2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 14
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
111 static const u16 mgmt_events[] = {
112 MGMT_EV_CONTROLLER_ERROR,
114 MGMT_EV_INDEX_REMOVED,
115 MGMT_EV_NEW_SETTINGS,
116 MGMT_EV_CLASS_OF_DEV_CHANGED,
117 MGMT_EV_LOCAL_NAME_CHANGED,
118 MGMT_EV_NEW_LINK_KEY,
119 MGMT_EV_NEW_LONG_TERM_KEY,
120 MGMT_EV_DEVICE_CONNECTED,
121 MGMT_EV_DEVICE_DISCONNECTED,
122 MGMT_EV_CONNECT_FAILED,
123 MGMT_EV_PIN_CODE_REQUEST,
124 MGMT_EV_USER_CONFIRM_REQUEST,
125 MGMT_EV_USER_PASSKEY_REQUEST,
127 MGMT_EV_DEVICE_FOUND,
129 MGMT_EV_DEVICE_BLOCKED,
130 MGMT_EV_DEVICE_UNBLOCKED,
131 MGMT_EV_DEVICE_UNPAIRED,
132 MGMT_EV_PASSKEY_NOTIFY,
135 MGMT_EV_DEVICE_ADDED,
136 MGMT_EV_DEVICE_REMOVED,
137 MGMT_EV_NEW_CONN_PARAM,
138 MGMT_EV_UNCONF_INDEX_ADDED,
139 MGMT_EV_UNCONF_INDEX_REMOVED,
140 MGMT_EV_NEW_CONFIG_OPTIONS,
141 MGMT_EV_EXT_INDEX_ADDED,
142 MGMT_EV_EXT_INDEX_REMOVED,
143 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
144 MGMT_EV_ADVERTISING_ADDED,
145 MGMT_EV_ADVERTISING_REMOVED,
146 MGMT_EV_EXT_INFO_CHANGED,
149 static const u16 mgmt_untrusted_commands[] = {
150 MGMT_OP_READ_INDEX_LIST,
152 MGMT_OP_READ_UNCONF_INDEX_LIST,
153 MGMT_OP_READ_CONFIG_INFO,
154 MGMT_OP_READ_EXT_INDEX_LIST,
155 MGMT_OP_READ_EXT_INFO,
158 static const u16 mgmt_untrusted_events[] = {
160 MGMT_EV_INDEX_REMOVED,
161 MGMT_EV_NEW_SETTINGS,
162 MGMT_EV_CLASS_OF_DEV_CHANGED,
163 MGMT_EV_LOCAL_NAME_CHANGED,
164 MGMT_EV_UNCONF_INDEX_ADDED,
165 MGMT_EV_UNCONF_INDEX_REMOVED,
166 MGMT_EV_NEW_CONFIG_OPTIONS,
167 MGMT_EV_EXT_INDEX_ADDED,
168 MGMT_EV_EXT_INDEX_REMOVED,
169 MGMT_EV_EXT_INFO_CHANGED,
172 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
174 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
175 "\x00\x00\x00\x00\x00\x00\x00\x00"
177 /* HCI to MGMT error code conversion table */
178 static u8 mgmt_status_table[] = {
180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
182 MGMT_STATUS_FAILED, /* Hardware Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
191 MGMT_STATUS_BUSY, /* Command Disallowed */
192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
193 MGMT_STATUS_REJECTED, /* Rejected Security */
194 MGMT_STATUS_REJECTED, /* Rejected Personal */
195 MGMT_STATUS_TIMEOUT, /* Host Timeout */
196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
202 MGMT_STATUS_BUSY, /* Repeated Attempts */
203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
210 MGMT_STATUS_FAILED, /* Unspecified Error */
211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
217 MGMT_STATUS_FAILED, /* Unit Link Key Used */
218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
219 MGMT_STATUS_TIMEOUT, /* Instant Passed */
220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
221 MGMT_STATUS_FAILED, /* Transaction Collision */
222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
223 MGMT_STATUS_REJECTED, /* QoS Rejected */
224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
225 MGMT_STATUS_REJECTED, /* Insufficient Security */
226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
227 MGMT_STATUS_BUSY, /* Role Switch Pending */
228 MGMT_STATUS_FAILED, /* Slot Violation */
229 MGMT_STATUS_FAILED, /* Role Switch Failed */
230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
232 MGMT_STATUS_BUSY, /* Host Busy Pairing */
233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
234 MGMT_STATUS_BUSY, /* Controller Busy */
235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
242 static u8 mgmt_status(u8 hci_status)
244 if (hci_status < ARRAY_SIZE(mgmt_status_table))
245 return mgmt_status_table[hci_status];
247 return MGMT_STATUS_FAILED;
250 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, int flag, struct sock *skip_sk)
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
271 static u8 le_addr_type(u8 mgmt_addr_type)
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
276 return ADDR_LE_DEV_RANDOM;
279 void mgmt_fill_version_info(void *ver)
281 struct mgmt_rp_read_version *rp = ver;
283 rp->version = MGMT_VERSION;
284 rp->revision = cpu_to_le16(MGMT_REVISION);
287 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
290 struct mgmt_rp_read_version rp;
292 BT_DBG("sock %p", sk);
294 mgmt_fill_version_info(&rp);
296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
300 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
303 struct mgmt_rp_read_commands *rp;
304 u16 num_commands, num_events;
308 BT_DBG("sock %p", sk);
310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
311 num_commands = ARRAY_SIZE(mgmt_commands);
312 num_events = ARRAY_SIZE(mgmt_events);
314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
315 num_events = ARRAY_SIZE(mgmt_untrusted_events);
318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
320 rp = kmalloc(rp_size, GFP_KERNEL);
324 rp->num_commands = cpu_to_le16(num_commands);
325 rp->num_events = cpu_to_le16(num_events);
327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
328 __le16 *opcode = rp->opcodes;
330 for (i = 0; i < num_commands; i++, opcode++)
331 put_unaligned_le16(mgmt_commands[i], opcode);
333 for (i = 0; i < num_events; i++, opcode++)
334 put_unaligned_le16(mgmt_events[i], opcode);
336 __le16 *opcode = rp->opcodes;
338 for (i = 0; i < num_commands; i++, opcode++)
339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
341 for (i = 0; i < num_events; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
352 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
355 struct mgmt_rp_read_index_list *rp;
361 BT_DBG("sock %p", sk);
363 read_lock(&hci_dev_list_lock);
366 list_for_each_entry(d, &hci_dev_list, list) {
367 if (d->dev_type == HCI_PRIMARY &&
368 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
372 rp_len = sizeof(*rp) + (2 * count);
373 rp = kmalloc(rp_len, GFP_ATOMIC);
375 read_unlock(&hci_dev_list_lock);
380 list_for_each_entry(d, &hci_dev_list, list) {
381 if (hci_dev_test_flag(d, HCI_SETUP) ||
382 hci_dev_test_flag(d, HCI_CONFIG) ||
383 hci_dev_test_flag(d, HCI_USER_CHANNEL))
386 /* Devices marked as raw-only are neither configured
387 * nor unconfigured controllers.
389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
392 if (d->dev_type == HCI_PRIMARY &&
393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
394 rp->index[count++] = cpu_to_le16(d->id);
395 BT_DBG("Added hci%u", d->id);
399 rp->num_controllers = cpu_to_le16(count);
400 rp_len = sizeof(*rp) + (2 * count);
402 read_unlock(&hci_dev_list_lock);
404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
412 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
413 void *data, u16 data_len)
415 struct mgmt_rp_read_unconf_index_list *rp;
421 BT_DBG("sock %p", sk);
423 read_lock(&hci_dev_list_lock);
426 list_for_each_entry(d, &hci_dev_list, list) {
427 if (d->dev_type == HCI_PRIMARY &&
428 hci_dev_test_flag(d, HCI_UNCONFIGURED))
432 rp_len = sizeof(*rp) + (2 * count);
433 rp = kmalloc(rp_len, GFP_ATOMIC);
435 read_unlock(&hci_dev_list_lock);
440 list_for_each_entry(d, &hci_dev_list, list) {
441 if (hci_dev_test_flag(d, HCI_SETUP) ||
442 hci_dev_test_flag(d, HCI_CONFIG) ||
443 hci_dev_test_flag(d, HCI_USER_CHANNEL))
446 /* Devices marked as raw-only are neither configured
447 * nor unconfigured controllers.
449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
452 if (d->dev_type == HCI_PRIMARY &&
453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
454 rp->index[count++] = cpu_to_le16(d->id);
455 BT_DBG("Added hci%u", d->id);
459 rp->num_controllers = cpu_to_le16(count);
460 rp_len = sizeof(*rp) + (2 * count);
462 read_unlock(&hci_dev_list_lock);
464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
472 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
473 void *data, u16 data_len)
475 struct mgmt_rp_read_ext_index_list *rp;
480 BT_DBG("sock %p", sk);
482 read_lock(&hci_dev_list_lock);
485 list_for_each_entry(d, &hci_dev_list, list) {
486 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
490 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
492 read_unlock(&hci_dev_list_lock);
497 list_for_each_entry(d, &hci_dev_list, list) {
498 if (hci_dev_test_flag(d, HCI_SETUP) ||
499 hci_dev_test_flag(d, HCI_CONFIG) ||
500 hci_dev_test_flag(d, HCI_USER_CHANNEL))
503 /* Devices marked as raw-only are neither configured
504 * nor unconfigured controllers.
506 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
509 if (d->dev_type == HCI_PRIMARY) {
510 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
511 rp->entry[count].type = 0x01;
513 rp->entry[count].type = 0x00;
514 } else if (d->dev_type == HCI_AMP) {
515 rp->entry[count].type = 0x02;
520 rp->entry[count].bus = d->bus;
521 rp->entry[count++].index = cpu_to_le16(d->id);
522 BT_DBG("Added hci%u", d->id);
525 rp->num_controllers = cpu_to_le16(count);
527 read_unlock(&hci_dev_list_lock);
529 /* If this command is called at least once, then all the
530 * default index and unconfigured index events are disabled
531 * and from now on only extended index events are used.
533 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
534 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
535 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
537 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
538 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
539 struct_size(rp, entry, count));
546 static bool is_configured(struct hci_dev *hdev)
548 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
549 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
552 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
553 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
554 !bacmp(&hdev->public_addr, BDADDR_ANY))
560 static __le32 get_missing_options(struct hci_dev *hdev)
564 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
565 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
566 options |= MGMT_OPTION_EXTERNAL_CONFIG;
568 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
569 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
570 !bacmp(&hdev->public_addr, BDADDR_ANY))
571 options |= MGMT_OPTION_PUBLIC_ADDRESS;
573 return cpu_to_le32(options);
576 static int new_options(struct hci_dev *hdev, struct sock *skip)
578 __le32 options = get_missing_options(hdev);
580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
584 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
586 __le32 options = get_missing_options(hdev);
588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
592 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
593 void *data, u16 data_len)
595 struct mgmt_rp_read_config_info rp;
598 BT_DBG("sock %p %s", sk, hdev->name);
602 memset(&rp, 0, sizeof(rp));
603 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
606 options |= MGMT_OPTION_EXTERNAL_CONFIG;
608 if (hdev->set_bdaddr)
609 options |= MGMT_OPTION_PUBLIC_ADDRESS;
611 rp.supported_options = cpu_to_le32(options);
612 rp.missing_options = get_missing_options(hdev);
614 hci_dev_unlock(hdev);
616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
620 static u32 get_supported_phys(struct hci_dev *hdev)
622 u32 supported_phys = 0;
624 if (lmp_bredr_capable(hdev)) {
625 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
627 if (hdev->features[0][0] & LMP_3SLOT)
628 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
630 if (hdev->features[0][0] & LMP_5SLOT)
631 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
633 if (lmp_edr_2m_capable(hdev)) {
634 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
636 if (lmp_edr_3slot_capable(hdev))
637 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
639 if (lmp_edr_5slot_capable(hdev))
640 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
642 if (lmp_edr_3m_capable(hdev)) {
643 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
645 if (lmp_edr_3slot_capable(hdev))
646 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
648 if (lmp_edr_5slot_capable(hdev))
649 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
654 if (lmp_le_capable(hdev)) {
655 supported_phys |= MGMT_PHY_LE_1M_TX;
656 supported_phys |= MGMT_PHY_LE_1M_RX;
658 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
659 supported_phys |= MGMT_PHY_LE_2M_TX;
660 supported_phys |= MGMT_PHY_LE_2M_RX;
663 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
664 supported_phys |= MGMT_PHY_LE_CODED_TX;
665 supported_phys |= MGMT_PHY_LE_CODED_RX;
669 return supported_phys;
672 static u32 get_selected_phys(struct hci_dev *hdev)
674 u32 selected_phys = 0;
676 if (lmp_bredr_capable(hdev)) {
677 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
679 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
680 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
682 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
683 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
685 if (lmp_edr_2m_capable(hdev)) {
686 if (!(hdev->pkt_type & HCI_2DH1))
687 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
689 if (lmp_edr_3slot_capable(hdev) &&
690 !(hdev->pkt_type & HCI_2DH3))
691 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
693 if (lmp_edr_5slot_capable(hdev) &&
694 !(hdev->pkt_type & HCI_2DH5))
695 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
697 if (lmp_edr_3m_capable(hdev)) {
698 if (!(hdev->pkt_type & HCI_3DH1))
699 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
701 if (lmp_edr_3slot_capable(hdev) &&
702 !(hdev->pkt_type & HCI_3DH3))
703 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
705 if (lmp_edr_5slot_capable(hdev) &&
706 !(hdev->pkt_type & HCI_3DH5))
707 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
712 if (lmp_le_capable(hdev)) {
713 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
714 selected_phys |= MGMT_PHY_LE_1M_TX;
716 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
717 selected_phys |= MGMT_PHY_LE_1M_RX;
719 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
720 selected_phys |= MGMT_PHY_LE_2M_TX;
722 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
723 selected_phys |= MGMT_PHY_LE_2M_RX;
725 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
726 selected_phys |= MGMT_PHY_LE_CODED_TX;
728 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
729 selected_phys |= MGMT_PHY_LE_CODED_RX;
732 return selected_phys;
735 static u32 get_configurable_phys(struct hci_dev *hdev)
737 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
738 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
741 static u32 get_supported_settings(struct hci_dev *hdev)
745 settings |= MGMT_SETTING_POWERED;
746 settings |= MGMT_SETTING_BONDABLE;
747 settings |= MGMT_SETTING_DEBUG_KEYS;
748 settings |= MGMT_SETTING_CONNECTABLE;
749 settings |= MGMT_SETTING_DISCOVERABLE;
751 if (lmp_bredr_capable(hdev)) {
752 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
753 settings |= MGMT_SETTING_FAST_CONNECTABLE;
754 settings |= MGMT_SETTING_BREDR;
755 settings |= MGMT_SETTING_LINK_SECURITY;
757 if (lmp_ssp_capable(hdev)) {
758 settings |= MGMT_SETTING_SSP;
759 settings |= MGMT_SETTING_HS;
762 if (lmp_sc_capable(hdev))
763 settings |= MGMT_SETTING_SECURE_CONN;
766 if (lmp_le_capable(hdev)) {
767 settings |= MGMT_SETTING_LE;
768 settings |= MGMT_SETTING_ADVERTISING;
769 settings |= MGMT_SETTING_SECURE_CONN;
770 settings |= MGMT_SETTING_PRIVACY;
771 settings |= MGMT_SETTING_STATIC_ADDRESS;
774 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
776 settings |= MGMT_SETTING_CONFIGURATION;
778 settings |= MGMT_SETTING_PHY_CONFIGURATION;
783 static u32 get_current_settings(struct hci_dev *hdev)
787 if (hdev_is_powered(hdev))
788 settings |= MGMT_SETTING_POWERED;
790 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
791 settings |= MGMT_SETTING_CONNECTABLE;
793 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
794 settings |= MGMT_SETTING_FAST_CONNECTABLE;
796 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
797 settings |= MGMT_SETTING_DISCOVERABLE;
799 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
800 settings |= MGMT_SETTING_BONDABLE;
802 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
803 settings |= MGMT_SETTING_BREDR;
805 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
806 settings |= MGMT_SETTING_LE;
808 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
809 settings |= MGMT_SETTING_LINK_SECURITY;
811 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
812 settings |= MGMT_SETTING_SSP;
814 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
815 settings |= MGMT_SETTING_HS;
817 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
818 settings |= MGMT_SETTING_ADVERTISING;
820 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
821 settings |= MGMT_SETTING_SECURE_CONN;
823 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
824 settings |= MGMT_SETTING_DEBUG_KEYS;
826 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
827 settings |= MGMT_SETTING_PRIVACY;
829 /* The current setting for static address has two purposes. The
830 * first is to indicate if the static address will be used and
831 * the second is to indicate if it is actually set.
833 * This means if the static address is not configured, this flag
834 * will never be set. If the address is configured, then if the
835 * address is actually used decides if the flag is set or not.
837 * For single mode LE only controllers and dual-mode controllers
838 * with BR/EDR disabled, the existence of the static address will
841 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
842 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
843 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
844 if (bacmp(&hdev->static_addr, BDADDR_ANY))
845 settings |= MGMT_SETTING_STATIC_ADDRESS;
851 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
853 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
856 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
857 struct hci_dev *hdev,
860 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
863 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
865 struct mgmt_pending_cmd *cmd;
867 /* If there's a pending mgmt command the flags will not yet have
868 * their final values, so check for this first.
870 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
872 struct mgmt_mode *cp = cmd->param;
874 return LE_AD_GENERAL;
875 else if (cp->val == 0x02)
876 return LE_AD_LIMITED;
878 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
879 return LE_AD_LIMITED;
880 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
881 return LE_AD_GENERAL;
887 bool mgmt_get_connectable(struct hci_dev *hdev)
889 struct mgmt_pending_cmd *cmd;
891 /* If there's a pending mgmt command the flag will not yet have
892 * it's final value, so check for this first.
894 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
896 struct mgmt_mode *cp = cmd->param;
901 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
904 static void service_cache_off(struct work_struct *work)
906 struct hci_dev *hdev = container_of(work, struct hci_dev,
908 struct hci_request req;
910 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
913 hci_req_init(&req, hdev);
917 __hci_req_update_eir(&req);
918 __hci_req_update_class(&req);
920 hci_dev_unlock(hdev);
922 hci_req_run(&req, NULL);
925 static void rpa_expired(struct work_struct *work)
927 struct hci_dev *hdev = container_of(work, struct hci_dev,
929 struct hci_request req;
933 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
935 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
938 /* The generation of a new RPA and programming it into the
939 * controller happens in the hci_req_enable_advertising()
942 hci_req_init(&req, hdev);
943 if (ext_adv_capable(hdev))
944 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
946 __hci_req_enable_advertising(&req);
947 hci_req_run(&req, NULL);
950 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
952 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
955 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
956 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
958 /* Non-mgmt controlled devices get this bit set
959 * implicitly so that pairing works for them, however
960 * for mgmt we require user-space to explicitly enable
963 hci_dev_clear_flag(hdev, HCI_BONDABLE);
966 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
967 void *data, u16 data_len)
969 struct mgmt_rp_read_info rp;
971 BT_DBG("sock %p %s", sk, hdev->name);
975 memset(&rp, 0, sizeof(rp));
977 bacpy(&rp.bdaddr, &hdev->bdaddr);
979 rp.version = hdev->hci_ver;
980 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
982 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
983 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
985 memcpy(rp.dev_class, hdev->dev_class, 3);
987 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
988 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
990 hci_dev_unlock(hdev);
992 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
996 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1001 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1002 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1003 hdev->dev_class, 3);
1005 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1006 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1009 name_len = strlen(hdev->dev_name);
1010 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1011 hdev->dev_name, name_len);
1013 name_len = strlen(hdev->short_name);
1014 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1015 hdev->short_name, name_len);
1020 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1021 void *data, u16 data_len)
1024 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1027 BT_DBG("sock %p %s", sk, hdev->name);
1029 memset(&buf, 0, sizeof(buf));
1033 bacpy(&rp->bdaddr, &hdev->bdaddr);
1035 rp->version = hdev->hci_ver;
1036 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1038 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1039 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1042 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1043 rp->eir_len = cpu_to_le16(eir_len);
1045 hci_dev_unlock(hdev);
1047 /* If this command is called at least once, then the events
1048 * for class of device and local name changes are disabled
1049 * and only the new extended controller information event
1052 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1053 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1054 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1056 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1057 sizeof(*rp) + eir_len);
1060 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1063 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1066 memset(buf, 0, sizeof(buf));
1068 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1069 ev->eir_len = cpu_to_le16(eir_len);
1071 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1072 sizeof(*ev) + eir_len,
1073 HCI_MGMT_EXT_INFO_EVENTS, skip);
1076 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1078 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1080 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1084 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1086 BT_DBG("%s status 0x%02x", hdev->name, status);
1088 if (hci_conn_count(hdev) == 0) {
1089 cancel_delayed_work(&hdev->power_off);
1090 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1094 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1096 struct mgmt_ev_advertising_added ev;
1098 ev.instance = instance;
1100 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1103 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1106 struct mgmt_ev_advertising_removed ev;
1108 ev.instance = instance;
1110 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1113 static void cancel_adv_timeout(struct hci_dev *hdev)
1115 if (hdev->adv_instance_timeout) {
1116 hdev->adv_instance_timeout = 0;
1117 cancel_delayed_work(&hdev->adv_instance_expire);
1121 static int clean_up_hci_state(struct hci_dev *hdev)
1123 struct hci_request req;
1124 struct hci_conn *conn;
1125 bool discov_stopped;
1128 hci_req_init(&req, hdev);
1130 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1131 test_bit(HCI_PSCAN, &hdev->flags)) {
1133 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1136 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1138 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1139 __hci_req_disable_advertising(&req);
1141 discov_stopped = hci_req_stop_discovery(&req);
1143 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1144 /* 0x15 == Terminated due to Power Off */
1145 __hci_abort_conn(&req, conn, 0x15);
1148 err = hci_req_run(&req, clean_up_hci_complete);
1149 if (!err && discov_stopped)
1150 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1155 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1158 struct mgmt_mode *cp = data;
1159 struct mgmt_pending_cmd *cmd;
1162 BT_DBG("request for %s", hdev->name);
1164 if (cp->val != 0x00 && cp->val != 0x01)
1165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1166 MGMT_STATUS_INVALID_PARAMS);
1170 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1171 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1176 if (!!cp->val == hdev_is_powered(hdev)) {
1177 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1181 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1188 queue_work(hdev->req_workqueue, &hdev->power_on);
1191 /* Disconnect connections, stop scans, etc */
1192 err = clean_up_hci_state(hdev);
1194 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1195 HCI_POWER_OFF_TIMEOUT);
1197 /* ENODATA means there were no HCI commands queued */
1198 if (err == -ENODATA) {
1199 cancel_delayed_work(&hdev->power_off);
1200 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1206 hci_dev_unlock(hdev);
1210 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1212 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1214 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1215 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1218 int mgmt_new_settings(struct hci_dev *hdev)
1220 return new_settings(hdev, NULL);
1225 struct hci_dev *hdev;
1229 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1231 struct cmd_lookup *match = data;
1233 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1235 list_del(&cmd->list);
1237 if (match->sk == NULL) {
1238 match->sk = cmd->sk;
1239 sock_hold(match->sk);
1242 mgmt_pending_free(cmd);
1245 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1249 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1250 mgmt_pending_remove(cmd);
1253 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1255 if (cmd->cmd_complete) {
1258 cmd->cmd_complete(cmd, *status);
1259 mgmt_pending_remove(cmd);
1264 cmd_status_rsp(cmd, data);
1267 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1269 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1270 cmd->param, cmd->param_len);
1273 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1275 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1276 cmd->param, sizeof(struct mgmt_addr_info));
1279 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1281 if (!lmp_bredr_capable(hdev))
1282 return MGMT_STATUS_NOT_SUPPORTED;
1283 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1284 return MGMT_STATUS_REJECTED;
1286 return MGMT_STATUS_SUCCESS;
1289 static u8 mgmt_le_support(struct hci_dev *hdev)
1291 if (!lmp_le_capable(hdev))
1292 return MGMT_STATUS_NOT_SUPPORTED;
1293 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1294 return MGMT_STATUS_REJECTED;
1296 return MGMT_STATUS_SUCCESS;
1299 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1301 struct mgmt_pending_cmd *cmd;
1303 BT_DBG("status 0x%02x", status);
1307 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1312 u8 mgmt_err = mgmt_status(status);
1313 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1314 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1318 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1319 hdev->discov_timeout > 0) {
1320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1321 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1324 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1325 new_settings(hdev, cmd->sk);
1328 mgmt_pending_remove(cmd);
1331 hci_dev_unlock(hdev);
1334 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1337 struct mgmt_cp_set_discoverable *cp = data;
1338 struct mgmt_pending_cmd *cmd;
1342 BT_DBG("request for %s", hdev->name);
1344 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1345 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1346 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1347 MGMT_STATUS_REJECTED);
1349 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1350 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1351 MGMT_STATUS_INVALID_PARAMS);
1353 timeout = __le16_to_cpu(cp->timeout);
1355 /* Disabling discoverable requires that no timeout is set,
1356 * and enabling limited discoverable requires a timeout.
1358 if ((cp->val == 0x00 && timeout > 0) ||
1359 (cp->val == 0x02 && timeout == 0))
1360 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1361 MGMT_STATUS_INVALID_PARAMS);
1365 if (!hdev_is_powered(hdev) && timeout > 0) {
1366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1367 MGMT_STATUS_NOT_POWERED);
1371 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1372 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1373 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1378 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1379 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1380 MGMT_STATUS_REJECTED);
1384 if (!hdev_is_powered(hdev)) {
1385 bool changed = false;
1387 /* Setting limited discoverable when powered off is
1388 * not a valid operation since it requires a timeout
1389 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1391 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1392 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1396 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1401 err = new_settings(hdev, sk);
1406 /* If the current mode is the same, then just update the timeout
1407 * value with the new value. And if only the timeout gets updated,
1408 * then no need for any HCI transactions.
1410 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1411 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1412 HCI_LIMITED_DISCOVERABLE)) {
1413 cancel_delayed_work(&hdev->discov_off);
1414 hdev->discov_timeout = timeout;
1416 if (cp->val && hdev->discov_timeout > 0) {
1417 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1418 queue_delayed_work(hdev->req_workqueue,
1419 &hdev->discov_off, to);
1422 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1426 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1432 /* Cancel any potential discoverable timeout that might be
1433 * still active and store new timeout value. The arming of
1434 * the timeout happens in the complete handler.
1436 cancel_delayed_work(&hdev->discov_off);
1437 hdev->discov_timeout = timeout;
1440 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1442 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1444 /* Limited discoverable mode */
1445 if (cp->val == 0x02)
1446 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1448 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1450 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1454 hci_dev_unlock(hdev);
1458 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1460 struct mgmt_pending_cmd *cmd;
1462 BT_DBG("status 0x%02x", status);
1466 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1471 u8 mgmt_err = mgmt_status(status);
1472 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1476 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1477 new_settings(hdev, cmd->sk);
1480 mgmt_pending_remove(cmd);
1483 hci_dev_unlock(hdev);
1486 static int set_connectable_update_settings(struct hci_dev *hdev,
1487 struct sock *sk, u8 val)
1489 bool changed = false;
1492 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1496 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1498 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1499 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1502 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1507 hci_req_update_scan(hdev);
1508 hci_update_background_scan(hdev);
1509 return new_settings(hdev, sk);
1515 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1518 struct mgmt_mode *cp = data;
1519 struct mgmt_pending_cmd *cmd;
1522 BT_DBG("request for %s", hdev->name);
1524 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1525 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1527 MGMT_STATUS_REJECTED);
1529 if (cp->val != 0x00 && cp->val != 0x01)
1530 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1531 MGMT_STATUS_INVALID_PARAMS);
1535 if (!hdev_is_powered(hdev)) {
1536 err = set_connectable_update_settings(hdev, sk, cp->val);
1540 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1541 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1542 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1547 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1554 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1556 if (hdev->discov_timeout > 0)
1557 cancel_delayed_work(&hdev->discov_off);
1559 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1560 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1561 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1564 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1568 hci_dev_unlock(hdev);
1572 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1575 struct mgmt_mode *cp = data;
1579 BT_DBG("request for %s", hdev->name);
1581 if (cp->val != 0x00 && cp->val != 0x01)
1582 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1583 MGMT_STATUS_INVALID_PARAMS);
1588 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1590 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1592 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1597 /* In limited privacy mode the change of bondable mode
1598 * may affect the local advertising address.
1600 if (hdev_is_powered(hdev) &&
1601 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1602 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1603 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1604 queue_work(hdev->req_workqueue,
1605 &hdev->discoverable_update);
1607 err = new_settings(hdev, sk);
1611 hci_dev_unlock(hdev);
1615 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1618 struct mgmt_mode *cp = data;
1619 struct mgmt_pending_cmd *cmd;
1623 BT_DBG("request for %s", hdev->name);
1625 status = mgmt_bredr_support(hdev);
1627 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1630 if (cp->val != 0x00 && cp->val != 0x01)
1631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1632 MGMT_STATUS_INVALID_PARAMS);
1636 if (!hdev_is_powered(hdev)) {
1637 bool changed = false;
1639 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1640 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1644 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1649 err = new_settings(hdev, sk);
1654 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1662 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1663 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1667 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1673 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1675 mgmt_pending_remove(cmd);
1680 hci_dev_unlock(hdev);
1684 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1686 struct mgmt_mode *cp = data;
1687 struct mgmt_pending_cmd *cmd;
1691 BT_DBG("request for %s", hdev->name);
1693 status = mgmt_bredr_support(hdev);
1695 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1697 if (!lmp_ssp_capable(hdev))
1698 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1699 MGMT_STATUS_NOT_SUPPORTED);
1701 if (cp->val != 0x00 && cp->val != 0x01)
1702 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1703 MGMT_STATUS_INVALID_PARAMS);
1707 if (!hdev_is_powered(hdev)) {
1711 changed = !hci_dev_test_and_set_flag(hdev,
1714 changed = hci_dev_test_and_clear_flag(hdev,
1717 changed = hci_dev_test_and_clear_flag(hdev,
1720 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1723 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1728 err = new_settings(hdev, sk);
1733 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1734 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1739 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1740 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1744 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1750 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1751 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1752 sizeof(cp->val), &cp->val);
1754 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1756 mgmt_pending_remove(cmd);
1761 hci_dev_unlock(hdev);
1765 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1767 struct mgmt_mode *cp = data;
1772 BT_DBG("request for %s", hdev->name);
1774 status = mgmt_bredr_support(hdev);
1776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1778 if (!lmp_ssp_capable(hdev))
1779 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1780 MGMT_STATUS_NOT_SUPPORTED);
1782 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1783 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1784 MGMT_STATUS_REJECTED);
1786 if (cp->val != 0x00 && cp->val != 0x01)
1787 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1788 MGMT_STATUS_INVALID_PARAMS);
1792 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1793 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1799 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1801 if (hdev_is_powered(hdev)) {
1802 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1803 MGMT_STATUS_REJECTED);
1807 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1810 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1815 err = new_settings(hdev, sk);
1818 hci_dev_unlock(hdev);
1822 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1824 struct cmd_lookup match = { NULL, hdev };
1829 u8 mgmt_err = mgmt_status(status);
1831 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1836 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1838 new_settings(hdev, match.sk);
1843 /* Make sure the controller has a good default for
1844 * advertising data. Restrict the update to when LE
1845 * has actually been enabled. During power on, the
1846 * update in powered_update_hci will take care of it.
1848 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1849 struct hci_request req;
1850 hci_req_init(&req, hdev);
1851 if (ext_adv_capable(hdev)) {
1854 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1856 __hci_req_update_scan_rsp_data(&req, 0x00);
1858 __hci_req_update_adv_data(&req, 0x00);
1859 __hci_req_update_scan_rsp_data(&req, 0x00);
1861 hci_req_run(&req, NULL);
1862 hci_update_background_scan(hdev);
1866 hci_dev_unlock(hdev);
1869 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1871 struct mgmt_mode *cp = data;
1872 struct hci_cp_write_le_host_supported hci_cp;
1873 struct mgmt_pending_cmd *cmd;
1874 struct hci_request req;
1878 BT_DBG("request for %s", hdev->name);
1880 if (!lmp_le_capable(hdev))
1881 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1882 MGMT_STATUS_NOT_SUPPORTED);
1884 if (cp->val != 0x00 && cp->val != 0x01)
1885 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1886 MGMT_STATUS_INVALID_PARAMS);
1888 /* Bluetooth single mode LE only controllers or dual-mode
1889 * controllers configured as LE only devices, do not allow
1890 * switching LE off. These have either LE enabled explicitly
1891 * or BR/EDR has been previously switched off.
1893 * When trying to enable an already enabled LE, then gracefully
1894 * send a positive response. Trying to disable it however will
1895 * result into rejection.
1897 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1898 if (cp->val == 0x01)
1899 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1901 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1902 MGMT_STATUS_REJECTED);
1908 enabled = lmp_host_le_capable(hdev);
1911 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1913 if (!hdev_is_powered(hdev) || val == enabled) {
1914 bool changed = false;
1916 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1917 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1921 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1922 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1926 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1931 err = new_settings(hdev, sk);
1936 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1937 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1938 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1943 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1949 hci_req_init(&req, hdev);
1951 memset(&hci_cp, 0, sizeof(hci_cp));
1955 hci_cp.simul = 0x00;
1957 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1958 __hci_req_disable_advertising(&req);
1960 if (ext_adv_capable(hdev))
1961 __hci_req_clear_ext_adv_sets(&req);
1964 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1967 err = hci_req_run(&req, le_enable_complete);
1969 mgmt_pending_remove(cmd);
1972 hci_dev_unlock(hdev);
1976 /* This is a helper function to test for pending mgmt commands that can
1977 * cause CoD or EIR HCI commands. We can only allow one such pending
1978 * mgmt command at a time since otherwise we cannot easily track what
1979 * the current values are, will be, and based on that calculate if a new
1980 * HCI command needs to be sent and if yes with what value.
1982 static bool pending_eir_or_class(struct hci_dev *hdev)
1984 struct mgmt_pending_cmd *cmd;
1986 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1987 switch (cmd->opcode) {
1988 case MGMT_OP_ADD_UUID:
1989 case MGMT_OP_REMOVE_UUID:
1990 case MGMT_OP_SET_DEV_CLASS:
1991 case MGMT_OP_SET_POWERED:
1999 static const u8 bluetooth_base_uuid[] = {
2000 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2001 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2004 static u8 get_uuid_size(const u8 *uuid)
2008 if (memcmp(uuid, bluetooth_base_uuid, 12))
2011 val = get_unaligned_le32(&uuid[12]);
2018 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2020 struct mgmt_pending_cmd *cmd;
2024 cmd = pending_find(mgmt_op, hdev);
2028 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2029 mgmt_status(status), hdev->dev_class, 3);
2031 mgmt_pending_remove(cmd);
2034 hci_dev_unlock(hdev);
2037 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2039 BT_DBG("status 0x%02x", status);
2041 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2044 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2046 struct mgmt_cp_add_uuid *cp = data;
2047 struct mgmt_pending_cmd *cmd;
2048 struct hci_request req;
2049 struct bt_uuid *uuid;
2052 BT_DBG("request for %s", hdev->name);
2056 if (pending_eir_or_class(hdev)) {
2057 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2062 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2068 memcpy(uuid->uuid, cp->uuid, 16);
2069 uuid->svc_hint = cp->svc_hint;
2070 uuid->size = get_uuid_size(cp->uuid);
2072 list_add_tail(&uuid->list, &hdev->uuids);
2074 hci_req_init(&req, hdev);
2076 __hci_req_update_class(&req);
2077 __hci_req_update_eir(&req);
2079 err = hci_req_run(&req, add_uuid_complete);
2081 if (err != -ENODATA)
2084 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2085 hdev->dev_class, 3);
2089 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2098 hci_dev_unlock(hdev);
2102 static bool enable_service_cache(struct hci_dev *hdev)
2104 if (!hdev_is_powered(hdev))
2107 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2108 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2116 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2118 BT_DBG("status 0x%02x", status);
2120 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2123 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2126 struct mgmt_cp_remove_uuid *cp = data;
2127 struct mgmt_pending_cmd *cmd;
2128 struct bt_uuid *match, *tmp;
2129 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2130 struct hci_request req;
2133 BT_DBG("request for %s", hdev->name);
2137 if (pending_eir_or_class(hdev)) {
2138 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2143 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2144 hci_uuids_clear(hdev);
2146 if (enable_service_cache(hdev)) {
2147 err = mgmt_cmd_complete(sk, hdev->id,
2148 MGMT_OP_REMOVE_UUID,
2149 0, hdev->dev_class, 3);
2158 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2159 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2162 list_del(&match->list);
2168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2169 MGMT_STATUS_INVALID_PARAMS);
2174 hci_req_init(&req, hdev);
2176 __hci_req_update_class(&req);
2177 __hci_req_update_eir(&req);
2179 err = hci_req_run(&req, remove_uuid_complete);
2181 if (err != -ENODATA)
2184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2185 hdev->dev_class, 3);
2189 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2198 hci_dev_unlock(hdev);
2202 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2204 BT_DBG("status 0x%02x", status);
2206 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2209 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2212 struct mgmt_cp_set_dev_class *cp = data;
2213 struct mgmt_pending_cmd *cmd;
2214 struct hci_request req;
2217 BT_DBG("request for %s", hdev->name);
2219 if (!lmp_bredr_capable(hdev))
2220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2221 MGMT_STATUS_NOT_SUPPORTED);
2225 if (pending_eir_or_class(hdev)) {
2226 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2231 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2232 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2233 MGMT_STATUS_INVALID_PARAMS);
2237 hdev->major_class = cp->major;
2238 hdev->minor_class = cp->minor;
2240 if (!hdev_is_powered(hdev)) {
2241 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2242 hdev->dev_class, 3);
2246 hci_req_init(&req, hdev);
2248 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2249 hci_dev_unlock(hdev);
2250 cancel_delayed_work_sync(&hdev->service_cache);
2252 __hci_req_update_eir(&req);
2255 __hci_req_update_class(&req);
2257 err = hci_req_run(&req, set_class_complete);
2259 if (err != -ENODATA)
2262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2263 hdev->dev_class, 3);
2267 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2276 hci_dev_unlock(hdev);
2280 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2283 struct mgmt_cp_load_link_keys *cp = data;
2284 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2285 sizeof(struct mgmt_link_key_info));
2286 u16 key_count, expected_len;
2290 BT_DBG("request for %s", hdev->name);
2292 if (!lmp_bredr_capable(hdev))
2293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2294 MGMT_STATUS_NOT_SUPPORTED);
2296 key_count = __le16_to_cpu(cp->key_count);
2297 if (key_count > max_key_count) {
2298 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2300 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2301 MGMT_STATUS_INVALID_PARAMS);
2304 expected_len = struct_size(cp, keys, key_count);
2305 if (expected_len != len) {
2306 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2308 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2309 MGMT_STATUS_INVALID_PARAMS);
2312 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2313 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2314 MGMT_STATUS_INVALID_PARAMS);
2316 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2319 for (i = 0; i < key_count; i++) {
2320 struct mgmt_link_key_info *key = &cp->keys[i];
2322 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2323 return mgmt_cmd_status(sk, hdev->id,
2324 MGMT_OP_LOAD_LINK_KEYS,
2325 MGMT_STATUS_INVALID_PARAMS);
2330 hci_link_keys_clear(hdev);
2333 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2335 changed = hci_dev_test_and_clear_flag(hdev,
2336 HCI_KEEP_DEBUG_KEYS);
2339 new_settings(hdev, NULL);
2341 for (i = 0; i < key_count; i++) {
2342 struct mgmt_link_key_info *key = &cp->keys[i];
2344 /* Always ignore debug keys and require a new pairing if
2345 * the user wants to use them.
2347 if (key->type == HCI_LK_DEBUG_COMBINATION)
2350 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2351 key->type, key->pin_len, NULL);
2354 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2356 hci_dev_unlock(hdev);
2361 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2362 u8 addr_type, struct sock *skip_sk)
2364 struct mgmt_ev_device_unpaired ev;
2366 bacpy(&ev.addr.bdaddr, bdaddr);
2367 ev.addr.type = addr_type;
2369 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2373 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2376 struct mgmt_cp_unpair_device *cp = data;
2377 struct mgmt_rp_unpair_device rp;
2378 struct hci_conn_params *params;
2379 struct mgmt_pending_cmd *cmd;
2380 struct hci_conn *conn;
2384 memset(&rp, 0, sizeof(rp));
2385 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2386 rp.addr.type = cp->addr.type;
2388 if (!bdaddr_type_is_valid(cp->addr.type))
2389 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2390 MGMT_STATUS_INVALID_PARAMS,
2393 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2394 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2395 MGMT_STATUS_INVALID_PARAMS,
2400 if (!hdev_is_powered(hdev)) {
2401 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2402 MGMT_STATUS_NOT_POWERED, &rp,
2407 if (cp->addr.type == BDADDR_BREDR) {
2408 /* If disconnection is requested, then look up the
2409 * connection. If the remote device is connected, it
2410 * will be later used to terminate the link.
2412 * Setting it to NULL explicitly will cause no
2413 * termination of the link.
2416 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2421 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2423 err = mgmt_cmd_complete(sk, hdev->id,
2424 MGMT_OP_UNPAIR_DEVICE,
2425 MGMT_STATUS_NOT_PAIRED, &rp,
2433 /* LE address type */
2434 addr_type = le_addr_type(cp->addr.type);
2436 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2437 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2439 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2440 MGMT_STATUS_NOT_PAIRED, &rp,
2445 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2447 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2452 /* Defer clearing up the connection parameters until closing to
2453 * give a chance of keeping them if a repairing happens.
2455 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2457 /* Disable auto-connection parameters if present */
2458 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2460 if (params->explicit_connect)
2461 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2463 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2466 /* If disconnection is not requested, then clear the connection
2467 * variable so that the link is not terminated.
2469 if (!cp->disconnect)
2473 /* If the connection variable is set, then termination of the
2474 * link is requested.
2477 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2479 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2483 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2490 cmd->cmd_complete = addr_cmd_complete;
2492 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2494 mgmt_pending_remove(cmd);
2497 hci_dev_unlock(hdev);
2501 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2504 struct mgmt_cp_disconnect *cp = data;
2505 struct mgmt_rp_disconnect rp;
2506 struct mgmt_pending_cmd *cmd;
2507 struct hci_conn *conn;
2512 memset(&rp, 0, sizeof(rp));
2513 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2514 rp.addr.type = cp->addr.type;
2516 if (!bdaddr_type_is_valid(cp->addr.type))
2517 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2518 MGMT_STATUS_INVALID_PARAMS,
2523 if (!test_bit(HCI_UP, &hdev->flags)) {
2524 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2525 MGMT_STATUS_NOT_POWERED, &rp,
2530 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2531 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2532 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2536 if (cp->addr.type == BDADDR_BREDR)
2537 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2540 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2541 le_addr_type(cp->addr.type));
2543 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2544 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2545 MGMT_STATUS_NOT_CONNECTED, &rp,
2550 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2556 cmd->cmd_complete = generic_cmd_complete;
2558 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2560 mgmt_pending_remove(cmd);
2563 hci_dev_unlock(hdev);
2567 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2569 switch (link_type) {
2571 switch (addr_type) {
2572 case ADDR_LE_DEV_PUBLIC:
2573 return BDADDR_LE_PUBLIC;
2576 /* Fallback to LE Random address type */
2577 return BDADDR_LE_RANDOM;
2581 /* Fallback to BR/EDR type */
2582 return BDADDR_BREDR;
2586 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2589 struct mgmt_rp_get_connections *rp;
2599 if (!hdev_is_powered(hdev)) {
2600 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2601 MGMT_STATUS_NOT_POWERED);
2606 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2607 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2611 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2612 rp = kmalloc(rp_len, GFP_KERNEL);
2619 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2620 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2622 bacpy(&rp->addr[i].bdaddr, &c->dst);
2623 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2624 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2629 rp->conn_count = cpu_to_le16(i);
2631 /* Recalculate length in case of filtered SCO connections, etc */
2632 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2634 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2640 hci_dev_unlock(hdev);
2644 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2645 struct mgmt_cp_pin_code_neg_reply *cp)
2647 struct mgmt_pending_cmd *cmd;
2650 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2655 cmd->cmd_complete = addr_cmd_complete;
2657 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2658 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2660 mgmt_pending_remove(cmd);
2665 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2668 struct hci_conn *conn;
2669 struct mgmt_cp_pin_code_reply *cp = data;
2670 struct hci_cp_pin_code_reply reply;
2671 struct mgmt_pending_cmd *cmd;
2678 if (!hdev_is_powered(hdev)) {
2679 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2680 MGMT_STATUS_NOT_POWERED);
2684 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2686 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2687 MGMT_STATUS_NOT_CONNECTED);
2691 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2692 struct mgmt_cp_pin_code_neg_reply ncp;
2694 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2696 bt_dev_err(hdev, "PIN code is not 16 bytes long");
2698 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2700 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2701 MGMT_STATUS_INVALID_PARAMS);
2706 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2712 cmd->cmd_complete = addr_cmd_complete;
2714 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2715 reply.pin_len = cp->pin_len;
2716 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2718 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2720 mgmt_pending_remove(cmd);
2723 hci_dev_unlock(hdev);
2727 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2730 struct mgmt_cp_set_io_capability *cp = data;
2734 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2735 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2736 MGMT_STATUS_INVALID_PARAMS);
2740 hdev->io_capability = cp->io_capability;
2742 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2743 hdev->io_capability);
2745 hci_dev_unlock(hdev);
2747 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2751 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2753 struct hci_dev *hdev = conn->hdev;
2754 struct mgmt_pending_cmd *cmd;
2756 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2757 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2760 if (cmd->user_data != conn)
2769 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2771 struct mgmt_rp_pair_device rp;
2772 struct hci_conn *conn = cmd->user_data;
2775 bacpy(&rp.addr.bdaddr, &conn->dst);
2776 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2778 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2779 status, &rp, sizeof(rp));
2781 /* So we don't get further callbacks for this connection */
2782 conn->connect_cfm_cb = NULL;
2783 conn->security_cfm_cb = NULL;
2784 conn->disconn_cfm_cb = NULL;
2786 hci_conn_drop(conn);
2788 /* The device is paired so there is no need to remove
2789 * its connection parameters anymore.
2791 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2798 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2800 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2801 struct mgmt_pending_cmd *cmd;
2803 cmd = find_pairing(conn);
2805 cmd->cmd_complete(cmd, status);
2806 mgmt_pending_remove(cmd);
2810 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2812 struct mgmt_pending_cmd *cmd;
2814 BT_DBG("status %u", status);
2816 cmd = find_pairing(conn);
2818 BT_DBG("Unable to find a pending command");
2822 cmd->cmd_complete(cmd, mgmt_status(status));
2823 mgmt_pending_remove(cmd);
2826 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2828 struct mgmt_pending_cmd *cmd;
2830 BT_DBG("status %u", status);
2835 cmd = find_pairing(conn);
2837 BT_DBG("Unable to find a pending command");
2841 cmd->cmd_complete(cmd, mgmt_status(status));
2842 mgmt_pending_remove(cmd);
2845 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2848 struct mgmt_cp_pair_device *cp = data;
2849 struct mgmt_rp_pair_device rp;
2850 struct mgmt_pending_cmd *cmd;
2851 u8 sec_level, auth_type;
2852 struct hci_conn *conn;
2857 memset(&rp, 0, sizeof(rp));
2858 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2859 rp.addr.type = cp->addr.type;
2861 if (!bdaddr_type_is_valid(cp->addr.type))
2862 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2863 MGMT_STATUS_INVALID_PARAMS,
2866 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2867 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2868 MGMT_STATUS_INVALID_PARAMS,
2873 if (!hdev_is_powered(hdev)) {
2874 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2875 MGMT_STATUS_NOT_POWERED, &rp,
2880 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2881 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2882 MGMT_STATUS_ALREADY_PAIRED, &rp,
2887 sec_level = BT_SECURITY_MEDIUM;
2888 auth_type = HCI_AT_DEDICATED_BONDING;
2890 if (cp->addr.type == BDADDR_BREDR) {
2891 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2894 u8 addr_type = le_addr_type(cp->addr.type);
2895 struct hci_conn_params *p;
2897 /* When pairing a new device, it is expected to remember
2898 * this device for future connections. Adding the connection
2899 * parameter information ahead of time allows tracking
2900 * of the slave preferred values and will speed up any
2901 * further connection establishment.
2903 * If connection parameters already exist, then they
2904 * will be kept and this function does nothing.
2906 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2908 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2909 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2911 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2912 addr_type, sec_level,
2913 HCI_LE_CONN_TIMEOUT);
2919 if (PTR_ERR(conn) == -EBUSY)
2920 status = MGMT_STATUS_BUSY;
2921 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2922 status = MGMT_STATUS_NOT_SUPPORTED;
2923 else if (PTR_ERR(conn) == -ECONNREFUSED)
2924 status = MGMT_STATUS_REJECTED;
2926 status = MGMT_STATUS_CONNECT_FAILED;
2928 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2929 status, &rp, sizeof(rp));
2933 if (conn->connect_cfm_cb) {
2934 hci_conn_drop(conn);
2935 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2936 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2940 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2943 hci_conn_drop(conn);
2947 cmd->cmd_complete = pairing_complete;
2949 /* For LE, just connecting isn't a proof that the pairing finished */
2950 if (cp->addr.type == BDADDR_BREDR) {
2951 conn->connect_cfm_cb = pairing_complete_cb;
2952 conn->security_cfm_cb = pairing_complete_cb;
2953 conn->disconn_cfm_cb = pairing_complete_cb;
2955 conn->connect_cfm_cb = le_pairing_complete_cb;
2956 conn->security_cfm_cb = le_pairing_complete_cb;
2957 conn->disconn_cfm_cb = le_pairing_complete_cb;
2960 conn->io_capability = cp->io_cap;
2961 cmd->user_data = hci_conn_get(conn);
2963 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2964 hci_conn_security(conn, sec_level, auth_type, true)) {
2965 cmd->cmd_complete(cmd, 0);
2966 mgmt_pending_remove(cmd);
2972 hci_dev_unlock(hdev);
2976 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2979 struct mgmt_addr_info *addr = data;
2980 struct mgmt_pending_cmd *cmd;
2981 struct hci_conn *conn;
2988 if (!hdev_is_powered(hdev)) {
2989 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2990 MGMT_STATUS_NOT_POWERED);
2994 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2996 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2997 MGMT_STATUS_INVALID_PARAMS);
3001 conn = cmd->user_data;
3003 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3004 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3005 MGMT_STATUS_INVALID_PARAMS);
3009 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3010 mgmt_pending_remove(cmd);
3012 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3013 addr, sizeof(*addr));
3015 hci_dev_unlock(hdev);
3019 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3020 struct mgmt_addr_info *addr, u16 mgmt_op,
3021 u16 hci_op, __le32 passkey)
3023 struct mgmt_pending_cmd *cmd;
3024 struct hci_conn *conn;
3029 if (!hdev_is_powered(hdev)) {
3030 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3031 MGMT_STATUS_NOT_POWERED, addr,
3036 if (addr->type == BDADDR_BREDR)
3037 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3039 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3040 le_addr_type(addr->type));
3043 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3044 MGMT_STATUS_NOT_CONNECTED, addr,
3049 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3050 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3052 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3053 MGMT_STATUS_SUCCESS, addr,
3056 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3057 MGMT_STATUS_FAILED, addr,
3063 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3069 cmd->cmd_complete = addr_cmd_complete;
3071 /* Continue with pairing via HCI */
3072 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3073 struct hci_cp_user_passkey_reply cp;
3075 bacpy(&cp.bdaddr, &addr->bdaddr);
3076 cp.passkey = passkey;
3077 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3079 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3083 mgmt_pending_remove(cmd);
3086 hci_dev_unlock(hdev);
3090 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3091 void *data, u16 len)
3093 struct mgmt_cp_pin_code_neg_reply *cp = data;
3097 return user_pairing_resp(sk, hdev, &cp->addr,
3098 MGMT_OP_PIN_CODE_NEG_REPLY,
3099 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3102 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3105 struct mgmt_cp_user_confirm_reply *cp = data;
3109 if (len != sizeof(*cp))
3110 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3111 MGMT_STATUS_INVALID_PARAMS);
3113 return user_pairing_resp(sk, hdev, &cp->addr,
3114 MGMT_OP_USER_CONFIRM_REPLY,
3115 HCI_OP_USER_CONFIRM_REPLY, 0);
3118 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3119 void *data, u16 len)
3121 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3125 return user_pairing_resp(sk, hdev, &cp->addr,
3126 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3127 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3130 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3133 struct mgmt_cp_user_passkey_reply *cp = data;
3137 return user_pairing_resp(sk, hdev, &cp->addr,
3138 MGMT_OP_USER_PASSKEY_REPLY,
3139 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3142 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3143 void *data, u16 len)
3145 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3149 return user_pairing_resp(sk, hdev, &cp->addr,
3150 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3151 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3154 static void adv_expire(struct hci_dev *hdev, u32 flags)
3156 struct adv_info *adv_instance;
3157 struct hci_request req;
3160 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3164 /* stop if current instance doesn't need to be changed */
3165 if (!(adv_instance->flags & flags))
3168 cancel_adv_timeout(hdev);
3170 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3174 hci_req_init(&req, hdev);
3175 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3180 hci_req_run(&req, NULL);
3183 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3185 struct mgmt_cp_set_local_name *cp;
3186 struct mgmt_pending_cmd *cmd;
3188 BT_DBG("status 0x%02x", status);
3192 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3199 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3200 mgmt_status(status));
3202 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3205 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3206 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3209 mgmt_pending_remove(cmd);
3212 hci_dev_unlock(hdev);
3215 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3218 struct mgmt_cp_set_local_name *cp = data;
3219 struct mgmt_pending_cmd *cmd;
3220 struct hci_request req;
3227 /* If the old values are the same as the new ones just return a
3228 * direct command complete event.
3230 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3231 !memcmp(hdev->short_name, cp->short_name,
3232 sizeof(hdev->short_name))) {
3233 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3238 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3240 if (!hdev_is_powered(hdev)) {
3241 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3243 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3248 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3249 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3250 ext_info_changed(hdev, sk);
3255 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3261 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3263 hci_req_init(&req, hdev);
3265 if (lmp_bredr_capable(hdev)) {
3266 __hci_req_update_name(&req);
3267 __hci_req_update_eir(&req);
3270 /* The name is stored in the scan response data and so
3271 * no need to udpate the advertising data here.
3273 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3274 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3276 err = hci_req_run(&req, set_name_complete);
3278 mgmt_pending_remove(cmd);
3281 hci_dev_unlock(hdev);
3285 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3288 struct mgmt_cp_set_appearance *cp = data;
3294 if (!lmp_le_capable(hdev))
3295 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3296 MGMT_STATUS_NOT_SUPPORTED);
3298 apperance = le16_to_cpu(cp->appearance);
3302 if (hdev->appearance != apperance) {
3303 hdev->appearance = apperance;
3305 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3306 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3308 ext_info_changed(hdev, sk);
3311 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3314 hci_dev_unlock(hdev);
3319 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3320 void *data, u16 len)
3322 struct mgmt_rp_get_phy_confguration rp;
3324 BT_DBG("sock %p %s", sk, hdev->name);
3328 memset(&rp, 0, sizeof(rp));
3330 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3331 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3332 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3334 hci_dev_unlock(hdev);
3336 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3340 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3342 struct mgmt_ev_phy_configuration_changed ev;
3344 memset(&ev, 0, sizeof(ev));
3346 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3348 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3352 static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3353 u16 opcode, struct sk_buff *skb)
3355 struct mgmt_pending_cmd *cmd;
3357 BT_DBG("status 0x%02x", status);
3361 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3366 mgmt_cmd_status(cmd->sk, hdev->id,
3367 MGMT_OP_SET_PHY_CONFIGURATION,
3368 mgmt_status(status));
3370 mgmt_cmd_complete(cmd->sk, hdev->id,
3371 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3374 mgmt_phy_configuration_changed(hdev, cmd->sk);
3377 mgmt_pending_remove(cmd);
3380 hci_dev_unlock(hdev);
3383 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3384 void *data, u16 len)
3386 struct mgmt_cp_set_phy_confguration *cp = data;
3387 struct hci_cp_le_set_default_phy cp_phy;
3388 struct mgmt_pending_cmd *cmd;
3389 struct hci_request req;
3390 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3391 u16 pkt_type = (HCI_DH1 | HCI_DM1);
3392 bool changed = false;
3395 BT_DBG("sock %p %s", sk, hdev->name);
3397 configurable_phys = get_configurable_phys(hdev);
3398 supported_phys = get_supported_phys(hdev);
3399 selected_phys = __le32_to_cpu(cp->selected_phys);
3401 if (selected_phys & ~supported_phys)
3402 return mgmt_cmd_status(sk, hdev->id,
3403 MGMT_OP_SET_PHY_CONFIGURATION,
3404 MGMT_STATUS_INVALID_PARAMS);
3406 unconfigure_phys = supported_phys & ~configurable_phys;
3408 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3409 return mgmt_cmd_status(sk, hdev->id,
3410 MGMT_OP_SET_PHY_CONFIGURATION,
3411 MGMT_STATUS_INVALID_PARAMS);
3413 if (selected_phys == get_selected_phys(hdev))
3414 return mgmt_cmd_complete(sk, hdev->id,
3415 MGMT_OP_SET_PHY_CONFIGURATION,
3420 if (!hdev_is_powered(hdev)) {
3421 err = mgmt_cmd_status(sk, hdev->id,
3422 MGMT_OP_SET_PHY_CONFIGURATION,
3423 MGMT_STATUS_REJECTED);
3427 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3428 err = mgmt_cmd_status(sk, hdev->id,
3429 MGMT_OP_SET_PHY_CONFIGURATION,
3434 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3435 pkt_type |= (HCI_DH3 | HCI_DM3);
3437 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3439 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3440 pkt_type |= (HCI_DH5 | HCI_DM5);
3442 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3444 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3445 pkt_type &= ~HCI_2DH1;
3447 pkt_type |= HCI_2DH1;
3449 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3450 pkt_type &= ~HCI_2DH3;
3452 pkt_type |= HCI_2DH3;
3454 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3455 pkt_type &= ~HCI_2DH5;
3457 pkt_type |= HCI_2DH5;
3459 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3460 pkt_type &= ~HCI_3DH1;
3462 pkt_type |= HCI_3DH1;
3464 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3465 pkt_type &= ~HCI_3DH3;
3467 pkt_type |= HCI_3DH3;
3469 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3470 pkt_type &= ~HCI_3DH5;
3472 pkt_type |= HCI_3DH5;
3474 if (pkt_type != hdev->pkt_type) {
3475 hdev->pkt_type = pkt_type;
3479 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3480 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
3482 mgmt_phy_configuration_changed(hdev, sk);
3484 err = mgmt_cmd_complete(sk, hdev->id,
3485 MGMT_OP_SET_PHY_CONFIGURATION,
3491 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3498 hci_req_init(&req, hdev);
3500 memset(&cp_phy, 0, sizeof(cp_phy));
3502 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3503 cp_phy.all_phys |= 0x01;
3505 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3506 cp_phy.all_phys |= 0x02;
3508 if (selected_phys & MGMT_PHY_LE_1M_TX)
3509 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3511 if (selected_phys & MGMT_PHY_LE_2M_TX)
3512 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3514 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3515 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3517 if (selected_phys & MGMT_PHY_LE_1M_RX)
3518 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3520 if (selected_phys & MGMT_PHY_LE_2M_RX)
3521 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3523 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3524 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3526 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3528 err = hci_req_run_skb(&req, set_default_phy_complete);
3530 mgmt_pending_remove(cmd);
3533 hci_dev_unlock(hdev);
3538 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3539 u16 opcode, struct sk_buff *skb)
3541 struct mgmt_rp_read_local_oob_data mgmt_rp;
3542 size_t rp_size = sizeof(mgmt_rp);
3543 struct mgmt_pending_cmd *cmd;
3545 BT_DBG("%s status %u", hdev->name, status);
3547 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3551 if (status || !skb) {
3552 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3553 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3557 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3559 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3560 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3562 if (skb->len < sizeof(*rp)) {
3563 mgmt_cmd_status(cmd->sk, hdev->id,
3564 MGMT_OP_READ_LOCAL_OOB_DATA,
3565 MGMT_STATUS_FAILED);
3569 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3570 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3572 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3574 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3576 if (skb->len < sizeof(*rp)) {
3577 mgmt_cmd_status(cmd->sk, hdev->id,
3578 MGMT_OP_READ_LOCAL_OOB_DATA,
3579 MGMT_STATUS_FAILED);
3583 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3584 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3586 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3587 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3590 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3591 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3594 mgmt_pending_remove(cmd);
3597 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3598 void *data, u16 data_len)
3600 struct mgmt_pending_cmd *cmd;
3601 struct hci_request req;
3604 BT_DBG("%s", hdev->name);
3608 if (!hdev_is_powered(hdev)) {
3609 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3610 MGMT_STATUS_NOT_POWERED);
3614 if (!lmp_ssp_capable(hdev)) {
3615 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3616 MGMT_STATUS_NOT_SUPPORTED);
3620 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3621 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3626 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3632 hci_req_init(&req, hdev);
3634 if (bredr_sc_enabled(hdev))
3635 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3637 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3639 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3641 mgmt_pending_remove(cmd);
3644 hci_dev_unlock(hdev);
3648 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3649 void *data, u16 len)
3651 struct mgmt_addr_info *addr = data;
3654 BT_DBG("%s ", hdev->name);
3656 if (!bdaddr_type_is_valid(addr->type))
3657 return mgmt_cmd_complete(sk, hdev->id,
3658 MGMT_OP_ADD_REMOTE_OOB_DATA,
3659 MGMT_STATUS_INVALID_PARAMS,
3660 addr, sizeof(*addr));
3664 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3665 struct mgmt_cp_add_remote_oob_data *cp = data;
3668 if (cp->addr.type != BDADDR_BREDR) {
3669 err = mgmt_cmd_complete(sk, hdev->id,
3670 MGMT_OP_ADD_REMOTE_OOB_DATA,
3671 MGMT_STATUS_INVALID_PARAMS,
3672 &cp->addr, sizeof(cp->addr));
3676 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3677 cp->addr.type, cp->hash,
3678 cp->rand, NULL, NULL);
3680 status = MGMT_STATUS_FAILED;
3682 status = MGMT_STATUS_SUCCESS;
3684 err = mgmt_cmd_complete(sk, hdev->id,
3685 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3686 &cp->addr, sizeof(cp->addr));
3687 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3688 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3689 u8 *rand192, *hash192, *rand256, *hash256;
3692 if (bdaddr_type_is_le(cp->addr.type)) {
3693 /* Enforce zero-valued 192-bit parameters as
3694 * long as legacy SMP OOB isn't implemented.
3696 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3697 memcmp(cp->hash192, ZERO_KEY, 16)) {
3698 err = mgmt_cmd_complete(sk, hdev->id,
3699 MGMT_OP_ADD_REMOTE_OOB_DATA,
3700 MGMT_STATUS_INVALID_PARAMS,
3701 addr, sizeof(*addr));
3708 /* In case one of the P-192 values is set to zero,
3709 * then just disable OOB data for P-192.
3711 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3712 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3716 rand192 = cp->rand192;
3717 hash192 = cp->hash192;
3721 /* In case one of the P-256 values is set to zero, then just
3722 * disable OOB data for P-256.
3724 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3725 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3729 rand256 = cp->rand256;
3730 hash256 = cp->hash256;
3733 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3734 cp->addr.type, hash192, rand192,
3737 status = MGMT_STATUS_FAILED;
3739 status = MGMT_STATUS_SUCCESS;
3741 err = mgmt_cmd_complete(sk, hdev->id,
3742 MGMT_OP_ADD_REMOTE_OOB_DATA,
3743 status, &cp->addr, sizeof(cp->addr));
3745 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
3747 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3748 MGMT_STATUS_INVALID_PARAMS);
3752 hci_dev_unlock(hdev);
3756 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3757 void *data, u16 len)
3759 struct mgmt_cp_remove_remote_oob_data *cp = data;
3763 BT_DBG("%s", hdev->name);
3765 if (cp->addr.type != BDADDR_BREDR)
3766 return mgmt_cmd_complete(sk, hdev->id,
3767 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3768 MGMT_STATUS_INVALID_PARAMS,
3769 &cp->addr, sizeof(cp->addr));
3773 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3774 hci_remote_oob_data_clear(hdev);
3775 status = MGMT_STATUS_SUCCESS;
3779 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3781 status = MGMT_STATUS_INVALID_PARAMS;
3783 status = MGMT_STATUS_SUCCESS;
3786 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3787 status, &cp->addr, sizeof(cp->addr));
3789 hci_dev_unlock(hdev);
3793 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3795 struct mgmt_pending_cmd *cmd;
3797 BT_DBG("status %d", status);
3801 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3803 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3806 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3809 cmd->cmd_complete(cmd, mgmt_status(status));
3810 mgmt_pending_remove(cmd);
3813 hci_dev_unlock(hdev);
3816 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3817 uint8_t *mgmt_status)
3820 case DISCOV_TYPE_LE:
3821 *mgmt_status = mgmt_le_support(hdev);
3825 case DISCOV_TYPE_INTERLEAVED:
3826 *mgmt_status = mgmt_le_support(hdev);
3829 /* Intentional fall-through */
3830 case DISCOV_TYPE_BREDR:
3831 *mgmt_status = mgmt_bredr_support(hdev);
3836 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3843 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3844 u16 op, void *data, u16 len)
3846 struct mgmt_cp_start_discovery *cp = data;
3847 struct mgmt_pending_cmd *cmd;
3851 BT_DBG("%s", hdev->name);
3855 if (!hdev_is_powered(hdev)) {
3856 err = mgmt_cmd_complete(sk, hdev->id, op,
3857 MGMT_STATUS_NOT_POWERED,
3858 &cp->type, sizeof(cp->type));
3862 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3863 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3864 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3865 &cp->type, sizeof(cp->type));
3869 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3870 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3871 &cp->type, sizeof(cp->type));
3875 /* Clear the discovery filter first to free any previously
3876 * allocated memory for the UUID list.
3878 hci_discovery_filter_clear(hdev);
3880 hdev->discovery.type = cp->type;
3881 hdev->discovery.report_invalid_rssi = false;
3882 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3883 hdev->discovery.limited = true;
3885 hdev->discovery.limited = false;
3887 cmd = mgmt_pending_add(sk, op, hdev, data, len);
3893 cmd->cmd_complete = generic_cmd_complete;
3895 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3896 queue_work(hdev->req_workqueue, &hdev->discov_update);
3900 hci_dev_unlock(hdev);
3904 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3905 void *data, u16 len)
3907 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3911 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3912 void *data, u16 len)
3914 return start_discovery_internal(sk, hdev,
3915 MGMT_OP_START_LIMITED_DISCOVERY,
3919 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3922 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3926 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3927 void *data, u16 len)
3929 struct mgmt_cp_start_service_discovery *cp = data;
3930 struct mgmt_pending_cmd *cmd;
3931 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3932 u16 uuid_count, expected_len;
3936 BT_DBG("%s", hdev->name);
3940 if (!hdev_is_powered(hdev)) {
3941 err = mgmt_cmd_complete(sk, hdev->id,
3942 MGMT_OP_START_SERVICE_DISCOVERY,
3943 MGMT_STATUS_NOT_POWERED,
3944 &cp->type, sizeof(cp->type));
3948 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3949 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3950 err = mgmt_cmd_complete(sk, hdev->id,
3951 MGMT_OP_START_SERVICE_DISCOVERY,
3952 MGMT_STATUS_BUSY, &cp->type,
3957 uuid_count = __le16_to_cpu(cp->uuid_count);
3958 if (uuid_count > max_uuid_count) {
3959 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
3961 err = mgmt_cmd_complete(sk, hdev->id,
3962 MGMT_OP_START_SERVICE_DISCOVERY,
3963 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3968 expected_len = sizeof(*cp) + uuid_count * 16;
3969 if (expected_len != len) {
3970 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
3972 err = mgmt_cmd_complete(sk, hdev->id,
3973 MGMT_OP_START_SERVICE_DISCOVERY,
3974 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3979 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3980 err = mgmt_cmd_complete(sk, hdev->id,
3981 MGMT_OP_START_SERVICE_DISCOVERY,
3982 status, &cp->type, sizeof(cp->type));
3986 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3993 cmd->cmd_complete = service_discovery_cmd_complete;
3995 /* Clear the discovery filter first to free any previously
3996 * allocated memory for the UUID list.
3998 hci_discovery_filter_clear(hdev);
4000 hdev->discovery.result_filtering = true;
4001 hdev->discovery.type = cp->type;
4002 hdev->discovery.rssi = cp->rssi;
4003 hdev->discovery.uuid_count = uuid_count;
4005 if (uuid_count > 0) {
4006 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4008 if (!hdev->discovery.uuids) {
4009 err = mgmt_cmd_complete(sk, hdev->id,
4010 MGMT_OP_START_SERVICE_DISCOVERY,
4012 &cp->type, sizeof(cp->type));
4013 mgmt_pending_remove(cmd);
4018 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4019 queue_work(hdev->req_workqueue, &hdev->discov_update);
4023 hci_dev_unlock(hdev);
4027 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
4029 struct mgmt_pending_cmd *cmd;
4031 BT_DBG("status %d", status);
4035 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4037 cmd->cmd_complete(cmd, mgmt_status(status));
4038 mgmt_pending_remove(cmd);
4041 hci_dev_unlock(hdev);
4044 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4047 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4048 struct mgmt_pending_cmd *cmd;
4051 BT_DBG("%s", hdev->name);
4055 if (!hci_discovery_active(hdev)) {
4056 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4057 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4058 sizeof(mgmt_cp->type));
4062 if (hdev->discovery.type != mgmt_cp->type) {
4063 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4064 MGMT_STATUS_INVALID_PARAMS,
4065 &mgmt_cp->type, sizeof(mgmt_cp->type));
4069 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4075 cmd->cmd_complete = generic_cmd_complete;
4077 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4078 queue_work(hdev->req_workqueue, &hdev->discov_update);
4082 hci_dev_unlock(hdev);
4086 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4089 struct mgmt_cp_confirm_name *cp = data;
4090 struct inquiry_entry *e;
4093 BT_DBG("%s", hdev->name);
4097 if (!hci_discovery_active(hdev)) {
4098 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4099 MGMT_STATUS_FAILED, &cp->addr,
4104 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4106 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4107 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4112 if (cp->name_known) {
4113 e->name_state = NAME_KNOWN;
4116 e->name_state = NAME_NEEDED;
4117 hci_inquiry_cache_update_resolve(hdev, e);
4120 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4121 &cp->addr, sizeof(cp->addr));
4124 hci_dev_unlock(hdev);
4128 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4131 struct mgmt_cp_block_device *cp = data;
4135 BT_DBG("%s", hdev->name);
4137 if (!bdaddr_type_is_valid(cp->addr.type))
4138 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4139 MGMT_STATUS_INVALID_PARAMS,
4140 &cp->addr, sizeof(cp->addr));
4144 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4147 status = MGMT_STATUS_FAILED;
4151 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4153 status = MGMT_STATUS_SUCCESS;
4156 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4157 &cp->addr, sizeof(cp->addr));
4159 hci_dev_unlock(hdev);
4164 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4167 struct mgmt_cp_unblock_device *cp = data;
4171 BT_DBG("%s", hdev->name);
4173 if (!bdaddr_type_is_valid(cp->addr.type))
4174 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4175 MGMT_STATUS_INVALID_PARAMS,
4176 &cp->addr, sizeof(cp->addr));
4180 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4183 status = MGMT_STATUS_INVALID_PARAMS;
4187 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4189 status = MGMT_STATUS_SUCCESS;
4192 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4193 &cp->addr, sizeof(cp->addr));
4195 hci_dev_unlock(hdev);
4200 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4203 struct mgmt_cp_set_device_id *cp = data;
4204 struct hci_request req;
4208 BT_DBG("%s", hdev->name);
4210 source = __le16_to_cpu(cp->source);
4212 if (source > 0x0002)
4213 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4214 MGMT_STATUS_INVALID_PARAMS);
4218 hdev->devid_source = source;
4219 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4220 hdev->devid_product = __le16_to_cpu(cp->product);
4221 hdev->devid_version = __le16_to_cpu(cp->version);
4223 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4226 hci_req_init(&req, hdev);
4227 __hci_req_update_eir(&req);
4228 hci_req_run(&req, NULL);
4230 hci_dev_unlock(hdev);
4235 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4238 BT_DBG("status %d", status);
4241 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4244 struct cmd_lookup match = { NULL, hdev };
4245 struct hci_request req;
4247 struct adv_info *adv_instance;
4253 u8 mgmt_err = mgmt_status(status);
4255 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4256 cmd_status_rsp, &mgmt_err);
4260 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4261 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4263 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4265 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4268 new_settings(hdev, match.sk);
4273 /* If "Set Advertising" was just disabled and instance advertising was
4274 * set up earlier, then re-enable multi-instance advertising.
4276 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4277 list_empty(&hdev->adv_instances))
4280 instance = hdev->cur_adv_instance;
4282 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4283 struct adv_info, list);
4287 instance = adv_instance->instance;
4290 hci_req_init(&req, hdev);
4292 err = __hci_req_schedule_adv_instance(&req, instance, true);
4295 err = hci_req_run(&req, enable_advertising_instance);
4298 bt_dev_err(hdev, "failed to re-configure advertising");
4301 hci_dev_unlock(hdev);
4304 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4307 struct mgmt_mode *cp = data;
4308 struct mgmt_pending_cmd *cmd;
4309 struct hci_request req;
4313 BT_DBG("request for %s", hdev->name);
4315 status = mgmt_le_support(hdev);
4317 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4320 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4321 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4322 MGMT_STATUS_INVALID_PARAMS);
4328 /* The following conditions are ones which mean that we should
4329 * not do any HCI communication but directly send a mgmt
4330 * response to user space (after toggling the flag if
4333 if (!hdev_is_powered(hdev) ||
4334 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4335 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4336 hci_conn_num(hdev, LE_LINK) > 0 ||
4337 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4338 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4342 hdev->cur_adv_instance = 0x00;
4343 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4344 if (cp->val == 0x02)
4345 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4347 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4349 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4350 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4353 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4358 err = new_settings(hdev, sk);
4363 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4364 pending_find(MGMT_OP_SET_LE, hdev)) {
4365 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4370 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4376 hci_req_init(&req, hdev);
4378 if (cp->val == 0x02)
4379 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4381 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4383 cancel_adv_timeout(hdev);
4386 /* Switch to instance "0" for the Set Advertising setting.
4387 * We cannot use update_[adv|scan_rsp]_data() here as the
4388 * HCI_ADVERTISING flag is not yet set.
4390 hdev->cur_adv_instance = 0x00;
4392 if (ext_adv_capable(hdev)) {
4393 __hci_req_start_ext_adv(&req, 0x00);
4395 __hci_req_update_adv_data(&req, 0x00);
4396 __hci_req_update_scan_rsp_data(&req, 0x00);
4397 __hci_req_enable_advertising(&req);
4400 __hci_req_disable_advertising(&req);
4403 err = hci_req_run(&req, set_advertising_complete);
4405 mgmt_pending_remove(cmd);
4408 hci_dev_unlock(hdev);
4412 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4413 void *data, u16 len)
4415 struct mgmt_cp_set_static_address *cp = data;
4418 BT_DBG("%s", hdev->name);
4420 if (!lmp_le_capable(hdev))
4421 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4422 MGMT_STATUS_NOT_SUPPORTED);
4424 if (hdev_is_powered(hdev))
4425 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4426 MGMT_STATUS_REJECTED);
4428 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4429 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4430 return mgmt_cmd_status(sk, hdev->id,
4431 MGMT_OP_SET_STATIC_ADDRESS,
4432 MGMT_STATUS_INVALID_PARAMS);
4434 /* Two most significant bits shall be set */
4435 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4436 return mgmt_cmd_status(sk, hdev->id,
4437 MGMT_OP_SET_STATIC_ADDRESS,
4438 MGMT_STATUS_INVALID_PARAMS);
4443 bacpy(&hdev->static_addr, &cp->bdaddr);
4445 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4449 err = new_settings(hdev, sk);
4452 hci_dev_unlock(hdev);
4456 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4457 void *data, u16 len)
4459 struct mgmt_cp_set_scan_params *cp = data;
4460 __u16 interval, window;
4463 BT_DBG("%s", hdev->name);
4465 if (!lmp_le_capable(hdev))
4466 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4467 MGMT_STATUS_NOT_SUPPORTED);
4469 interval = __le16_to_cpu(cp->interval);
4471 if (interval < 0x0004 || interval > 0x4000)
4472 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4473 MGMT_STATUS_INVALID_PARAMS);
4475 window = __le16_to_cpu(cp->window);
4477 if (window < 0x0004 || window > 0x4000)
4478 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4479 MGMT_STATUS_INVALID_PARAMS);
4481 if (window > interval)
4482 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4483 MGMT_STATUS_INVALID_PARAMS);
4487 hdev->le_scan_interval = interval;
4488 hdev->le_scan_window = window;
4490 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4493 /* If background scan is running, restart it so new parameters are
4496 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4497 hdev->discovery.state == DISCOVERY_STOPPED) {
4498 struct hci_request req;
4500 hci_req_init(&req, hdev);
4502 hci_req_add_le_scan_disable(&req);
4503 hci_req_add_le_passive_scan(&req);
4505 hci_req_run(&req, NULL);
4508 hci_dev_unlock(hdev);
4513 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4516 struct mgmt_pending_cmd *cmd;
4518 BT_DBG("status 0x%02x", status);
4522 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4527 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4528 mgmt_status(status));
4530 struct mgmt_mode *cp = cmd->param;
4533 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4535 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4537 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4538 new_settings(hdev, cmd->sk);
4541 mgmt_pending_remove(cmd);
4544 hci_dev_unlock(hdev);
4547 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4548 void *data, u16 len)
4550 struct mgmt_mode *cp = data;
4551 struct mgmt_pending_cmd *cmd;
4552 struct hci_request req;
4555 BT_DBG("%s", hdev->name);
4557 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4558 hdev->hci_ver < BLUETOOTH_VER_1_2)
4559 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4560 MGMT_STATUS_NOT_SUPPORTED);
4562 if (cp->val != 0x00 && cp->val != 0x01)
4563 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4564 MGMT_STATUS_INVALID_PARAMS);
4568 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4569 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4574 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4575 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4580 if (!hdev_is_powered(hdev)) {
4581 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4582 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4584 new_settings(hdev, sk);
4588 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4595 hci_req_init(&req, hdev);
4597 __hci_req_write_fast_connectable(&req, cp->val);
4599 err = hci_req_run(&req, fast_connectable_complete);
4601 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4602 MGMT_STATUS_FAILED);
4603 mgmt_pending_remove(cmd);
4607 hci_dev_unlock(hdev);
4612 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4614 struct mgmt_pending_cmd *cmd;
4616 BT_DBG("status 0x%02x", status);
4620 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4625 u8 mgmt_err = mgmt_status(status);
4627 /* We need to restore the flag if related HCI commands
4630 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4632 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4634 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4635 new_settings(hdev, cmd->sk);
4638 mgmt_pending_remove(cmd);
4641 hci_dev_unlock(hdev);
4644 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4646 struct mgmt_mode *cp = data;
4647 struct mgmt_pending_cmd *cmd;
4648 struct hci_request req;
4651 BT_DBG("request for %s", hdev->name);
4653 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4654 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4655 MGMT_STATUS_NOT_SUPPORTED);
4657 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4658 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4659 MGMT_STATUS_REJECTED);
4661 if (cp->val != 0x00 && cp->val != 0x01)
4662 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4663 MGMT_STATUS_INVALID_PARAMS);
4667 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4668 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4672 if (!hdev_is_powered(hdev)) {
4674 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4675 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4676 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4677 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4678 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4681 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4683 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4687 err = new_settings(hdev, sk);
4691 /* Reject disabling when powered on */
4693 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4694 MGMT_STATUS_REJECTED);
4697 /* When configuring a dual-mode controller to operate
4698 * with LE only and using a static address, then switching
4699 * BR/EDR back on is not allowed.
4701 * Dual-mode controllers shall operate with the public
4702 * address as its identity address for BR/EDR and LE. So
4703 * reject the attempt to create an invalid configuration.
4705 * The same restrictions applies when secure connections
4706 * has been enabled. For BR/EDR this is a controller feature
4707 * while for LE it is a host stack feature. This means that
4708 * switching BR/EDR back on when secure connections has been
4709 * enabled is not a supported transaction.
4711 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4712 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4713 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4714 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4715 MGMT_STATUS_REJECTED);
4720 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4721 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4726 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4732 /* We need to flip the bit already here so that
4733 * hci_req_update_adv_data generates the correct flags.
4735 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4737 hci_req_init(&req, hdev);
4739 __hci_req_write_fast_connectable(&req, false);
4740 __hci_req_update_scan(&req);
4742 /* Since only the advertising data flags will change, there
4743 * is no need to update the scan response data.
4745 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4747 err = hci_req_run(&req, set_bredr_complete);
4749 mgmt_pending_remove(cmd);
4752 hci_dev_unlock(hdev);
4756 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4758 struct mgmt_pending_cmd *cmd;
4759 struct mgmt_mode *cp;
4761 BT_DBG("%s status %u", hdev->name, status);
4765 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4770 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4771 mgmt_status(status));
4779 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4780 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4783 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4784 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4787 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4788 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4792 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4793 new_settings(hdev, cmd->sk);
4796 mgmt_pending_remove(cmd);
4798 hci_dev_unlock(hdev);
4801 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4802 void *data, u16 len)
4804 struct mgmt_mode *cp = data;
4805 struct mgmt_pending_cmd *cmd;
4806 struct hci_request req;
4810 BT_DBG("request for %s", hdev->name);
4812 if (!lmp_sc_capable(hdev) &&
4813 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4814 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4815 MGMT_STATUS_NOT_SUPPORTED);
4817 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4818 lmp_sc_capable(hdev) &&
4819 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4820 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4821 MGMT_STATUS_REJECTED);
4823 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4824 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4825 MGMT_STATUS_INVALID_PARAMS);
4829 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4830 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4834 changed = !hci_dev_test_and_set_flag(hdev,
4836 if (cp->val == 0x02)
4837 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4839 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4841 changed = hci_dev_test_and_clear_flag(hdev,
4843 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4846 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4851 err = new_settings(hdev, sk);
4856 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4857 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4864 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4865 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4866 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4870 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4876 hci_req_init(&req, hdev);
4877 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4878 err = hci_req_run(&req, sc_enable_complete);
4880 mgmt_pending_remove(cmd);
4885 hci_dev_unlock(hdev);
4889 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4890 void *data, u16 len)
4892 struct mgmt_mode *cp = data;
4893 bool changed, use_changed;
4896 BT_DBG("request for %s", hdev->name);
4898 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4899 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4900 MGMT_STATUS_INVALID_PARAMS);
4905 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4907 changed = hci_dev_test_and_clear_flag(hdev,
4908 HCI_KEEP_DEBUG_KEYS);
4910 if (cp->val == 0x02)
4911 use_changed = !hci_dev_test_and_set_flag(hdev,
4912 HCI_USE_DEBUG_KEYS);
4914 use_changed = hci_dev_test_and_clear_flag(hdev,
4915 HCI_USE_DEBUG_KEYS);
4917 if (hdev_is_powered(hdev) && use_changed &&
4918 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
4919 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4920 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4921 sizeof(mode), &mode);
4924 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4929 err = new_settings(hdev, sk);
4932 hci_dev_unlock(hdev);
4936 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4939 struct mgmt_cp_set_privacy *cp = cp_data;
4943 BT_DBG("request for %s", hdev->name);
4945 if (!lmp_le_capable(hdev))
4946 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4947 MGMT_STATUS_NOT_SUPPORTED);
4949 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
4950 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4951 MGMT_STATUS_INVALID_PARAMS);
4953 if (hdev_is_powered(hdev))
4954 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4955 MGMT_STATUS_REJECTED);
4959 /* If user space supports this command it is also expected to
4960 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4962 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4965 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
4966 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4967 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
4968 hci_adv_instances_set_rpa_expired(hdev, true);
4969 if (cp->privacy == 0x02)
4970 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4972 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4974 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
4975 memset(hdev->irk, 0, sizeof(hdev->irk));
4976 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
4977 hci_adv_instances_set_rpa_expired(hdev, false);
4978 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4981 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4986 err = new_settings(hdev, sk);
4989 hci_dev_unlock(hdev);
4993 static bool irk_is_valid(struct mgmt_irk_info *irk)
4995 switch (irk->addr.type) {
4996 case BDADDR_LE_PUBLIC:
4999 case BDADDR_LE_RANDOM:
5000 /* Two most significant bits shall be set */
5001 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5009 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5012 struct mgmt_cp_load_irks *cp = cp_data;
5013 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5014 sizeof(struct mgmt_irk_info));
5015 u16 irk_count, expected_len;
5018 BT_DBG("request for %s", hdev->name);
5020 if (!lmp_le_capable(hdev))
5021 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5022 MGMT_STATUS_NOT_SUPPORTED);
5024 irk_count = __le16_to_cpu(cp->irk_count);
5025 if (irk_count > max_irk_count) {
5026 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
5028 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5029 MGMT_STATUS_INVALID_PARAMS);
5032 expected_len = struct_size(cp, irks, irk_count);
5033 if (expected_len != len) {
5034 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
5036 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5037 MGMT_STATUS_INVALID_PARAMS);
5040 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5042 for (i = 0; i < irk_count; i++) {
5043 struct mgmt_irk_info *key = &cp->irks[i];
5045 if (!irk_is_valid(key))
5046 return mgmt_cmd_status(sk, hdev->id,
5048 MGMT_STATUS_INVALID_PARAMS);
5053 hci_smp_irks_clear(hdev);
5055 for (i = 0; i < irk_count; i++) {
5056 struct mgmt_irk_info *irk = &cp->irks[i];
5058 hci_add_irk(hdev, &irk->addr.bdaddr,
5059 le_addr_type(irk->addr.type), irk->val,
5063 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5065 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5067 hci_dev_unlock(hdev);
5072 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5074 if (key->master != 0x00 && key->master != 0x01)
5077 switch (key->addr.type) {
5078 case BDADDR_LE_PUBLIC:
5081 case BDADDR_LE_RANDOM:
5082 /* Two most significant bits shall be set */
5083 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5091 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5092 void *cp_data, u16 len)
5094 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5095 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5096 sizeof(struct mgmt_ltk_info));
5097 u16 key_count, expected_len;
5100 BT_DBG("request for %s", hdev->name);
5102 if (!lmp_le_capable(hdev))
5103 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5104 MGMT_STATUS_NOT_SUPPORTED);
5106 key_count = __le16_to_cpu(cp->key_count);
5107 if (key_count > max_key_count) {
5108 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
5110 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5111 MGMT_STATUS_INVALID_PARAMS);
5114 expected_len = struct_size(cp, keys, key_count);
5115 if (expected_len != len) {
5116 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
5118 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5119 MGMT_STATUS_INVALID_PARAMS);
5122 BT_DBG("%s key_count %u", hdev->name, key_count);
5124 for (i = 0; i < key_count; i++) {
5125 struct mgmt_ltk_info *key = &cp->keys[i];
5127 if (!ltk_is_valid(key))
5128 return mgmt_cmd_status(sk, hdev->id,
5129 MGMT_OP_LOAD_LONG_TERM_KEYS,
5130 MGMT_STATUS_INVALID_PARAMS);
5135 hci_smp_ltks_clear(hdev);
5137 for (i = 0; i < key_count; i++) {
5138 struct mgmt_ltk_info *key = &cp->keys[i];
5139 u8 type, authenticated;
5141 switch (key->type) {
5142 case MGMT_LTK_UNAUTHENTICATED:
5143 authenticated = 0x00;
5144 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5146 case MGMT_LTK_AUTHENTICATED:
5147 authenticated = 0x01;
5148 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5150 case MGMT_LTK_P256_UNAUTH:
5151 authenticated = 0x00;
5152 type = SMP_LTK_P256;
5154 case MGMT_LTK_P256_AUTH:
5155 authenticated = 0x01;
5156 type = SMP_LTK_P256;
5158 case MGMT_LTK_P256_DEBUG:
5159 authenticated = 0x00;
5160 type = SMP_LTK_P256_DEBUG;
5166 hci_add_ltk(hdev, &key->addr.bdaddr,
5167 le_addr_type(key->addr.type), type, authenticated,
5168 key->val, key->enc_size, key->ediv, key->rand);
5171 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5174 hci_dev_unlock(hdev);
5179 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5181 struct hci_conn *conn = cmd->user_data;
5182 struct mgmt_rp_get_conn_info rp;
5185 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5187 if (status == MGMT_STATUS_SUCCESS) {
5188 rp.rssi = conn->rssi;
5189 rp.tx_power = conn->tx_power;
5190 rp.max_tx_power = conn->max_tx_power;
5192 rp.rssi = HCI_RSSI_INVALID;
5193 rp.tx_power = HCI_TX_POWER_INVALID;
5194 rp.max_tx_power = HCI_TX_POWER_INVALID;
5197 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5198 status, &rp, sizeof(rp));
5200 hci_conn_drop(conn);
5206 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5209 struct hci_cp_read_rssi *cp;
5210 struct mgmt_pending_cmd *cmd;
5211 struct hci_conn *conn;
5215 BT_DBG("status 0x%02x", hci_status);
5219 /* Commands sent in request are either Read RSSI or Read Transmit Power
5220 * Level so we check which one was last sent to retrieve connection
5221 * handle. Both commands have handle as first parameter so it's safe to
5222 * cast data on the same command struct.
5224 * First command sent is always Read RSSI and we fail only if it fails.
5225 * In other case we simply override error to indicate success as we
5226 * already remembered if TX power value is actually valid.
5228 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5230 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5231 status = MGMT_STATUS_SUCCESS;
5233 status = mgmt_status(hci_status);
5237 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
5241 handle = __le16_to_cpu(cp->handle);
5242 conn = hci_conn_hash_lookup_handle(hdev, handle);
5244 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
5249 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5253 cmd->cmd_complete(cmd, status);
5254 mgmt_pending_remove(cmd);
5257 hci_dev_unlock(hdev);
5260 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5263 struct mgmt_cp_get_conn_info *cp = data;
5264 struct mgmt_rp_get_conn_info rp;
5265 struct hci_conn *conn;
5266 unsigned long conn_info_age;
5269 BT_DBG("%s", hdev->name);
5271 memset(&rp, 0, sizeof(rp));
5272 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5273 rp.addr.type = cp->addr.type;
5275 if (!bdaddr_type_is_valid(cp->addr.type))
5276 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5277 MGMT_STATUS_INVALID_PARAMS,
5282 if (!hdev_is_powered(hdev)) {
5283 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5284 MGMT_STATUS_NOT_POWERED, &rp,
5289 if (cp->addr.type == BDADDR_BREDR)
5290 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5293 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5295 if (!conn || conn->state != BT_CONNECTED) {
5296 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5297 MGMT_STATUS_NOT_CONNECTED, &rp,
5302 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5303 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5304 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5308 /* To avoid client trying to guess when to poll again for information we
5309 * calculate conn info age as random value between min/max set in hdev.
5311 conn_info_age = hdev->conn_info_min_age +
5312 prandom_u32_max(hdev->conn_info_max_age -
5313 hdev->conn_info_min_age);
5315 /* Query controller to refresh cached values if they are too old or were
5318 if (time_after(jiffies, conn->conn_info_timestamp +
5319 msecs_to_jiffies(conn_info_age)) ||
5320 !conn->conn_info_timestamp) {
5321 struct hci_request req;
5322 struct hci_cp_read_tx_power req_txp_cp;
5323 struct hci_cp_read_rssi req_rssi_cp;
5324 struct mgmt_pending_cmd *cmd;
5326 hci_req_init(&req, hdev);
5327 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5328 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5331 /* For LE links TX power does not change thus we don't need to
5332 * query for it once value is known.
5334 if (!bdaddr_type_is_le(cp->addr.type) ||
5335 conn->tx_power == HCI_TX_POWER_INVALID) {
5336 req_txp_cp.handle = cpu_to_le16(conn->handle);
5337 req_txp_cp.type = 0x00;
5338 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5339 sizeof(req_txp_cp), &req_txp_cp);
5342 /* Max TX power needs to be read only once per connection */
5343 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5344 req_txp_cp.handle = cpu_to_le16(conn->handle);
5345 req_txp_cp.type = 0x01;
5346 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5347 sizeof(req_txp_cp), &req_txp_cp);
5350 err = hci_req_run(&req, conn_info_refresh_complete);
5354 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5361 hci_conn_hold(conn);
5362 cmd->user_data = hci_conn_get(conn);
5363 cmd->cmd_complete = conn_info_cmd_complete;
5365 conn->conn_info_timestamp = jiffies;
5367 /* Cache is valid, just reply with values cached in hci_conn */
5368 rp.rssi = conn->rssi;
5369 rp.tx_power = conn->tx_power;
5370 rp.max_tx_power = conn->max_tx_power;
5372 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5373 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5377 hci_dev_unlock(hdev);
5381 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5383 struct hci_conn *conn = cmd->user_data;
5384 struct mgmt_rp_get_clock_info rp;
5385 struct hci_dev *hdev;
5388 memset(&rp, 0, sizeof(rp));
5389 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5394 hdev = hci_dev_get(cmd->index);
5396 rp.local_clock = cpu_to_le32(hdev->clock);
5401 rp.piconet_clock = cpu_to_le32(conn->clock);
5402 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5406 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5410 hci_conn_drop(conn);
5417 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5419 struct hci_cp_read_clock *hci_cp;
5420 struct mgmt_pending_cmd *cmd;
5421 struct hci_conn *conn;
5423 BT_DBG("%s status %u", hdev->name, status);
5427 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5431 if (hci_cp->which) {
5432 u16 handle = __le16_to_cpu(hci_cp->handle);
5433 conn = hci_conn_hash_lookup_handle(hdev, handle);
5438 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5442 cmd->cmd_complete(cmd, mgmt_status(status));
5443 mgmt_pending_remove(cmd);
5446 hci_dev_unlock(hdev);
5449 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5452 struct mgmt_cp_get_clock_info *cp = data;
5453 struct mgmt_rp_get_clock_info rp;
5454 struct hci_cp_read_clock hci_cp;
5455 struct mgmt_pending_cmd *cmd;
5456 struct hci_request req;
5457 struct hci_conn *conn;
5460 BT_DBG("%s", hdev->name);
5462 memset(&rp, 0, sizeof(rp));
5463 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5464 rp.addr.type = cp->addr.type;
5466 if (cp->addr.type != BDADDR_BREDR)
5467 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5468 MGMT_STATUS_INVALID_PARAMS,
5473 if (!hdev_is_powered(hdev)) {
5474 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5475 MGMT_STATUS_NOT_POWERED, &rp,
5480 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5481 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5483 if (!conn || conn->state != BT_CONNECTED) {
5484 err = mgmt_cmd_complete(sk, hdev->id,
5485 MGMT_OP_GET_CLOCK_INFO,
5486 MGMT_STATUS_NOT_CONNECTED,
5494 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5500 cmd->cmd_complete = clock_info_cmd_complete;
5502 hci_req_init(&req, hdev);
5504 memset(&hci_cp, 0, sizeof(hci_cp));
5505 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5508 hci_conn_hold(conn);
5509 cmd->user_data = hci_conn_get(conn);
5511 hci_cp.handle = cpu_to_le16(conn->handle);
5512 hci_cp.which = 0x01; /* Piconet clock */
5513 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5516 err = hci_req_run(&req, get_clock_info_complete);
5518 mgmt_pending_remove(cmd);
5521 hci_dev_unlock(hdev);
5525 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5527 struct hci_conn *conn;
5529 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5533 if (conn->dst_type != type)
5536 if (conn->state != BT_CONNECTED)
5542 /* This function requires the caller holds hdev->lock */
5543 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5544 u8 addr_type, u8 auto_connect)
5546 struct hci_conn_params *params;
5548 params = hci_conn_params_add(hdev, addr, addr_type);
5552 if (params->auto_connect == auto_connect)
5555 list_del_init(¶ms->action);
5557 switch (auto_connect) {
5558 case HCI_AUTO_CONN_DISABLED:
5559 case HCI_AUTO_CONN_LINK_LOSS:
5560 /* If auto connect is being disabled when we're trying to
5561 * connect to device, keep connecting.
5563 if (params->explicit_connect)
5564 list_add(¶ms->action, &hdev->pend_le_conns);
5566 case HCI_AUTO_CONN_REPORT:
5567 if (params->explicit_connect)
5568 list_add(¶ms->action, &hdev->pend_le_conns);
5570 list_add(¶ms->action, &hdev->pend_le_reports);
5572 case HCI_AUTO_CONN_DIRECT:
5573 case HCI_AUTO_CONN_ALWAYS:
5574 if (!is_connected(hdev, addr, addr_type))
5575 list_add(¶ms->action, &hdev->pend_le_conns);
5579 params->auto_connect = auto_connect;
5581 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5587 static void device_added(struct sock *sk, struct hci_dev *hdev,
5588 bdaddr_t *bdaddr, u8 type, u8 action)
5590 struct mgmt_ev_device_added ev;
5592 bacpy(&ev.addr.bdaddr, bdaddr);
5593 ev.addr.type = type;
5596 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5599 static int add_device(struct sock *sk, struct hci_dev *hdev,
5600 void *data, u16 len)
5602 struct mgmt_cp_add_device *cp = data;
5603 u8 auto_conn, addr_type;
5606 BT_DBG("%s", hdev->name);
5608 if (!bdaddr_type_is_valid(cp->addr.type) ||
5609 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5610 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5611 MGMT_STATUS_INVALID_PARAMS,
5612 &cp->addr, sizeof(cp->addr));
5614 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5615 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5616 MGMT_STATUS_INVALID_PARAMS,
5617 &cp->addr, sizeof(cp->addr));
5621 if (cp->addr.type == BDADDR_BREDR) {
5622 /* Only incoming connections action is supported for now */
5623 if (cp->action != 0x01) {
5624 err = mgmt_cmd_complete(sk, hdev->id,
5626 MGMT_STATUS_INVALID_PARAMS,
5627 &cp->addr, sizeof(cp->addr));
5631 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5636 hci_req_update_scan(hdev);
5641 addr_type = le_addr_type(cp->addr.type);
5643 if (cp->action == 0x02)
5644 auto_conn = HCI_AUTO_CONN_ALWAYS;
5645 else if (cp->action == 0x01)
5646 auto_conn = HCI_AUTO_CONN_DIRECT;
5648 auto_conn = HCI_AUTO_CONN_REPORT;
5650 /* Kernel internally uses conn_params with resolvable private
5651 * address, but Add Device allows only identity addresses.
5652 * Make sure it is enforced before calling
5653 * hci_conn_params_lookup.
5655 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5656 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5657 MGMT_STATUS_INVALID_PARAMS,
5658 &cp->addr, sizeof(cp->addr));
5662 /* If the connection parameters don't exist for this device,
5663 * they will be created and configured with defaults.
5665 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5667 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5668 MGMT_STATUS_FAILED, &cp->addr,
5673 hci_update_background_scan(hdev);
5676 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5678 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5679 MGMT_STATUS_SUCCESS, &cp->addr,
5683 hci_dev_unlock(hdev);
5687 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5688 bdaddr_t *bdaddr, u8 type)
5690 struct mgmt_ev_device_removed ev;
5692 bacpy(&ev.addr.bdaddr, bdaddr);
5693 ev.addr.type = type;
5695 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5698 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5699 void *data, u16 len)
5701 struct mgmt_cp_remove_device *cp = data;
5704 BT_DBG("%s", hdev->name);
5708 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5709 struct hci_conn_params *params;
5712 if (!bdaddr_type_is_valid(cp->addr.type)) {
5713 err = mgmt_cmd_complete(sk, hdev->id,
5714 MGMT_OP_REMOVE_DEVICE,
5715 MGMT_STATUS_INVALID_PARAMS,
5716 &cp->addr, sizeof(cp->addr));
5720 if (cp->addr.type == BDADDR_BREDR) {
5721 err = hci_bdaddr_list_del(&hdev->whitelist,
5725 err = mgmt_cmd_complete(sk, hdev->id,
5726 MGMT_OP_REMOVE_DEVICE,
5727 MGMT_STATUS_INVALID_PARAMS,
5733 hci_req_update_scan(hdev);
5735 device_removed(sk, hdev, &cp->addr.bdaddr,
5740 addr_type = le_addr_type(cp->addr.type);
5742 /* Kernel internally uses conn_params with resolvable private
5743 * address, but Remove Device allows only identity addresses.
5744 * Make sure it is enforced before calling
5745 * hci_conn_params_lookup.
5747 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5748 err = mgmt_cmd_complete(sk, hdev->id,
5749 MGMT_OP_REMOVE_DEVICE,
5750 MGMT_STATUS_INVALID_PARAMS,
5751 &cp->addr, sizeof(cp->addr));
5755 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5758 err = mgmt_cmd_complete(sk, hdev->id,
5759 MGMT_OP_REMOVE_DEVICE,
5760 MGMT_STATUS_INVALID_PARAMS,
5761 &cp->addr, sizeof(cp->addr));
5765 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5766 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5767 err = mgmt_cmd_complete(sk, hdev->id,
5768 MGMT_OP_REMOVE_DEVICE,
5769 MGMT_STATUS_INVALID_PARAMS,
5770 &cp->addr, sizeof(cp->addr));
5774 list_del(¶ms->action);
5775 list_del(¶ms->list);
5777 hci_update_background_scan(hdev);
5779 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5781 struct hci_conn_params *p, *tmp;
5782 struct bdaddr_list *b, *btmp;
5784 if (cp->addr.type) {
5785 err = mgmt_cmd_complete(sk, hdev->id,
5786 MGMT_OP_REMOVE_DEVICE,
5787 MGMT_STATUS_INVALID_PARAMS,
5788 &cp->addr, sizeof(cp->addr));
5792 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5793 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5798 hci_req_update_scan(hdev);
5800 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5801 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5803 device_removed(sk, hdev, &p->addr, p->addr_type);
5804 if (p->explicit_connect) {
5805 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5808 list_del(&p->action);
5813 BT_DBG("All LE connection parameters were removed");
5815 hci_update_background_scan(hdev);
5819 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5820 MGMT_STATUS_SUCCESS, &cp->addr,
5823 hci_dev_unlock(hdev);
5827 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5830 struct mgmt_cp_load_conn_param *cp = data;
5831 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5832 sizeof(struct mgmt_conn_param));
5833 u16 param_count, expected_len;
5836 if (!lmp_le_capable(hdev))
5837 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5838 MGMT_STATUS_NOT_SUPPORTED);
5840 param_count = __le16_to_cpu(cp->param_count);
5841 if (param_count > max_param_count) {
5842 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
5844 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5845 MGMT_STATUS_INVALID_PARAMS);
5848 expected_len = struct_size(cp, params, param_count);
5849 if (expected_len != len) {
5850 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
5852 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5853 MGMT_STATUS_INVALID_PARAMS);
5856 BT_DBG("%s param_count %u", hdev->name, param_count);
5860 hci_conn_params_clear_disabled(hdev);
5862 for (i = 0; i < param_count; i++) {
5863 struct mgmt_conn_param *param = &cp->params[i];
5864 struct hci_conn_params *hci_param;
5865 u16 min, max, latency, timeout;
5868 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5871 if (param->addr.type == BDADDR_LE_PUBLIC) {
5872 addr_type = ADDR_LE_DEV_PUBLIC;
5873 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5874 addr_type = ADDR_LE_DEV_RANDOM;
5876 bt_dev_err(hdev, "ignoring invalid connection parameters");
5880 min = le16_to_cpu(param->min_interval);
5881 max = le16_to_cpu(param->max_interval);
5882 latency = le16_to_cpu(param->latency);
5883 timeout = le16_to_cpu(param->timeout);
5885 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5886 min, max, latency, timeout);
5888 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5889 bt_dev_err(hdev, "ignoring invalid connection parameters");
5893 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5896 bt_dev_err(hdev, "failed to add connection parameters");
5900 hci_param->conn_min_interval = min;
5901 hci_param->conn_max_interval = max;
5902 hci_param->conn_latency = latency;
5903 hci_param->supervision_timeout = timeout;
5906 hci_dev_unlock(hdev);
5908 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5912 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5913 void *data, u16 len)
5915 struct mgmt_cp_set_external_config *cp = data;
5919 BT_DBG("%s", hdev->name);
5921 if (hdev_is_powered(hdev))
5922 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5923 MGMT_STATUS_REJECTED);
5925 if (cp->config != 0x00 && cp->config != 0x01)
5926 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5927 MGMT_STATUS_INVALID_PARAMS);
5929 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5930 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5931 MGMT_STATUS_NOT_SUPPORTED);
5936 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
5938 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
5940 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5947 err = new_options(hdev, sk);
5949 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
5950 mgmt_index_removed(hdev);
5952 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
5953 hci_dev_set_flag(hdev, HCI_CONFIG);
5954 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5956 queue_work(hdev->req_workqueue, &hdev->power_on);
5958 set_bit(HCI_RAW, &hdev->flags);
5959 mgmt_index_added(hdev);
5964 hci_dev_unlock(hdev);
5968 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5969 void *data, u16 len)
5971 struct mgmt_cp_set_public_address *cp = data;
5975 BT_DBG("%s", hdev->name);
5977 if (hdev_is_powered(hdev))
5978 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5979 MGMT_STATUS_REJECTED);
5981 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5982 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5983 MGMT_STATUS_INVALID_PARAMS);
5985 if (!hdev->set_bdaddr)
5986 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5987 MGMT_STATUS_NOT_SUPPORTED);
5991 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5992 bacpy(&hdev->public_addr, &cp->bdaddr);
5994 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6001 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6002 err = new_options(hdev, sk);
6004 if (is_configured(hdev)) {
6005 mgmt_index_removed(hdev);
6007 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6009 hci_dev_set_flag(hdev, HCI_CONFIG);
6010 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6012 queue_work(hdev->req_workqueue, &hdev->power_on);
6016 hci_dev_unlock(hdev);
6020 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6021 u16 opcode, struct sk_buff *skb)
6023 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6024 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6025 u8 *h192, *r192, *h256, *r256;
6026 struct mgmt_pending_cmd *cmd;
6030 BT_DBG("%s status %u", hdev->name, status);
6032 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6036 mgmt_cp = cmd->param;
6039 status = mgmt_status(status);
6046 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6047 struct hci_rp_read_local_oob_data *rp;
6049 if (skb->len != sizeof(*rp)) {
6050 status = MGMT_STATUS_FAILED;
6053 status = MGMT_STATUS_SUCCESS;
6054 rp = (void *)skb->data;
6056 eir_len = 5 + 18 + 18;
6063 struct hci_rp_read_local_oob_ext_data *rp;
6065 if (skb->len != sizeof(*rp)) {
6066 status = MGMT_STATUS_FAILED;
6069 status = MGMT_STATUS_SUCCESS;
6070 rp = (void *)skb->data;
6072 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6073 eir_len = 5 + 18 + 18;
6077 eir_len = 5 + 18 + 18 + 18 + 18;
6087 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6094 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6095 hdev->dev_class, 3);
6098 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6099 EIR_SSP_HASH_C192, h192, 16);
6100 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6101 EIR_SSP_RAND_R192, r192, 16);
6105 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6106 EIR_SSP_HASH_C256, h256, 16);
6107 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6108 EIR_SSP_RAND_R256, r256, 16);
6112 mgmt_rp->type = mgmt_cp->type;
6113 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6115 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6116 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6117 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6118 if (err < 0 || status)
6121 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6123 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6124 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6125 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6128 mgmt_pending_remove(cmd);
6131 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6132 struct mgmt_cp_read_local_oob_ext_data *cp)
6134 struct mgmt_pending_cmd *cmd;
6135 struct hci_request req;
6138 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6143 hci_req_init(&req, hdev);
6145 if (bredr_sc_enabled(hdev))
6146 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6148 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6150 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6152 mgmt_pending_remove(cmd);
6159 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6160 void *data, u16 data_len)
6162 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6163 struct mgmt_rp_read_local_oob_ext_data *rp;
6166 u8 status, flags, role, addr[7], hash[16], rand[16];
6169 BT_DBG("%s", hdev->name);
6171 if (hdev_is_powered(hdev)) {
6173 case BIT(BDADDR_BREDR):
6174 status = mgmt_bredr_support(hdev);
6180 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6181 status = mgmt_le_support(hdev);
6185 eir_len = 9 + 3 + 18 + 18 + 3;
6188 status = MGMT_STATUS_INVALID_PARAMS;
6193 status = MGMT_STATUS_NOT_POWERED;
6197 rp_len = sizeof(*rp) + eir_len;
6198 rp = kmalloc(rp_len, GFP_ATOMIC);
6209 case BIT(BDADDR_BREDR):
6210 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6211 err = read_local_ssp_oob_req(hdev, sk, cp);
6212 hci_dev_unlock(hdev);
6216 status = MGMT_STATUS_FAILED;
6219 eir_len = eir_append_data(rp->eir, eir_len,
6221 hdev->dev_class, 3);
6224 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6225 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6226 smp_generate_oob(hdev, hash, rand) < 0) {
6227 hci_dev_unlock(hdev);
6228 status = MGMT_STATUS_FAILED;
6232 /* This should return the active RPA, but since the RPA
6233 * is only programmed on demand, it is really hard to fill
6234 * this in at the moment. For now disallow retrieving
6235 * local out-of-band data when privacy is in use.
6237 * Returning the identity address will not help here since
6238 * pairing happens before the identity resolving key is
6239 * known and thus the connection establishment happens
6240 * based on the RPA and not the identity address.
6242 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6243 hci_dev_unlock(hdev);
6244 status = MGMT_STATUS_REJECTED;
6248 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6249 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6250 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6251 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6252 memcpy(addr, &hdev->static_addr, 6);
6255 memcpy(addr, &hdev->bdaddr, 6);
6259 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6260 addr, sizeof(addr));
6262 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6267 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6268 &role, sizeof(role));
6270 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6271 eir_len = eir_append_data(rp->eir, eir_len,
6273 hash, sizeof(hash));
6275 eir_len = eir_append_data(rp->eir, eir_len,
6277 rand, sizeof(rand));
6280 flags = mgmt_get_adv_discov_flags(hdev);
6282 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6283 flags |= LE_AD_NO_BREDR;
6285 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6286 &flags, sizeof(flags));
6290 hci_dev_unlock(hdev);
6292 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6294 status = MGMT_STATUS_SUCCESS;
6297 rp->type = cp->type;
6298 rp->eir_len = cpu_to_le16(eir_len);
6300 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6301 status, rp, sizeof(*rp) + eir_len);
6302 if (err < 0 || status)
6305 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6306 rp, sizeof(*rp) + eir_len,
6307 HCI_MGMT_OOB_DATA_EVENTS, sk);
6315 static u32 get_supported_adv_flags(struct hci_dev *hdev)
6319 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6320 flags |= MGMT_ADV_FLAG_DISCOV;
6321 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6322 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6323 flags |= MGMT_ADV_FLAG_APPEARANCE;
6324 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
6326 /* In extended adv TX_POWER returned from Set Adv Param
6327 * will be always valid.
6329 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
6330 ext_adv_capable(hdev))
6331 flags |= MGMT_ADV_FLAG_TX_POWER;
6333 if (ext_adv_capable(hdev)) {
6334 flags |= MGMT_ADV_FLAG_SEC_1M;
6336 if (hdev->le_features[1] & HCI_LE_PHY_2M)
6337 flags |= MGMT_ADV_FLAG_SEC_2M;
6339 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
6340 flags |= MGMT_ADV_FLAG_SEC_CODED;
6346 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6347 void *data, u16 data_len)
6349 struct mgmt_rp_read_adv_features *rp;
6352 struct adv_info *adv_instance;
6353 u32 supported_flags;
6356 BT_DBG("%s", hdev->name);
6358 if (!lmp_le_capable(hdev))
6359 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6360 MGMT_STATUS_REJECTED);
6364 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
6365 rp = kmalloc(rp_len, GFP_ATOMIC);
6367 hci_dev_unlock(hdev);
6371 supported_flags = get_supported_adv_flags(hdev);
6373 rp->supported_flags = cpu_to_le32(supported_flags);
6374 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6375 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6376 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6377 rp->num_instances = hdev->adv_instance_cnt;
6379 instance = rp->instance;
6380 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6381 *instance = adv_instance->instance;
6385 hci_dev_unlock(hdev);
6387 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6388 MGMT_STATUS_SUCCESS, rp, rp_len);
6395 static u8 calculate_name_len(struct hci_dev *hdev)
6397 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6399 return append_local_name(hdev, buf, 0);
6402 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6405 u8 max_len = HCI_MAX_AD_LENGTH;
6408 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6409 MGMT_ADV_FLAG_LIMITED_DISCOV |
6410 MGMT_ADV_FLAG_MANAGED_FLAGS))
6413 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6416 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6417 max_len -= calculate_name_len(hdev);
6419 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6426 static bool flags_managed(u32 adv_flags)
6428 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6429 MGMT_ADV_FLAG_LIMITED_DISCOV |
6430 MGMT_ADV_FLAG_MANAGED_FLAGS);
6433 static bool tx_power_managed(u32 adv_flags)
6435 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6438 static bool name_managed(u32 adv_flags)
6440 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6443 static bool appearance_managed(u32 adv_flags)
6445 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6448 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6449 u8 len, bool is_adv_data)
6454 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
6459 /* Make sure that the data is correctly formatted. */
6460 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6463 if (data[i + 1] == EIR_FLAGS &&
6464 (!is_adv_data || flags_managed(adv_flags)))
6467 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6470 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6473 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6476 if (data[i + 1] == EIR_APPEARANCE &&
6477 appearance_managed(adv_flags))
6480 /* If the current field length would exceed the total data
6481 * length, then it's invalid.
6483 if (i + cur_len >= len)
6490 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6493 struct mgmt_pending_cmd *cmd;
6494 struct mgmt_cp_add_advertising *cp;
6495 struct mgmt_rp_add_advertising rp;
6496 struct adv_info *adv_instance, *n;
6499 BT_DBG("status %d", status);
6503 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6505 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6506 if (!adv_instance->pending)
6510 adv_instance->pending = false;
6514 instance = adv_instance->instance;
6516 if (hdev->cur_adv_instance == instance)
6517 cancel_adv_timeout(hdev);
6519 hci_remove_adv_instance(hdev, instance);
6520 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6527 rp.instance = cp->instance;
6530 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6531 mgmt_status(status));
6533 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6534 mgmt_status(status), &rp, sizeof(rp));
6536 mgmt_pending_remove(cmd);
6539 hci_dev_unlock(hdev);
6542 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6543 void *data, u16 data_len)
6545 struct mgmt_cp_add_advertising *cp = data;
6546 struct mgmt_rp_add_advertising rp;
6548 u32 supported_flags, phy_flags;
6550 u16 timeout, duration;
6551 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6552 u8 schedule_instance = 0;
6553 struct adv_info *next_instance;
6555 struct mgmt_pending_cmd *cmd;
6556 struct hci_request req;
6558 BT_DBG("%s", hdev->name);
6560 status = mgmt_le_support(hdev);
6562 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6565 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6567 MGMT_STATUS_INVALID_PARAMS);
6569 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6570 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6571 MGMT_STATUS_INVALID_PARAMS);
6573 flags = __le32_to_cpu(cp->flags);
6574 timeout = __le16_to_cpu(cp->timeout);
6575 duration = __le16_to_cpu(cp->duration);
6577 /* The current implementation only supports a subset of the specified
6578 * flags. Also need to check mutual exclusiveness of sec flags.
6580 supported_flags = get_supported_adv_flags(hdev);
6581 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK;
6582 if (flags & ~supported_flags ||
6583 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
6584 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6585 MGMT_STATUS_INVALID_PARAMS);
6589 if (timeout && !hdev_is_powered(hdev)) {
6590 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6591 MGMT_STATUS_REJECTED);
6595 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6596 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6597 pending_find(MGMT_OP_SET_LE, hdev)) {
6598 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6603 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6604 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6605 cp->scan_rsp_len, false)) {
6606 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6607 MGMT_STATUS_INVALID_PARAMS);
6611 err = hci_add_adv_instance(hdev, cp->instance, flags,
6612 cp->adv_data_len, cp->data,
6614 cp->data + cp->adv_data_len,
6617 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6618 MGMT_STATUS_FAILED);
6622 /* Only trigger an advertising added event if a new instance was
6625 if (hdev->adv_instance_cnt > prev_instance_cnt)
6626 mgmt_advertising_added(sk, hdev, cp->instance);
6628 if (hdev->cur_adv_instance == cp->instance) {
6629 /* If the currently advertised instance is being changed then
6630 * cancel the current advertising and schedule the next
6631 * instance. If there is only one instance then the overridden
6632 * advertising data will be visible right away.
6634 cancel_adv_timeout(hdev);
6636 next_instance = hci_get_next_instance(hdev, cp->instance);
6638 schedule_instance = next_instance->instance;
6639 } else if (!hdev->adv_instance_timeout) {
6640 /* Immediately advertise the new instance if no other
6641 * instance is currently being advertised.
6643 schedule_instance = cp->instance;
6646 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6647 * there is no instance to be advertised then we have no HCI
6648 * communication to make. Simply return.
6650 if (!hdev_is_powered(hdev) ||
6651 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6652 !schedule_instance) {
6653 rp.instance = cp->instance;
6654 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6655 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6659 /* We're good to go, update advertising data, parameters, and start
6662 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6669 hci_req_init(&req, hdev);
6671 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6674 err = hci_req_run(&req, add_advertising_complete);
6677 mgmt_pending_remove(cmd);
6680 hci_dev_unlock(hdev);
6685 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6688 struct mgmt_pending_cmd *cmd;
6689 struct mgmt_cp_remove_advertising *cp;
6690 struct mgmt_rp_remove_advertising rp;
6692 BT_DBG("status %d", status);
6696 /* A failure status here only means that we failed to disable
6697 * advertising. Otherwise, the advertising instance has been removed,
6698 * so report success.
6700 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6705 rp.instance = cp->instance;
6707 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6709 mgmt_pending_remove(cmd);
6712 hci_dev_unlock(hdev);
6715 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6716 void *data, u16 data_len)
6718 struct mgmt_cp_remove_advertising *cp = data;
6719 struct mgmt_rp_remove_advertising rp;
6720 struct mgmt_pending_cmd *cmd;
6721 struct hci_request req;
6724 BT_DBG("%s", hdev->name);
6728 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6729 err = mgmt_cmd_status(sk, hdev->id,
6730 MGMT_OP_REMOVE_ADVERTISING,
6731 MGMT_STATUS_INVALID_PARAMS);
6735 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6736 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6737 pending_find(MGMT_OP_SET_LE, hdev)) {
6738 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6743 if (list_empty(&hdev->adv_instances)) {
6744 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6745 MGMT_STATUS_INVALID_PARAMS);
6749 hci_req_init(&req, hdev);
6751 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6753 if (list_empty(&hdev->adv_instances))
6754 __hci_req_disable_advertising(&req);
6756 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6757 * flag is set or the device isn't powered then we have no HCI
6758 * communication to make. Simply return.
6760 if (skb_queue_empty(&req.cmd_q) ||
6761 !hdev_is_powered(hdev) ||
6762 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6763 hci_req_purge(&req);
6764 rp.instance = cp->instance;
6765 err = mgmt_cmd_complete(sk, hdev->id,
6766 MGMT_OP_REMOVE_ADVERTISING,
6767 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6771 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6778 err = hci_req_run(&req, remove_advertising_complete);
6780 mgmt_pending_remove(cmd);
6783 hci_dev_unlock(hdev);
6788 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6789 void *data, u16 data_len)
6791 struct mgmt_cp_get_adv_size_info *cp = data;
6792 struct mgmt_rp_get_adv_size_info rp;
6793 u32 flags, supported_flags;
6796 BT_DBG("%s", hdev->name);
6798 if (!lmp_le_capable(hdev))
6799 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6800 MGMT_STATUS_REJECTED);
6802 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6803 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6804 MGMT_STATUS_INVALID_PARAMS);
6806 flags = __le32_to_cpu(cp->flags);
6808 /* The current implementation only supports a subset of the specified
6811 supported_flags = get_supported_adv_flags(hdev);
6812 if (flags & ~supported_flags)
6813 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6814 MGMT_STATUS_INVALID_PARAMS);
6816 rp.instance = cp->instance;
6817 rp.flags = cp->flags;
6818 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
6819 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
6821 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6822 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6827 static const struct hci_mgmt_handler mgmt_handlers[] = {
6828 { NULL }, /* 0x0000 (no command) */
6829 { read_version, MGMT_READ_VERSION_SIZE,
6831 HCI_MGMT_UNTRUSTED },
6832 { read_commands, MGMT_READ_COMMANDS_SIZE,
6834 HCI_MGMT_UNTRUSTED },
6835 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6837 HCI_MGMT_UNTRUSTED },
6838 { read_controller_info, MGMT_READ_INFO_SIZE,
6839 HCI_MGMT_UNTRUSTED },
6840 { set_powered, MGMT_SETTING_SIZE },
6841 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6842 { set_connectable, MGMT_SETTING_SIZE },
6843 { set_fast_connectable, MGMT_SETTING_SIZE },
6844 { set_bondable, MGMT_SETTING_SIZE },
6845 { set_link_security, MGMT_SETTING_SIZE },
6846 { set_ssp, MGMT_SETTING_SIZE },
6847 { set_hs, MGMT_SETTING_SIZE },
6848 { set_le, MGMT_SETTING_SIZE },
6849 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6850 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6851 { add_uuid, MGMT_ADD_UUID_SIZE },
6852 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6853 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6855 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6857 { disconnect, MGMT_DISCONNECT_SIZE },
6858 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6859 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6860 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6861 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6862 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6863 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6864 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6865 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6866 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6867 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6868 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6869 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6870 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6872 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6873 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6874 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6875 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6876 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6877 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6878 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6879 { set_advertising, MGMT_SETTING_SIZE },
6880 { set_bredr, MGMT_SETTING_SIZE },
6881 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6882 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6883 { set_secure_conn, MGMT_SETTING_SIZE },
6884 { set_debug_keys, MGMT_SETTING_SIZE },
6885 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6886 { load_irks, MGMT_LOAD_IRKS_SIZE,
6888 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6889 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6890 { add_device, MGMT_ADD_DEVICE_SIZE },
6891 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6892 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6894 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6896 HCI_MGMT_UNTRUSTED },
6897 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6898 HCI_MGMT_UNCONFIGURED |
6899 HCI_MGMT_UNTRUSTED },
6900 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6901 HCI_MGMT_UNCONFIGURED },
6902 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6903 HCI_MGMT_UNCONFIGURED },
6904 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6906 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6907 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6909 HCI_MGMT_UNTRUSTED },
6910 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6911 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6913 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6914 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
6915 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
6916 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6917 HCI_MGMT_UNTRUSTED },
6918 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6919 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
6920 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
6923 void mgmt_index_added(struct hci_dev *hdev)
6925 struct mgmt_ev_ext_index ev;
6927 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6930 switch (hdev->dev_type) {
6932 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6933 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6934 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6937 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6938 HCI_MGMT_INDEX_EVENTS);
6951 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6952 HCI_MGMT_EXT_INDEX_EVENTS);
6955 void mgmt_index_removed(struct hci_dev *hdev)
6957 struct mgmt_ev_ext_index ev;
6958 u8 status = MGMT_STATUS_INVALID_INDEX;
6960 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6963 switch (hdev->dev_type) {
6965 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6967 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6968 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6969 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6972 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6973 HCI_MGMT_INDEX_EVENTS);
6986 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6987 HCI_MGMT_EXT_INDEX_EVENTS);
6990 /* This function requires the caller holds hdev->lock */
6991 static void restart_le_actions(struct hci_dev *hdev)
6993 struct hci_conn_params *p;
6995 list_for_each_entry(p, &hdev->le_conn_params, list) {
6996 /* Needed for AUTO_OFF case where might not "really"
6997 * have been powered off.
6999 list_del_init(&p->action);
7001 switch (p->auto_connect) {
7002 case HCI_AUTO_CONN_DIRECT:
7003 case HCI_AUTO_CONN_ALWAYS:
7004 list_add(&p->action, &hdev->pend_le_conns);
7006 case HCI_AUTO_CONN_REPORT:
7007 list_add(&p->action, &hdev->pend_le_reports);
7015 void mgmt_power_on(struct hci_dev *hdev, int err)
7017 struct cmd_lookup match = { NULL, hdev };
7019 BT_DBG("err %d", err);
7024 restart_le_actions(hdev);
7025 hci_update_background_scan(hdev);
7028 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7030 new_settings(hdev, match.sk);
7035 hci_dev_unlock(hdev);
7038 void __mgmt_power_off(struct hci_dev *hdev)
7040 struct cmd_lookup match = { NULL, hdev };
7041 u8 status, zero_cod[] = { 0, 0, 0 };
7043 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7045 /* If the power off is because of hdev unregistration let
7046 * use the appropriate INVALID_INDEX status. Otherwise use
7047 * NOT_POWERED. We cover both scenarios here since later in
7048 * mgmt_index_removed() any hci_conn callbacks will have already
7049 * been triggered, potentially causing misleading DISCONNECTED
7052 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7053 status = MGMT_STATUS_INVALID_INDEX;
7055 status = MGMT_STATUS_NOT_POWERED;
7057 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7059 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
7060 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7061 zero_cod, sizeof(zero_cod),
7062 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7063 ext_info_changed(hdev, NULL);
7066 new_settings(hdev, match.sk);
7072 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7074 struct mgmt_pending_cmd *cmd;
7077 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7081 if (err == -ERFKILL)
7082 status = MGMT_STATUS_RFKILLED;
7084 status = MGMT_STATUS_FAILED;
7086 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7088 mgmt_pending_remove(cmd);
7091 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7094 struct mgmt_ev_new_link_key ev;
7096 memset(&ev, 0, sizeof(ev));
7098 ev.store_hint = persistent;
7099 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7100 ev.key.addr.type = BDADDR_BREDR;
7101 ev.key.type = key->type;
7102 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7103 ev.key.pin_len = key->pin_len;
7105 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7108 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7110 switch (ltk->type) {
7113 if (ltk->authenticated)
7114 return MGMT_LTK_AUTHENTICATED;
7115 return MGMT_LTK_UNAUTHENTICATED;
7117 if (ltk->authenticated)
7118 return MGMT_LTK_P256_AUTH;
7119 return MGMT_LTK_P256_UNAUTH;
7120 case SMP_LTK_P256_DEBUG:
7121 return MGMT_LTK_P256_DEBUG;
7124 return MGMT_LTK_UNAUTHENTICATED;
7127 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7129 struct mgmt_ev_new_long_term_key ev;
7131 memset(&ev, 0, sizeof(ev));
7133 /* Devices using resolvable or non-resolvable random addresses
7134 * without providing an identity resolving key don't require
7135 * to store long term keys. Their addresses will change the
7138 * Only when a remote device provides an identity address
7139 * make sure the long term key is stored. If the remote
7140 * identity is known, the long term keys are internally
7141 * mapped to the identity address. So allow static random
7142 * and public addresses here.
7144 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7145 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7146 ev.store_hint = 0x00;
7148 ev.store_hint = persistent;
7150 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7151 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7152 ev.key.type = mgmt_ltk_type(key);
7153 ev.key.enc_size = key->enc_size;
7154 ev.key.ediv = key->ediv;
7155 ev.key.rand = key->rand;
7157 if (key->type == SMP_LTK)
7160 /* Make sure we copy only the significant bytes based on the
7161 * encryption key size, and set the rest of the value to zeroes.
7163 memcpy(ev.key.val, key->val, key->enc_size);
7164 memset(ev.key.val + key->enc_size, 0,
7165 sizeof(ev.key.val) - key->enc_size);
7167 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7170 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
7172 struct mgmt_ev_new_irk ev;
7174 memset(&ev, 0, sizeof(ev));
7176 ev.store_hint = persistent;
7178 bacpy(&ev.rpa, &irk->rpa);
7179 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7180 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7181 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7183 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7186 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7189 struct mgmt_ev_new_csrk ev;
7191 memset(&ev, 0, sizeof(ev));
7193 /* Devices using resolvable or non-resolvable random addresses
7194 * without providing an identity resolving key don't require
7195 * to store signature resolving keys. Their addresses will change
7196 * the next time around.
7198 * Only when a remote device provides an identity address
7199 * make sure the signature resolving key is stored. So allow
7200 * static random and public addresses here.
7202 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7203 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7204 ev.store_hint = 0x00;
7206 ev.store_hint = persistent;
7208 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7209 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7210 ev.key.type = csrk->type;
7211 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7213 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7216 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7217 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7218 u16 max_interval, u16 latency, u16 timeout)
7220 struct mgmt_ev_new_conn_param ev;
7222 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7225 memset(&ev, 0, sizeof(ev));
7226 bacpy(&ev.addr.bdaddr, bdaddr);
7227 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7228 ev.store_hint = store_hint;
7229 ev.min_interval = cpu_to_le16(min_interval);
7230 ev.max_interval = cpu_to_le16(max_interval);
7231 ev.latency = cpu_to_le16(latency);
7232 ev.timeout = cpu_to_le16(timeout);
7234 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7237 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7238 u32 flags, u8 *name, u8 name_len)
7241 struct mgmt_ev_device_connected *ev = (void *) buf;
7244 bacpy(&ev->addr.bdaddr, &conn->dst);
7245 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7247 ev->flags = __cpu_to_le32(flags);
7249 /* We must ensure that the EIR Data fields are ordered and
7250 * unique. Keep it simple for now and avoid the problem by not
7251 * adding any BR/EDR data to the LE adv.
7253 if (conn->le_adv_data_len > 0) {
7254 memcpy(&ev->eir[eir_len],
7255 conn->le_adv_data, conn->le_adv_data_len);
7256 eir_len = conn->le_adv_data_len;
7259 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7262 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7263 eir_len = eir_append_data(ev->eir, eir_len,
7265 conn->dev_class, 3);
7268 ev->eir_len = cpu_to_le16(eir_len);
7270 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7271 sizeof(*ev) + eir_len, NULL);
7274 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7276 struct sock **sk = data;
7278 cmd->cmd_complete(cmd, 0);
7283 mgmt_pending_remove(cmd);
7286 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7288 struct hci_dev *hdev = data;
7289 struct mgmt_cp_unpair_device *cp = cmd->param;
7291 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7293 cmd->cmd_complete(cmd, 0);
7294 mgmt_pending_remove(cmd);
7297 bool mgmt_powering_down(struct hci_dev *hdev)
7299 struct mgmt_pending_cmd *cmd;
7300 struct mgmt_mode *cp;
7302 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7313 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7314 u8 link_type, u8 addr_type, u8 reason,
7315 bool mgmt_connected)
7317 struct mgmt_ev_device_disconnected ev;
7318 struct sock *sk = NULL;
7320 /* The connection is still in hci_conn_hash so test for 1
7321 * instead of 0 to know if this is the last one.
7323 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7324 cancel_delayed_work(&hdev->power_off);
7325 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7328 if (!mgmt_connected)
7331 if (link_type != ACL_LINK && link_type != LE_LINK)
7334 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
7336 bacpy(&ev.addr.bdaddr, bdaddr);
7337 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7340 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
7345 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7349 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7350 u8 link_type, u8 addr_type, u8 status)
7352 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7353 struct mgmt_cp_disconnect *cp;
7354 struct mgmt_pending_cmd *cmd;
7356 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7359 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
7365 if (bacmp(bdaddr, &cp->addr.bdaddr))
7368 if (cp->addr.type != bdaddr_type)
7371 cmd->cmd_complete(cmd, mgmt_status(status));
7372 mgmt_pending_remove(cmd);
7375 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7376 u8 addr_type, u8 status)
7378 struct mgmt_ev_connect_failed ev;
7380 /* The connection is still in hci_conn_hash so test for 1
7381 * instead of 0 to know if this is the last one.
7383 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7384 cancel_delayed_work(&hdev->power_off);
7385 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7388 bacpy(&ev.addr.bdaddr, bdaddr);
7389 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7390 ev.status = mgmt_status(status);
7392 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7395 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7397 struct mgmt_ev_pin_code_request ev;
7399 bacpy(&ev.addr.bdaddr, bdaddr);
7400 ev.addr.type = BDADDR_BREDR;
7403 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7406 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7409 struct mgmt_pending_cmd *cmd;
7411 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7415 cmd->cmd_complete(cmd, mgmt_status(status));
7416 mgmt_pending_remove(cmd);
7419 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7422 struct mgmt_pending_cmd *cmd;
7424 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7428 cmd->cmd_complete(cmd, mgmt_status(status));
7429 mgmt_pending_remove(cmd);
7432 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7433 u8 link_type, u8 addr_type, u32 value,
7436 struct mgmt_ev_user_confirm_request ev;
7438 BT_DBG("%s", hdev->name);
7440 bacpy(&ev.addr.bdaddr, bdaddr);
7441 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7442 ev.confirm_hint = confirm_hint;
7443 ev.value = cpu_to_le32(value);
7445 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7449 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7450 u8 link_type, u8 addr_type)
7452 struct mgmt_ev_user_passkey_request ev;
7454 BT_DBG("%s", hdev->name);
7456 bacpy(&ev.addr.bdaddr, bdaddr);
7457 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7459 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7463 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7464 u8 link_type, u8 addr_type, u8 status,
7467 struct mgmt_pending_cmd *cmd;
7469 cmd = pending_find(opcode, hdev);
7473 cmd->cmd_complete(cmd, mgmt_status(status));
7474 mgmt_pending_remove(cmd);
7479 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7480 u8 link_type, u8 addr_type, u8 status)
7482 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7483 status, MGMT_OP_USER_CONFIRM_REPLY);
7486 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7487 u8 link_type, u8 addr_type, u8 status)
7489 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7491 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7494 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7495 u8 link_type, u8 addr_type, u8 status)
7497 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7498 status, MGMT_OP_USER_PASSKEY_REPLY);
7501 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7502 u8 link_type, u8 addr_type, u8 status)
7504 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7506 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7509 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7510 u8 link_type, u8 addr_type, u32 passkey,
7513 struct mgmt_ev_passkey_notify ev;
7515 BT_DBG("%s", hdev->name);
7517 bacpy(&ev.addr.bdaddr, bdaddr);
7518 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7519 ev.passkey = __cpu_to_le32(passkey);
7520 ev.entered = entered;
7522 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7525 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7527 struct mgmt_ev_auth_failed ev;
7528 struct mgmt_pending_cmd *cmd;
7529 u8 status = mgmt_status(hci_status);
7531 bacpy(&ev.addr.bdaddr, &conn->dst);
7532 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7535 cmd = find_pairing(conn);
7537 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7538 cmd ? cmd->sk : NULL);
7541 cmd->cmd_complete(cmd, status);
7542 mgmt_pending_remove(cmd);
7546 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7548 struct cmd_lookup match = { NULL, hdev };
7552 u8 mgmt_err = mgmt_status(status);
7553 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7554 cmd_status_rsp, &mgmt_err);
7558 if (test_bit(HCI_AUTH, &hdev->flags))
7559 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7561 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7563 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7567 new_settings(hdev, match.sk);
7573 static void clear_eir(struct hci_request *req)
7575 struct hci_dev *hdev = req->hdev;
7576 struct hci_cp_write_eir cp;
7578 if (!lmp_ext_inq_capable(hdev))
7581 memset(hdev->eir, 0, sizeof(hdev->eir));
7583 memset(&cp, 0, sizeof(cp));
7585 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7588 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7590 struct cmd_lookup match = { NULL, hdev };
7591 struct hci_request req;
7592 bool changed = false;
7595 u8 mgmt_err = mgmt_status(status);
7597 if (enable && hci_dev_test_and_clear_flag(hdev,
7599 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7600 new_settings(hdev, NULL);
7603 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7609 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7611 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7613 changed = hci_dev_test_and_clear_flag(hdev,
7616 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7619 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7622 new_settings(hdev, match.sk);
7627 hci_req_init(&req, hdev);
7629 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7630 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7631 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7632 sizeof(enable), &enable);
7633 __hci_req_update_eir(&req);
7638 hci_req_run(&req, NULL);
7641 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7643 struct cmd_lookup *match = data;
7645 if (match->sk == NULL) {
7646 match->sk = cmd->sk;
7647 sock_hold(match->sk);
7651 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7654 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7656 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7657 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7658 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7661 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7662 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7663 ext_info_changed(hdev, NULL);
7670 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7672 struct mgmt_cp_set_local_name ev;
7673 struct mgmt_pending_cmd *cmd;
7678 memset(&ev, 0, sizeof(ev));
7679 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7680 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7682 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7684 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7686 /* If this is a HCI command related to powering on the
7687 * HCI dev don't send any mgmt signals.
7689 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7693 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7694 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7695 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7698 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7702 for (i = 0; i < uuid_count; i++) {
7703 if (!memcmp(uuid, uuids[i], 16))
7710 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7714 while (parsed < eir_len) {
7715 u8 field_len = eir[0];
7722 if (eir_len - parsed < field_len + 1)
7726 case EIR_UUID16_ALL:
7727 case EIR_UUID16_SOME:
7728 for (i = 0; i + 3 <= field_len; i += 2) {
7729 memcpy(uuid, bluetooth_base_uuid, 16);
7730 uuid[13] = eir[i + 3];
7731 uuid[12] = eir[i + 2];
7732 if (has_uuid(uuid, uuid_count, uuids))
7736 case EIR_UUID32_ALL:
7737 case EIR_UUID32_SOME:
7738 for (i = 0; i + 5 <= field_len; i += 4) {
7739 memcpy(uuid, bluetooth_base_uuid, 16);
7740 uuid[15] = eir[i + 5];
7741 uuid[14] = eir[i + 4];
7742 uuid[13] = eir[i + 3];
7743 uuid[12] = eir[i + 2];
7744 if (has_uuid(uuid, uuid_count, uuids))
7748 case EIR_UUID128_ALL:
7749 case EIR_UUID128_SOME:
7750 for (i = 0; i + 17 <= field_len; i += 16) {
7751 memcpy(uuid, eir + i + 2, 16);
7752 if (has_uuid(uuid, uuid_count, uuids))
7758 parsed += field_len + 1;
7759 eir += field_len + 1;
7765 static void restart_le_scan(struct hci_dev *hdev)
7767 /* If controller is not scanning we are done. */
7768 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7771 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7772 hdev->discovery.scan_start +
7773 hdev->discovery.scan_duration))
7776 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
7777 DISCOV_LE_RESTART_DELAY);
7780 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7781 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7783 /* If a RSSI threshold has been specified, and
7784 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7785 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7786 * is set, let it through for further processing, as we might need to
7789 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7790 * the results are also dropped.
7792 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7793 (rssi == HCI_RSSI_INVALID ||
7794 (rssi < hdev->discovery.rssi &&
7795 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7798 if (hdev->discovery.uuid_count != 0) {
7799 /* If a list of UUIDs is provided in filter, results with no
7800 * matching UUID should be dropped.
7802 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7803 hdev->discovery.uuids) &&
7804 !eir_has_uuids(scan_rsp, scan_rsp_len,
7805 hdev->discovery.uuid_count,
7806 hdev->discovery.uuids))
7810 /* If duplicate filtering does not report RSSI changes, then restart
7811 * scanning to ensure updated result with updated RSSI values.
7813 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7814 restart_le_scan(hdev);
7816 /* Validate RSSI value against the RSSI threshold once more. */
7817 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7818 rssi < hdev->discovery.rssi)
7825 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7826 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7827 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7830 struct mgmt_ev_device_found *ev = (void *)buf;
7833 /* Don't send events for a non-kernel initiated discovery. With
7834 * LE one exception is if we have pend_le_reports > 0 in which
7835 * case we're doing passive scanning and want these events.
7837 if (!hci_discovery_active(hdev)) {
7838 if (link_type == ACL_LINK)
7840 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7844 if (hdev->discovery.result_filtering) {
7845 /* We are using service discovery */
7846 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7851 if (hdev->discovery.limited) {
7852 /* Check for limited discoverable bit */
7854 if (!(dev_class[1] & 0x20))
7857 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7858 if (!flags || !(flags[0] & LE_AD_LIMITED))
7863 /* Make sure that the buffer is big enough. The 5 extra bytes
7864 * are for the potential CoD field.
7866 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7869 memset(buf, 0, sizeof(buf));
7871 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7872 * RSSI value was reported as 0 when not available. This behavior
7873 * is kept when using device discovery. This is required for full
7874 * backwards compatibility with the API.
7876 * However when using service discovery, the value 127 will be
7877 * returned when the RSSI is not available.
7879 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7880 link_type == ACL_LINK)
7883 bacpy(&ev->addr.bdaddr, bdaddr);
7884 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7886 ev->flags = cpu_to_le32(flags);
7889 /* Copy EIR or advertising data into event */
7890 memcpy(ev->eir, eir, eir_len);
7892 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7894 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7897 if (scan_rsp_len > 0)
7898 /* Append scan response data to event */
7899 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7901 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7902 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7904 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7907 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7908 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7910 struct mgmt_ev_device_found *ev;
7911 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7914 ev = (struct mgmt_ev_device_found *) buf;
7916 memset(buf, 0, sizeof(buf));
7918 bacpy(&ev->addr.bdaddr, bdaddr);
7919 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7922 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7925 ev->eir_len = cpu_to_le16(eir_len);
7927 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7930 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7932 struct mgmt_ev_discovering ev;
7934 BT_DBG("%s discovering %u", hdev->name, discovering);
7936 memset(&ev, 0, sizeof(ev));
7937 ev.type = hdev->discovery.type;
7938 ev.discovering = discovering;
7940 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7943 static struct hci_mgmt_chan chan = {
7944 .channel = HCI_CHANNEL_CONTROL,
7945 .handler_count = ARRAY_SIZE(mgmt_handlers),
7946 .handlers = mgmt_handlers,
7947 .hdev_init = mgmt_init_hdev,
7952 return hci_mgmt_chan_register(&chan);
7955 void mgmt_exit(void)
7957 hci_mgmt_chan_unregister(&chan);
projects / linux-2.6-microblaze.git / blob