4001 if (uuid_count > 0) {
4002 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4004 if (!hdev->discovery.uuids) {
4005 err = mgmt_cmd_complete(sk, hdev->id,
4006 MGMT_OP_START_SERVICE_DISCOVERY,
4008 &cp->type, sizeof(cp->type));
4009 mgmt_pending_remove(cmd);
4014 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4015 queue_work(hdev->req_workqueue, &hdev->discov_update);
4019 hci_dev_unlock(hdev);
4023 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
4025 struct mgmt_pending_cmd *cmd;
4027 BT_DBG("status %d", status);
4031 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4033 cmd->cmd_complete(cmd, mgmt_status(status));
4034 mgmt_pending_remove(cmd);
4037 hci_dev_unlock(hdev);
4040 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4043 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4044 struct mgmt_pending_cmd *cmd;
4047 BT_DBG("%s", hdev->name);
4051 if (!hci_discovery_active(hdev)) {
4052 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4053 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4054 sizeof(mgmt_cp->type));
4058 if (hdev->discovery.type != mgmt_cp->type) {
4059 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4060 MGMT_STATUS_INVALID_PARAMS,
4061 &mgmt_cp->type, sizeof(mgmt_cp->type));
4065 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4071 cmd->cmd_complete = generic_cmd_complete;
4073 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4074 queue_work(hdev->req_workqueue, &hdev->discov_update);
4078 hci_dev_unlock(hdev);
4082 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4085 struct mgmt_cp_confirm_name *cp = data;
4086 struct inquiry_entry *e;
4089 BT_DBG("%s", hdev->name);
4093 if (!hci_discovery_active(hdev)) {
4094 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4095 MGMT_STATUS_FAILED, &cp->addr,
4100 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4102 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4103 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4108 if (cp->name_known) {
4109 e->name_state = NAME_KNOWN;
4112 e->name_state = NAME_NEEDED;
4113 hci_inquiry_cache_update_resolve(hdev, e);
4116 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4117 &cp->addr, sizeof(cp->addr));
4120 hci_dev_unlock(hdev);
4124 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4127 struct mgmt_cp_block_device *cp = data;
4131 BT_DBG("%s", hdev->name);
4133 if (!bdaddr_type_is_valid(cp->addr.type))
4134 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4135 MGMT_STATUS_INVALID_PARAMS,
4136 &cp->addr, sizeof(cp->addr));
4140 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4143 status = MGMT_STATUS_FAILED;
4147 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4149 status = MGMT_STATUS_SUCCESS;
4152 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4153 &cp->addr, sizeof(cp->addr));
4155 hci_dev_unlock(hdev);
4160 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4163 struct mgmt_cp_unblock_device *cp = data;
4167 BT_DBG("%s", hdev->name);
4169 if (!bdaddr_type_is_valid(cp->addr.type))
4170 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4171 MGMT_STATUS_INVALID_PARAMS,
4172 &cp->addr, sizeof(cp->addr));
4176 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4179 status = MGMT_STATUS_INVALID_PARAMS;
4183 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4185 status = MGMT_STATUS_SUCCESS;
4188 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4189 &cp->addr, sizeof(cp->addr));
4191 hci_dev_unlock(hdev);
4196 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4199 struct mgmt_cp_set_device_id *cp = data;
4200 struct hci_request req;
4204 BT_DBG("%s", hdev->name);
4206 source = __le16_to_cpu(cp->source);
4208 if (source > 0x0002)
4209 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4210 MGMT_STATUS_INVALID_PARAMS);
4214 hdev->devid_source = source;
4215 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4216 hdev->devid_product = __le16_to_cpu(cp->product);
4217 hdev->devid_version = __le16_to_cpu(cp->version);
4219 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4222 hci_req_init(&req, hdev);
4223 __hci_req_update_eir(&req);
4224 hci_req_run(&req, NULL);
4226 hci_dev_unlock(hdev);
4231 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4234 BT_DBG("status %d", status);
4237 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4240 struct cmd_lookup match = { NULL, hdev };
4241 struct hci_request req;
4243 struct adv_info *adv_instance;
4249 u8 mgmt_err = mgmt_status(status);
4251 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4252 cmd_status_rsp, &mgmt_err);
4256 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4257 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4259 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4261 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4264 new_settings(hdev, match.sk);
4269 /* If "Set Advertising" was just disabled and instance advertising was
4270 * set up earlier, then re-enable multi-instance advertising.
4272 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4273 list_empty(&hdev->adv_instances))
4276 instance = hdev->cur_adv_instance;
4278 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4279 struct adv_info, list);
4283 instance = adv_instance->instance;
4286 hci_req_init(&req, hdev);
4288 err = __hci_req_schedule_adv_instance(&req, instance, true);
4291 err = hci_req_run(&req, enable_advertising_instance);
4294 bt_dev_err(hdev, "failed to re-configure advertising");
4297 hci_dev_unlock(hdev);
4300 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4303 struct mgmt_mode *cp = data;
4304 struct mgmt_pending_cmd *cmd;
4305 struct hci_request req;
4309 BT_DBG("request for %s", hdev->name);
4311 status = mgmt_le_support(hdev);
4313 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4316 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4317 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4318 MGMT_STATUS_INVALID_PARAMS);
4324 /* The following conditions are ones which mean that we should
4325 * not do any HCI communication but directly send a mgmt
4326 * response to user space (after toggling the flag if
4329 if (!hdev_is_powered(hdev) ||
4330 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4331 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4332 hci_conn_num(hdev, LE_LINK) > 0 ||
4333 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4334 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4338 hdev->cur_adv_instance = 0x00;
4339 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4340 if (cp->val == 0x02)
4341 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4343 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4345 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4346 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4349 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4354 err = new_settings(hdev, sk);
4359 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4360 pending_find(MGMT_OP_SET_LE, hdev)) {
4361 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4366 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4372 hci_req_init(&req, hdev);
4374 if (cp->val == 0x02)
4375 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4377 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4379 cancel_adv_timeout(hdev);
4382 /* Switch to instance "0" for the Set Advertising setting.
4383 * We cannot use update_[adv|scan_rsp]_data() here as the
4384 * HCI_ADVERTISING flag is not yet set.
4386 hdev->cur_adv_instance = 0x00;
4388 if (ext_adv_capable(hdev)) {
4389 __hci_req_start_ext_adv(&req, 0x00);
4391 __hci_req_update_adv_data(&req, 0x00);
4392 __hci_req_update_scan_rsp_data(&req, 0x00);
4393 __hci_req_enable_advertising(&req);
4396 __hci_req_disable_advertising(&req);
4399 err = hci_req_run(&req, set_advertising_complete);
4401 mgmt_pending_remove(cmd);
4404 hci_dev_unlock(hdev);
4408 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4409 void *data, u16 len)
4411 struct mgmt_cp_set_static_address *cp = data;
4414 BT_DBG("%s", hdev->name);
4416 if (!lmp_le_capable(hdev))
4417 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4418 MGMT_STATUS_NOT_SUPPORTED);
4420 if (hdev_is_powered(hdev))
4421 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4422 MGMT_STATUS_REJECTED);
4424 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4425 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4426 return mgmt_cmd_status(sk, hdev->id,
4427 MGMT_OP_SET_STATIC_ADDRESS,
4428 MGMT_STATUS_INVALID_PARAMS);
4430 /* Two most significant bits shall be set */
4431 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4432 return mgmt_cmd_status(sk, hdev->id,
4433 MGMT_OP_SET_STATIC_ADDRESS,
4434 MGMT_STATUS_INVALID_PARAMS);
4439 bacpy(&hdev->static_addr, &cp->bdaddr);
4441 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4445 err = new_settings(hdev, sk);
4448 hci_dev_unlock(hdev);
4452 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4453 void *data, u16 len)
4455 struct mgmt_cp_set_scan_params *cp = data;
4456 __u16 interval, window;
4459 BT_DBG("%s", hdev->name);
4461 if (!lmp_le_capable(hdev))
4462 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4463 MGMT_STATUS_NOT_SUPPORTED);
4465 interval = __le16_to_cpu(cp->interval);
4467 if (interval < 0x0004 || interval > 0x4000)
4468 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4469 MGMT_STATUS_INVALID_PARAMS);
4471 window = __le16_to_cpu(cp->window);
4473 if (window < 0x0004 || window > 0x4000)
4474 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4475 MGMT_STATUS_INVALID_PARAMS);
4477 if (window > interval)
4478 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4479 MGMT_STATUS_INVALID_PARAMS);
4483 hdev->le_scan_interval = interval;
4484 hdev->le_scan_window = window;
4486 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4489 /* If background scan is running, restart it so new parameters are
4492 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4493 hdev->discovery.state == DISCOVERY_STOPPED) {
4494 struct hci_request req;
4496 hci_req_init(&req, hdev);
4498 hci_req_add_le_scan_disable(&req);
4499 hci_req_add_le_passive_scan(&req);
4501 hci_req_run(&req, NULL);
4504 hci_dev_unlock(hdev);
4509 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4512 struct mgmt_pending_cmd *cmd;
4514 BT_DBG("status 0x%02x", status);
4518 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4523 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4524 mgmt_status(status));
4526 struct mgmt_mode *cp = cmd->param;
4529 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4531 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4533 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4534 new_settings(hdev, cmd->sk);
4537 mgmt_pending_remove(cmd);
4540 hci_dev_unlock(hdev);
4543 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4544 void *data, u16 len)
4546 struct mgmt_mode *cp = data;
4547 struct mgmt_pending_cmd *cmd;
4548 struct hci_request req;
4551 BT_DBG("%s", hdev->name);
4553 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4554 hdev->hci_ver < BLUETOOTH_VER_1_2)
4555 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4556 MGMT_STATUS_NOT_SUPPORTED);
4558 if (cp->val != 0x00 && cp->val != 0x01)
4559 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4560 MGMT_STATUS_INVALID_PARAMS);
4564 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4565 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4570 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4571 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4576 if (!hdev_is_powered(hdev)) {
4577 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4578 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4580 new_settings(hdev, sk);
4584 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4591 hci_req_init(&req, hdev);
4593 __hci_req_write_fast_connectable(&req, cp->val);
4595 err = hci_req_run(&req, fast_connectable_complete);
4597 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4598 MGMT_STATUS_FAILED);
4599 mgmt_pending_remove(cmd);
4603 hci_dev_unlock(hdev);
4608 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4610 struct mgmt_pending_cmd *cmd;
4612 BT_DBG("status 0x%02x", status);
4616 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4621 u8 mgmt_err = mgmt_status(status);
4623 /* We need to restore the flag if related HCI commands
4626 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4628 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4630 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4631 new_settings(hdev, cmd->sk);
4634 mgmt_pending_remove(cmd);
4637 hci_dev_unlock(hdev);
4640 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4642 struct mgmt_mode *cp = data;
4643 struct mgmt_pending_cmd *cmd;
4644 struct hci_request req;
4647 BT_DBG("request for %s", hdev->name);
4649 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4650 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4651 MGMT_STATUS_NOT_SUPPORTED);
4653 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4654 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4655 MGMT_STATUS_REJECTED);
4657 if (cp->val != 0x00 && cp->val != 0x01)
4658 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4659 MGMT_STATUS_INVALID_PARAMS);
4663 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4664 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4668 if (!hdev_is_powered(hdev)) {
4670 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4671 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4672 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4673 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4674 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4677 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4679 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4683 err = new_settings(hdev, sk);
4687 /* Reject disabling when powered on */
4689 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4690 MGMT_STATUS_REJECTED);
4693 /* When configuring a dual-mode controller to operate
4694 * with LE only and using a static address, then switching
4695 * BR/EDR back on is not allowed.
4697 * Dual-mode controllers shall operate with the public
4698 * address as its identity address for BR/EDR and LE. So
4699 * reject the attempt to create an invalid configuration.
4701 * The same restrictions applies when secure connections
4702 * has been enabled. For BR/EDR this is a controller feature
4703 * while for LE it is a host stack feature. This means that
4704 * switching BR/EDR back on when secure connections has been
4705 * enabled is not a supported transaction.
4707 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4708 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4709 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4710 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4711 MGMT_STATUS_REJECTED);
4716 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4717 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4722 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4728 /* We need to flip the bit already here so that
4729 * hci_req_update_adv_data generates the correct flags.
4731 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4733 hci_req_init(&req, hdev);
4735 __hci_req_write_fast_connectable(&req, false);
4736 __hci_req_update_scan(&req);
4738 /* Since only the advertising data flags will change, there
4739 * is no need to update the scan response data.
4741 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4743 err = hci_req_run(&req, set_bredr_complete);
4745 mgmt_pending_remove(cmd);
4748 hci_dev_unlock(hdev);
4752 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4754 struct mgmt_pending_cmd *cmd;
4755 struct mgmt_mode *cp;
4757 BT_DBG("%s status %u", hdev->name, status);
4761 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4766 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4767 mgmt_status(status));
4775 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4776 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4779 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4780 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4783 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4784 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4788 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4789 new_settings(hdev, cmd->sk);
4792 mgmt_pending_remove(cmd);
4794 hci_dev_unlock(hdev);
4797 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4798 void *data, u16 len)
4800 struct mgmt_mode *cp = data;
4801 struct mgmt_pending_cmd *cmd;
4802 struct hci_request req;
4806 BT_DBG("request for %s", hdev->name);
4808 if (!lmp_sc_capable(hdev) &&
4809 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4810 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4811 MGMT_STATUS_NOT_SUPPORTED);
4813 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4814 lmp_sc_capable(hdev) &&
4815 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4816 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4817 MGMT_STATUS_REJECTED);
4819 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4820 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4821 MGMT_STATUS_INVALID_PARAMS);
4825 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4826 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4830 changed = !hci_dev_test_and_set_flag(hdev,
4832 if (cp->val == 0x02)
4833 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4835 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4837 changed = hci_dev_test_and_clear_flag(hdev,
4839 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4842 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4847 err = new_settings(hdev, sk);
4852 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4853 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4860 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4861 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4862 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4866 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4872 hci_req_init(&req, hdev);
4873 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4874 err = hci_req_run(&req, sc_enable_complete);
4876 mgmt_pending_remove(cmd);
4881 hci_dev_unlock(hdev);
4885 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4886 void *data, u16 len)
4888 struct mgmt_mode *cp = data;
4889 bool changed, use_changed;
4892 BT_DBG("request for %s", hdev->name);
4894 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4895 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4896 MGMT_STATUS_INVALID_PARAMS);
4901 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4903 changed = hci_dev_test_and_clear_flag(hdev,
4904 HCI_KEEP_DEBUG_KEYS);
4906 if (cp->val == 0x02)
4907 use_changed = !hci_dev_test_and_set_flag(hdev,
4908 HCI_USE_DEBUG_KEYS);
4910 use_changed = hci_dev_test_and_clear_flag(hdev,
4911 HCI_USE_DEBUG_KEYS);
4913 if (hdev_is_powered(hdev) && use_changed &&
4914 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
4915 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4916 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4917 sizeof(mode), &mode);
4920 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4925 err = new_settings(hdev, sk);
4928 hci_dev_unlock(hdev);
4932 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4935 struct mgmt_cp_set_privacy *cp = cp_data;
4939 BT_DBG("request for %s", hdev->name);
4941 if (!lmp_le_capable(hdev))
4942 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4943 MGMT_STATUS_NOT_SUPPORTED);
4945 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
4946 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4947 MGMT_STATUS_INVALID_PARAMS);
4949 if (hdev_is_powered(hdev))
4950 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4951 MGMT_STATUS_REJECTED);
4955 /* If user space supports this command it is also expected to
4956 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4958 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4961 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
4962 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4963 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
4964 hci_adv_instances_set_rpa_expired(hdev, true);
4965 if (cp->privacy == 0x02)
4966 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4968 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4970 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
4971 memset(hdev->irk, 0, sizeof(hdev->irk));
4972 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
4973 hci_adv_instances_set_rpa_expired(hdev, false);
4974 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4977 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4982 err = new_settings(hdev, sk);
4985 hci_dev_unlock(hdev);
4989 static bool irk_is_valid(struct mgmt_irk_info *irk)
4991 switch (irk->addr.type) {
4992 case BDADDR_LE_PUBLIC:
4995 case BDADDR_LE_RANDOM:
4996 /* Two most significant bits shall be set */
4997 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5005 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5008 struct mgmt_cp_load_irks *cp = cp_data;
5009 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5010 sizeof(struct mgmt_irk_info));
5011 u16 irk_count, expected_len;
5014 BT_DBG("request for %s", hdev->name);
5016 if (!lmp_le_capable(hdev))
5017 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5018 MGMT_STATUS_NOT_SUPPORTED);
5020 irk_count = __le16_to_cpu(cp->irk_count);
5021 if (irk_count > max_irk_count) {
5022 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
5024 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5025 MGMT_STATUS_INVALID_PARAMS);
5028 expected_len = struct_size(cp, irks, irk_count);
5029 if (expected_len != len) {
5030 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
5032 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5033 MGMT_STATUS_INVALID_PARAMS);
5036 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5038 for (i = 0; i < irk_count; i++) {
5039 struct mgmt_irk_info *key = &cp->irks[i];
5041 if (!irk_is_valid(key))
5042 return mgmt_cmd_status(sk, hdev->id,
5044 MGMT_STATUS_INVALID_PARAMS);
5049 hci_smp_irks_clear(hdev);
5051 for (i = 0; i < irk_count; i++) {
5052 struct mgmt_irk_info *irk = &cp->irks[i];
5054 hci_add_irk(hdev, &irk->addr.bdaddr,
5055 le_addr_type(irk->addr.type), irk->val,
5059 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5061 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5063 hci_dev_unlock(hdev);
5068 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5070 if (key->master != 0x00 && key->master != 0x01)
5073 switch (key->addr.type) {
5074 case BDADDR_LE_PUBLIC:
5077 case BDADDR_LE_RANDOM:
5078 /* Two most significant bits shall be set */
5079 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5087 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5088 void *cp_data, u16 len)
5090 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5091 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5092 sizeof(struct mgmt_ltk_info));
5093 u16 key_count, expected_len;
5096 BT_DBG("request for %s", hdev->name);
5098 if (!lmp_le_capable(hdev))
5099 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5100 MGMT_STATUS_NOT_SUPPORTED);
5102 key_count = __le16_to_cpu(cp->key_count);
5103 if (key_count > max_key_count) {
5104 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
5106 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5107 MGMT_STATUS_INVALID_PARAMS);
5110 expected_len = struct_size(cp, keys, key_count);
5111 if (expected_len != len) {
5112 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
5114 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5115 MGMT_STATUS_INVALID_PARAMS);
5118 BT_DBG("%s key_count %u", hdev->name, key_count);
5120 for (i = 0; i < key_count; i++) {
5121 struct mgmt_ltk_info *key = &cp->keys[i];
5123 if (!ltk_is_valid(key))
5124 return mgmt_cmd_status(sk, hdev->id,
5125 MGMT_OP_LOAD_LONG_TERM_KEYS,
5126 MGMT_STATUS_INVALID_PARAMS);
5131 hci_smp_ltks_clear(hdev);
5133 for (i = 0; i < key_count; i++) {
5134 struct mgmt_ltk_info *key = &cp->keys[i];
5135 u8 type, authenticated;
5137 switch (key->type) {
5138 case MGMT_LTK_UNAUTHENTICATED:
5139 authenticated = 0x00;
5140 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5142 case MGMT_LTK_AUTHENTICATED:
5143 authenticated = 0x01;
5144 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5146 case MGMT_LTK_P256_UNAUTH:
5147 authenticated = 0x00;
5148 type = SMP_LTK_P256;
5150 case MGMT_LTK_P256_AUTH:
5151 authenticated = 0x01;
5152 type = SMP_LTK_P256;
5154 case MGMT_LTK_P256_DEBUG:
5155 authenticated = 0x00;
5156 type = SMP_LTK_P256_DEBUG;
5162 hci_add_ltk(hdev, &key->addr.bdaddr,
5163 le_addr_type(key->addr.type), type, authenticated,
5164 key->val, key->enc_size, key->ediv, key->rand);
5167 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5170 hci_dev_unlock(hdev);
5175 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5177 struct hci_conn *conn = cmd->user_data;
5178 struct mgmt_rp_get_conn_info rp;
5181 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5183 if (status == MGMT_STATUS_SUCCESS) {
5184 rp.rssi = conn->rssi;
5185 rp.tx_power = conn->tx_power;
5186 rp.max_tx_power = conn->max_tx_power;
5188 rp.rssi = HCI_RSSI_INVALID;
5189 rp.tx_power = HCI_TX_POWER_INVALID;
5190 rp.max_tx_power = HCI_TX_POWER_INVALID;
5193 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5194 status, &rp, sizeof(rp));
5196 hci_conn_drop(conn);
5202 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5205 struct hci_cp_read_rssi *cp;
5206 struct mgmt_pending_cmd *cmd;
5207 struct hci_conn *conn;
5211 BT_DBG("status 0x%02x", hci_status);
5215 /* Commands sent in request are either Read RSSI or Read Transmit Power
5216 * Level so we check which one was last sent to retrieve connection
5217 * handle. Both commands have handle as first parameter so it's safe to
5218 * cast data on the same command struct.
5220 * First command sent is always Read RSSI and we fail only if it fails.
5221 * In other case we simply override error to indicate success as we
5222 * already remembered if TX power value is actually valid.
5224 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5226 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5227 status = MGMT_STATUS_SUCCESS;
5229 status = mgmt_status(hci_status);
5233 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
5237 handle = __le16_to_cpu(cp->handle);
5238 conn = hci_conn_hash_lookup_handle(hdev, handle);
5240 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
5245 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5249 cmd->cmd_complete(cmd, status);
5250 mgmt_pending_remove(cmd);
5253 hci_dev_unlock(hdev);
5256 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5259 struct mgmt_cp_get_conn_info *cp = data;
5260 struct mgmt_rp_get_conn_info rp;
5261 struct hci_conn *conn;
5262 unsigned long conn_info_age;
5265 BT_DBG("%s", hdev->name);
5267 memset(&rp, 0, sizeof(rp));
5268 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5269 rp.addr.type = cp->addr.type;
5271 if (!bdaddr_type_is_valid(cp->addr.type))
5272 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5273 MGMT_STATUS_INVALID_PARAMS,
5278 if (!hdev_is_powered(hdev)) {
5279 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5280 MGMT_STATUS_NOT_POWERED, &rp,
5285 if (cp->addr.type == BDADDR_BREDR)
5286 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5289 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5291 if (!conn || conn->state != BT_CONNECTED) {
5292 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5293 MGMT_STATUS_NOT_CONNECTED, &rp,
5298 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5299 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5300 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5304 /* To avoid client trying to guess when to poll again for information we
5305 * calculate conn info age as random value between min/max set in hdev.
5307 conn_info_age = hdev->conn_info_min_age +
5308 prandom_u32_max(hdev->conn_info_max_age -
5309 hdev->conn_info_min_age);
5311 /* Query controller to refresh cached values if they are too old or were
5314 if (time_after(jiffies, conn->conn_info_timestamp +
5315 msecs_to_jiffies(conn_info_age)) ||
5316 !conn->conn_info_timestamp) {
5317 struct hci_request req;
5318 struct hci_cp_read_tx_power req_txp_cp;
5319 struct hci_cp_read_rssi req_rssi_cp;
5320 struct mgmt_pending_cmd *cmd;
5322 hci_req_init(&req, hdev);
5323 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5324 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5327 /* For LE links TX power does not change thus we don't need to
5328 * query for it once value is known.
5330 if (!bdaddr_type_is_le(cp->addr.type) ||
5331 conn->tx_power == HCI_TX_POWER_INVALID) {
5332 req_txp_cp.handle = cpu_to_le16(conn->handle);
5333 req_txp_cp.type = 0x00;
5334 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5335 sizeof(req_txp_cp), &req_txp_cp);
5338 /* Max TX power needs to be read only once per connection */
5339 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5340 req_txp_cp.handle = cpu_to_le16(conn->handle);
5341 req_txp_cp.type = 0x01;
5342 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5343 sizeof(req_txp_cp), &req_txp_cp);
5346 err = hci_req_run(&req, conn_info_refresh_complete);
5350 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5357 hci_conn_hold(conn);
5358 cmd->user_data = hci_conn_get(conn);
5359 cmd->cmd_complete = conn_info_cmd_complete;
5361 conn->conn_info_timestamp = jiffies;
5363 /* Cache is valid, just reply with values cached in hci_conn */
5364 rp.rssi = conn->rssi;
5365 rp.tx_power = conn->tx_power;
5366 rp.max_tx_power = conn->max_tx_power;
5368 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5369 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5373 hci_dev_unlock(hdev);
5377 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5379 struct hci_conn *conn = cmd->user_data;
5380 struct mgmt_rp_get_clock_info rp;
5381 struct hci_dev *hdev;
5384 memset(&rp, 0, sizeof(rp));
5385 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5390 hdev = hci_dev_get(cmd->index);
5392 rp.local_clock = cpu_to_le32(hdev->clock);
5397 rp.piconet_clock = cpu_to_le32(conn->clock);
5398 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5402 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5406 hci_conn_drop(conn);
5413 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5415 struct hci_cp_read_clock *hci_cp;
5416 struct mgmt_pending_cmd *cmd;
5417 struct hci_conn *conn;
5419 BT_DBG("%s status %u", hdev->name, status);
5423 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5427 if (hci_cp->which) {
5428 u16 handle = __le16_to_cpu(hci_cp->handle);
5429 conn = hci_conn_hash_lookup_handle(hdev, handle);
5434 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5438 cmd->cmd_complete(cmd, mgmt_status(status));
5439 mgmt_pending_remove(cmd);
5442 hci_dev_unlock(hdev);
5445 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5448 struct mgmt_cp_get_clock_info *cp = data;
5449 struct mgmt_rp_get_clock_info rp;
5450 struct hci_cp_read_clock hci_cp;
5451 struct mgmt_pending_cmd *cmd;
5452 struct hci_request req;
5453 struct hci_conn *conn;
5456 BT_DBG("%s", hdev->name);
5458 memset(&rp, 0, sizeof(rp));
5459 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5460 rp.addr.type = cp->addr.type;
5462 if (cp->addr.type != BDADDR_BREDR)
5463 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5464 MGMT_STATUS_INVALID_PARAMS,
5469 if (!hdev_is_powered(hdev)) {
5470 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5471 MGMT_STATUS_NOT_POWERED, &rp,
5476 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5477 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5479 if (!conn || conn->state != BT_CONNECTED) {
5480 err = mgmt_cmd_complete(sk, hdev->id,
5481 MGMT_OP_GET_CLOCK_INFO,
5482 MGMT_STATUS_NOT_CONNECTED,
5490 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5496 cmd->cmd_complete = clock_info_cmd_complete;
5498 hci_req_init(&req, hdev);
5500 memset(&hci_cp, 0, sizeof(hci_cp));
5501 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5504 hci_conn_hold(conn);
5505 cmd->user_data = hci_conn_get(conn);
5507 hci_cp.handle = cpu_to_le16(conn->handle);
5508 hci_cp.which = 0x01; /* Piconet clock */
5509 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5512 err = hci_req_run(&req, get_clock_info_complete);
5514 mgmt_pending_remove(cmd);
5517 hci_dev_unlock(hdev);
5521 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5523 struct hci_conn *conn;
5525 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5529 if (conn->dst_type != type)
5532 if (conn->state != BT_CONNECTED)
5538 /* This function requires the caller holds hdev->lock */
5539 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5540 u8 addr_type, u8 auto_connect)
5542 struct hci_conn_params *params;
5544 params = hci_conn_params_add(hdev, addr, addr_type);
5548 if (params->auto_connect == auto_connect)
5551 list_del_init(¶ms->action);
5553 switch (auto_connect) {
5554 case HCI_AUTO_CONN_DISABLED:
5555 case HCI_AUTO_CONN_LINK_LOSS:
5556 /* If auto connect is being disabled when we're trying to
5557 * connect to device, keep connecting.
5559 if (params->explicit_connect)
5560 list_add(¶ms->action, &hdev->pend_le_conns);
5562 case HCI_AUTO_CONN_REPORT:
5563 if (params->explicit_connect)
5564 list_add(¶ms->action, &hdev->pend_le_conns);
5566 list_add(¶ms->action, &hdev->pend_le_reports);
5568 case HCI_AUTO_CONN_DIRECT:
5569 case HCI_AUTO_CONN_ALWAYS:
5570 if (!is_connected(hdev, addr, addr_type))
5571 list_add(¶ms->action, &hdev->pend_le_conns);
5575 params->auto_connect = auto_connect;
5577 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5583 static void device_added(struct sock *sk, struct hci_dev *hdev,
5584 bdaddr_t *bdaddr, u8 type, u8 action)
5586 struct mgmt_ev_device_added ev;
5588 bacpy(&ev.addr.bdaddr, bdaddr);
5589 ev.addr.type = type;
5592 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5595 static int add_device(struct sock *sk, struct hci_dev *hdev,
5596 void *data, u16 len)
5598 struct mgmt_cp_add_device *cp = data;
5599 u8 auto_conn, addr_type;
5602 BT_DBG("%s", hdev->name);
5604 if (!bdaddr_type_is_valid(cp->addr.type) ||
5605 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5606 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5607 MGMT_STATUS_INVALID_PARAMS,
5608 &cp->addr, sizeof(cp->addr));
5610 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5611 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5612 MGMT_STATUS_INVALID_PARAMS,
5613 &cp->addr, sizeof(cp->addr));
5617 if (cp->addr.type == BDADDR_BREDR) {
5618 /* Only incoming connections action is supported for now */
5619 if (cp->action != 0x01) {
5620 err = mgmt_cmd_complete(sk, hdev->id,
5622 MGMT_STATUS_INVALID_PARAMS,
5623 &cp->addr, sizeof(cp->addr));
5627 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5632 hci_req_update_scan(hdev);
5637 addr_type = le_addr_type(cp->addr.type);
5639 if (cp->action == 0x02)
5640 auto_conn = HCI_AUTO_CONN_ALWAYS;
5641 else if (cp->action == 0x01)
5642 auto_conn = HCI_AUTO_CONN_DIRECT;
5644 auto_conn = HCI_AUTO_CONN_REPORT;
5646 /* Kernel internally uses conn_params with resolvable private
5647 * address, but Add Device allows only identity addresses.
5648 * Make sure it is enforced before calling
5649 * hci_conn_params_lookup.
5651 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5652 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5653 MGMT_STATUS_INVALID_PARAMS,
5654 &cp->addr, sizeof(cp->addr));
5658 /* If the connection parameters don't exist for this device,
5659 * they will be created and configured with defaults.
5661 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5663 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5664 MGMT_STATUS_FAILED, &cp->addr,
5669 hci_update_background_scan(hdev);
5672 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5674 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5675 MGMT_STATUS_SUCCESS, &cp->addr,
5679 hci_dev_unlock(hdev);
5683 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5684 bdaddr_t *bdaddr, u8 type)
5686 struct mgmt_ev_device_removed ev;
5688 bacpy(&ev.addr.bdaddr, bdaddr);
5689 ev.addr.type = type;
5691 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5694 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5695 void *data, u16 len)
5697 struct mgmt_cp_remove_device *cp = data;
5700 BT_DBG("%s", hdev->name);
5704 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5705 struct hci_conn_params *params;
5708 if (!bdaddr_type_is_valid(cp->addr.type)) {
5709 err = mgmt_cmd_complete(sk, hdev->id,
5710 MGMT_OP_REMOVE_DEVICE,
5711 MGMT_STATUS_INVALID_PARAMS,
5712 &cp->addr, sizeof(cp->addr));
5716 if (cp->addr.type == BDADDR_BREDR) {
5717 err = hci_bdaddr_list_del(&hdev->whitelist,
5721 err = mgmt_cmd_complete(sk, hdev->id,
5722 MGMT_OP_REMOVE_DEVICE,
5723 MGMT_STATUS_INVALID_PARAMS,
5729 hci_req_update_scan(hdev);
5731 device_removed(sk, hdev, &cp->addr.bdaddr,
5736 addr_type = le_addr_type(cp->addr.type);
5738 /* Kernel internally uses conn_params with resolvable private
5739 * address, but Remove Device allows only identity addresses.
5740 * Make sure it is enforced before calling
5741 * hci_conn_params_lookup.
5743 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5744 err = mgmt_cmd_complete(sk, hdev->id,
5745 MGMT_OP_REMOVE_DEVICE,
5746 MGMT_STATUS_INVALID_PARAMS,
5747 &cp->addr, sizeof(cp->addr));
5751 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5754 err = mgmt_cmd_complete(sk, hdev->id,
5755 MGMT_OP_REMOVE_DEVICE,
5756 MGMT_STATUS_INVALID_PARAMS,
5757 &cp->addr, sizeof(cp->addr));
5761 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5762 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5763 err = mgmt_cmd_complete(sk, hdev->id,
5764 MGMT_OP_REMOVE_DEVICE,
5765 MGMT_STATUS_INVALID_PARAMS,
5766 &cp->addr, sizeof(cp->addr));
5770 list_del(¶ms->action);
5771 list_del(¶ms->list);
5773 hci_update_background_scan(hdev);
5775 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5777 struct hci_conn_params *p, *tmp;
5778 struct bdaddr_list *b, *btmp;
5780 if (cp->addr.type) {
5781 err = mgmt_cmd_complete(sk, hdev->id,
5782 MGMT_OP_REMOVE_DEVICE,
5783 MGMT_STATUS_INVALID_PARAMS,
5784 &cp->addr, sizeof(cp->addr));
5788 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5789 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5794 hci_req_update_scan(hdev);
5796 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5797 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5799 device_removed(sk, hdev, &p->addr, p->addr_type);
5800 if (p->explicit_connect) {
5801 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5804 list_del(&p->action);
5809 BT_DBG("All LE connection parameters were removed");
5811 hci_update_background_scan(hdev);
5815 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5816 MGMT_STATUS_SUCCESS, &cp->addr,
5819 hci_dev_unlock(hdev);
5823 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5826 struct mgmt_cp_load_conn_param *cp = data;
5827 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5828 sizeof(struct mgmt_conn_param));
5829 u16 param_count, expected_len;
5832 if (!lmp_le_capable(hdev))
5833 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5834 MGMT_STATUS_NOT_SUPPORTED);
5836 param_count = __le16_to_cpu(cp->param_count);
5837 if (param_count > max_param_count) {
5838 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
5840 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5841 MGMT_STATUS_INVALID_PARAMS);
5844 expected_len = struct_size(cp, params, param_count);
5845 if (expected_len != len) {
5846 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
5848 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5849 MGMT_STATUS_INVALID_PARAMS);
5852 BT_DBG("%s param_count %u", hdev->name, param_count);
5856 hci_conn_params_clear_disabled(hdev);
5858 for (i = 0; i < param_count; i++) {
5859 struct mgmt_conn_param *param = &cp->params[i];
5860 struct hci_conn_params *hci_param;
5861 u16 min, max, latency, timeout;
5864 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5867 if (param->addr.type == BDADDR_LE_PUBLIC) {
5868 addr_type = ADDR_LE_DEV_PUBLIC;
5869 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5870 addr_type = ADDR_LE_DEV_RANDOM;
5872 bt_dev_err(hdev, "ignoring invalid connection parameters");
5876 min = le16_to_cpu(param->min_interval);
5877 max = le16_to_cpu(param->max_interval);
5878 latency = le16_to_cpu(param->latency);
5879 timeout = le16_to_cpu(param->timeout);
5881 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5882 min, max, latency, timeout);
5884 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5885 bt_dev_err(hdev, "ignoring invalid connection parameters");
5889 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5892 bt_dev_err(hdev, "failed to add connection parameters");
5896 hci_param->conn_min_interval = min;
5897 hci_param->conn_max_interval = max;
5898 hci_param->conn_latency = latency;
5899 hci_param->supervision_timeout = timeout;
5902 hci_dev_unlock(hdev);
5904 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5908 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5909 void *data, u16 len)
5911 struct mgmt_cp_set_external_config *cp = data;
5915 BT_DBG("%s", hdev->name);
5917 if (hdev_is_powered(hdev))
5918 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5919 MGMT_STATUS_REJECTED);
5921 if (cp->config != 0x00 && cp->config != 0x01)
5922 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5923 MGMT_STATUS_INVALID_PARAMS);
5925 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5926 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5927 MGMT_STATUS_NOT_SUPPORTED);
5932 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
5934 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
5936 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5943 err = new_options(hdev, sk);
5945 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
5946 mgmt_index_removed(hdev);
5948 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
5949 hci_dev_set_flag(hdev, HCI_CONFIG);
5950 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5952 queue_work(hdev->req_workqueue, &hdev->power_on);
5954 set_bit(HCI_RAW, &hdev->flags);
5955 mgmt_index_added(hdev);
5960 hci_dev_unlock(hdev);
5964 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5965 void *data, u16 len)
5967 struct mgmt_cp_set_public_address *cp = data;
5971 BT_DBG("%s", hdev->name);
5973 if (hdev_is_powered(hdev))
5974 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5975 MGMT_STATUS_REJECTED);
5977 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5978 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5979 MGMT_STATUS_INVALID_PARAMS);
5981 if (!hdev->set_bdaddr)
5982 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5983 MGMT_STATUS_NOT_SUPPORTED);
5987 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5988 bacpy(&hdev->public_addr, &cp->bdaddr);
5990 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5997 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
5998 err = new_options(hdev, sk);
6000 if (is_configured(hdev)) {
6001 mgmt_index_removed(hdev);
6003 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6005 hci_dev_set_flag(hdev, HCI_CONFIG);
6006 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6008 queue_work(hdev->req_workqueue, &hdev->power_on);
6012 hci_dev_unlock(hdev);
6016 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6017 u16 opcode, struct sk_buff *skb)
6019 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6020 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6021 u8 *h192, *r192, *h256, *r256;
6022 struct mgmt_pending_cmd *cmd;
6026 BT_DBG("%s status %u", hdev->name, status);
6028 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6032 mgmt_cp = cmd->param;
6035 status = mgmt_status(status);
6042 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6043 struct hci_rp_read_local_oob_data *rp;
6045 if (skb->len != sizeof(*rp)) {
6046 status = MGMT_STATUS_FAILED;
6049 status = MGMT_STATUS_SUCCESS;
6050 rp = (void *)skb->data;
6052 eir_len = 5 + 18 + 18;
6059 struct hci_rp_read_local_oob_ext_data *rp;
6061 if (skb->len != sizeof(*rp)) {
6062 status = MGMT_STATUS_FAILED;
6065 status = MGMT_STATUS_SUCCESS;
6066 rp = (void *)skb->data;
6068 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6069 eir_len = 5 + 18 + 18;
6073 eir_len = 5 + 18 + 18 + 18 + 18;
6083 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6090 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6091 hdev->dev_class, 3);
6094 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6095 EIR_SSP_HASH_C192, h192, 16);
6096 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6097 EIR_SSP_RAND_R192, r192, 16);
6101 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6102 EIR_SSP_HASH_C256, h256, 16);
6103 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6104 EIR_SSP_RAND_R256, r256, 16);
6108 mgmt_rp->type = mgmt_cp->type;
6109 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6111 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6112 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6113 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6114 if (err < 0 || status)
6117 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6119 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6120 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6121 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6124 mgmt_pending_remove(cmd);
6127 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6128 struct mgmt_cp_read_local_oob_ext_data *cp)
6130 struct mgmt_pending_cmd *cmd;
6131 struct hci_request req;
6134 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6139 hci_req_init(&req, hdev);
6141 if (bredr_sc_enabled(hdev))
6142 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6144 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6146 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6148 mgmt_pending_remove(cmd);
6155 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6156 void *data, u16 data_len)
6158 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6159 struct mgmt_rp_read_local_oob_ext_data *rp;
6162 u8 status, flags, role, addr[7], hash[16], rand[16];
6165 BT_DBG("%s", hdev->name);
6167 if (hdev_is_powered(hdev)) {
6169 case BIT(BDADDR_BREDR):
6170 status = mgmt_bredr_support(hdev);
6176 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6177 status = mgmt_le_support(hdev);
6181 eir_len = 9 + 3 + 18 + 18 + 3;
6184 status = MGMT_STATUS_INVALID_PARAMS;
6189 status = MGMT_STATUS_NOT_POWERED;
6193 rp_len = sizeof(*rp) + eir_len;
6194 rp = kmalloc(rp_len, GFP_ATOMIC);
6205 case BIT(BDADDR_BREDR):
6206 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6207 err = read_local_ssp_oob_req(hdev, sk, cp);
6208 hci_dev_unlock(hdev);
6212 status = MGMT_STATUS_FAILED;
6215 eir_len = eir_append_data(rp->eir, eir_len,
6217 hdev->dev_class, 3);
6220 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6221 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6222 smp_generate_oob(hdev, hash, rand) < 0) {
6223 hci_dev_unlock(hdev);
6224 status = MGMT_STATUS_FAILED;
6228 /* This should return the active RPA, but since the RPA
6229 * is only programmed on demand, it is really hard to fill
6230 * this in at the moment. For now disallow retrieving
6231 * local out-of-band data when privacy is in use.
6233 * Returning the identity address will not help here since
6234 * pairing happens before the identity resolving key is
6235 * known and thus the connection establishment happens
6236 * based on the RPA and not the identity address.
6238 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6239 hci_dev_unlock(hdev);
6240 status = MGMT_STATUS_REJECTED;
6244 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6245 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6246 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6247 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6248 memcpy(addr, &hdev->static_addr, 6);
6251 memcpy(addr, &hdev->bdaddr, 6);
6255 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6256 addr, sizeof(addr));
6258 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6263 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6264 &role, sizeof(role));
6266 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6267 eir_len = eir_append_data(rp->eir, eir_len,
6269 hash, sizeof(hash));
6271 eir_len = eir_append_data(rp->eir, eir_len,
6273 rand, sizeof(rand));
6276 flags = mgmt_get_adv_discov_flags(hdev);
6278 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6279 flags |= LE_AD_NO_BREDR;
6281 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6282 &flags, sizeof(flags));
6286 hci_dev_unlock(hdev);
6288 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6290 status = MGMT_STATUS_SUCCESS;
6293 rp->type = cp->type;
6294 rp->eir_len = cpu_to_le16(eir_len);
6296 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6297 status, rp, sizeof(*rp) + eir_len);
6298 if (err < 0 || status)
6301 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6302 rp, sizeof(*rp) + eir_len,
6303 HCI_MGMT_OOB_DATA_EVENTS, sk);
6311 static u32 get_supported_adv_flags(struct hci_dev *hdev)
6315 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6316 flags |= MGMT_ADV_FLAG_DISCOV;
6317 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6318 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6319 flags |= MGMT_ADV_FLAG_APPEARANCE;
6320 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
6322 /* In extended adv TX_POWER returned from Set Adv Param
6323 * will be always valid.
6325 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
6326 ext_adv_capable(hdev))
6327 flags |= MGMT_ADV_FLAG_TX_POWER;
6329 if (ext_adv_capable(hdev)) {
6330 flags |= MGMT_ADV_FLAG_SEC_1M;
6332 if (hdev->le_features[1] & HCI_LE_PHY_2M)
6333 flags |= MGMT_ADV_FLAG_SEC_2M;
6335 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
6336 flags |= MGMT_ADV_FLAG_SEC_CODED;
6342 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6343 void *data, u16 data_len)
6345 struct mgmt_rp_read_adv_features *rp;
6348 struct adv_info *adv_instance;
6349 u32 supported_flags;
6352 BT_DBG("%s", hdev->name);
6354 if (!lmp_le_capable(hdev))
6355 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6356 MGMT_STATUS_REJECTED);
6360 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
6361 rp = kmalloc(rp_len, GFP_ATOMIC);
6363 hci_dev_unlock(hdev);
6367 supported_flags = get_supported_adv_flags(hdev);
6369 rp->supported_flags = cpu_to_le32(supported_flags);
6370 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6371 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6372 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6373 rp->num_instances = hdev->adv_instance_cnt;
6375 instance = rp->instance;
6376 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6377 *instance = adv_instance->instance;
6381 hci_dev_unlock(hdev);
6383 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6384 MGMT_STATUS_SUCCESS, rp, rp_len);
6391 static u8 calculate_name_len(struct hci_dev *hdev)
6393 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6395 return append_local_name(hdev, buf, 0);
6398 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6401 u8 max_len = HCI_MAX_AD_LENGTH;
6404 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6405 MGMT_ADV_FLAG_LIMITED_DISCOV |
6406 MGMT_ADV_FLAG_MANAGED_FLAGS))
6409 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6412 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6413 max_len -= calculate_name_len(hdev);
6415 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6422 static bool flags_managed(u32 adv_flags)
6424 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6425 MGMT_ADV_FLAG_LIMITED_DISCOV |
6426 MGMT_ADV_FLAG_MANAGED_FLAGS);
6429 static bool tx_power_managed(u32 adv_flags)
6431 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6434 static bool name_managed(u32 adv_flags)
6436 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6439 static bool appearance_managed(u32 adv_flags)
6441 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6444 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6445 u8 len, bool is_adv_data)
6450 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
6455 /* Make sure that the data is correctly formatted. */
6456 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6459 if (data[i + 1] == EIR_FLAGS &&
6460 (!is_adv_data || flags_managed(adv_flags)))
6463 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6466 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6469 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6472 if (data[i + 1] == EIR_APPEARANCE &&
6473 appearance_managed(adv_flags))
6476 /* If the current field length would exceed the total data
6477 * length, then it's invalid.
6479 if (i + cur_len >= len)
6486 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6489 struct mgmt_pending_cmd *cmd;
6490 struct mgmt_cp_add_advertising *cp;
6491 struct mgmt_rp_add_advertising rp;
6492 struct adv_info *adv_instance, *n;
6495 BT_DBG("status %d", status);
6499 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6501 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6502 if (!adv_instance->pending)
6506 adv_instance->pending = false;
6510 instance = adv_instance->instance;
6512 if (hdev->cur_adv_instance == instance)
6513 cancel_adv_timeout(hdev);
6515 hci_remove_adv_instance(hdev, instance);
6516 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6523 rp.instance = cp->instance;
6526 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6527 mgmt_status(status));
6529 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6530 mgmt_status(status), &rp, sizeof(rp));
6532 mgmt_pending_remove(cmd);
6535 hci_dev_unlock(hdev);
6538 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6539 void *data, u16 data_len)
6541 struct mgmt_cp_add_advertising *cp = data;
6542 struct mgmt_rp_add_advertising rp;
6544 u32 supported_flags, phy_flags;
6546 u16 timeout, duration;
6547 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6548 u8 schedule_instance = 0;
6549 struct adv_info *next_instance;
6551 struct mgmt_pending_cmd *cmd;
6552 struct hci_request req;
6554 BT_DBG("%s", hdev->name);
6556 status = mgmt_le_support(hdev);
6558 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6561 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6562 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6563 MGMT_STATUS_INVALID_PARAMS);
6565 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6567 MGMT_STATUS_INVALID_PARAMS);
6569 flags = __le32_to_cpu(cp->flags);
6570 timeout = __le16_to_cpu(cp->timeout);
6571 duration = __le16_to_cpu(cp->duration);
6573 /* The current implementation only supports a subset of the specified
6574 * flags. Also need to check mutual exclusiveness of sec flags.
6576 supported_flags = get_supported_adv_flags(hdev);
6577 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK;
6578 if (flags & ~supported_flags ||
6579 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
6580 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6581 MGMT_STATUS_INVALID_PARAMS);
6585 if (timeout && !hdev_is_powered(hdev)) {
6586 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6587 MGMT_STATUS_REJECTED);
6591 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6592 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6593 pending_find(MGMT_OP_SET_LE, hdev)) {
6594 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6599 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6600 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6601 cp->scan_rsp_len, false)) {
6602 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6603 MGMT_STATUS_INVALID_PARAMS);
6607 err = hci_add_adv_instance(hdev, cp->instance, flags,
6608 cp->adv_data_len, cp->data,
6610 cp->data + cp->adv_data_len,
6613 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6614 MGMT_STATUS_FAILED);
6618 /* Only trigger an advertising added event if a new instance was
6621 if (hdev->adv_instance_cnt > prev_instance_cnt)
6622 mgmt_advertising_added(sk, hdev, cp->instance);
6624 if (hdev->cur_adv_instance == cp->instance) {
6625 /* If the currently advertised instance is being changed then
6626 * cancel the current advertising and schedule the next
6627 * instance. If there is only one instance then the overridden
6628 * advertising data will be visible right away.
6630 cancel_adv_timeout(hdev);
6632 next_instance = hci_get_next_instance(hdev, cp->instance);
6634 schedule_instance = next_instance->instance;
6635 } else if (!hdev->adv_instance_timeout) {
6636 /* Immediately advertise the new instance if no other
6637 * instance is currently being advertised.
6639 schedule_instance = cp->instance;
6642 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6643 * there is no instance to be advertised then we have no HCI
6644 * communication to make. Simply return.
6646 if (!hdev_is_powered(hdev) ||
6647 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6648 !schedule_instance) {
6649 rp.instance = cp->instance;
6650 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6651 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6655 /* We're good to go, update advertising data, parameters, and start
6658 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6665 hci_req_init(&req, hdev);
6667 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6670 err = hci_req_run(&req, add_advertising_complete);
6673 mgmt_pending_remove(cmd);
6676 hci_dev_unlock(hdev);
6681 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6684 struct mgmt_pending_cmd *cmd;
6685 struct mgmt_cp_remove_advertising *cp;
6686 struct mgmt_rp_remove_advertising rp;
6688 BT_DBG("status %d", status);
6692 /* A failure status here only means that we failed to disable
6693 * advertising. Otherwise, the advertising instance has been removed,
6694 * so report success.
6696 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6701 rp.instance = cp->instance;
6703 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6705 mgmt_pending_remove(cmd);
6708 hci_dev_unlock(hdev);
6711 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6712 void *data, u16 data_len)
6714 struct mgmt_cp_remove_advertising *cp = data;
6715 struct mgmt_rp_remove_advertising rp;
6716 struct mgmt_pending_cmd *cmd;
6717 struct hci_request req;
6720 BT_DBG("%s", hdev->name);
6724 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6725 err = mgmt_cmd_status(sk, hdev->id,
6726 MGMT_OP_REMOVE_ADVERTISING,
6727 MGMT_STATUS_INVALID_PARAMS);
6731 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6732 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6733 pending_find(MGMT_OP_SET_LE, hdev)) {
6734 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6739 if (list_empty(&hdev->adv_instances)) {
6740 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6741 MGMT_STATUS_INVALID_PARAMS);
6745 hci_req_init(&req, hdev);
6747 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6749 if (list_empty(&hdev->adv_instances))
6750 __hci_req_disable_advertising(&req);
6752 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6753 * flag is set or the device isn't powered then we have no HCI
6754 * communication to make. Simply return.
6756 if (skb_queue_empty(&req.cmd_q) ||
6757 !hdev_is_powered(hdev) ||
6758 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6759 hci_req_purge(&req);
6760 rp.instance = cp->instance;
6761 err = mgmt_cmd_complete(sk, hdev->id,
6762 MGMT_OP_REMOVE_ADVERTISING,
6763 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6767 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6774 err = hci_req_run(&req, remove_advertising_complete);
6776 mgmt_pending_remove(cmd);
6779 hci_dev_unlock(hdev);
6784 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6785 void *data, u16 data_len)
6787 struct mgmt_cp_get_adv_size_info *cp = data;
6788 struct mgmt_rp_get_adv_size_info rp;
6789 u32 flags, supported_flags;
6792 BT_DBG("%s", hdev->name);
6794 if (!lmp_le_capable(hdev))
6795 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6796 MGMT_STATUS_REJECTED);
6798 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6799 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6800 MGMT_STATUS_INVALID_PARAMS);
6802 flags = __le32_to_cpu(cp->flags);
6804 /* The current implementation only supports a subset of the specified
6807 supported_flags = get_supported_adv_flags(hdev);
6808 if (flags & ~supported_flags)
6809 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6810 MGMT_STATUS_INVALID_PARAMS);
6812 rp.instance = cp->instance;
6813 rp.flags = cp->flags;
6814 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
6815 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
6817 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6818 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6823 static const struct hci_mgmt_handler mgmt_handlers[] = {
6824 { NULL }, /* 0x0000 (no command) */
6825 { read_version, MGMT_READ_VERSION_SIZE,
6827 HCI_MGMT_UNTRUSTED },
6828 { read_commands, MGMT_READ_COMMANDS_SIZE,
6830 HCI_MGMT_UNTRUSTED },
6831 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6833 HCI_MGMT_UNTRUSTED },
6834 { read_controller_info, MGMT_READ_INFO_SIZE,
6835 HCI_MGMT_UNTRUSTED },
6836 { set_powered, MGMT_SETTING_SIZE },
6837 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6838 { set_connectable, MGMT_SETTING_SIZE },
6839 { set_fast_connectable, MGMT_SETTING_SIZE },
6840 { set_bondable, MGMT_SETTING_SIZE },
6841 { set_link_security, MGMT_SETTING_SIZE },
6842 { set_ssp, MGMT_SETTING_SIZE },
6843 { set_hs, MGMT_SETTING_SIZE },
6844 { set_le, MGMT_SETTING_SIZE },
6845 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6846 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6847 { add_uuid, MGMT_ADD_UUID_SIZE },
6848 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6849 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6851 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6853 { disconnect, MGMT_DISCONNECT_SIZE },
6854 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6855 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6856 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6857 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6858 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6859 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6860 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6861 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6862 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6863 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6864 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6865 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6866 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6868 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6869 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6870 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6871 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6872 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6873 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6874 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6875 { set_advertising, MGMT_SETTING_SIZE },
6876 { set_bredr, MGMT_SETTING_SIZE },
6877 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6878 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6879 { set_secure_conn, MGMT_SETTING_SIZE },
6880 { set_debug_keys, MGMT_SETTING_SIZE },
6881 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6882 { load_irks, MGMT_LOAD_IRKS_SIZE,
6884 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6885 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6886 { add_device, MGMT_ADD_DEVICE_SIZE },
6887 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6888 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6890 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6892 HCI_MGMT_UNTRUSTED },
6893 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6894 HCI_MGMT_UNCONFIGURED |
6895 HCI_MGMT_UNTRUSTED },
6896 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6897 HCI_MGMT_UNCONFIGURED },
6898 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6899 HCI_MGMT_UNCONFIGURED },
6900 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6902 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6903 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6905 HCI_MGMT_UNTRUSTED },
6906 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6907 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6909 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6910 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
6911 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
6912 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6913 HCI_MGMT_UNTRUSTED },
6914 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6915 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
6916 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
6919 void mgmt_index_added(struct hci_dev *hdev)
6921 struct mgmt_ev_ext_index ev;
6923 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6926 switch (hdev->dev_type) {
6928 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6929 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6930 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6933 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6934 HCI_MGMT_INDEX_EVENTS);
6947 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6948 HCI_MGMT_EXT_INDEX_EVENTS);
6951 void mgmt_index_removed(struct hci_dev *hdev)
6953 struct mgmt_ev_ext_index ev;
6954 u8 status = MGMT_STATUS_INVALID_INDEX;
6956 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6959 switch (hdev->dev_type) {
6961 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6963 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6964 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6965 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6968 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6969 HCI_MGMT_INDEX_EVENTS);
6982 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6983 HCI_MGMT_EXT_INDEX_EVENTS);
6986 /* This function requires the caller holds hdev->lock */
6987 static void restart_le_actions(struct hci_dev *hdev)
6989 struct hci_conn_params *p;
6991 list_for_each_entry(p, &hdev->le_conn_params, list) {
6992 /* Needed for AUTO_OFF case where might not "really"
6993 * have been powered off.
6995 list_del_init(&p->action);
6997 switch (p->auto_connect) {
6998 case HCI_AUTO_CONN_DIRECT:
6999 case HCI_AUTO_CONN_ALWAYS:
7000 list_add(&p->action, &hdev->pend_le_conns);
7002 case HCI_AUTO_CONN_REPORT:
7003 list_add(&p->action, &hdev->pend_le_reports);
7011 void mgmt_power_on(struct hci_dev *hdev, int err)
7013 struct cmd_lookup match = { NULL, hdev };
7015 BT_DBG("err %d", err);
7020 restart_le_actions(hdev);
7021 hci_update_background_scan(hdev);
7024 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7026 new_settings(hdev, match.sk);
7031 hci_dev_unlock(hdev);
7034 void __mgmt_power_off(struct hci_dev *hdev)
7036 struct cmd_lookup match = { NULL, hdev };
7037 u8 status, zero_cod[] = { 0, 0, 0 };
7039 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7041 /* If the power off is because of hdev unregistration let
7042 * use the appropriate INVALID_INDEX status. Otherwise use
7043 * NOT_POWERED. We cover both scenarios here since later in
7044 * mgmt_index_removed() any hci_conn callbacks will have already
7045 * been triggered, potentially causing misleading DISCONNECTED
7048 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7049 status = MGMT_STATUS_INVALID_INDEX;
7051 status = MGMT_STATUS_NOT_POWERED;
7053 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7055 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
7056 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7057 zero_cod, sizeof(zero_cod),
7058 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7059 ext_info_changed(hdev, NULL);
7062 new_settings(hdev, match.sk);
7068 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7070 struct mgmt_pending_cmd *cmd;
7073 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7077 if (err == -ERFKILL)
7078 status = MGMT_STATUS_RFKILLED;
7080 status = MGMT_STATUS_FAILED;
7082 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7084 mgmt_pending_remove(cmd);
7087 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7090 struct mgmt_ev_new_link_key ev;
7092 memset(&ev, 0, sizeof(ev));
7094 ev.store_hint = persistent;
7095 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7096 ev.key.addr.type = BDADDR_BREDR;
7097 ev.key.type = key->type;
7098 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7099 ev.key.pin_len = key->pin_len;
7101 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7104 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7106 switch (ltk->type) {
7109 if (ltk->authenticated)
7110 return MGMT_LTK_AUTHENTICATED;
7111 return MGMT_LTK_UNAUTHENTICATED;
7113 if (ltk->authenticated)
7114 return MGMT_LTK_P256_AUTH;
7115 return MGMT_LTK_P256_UNAUTH;
7116 case SMP_LTK_P256_DEBUG:
7117 return MGMT_LTK_P256_DEBUG;
7120 return MGMT_LTK_UNAUTHENTICATED;
7123 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7125 struct mgmt_ev_new_long_term_key ev;
7127 memset(&ev, 0, sizeof(ev));
7129 /* Devices using resolvable or non-resolvable random addresses
7130 * without providing an identity resolving key don't require
7131 * to store long term keys. Their addresses will change the
7134 * Only when a remote device provides an identity address
7135 * make sure the long term key is stored. If the remote
7136 * identity is known, the long term keys are internally
7137 * mapped to the identity address. So allow static random
7138 * and public addresses here.
7140 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7141 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7142 ev.store_hint = 0x00;
7144 ev.store_hint = persistent;
7146 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7147 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7148 ev.key.type = mgmt_ltk_type(key);
7149 ev.key.enc_size = key->enc_size;
7150 ev.key.ediv = key->ediv;
7151 ev.key.rand = key->rand;
7153 if (key->type == SMP_LTK)
7156 /* Make sure we copy only the significant bytes based on the
7157 * encryption key size, and set the rest of the value to zeroes.
7159 memcpy(ev.key.val, key->val, key->enc_size);
7160 memset(ev.key.val + key->enc_size, 0,
7161 sizeof(ev.key.val) - key->enc_size);
7163 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7166 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
7168 struct mgmt_ev_new_irk ev;
7170 memset(&ev, 0, sizeof(ev));
7172 ev.store_hint = persistent;
7174 bacpy(&ev.rpa, &irk->rpa);
7175 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7176 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7177 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7179 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7182 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7185 struct mgmt_ev_new_csrk ev;
7187 memset(&ev, 0, sizeof(ev));
7189 /* Devices using resolvable or non-resolvable random addresses
7190 * without providing an identity resolving key don't require
7191 * to store signature resolving keys. Their addresses will change
7192 * the next time around.
7194 * Only when a remote device provides an identity address
7195 * make sure the signature resolving key is stored. So allow
7196 * static random and public addresses here.
7198 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7199 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7200 ev.store_hint = 0x00;
7202 ev.store_hint = persistent;
7204 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7205 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7206 ev.key.type = csrk->type;
7207 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7209 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7212 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7213 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7214 u16 max_interval, u16 latency, u16 timeout)
7216 struct mgmt_ev_new_conn_param ev;
7218 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7221 memset(&ev, 0, sizeof(ev));
7222 bacpy(&ev.addr.bdaddr, bdaddr);
7223 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7224 ev.store_hint = store_hint;
7225 ev.min_interval = cpu_to_le16(min_interval);
7226 ev.max_interval = cpu_to_le16(max_interval);
7227 ev.latency = cpu_to_le16(latency);
7228 ev.timeout = cpu_to_le16(timeout);
7230 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7233 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7234 u32 flags, u8 *name, u8 name_len)
7237 struct mgmt_ev_device_connected *ev = (void *) buf;
7240 bacpy(&ev->addr.bdaddr, &conn->dst);
7241 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7243 ev->flags = __cpu_to_le32(flags);
7245 /* We must ensure that the EIR Data fields are ordered and
7246 * unique. Keep it simple for now and avoid the problem by not
7247 * adding any BR/EDR data to the LE adv.
7249 if (conn->le_adv_data_len > 0) {
7250 memcpy(&ev->eir[eir_len],
7251 conn->le_adv_data, conn->le_adv_data_len);
7252 eir_len = conn->le_adv_data_len;
7255 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7258 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7259 eir_len = eir_append_data(ev->eir, eir_len,
7261 conn->dev_class, 3);
7264 ev->eir_len = cpu_to_le16(eir_len);
7266 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7267 sizeof(*ev) + eir_len, NULL);
7270 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7272 struct sock **sk = data;
7274 cmd->cmd_complete(cmd, 0);
7279 mgmt_pending_remove(cmd);
7282 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7284 struct hci_dev *hdev = data;
7285 struct mgmt_cp_unpair_device *cp = cmd->param;
7287 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7289 cmd->cmd_complete(cmd, 0);
7290 mgmt_pending_remove(cmd);
7293 bool mgmt_powering_down(struct hci_dev *hdev)
7295 struct mgmt_pending_cmd *cmd;
7296 struct mgmt_mode *cp;
7298 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7309 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7310 u8 link_type, u8 addr_type, u8 reason,
7311 bool mgmt_connected)
7313 struct mgmt_ev_device_disconnected ev;
7314 struct sock *sk = NULL;
7316 /* The connection is still in hci_conn_hash so test for 1
7317 * instead of 0 to know if this is the last one.
7319 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7320 cancel_delayed_work(&hdev->power_off);
7321 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7324 if (!mgmt_connected)
7327 if (link_type != ACL_LINK && link_type != LE_LINK)
7330 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
7332 bacpy(&ev.addr.bdaddr, bdaddr);
7333 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7336 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
7341 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7345 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7346 u8 link_type, u8 addr_type, u8 status)
7348 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7349 struct mgmt_cp_disconnect *cp;
7350 struct mgmt_pending_cmd *cmd;
7352 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7355 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
7361 if (bacmp(bdaddr, &cp->addr.bdaddr))
7364 if (cp->addr.type != bdaddr_type)
7367 cmd->cmd_complete(cmd, mgmt_status(status));
7368 mgmt_pending_remove(cmd);
7371 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7372 u8 addr_type, u8 status)
7374 struct mgmt_ev_connect_failed ev;
7376 /* The connection is still in hci_conn_hash so test for 1
7377 * instead of 0 to know if this is the last one.
7379 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7380 cancel_delayed_work(&hdev->power_off);
7381 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7384 bacpy(&ev.addr.bdaddr, bdaddr);
7385 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7386 ev.status = mgmt_status(status);
7388 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7391 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7393 struct mgmt_ev_pin_code_request ev;
7395 bacpy(&ev.addr.bdaddr, bdaddr);
7396 ev.addr.type = BDADDR_BREDR;
7399 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7402 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7405 struct mgmt_pending_cmd *cmd;
7407 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7411 cmd->cmd_complete(cmd, mgmt_status(status));
7412 mgmt_pending_remove(cmd);
7415 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7418 struct mgmt_pending_cmd *cmd;
7420 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7424 cmd->cmd_complete(cmd, mgmt_status(status));
7425 mgmt_pending_remove(cmd);
7428 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7429 u8 link_type, u8 addr_type, u32 value,
7432 struct mgmt_ev_user_confirm_request ev;
7434 BT_DBG("%s", hdev->name);
7436 bacpy(&ev.addr.bdaddr, bdaddr);
7437 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7438 ev.confirm_hint = confirm_hint;
7439 ev.value = cpu_to_le32(value);
7441 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7445 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7446 u8 link_type, u8 addr_type)
7448 struct mgmt_ev_user_passkey_request ev;
7450 BT_DBG("%s", hdev->name);
7452 bacpy(&ev.addr.bdaddr, bdaddr);
7453 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7455 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7459 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7460 u8 link_type, u8 addr_type, u8 status,
7463 struct mgmt_pending_cmd *cmd;
7465 cmd = pending_find(opcode, hdev);
7469 cmd->cmd_complete(cmd, mgmt_status(status));
7470 mgmt_pending_remove(cmd);
7475 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7476 u8 link_type, u8 addr_type, u8 status)
7478 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7479 status, MGMT_OP_USER_CONFIRM_REPLY);
7482 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7483 u8 link_type, u8 addr_type, u8 status)
7485 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7487 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7490 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7491 u8 link_type, u8 addr_type, u8 status)
7493 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7494 status, MGMT_OP_USER_PASSKEY_REPLY);
7497 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7498 u8 link_type, u8 addr_type, u8 status)
7500 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7502 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7505 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7506 u8 link_type, u8 addr_type, u32 passkey,
7509 struct mgmt_ev_passkey_notify ev;
7511 BT_DBG("%s", hdev->name);
7513 bacpy(&ev.addr.bdaddr, bdaddr);
7514 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7515 ev.passkey = __cpu_to_le32(passkey);
7516 ev.entered = entered;
7518 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7521 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7523 struct mgmt_ev_auth_failed ev;
7524 struct mgmt_pending_cmd *cmd;
7525 u8 status = mgmt_status(hci_status);
7527 bacpy(&ev.addr.bdaddr, &conn->dst);
7528 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7531 cmd = find_pairing(conn);
7533 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7534 cmd ? cmd->sk : NULL);
7537 cmd->cmd_complete(cmd, status);
7538 mgmt_pending_remove(cmd);
7542 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7544 struct cmd_lookup match = { NULL, hdev };
7548 u8 mgmt_err = mgmt_status(status);
7549 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7550 cmd_status_rsp, &mgmt_err);
7554 if (test_bit(HCI_AUTH, &hdev->flags))
7555 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7557 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7559 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7563 new_settings(hdev, match.sk);
7569 static void clear_eir(struct hci_request *req)
7571 struct hci_dev *hdev = req->hdev;
7572 struct hci_cp_write_eir cp;
7574 if (!lmp_ext_inq_capable(hdev))
7577 memset(hdev->eir, 0, sizeof(hdev->eir));
7579 memset(&cp, 0, sizeof(cp));
7581 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7584 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7586 struct cmd_lookup match = { NULL, hdev };
7587 struct hci_request req;
7588 bool changed = false;
7591 u8 mgmt_err = mgmt_status(status);
7593 if (enable && hci_dev_test_and_clear_flag(hdev,
7595 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7596 new_settings(hdev, NULL);
7599 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7605 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7607 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7609 changed = hci_dev_test_and_clear_flag(hdev,
7612 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7615 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7618 new_settings(hdev, match.sk);
7623 hci_req_init(&req, hdev);
7625 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7626 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7627 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7628 sizeof(enable), &enable);
7629 __hci_req_update_eir(&req);
7634 hci_req_run(&req, NULL);
7637 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7639 struct cmd_lookup *match = data;
7641 if (match->sk == NULL) {
7642 match->sk = cmd->sk;
7643 sock_hold(match->sk);
7647 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7650 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7652 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7653 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7654 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7657 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7658 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7659 ext_info_changed(hdev, NULL);
7666 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7668 struct mgmt_cp_set_local_name ev;
7669 struct mgmt_pending_cmd *cmd;
7674 memset(&ev, 0, sizeof(ev));
7675 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7676 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7678 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7680 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7682 /* If this is a HCI command related to powering on the
7683 * HCI dev don't send any mgmt signals.
7685 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7689 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7690 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7691 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7694 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7698 for (i = 0; i < uuid_count; i++) {
7699 if (!memcmp(uuid, uuids[i], 16))
7706 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7710 while (parsed < eir_len) {
7711 u8 field_len = eir[0];
7718 if (eir_len - parsed < field_len + 1)
7722 case EIR_UUID16_ALL:
7723 case EIR_UUID16_SOME:
7724 for (i = 0; i + 3 <= field_len; i += 2) {
7725 memcpy(uuid, bluetooth_base_uuid, 16);
7726 uuid[13] = eir[i + 3];
7727 uuid[12] = eir[i + 2];
7728 if (has_uuid(uuid, uuid_count, uuids))
7732 case EIR_UUID32_ALL:
7733 case EIR_UUID32_SOME:
7734 for (i = 0; i + 5 <= field_len; i += 4) {
7735 memcpy(uuid, bluetooth_base_uuid, 16);
7736 uuid[15] = eir[i + 5];
7737 uuid[14] = eir[i + 4];
7738 uuid[13] = eir[i + 3];
7739 uuid[12] = eir[i + 2];
7740 if (has_uuid(uuid, uuid_count, uuids))
7744 case EIR_UUID128_ALL:
7745 case EIR_UUID128_SOME:
7746 for (i = 0; i + 17 <= field_len; i += 16) {
7747 memcpy(uuid, eir + i + 2, 16);
7748 if (has_uuid(uuid, uuid_count, uuids))
7754 parsed += field_len + 1;
7755 eir += field_len + 1;
7761 static void restart_le_scan(struct hci_dev *hdev)
7763 /* If controller is not scanning we are done. */
7764 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7767 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7768 hdev->discovery.scan_start +
7769 hdev->discovery.scan_duration))
7772 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
7773 DISCOV_LE_RESTART_DELAY);
7776 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7777 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7779 /* If a RSSI threshold has been specified, and
7780 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7781 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7782 * is set, let it through for further processing, as we might need to
7785 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7786 * the results are also dropped.
7788 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7789 (rssi == HCI_RSSI_INVALID ||
7790 (rssi < hdev->discovery.rssi &&
7791 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7794 if (hdev->discovery.uuid_count != 0) {
7795 /* If a list of UUIDs is provided in filter, results with no
7796 * matching UUID should be dropped.
7798 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7799 hdev->discovery.uuids) &&
7800 !eir_has_uuids(scan_rsp, scan_rsp_len,
7801 hdev->discovery.uuid_count,
7802 hdev->discovery.uuids))
7806 /* If duplicate filtering does not report RSSI changes, then restart
7807 * scanning to ensure updated result with updated RSSI values.
7809 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7810 restart_le_scan(hdev);
7812 /* Validate RSSI value against the RSSI threshold once more. */
7813 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7814 rssi < hdev->discovery.rssi)
7821 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7822 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7823 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7826 struct mgmt_ev_device_found *ev = (void *)buf;
7829 /* Don't send events for a non-kernel initiated discovery. With
7830 * LE one exception is if we have pend_le_reports > 0 in which
7831 * case we're doing passive scanning and want these events.
7833 if (!hci_discovery_active(hdev)) {
7834 if (link_type == ACL_LINK)
7836 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7840 if (hdev->discovery.result_filtering) {
7841 /* We are using service discovery */
7842 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7847 if (hdev->discovery.limited) {
7848 /* Check for limited discoverable bit */
7850 if (!(dev_class[1] & 0x20))
7853 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7854 if (!flags || !(flags[0] & LE_AD_LIMITED))
7859 /* Make sure that the buffer is big enough. The 5 extra bytes
7860 * are for the potential CoD field.
7862 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7865 memset(buf, 0, sizeof(buf));
7867 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7868 * RSSI value was reported as 0 when not available. This behavior
7869 * is kept when using device discovery. This is required for full
7870 * backwards compatibility with the API.
7872 * However when using service discovery, the value 127 will be
7873 * returned when the RSSI is not available.
7875 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7876 link_type == ACL_LINK)
7879 bacpy(&ev->addr.bdaddr, bdaddr);
7880 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7882 ev->flags = cpu_to_le32(flags);
7885 /* Copy EIR or advertising data into event */
7886 memcpy(ev->eir, eir, eir_len);
7888 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7890 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7893 if (scan_rsp_len > 0)
7894 /* Append scan response data to event */
7895 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7897 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7898 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7900 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7903 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7904 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7906 struct mgmt_ev_device_found *ev;
7907 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7910 ev = (struct mgmt_ev_device_found *) buf;
7912 memset(buf, 0, sizeof(buf));
7914 bacpy(&ev->addr.bdaddr, bdaddr);
7915 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7918 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7921 ev->eir_len = cpu_to_le16(eir_len);
7923 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7926 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7928 struct mgmt_ev_discovering ev;
7930 BT_DBG("%s discovering %u", hdev->name, discovering);
7932 memset(&ev, 0, sizeof(ev));
7933 ev.type = hdev->discovery.type;
7934 ev.discovering = discovering;
7936 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7939 static struct hci_mgmt_chan chan = {
7940 .channel = HCI_CHANNEL_CONTROL,
7941 .handler_count = ARRAY_SIZE(mgmt_handlers),
7942 .handlers = mgmt_handlers,
7943 .hdev_init = mgmt_init_hdev,
7948 return hci_mgmt_chan_register(&chan);
7951 void mgmt_exit(void)
7953 hci_mgmt_chan_unregister(&chan);
projects / linux-2.6-microblaze.git / blob