2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
39 #include "mgmt_config.h"
42 #define MGMT_VERSION 1
43 #define MGMT_REVISION 21
45 static const u16 mgmt_commands[] = {
46 MGMT_OP_READ_INDEX_LIST,
49 MGMT_OP_SET_DISCOVERABLE,
50 MGMT_OP_SET_CONNECTABLE,
51 MGMT_OP_SET_FAST_CONNECTABLE,
53 MGMT_OP_SET_LINK_SECURITY,
57 MGMT_OP_SET_DEV_CLASS,
58 MGMT_OP_SET_LOCAL_NAME,
61 MGMT_OP_LOAD_LINK_KEYS,
62 MGMT_OP_LOAD_LONG_TERM_KEYS,
64 MGMT_OP_GET_CONNECTIONS,
65 MGMT_OP_PIN_CODE_REPLY,
66 MGMT_OP_PIN_CODE_NEG_REPLY,
67 MGMT_OP_SET_IO_CAPABILITY,
69 MGMT_OP_CANCEL_PAIR_DEVICE,
70 MGMT_OP_UNPAIR_DEVICE,
71 MGMT_OP_USER_CONFIRM_REPLY,
72 MGMT_OP_USER_CONFIRM_NEG_REPLY,
73 MGMT_OP_USER_PASSKEY_REPLY,
74 MGMT_OP_USER_PASSKEY_NEG_REPLY,
75 MGMT_OP_READ_LOCAL_OOB_DATA,
76 MGMT_OP_ADD_REMOTE_OOB_DATA,
77 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
78 MGMT_OP_START_DISCOVERY,
79 MGMT_OP_STOP_DISCOVERY,
82 MGMT_OP_UNBLOCK_DEVICE,
83 MGMT_OP_SET_DEVICE_ID,
84 MGMT_OP_SET_ADVERTISING,
86 MGMT_OP_SET_STATIC_ADDRESS,
87 MGMT_OP_SET_SCAN_PARAMS,
88 MGMT_OP_SET_SECURE_CONN,
89 MGMT_OP_SET_DEBUG_KEYS,
92 MGMT_OP_GET_CONN_INFO,
93 MGMT_OP_GET_CLOCK_INFO,
95 MGMT_OP_REMOVE_DEVICE,
96 MGMT_OP_LOAD_CONN_PARAM,
97 MGMT_OP_READ_UNCONF_INDEX_LIST,
98 MGMT_OP_READ_CONFIG_INFO,
99 MGMT_OP_SET_EXTERNAL_CONFIG,
100 MGMT_OP_SET_PUBLIC_ADDRESS,
101 MGMT_OP_START_SERVICE_DISCOVERY,
102 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
103 MGMT_OP_READ_EXT_INDEX_LIST,
104 MGMT_OP_READ_ADV_FEATURES,
105 MGMT_OP_ADD_ADVERTISING,
106 MGMT_OP_REMOVE_ADVERTISING,
107 MGMT_OP_GET_ADV_SIZE_INFO,
108 MGMT_OP_START_LIMITED_DISCOVERY,
109 MGMT_OP_READ_EXT_INFO,
110 MGMT_OP_SET_APPEARANCE,
111 MGMT_OP_GET_PHY_CONFIGURATION,
112 MGMT_OP_SET_PHY_CONFIGURATION,
113 MGMT_OP_SET_BLOCKED_KEYS,
114 MGMT_OP_SET_WIDEBAND_SPEECH,
115 MGMT_OP_READ_CONTROLLER_CAP,
116 MGMT_OP_READ_EXP_FEATURES_INFO,
117 MGMT_OP_SET_EXP_FEATURE,
118 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
119 MGMT_OP_SET_DEF_SYSTEM_CONFIG,
120 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
121 MGMT_OP_SET_DEF_RUNTIME_CONFIG,
122 MGMT_OP_GET_DEVICE_FLAGS,
123 MGMT_OP_SET_DEVICE_FLAGS,
124 MGMT_OP_READ_ADV_MONITOR_FEATURES,
125 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
126 MGMT_OP_REMOVE_ADV_MONITOR,
127 MGMT_OP_ADD_EXT_ADV_PARAMS,
128 MGMT_OP_ADD_EXT_ADV_DATA,
129 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI,
132 static const u16 mgmt_events[] = {
133 MGMT_EV_CONTROLLER_ERROR,
135 MGMT_EV_INDEX_REMOVED,
136 MGMT_EV_NEW_SETTINGS,
137 MGMT_EV_CLASS_OF_DEV_CHANGED,
138 MGMT_EV_LOCAL_NAME_CHANGED,
139 MGMT_EV_NEW_LINK_KEY,
140 MGMT_EV_NEW_LONG_TERM_KEY,
141 MGMT_EV_DEVICE_CONNECTED,
142 MGMT_EV_DEVICE_DISCONNECTED,
143 MGMT_EV_CONNECT_FAILED,
144 MGMT_EV_PIN_CODE_REQUEST,
145 MGMT_EV_USER_CONFIRM_REQUEST,
146 MGMT_EV_USER_PASSKEY_REQUEST,
148 MGMT_EV_DEVICE_FOUND,
150 MGMT_EV_DEVICE_BLOCKED,
151 MGMT_EV_DEVICE_UNBLOCKED,
152 MGMT_EV_DEVICE_UNPAIRED,
153 MGMT_EV_PASSKEY_NOTIFY,
156 MGMT_EV_DEVICE_ADDED,
157 MGMT_EV_DEVICE_REMOVED,
158 MGMT_EV_NEW_CONN_PARAM,
159 MGMT_EV_UNCONF_INDEX_ADDED,
160 MGMT_EV_UNCONF_INDEX_REMOVED,
161 MGMT_EV_NEW_CONFIG_OPTIONS,
162 MGMT_EV_EXT_INDEX_ADDED,
163 MGMT_EV_EXT_INDEX_REMOVED,
164 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
165 MGMT_EV_ADVERTISING_ADDED,
166 MGMT_EV_ADVERTISING_REMOVED,
167 MGMT_EV_EXT_INFO_CHANGED,
168 MGMT_EV_PHY_CONFIGURATION_CHANGED,
169 MGMT_EV_EXP_FEATURE_CHANGED,
170 MGMT_EV_DEVICE_FLAGS_CHANGED,
171 MGMT_EV_ADV_MONITOR_ADDED,
172 MGMT_EV_ADV_MONITOR_REMOVED,
173 MGMT_EV_CONTROLLER_SUSPEND,
174 MGMT_EV_CONTROLLER_RESUME,
177 static const u16 mgmt_untrusted_commands[] = {
178 MGMT_OP_READ_INDEX_LIST,
180 MGMT_OP_READ_UNCONF_INDEX_LIST,
181 MGMT_OP_READ_CONFIG_INFO,
182 MGMT_OP_READ_EXT_INDEX_LIST,
183 MGMT_OP_READ_EXT_INFO,
184 MGMT_OP_READ_CONTROLLER_CAP,
185 MGMT_OP_READ_EXP_FEATURES_INFO,
186 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
187 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
190 static const u16 mgmt_untrusted_events[] = {
192 MGMT_EV_INDEX_REMOVED,
193 MGMT_EV_NEW_SETTINGS,
194 MGMT_EV_CLASS_OF_DEV_CHANGED,
195 MGMT_EV_LOCAL_NAME_CHANGED,
196 MGMT_EV_UNCONF_INDEX_ADDED,
197 MGMT_EV_UNCONF_INDEX_REMOVED,
198 MGMT_EV_NEW_CONFIG_OPTIONS,
199 MGMT_EV_EXT_INDEX_ADDED,
200 MGMT_EV_EXT_INDEX_REMOVED,
201 MGMT_EV_EXT_INFO_CHANGED,
202 MGMT_EV_EXP_FEATURE_CHANGED,
205 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
207 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
208 "\x00\x00\x00\x00\x00\x00\x00\x00"
210 /* HCI to MGMT error code conversion table */
211 static const u8 mgmt_status_table[] = {
213 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
214 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
215 MGMT_STATUS_FAILED, /* Hardware Failure */
216 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
217 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
218 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
219 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
220 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
221 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
222 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
223 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
224 MGMT_STATUS_BUSY, /* Command Disallowed */
225 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
226 MGMT_STATUS_REJECTED, /* Rejected Security */
227 MGMT_STATUS_REJECTED, /* Rejected Personal */
228 MGMT_STATUS_TIMEOUT, /* Host Timeout */
229 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
230 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
231 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
232 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
233 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
234 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
235 MGMT_STATUS_BUSY, /* Repeated Attempts */
236 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
237 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
238 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
239 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
240 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
241 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
242 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
243 MGMT_STATUS_FAILED, /* Unspecified Error */
244 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
245 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
246 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
247 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
248 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
249 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
250 MGMT_STATUS_FAILED, /* Unit Link Key Used */
251 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
252 MGMT_STATUS_TIMEOUT, /* Instant Passed */
253 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
254 MGMT_STATUS_FAILED, /* Transaction Collision */
255 MGMT_STATUS_FAILED, /* Reserved for future use */
256 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
257 MGMT_STATUS_REJECTED, /* QoS Rejected */
258 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
259 MGMT_STATUS_REJECTED, /* Insufficient Security */
260 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
261 MGMT_STATUS_FAILED, /* Reserved for future use */
262 MGMT_STATUS_BUSY, /* Role Switch Pending */
263 MGMT_STATUS_FAILED, /* Reserved for future use */
264 MGMT_STATUS_FAILED, /* Slot Violation */
265 MGMT_STATUS_FAILED, /* Role Switch Failed */
266 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
267 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
268 MGMT_STATUS_BUSY, /* Host Busy Pairing */
269 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
270 MGMT_STATUS_BUSY, /* Controller Busy */
271 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
272 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
273 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
274 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
275 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
278 static u8 mgmt_status(u8 hci_status)
280 if (hci_status < ARRAY_SIZE(mgmt_status_table))
281 return mgmt_status_table[hci_status];
283 return MGMT_STATUS_FAILED;
286 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
289 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
293 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
294 u16 len, int flag, struct sock *skip_sk)
296 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
300 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
301 struct sock *skip_sk)
303 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
304 HCI_SOCK_TRUSTED, skip_sk);
307 static u8 le_addr_type(u8 mgmt_addr_type)
309 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
310 return ADDR_LE_DEV_PUBLIC;
312 return ADDR_LE_DEV_RANDOM;
315 void mgmt_fill_version_info(void *ver)
317 struct mgmt_rp_read_version *rp = ver;
319 rp->version = MGMT_VERSION;
320 rp->revision = cpu_to_le16(MGMT_REVISION);
323 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
326 struct mgmt_rp_read_version rp;
328 bt_dev_dbg(hdev, "sock %p", sk);
330 mgmt_fill_version_info(&rp);
332 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
336 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
339 struct mgmt_rp_read_commands *rp;
340 u16 num_commands, num_events;
344 bt_dev_dbg(hdev, "sock %p", sk);
346 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
347 num_commands = ARRAY_SIZE(mgmt_commands);
348 num_events = ARRAY_SIZE(mgmt_events);
350 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
351 num_events = ARRAY_SIZE(mgmt_untrusted_events);
354 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
356 rp = kmalloc(rp_size, GFP_KERNEL);
360 rp->num_commands = cpu_to_le16(num_commands);
361 rp->num_events = cpu_to_le16(num_events);
363 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
364 __le16 *opcode = rp->opcodes;
366 for (i = 0; i < num_commands; i++, opcode++)
367 put_unaligned_le16(mgmt_commands[i], opcode);
369 for (i = 0; i < num_events; i++, opcode++)
370 put_unaligned_le16(mgmt_events[i], opcode);
372 __le16 *opcode = rp->opcodes;
374 for (i = 0; i < num_commands; i++, opcode++)
375 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
377 for (i = 0; i < num_events; i++, opcode++)
378 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
381 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
388 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
391 struct mgmt_rp_read_index_list *rp;
397 bt_dev_dbg(hdev, "sock %p", sk);
399 read_lock(&hci_dev_list_lock);
402 list_for_each_entry(d, &hci_dev_list, list) {
403 if (d->dev_type == HCI_PRIMARY &&
404 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
408 rp_len = sizeof(*rp) + (2 * count);
409 rp = kmalloc(rp_len, GFP_ATOMIC);
411 read_unlock(&hci_dev_list_lock);
416 list_for_each_entry(d, &hci_dev_list, list) {
417 if (hci_dev_test_flag(d, HCI_SETUP) ||
418 hci_dev_test_flag(d, HCI_CONFIG) ||
419 hci_dev_test_flag(d, HCI_USER_CHANNEL))
422 /* Devices marked as raw-only are neither configured
423 * nor unconfigured controllers.
425 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
428 if (d->dev_type == HCI_PRIMARY &&
429 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
430 rp->index[count++] = cpu_to_le16(d->id);
431 bt_dev_dbg(hdev, "Added hci%u", d->id);
435 rp->num_controllers = cpu_to_le16(count);
436 rp_len = sizeof(*rp) + (2 * count);
438 read_unlock(&hci_dev_list_lock);
440 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
448 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
449 void *data, u16 data_len)
451 struct mgmt_rp_read_unconf_index_list *rp;
457 bt_dev_dbg(hdev, "sock %p", sk);
459 read_lock(&hci_dev_list_lock);
462 list_for_each_entry(d, &hci_dev_list, list) {
463 if (d->dev_type == HCI_PRIMARY &&
464 hci_dev_test_flag(d, HCI_UNCONFIGURED))
468 rp_len = sizeof(*rp) + (2 * count);
469 rp = kmalloc(rp_len, GFP_ATOMIC);
471 read_unlock(&hci_dev_list_lock);
476 list_for_each_entry(d, &hci_dev_list, list) {
477 if (hci_dev_test_flag(d, HCI_SETUP) ||
478 hci_dev_test_flag(d, HCI_CONFIG) ||
479 hci_dev_test_flag(d, HCI_USER_CHANNEL))
482 /* Devices marked as raw-only are neither configured
483 * nor unconfigured controllers.
485 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
488 if (d->dev_type == HCI_PRIMARY &&
489 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
490 rp->index[count++] = cpu_to_le16(d->id);
491 bt_dev_dbg(hdev, "Added hci%u", d->id);
495 rp->num_controllers = cpu_to_le16(count);
496 rp_len = sizeof(*rp) + (2 * count);
498 read_unlock(&hci_dev_list_lock);
500 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
501 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
508 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
509 void *data, u16 data_len)
511 struct mgmt_rp_read_ext_index_list *rp;
516 bt_dev_dbg(hdev, "sock %p", sk);
518 read_lock(&hci_dev_list_lock);
521 list_for_each_entry(d, &hci_dev_list, list) {
522 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
526 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
528 read_unlock(&hci_dev_list_lock);
533 list_for_each_entry(d, &hci_dev_list, list) {
534 if (hci_dev_test_flag(d, HCI_SETUP) ||
535 hci_dev_test_flag(d, HCI_CONFIG) ||
536 hci_dev_test_flag(d, HCI_USER_CHANNEL))
539 /* Devices marked as raw-only are neither configured
540 * nor unconfigured controllers.
542 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
545 if (d->dev_type == HCI_PRIMARY) {
546 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
547 rp->entry[count].type = 0x01;
549 rp->entry[count].type = 0x00;
550 } else if (d->dev_type == HCI_AMP) {
551 rp->entry[count].type = 0x02;
556 rp->entry[count].bus = d->bus;
557 rp->entry[count++].index = cpu_to_le16(d->id);
558 bt_dev_dbg(hdev, "Added hci%u", d->id);
561 rp->num_controllers = cpu_to_le16(count);
563 read_unlock(&hci_dev_list_lock);
565 /* If this command is called at least once, then all the
566 * default index and unconfigured index events are disabled
567 * and from now on only extended index events are used.
569 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
570 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
571 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
573 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
574 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
575 struct_size(rp, entry, count));
582 static bool is_configured(struct hci_dev *hdev)
584 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
585 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
588 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
589 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
590 !bacmp(&hdev->public_addr, BDADDR_ANY))
596 static __le32 get_missing_options(struct hci_dev *hdev)
600 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
601 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
602 options |= MGMT_OPTION_EXTERNAL_CONFIG;
604 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
605 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
606 !bacmp(&hdev->public_addr, BDADDR_ANY))
607 options |= MGMT_OPTION_PUBLIC_ADDRESS;
609 return cpu_to_le32(options);
612 static int new_options(struct hci_dev *hdev, struct sock *skip)
614 __le32 options = get_missing_options(hdev);
616 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
617 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
620 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
622 __le32 options = get_missing_options(hdev);
624 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
628 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
629 void *data, u16 data_len)
631 struct mgmt_rp_read_config_info rp;
634 bt_dev_dbg(hdev, "sock %p", sk);
638 memset(&rp, 0, sizeof(rp));
639 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
641 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
642 options |= MGMT_OPTION_EXTERNAL_CONFIG;
644 if (hdev->set_bdaddr)
645 options |= MGMT_OPTION_PUBLIC_ADDRESS;
647 rp.supported_options = cpu_to_le32(options);
648 rp.missing_options = get_missing_options(hdev);
650 hci_dev_unlock(hdev);
652 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
656 static u32 get_supported_phys(struct hci_dev *hdev)
658 u32 supported_phys = 0;
660 if (lmp_bredr_capable(hdev)) {
661 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
663 if (hdev->features[0][0] & LMP_3SLOT)
664 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
666 if (hdev->features[0][0] & LMP_5SLOT)
667 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
669 if (lmp_edr_2m_capable(hdev)) {
670 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
672 if (lmp_edr_3slot_capable(hdev))
673 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
675 if (lmp_edr_5slot_capable(hdev))
676 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
678 if (lmp_edr_3m_capable(hdev)) {
679 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
681 if (lmp_edr_3slot_capable(hdev))
682 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
684 if (lmp_edr_5slot_capable(hdev))
685 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
690 if (lmp_le_capable(hdev)) {
691 supported_phys |= MGMT_PHY_LE_1M_TX;
692 supported_phys |= MGMT_PHY_LE_1M_RX;
694 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
695 supported_phys |= MGMT_PHY_LE_2M_TX;
696 supported_phys |= MGMT_PHY_LE_2M_RX;
699 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
700 supported_phys |= MGMT_PHY_LE_CODED_TX;
701 supported_phys |= MGMT_PHY_LE_CODED_RX;
705 return supported_phys;
708 static u32 get_selected_phys(struct hci_dev *hdev)
710 u32 selected_phys = 0;
712 if (lmp_bredr_capable(hdev)) {
713 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
715 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
716 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
718 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
719 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
721 if (lmp_edr_2m_capable(hdev)) {
722 if (!(hdev->pkt_type & HCI_2DH1))
723 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
725 if (lmp_edr_3slot_capable(hdev) &&
726 !(hdev->pkt_type & HCI_2DH3))
727 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
729 if (lmp_edr_5slot_capable(hdev) &&
730 !(hdev->pkt_type & HCI_2DH5))
731 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
733 if (lmp_edr_3m_capable(hdev)) {
734 if (!(hdev->pkt_type & HCI_3DH1))
735 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
737 if (lmp_edr_3slot_capable(hdev) &&
738 !(hdev->pkt_type & HCI_3DH3))
739 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
741 if (lmp_edr_5slot_capable(hdev) &&
742 !(hdev->pkt_type & HCI_3DH5))
743 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
748 if (lmp_le_capable(hdev)) {
749 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
750 selected_phys |= MGMT_PHY_LE_1M_TX;
752 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
753 selected_phys |= MGMT_PHY_LE_1M_RX;
755 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
756 selected_phys |= MGMT_PHY_LE_2M_TX;
758 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
759 selected_phys |= MGMT_PHY_LE_2M_RX;
761 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
762 selected_phys |= MGMT_PHY_LE_CODED_TX;
764 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
765 selected_phys |= MGMT_PHY_LE_CODED_RX;
768 return selected_phys;
771 static u32 get_configurable_phys(struct hci_dev *hdev)
773 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
774 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
777 static u32 get_supported_settings(struct hci_dev *hdev)
781 settings |= MGMT_SETTING_POWERED;
782 settings |= MGMT_SETTING_BONDABLE;
783 settings |= MGMT_SETTING_DEBUG_KEYS;
784 settings |= MGMT_SETTING_CONNECTABLE;
785 settings |= MGMT_SETTING_DISCOVERABLE;
787 if (lmp_bredr_capable(hdev)) {
788 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
789 settings |= MGMT_SETTING_FAST_CONNECTABLE;
790 settings |= MGMT_SETTING_BREDR;
791 settings |= MGMT_SETTING_LINK_SECURITY;
793 if (lmp_ssp_capable(hdev)) {
794 settings |= MGMT_SETTING_SSP;
795 if (IS_ENABLED(CONFIG_BT_HS))
796 settings |= MGMT_SETTING_HS;
799 if (lmp_sc_capable(hdev))
800 settings |= MGMT_SETTING_SECURE_CONN;
802 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
804 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
807 if (lmp_le_capable(hdev)) {
808 settings |= MGMT_SETTING_LE;
809 settings |= MGMT_SETTING_SECURE_CONN;
810 settings |= MGMT_SETTING_PRIVACY;
811 settings |= MGMT_SETTING_STATIC_ADDRESS;
813 /* When the experimental feature for LL Privacy support is
814 * enabled, then advertising is no longer supported.
816 if (!hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
817 settings |= MGMT_SETTING_ADVERTISING;
820 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
822 settings |= MGMT_SETTING_CONFIGURATION;
824 settings |= MGMT_SETTING_PHY_CONFIGURATION;
829 static u32 get_current_settings(struct hci_dev *hdev)
833 if (hdev_is_powered(hdev))
834 settings |= MGMT_SETTING_POWERED;
836 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
837 settings |= MGMT_SETTING_CONNECTABLE;
839 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
840 settings |= MGMT_SETTING_FAST_CONNECTABLE;
842 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
843 settings |= MGMT_SETTING_DISCOVERABLE;
845 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
846 settings |= MGMT_SETTING_BONDABLE;
848 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
849 settings |= MGMT_SETTING_BREDR;
851 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
852 settings |= MGMT_SETTING_LE;
854 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
855 settings |= MGMT_SETTING_LINK_SECURITY;
857 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
858 settings |= MGMT_SETTING_SSP;
860 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
861 settings |= MGMT_SETTING_HS;
863 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
864 settings |= MGMT_SETTING_ADVERTISING;
866 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
867 settings |= MGMT_SETTING_SECURE_CONN;
869 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
870 settings |= MGMT_SETTING_DEBUG_KEYS;
872 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
873 settings |= MGMT_SETTING_PRIVACY;
875 /* The current setting for static address has two purposes. The
876 * first is to indicate if the static address will be used and
877 * the second is to indicate if it is actually set.
879 * This means if the static address is not configured, this flag
880 * will never be set. If the address is configured, then if the
881 * address is actually used decides if the flag is set or not.
883 * For single mode LE only controllers and dual-mode controllers
884 * with BR/EDR disabled, the existence of the static address will
887 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
888 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
889 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
890 if (bacmp(&hdev->static_addr, BDADDR_ANY))
891 settings |= MGMT_SETTING_STATIC_ADDRESS;
894 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
895 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
900 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
902 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
905 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
906 struct hci_dev *hdev,
909 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
912 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
914 struct mgmt_pending_cmd *cmd;
916 /* If there's a pending mgmt command the flags will not yet have
917 * their final values, so check for this first.
919 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
921 struct mgmt_mode *cp = cmd->param;
923 return LE_AD_GENERAL;
924 else if (cp->val == 0x02)
925 return LE_AD_LIMITED;
927 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
928 return LE_AD_LIMITED;
929 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
930 return LE_AD_GENERAL;
936 bool mgmt_get_connectable(struct hci_dev *hdev)
938 struct mgmt_pending_cmd *cmd;
940 /* If there's a pending mgmt command the flag will not yet have
941 * it's final value, so check for this first.
943 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
945 struct mgmt_mode *cp = cmd->param;
950 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
953 static void service_cache_off(struct work_struct *work)
955 struct hci_dev *hdev = container_of(work, struct hci_dev,
957 struct hci_request req;
959 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
962 hci_req_init(&req, hdev);
966 __hci_req_update_eir(&req);
967 __hci_req_update_class(&req);
969 hci_dev_unlock(hdev);
971 hci_req_run(&req, NULL);
974 static void rpa_expired(struct work_struct *work)
976 struct hci_dev *hdev = container_of(work, struct hci_dev,
978 struct hci_request req;
980 bt_dev_dbg(hdev, "");
982 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
984 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
987 /* The generation of a new RPA and programming it into the
988 * controller happens in the hci_req_enable_advertising()
991 hci_req_init(&req, hdev);
992 if (ext_adv_capable(hdev))
993 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
995 __hci_req_enable_advertising(&req);
996 hci_req_run(&req, NULL);
999 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1001 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
1004 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1005 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1007 /* Non-mgmt controlled devices get this bit set
1008 * implicitly so that pairing works for them, however
1009 * for mgmt we require user-space to explicitly enable
1012 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1015 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1016 void *data, u16 data_len)
1018 struct mgmt_rp_read_info rp;
1020 bt_dev_dbg(hdev, "sock %p", sk);
1024 memset(&rp, 0, sizeof(rp));
1026 bacpy(&rp.bdaddr, &hdev->bdaddr);
1028 rp.version = hdev->hci_ver;
1029 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1031 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1032 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1034 memcpy(rp.dev_class, hdev->dev_class, 3);
1036 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1037 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1039 hci_dev_unlock(hdev);
1041 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1045 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1050 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1051 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1052 hdev->dev_class, 3);
1054 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1055 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1058 name_len = strlen(hdev->dev_name);
1059 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1060 hdev->dev_name, name_len);
1062 name_len = strlen(hdev->short_name);
1063 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1064 hdev->short_name, name_len);
1069 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1070 void *data, u16 data_len)
1073 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1076 bt_dev_dbg(hdev, "sock %p", sk);
1078 memset(&buf, 0, sizeof(buf));
1082 bacpy(&rp->bdaddr, &hdev->bdaddr);
1084 rp->version = hdev->hci_ver;
1085 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1087 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1088 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1091 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1092 rp->eir_len = cpu_to_le16(eir_len);
1094 hci_dev_unlock(hdev);
1096 /* If this command is called at least once, then the events
1097 * for class of device and local name changes are disabled
1098 * and only the new extended controller information event
1101 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1102 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1103 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1105 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1106 sizeof(*rp) + eir_len);
1109 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1112 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1115 memset(buf, 0, sizeof(buf));
1117 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1118 ev->eir_len = cpu_to_le16(eir_len);
1120 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1121 sizeof(*ev) + eir_len,
1122 HCI_MGMT_EXT_INFO_EVENTS, skip);
1125 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1127 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1129 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1133 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1135 bt_dev_dbg(hdev, "status 0x%02x", status);
1137 if (hci_conn_count(hdev) == 0) {
1138 cancel_delayed_work(&hdev->power_off);
1139 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1143 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1145 struct mgmt_ev_advertising_added ev;
1147 ev.instance = instance;
1149 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1152 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1155 struct mgmt_ev_advertising_removed ev;
1157 ev.instance = instance;
1159 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1162 static void cancel_adv_timeout(struct hci_dev *hdev)
1164 if (hdev->adv_instance_timeout) {
1165 hdev->adv_instance_timeout = 0;
1166 cancel_delayed_work(&hdev->adv_instance_expire);
1170 static int clean_up_hci_state(struct hci_dev *hdev)
1172 struct hci_request req;
1173 struct hci_conn *conn;
1174 bool discov_stopped;
1177 hci_req_init(&req, hdev);
1179 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1180 test_bit(HCI_PSCAN, &hdev->flags)) {
1182 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1185 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1187 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1188 __hci_req_disable_advertising(&req);
1190 discov_stopped = hci_req_stop_discovery(&req);
1192 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1193 /* 0x15 == Terminated due to Power Off */
1194 __hci_abort_conn(&req, conn, 0x15);
1197 err = hci_req_run(&req, clean_up_hci_complete);
1198 if (!err && discov_stopped)
1199 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1204 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1207 struct mgmt_mode *cp = data;
1208 struct mgmt_pending_cmd *cmd;
1211 bt_dev_dbg(hdev, "sock %p", sk);
1213 if (cp->val != 0x00 && cp->val != 0x01)
1214 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1215 MGMT_STATUS_INVALID_PARAMS);
1219 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1220 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1225 if (!!cp->val == hdev_is_powered(hdev)) {
1226 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1230 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1237 queue_work(hdev->req_workqueue, &hdev->power_on);
1240 /* Disconnect connections, stop scans, etc */
1241 err = clean_up_hci_state(hdev);
1243 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1244 HCI_POWER_OFF_TIMEOUT);
1246 /* ENODATA means there were no HCI commands queued */
1247 if (err == -ENODATA) {
1248 cancel_delayed_work(&hdev->power_off);
1249 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1255 hci_dev_unlock(hdev);
1259 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1261 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1263 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1264 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1267 int mgmt_new_settings(struct hci_dev *hdev)
1269 return new_settings(hdev, NULL);
1274 struct hci_dev *hdev;
1278 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1280 struct cmd_lookup *match = data;
1282 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1284 list_del(&cmd->list);
1286 if (match->sk == NULL) {
1287 match->sk = cmd->sk;
1288 sock_hold(match->sk);
1291 mgmt_pending_free(cmd);
1294 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1298 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1299 mgmt_pending_remove(cmd);
1302 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1304 if (cmd->cmd_complete) {
1307 cmd->cmd_complete(cmd, *status);
1308 mgmt_pending_remove(cmd);
1313 cmd_status_rsp(cmd, data);
1316 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1318 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1319 cmd->param, cmd->param_len);
1322 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1324 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1325 cmd->param, sizeof(struct mgmt_addr_info));
1328 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1330 if (!lmp_bredr_capable(hdev))
1331 return MGMT_STATUS_NOT_SUPPORTED;
1332 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1333 return MGMT_STATUS_REJECTED;
1335 return MGMT_STATUS_SUCCESS;
1338 static u8 mgmt_le_support(struct hci_dev *hdev)
1340 if (!lmp_le_capable(hdev))
1341 return MGMT_STATUS_NOT_SUPPORTED;
1342 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1343 return MGMT_STATUS_REJECTED;
1345 return MGMT_STATUS_SUCCESS;
1348 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1350 struct mgmt_pending_cmd *cmd;
1352 bt_dev_dbg(hdev, "status 0x%02x", status);
1356 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1361 u8 mgmt_err = mgmt_status(status);
1362 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1363 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1367 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1368 hdev->discov_timeout > 0) {
1369 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1370 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1373 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1374 new_settings(hdev, cmd->sk);
1377 mgmt_pending_remove(cmd);
1380 hci_dev_unlock(hdev);
1383 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1386 struct mgmt_cp_set_discoverable *cp = data;
1387 struct mgmt_pending_cmd *cmd;
1391 bt_dev_dbg(hdev, "sock %p", sk);
1393 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1394 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1395 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1396 MGMT_STATUS_REJECTED);
1398 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1399 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1400 MGMT_STATUS_INVALID_PARAMS);
1402 timeout = __le16_to_cpu(cp->timeout);
1404 /* Disabling discoverable requires that no timeout is set,
1405 * and enabling limited discoverable requires a timeout.
1407 if ((cp->val == 0x00 && timeout > 0) ||
1408 (cp->val == 0x02 && timeout == 0))
1409 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1410 MGMT_STATUS_INVALID_PARAMS);
1414 if (!hdev_is_powered(hdev) && timeout > 0) {
1415 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1416 MGMT_STATUS_NOT_POWERED);
1420 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1421 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1422 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1427 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1428 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1429 MGMT_STATUS_REJECTED);
1433 if (hdev->advertising_paused) {
1434 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1439 if (!hdev_is_powered(hdev)) {
1440 bool changed = false;
1442 /* Setting limited discoverable when powered off is
1443 * not a valid operation since it requires a timeout
1444 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1446 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1447 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1451 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1456 err = new_settings(hdev, sk);
1461 /* If the current mode is the same, then just update the timeout
1462 * value with the new value. And if only the timeout gets updated,
1463 * then no need for any HCI transactions.
1465 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1466 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1467 HCI_LIMITED_DISCOVERABLE)) {
1468 cancel_delayed_work(&hdev->discov_off);
1469 hdev->discov_timeout = timeout;
1471 if (cp->val && hdev->discov_timeout > 0) {
1472 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1473 queue_delayed_work(hdev->req_workqueue,
1474 &hdev->discov_off, to);
1477 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1481 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1487 /* Cancel any potential discoverable timeout that might be
1488 * still active and store new timeout value. The arming of
1489 * the timeout happens in the complete handler.
1491 cancel_delayed_work(&hdev->discov_off);
1492 hdev->discov_timeout = timeout;
1495 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1497 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1499 /* Limited discoverable mode */
1500 if (cp->val == 0x02)
1501 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1503 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1505 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1509 hci_dev_unlock(hdev);
1513 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1515 struct mgmt_pending_cmd *cmd;
1517 bt_dev_dbg(hdev, "status 0x%02x", status);
1521 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1526 u8 mgmt_err = mgmt_status(status);
1527 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1531 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1532 new_settings(hdev, cmd->sk);
1535 mgmt_pending_remove(cmd);
1538 hci_dev_unlock(hdev);
1541 static int set_connectable_update_settings(struct hci_dev *hdev,
1542 struct sock *sk, u8 val)
1544 bool changed = false;
1547 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1551 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1553 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1554 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1557 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1562 hci_req_update_scan(hdev);
1563 hci_update_background_scan(hdev);
1564 return new_settings(hdev, sk);
1570 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1573 struct mgmt_mode *cp = data;
1574 struct mgmt_pending_cmd *cmd;
1577 bt_dev_dbg(hdev, "sock %p", sk);
1579 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1580 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1581 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1582 MGMT_STATUS_REJECTED);
1584 if (cp->val != 0x00 && cp->val != 0x01)
1585 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1586 MGMT_STATUS_INVALID_PARAMS);
1590 if (!hdev_is_powered(hdev)) {
1591 err = set_connectable_update_settings(hdev, sk, cp->val);
1595 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1596 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1597 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1602 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1609 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1611 if (hdev->discov_timeout > 0)
1612 cancel_delayed_work(&hdev->discov_off);
1614 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1615 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1616 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1619 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1623 hci_dev_unlock(hdev);
1627 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1630 struct mgmt_mode *cp = data;
1634 bt_dev_dbg(hdev, "sock %p", sk);
1636 if (cp->val != 0x00 && cp->val != 0x01)
1637 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1638 MGMT_STATUS_INVALID_PARAMS);
1643 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1645 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1647 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1652 /* In limited privacy mode the change of bondable mode
1653 * may affect the local advertising address.
1655 if (hdev_is_powered(hdev) &&
1656 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1657 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1658 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1659 queue_work(hdev->req_workqueue,
1660 &hdev->discoverable_update);
1662 err = new_settings(hdev, sk);
1666 hci_dev_unlock(hdev);
1670 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1673 struct mgmt_mode *cp = data;
1674 struct mgmt_pending_cmd *cmd;
1678 bt_dev_dbg(hdev, "sock %p", sk);
1680 status = mgmt_bredr_support(hdev);
1682 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1685 if (cp->val != 0x00 && cp->val != 0x01)
1686 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1687 MGMT_STATUS_INVALID_PARAMS);
1691 if (!hdev_is_powered(hdev)) {
1692 bool changed = false;
1694 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1695 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1699 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1704 err = new_settings(hdev, sk);
1709 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1710 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1717 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1718 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1722 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1728 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1730 mgmt_pending_remove(cmd);
1735 hci_dev_unlock(hdev);
1739 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1741 struct mgmt_mode *cp = data;
1742 struct mgmt_pending_cmd *cmd;
1746 bt_dev_dbg(hdev, "sock %p", sk);
1748 status = mgmt_bredr_support(hdev);
1750 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1752 if (!lmp_ssp_capable(hdev))
1753 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1754 MGMT_STATUS_NOT_SUPPORTED);
1756 if (cp->val != 0x00 && cp->val != 0x01)
1757 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1758 MGMT_STATUS_INVALID_PARAMS);
1762 if (!hdev_is_powered(hdev)) {
1766 changed = !hci_dev_test_and_set_flag(hdev,
1769 changed = hci_dev_test_and_clear_flag(hdev,
1772 changed = hci_dev_test_and_clear_flag(hdev,
1775 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1778 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1783 err = new_settings(hdev, sk);
1788 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1789 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1794 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1795 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1799 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1805 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1806 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1807 sizeof(cp->val), &cp->val);
1809 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1811 mgmt_pending_remove(cmd);
1816 hci_dev_unlock(hdev);
1820 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1822 struct mgmt_mode *cp = data;
1827 bt_dev_dbg(hdev, "sock %p", sk);
1829 if (!IS_ENABLED(CONFIG_BT_HS))
1830 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1831 MGMT_STATUS_NOT_SUPPORTED);
1833 status = mgmt_bredr_support(hdev);
1835 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1837 if (!lmp_ssp_capable(hdev))
1838 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1839 MGMT_STATUS_NOT_SUPPORTED);
1841 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1842 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1843 MGMT_STATUS_REJECTED);
1845 if (cp->val != 0x00 && cp->val != 0x01)
1846 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1847 MGMT_STATUS_INVALID_PARAMS);
1851 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1852 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1858 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1860 if (hdev_is_powered(hdev)) {
1861 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1862 MGMT_STATUS_REJECTED);
1866 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1869 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1874 err = new_settings(hdev, sk);
1877 hci_dev_unlock(hdev);
1881 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1883 struct cmd_lookup match = { NULL, hdev };
1888 u8 mgmt_err = mgmt_status(status);
1890 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1895 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1897 new_settings(hdev, match.sk);
1902 /* Make sure the controller has a good default for
1903 * advertising data. Restrict the update to when LE
1904 * has actually been enabled. During power on, the
1905 * update in powered_update_hci will take care of it.
1907 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1908 struct hci_request req;
1909 hci_req_init(&req, hdev);
1910 if (ext_adv_capable(hdev)) {
1913 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1915 __hci_req_update_scan_rsp_data(&req, 0x00);
1917 __hci_req_update_adv_data(&req, 0x00);
1918 __hci_req_update_scan_rsp_data(&req, 0x00);
1920 hci_req_run(&req, NULL);
1921 hci_update_background_scan(hdev);
1925 hci_dev_unlock(hdev);
1928 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1930 struct mgmt_mode *cp = data;
1931 struct hci_cp_write_le_host_supported hci_cp;
1932 struct mgmt_pending_cmd *cmd;
1933 struct hci_request req;
1937 bt_dev_dbg(hdev, "sock %p", sk);
1939 if (!lmp_le_capable(hdev))
1940 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1941 MGMT_STATUS_NOT_SUPPORTED);
1943 if (cp->val != 0x00 && cp->val != 0x01)
1944 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1945 MGMT_STATUS_INVALID_PARAMS);
1947 /* Bluetooth single mode LE only controllers or dual-mode
1948 * controllers configured as LE only devices, do not allow
1949 * switching LE off. These have either LE enabled explicitly
1950 * or BR/EDR has been previously switched off.
1952 * When trying to enable an already enabled LE, then gracefully
1953 * send a positive response. Trying to disable it however will
1954 * result into rejection.
1956 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1957 if (cp->val == 0x01)
1958 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1960 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1961 MGMT_STATUS_REJECTED);
1967 enabled = lmp_host_le_capable(hdev);
1970 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1972 if (!hdev_is_powered(hdev) || val == enabled) {
1973 bool changed = false;
1975 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1976 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1980 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1981 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1985 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1990 err = new_settings(hdev, sk);
1995 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1996 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1997 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2002 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2008 hci_req_init(&req, hdev);
2010 memset(&hci_cp, 0, sizeof(hci_cp));
2014 hci_cp.simul = 0x00;
2016 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2017 __hci_req_disable_advertising(&req);
2019 if (ext_adv_capable(hdev))
2020 __hci_req_clear_ext_adv_sets(&req);
2023 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2026 err = hci_req_run(&req, le_enable_complete);
2028 mgmt_pending_remove(cmd);
2031 hci_dev_unlock(hdev);
2035 /* This is a helper function to test for pending mgmt commands that can
2036 * cause CoD or EIR HCI commands. We can only allow one such pending
2037 * mgmt command at a time since otherwise we cannot easily track what
2038 * the current values are, will be, and based on that calculate if a new
2039 * HCI command needs to be sent and if yes with what value.
2041 static bool pending_eir_or_class(struct hci_dev *hdev)
2043 struct mgmt_pending_cmd *cmd;
2045 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2046 switch (cmd->opcode) {
2047 case MGMT_OP_ADD_UUID:
2048 case MGMT_OP_REMOVE_UUID:
2049 case MGMT_OP_SET_DEV_CLASS:
2050 case MGMT_OP_SET_POWERED:
2058 static const u8 bluetooth_base_uuid[] = {
2059 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2060 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2063 static u8 get_uuid_size(const u8 *uuid)
2067 if (memcmp(uuid, bluetooth_base_uuid, 12))
2070 val = get_unaligned_le32(&uuid[12]);
2077 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2079 struct mgmt_pending_cmd *cmd;
2083 cmd = pending_find(mgmt_op, hdev);
2087 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2088 mgmt_status(status), hdev->dev_class, 3);
2090 mgmt_pending_remove(cmd);
2093 hci_dev_unlock(hdev);
2096 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2098 bt_dev_dbg(hdev, "status 0x%02x", status);
2100 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2103 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2105 struct mgmt_cp_add_uuid *cp = data;
2106 struct mgmt_pending_cmd *cmd;
2107 struct hci_request req;
2108 struct bt_uuid *uuid;
2111 bt_dev_dbg(hdev, "sock %p", sk);
2115 if (pending_eir_or_class(hdev)) {
2116 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2121 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2127 memcpy(uuid->uuid, cp->uuid, 16);
2128 uuid->svc_hint = cp->svc_hint;
2129 uuid->size = get_uuid_size(cp->uuid);
2131 list_add_tail(&uuid->list, &hdev->uuids);
2133 hci_req_init(&req, hdev);
2135 __hci_req_update_class(&req);
2136 __hci_req_update_eir(&req);
2138 err = hci_req_run(&req, add_uuid_complete);
2140 if (err != -ENODATA)
2143 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2144 hdev->dev_class, 3);
2148 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2157 hci_dev_unlock(hdev);
2161 static bool enable_service_cache(struct hci_dev *hdev)
2163 if (!hdev_is_powered(hdev))
2166 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2167 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2175 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2177 bt_dev_dbg(hdev, "status 0x%02x", status);
2179 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2182 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2185 struct mgmt_cp_remove_uuid *cp = data;
2186 struct mgmt_pending_cmd *cmd;
2187 struct bt_uuid *match, *tmp;
2188 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2189 struct hci_request req;
2192 bt_dev_dbg(hdev, "sock %p", sk);
2196 if (pending_eir_or_class(hdev)) {
2197 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2202 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2203 hci_uuids_clear(hdev);
2205 if (enable_service_cache(hdev)) {
2206 err = mgmt_cmd_complete(sk, hdev->id,
2207 MGMT_OP_REMOVE_UUID,
2208 0, hdev->dev_class, 3);
2217 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2218 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2221 list_del(&match->list);
2227 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2228 MGMT_STATUS_INVALID_PARAMS);
2233 hci_req_init(&req, hdev);
2235 __hci_req_update_class(&req);
2236 __hci_req_update_eir(&req);
2238 err = hci_req_run(&req, remove_uuid_complete);
2240 if (err != -ENODATA)
2243 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2244 hdev->dev_class, 3);
2248 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2257 hci_dev_unlock(hdev);
2261 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2263 bt_dev_dbg(hdev, "status 0x%02x", status);
2265 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2268 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2271 struct mgmt_cp_set_dev_class *cp = data;
2272 struct mgmt_pending_cmd *cmd;
2273 struct hci_request req;
2276 bt_dev_dbg(hdev, "sock %p", sk);
2278 if (!lmp_bredr_capable(hdev))
2279 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2280 MGMT_STATUS_NOT_SUPPORTED);
2284 if (pending_eir_or_class(hdev)) {
2285 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2290 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2291 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2292 MGMT_STATUS_INVALID_PARAMS);
2296 hdev->major_class = cp->major;
2297 hdev->minor_class = cp->minor;
2299 if (!hdev_is_powered(hdev)) {
2300 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2301 hdev->dev_class, 3);
2305 hci_req_init(&req, hdev);
2307 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2308 hci_dev_unlock(hdev);
2309 cancel_delayed_work_sync(&hdev->service_cache);
2311 __hci_req_update_eir(&req);
2314 __hci_req_update_class(&req);
2316 err = hci_req_run(&req, set_class_complete);
2318 if (err != -ENODATA)
2321 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2322 hdev->dev_class, 3);
2326 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2335 hci_dev_unlock(hdev);
2339 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2342 struct mgmt_cp_load_link_keys *cp = data;
2343 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2344 sizeof(struct mgmt_link_key_info));
2345 u16 key_count, expected_len;
2349 bt_dev_dbg(hdev, "sock %p", sk);
2351 if (!lmp_bredr_capable(hdev))
2352 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2353 MGMT_STATUS_NOT_SUPPORTED);
2355 key_count = __le16_to_cpu(cp->key_count);
2356 if (key_count > max_key_count) {
2357 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2359 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2360 MGMT_STATUS_INVALID_PARAMS);
2363 expected_len = struct_size(cp, keys, key_count);
2364 if (expected_len != len) {
2365 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2367 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2368 MGMT_STATUS_INVALID_PARAMS);
2371 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2372 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2373 MGMT_STATUS_INVALID_PARAMS);
2375 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2378 for (i = 0; i < key_count; i++) {
2379 struct mgmt_link_key_info *key = &cp->keys[i];
2381 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2382 return mgmt_cmd_status(sk, hdev->id,
2383 MGMT_OP_LOAD_LINK_KEYS,
2384 MGMT_STATUS_INVALID_PARAMS);
2389 hci_link_keys_clear(hdev);
2392 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2394 changed = hci_dev_test_and_clear_flag(hdev,
2395 HCI_KEEP_DEBUG_KEYS);
2398 new_settings(hdev, NULL);
2400 for (i = 0; i < key_count; i++) {
2401 struct mgmt_link_key_info *key = &cp->keys[i];
2403 if (hci_is_blocked_key(hdev,
2404 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2406 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2411 /* Always ignore debug keys and require a new pairing if
2412 * the user wants to use them.
2414 if (key->type == HCI_LK_DEBUG_COMBINATION)
2417 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2418 key->type, key->pin_len, NULL);
2421 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2423 hci_dev_unlock(hdev);
2428 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2429 u8 addr_type, struct sock *skip_sk)
2431 struct mgmt_ev_device_unpaired ev;
2433 bacpy(&ev.addr.bdaddr, bdaddr);
2434 ev.addr.type = addr_type;
2436 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2440 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2443 struct mgmt_cp_unpair_device *cp = data;
2444 struct mgmt_rp_unpair_device rp;
2445 struct hci_conn_params *params;
2446 struct mgmt_pending_cmd *cmd;
2447 struct hci_conn *conn;
2451 memset(&rp, 0, sizeof(rp));
2452 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2453 rp.addr.type = cp->addr.type;
2455 if (!bdaddr_type_is_valid(cp->addr.type))
2456 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2457 MGMT_STATUS_INVALID_PARAMS,
2460 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2461 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2462 MGMT_STATUS_INVALID_PARAMS,
2467 if (!hdev_is_powered(hdev)) {
2468 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2469 MGMT_STATUS_NOT_POWERED, &rp,
2474 if (cp->addr.type == BDADDR_BREDR) {
2475 /* If disconnection is requested, then look up the
2476 * connection. If the remote device is connected, it
2477 * will be later used to terminate the link.
2479 * Setting it to NULL explicitly will cause no
2480 * termination of the link.
2483 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2488 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2490 err = mgmt_cmd_complete(sk, hdev->id,
2491 MGMT_OP_UNPAIR_DEVICE,
2492 MGMT_STATUS_NOT_PAIRED, &rp,
2500 /* LE address type */
2501 addr_type = le_addr_type(cp->addr.type);
2503 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2504 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2506 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2507 MGMT_STATUS_NOT_PAIRED, &rp,
2512 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2514 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2519 /* Defer clearing up the connection parameters until closing to
2520 * give a chance of keeping them if a repairing happens.
2522 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2524 /* Disable auto-connection parameters if present */
2525 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2527 if (params->explicit_connect)
2528 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2530 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2533 /* If disconnection is not requested, then clear the connection
2534 * variable so that the link is not terminated.
2536 if (!cp->disconnect)
2540 /* If the connection variable is set, then termination of the
2541 * link is requested.
2544 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2546 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2550 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2557 cmd->cmd_complete = addr_cmd_complete;
2559 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2561 mgmt_pending_remove(cmd);
2564 hci_dev_unlock(hdev);
2568 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2571 struct mgmt_cp_disconnect *cp = data;
2572 struct mgmt_rp_disconnect rp;
2573 struct mgmt_pending_cmd *cmd;
2574 struct hci_conn *conn;
2577 bt_dev_dbg(hdev, "sock %p", sk);
2579 memset(&rp, 0, sizeof(rp));
2580 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2581 rp.addr.type = cp->addr.type;
2583 if (!bdaddr_type_is_valid(cp->addr.type))
2584 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2585 MGMT_STATUS_INVALID_PARAMS,
2590 if (!test_bit(HCI_UP, &hdev->flags)) {
2591 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2592 MGMT_STATUS_NOT_POWERED, &rp,
2597 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2598 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2599 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2603 if (cp->addr.type == BDADDR_BREDR)
2604 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2607 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2608 le_addr_type(cp->addr.type));
2610 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2611 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2612 MGMT_STATUS_NOT_CONNECTED, &rp,
2617 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2623 cmd->cmd_complete = generic_cmd_complete;
2625 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2627 mgmt_pending_remove(cmd);
2630 hci_dev_unlock(hdev);
2634 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2636 switch (link_type) {
2638 switch (addr_type) {
2639 case ADDR_LE_DEV_PUBLIC:
2640 return BDADDR_LE_PUBLIC;
2643 /* Fallback to LE Random address type */
2644 return BDADDR_LE_RANDOM;
2648 /* Fallback to BR/EDR type */
2649 return BDADDR_BREDR;
2653 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2656 struct mgmt_rp_get_connections *rp;
2661 bt_dev_dbg(hdev, "sock %p", sk);
2665 if (!hdev_is_powered(hdev)) {
2666 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2667 MGMT_STATUS_NOT_POWERED);
2672 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2673 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2677 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
2684 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2685 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2687 bacpy(&rp->addr[i].bdaddr, &c->dst);
2688 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2689 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2694 rp->conn_count = cpu_to_le16(i);
2696 /* Recalculate length in case of filtered SCO connections, etc */
2697 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2698 struct_size(rp, addr, i));
2703 hci_dev_unlock(hdev);
2707 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2708 struct mgmt_cp_pin_code_neg_reply *cp)
2710 struct mgmt_pending_cmd *cmd;
2713 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2718 cmd->cmd_complete = addr_cmd_complete;
2720 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2721 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2723 mgmt_pending_remove(cmd);
2728 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2731 struct hci_conn *conn;
2732 struct mgmt_cp_pin_code_reply *cp = data;
2733 struct hci_cp_pin_code_reply reply;
2734 struct mgmt_pending_cmd *cmd;
2737 bt_dev_dbg(hdev, "sock %p", sk);
2741 if (!hdev_is_powered(hdev)) {
2742 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2743 MGMT_STATUS_NOT_POWERED);
2747 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2749 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2750 MGMT_STATUS_NOT_CONNECTED);
2754 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2755 struct mgmt_cp_pin_code_neg_reply ncp;
2757 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2759 bt_dev_err(hdev, "PIN code is not 16 bytes long");
2761 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2763 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2764 MGMT_STATUS_INVALID_PARAMS);
2769 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2775 cmd->cmd_complete = addr_cmd_complete;
2777 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2778 reply.pin_len = cp->pin_len;
2779 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2781 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2783 mgmt_pending_remove(cmd);
2786 hci_dev_unlock(hdev);
2790 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2793 struct mgmt_cp_set_io_capability *cp = data;
2795 bt_dev_dbg(hdev, "sock %p", sk);
2797 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2798 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2799 MGMT_STATUS_INVALID_PARAMS);
2803 hdev->io_capability = cp->io_capability;
2805 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
2807 hci_dev_unlock(hdev);
2809 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2813 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2815 struct hci_dev *hdev = conn->hdev;
2816 struct mgmt_pending_cmd *cmd;
2818 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2819 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2822 if (cmd->user_data != conn)
2831 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2833 struct mgmt_rp_pair_device rp;
2834 struct hci_conn *conn = cmd->user_data;
2837 bacpy(&rp.addr.bdaddr, &conn->dst);
2838 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2840 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2841 status, &rp, sizeof(rp));
2843 /* So we don't get further callbacks for this connection */
2844 conn->connect_cfm_cb = NULL;
2845 conn->security_cfm_cb = NULL;
2846 conn->disconn_cfm_cb = NULL;
2848 hci_conn_drop(conn);
2850 /* The device is paired so there is no need to remove
2851 * its connection parameters anymore.
2853 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2860 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2862 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2863 struct mgmt_pending_cmd *cmd;
2865 cmd = find_pairing(conn);
2867 cmd->cmd_complete(cmd, status);
2868 mgmt_pending_remove(cmd);
2872 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2874 struct mgmt_pending_cmd *cmd;
2876 BT_DBG("status %u", status);
2878 cmd = find_pairing(conn);
2880 BT_DBG("Unable to find a pending command");
2884 cmd->cmd_complete(cmd, mgmt_status(status));
2885 mgmt_pending_remove(cmd);
2888 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2890 struct mgmt_pending_cmd *cmd;
2892 BT_DBG("status %u", status);
2897 cmd = find_pairing(conn);
2899 BT_DBG("Unable to find a pending command");
2903 cmd->cmd_complete(cmd, mgmt_status(status));
2904 mgmt_pending_remove(cmd);
2907 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2910 struct mgmt_cp_pair_device *cp = data;
2911 struct mgmt_rp_pair_device rp;
2912 struct mgmt_pending_cmd *cmd;
2913 u8 sec_level, auth_type;
2914 struct hci_conn *conn;
2917 bt_dev_dbg(hdev, "sock %p", sk);
2919 memset(&rp, 0, sizeof(rp));
2920 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2921 rp.addr.type = cp->addr.type;
2923 if (!bdaddr_type_is_valid(cp->addr.type))
2924 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2925 MGMT_STATUS_INVALID_PARAMS,
2928 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2929 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2930 MGMT_STATUS_INVALID_PARAMS,
2935 if (!hdev_is_powered(hdev)) {
2936 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2937 MGMT_STATUS_NOT_POWERED, &rp,
2942 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2943 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2944 MGMT_STATUS_ALREADY_PAIRED, &rp,
2949 sec_level = BT_SECURITY_MEDIUM;
2950 auth_type = HCI_AT_DEDICATED_BONDING;
2952 if (cp->addr.type == BDADDR_BREDR) {
2953 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2954 auth_type, CONN_REASON_PAIR_DEVICE);
2956 u8 addr_type = le_addr_type(cp->addr.type);
2957 struct hci_conn_params *p;
2959 /* When pairing a new device, it is expected to remember
2960 * this device for future connections. Adding the connection
2961 * parameter information ahead of time allows tracking
2962 * of the peripheral preferred values and will speed up any
2963 * further connection establishment.
2965 * If connection parameters already exist, then they
2966 * will be kept and this function does nothing.
2968 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2970 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2971 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2973 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type,
2974 sec_level, HCI_LE_CONN_TIMEOUT,
2975 CONN_REASON_PAIR_DEVICE);
2981 if (PTR_ERR(conn) == -EBUSY)
2982 status = MGMT_STATUS_BUSY;
2983 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2984 status = MGMT_STATUS_NOT_SUPPORTED;
2985 else if (PTR_ERR(conn) == -ECONNREFUSED)
2986 status = MGMT_STATUS_REJECTED;
2988 status = MGMT_STATUS_CONNECT_FAILED;
2990 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2991 status, &rp, sizeof(rp));
2995 if (conn->connect_cfm_cb) {
2996 hci_conn_drop(conn);
2997 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2998 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3002 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3005 hci_conn_drop(conn);
3009 cmd->cmd_complete = pairing_complete;
3011 /* For LE, just connecting isn't a proof that the pairing finished */
3012 if (cp->addr.type == BDADDR_BREDR) {
3013 conn->connect_cfm_cb = pairing_complete_cb;
3014 conn->security_cfm_cb = pairing_complete_cb;
3015 conn->disconn_cfm_cb = pairing_complete_cb;
3017 conn->connect_cfm_cb = le_pairing_complete_cb;
3018 conn->security_cfm_cb = le_pairing_complete_cb;
3019 conn->disconn_cfm_cb = le_pairing_complete_cb;
3022 conn->io_capability = cp->io_cap;
3023 cmd->user_data = hci_conn_get(conn);
3025 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3026 hci_conn_security(conn, sec_level, auth_type, true)) {
3027 cmd->cmd_complete(cmd, 0);
3028 mgmt_pending_remove(cmd);
3034 hci_dev_unlock(hdev);
3038 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3041 struct mgmt_addr_info *addr = data;
3042 struct mgmt_pending_cmd *cmd;
3043 struct hci_conn *conn;
3046 bt_dev_dbg(hdev, "sock %p", sk);
3050 if (!hdev_is_powered(hdev)) {
3051 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3052 MGMT_STATUS_NOT_POWERED);
3056 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3058 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3059 MGMT_STATUS_INVALID_PARAMS);
3063 conn = cmd->user_data;
3065 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3066 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3067 MGMT_STATUS_INVALID_PARAMS);
3071 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3072 mgmt_pending_remove(cmd);
3074 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3075 addr, sizeof(*addr));
3077 /* Since user doesn't want to proceed with the connection, abort any
3078 * ongoing pairing and then terminate the link if it was created
3079 * because of the pair device action.
3081 if (addr->type == BDADDR_BREDR)
3082 hci_remove_link_key(hdev, &addr->bdaddr);
3084 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr,
3085 le_addr_type(addr->type));
3087 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE)
3088 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
3091 hci_dev_unlock(hdev);
3095 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3096 struct mgmt_addr_info *addr, u16 mgmt_op,
3097 u16 hci_op, __le32 passkey)
3099 struct mgmt_pending_cmd *cmd;
3100 struct hci_conn *conn;
3105 if (!hdev_is_powered(hdev)) {
3106 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3107 MGMT_STATUS_NOT_POWERED, addr,
3112 if (addr->type == BDADDR_BREDR)
3113 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3115 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3116 le_addr_type(addr->type));
3119 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3120 MGMT_STATUS_NOT_CONNECTED, addr,
3125 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3126 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3128 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3129 MGMT_STATUS_SUCCESS, addr,
3132 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3133 MGMT_STATUS_FAILED, addr,
3139 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3145 cmd->cmd_complete = addr_cmd_complete;
3147 /* Continue with pairing via HCI */
3148 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3149 struct hci_cp_user_passkey_reply cp;
3151 bacpy(&cp.bdaddr, &addr->bdaddr);
3152 cp.passkey = passkey;
3153 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3155 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3159 mgmt_pending_remove(cmd);
3162 hci_dev_unlock(hdev);
3166 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3167 void *data, u16 len)
3169 struct mgmt_cp_pin_code_neg_reply *cp = data;
3171 bt_dev_dbg(hdev, "sock %p", sk);
3173 return user_pairing_resp(sk, hdev, &cp->addr,
3174 MGMT_OP_PIN_CODE_NEG_REPLY,
3175 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3178 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3181 struct mgmt_cp_user_confirm_reply *cp = data;
3183 bt_dev_dbg(hdev, "sock %p", sk);
3185 if (len != sizeof(*cp))
3186 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3187 MGMT_STATUS_INVALID_PARAMS);
3189 return user_pairing_resp(sk, hdev, &cp->addr,
3190 MGMT_OP_USER_CONFIRM_REPLY,
3191 HCI_OP_USER_CONFIRM_REPLY, 0);
3194 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3195 void *data, u16 len)
3197 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3199 bt_dev_dbg(hdev, "sock %p", sk);
3201 return user_pairing_resp(sk, hdev, &cp->addr,
3202 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3203 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3206 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3209 struct mgmt_cp_user_passkey_reply *cp = data;
3211 bt_dev_dbg(hdev, "sock %p", sk);
3213 return user_pairing_resp(sk, hdev, &cp->addr,
3214 MGMT_OP_USER_PASSKEY_REPLY,
3215 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3218 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3219 void *data, u16 len)
3221 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3223 bt_dev_dbg(hdev, "sock %p", sk);
3225 return user_pairing_resp(sk, hdev, &cp->addr,
3226 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3227 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3230 static void adv_expire(struct hci_dev *hdev, u32 flags)
3232 struct adv_info *adv_instance;
3233 struct hci_request req;
3236 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3240 /* stop if current instance doesn't need to be changed */
3241 if (!(adv_instance->flags & flags))
3244 cancel_adv_timeout(hdev);
3246 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3250 hci_req_init(&req, hdev);
3251 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3256 hci_req_run(&req, NULL);
3259 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3261 struct mgmt_cp_set_local_name *cp;
3262 struct mgmt_pending_cmd *cmd;
3264 bt_dev_dbg(hdev, "status 0x%02x", status);
3268 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3275 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3276 mgmt_status(status));
3278 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3281 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3282 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3285 mgmt_pending_remove(cmd);
3288 hci_dev_unlock(hdev);
3291 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3294 struct mgmt_cp_set_local_name *cp = data;
3295 struct mgmt_pending_cmd *cmd;
3296 struct hci_request req;
3299 bt_dev_dbg(hdev, "sock %p", sk);
3303 /* If the old values are the same as the new ones just return a
3304 * direct command complete event.
3306 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3307 !memcmp(hdev->short_name, cp->short_name,
3308 sizeof(hdev->short_name))) {
3309 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3314 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3316 if (!hdev_is_powered(hdev)) {
3317 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3319 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3324 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3325 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3326 ext_info_changed(hdev, sk);
3331 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3337 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3339 hci_req_init(&req, hdev);
3341 if (lmp_bredr_capable(hdev)) {
3342 __hci_req_update_name(&req);
3343 __hci_req_update_eir(&req);
3346 /* The name is stored in the scan response data and so
3347 * no need to update the advertising data here.
3349 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3350 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3352 err = hci_req_run(&req, set_name_complete);
3354 mgmt_pending_remove(cmd);
3357 hci_dev_unlock(hdev);
3361 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3364 struct mgmt_cp_set_appearance *cp = data;
3368 bt_dev_dbg(hdev, "sock %p", sk);
3370 if (!lmp_le_capable(hdev))
3371 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3372 MGMT_STATUS_NOT_SUPPORTED);
3374 appearance = le16_to_cpu(cp->appearance);
3378 if (hdev->appearance != appearance) {
3379 hdev->appearance = appearance;
3381 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3382 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3384 ext_info_changed(hdev, sk);
3387 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3390 hci_dev_unlock(hdev);
3395 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3396 void *data, u16 len)
3398 struct mgmt_rp_get_phy_configuration rp;
3400 bt_dev_dbg(hdev, "sock %p", sk);
3404 memset(&rp, 0, sizeof(rp));
3406 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3407 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3408 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3410 hci_dev_unlock(hdev);
3412 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3416 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3418 struct mgmt_ev_phy_configuration_changed ev;
3420 memset(&ev, 0, sizeof(ev));
3422 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3424 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3428 static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3429 u16 opcode, struct sk_buff *skb)
3431 struct mgmt_pending_cmd *cmd;
3433 bt_dev_dbg(hdev, "status 0x%02x", status);
3437 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3442 mgmt_cmd_status(cmd->sk, hdev->id,
3443 MGMT_OP_SET_PHY_CONFIGURATION,
3444 mgmt_status(status));
3446 mgmt_cmd_complete(cmd->sk, hdev->id,
3447 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3450 mgmt_phy_configuration_changed(hdev, cmd->sk);
3453 mgmt_pending_remove(cmd);
3456 hci_dev_unlock(hdev);
3459 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3460 void *data, u16 len)
3462 struct mgmt_cp_set_phy_configuration *cp = data;
3463 struct hci_cp_le_set_default_phy cp_phy;
3464 struct mgmt_pending_cmd *cmd;
3465 struct hci_request req;
3466 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3467 u16 pkt_type = (HCI_DH1 | HCI_DM1);
3468 bool changed = false;
3471 bt_dev_dbg(hdev, "sock %p", sk);
3473 configurable_phys = get_configurable_phys(hdev);
3474 supported_phys = get_supported_phys(hdev);
3475 selected_phys = __le32_to_cpu(cp->selected_phys);
3477 if (selected_phys & ~supported_phys)
3478 return mgmt_cmd_status(sk, hdev->id,
3479 MGMT_OP_SET_PHY_CONFIGURATION,
3480 MGMT_STATUS_INVALID_PARAMS);
3482 unconfigure_phys = supported_phys & ~configurable_phys;
3484 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3485 return mgmt_cmd_status(sk, hdev->id,
3486 MGMT_OP_SET_PHY_CONFIGURATION,
3487 MGMT_STATUS_INVALID_PARAMS);
3489 if (selected_phys == get_selected_phys(hdev))
3490 return mgmt_cmd_complete(sk, hdev->id,
3491 MGMT_OP_SET_PHY_CONFIGURATION,
3496 if (!hdev_is_powered(hdev)) {
3497 err = mgmt_cmd_status(sk, hdev->id,
3498 MGMT_OP_SET_PHY_CONFIGURATION,
3499 MGMT_STATUS_REJECTED);
3503 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3504 err = mgmt_cmd_status(sk, hdev->id,
3505 MGMT_OP_SET_PHY_CONFIGURATION,
3510 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3511 pkt_type |= (HCI_DH3 | HCI_DM3);
3513 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3515 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3516 pkt_type |= (HCI_DH5 | HCI_DM5);
3518 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3520 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3521 pkt_type &= ~HCI_2DH1;
3523 pkt_type |= HCI_2DH1;
3525 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3526 pkt_type &= ~HCI_2DH3;
3528 pkt_type |= HCI_2DH3;
3530 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3531 pkt_type &= ~HCI_2DH5;
3533 pkt_type |= HCI_2DH5;
3535 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3536 pkt_type &= ~HCI_3DH1;
3538 pkt_type |= HCI_3DH1;
3540 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3541 pkt_type &= ~HCI_3DH3;
3543 pkt_type |= HCI_3DH3;
3545 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3546 pkt_type &= ~HCI_3DH5;
3548 pkt_type |= HCI_3DH5;
3550 if (pkt_type != hdev->pkt_type) {
3551 hdev->pkt_type = pkt_type;
3555 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3556 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
3558 mgmt_phy_configuration_changed(hdev, sk);
3560 err = mgmt_cmd_complete(sk, hdev->id,
3561 MGMT_OP_SET_PHY_CONFIGURATION,
3567 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3574 hci_req_init(&req, hdev);
3576 memset(&cp_phy, 0, sizeof(cp_phy));
3578 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3579 cp_phy.all_phys |= 0x01;
3581 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3582 cp_phy.all_phys |= 0x02;
3584 if (selected_phys & MGMT_PHY_LE_1M_TX)
3585 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3587 if (selected_phys & MGMT_PHY_LE_2M_TX)
3588 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3590 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3591 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3593 if (selected_phys & MGMT_PHY_LE_1M_RX)
3594 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3596 if (selected_phys & MGMT_PHY_LE_2M_RX)
3597 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3599 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3600 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3602 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3604 err = hci_req_run_skb(&req, set_default_phy_complete);
3606 mgmt_pending_remove(cmd);
3609 hci_dev_unlock(hdev);
3614 static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
3617 int err = MGMT_STATUS_SUCCESS;
3618 struct mgmt_cp_set_blocked_keys *keys = data;
3619 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
3620 sizeof(struct mgmt_blocked_key_info));
3621 u16 key_count, expected_len;
3624 bt_dev_dbg(hdev, "sock %p", sk);
3626 key_count = __le16_to_cpu(keys->key_count);
3627 if (key_count > max_key_count) {
3628 bt_dev_err(hdev, "too big key_count value %u", key_count);
3629 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3630 MGMT_STATUS_INVALID_PARAMS);
3633 expected_len = struct_size(keys, keys, key_count);
3634 if (expected_len != len) {
3635 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
3637 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3638 MGMT_STATUS_INVALID_PARAMS);
3643 hci_blocked_keys_clear(hdev);
3645 for (i = 0; i < keys->key_count; ++i) {
3646 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
3649 err = MGMT_STATUS_NO_RESOURCES;
3653 b->type = keys->keys[i].type;
3654 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
3655 list_add_rcu(&b->list, &hdev->blocked_keys);
3657 hci_dev_unlock(hdev);
3659 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3663 static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
3664 void *data, u16 len)
3666 struct mgmt_mode *cp = data;
3668 bool changed = false;
3670 bt_dev_dbg(hdev, "sock %p", sk);
3672 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
3673 return mgmt_cmd_status(sk, hdev->id,
3674 MGMT_OP_SET_WIDEBAND_SPEECH,
3675 MGMT_STATUS_NOT_SUPPORTED);
3677 if (cp->val != 0x00 && cp->val != 0x01)
3678 return mgmt_cmd_status(sk, hdev->id,
3679 MGMT_OP_SET_WIDEBAND_SPEECH,
3680 MGMT_STATUS_INVALID_PARAMS);
3684 if (pending_find(MGMT_OP_SET_WIDEBAND_SPEECH, hdev)) {
3685 err = mgmt_cmd_status(sk, hdev->id,
3686 MGMT_OP_SET_WIDEBAND_SPEECH,
3691 if (hdev_is_powered(hdev) &&
3692 !!cp->val != hci_dev_test_flag(hdev,
3693 HCI_WIDEBAND_SPEECH_ENABLED)) {
3694 err = mgmt_cmd_status(sk, hdev->id,
3695 MGMT_OP_SET_WIDEBAND_SPEECH,
3696 MGMT_STATUS_REJECTED);
3701 changed = !hci_dev_test_and_set_flag(hdev,
3702 HCI_WIDEBAND_SPEECH_ENABLED);
3704 changed = hci_dev_test_and_clear_flag(hdev,
3705 HCI_WIDEBAND_SPEECH_ENABLED);
3707 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
3712 err = new_settings(hdev, sk);
3715 hci_dev_unlock(hdev);
3719 static int read_controller_cap(struct sock *sk, struct hci_dev *hdev,
3720 void *data, u16 data_len)
3723 struct mgmt_rp_read_controller_cap *rp = (void *)buf;
3726 u8 tx_power_range[2];
3728 bt_dev_dbg(hdev, "sock %p", sk);
3730 memset(&buf, 0, sizeof(buf));
3734 /* When the Read Simple Pairing Options command is supported, then
3735 * the remote public key validation is supported.
3737 * Alternatively, when Microsoft extensions are available, they can
3738 * indicate support for public key validation as well.
3740 if ((hdev->commands[41] & 0x08) || msft_curve_validity(hdev))
3741 flags |= 0x01; /* Remote public key validation (BR/EDR) */
3743 flags |= 0x02; /* Remote public key validation (LE) */
3745 /* When the Read Encryption Key Size command is supported, then the
3746 * encryption key size is enforced.
3748 if (hdev->commands[20] & 0x10)
3749 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
3751 flags |= 0x08; /* Encryption key size enforcement (LE) */
3753 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS,
3756 /* When the Read Simple Pairing Options command is supported, then
3757 * also max encryption key size information is provided.
3759 if (hdev->commands[41] & 0x08)
3760 cap_len = eir_append_le16(rp->cap, cap_len,
3761 MGMT_CAP_MAX_ENC_KEY_SIZE,
3762 hdev->max_enc_key_size);
3764 cap_len = eir_append_le16(rp->cap, cap_len,
3765 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE,
3766 SMP_MAX_ENC_KEY_SIZE);
3768 /* Append the min/max LE tx power parameters if we were able to fetch
3769 * it from the controller
3771 if (hdev->commands[38] & 0x80) {
3772 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1);
3773 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1);
3774 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR,
3778 rp->cap_len = cpu_to_le16(cap_len);
3780 hci_dev_unlock(hdev);
3782 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0,
3783 rp, sizeof(*rp) + cap_len);
3786 #ifdef CONFIG_BT_FEATURE_DEBUG
3787 /* d4992530-b9ec-469f-ab01-6c481c47da1c */
3788 static const u8 debug_uuid[16] = {
3789 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab,
3790 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4,
3794 /* 671b10b5-42c0-4696-9227-eb28d1b049d6 */
3795 static const u8 simult_central_periph_uuid[16] = {
3796 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92,
3797 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67,
3800 /* 15c0a148-c273-11ea-b3de-0242ac130004 */
3801 static const u8 rpa_resolution_uuid[16] = {
3802 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3,
3803 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15,
3806 static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
3807 void *data, u16 data_len)
3809 char buf[62]; /* Enough space for 3 features */
3810 struct mgmt_rp_read_exp_features_info *rp = (void *)buf;
3814 bt_dev_dbg(hdev, "sock %p", sk);
3816 memset(&buf, 0, sizeof(buf));
3818 #ifdef CONFIG_BT_FEATURE_DEBUG
3820 flags = bt_dbg_get() ? BIT(0) : 0;
3822 memcpy(rp->features[idx].uuid, debug_uuid, 16);
3823 rp->features[idx].flags = cpu_to_le32(flags);
3829 if (test_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks) &&
3830 (hdev->le_states[4] & 0x08) && /* Central */
3831 (hdev->le_states[4] & 0x40) && /* Peripheral */
3832 (hdev->le_states[3] & 0x10)) /* Simultaneous */
3837 memcpy(rp->features[idx].uuid, simult_central_periph_uuid, 16);
3838 rp->features[idx].flags = cpu_to_le32(flags);
3842 if (hdev && use_ll_privacy(hdev)) {
3843 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
3844 flags = BIT(0) | BIT(1);
3848 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16);
3849 rp->features[idx].flags = cpu_to_le32(flags);
3853 rp->feature_count = cpu_to_le16(idx);
3855 /* After reading the experimental features information, enable
3856 * the events to update client on any future change.
3858 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3860 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
3861 MGMT_OP_READ_EXP_FEATURES_INFO,
3862 0, rp, sizeof(*rp) + (20 * idx));
3865 static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev,
3868 struct mgmt_ev_exp_feature_changed ev;
3870 memset(&ev, 0, sizeof(ev));
3871 memcpy(ev.uuid, rpa_resolution_uuid, 16);
3872 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1));
3874 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
3876 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
3880 #ifdef CONFIG_BT_FEATURE_DEBUG
3881 static int exp_debug_feature_changed(bool enabled, struct sock *skip)
3883 struct mgmt_ev_exp_feature_changed ev;
3885 memset(&ev, 0, sizeof(ev));
3886 memcpy(ev.uuid, debug_uuid, 16);
3887 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
3889 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, NULL,
3891 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
3895 static int set_exp_feature(struct sock *sk, struct hci_dev *hdev,
3896 void *data, u16 data_len)
3898 struct mgmt_cp_set_exp_feature *cp = data;
3899 struct mgmt_rp_set_exp_feature rp;
3901 bt_dev_dbg(hdev, "sock %p", sk);
3903 if (!memcmp(cp->uuid, ZERO_KEY, 16)) {
3904 memset(rp.uuid, 0, 16);
3905 rp.flags = cpu_to_le32(0);
3907 #ifdef CONFIG_BT_FEATURE_DEBUG
3909 bool changed = bt_dbg_get();
3914 exp_debug_feature_changed(false, sk);
3918 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) {
3919 bool changed = hci_dev_test_flag(hdev,
3920 HCI_ENABLE_LL_PRIVACY);
3922 hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY);
3925 exp_ll_privacy_feature_changed(false, hdev, sk);
3928 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3930 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
3931 MGMT_OP_SET_EXP_FEATURE, 0,
3935 #ifdef CONFIG_BT_FEATURE_DEBUG
3936 if (!memcmp(cp->uuid, debug_uuid, 16)) {
3940 /* Command requires to use the non-controller index */
3942 return mgmt_cmd_status(sk, hdev->id,
3943 MGMT_OP_SET_EXP_FEATURE,
3944 MGMT_STATUS_INVALID_INDEX);
3946 /* Parameters are limited to a single octet */
3947 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
3948 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3949 MGMT_OP_SET_EXP_FEATURE,
3950 MGMT_STATUS_INVALID_PARAMS);
3952 /* Only boolean on/off is supported */
3953 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
3954 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3955 MGMT_OP_SET_EXP_FEATURE,
3956 MGMT_STATUS_INVALID_PARAMS);
3958 val = !!cp->param[0];
3959 changed = val ? !bt_dbg_get() : bt_dbg_get();
3962 memcpy(rp.uuid, debug_uuid, 16);
3963 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
3965 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3967 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
3968 MGMT_OP_SET_EXP_FEATURE, 0,
3972 exp_debug_feature_changed(val, sk);
3978 if (!memcmp(cp->uuid, rpa_resolution_uuid, 16)) {
3983 /* Command requires to use the controller index */
3985 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3986 MGMT_OP_SET_EXP_FEATURE,
3987 MGMT_STATUS_INVALID_INDEX);
3989 /* Changes can only be made when controller is powered down */
3990 if (hdev_is_powered(hdev))
3991 return mgmt_cmd_status(sk, hdev->id,
3992 MGMT_OP_SET_EXP_FEATURE,
3993 MGMT_STATUS_REJECTED);
3995 /* Parameters are limited to a single octet */
3996 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
3997 return mgmt_cmd_status(sk, hdev->id,
3998 MGMT_OP_SET_EXP_FEATURE,
3999 MGMT_STATUS_INVALID_PARAMS);
4001 /* Only boolean on/off is supported */
4002 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4003 return mgmt_cmd_status(sk, hdev->id,
4004 MGMT_OP_SET_EXP_FEATURE,
4005 MGMT_STATUS_INVALID_PARAMS);
4007 val = !!cp->param[0];
4010 changed = !hci_dev_test_flag(hdev,
4011 HCI_ENABLE_LL_PRIVACY);
4012 hci_dev_set_flag(hdev, HCI_ENABLE_LL_PRIVACY);
4013 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4015 /* Enable LL privacy + supported settings changed */
4016 flags = BIT(0) | BIT(1);
4018 changed = hci_dev_test_flag(hdev,
4019 HCI_ENABLE_LL_PRIVACY);
4020 hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY);
4022 /* Disable LL privacy + supported settings changed */
4026 memcpy(rp.uuid, rpa_resolution_uuid, 16);
4027 rp.flags = cpu_to_le32(flags);
4029 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4031 err = mgmt_cmd_complete(sk, hdev->id,
4032 MGMT_OP_SET_EXP_FEATURE, 0,
4036 exp_ll_privacy_feature_changed(val, hdev, sk);
4041 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4042 MGMT_OP_SET_EXP_FEATURE,
4043 MGMT_STATUS_NOT_SUPPORTED);
4046 #define SUPPORTED_DEVICE_FLAGS() ((1U << HCI_CONN_FLAG_MAX) - 1)
4048 static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
4051 struct mgmt_cp_get_device_flags *cp = data;
4052 struct mgmt_rp_get_device_flags rp;
4053 struct bdaddr_list_with_flags *br_params;
4054 struct hci_conn_params *params;
4055 u32 supported_flags = SUPPORTED_DEVICE_FLAGS();
4056 u32 current_flags = 0;
4057 u8 status = MGMT_STATUS_INVALID_PARAMS;
4059 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n",
4060 &cp->addr.bdaddr, cp->addr.type);
4064 memset(&rp, 0, sizeof(rp));
4066 if (cp->addr.type == BDADDR_BREDR) {
4067 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
4073 current_flags = br_params->current_flags;
4075 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
4076 le_addr_type(cp->addr.type));
4081 current_flags = params->current_flags;
4084 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4085 rp.addr.type = cp->addr.type;
4086 rp.supported_flags = cpu_to_le32(supported_flags);
4087 rp.current_flags = cpu_to_le32(current_flags);
4089 status = MGMT_STATUS_SUCCESS;
4092 hci_dev_unlock(hdev);
4094 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status,
4098 static void device_flags_changed(struct sock *sk, struct hci_dev *hdev,
4099 bdaddr_t *bdaddr, u8 bdaddr_type,
4100 u32 supported_flags, u32 current_flags)
4102 struct mgmt_ev_device_flags_changed ev;
4104 bacpy(&ev.addr.bdaddr, bdaddr);
4105 ev.addr.type = bdaddr_type;
4106 ev.supported_flags = cpu_to_le32(supported_flags);
4107 ev.current_flags = cpu_to_le32(current_flags);
4109 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk);
4112 static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
4115 struct mgmt_cp_set_device_flags *cp = data;
4116 struct bdaddr_list_with_flags *br_params;
4117 struct hci_conn_params *params;
4118 u8 status = MGMT_STATUS_INVALID_PARAMS;
4119 u32 supported_flags = SUPPORTED_DEVICE_FLAGS();
4120 u32 current_flags = __le32_to_cpu(cp->current_flags);
4122 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x",
4123 &cp->addr.bdaddr, cp->addr.type,
4124 __le32_to_cpu(current_flags));
4126 if ((supported_flags | current_flags) != supported_flags) {
4127 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
4128 current_flags, supported_flags);
4134 if (cp->addr.type == BDADDR_BREDR) {
4135 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
4140 br_params->current_flags = current_flags;
4141 status = MGMT_STATUS_SUCCESS;
4143 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)",
4144 &cp->addr.bdaddr, cp->addr.type);
4147 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
4148 le_addr_type(cp->addr.type));
4150 params->current_flags = current_flags;
4151 status = MGMT_STATUS_SUCCESS;
4153 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)",
4155 le_addr_type(cp->addr.type));
4160 hci_dev_unlock(hdev);
4162 if (status == MGMT_STATUS_SUCCESS)
4163 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
4164 supported_flags, current_flags);
4166 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status,
4167 &cp->addr, sizeof(cp->addr));
4170 static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev,
4173 struct mgmt_ev_adv_monitor_added ev;
4175 ev.monitor_handle = cpu_to_le16(handle);
4177 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk);
4180 void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle)
4182 struct mgmt_ev_adv_monitor_removed ev;
4183 struct mgmt_pending_cmd *cmd;
4184 struct sock *sk_skip = NULL;
4185 struct mgmt_cp_remove_adv_monitor *cp;
4187 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
4191 if (cp->monitor_handle)
4195 ev.monitor_handle = cpu_to_le16(handle);
4197 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip);
4200 static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
4201 void *data, u16 len)
4203 struct adv_monitor *monitor = NULL;
4204 struct mgmt_rp_read_adv_monitor_features *rp = NULL;
4207 __u32 supported = 0;
4209 __u16 num_handles = 0;
4210 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES];
4212 BT_DBG("request for %s", hdev->name);
4216 if (msft_monitor_supported(hdev))
4217 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS;
4219 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle)
4220 handles[num_handles++] = monitor->handle;
4222 hci_dev_unlock(hdev);
4224 rp_size = sizeof(*rp) + (num_handles * sizeof(u16));
4225 rp = kmalloc(rp_size, GFP_KERNEL);
4229 /* All supported features are currently enabled */
4230 enabled = supported;
4232 rp->supported_features = cpu_to_le32(supported);
4233 rp->enabled_features = cpu_to_le32(enabled);
4234 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES);
4235 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS;
4236 rp->num_handles = cpu_to_le16(num_handles);
4238 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
4240 err = mgmt_cmd_complete(sk, hdev->id,
4241 MGMT_OP_READ_ADV_MONITOR_FEATURES,
4242 MGMT_STATUS_SUCCESS, rp, rp_size);
4249 int mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev, u8 status)
4251 struct mgmt_rp_add_adv_patterns_monitor rp;
4252 struct mgmt_pending_cmd *cmd;
4253 struct adv_monitor *monitor;
4258 cmd = pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev);
4260 cmd = pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev);
4265 monitor = cmd->user_data;
4266 rp.monitor_handle = cpu_to_le16(monitor->handle);
4269 mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle);
4270 hdev->adv_monitors_cnt++;
4271 if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED)
4272 monitor->state = ADV_MONITOR_STATE_REGISTERED;
4273 hci_update_background_scan(hdev);
4276 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
4277 mgmt_status(status), &rp, sizeof(rp));
4278 mgmt_pending_remove(cmd);
4281 hci_dev_unlock(hdev);
4282 bt_dev_dbg(hdev, "add monitor %d complete, status %u",
4283 rp.monitor_handle, status);
4288 static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
4289 struct adv_monitor *m, u8 status,
4290 void *data, u16 len, u16 op)
4292 struct mgmt_rp_add_adv_patterns_monitor rp;
4293 struct mgmt_pending_cmd *cmd;
4302 if (pending_find(MGMT_OP_SET_LE, hdev) ||
4303 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
4304 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) ||
4305 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) {
4306 status = MGMT_STATUS_BUSY;
4310 cmd = mgmt_pending_add(sk, op, hdev, data, len);
4312 status = MGMT_STATUS_NO_RESOURCES;
4317 pending = hci_add_adv_monitor(hdev, m, &err);
4319 if (err == -ENOSPC || err == -ENOMEM)
4320 status = MGMT_STATUS_NO_RESOURCES;
4321 else if (err == -EINVAL)
4322 status = MGMT_STATUS_INVALID_PARAMS;
4324 status = MGMT_STATUS_FAILED;
4326 mgmt_pending_remove(cmd);
4331 mgmt_pending_remove(cmd);
4332 rp.monitor_handle = cpu_to_le16(m->handle);
4333 mgmt_adv_monitor_added(sk, hdev, m->handle);
4334 m->state = ADV_MONITOR_STATE_REGISTERED;
4335 hdev->adv_monitors_cnt++;
4337 hci_dev_unlock(hdev);
4338 return mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_SUCCESS,
4342 hci_dev_unlock(hdev);
4347 hci_free_adv_monitor(hdev, m);
4348 hci_dev_unlock(hdev);
4349 return mgmt_cmd_status(sk, hdev->id, op, status);
4352 static void parse_adv_monitor_rssi(struct adv_monitor *m,
4353 struct mgmt_adv_rssi_thresholds *rssi)
4356 m->rssi.low_threshold = rssi->low_threshold;
4357 m->rssi.low_threshold_timeout =
4358 __le16_to_cpu(rssi->low_threshold_timeout);
4359 m->rssi.high_threshold = rssi->high_threshold;
4360 m->rssi.high_threshold_timeout =
4361 __le16_to_cpu(rssi->high_threshold_timeout);
4362 m->rssi.sampling_period = rssi->sampling_period;
4364 /* Default values. These numbers are the least constricting
4365 * parameters for MSFT API to work, so it behaves as if there
4366 * are no rssi parameter to consider. May need to be changed
4367 * if other API are to be supported.
4369 m->rssi.low_threshold = -127;
4370 m->rssi.low_threshold_timeout = 60;
4371 m->rssi.high_threshold = -127;
4372 m->rssi.high_threshold_timeout = 0;
4373 m->rssi.sampling_period = 0;
4377 static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count,
4378 struct mgmt_adv_pattern *patterns)
4380 u8 offset = 0, length = 0;
4381 struct adv_pattern *p = NULL;
4384 for (i = 0; i < pattern_count; i++) {
4385 offset = patterns[i].offset;
4386 length = patterns[i].length;
4387 if (offset >= HCI_MAX_AD_LENGTH ||
4388 length > HCI_MAX_AD_LENGTH ||
4389 (offset + length) > HCI_MAX_AD_LENGTH)
4390 return MGMT_STATUS_INVALID_PARAMS;
4392 p = kmalloc(sizeof(*p), GFP_KERNEL);
4394 return MGMT_STATUS_NO_RESOURCES;
4396 p->ad_type = patterns[i].ad_type;
4397 p->offset = patterns[i].offset;
4398 p->length = patterns[i].length;
4399 memcpy(p->value, patterns[i].value, p->length);
4401 INIT_LIST_HEAD(&p->list);
4402 list_add(&p->list, &m->patterns);
4405 return MGMT_STATUS_SUCCESS;
4408 static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
4409 void *data, u16 len)
4411 struct mgmt_cp_add_adv_patterns_monitor *cp = data;
4412 struct adv_monitor *m = NULL;
4413 u8 status = MGMT_STATUS_SUCCESS;
4414 size_t expected_size = sizeof(*cp);
4416 BT_DBG("request for %s", hdev->name);
4418 if (len <= sizeof(*cp)) {
4419 status = MGMT_STATUS_INVALID_PARAMS;
4423 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
4424 if (len != expected_size) {
4425 status = MGMT_STATUS_INVALID_PARAMS;
4429 m = kzalloc(sizeof(*m), GFP_KERNEL);
4431 status = MGMT_STATUS_NO_RESOURCES;
4435 INIT_LIST_HEAD(&m->patterns);
4437 parse_adv_monitor_rssi(m, NULL);
4438 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
4441 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
4442 MGMT_OP_ADD_ADV_PATTERNS_MONITOR);
4445 static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev,
4446 void *data, u16 len)
4448 struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data;
4449 struct adv_monitor *m = NULL;
4450 u8 status = MGMT_STATUS_SUCCESS;
4451 size_t expected_size = sizeof(*cp);
4453 BT_DBG("request for %s", hdev->name);
4455 if (len <= sizeof(*cp)) {
4456 status = MGMT_STATUS_INVALID_PARAMS;
4460 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
4461 if (len != expected_size) {
4462 status = MGMT_STATUS_INVALID_PARAMS;
4466 m = kzalloc(sizeof(*m), GFP_KERNEL);
4468 status = MGMT_STATUS_NO_RESOURCES;
4472 INIT_LIST_HEAD(&m->patterns);
4474 parse_adv_monitor_rssi(m, &cp->rssi);
4475 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
4478 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
4479 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI);
4482 int mgmt_remove_adv_monitor_complete(struct hci_dev *hdev, u8 status)
4484 struct mgmt_rp_remove_adv_monitor rp;
4485 struct mgmt_cp_remove_adv_monitor *cp;
4486 struct mgmt_pending_cmd *cmd;
4491 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
4496 rp.monitor_handle = cp->monitor_handle;
4499 hci_update_background_scan(hdev);
4501 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
4502 mgmt_status(status), &rp, sizeof(rp));
4503 mgmt_pending_remove(cmd);
4506 hci_dev_unlock(hdev);
4507 bt_dev_dbg(hdev, "remove monitor %d complete, status %u",
4508 rp.monitor_handle, status);
4513 static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev,
4514 void *data, u16 len)
4516 struct mgmt_cp_remove_adv_monitor *cp = data;
4517 struct mgmt_rp_remove_adv_monitor rp;
4518 struct mgmt_pending_cmd *cmd;
4519 u16 handle = __le16_to_cpu(cp->monitor_handle);
4523 BT_DBG("request for %s", hdev->name);
4524 rp.monitor_handle = cp->monitor_handle;
4528 if (pending_find(MGMT_OP_SET_LE, hdev) ||
4529 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) ||
4530 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
4531 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) {
4532 status = MGMT_STATUS_BUSY;
4536 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len);
4538 status = MGMT_STATUS_NO_RESOURCES;
4543 pending = hci_remove_single_adv_monitor(hdev, handle, &err);
4545 pending = hci_remove_all_adv_monitor(hdev, &err);
4548 mgmt_pending_remove(cmd);
4551 status = MGMT_STATUS_INVALID_INDEX;
4553 status = MGMT_STATUS_FAILED;
4558 /* monitor can be removed without forwarding request to controller */
4560 mgmt_pending_remove(cmd);
4561 hci_dev_unlock(hdev);
4563 return mgmt_cmd_complete(sk, hdev->id,
4564 MGMT_OP_REMOVE_ADV_MONITOR,
4565 MGMT_STATUS_SUCCESS,
4569 hci_dev_unlock(hdev);
4573 hci_dev_unlock(hdev);
4574 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
4578 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
4579 u16 opcode, struct sk_buff *skb)
4581 struct mgmt_rp_read_local_oob_data mgmt_rp;
4582 size_t rp_size = sizeof(mgmt_rp);
4583 struct mgmt_pending_cmd *cmd;
4585 bt_dev_dbg(hdev, "status %u", status);
4587 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4591 if (status || !skb) {
4592 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4593 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
4597 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
4599 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
4600 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
4602 if (skb->len < sizeof(*rp)) {
4603 mgmt_cmd_status(cmd->sk, hdev->id,
4604 MGMT_OP_READ_LOCAL_OOB_DATA,
4605 MGMT_STATUS_FAILED);
4609 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
4610 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
4612 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
4614 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
4616 if (skb->len < sizeof(*rp)) {
4617 mgmt_cmd_status(cmd->sk, hdev->id,
4618 MGMT_OP_READ_LOCAL_OOB_DATA,
4619 MGMT_STATUS_FAILED);
4623 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
4624 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
4626 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
4627 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
4630 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4631 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
4634 mgmt_pending_remove(cmd);
4637 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
4638 void *data, u16 data_len)
4640 struct mgmt_pending_cmd *cmd;
4641 struct hci_request req;
4644 bt_dev_dbg(hdev, "sock %p", sk);
4648 if (!hdev_is_powered(hdev)) {
4649 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4650 MGMT_STATUS_NOT_POWERED);
4654 if (!lmp_ssp_capable(hdev)) {
4655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4656 MGMT_STATUS_NOT_SUPPORTED);
4660 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
4661 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4666 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
4672 hci_req_init(&req, hdev);
4674 if (bredr_sc_enabled(hdev))
4675 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4677 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4679 err = hci_req_run_skb(&req, read_local_oob_data_complete);
4681 mgmt_pending_remove(cmd);
4684 hci_dev_unlock(hdev);
4688 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4689 void *data, u16 len)
4691 struct mgmt_addr_info *addr = data;
4694 bt_dev_dbg(hdev, "sock %p", sk);
4696 if (!bdaddr_type_is_valid(addr->type))
4697 return mgmt_cmd_complete(sk, hdev->id,
4698 MGMT_OP_ADD_REMOTE_OOB_DATA,
4699 MGMT_STATUS_INVALID_PARAMS,
4700 addr, sizeof(*addr));
4704 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
4705 struct mgmt_cp_add_remote_oob_data *cp = data;
4708 if (cp->addr.type != BDADDR_BREDR) {
4709 err = mgmt_cmd_complete(sk, hdev->id,
4710 MGMT_OP_ADD_REMOTE_OOB_DATA,
4711 MGMT_STATUS_INVALID_PARAMS,
4712 &cp->addr, sizeof(cp->addr));
4716 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4717 cp->addr.type, cp->hash,
4718 cp->rand, NULL, NULL);
4720 status = MGMT_STATUS_FAILED;
4722 status = MGMT_STATUS_SUCCESS;
4724 err = mgmt_cmd_complete(sk, hdev->id,
4725 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
4726 &cp->addr, sizeof(cp->addr));
4727 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
4728 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
4729 u8 *rand192, *hash192, *rand256, *hash256;
4732 if (bdaddr_type_is_le(cp->addr.type)) {
4733 /* Enforce zero-valued 192-bit parameters as
4734 * long as legacy SMP OOB isn't implemented.
4736 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
4737 memcmp(cp->hash192, ZERO_KEY, 16)) {
4738 err = mgmt_cmd_complete(sk, hdev->id,
4739 MGMT_OP_ADD_REMOTE_OOB_DATA,
4740 MGMT_STATUS_INVALID_PARAMS,
4741 addr, sizeof(*addr));
4748 /* In case one of the P-192 values is set to zero,
4749 * then just disable OOB data for P-192.
4751 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
4752 !memcmp(cp->hash192, ZERO_KEY, 16)) {
4756 rand192 = cp->rand192;
4757 hash192 = cp->hash192;
4761 /* In case one of the P-256 values is set to zero, then just
4762 * disable OOB data for P-256.
4764 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
4765 !memcmp(cp->hash256, ZERO_KEY, 16)) {
4769 rand256 = cp->rand256;
4770 hash256 = cp->hash256;
4773 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4774 cp->addr.type, hash192, rand192,
4777 status = MGMT_STATUS_FAILED;
4779 status = MGMT_STATUS_SUCCESS;
4781 err = mgmt_cmd_complete(sk, hdev->id,
4782 MGMT_OP_ADD_REMOTE_OOB_DATA,
4783 status, &cp->addr, sizeof(cp->addr));
4785 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
4787 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
4788 MGMT_STATUS_INVALID_PARAMS);
4792 hci_dev_unlock(hdev);
4796 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4797 void *data, u16 len)
4799 struct mgmt_cp_remove_remote_oob_data *cp = data;
4803 bt_dev_dbg(hdev, "sock %p", sk);
4805 if (cp->addr.type != BDADDR_BREDR)
4806 return mgmt_cmd_complete(sk, hdev->id,
4807 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4808 MGMT_STATUS_INVALID_PARAMS,
4809 &cp->addr, sizeof(cp->addr));
4813 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4814 hci_remote_oob_data_clear(hdev);
4815 status = MGMT_STATUS_SUCCESS;
4819 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
4821 status = MGMT_STATUS_INVALID_PARAMS;
4823 status = MGMT_STATUS_SUCCESS;
4826 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4827 status, &cp->addr, sizeof(cp->addr));
4829 hci_dev_unlock(hdev);
4833 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
4835 struct mgmt_pending_cmd *cmd;
4837 bt_dev_dbg(hdev, "status %u", status);
4841 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
4843 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4846 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
4849 cmd->cmd_complete(cmd, mgmt_status(status));
4850 mgmt_pending_remove(cmd);
4853 hci_dev_unlock(hdev);
4855 /* Handle suspend notifier */
4856 if (test_and_clear_bit(SUSPEND_UNPAUSE_DISCOVERY,
4857 hdev->suspend_tasks)) {
4858 bt_dev_dbg(hdev, "Unpaused discovery");
4859 wake_up(&hdev->suspend_wait_q);
4863 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
4864 uint8_t *mgmt_status)
4867 case DISCOV_TYPE_LE:
4868 *mgmt_status = mgmt_le_support(hdev);
4872 case DISCOV_TYPE_INTERLEAVED:
4873 *mgmt_status = mgmt_le_support(hdev);
4877 case DISCOV_TYPE_BREDR:
4878 *mgmt_status = mgmt_bredr_support(hdev);
4883 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
4890 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
4891 u16 op, void *data, u16 len)
4893 struct mgmt_cp_start_discovery *cp = data;
4894 struct mgmt_pending_cmd *cmd;
4898 bt_dev_dbg(hdev, "sock %p", sk);
4902 if (!hdev_is_powered(hdev)) {
4903 err = mgmt_cmd_complete(sk, hdev->id, op,
4904 MGMT_STATUS_NOT_POWERED,
4905 &cp->type, sizeof(cp->type));
4909 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4910 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4911 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
4912 &cp->type, sizeof(cp->type));
4916 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4917 err = mgmt_cmd_complete(sk, hdev->id, op, status,
4918 &cp->type, sizeof(cp->type));
4922 /* Can't start discovery when it is paused */
4923 if (hdev->discovery_paused) {
4924 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
4925 &cp->type, sizeof(cp->type));
4929 /* Clear the discovery filter first to free any previously
4930 * allocated memory for the UUID list.
4932 hci_discovery_filter_clear(hdev);
4934 hdev->discovery.type = cp->type;
4935 hdev->discovery.report_invalid_rssi = false;
4936 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
4937 hdev->discovery.limited = true;
4939 hdev->discovery.limited = false;
4941 cmd = mgmt_pending_add(sk, op, hdev, data, len);
4947 cmd->cmd_complete = generic_cmd_complete;
4949 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4950 queue_work(hdev->req_workqueue, &hdev->discov_update);
4954 hci_dev_unlock(hdev);
4958 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4959 void *data, u16 len)
4961 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
4965 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
4966 void *data, u16 len)
4968 return start_discovery_internal(sk, hdev,
4969 MGMT_OP_START_LIMITED_DISCOVERY,
4973 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4976 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4980 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4981 void *data, u16 len)
4983 struct mgmt_cp_start_service_discovery *cp = data;
4984 struct mgmt_pending_cmd *cmd;
4985 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4986 u16 uuid_count, expected_len;
4990 bt_dev_dbg(hdev, "sock %p", sk);
4994 if (!hdev_is_powered(hdev)) {
4995 err = mgmt_cmd_complete(sk, hdev->id,
4996 MGMT_OP_START_SERVICE_DISCOVERY,
4997 MGMT_STATUS_NOT_POWERED,
4998 &cp->type, sizeof(cp->type));
5002 if (hdev->discovery.state != DISCOVERY_STOPPED ||
5003 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
5004 err = mgmt_cmd_complete(sk, hdev->id,
5005 MGMT_OP_START_SERVICE_DISCOVERY,
5006 MGMT_STATUS_BUSY, &cp->type,
5011 if (hdev->discovery_paused) {
5012 err = mgmt_cmd_complete(sk, hdev->id,
5013 MGMT_OP_START_SERVICE_DISCOVERY,
5014 MGMT_STATUS_BUSY, &cp->type,
5019 uuid_count = __le16_to_cpu(cp->uuid_count);
5020 if (uuid_count > max_uuid_count) {
5021 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
5023 err = mgmt_cmd_complete(sk, hdev->id,
5024 MGMT_OP_START_SERVICE_DISCOVERY,
5025 MGMT_STATUS_INVALID_PARAMS, &cp->type,
5030 expected_len = sizeof(*cp) + uuid_count * 16;
5031 if (expected_len != len) {
5032 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
5034 err = mgmt_cmd_complete(sk, hdev->id,
5035 MGMT_OP_START_SERVICE_DISCOVERY,
5036 MGMT_STATUS_INVALID_PARAMS, &cp->type,
5041 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
5042 err = mgmt_cmd_complete(sk, hdev->id,
5043 MGMT_OP_START_SERVICE_DISCOVERY,
5044 status, &cp->type, sizeof(cp->type));
5048 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
5055 cmd->cmd_complete = service_discovery_cmd_complete;
5057 /* Clear the discovery filter first to free any previously
5058 * allocated memory for the UUID list.
5060 hci_discovery_filter_clear(hdev);
5062 hdev->discovery.result_filtering = true;
5063 hdev->discovery.type = cp->type;
5064 hdev->discovery.rssi = cp->rssi;
5065 hdev->discovery.uuid_count = uuid_count;
5067 if (uuid_count > 0) {
5068 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
5070 if (!hdev->discovery.uuids) {
5071 err = mgmt_cmd_complete(sk, hdev->id,
5072 MGMT_OP_START_SERVICE_DISCOVERY,
5074 &cp->type, sizeof(cp->type));
5075 mgmt_pending_remove(cmd);
5080 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
5081 queue_work(hdev->req_workqueue, &hdev->discov_update);
5085 hci_dev_unlock(hdev);
5089 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
5091 struct mgmt_pending_cmd *cmd;
5093 bt_dev_dbg(hdev, "status %u", status);
5097 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
5099 cmd->cmd_complete(cmd, mgmt_status(status));
5100 mgmt_pending_remove(cmd);
5103 hci_dev_unlock(hdev);
5105 /* Handle suspend notifier */
5106 if (test_and_clear_bit(SUSPEND_PAUSE_DISCOVERY, hdev->suspend_tasks)) {
5107 bt_dev_dbg(hdev, "Paused discovery");
5108 wake_up(&hdev->suspend_wait_q);
5112 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
5115 struct mgmt_cp_stop_discovery *mgmt_cp = data;
5116 struct mgmt_pending_cmd *cmd;
5119 bt_dev_dbg(hdev, "sock %p", sk);
5123 if (!hci_discovery_active(hdev)) {
5124 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
5125 MGMT_STATUS_REJECTED, &mgmt_cp->type,
5126 sizeof(mgmt_cp->type));
5130 if (hdev->discovery.type != mgmt_cp->type) {
5131 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
5132 MGMT_STATUS_INVALID_PARAMS,
5133 &mgmt_cp->type, sizeof(mgmt_cp->type));
5137 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
5143 cmd->cmd_complete = generic_cmd_complete;
5145 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
5146 queue_work(hdev->req_workqueue, &hdev->discov_update);
5150 hci_dev_unlock(hdev);
5154 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
5157 struct mgmt_cp_confirm_name *cp = data;
5158 struct inquiry_entry *e;
5161 bt_dev_dbg(hdev, "sock %p", sk);
5165 if (!hci_discovery_active(hdev)) {
5166 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
5167 MGMT_STATUS_FAILED, &cp->addr,
5172 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
5174 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
5175 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
5180 if (cp->name_known) {
5181 e->name_state = NAME_KNOWN;
5184 e->name_state = NAME_NEEDED;
5185 hci_inquiry_cache_update_resolve(hdev, e);
5188 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
5189 &cp->addr, sizeof(cp->addr));
5192 hci_dev_unlock(hdev);
5196 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
5199 struct mgmt_cp_block_device *cp = data;
5203 bt_dev_dbg(hdev, "sock %p", sk);
5205 if (!bdaddr_type_is_valid(cp->addr.type))
5206 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
5207 MGMT_STATUS_INVALID_PARAMS,
5208 &cp->addr, sizeof(cp->addr));
5212 err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr,
5215 status = MGMT_STATUS_FAILED;
5219 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
5221 status = MGMT_STATUS_SUCCESS;
5224 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
5225 &cp->addr, sizeof(cp->addr));
5227 hci_dev_unlock(hdev);
5232 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
5235 struct mgmt_cp_unblock_device *cp = data;
5239 bt_dev_dbg(hdev, "sock %p", sk);
5241 if (!bdaddr_type_is_valid(cp->addr.type))
5242 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
5243 MGMT_STATUS_INVALID_PARAMS,
5244 &cp->addr, sizeof(cp->addr));
5248 err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr,
5251 status = MGMT_STATUS_INVALID_PARAMS;
5255 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
5257 status = MGMT_STATUS_SUCCESS;
5260 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
5261 &cp->addr, sizeof(cp->addr));
5263 hci_dev_unlock(hdev);
5268 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
5271 struct mgmt_cp_set_device_id *cp = data;
5272 struct hci_request req;
5276 bt_dev_dbg(hdev, "sock %p", sk);
5278 source = __le16_to_cpu(cp->source);
5280 if (source > 0x0002)
5281 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
5282 MGMT_STATUS_INVALID_PARAMS);
5286 hdev->devid_source = source;
5287 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
5288 hdev->devid_product = __le16_to_cpu(cp->product);
5289 hdev->devid_version = __le16_to_cpu(cp->version);
5291 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
5294 hci_req_init(&req, hdev);
5295 __hci_req_update_eir(&req);
5296 hci_req_run(&req, NULL);
5298 hci_dev_unlock(hdev);
5303 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
5306 bt_dev_dbg(hdev, "status %u", status);
5309 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
5312 struct cmd_lookup match = { NULL, hdev };
5313 struct hci_request req;
5315 struct adv_info *adv_instance;
5321 u8 mgmt_err = mgmt_status(status);
5323 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
5324 cmd_status_rsp, &mgmt_err);
5328 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
5329 hci_dev_set_flag(hdev, HCI_ADVERTISING);
5331 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
5333 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
5336 new_settings(hdev, match.sk);
5341 /* Handle suspend notifier */
5342 if (test_and_clear_bit(SUSPEND_PAUSE_ADVERTISING,
5343 hdev->suspend_tasks)) {
5344 bt_dev_dbg(hdev, "Paused advertising");
5345 wake_up(&hdev->suspend_wait_q);
5346 } else if (test_and_clear_bit(SUSPEND_UNPAUSE_ADVERTISING,
5347 hdev->suspend_tasks)) {
5348 bt_dev_dbg(hdev, "Unpaused advertising");
5349 wake_up(&hdev->suspend_wait_q);
5352 /* If "Set Advertising" was just disabled and instance advertising was
5353 * set up earlier, then re-enable multi-instance advertising.
5355 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
5356 list_empty(&hdev->adv_instances))
5359 instance = hdev->cur_adv_instance;
5361 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
5362 struct adv_info, list);
5366 instance = adv_instance->instance;
5369 hci_req_init(&req, hdev);
5371 err = __hci_req_schedule_adv_instance(&req, instance, true);
5374 err = hci_req_run(&req, enable_advertising_instance);
5377 bt_dev_err(hdev, "failed to re-configure advertising");
5380 hci_dev_unlock(hdev);
5383 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
5386 struct mgmt_mode *cp = data;
5387 struct mgmt_pending_cmd *cmd;
5388 struct hci_request req;
5392 bt_dev_dbg(hdev, "sock %p", sk);
5394 status = mgmt_le_support(hdev);
5396 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5399 /* Enabling the experimental LL Privay support disables support for
5402 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
5403 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5404 MGMT_STATUS_NOT_SUPPORTED);
5406 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5407 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5408 MGMT_STATUS_INVALID_PARAMS);
5410 if (hdev->advertising_paused)
5411 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5418 /* The following conditions are ones which mean that we should
5419 * not do any HCI communication but directly send a mgmt
5420 * response to user space (after toggling the flag if
5423 if (!hdev_is_powered(hdev) ||
5424 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
5425 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
5426 hci_conn_num(hdev, LE_LINK) > 0 ||
5427 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
5428 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
5432 hdev->cur_adv_instance = 0x00;
5433 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
5434 if (cp->val == 0x02)
5435 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5437 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5439 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
5440 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5443 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
5448 err = new_settings(hdev, sk);
5453 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
5454 pending_find(MGMT_OP_SET_LE, hdev)) {
5455 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5460 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
5466 hci_req_init(&req, hdev);
5468 if (cp->val == 0x02)
5469 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5471 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5473 cancel_adv_timeout(hdev);
5476 /* Switch to instance "0" for the Set Advertising setting.
5477 * We cannot use update_[adv|scan_rsp]_data() here as the
5478 * HCI_ADVERTISING flag is not yet set.
5480 hdev->cur_adv_instance = 0x00;
5482 if (ext_adv_capable(hdev)) {
5483 __hci_req_start_ext_adv(&req, 0x00);
5485 __hci_req_update_adv_data(&req, 0x00);
5486 __hci_req_update_scan_rsp_data(&req, 0x00);
5487 __hci_req_enable_advertising(&req);
5490 __hci_req_disable_advertising(&req);
5493 err = hci_req_run(&req, set_advertising_complete);
5495 mgmt_pending_remove(cmd);
5498 hci_dev_unlock(hdev);
5502 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
5503 void *data, u16 len)
5505 struct mgmt_cp_set_static_address *cp = data;
5508 bt_dev_dbg(hdev, "sock %p", sk);
5510 if (!lmp_le_capable(hdev))
5511 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
5512 MGMT_STATUS_NOT_SUPPORTED);
5514 if (hdev_is_powered(hdev))
5515 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
5516 MGMT_STATUS_REJECTED);
5518 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
5519 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
5520 return mgmt_cmd_status(sk, hdev->id,
5521 MGMT_OP_SET_STATIC_ADDRESS,
5522 MGMT_STATUS_INVALID_PARAMS);
5524 /* Two most significant bits shall be set */
5525 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
5526 return mgmt_cmd_status(sk, hdev->id,
5527 MGMT_OP_SET_STATIC_ADDRESS,
5528 MGMT_STATUS_INVALID_PARAMS);
5533 bacpy(&hdev->static_addr, &cp->bdaddr);
5535 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
5539 err = new_settings(hdev, sk);
5542 hci_dev_unlock(hdev);
5546 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
5547 void *data, u16 len)
5549 struct mgmt_cp_set_scan_params *cp = data;
5550 __u16 interval, window;
5553 bt_dev_dbg(hdev, "sock %p", sk);
5555 if (!lmp_le_capable(hdev))
5556 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5557 MGMT_STATUS_NOT_SUPPORTED);
5559 interval = __le16_to_cpu(cp->interval);
5561 if (interval < 0x0004 || interval > 0x4000)
5562 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5563 MGMT_STATUS_INVALID_PARAMS);
5565 window = __le16_to_cpu(cp->window);
5567 if (window < 0x0004 || window > 0x4000)
5568 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5569 MGMT_STATUS_INVALID_PARAMS);
5571 if (window > interval)
5572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5573 MGMT_STATUS_INVALID_PARAMS);
5577 hdev->le_scan_interval = interval;
5578 hdev->le_scan_window = window;
5580 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
5583 /* If background scan is running, restart it so new parameters are
5586 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
5587 hdev->discovery.state == DISCOVERY_STOPPED) {
5588 struct hci_request req;
5590 hci_req_init(&req, hdev);
5592 hci_req_add_le_scan_disable(&req, false);
5593 hci_req_add_le_passive_scan(&req);
5595 hci_req_run(&req, NULL);
5598 hci_dev_unlock(hdev);
5603 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
5606 struct mgmt_pending_cmd *cmd;
5608 bt_dev_dbg(hdev, "status 0x%02x", status);
5612 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5617 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5618 mgmt_status(status));
5620 struct mgmt_mode *cp = cmd->param;
5623 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
5625 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5627 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5628 new_settings(hdev, cmd->sk);
5631 mgmt_pending_remove(cmd);
5634 hci_dev_unlock(hdev);
5637 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
5638 void *data, u16 len)
5640 struct mgmt_mode *cp = data;
5641 struct mgmt_pending_cmd *cmd;
5642 struct hci_request req;
5645 bt_dev_dbg(hdev, "sock %p", sk);
5647 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
5648 hdev->hci_ver < BLUETOOTH_VER_1_2)
5649 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5650 MGMT_STATUS_NOT_SUPPORTED);
5652 if (cp->val != 0x00 && cp->val != 0x01)
5653 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5654 MGMT_STATUS_INVALID_PARAMS);
5658 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
5659 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5664 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
5665 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5670 if (!hdev_is_powered(hdev)) {
5671 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
5672 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5674 new_settings(hdev, sk);
5678 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
5685 hci_req_init(&req, hdev);
5687 __hci_req_write_fast_connectable(&req, cp->val);
5689 err = hci_req_run(&req, fast_connectable_complete);
5691 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5692 MGMT_STATUS_FAILED);
5693 mgmt_pending_remove(cmd);
5697 hci_dev_unlock(hdev);
5702 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5704 struct mgmt_pending_cmd *cmd;
5706 bt_dev_dbg(hdev, "status 0x%02x", status);
5710 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
5715 u8 mgmt_err = mgmt_status(status);
5717 /* We need to restore the flag if related HCI commands
5720 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
5722 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
5724 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5725 new_settings(hdev, cmd->sk);
5728 mgmt_pending_remove(cmd);
5731 hci_dev_unlock(hdev);
5734 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5736 struct mgmt_mode *cp = data;
5737 struct mgmt_pending_cmd *cmd;
5738 struct hci_request req;
5741 bt_dev_dbg(hdev, "sock %p", sk);
5743 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
5744 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5745 MGMT_STATUS_NOT_SUPPORTED);
5747 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5748 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5749 MGMT_STATUS_REJECTED);
5751 if (cp->val != 0x00 && cp->val != 0x01)
5752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5753 MGMT_STATUS_INVALID_PARAMS);
5757 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5758 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5762 if (!hdev_is_powered(hdev)) {
5764 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
5765 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
5766 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
5767 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5768 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
5771 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
5773 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5777 err = new_settings(hdev, sk);
5781 /* Reject disabling when powered on */
5783 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5784 MGMT_STATUS_REJECTED);
5787 /* When configuring a dual-mode controller to operate
5788 * with LE only and using a static address, then switching
5789 * BR/EDR back on is not allowed.
5791 * Dual-mode controllers shall operate with the public
5792 * address as its identity address for BR/EDR and LE. So
5793 * reject the attempt to create an invalid configuration.
5795 * The same restrictions applies when secure connections
5796 * has been enabled. For BR/EDR this is a controller feature
5797 * while for LE it is a host stack feature. This means that
5798 * switching BR/EDR back on when secure connections has been
5799 * enabled is not a supported transaction.
5801 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5802 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5803 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
5804 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5805 MGMT_STATUS_REJECTED);
5810 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
5811 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5816 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5822 /* We need to flip the bit already here so that
5823 * hci_req_update_adv_data generates the correct flags.
5825 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
5827 hci_req_init(&req, hdev);
5829 __hci_req_write_fast_connectable(&req, false);
5830 __hci_req_update_scan(&req);
5832 /* Since only the advertising data flags will change, there
5833 * is no need to update the scan response data.
5835 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
5837 err = hci_req_run(&req, set_bredr_complete);
5839 mgmt_pending_remove(cmd);
5842 hci_dev_unlock(hdev);
5846 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5848 struct mgmt_pending_cmd *cmd;
5849 struct mgmt_mode *cp;
5851 bt_dev_dbg(hdev, "status %u", status);
5855 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5860 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5861 mgmt_status(status));
5869 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5870 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5873 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5874 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5877 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5878 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5882 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5883 new_settings(hdev, cmd->sk);
5886 mgmt_pending_remove(cmd);
5888 hci_dev_unlock(hdev);
5891 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5892 void *data, u16 len)
5894 struct mgmt_mode *cp = data;
5895 struct mgmt_pending_cmd *cmd;
5896 struct hci_request req;
5900 bt_dev_dbg(hdev, "sock %p", sk);
5902 if (!lmp_sc_capable(hdev) &&
5903 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5904 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5905 MGMT_STATUS_NOT_SUPPORTED);
5907 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5908 lmp_sc_capable(hdev) &&
5909 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
5910 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5911 MGMT_STATUS_REJECTED);
5913 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5914 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5915 MGMT_STATUS_INVALID_PARAMS);
5919 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5920 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5924 changed = !hci_dev_test_and_set_flag(hdev,
5926 if (cp->val == 0x02)
5927 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5929 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5931 changed = hci_dev_test_and_clear_flag(hdev,
5933 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5936 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5941 err = new_settings(hdev, sk);
5946 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5947 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5954 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5955 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5956 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5960 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5966 hci_req_init(&req, hdev);
5967 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5968 err = hci_req_run(&req, sc_enable_complete);
5970 mgmt_pending_remove(cmd);
5975 hci_dev_unlock(hdev);
5979 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5980 void *data, u16 len)
5982 struct mgmt_mode *cp = data;
5983 bool changed, use_changed;
5986 bt_dev_dbg(hdev, "sock %p", sk);
5988 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5989 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5990 MGMT_STATUS_INVALID_PARAMS);
5995 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5997 changed = hci_dev_test_and_clear_flag(hdev,
5998 HCI_KEEP_DEBUG_KEYS);
6000 if (cp->val == 0x02)
6001 use_changed = !hci_dev_test_and_set_flag(hdev,
6002 HCI_USE_DEBUG_KEYS);
6004 use_changed = hci_dev_test_and_clear_flag(hdev,
6005 HCI_USE_DEBUG_KEYS);
6007 if (hdev_is_powered(hdev) && use_changed &&
6008 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6009 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
6010 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
6011 sizeof(mode), &mode);
6014 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
6019 err = new_settings(hdev, sk);
6022 hci_dev_unlock(hdev);
6026 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
6029 struct mgmt_cp_set_privacy *cp = cp_data;
6033 bt_dev_dbg(hdev, "sock %p", sk);
6035 if (!lmp_le_capable(hdev))
6036 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6037 MGMT_STATUS_NOT_SUPPORTED);
6039 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
6040 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6041 MGMT_STATUS_INVALID_PARAMS);
6043 if (hdev_is_powered(hdev))
6044 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6045 MGMT_STATUS_REJECTED);
6049 /* If user space supports this command it is also expected to
6050 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
6052 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
6055 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
6056 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
6057 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
6058 hci_adv_instances_set_rpa_expired(hdev, true);
6059 if (cp->privacy == 0x02)
6060 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
6062 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
6064 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
6065 memset(hdev->irk, 0, sizeof(hdev->irk));
6066 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
6067 hci_adv_instances_set_rpa_expired(hdev, false);
6068 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
6071 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
6076 err = new_settings(hdev, sk);
6079 hci_dev_unlock(hdev);
6083 static bool irk_is_valid(struct mgmt_irk_info *irk)
6085 switch (irk->addr.type) {
6086 case BDADDR_LE_PUBLIC:
6089 case BDADDR_LE_RANDOM:
6090 /* Two most significant bits shall be set */
6091 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
6099 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
6102 struct mgmt_cp_load_irks *cp = cp_data;
6103 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
6104 sizeof(struct mgmt_irk_info));
6105 u16 irk_count, expected_len;
6108 bt_dev_dbg(hdev, "sock %p", sk);
6110 if (!lmp_le_capable(hdev))
6111 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6112 MGMT_STATUS_NOT_SUPPORTED);
6114 irk_count = __le16_to_cpu(cp->irk_count);
6115 if (irk_count > max_irk_count) {
6116 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
6118 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6119 MGMT_STATUS_INVALID_PARAMS);
6122 expected_len = struct_size(cp, irks, irk_count);
6123 if (expected_len != len) {
6124 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
6126 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6127 MGMT_STATUS_INVALID_PARAMS);
6130 bt_dev_dbg(hdev, "irk_count %u", irk_count);
6132 for (i = 0; i < irk_count; i++) {
6133 struct mgmt_irk_info *key = &cp->irks[i];
6135 if (!irk_is_valid(key))
6136 return mgmt_cmd_status(sk, hdev->id,
6138 MGMT_STATUS_INVALID_PARAMS);
6143 hci_smp_irks_clear(hdev);
6145 for (i = 0; i < irk_count; i++) {
6146 struct mgmt_irk_info *irk = &cp->irks[i];
6148 if (hci_is_blocked_key(hdev,
6149 HCI_BLOCKED_KEY_TYPE_IRK,
6151 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
6156 hci_add_irk(hdev, &irk->addr.bdaddr,
6157 le_addr_type(irk->addr.type), irk->val,
6161 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
6163 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
6165 hci_dev_unlock(hdev);
6170 static bool ltk_is_valid(struct mgmt_ltk_info *key)
6172 if (key->initiator != 0x00 && key->initiator != 0x01)
6175 switch (key->addr.type) {
6176 case BDADDR_LE_PUBLIC:
6179 case BDADDR_LE_RANDOM:
6180 /* Two most significant bits shall be set */
6181 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
6189 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
6190 void *cp_data, u16 len)
6192 struct mgmt_cp_load_long_term_keys *cp = cp_data;
6193 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
6194 sizeof(struct mgmt_ltk_info));
6195 u16 key_count, expected_len;
6198 bt_dev_dbg(hdev, "sock %p", sk);
6200 if (!lmp_le_capable(hdev))
6201 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6202 MGMT_STATUS_NOT_SUPPORTED);
6204 key_count = __le16_to_cpu(cp->key_count);
6205 if (key_count > max_key_count) {
6206 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
6208 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6209 MGMT_STATUS_INVALID_PARAMS);
6212 expected_len = struct_size(cp, keys, key_count);
6213 if (expected_len != len) {
6214 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
6216 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6217 MGMT_STATUS_INVALID_PARAMS);
6220 bt_dev_dbg(hdev, "key_count %u", key_count);
6222 for (i = 0; i < key_count; i++) {
6223 struct mgmt_ltk_info *key = &cp->keys[i];
6225 if (!ltk_is_valid(key))
6226 return mgmt_cmd_status(sk, hdev->id,
6227 MGMT_OP_LOAD_LONG_TERM_KEYS,
6228 MGMT_STATUS_INVALID_PARAMS);
6233 hci_smp_ltks_clear(hdev);
6235 for (i = 0; i < key_count; i++) {
6236 struct mgmt_ltk_info *key = &cp->keys[i];
6237 u8 type, authenticated;
6239 if (hci_is_blocked_key(hdev,
6240 HCI_BLOCKED_KEY_TYPE_LTK,
6242 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
6247 switch (key->type) {
6248 case MGMT_LTK_UNAUTHENTICATED:
6249 authenticated = 0x00;
6250 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
6252 case MGMT_LTK_AUTHENTICATED:
6253 authenticated = 0x01;
6254 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
6256 case MGMT_LTK_P256_UNAUTH:
6257 authenticated = 0x00;
6258 type = SMP_LTK_P256;
6260 case MGMT_LTK_P256_AUTH:
6261 authenticated = 0x01;
6262 type = SMP_LTK_P256;
6264 case MGMT_LTK_P256_DEBUG:
6265 authenticated = 0x00;
6266 type = SMP_LTK_P256_DEBUG;
6272 hci_add_ltk(hdev, &key->addr.bdaddr,
6273 le_addr_type(key->addr.type), type, authenticated,
6274 key->val, key->enc_size, key->ediv, key->rand);
6277 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
6280 hci_dev_unlock(hdev);
6285 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
6287 struct hci_conn *conn = cmd->user_data;
6288 struct mgmt_rp_get_conn_info rp;
6291 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
6293 if (status == MGMT_STATUS_SUCCESS) {
6294 rp.rssi = conn->rssi;
6295 rp.tx_power = conn->tx_power;
6296 rp.max_tx_power = conn->max_tx_power;
6298 rp.rssi = HCI_RSSI_INVALID;
6299 rp.tx_power = HCI_TX_POWER_INVALID;
6300 rp.max_tx_power = HCI_TX_POWER_INVALID;
6303 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
6304 status, &rp, sizeof(rp));
6306 hci_conn_drop(conn);
6312 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
6315 struct hci_cp_read_rssi *cp;
6316 struct mgmt_pending_cmd *cmd;
6317 struct hci_conn *conn;
6321 bt_dev_dbg(hdev, "status 0x%02x", hci_status);
6325 /* Commands sent in request are either Read RSSI or Read Transmit Power
6326 * Level so we check which one was last sent to retrieve connection
6327 * handle. Both commands have handle as first parameter so it's safe to
6328 * cast data on the same command struct.
6330 * First command sent is always Read RSSI and we fail only if it fails.
6331 * In other case we simply override error to indicate success as we
6332 * already remembered if TX power value is actually valid.
6334 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
6336 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
6337 status = MGMT_STATUS_SUCCESS;
6339 status = mgmt_status(hci_status);
6343 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
6347 handle = __le16_to_cpu(cp->handle);
6348 conn = hci_conn_hash_lookup_handle(hdev, handle);
6350 bt_dev_err(hdev, "unknown handle (%u) in conn_info response",
6355 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
6359 cmd->cmd_complete(cmd, status);
6360 mgmt_pending_remove(cmd);
6363 hci_dev_unlock(hdev);
6366 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
6369 struct mgmt_cp_get_conn_info *cp = data;
6370 struct mgmt_rp_get_conn_info rp;
6371 struct hci_conn *conn;
6372 unsigned long conn_info_age;
6375 bt_dev_dbg(hdev, "sock %p", sk);
6377 memset(&rp, 0, sizeof(rp));
6378 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6379 rp.addr.type = cp->addr.type;
6381 if (!bdaddr_type_is_valid(cp->addr.type))
6382 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6383 MGMT_STATUS_INVALID_PARAMS,
6388 if (!hdev_is_powered(hdev)) {
6389 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6390 MGMT_STATUS_NOT_POWERED, &rp,
6395 if (cp->addr.type == BDADDR_BREDR)
6396 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6399 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
6401 if (!conn || conn->state != BT_CONNECTED) {
6402 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6403 MGMT_STATUS_NOT_CONNECTED, &rp,
6408 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
6409 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6410 MGMT_STATUS_BUSY, &rp, sizeof(rp));
6414 /* To avoid client trying to guess when to poll again for information we
6415 * calculate conn info age as random value between min/max set in hdev.
6417 conn_info_age = hdev->conn_info_min_age +
6418 prandom_u32_max(hdev->conn_info_max_age -
6419 hdev->conn_info_min_age);
6421 /* Query controller to refresh cached values if they are too old or were
6424 if (time_after(jiffies, conn->conn_info_timestamp +
6425 msecs_to_jiffies(conn_info_age)) ||
6426 !conn->conn_info_timestamp) {
6427 struct hci_request req;
6428 struct hci_cp_read_tx_power req_txp_cp;
6429 struct hci_cp_read_rssi req_rssi_cp;
6430 struct mgmt_pending_cmd *cmd;
6432 hci_req_init(&req, hdev);
6433 req_rssi_cp.handle = cpu_to_le16(conn->handle);
6434 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
6437 /* For LE links TX power does not change thus we don't need to
6438 * query for it once value is known.
6440 if (!bdaddr_type_is_le(cp->addr.type) ||
6441 conn->tx_power == HCI_TX_POWER_INVALID) {
6442 req_txp_cp.handle = cpu_to_le16(conn->handle);
6443 req_txp_cp.type = 0x00;
6444 hci_req_add(&req, HCI_OP_READ_TX_POWER,
6445 sizeof(req_txp_cp), &req_txp_cp);
6448 /* Max TX power needs to be read only once per connection */
6449 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
6450 req_txp_cp.handle = cpu_to_le16(conn->handle);
6451 req_txp_cp.type = 0x01;
6452 hci_req_add(&req, HCI_OP_READ_TX_POWER,
6453 sizeof(req_txp_cp), &req_txp_cp);
6456 err = hci_req_run(&req, conn_info_refresh_complete);
6460 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
6467 hci_conn_hold(conn);
6468 cmd->user_data = hci_conn_get(conn);
6469 cmd->cmd_complete = conn_info_cmd_complete;
6471 conn->conn_info_timestamp = jiffies;
6473 /* Cache is valid, just reply with values cached in hci_conn */
6474 rp.rssi = conn->rssi;
6475 rp.tx_power = conn->tx_power;
6476 rp.max_tx_power = conn->max_tx_power;
6478 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6479 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6483 hci_dev_unlock(hdev);
6487 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
6489 struct hci_conn *conn = cmd->user_data;
6490 struct mgmt_rp_get_clock_info rp;
6491 struct hci_dev *hdev;
6494 memset(&rp, 0, sizeof(rp));
6495 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
6500 hdev = hci_dev_get(cmd->index);
6502 rp.local_clock = cpu_to_le32(hdev->clock);
6507 rp.piconet_clock = cpu_to_le32(conn->clock);
6508 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
6512 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
6516 hci_conn_drop(conn);
6523 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6525 struct hci_cp_read_clock *hci_cp;
6526 struct mgmt_pending_cmd *cmd;
6527 struct hci_conn *conn;
6529 bt_dev_dbg(hdev, "status %u", status);
6533 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
6537 if (hci_cp->which) {
6538 u16 handle = __le16_to_cpu(hci_cp->handle);
6539 conn = hci_conn_hash_lookup_handle(hdev, handle);
6544 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
6548 cmd->cmd_complete(cmd, mgmt_status(status));
6549 mgmt_pending_remove(cmd);
6552 hci_dev_unlock(hdev);
6555 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
6558 struct mgmt_cp_get_clock_info *cp = data;
6559 struct mgmt_rp_get_clock_info rp;
6560 struct hci_cp_read_clock hci_cp;
6561 struct mgmt_pending_cmd *cmd;
6562 struct hci_request req;
6563 struct hci_conn *conn;
6566 bt_dev_dbg(hdev, "sock %p", sk);
6568 memset(&rp, 0, sizeof(rp));
6569 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6570 rp.addr.type = cp->addr.type;
6572 if (cp->addr.type != BDADDR_BREDR)
6573 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6574 MGMT_STATUS_INVALID_PARAMS,
6579 if (!hdev_is_powered(hdev)) {
6580 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6581 MGMT_STATUS_NOT_POWERED, &rp,
6586 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6587 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6589 if (!conn || conn->state != BT_CONNECTED) {
6590 err = mgmt_cmd_complete(sk, hdev->id,
6591 MGMT_OP_GET_CLOCK_INFO,
6592 MGMT_STATUS_NOT_CONNECTED,
6600 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
6606 cmd->cmd_complete = clock_info_cmd_complete;
6608 hci_req_init(&req, hdev);
6610 memset(&hci_cp, 0, sizeof(hci_cp));
6611 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6614 hci_conn_hold(conn);
6615 cmd->user_data = hci_conn_get(conn);
6617 hci_cp.handle = cpu_to_le16(conn->handle);
6618 hci_cp.which = 0x01; /* Piconet clock */
6619 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6622 err = hci_req_run(&req, get_clock_info_complete);
6624 mgmt_pending_remove(cmd);
6627 hci_dev_unlock(hdev);
6631 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
6633 struct hci_conn *conn;
6635 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
6639 if (conn->dst_type != type)
6642 if (conn->state != BT_CONNECTED)
6648 /* This function requires the caller holds hdev->lock */
6649 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
6650 u8 addr_type, u8 auto_connect)
6652 struct hci_conn_params *params;
6654 params = hci_conn_params_add(hdev, addr, addr_type);
6658 if (params->auto_connect == auto_connect)
6661 list_del_init(¶ms->action);
6663 switch (auto_connect) {
6664 case HCI_AUTO_CONN_DISABLED:
6665 case HCI_AUTO_CONN_LINK_LOSS:
6666 /* If auto connect is being disabled when we're trying to
6667 * connect to device, keep connecting.
6669 if (params->explicit_connect)
6670 list_add(¶ms->action, &hdev->pend_le_conns);
6672 case HCI_AUTO_CONN_REPORT:
6673 if (params->explicit_connect)
6674 list_add(¶ms->action, &hdev->pend_le_conns);
6676 list_add(¶ms->action, &hdev->pend_le_reports);
6678 case HCI_AUTO_CONN_DIRECT:
6679 case HCI_AUTO_CONN_ALWAYS:
6680 if (!is_connected(hdev, addr, addr_type))
6681 list_add(¶ms->action, &hdev->pend_le_conns);
6685 params->auto_connect = auto_connect;
6687 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
6688 addr, addr_type, auto_connect);
6693 static void device_added(struct sock *sk, struct hci_dev *hdev,
6694 bdaddr_t *bdaddr, u8 type, u8 action)
6696 struct mgmt_ev_device_added ev;
6698 bacpy(&ev.addr.bdaddr, bdaddr);
6699 ev.addr.type = type;
6702 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
6705 static int add_device(struct sock *sk, struct hci_dev *hdev,
6706 void *data, u16 len)
6708 struct mgmt_cp_add_device *cp = data;
6709 u8 auto_conn, addr_type;
6710 struct hci_conn_params *params;
6712 u32 current_flags = 0;
6714 bt_dev_dbg(hdev, "sock %p", sk);
6716 if (!bdaddr_type_is_valid(cp->addr.type) ||
6717 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
6718 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6719 MGMT_STATUS_INVALID_PARAMS,
6720 &cp->addr, sizeof(cp->addr));
6722 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
6723 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6724 MGMT_STATUS_INVALID_PARAMS,
6725 &cp->addr, sizeof(cp->addr));
6729 if (cp->addr.type == BDADDR_BREDR) {
6730 /* Only incoming connections action is supported for now */
6731 if (cp->action != 0x01) {
6732 err = mgmt_cmd_complete(sk, hdev->id,
6734 MGMT_STATUS_INVALID_PARAMS,
6735 &cp->addr, sizeof(cp->addr));
6739 err = hci_bdaddr_list_add_with_flags(&hdev->accept_list,
6745 hci_req_update_scan(hdev);
6750 addr_type = le_addr_type(cp->addr.type);
6752 if (cp->action == 0x02)
6753 auto_conn = HCI_AUTO_CONN_ALWAYS;
6754 else if (cp->action == 0x01)
6755 auto_conn = HCI_AUTO_CONN_DIRECT;
6757 auto_conn = HCI_AUTO_CONN_REPORT;
6759 /* Kernel internally uses conn_params with resolvable private
6760 * address, but Add Device allows only identity addresses.
6761 * Make sure it is enforced before calling
6762 * hci_conn_params_lookup.
6764 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
6765 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6766 MGMT_STATUS_INVALID_PARAMS,
6767 &cp->addr, sizeof(cp->addr));
6771 /* If the connection parameters don't exist for this device,
6772 * they will be created and configured with defaults.
6774 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
6776 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6777 MGMT_STATUS_FAILED, &cp->addr,
6781 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6784 current_flags = params->current_flags;
6787 hci_update_background_scan(hdev);
6790 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
6791 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type,
6792 SUPPORTED_DEVICE_FLAGS(), current_flags);
6794 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6795 MGMT_STATUS_SUCCESS, &cp->addr,
6799 hci_dev_unlock(hdev);
6803 static void device_removed(struct sock *sk, struct hci_dev *hdev,
6804 bdaddr_t *bdaddr, u8 type)
6806 struct mgmt_ev_device_removed ev;
6808 bacpy(&ev.addr.bdaddr, bdaddr);
6809 ev.addr.type = type;
6811 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6814 static int remove_device(struct sock *sk, struct hci_dev *hdev,
6815 void *data, u16 len)
6817 struct mgmt_cp_remove_device *cp = data;
6820 bt_dev_dbg(hdev, "sock %p", sk);
6824 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6825 struct hci_conn_params *params;
6828 if (!bdaddr_type_is_valid(cp->addr.type)) {
6829 err = mgmt_cmd_complete(sk, hdev->id,
6830 MGMT_OP_REMOVE_DEVICE,
6831 MGMT_STATUS_INVALID_PARAMS,
6832 &cp->addr, sizeof(cp->addr));
6836 if (cp->addr.type == BDADDR_BREDR) {
6837 err = hci_bdaddr_list_del(&hdev->accept_list,
6841 err = mgmt_cmd_complete(sk, hdev->id,
6842 MGMT_OP_REMOVE_DEVICE,
6843 MGMT_STATUS_INVALID_PARAMS,
6849 hci_req_update_scan(hdev);
6851 device_removed(sk, hdev, &cp->addr.bdaddr,
6856 addr_type = le_addr_type(cp->addr.type);
6858 /* Kernel internally uses conn_params with resolvable private
6859 * address, but Remove Device allows only identity addresses.
6860 * Make sure it is enforced before calling
6861 * hci_conn_params_lookup.
6863 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
6864 err = mgmt_cmd_complete(sk, hdev->id,
6865 MGMT_OP_REMOVE_DEVICE,
6866 MGMT_STATUS_INVALID_PARAMS,
6867 &cp->addr, sizeof(cp->addr));
6871 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6874 err = mgmt_cmd_complete(sk, hdev->id,
6875 MGMT_OP_REMOVE_DEVICE,
6876 MGMT_STATUS_INVALID_PARAMS,
6877 &cp->addr, sizeof(cp->addr));
6881 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
6882 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
6883 err = mgmt_cmd_complete(sk, hdev->id,
6884 MGMT_OP_REMOVE_DEVICE,
6885 MGMT_STATUS_INVALID_PARAMS,
6886 &cp->addr, sizeof(cp->addr));
6890 list_del(¶ms->action);
6891 list_del(¶ms->list);
6893 hci_update_background_scan(hdev);
6895 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
6897 struct hci_conn_params *p, *tmp;
6898 struct bdaddr_list *b, *btmp;
6900 if (cp->addr.type) {
6901 err = mgmt_cmd_complete(sk, hdev->id,
6902 MGMT_OP_REMOVE_DEVICE,
6903 MGMT_STATUS_INVALID_PARAMS,
6904 &cp->addr, sizeof(cp->addr));
6908 list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) {
6909 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6914 hci_req_update_scan(hdev);
6916 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6917 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6919 device_removed(sk, hdev, &p->addr, p->addr_type);
6920 if (p->explicit_connect) {
6921 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
6924 list_del(&p->action);
6929 bt_dev_dbg(hdev, "All LE connection parameters were removed");
6931 hci_update_background_scan(hdev);
6935 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
6936 MGMT_STATUS_SUCCESS, &cp->addr,
6939 hci_dev_unlock(hdev);
6943 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6946 struct mgmt_cp_load_conn_param *cp = data;
6947 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6948 sizeof(struct mgmt_conn_param));
6949 u16 param_count, expected_len;
6952 if (!lmp_le_capable(hdev))
6953 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6954 MGMT_STATUS_NOT_SUPPORTED);
6956 param_count = __le16_to_cpu(cp->param_count);
6957 if (param_count > max_param_count) {
6958 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
6960 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6961 MGMT_STATUS_INVALID_PARAMS);
6964 expected_len = struct_size(cp, params, param_count);
6965 if (expected_len != len) {
6966 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
6968 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6969 MGMT_STATUS_INVALID_PARAMS);
6972 bt_dev_dbg(hdev, "param_count %u", param_count);
6976 hci_conn_params_clear_disabled(hdev);
6978 for (i = 0; i < param_count; i++) {
6979 struct mgmt_conn_param *param = &cp->params[i];
6980 struct hci_conn_params *hci_param;
6981 u16 min, max, latency, timeout;
6984 bt_dev_dbg(hdev, "Adding %pMR (type %u)", ¶m->addr.bdaddr,
6987 if (param->addr.type == BDADDR_LE_PUBLIC) {
6988 addr_type = ADDR_LE_DEV_PUBLIC;
6989 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6990 addr_type = ADDR_LE_DEV_RANDOM;
6992 bt_dev_err(hdev, "ignoring invalid connection parameters");
6996 min = le16_to_cpu(param->min_interval);
6997 max = le16_to_cpu(param->max_interval);
6998 latency = le16_to_cpu(param->latency);
6999 timeout = le16_to_cpu(param->timeout);
7001 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
7002 min, max, latency, timeout);
7004 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
7005 bt_dev_err(hdev, "ignoring invalid connection parameters");
7009 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
7012 bt_dev_err(hdev, "failed to add connection parameters");
7016 hci_param->conn_min_interval = min;
7017 hci_param->conn_max_interval = max;
7018 hci_param->conn_latency = latency;
7019 hci_param->supervision_timeout = timeout;
7022 hci_dev_unlock(hdev);
7024 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
7028 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
7029 void *data, u16 len)
7031 struct mgmt_cp_set_external_config *cp = data;
7035 bt_dev_dbg(hdev, "sock %p", sk);
7037 if (hdev_is_powered(hdev))
7038 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7039 MGMT_STATUS_REJECTED);
7041 if (cp->config != 0x00 && cp->config != 0x01)
7042 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7043 MGMT_STATUS_INVALID_PARAMS);
7045 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
7046 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7047 MGMT_STATUS_NOT_SUPPORTED);
7052 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
7054 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
7056 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
7063 err = new_options(hdev, sk);
7065 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
7066 mgmt_index_removed(hdev);
7068 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
7069 hci_dev_set_flag(hdev, HCI_CONFIG);
7070 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
7072 queue_work(hdev->req_workqueue, &hdev->power_on);
7074 set_bit(HCI_RAW, &hdev->flags);
7075 mgmt_index_added(hdev);
7080 hci_dev_unlock(hdev);
7084 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
7085 void *data, u16 len)
7087 struct mgmt_cp_set_public_address *cp = data;
7091 bt_dev_dbg(hdev, "sock %p", sk);
7093 if (hdev_is_powered(hdev))
7094 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7095 MGMT_STATUS_REJECTED);
7097 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
7098 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7099 MGMT_STATUS_INVALID_PARAMS);
7101 if (!hdev->set_bdaddr)
7102 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7103 MGMT_STATUS_NOT_SUPPORTED);
7107 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
7108 bacpy(&hdev->public_addr, &cp->bdaddr);
7110 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
7117 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
7118 err = new_options(hdev, sk);
7120 if (is_configured(hdev)) {
7121 mgmt_index_removed(hdev);
7123 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
7125 hci_dev_set_flag(hdev, HCI_CONFIG);
7126 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
7128 queue_work(hdev->req_workqueue, &hdev->power_on);
7132 hci_dev_unlock(hdev);
7136 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
7137 u16 opcode, struct sk_buff *skb)
7139 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
7140 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
7141 u8 *h192, *r192, *h256, *r256;
7142 struct mgmt_pending_cmd *cmd;
7146 bt_dev_dbg(hdev, "status %u", status);
7148 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
7152 mgmt_cp = cmd->param;
7155 status = mgmt_status(status);
7162 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
7163 struct hci_rp_read_local_oob_data *rp;
7165 if (skb->len != sizeof(*rp)) {
7166 status = MGMT_STATUS_FAILED;
7169 status = MGMT_STATUS_SUCCESS;
7170 rp = (void *)skb->data;
7172 eir_len = 5 + 18 + 18;
7179 struct hci_rp_read_local_oob_ext_data *rp;
7181 if (skb->len != sizeof(*rp)) {
7182 status = MGMT_STATUS_FAILED;
7185 status = MGMT_STATUS_SUCCESS;
7186 rp = (void *)skb->data;
7188 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
7189 eir_len = 5 + 18 + 18;
7193 eir_len = 5 + 18 + 18 + 18 + 18;
7203 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
7210 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
7211 hdev->dev_class, 3);
7214 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7215 EIR_SSP_HASH_C192, h192, 16);
7216 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7217 EIR_SSP_RAND_R192, r192, 16);
7221 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7222 EIR_SSP_HASH_C256, h256, 16);
7223 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7224 EIR_SSP_RAND_R256, r256, 16);
7228 mgmt_rp->type = mgmt_cp->type;
7229 mgmt_rp->eir_len = cpu_to_le16(eir_len);
7231 err = mgmt_cmd_complete(cmd->sk, hdev->id,
7232 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
7233 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
7234 if (err < 0 || status)
7237 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
7239 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
7240 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
7241 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
7244 mgmt_pending_remove(cmd);
7247 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
7248 struct mgmt_cp_read_local_oob_ext_data *cp)
7250 struct mgmt_pending_cmd *cmd;
7251 struct hci_request req;
7254 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
7259 hci_req_init(&req, hdev);
7261 if (bredr_sc_enabled(hdev))
7262 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
7264 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
7266 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
7268 mgmt_pending_remove(cmd);
7275 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
7276 void *data, u16 data_len)
7278 struct mgmt_cp_read_local_oob_ext_data *cp = data;
7279 struct mgmt_rp_read_local_oob_ext_data *rp;
7282 u8 status, flags, role, addr[7], hash[16], rand[16];
7285 bt_dev_dbg(hdev, "sock %p", sk);
7287 if (hdev_is_powered(hdev)) {
7289 case BIT(BDADDR_BREDR):
7290 status = mgmt_bredr_support(hdev);
7296 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
7297 status = mgmt_le_support(hdev);
7301 eir_len = 9 + 3 + 18 + 18 + 3;
7304 status = MGMT_STATUS_INVALID_PARAMS;
7309 status = MGMT_STATUS_NOT_POWERED;
7313 rp_len = sizeof(*rp) + eir_len;
7314 rp = kmalloc(rp_len, GFP_ATOMIC);
7325 case BIT(BDADDR_BREDR):
7326 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7327 err = read_local_ssp_oob_req(hdev, sk, cp);
7328 hci_dev_unlock(hdev);
7332 status = MGMT_STATUS_FAILED;
7335 eir_len = eir_append_data(rp->eir, eir_len,
7337 hdev->dev_class, 3);
7340 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
7341 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
7342 smp_generate_oob(hdev, hash, rand) < 0) {
7343 hci_dev_unlock(hdev);
7344 status = MGMT_STATUS_FAILED;
7348 /* This should return the active RPA, but since the RPA
7349 * is only programmed on demand, it is really hard to fill
7350 * this in at the moment. For now disallow retrieving
7351 * local out-of-band data when privacy is in use.
7353 * Returning the identity address will not help here since
7354 * pairing happens before the identity resolving key is
7355 * known and thus the connection establishment happens
7356 * based on the RPA and not the identity address.
7358 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
7359 hci_dev_unlock(hdev);
7360 status = MGMT_STATUS_REJECTED;
7364 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
7365 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
7366 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
7367 bacmp(&hdev->static_addr, BDADDR_ANY))) {
7368 memcpy(addr, &hdev->static_addr, 6);
7371 memcpy(addr, &hdev->bdaddr, 6);
7375 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
7376 addr, sizeof(addr));
7378 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7383 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
7384 &role, sizeof(role));
7386 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
7387 eir_len = eir_append_data(rp->eir, eir_len,
7389 hash, sizeof(hash));
7391 eir_len = eir_append_data(rp->eir, eir_len,
7393 rand, sizeof(rand));
7396 flags = mgmt_get_adv_discov_flags(hdev);
7398 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
7399 flags |= LE_AD_NO_BREDR;
7401 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
7402 &flags, sizeof(flags));
7406 hci_dev_unlock(hdev);
7408 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
7410 status = MGMT_STATUS_SUCCESS;
7413 rp->type = cp->type;
7414 rp->eir_len = cpu_to_le16(eir_len);
7416 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
7417 status, rp, sizeof(*rp) + eir_len);
7418 if (err < 0 || status)
7421 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
7422 rp, sizeof(*rp) + eir_len,
7423 HCI_MGMT_OOB_DATA_EVENTS, sk);
7431 static u32 get_supported_adv_flags(struct hci_dev *hdev)
7435 flags |= MGMT_ADV_FLAG_CONNECTABLE;
7436 flags |= MGMT_ADV_FLAG_DISCOV;
7437 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
7438 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
7439 flags |= MGMT_ADV_FLAG_APPEARANCE;
7440 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
7441 flags |= MGMT_ADV_PARAM_DURATION;
7442 flags |= MGMT_ADV_PARAM_TIMEOUT;
7443 flags |= MGMT_ADV_PARAM_INTERVALS;
7444 flags |= MGMT_ADV_PARAM_TX_POWER;
7445 flags |= MGMT_ADV_PARAM_SCAN_RSP;
7447 /* In extended adv TX_POWER returned from Set Adv Param
7448 * will be always valid.
7450 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
7451 ext_adv_capable(hdev))
7452 flags |= MGMT_ADV_FLAG_TX_POWER;
7454 if (ext_adv_capable(hdev)) {
7455 flags |= MGMT_ADV_FLAG_SEC_1M;
7456 flags |= MGMT_ADV_FLAG_HW_OFFLOAD;
7457 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER;
7459 if (hdev->le_features[1] & HCI_LE_PHY_2M)
7460 flags |= MGMT_ADV_FLAG_SEC_2M;
7462 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
7463 flags |= MGMT_ADV_FLAG_SEC_CODED;
7469 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
7470 void *data, u16 data_len)
7472 struct mgmt_rp_read_adv_features *rp;
7475 struct adv_info *adv_instance;
7476 u32 supported_flags;
7479 bt_dev_dbg(hdev, "sock %p", sk);
7481 if (!lmp_le_capable(hdev))
7482 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7483 MGMT_STATUS_REJECTED);
7485 /* Enabling the experimental LL Privay support disables support for
7488 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
7489 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7490 MGMT_STATUS_NOT_SUPPORTED);
7494 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
7495 rp = kmalloc(rp_len, GFP_ATOMIC);
7497 hci_dev_unlock(hdev);
7501 supported_flags = get_supported_adv_flags(hdev);
7503 rp->supported_flags = cpu_to_le32(supported_flags);
7504 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
7505 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
7506 rp->max_instances = hdev->le_num_of_adv_sets;
7507 rp->num_instances = hdev->adv_instance_cnt;
7509 instance = rp->instance;
7510 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
7511 *instance = adv_instance->instance;
7515 hci_dev_unlock(hdev);
7517 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7518 MGMT_STATUS_SUCCESS, rp, rp_len);
7525 static u8 calculate_name_len(struct hci_dev *hdev)
7527 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
7529 return append_local_name(hdev, buf, 0);
7532 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
7535 u8 max_len = HCI_MAX_AD_LENGTH;
7538 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
7539 MGMT_ADV_FLAG_LIMITED_DISCOV |
7540 MGMT_ADV_FLAG_MANAGED_FLAGS))
7543 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
7546 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
7547 max_len -= calculate_name_len(hdev);
7549 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
7556 static bool flags_managed(u32 adv_flags)
7558 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
7559 MGMT_ADV_FLAG_LIMITED_DISCOV |
7560 MGMT_ADV_FLAG_MANAGED_FLAGS);
7563 static bool tx_power_managed(u32 adv_flags)
7565 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
7568 static bool name_managed(u32 adv_flags)
7570 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
7573 static bool appearance_managed(u32 adv_flags)
7575 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
7578 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
7579 u8 len, bool is_adv_data)
7584 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
7589 /* Make sure that the data is correctly formatted. */
7590 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
7596 if (data[i + 1] == EIR_FLAGS &&
7597 (!is_adv_data || flags_managed(adv_flags)))
7600 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
7603 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
7606 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
7609 if (data[i + 1] == EIR_APPEARANCE &&
7610 appearance_managed(adv_flags))
7613 /* If the current field length would exceed the total data
7614 * length, then it's invalid.
7616 if (i + cur_len >= len)
7623 static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags)
7625 u32 supported_flags, phy_flags;
7627 /* The current implementation only supports a subset of the specified
7628 * flags. Also need to check mutual exclusiveness of sec flags.
7630 supported_flags = get_supported_adv_flags(hdev);
7631 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK;
7632 if (adv_flags & ~supported_flags ||
7633 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
7639 static bool adv_busy(struct hci_dev *hdev)
7641 return (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7642 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7643 pending_find(MGMT_OP_SET_LE, hdev) ||
7644 pending_find(MGMT_OP_ADD_EXT_ADV_PARAMS, hdev) ||
7645 pending_find(MGMT_OP_ADD_EXT_ADV_DATA, hdev));
7648 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
7651 struct mgmt_pending_cmd *cmd;
7652 struct mgmt_cp_add_advertising *cp;
7653 struct mgmt_rp_add_advertising rp;
7654 struct adv_info *adv_instance, *n;
7657 bt_dev_dbg(hdev, "status %u", status);
7661 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
7663 cmd = pending_find(MGMT_OP_ADD_EXT_ADV_DATA, hdev);
7665 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
7666 if (!adv_instance->pending)
7670 adv_instance->pending = false;
7674 instance = adv_instance->instance;
7676 if (hdev->cur_adv_instance == instance)
7677 cancel_adv_timeout(hdev);
7679 hci_remove_adv_instance(hdev, instance);
7680 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
7687 rp.instance = cp->instance;
7690 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
7691 mgmt_status(status));
7693 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
7694 mgmt_status(status), &rp, sizeof(rp));
7696 mgmt_pending_remove(cmd);
7699 hci_dev_unlock(hdev);
7702 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
7703 void *data, u16 data_len)
7705 struct mgmt_cp_add_advertising *cp = data;
7706 struct mgmt_rp_add_advertising rp;
7709 u16 timeout, duration;
7710 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
7711 u8 schedule_instance = 0;
7712 struct adv_info *next_instance;
7714 struct mgmt_pending_cmd *cmd;
7715 struct hci_request req;
7717 bt_dev_dbg(hdev, "sock %p", sk);
7719 status = mgmt_le_support(hdev);
7721 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7724 /* Enabling the experimental LL Privay support disables support for
7727 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
7728 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7729 MGMT_STATUS_NOT_SUPPORTED);
7731 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
7732 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7733 MGMT_STATUS_INVALID_PARAMS);
7735 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
7736 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7737 MGMT_STATUS_INVALID_PARAMS);
7739 flags = __le32_to_cpu(cp->flags);
7740 timeout = __le16_to_cpu(cp->timeout);
7741 duration = __le16_to_cpu(cp->duration);
7743 if (!requested_adv_flags_are_valid(hdev, flags))
7744 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7745 MGMT_STATUS_INVALID_PARAMS);
7749 if (timeout && !hdev_is_powered(hdev)) {
7750 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7751 MGMT_STATUS_REJECTED);
7755 if (adv_busy(hdev)) {
7756 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7761 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
7762 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
7763 cp->scan_rsp_len, false)) {
7764 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7765 MGMT_STATUS_INVALID_PARAMS);
7769 err = hci_add_adv_instance(hdev, cp->instance, flags,
7770 cp->adv_data_len, cp->data,
7772 cp->data + cp->adv_data_len,
7774 HCI_ADV_TX_POWER_NO_PREFERENCE,
7775 hdev->le_adv_min_interval,
7776 hdev->le_adv_max_interval);
7778 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7779 MGMT_STATUS_FAILED);
7783 /* Only trigger an advertising added event if a new instance was
7786 if (hdev->adv_instance_cnt > prev_instance_cnt)
7787 mgmt_advertising_added(sk, hdev, cp->instance);
7789 if (hdev->cur_adv_instance == cp->instance) {
7790 /* If the currently advertised instance is being changed then
7791 * cancel the current advertising and schedule the next
7792 * instance. If there is only one instance then the overridden
7793 * advertising data will be visible right away.
7795 cancel_adv_timeout(hdev);
7797 next_instance = hci_get_next_instance(hdev, cp->instance);
7799 schedule_instance = next_instance->instance;
7800 } else if (!hdev->adv_instance_timeout) {
7801 /* Immediately advertise the new instance if no other
7802 * instance is currently being advertised.
7804 schedule_instance = cp->instance;
7807 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
7808 * there is no instance to be advertised then we have no HCI
7809 * communication to make. Simply return.
7811 if (!hdev_is_powered(hdev) ||
7812 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7813 !schedule_instance) {
7814 rp.instance = cp->instance;
7815 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7816 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7820 /* We're good to go, update advertising data, parameters, and start
7823 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
7830 hci_req_init(&req, hdev);
7832 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
7835 err = hci_req_run(&req, add_advertising_complete);
7838 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7839 MGMT_STATUS_FAILED);
7840 mgmt_pending_remove(cmd);
7844 hci_dev_unlock(hdev);
7849 static void add_ext_adv_params_complete(struct hci_dev *hdev, u8 status,
7852 struct mgmt_pending_cmd *cmd;
7853 struct mgmt_cp_add_ext_adv_params *cp;
7854 struct mgmt_rp_add_ext_adv_params rp;
7855 struct adv_info *adv_instance;
7858 BT_DBG("%s", hdev->name);
7862 cmd = pending_find(MGMT_OP_ADD_EXT_ADV_PARAMS, hdev);
7867 adv_instance = hci_find_adv_instance(hdev, cp->instance);
7871 rp.instance = cp->instance;
7872 rp.tx_power = adv_instance->tx_power;
7874 /* While we're at it, inform userspace of the available space for this
7875 * advertisement, given the flags that will be used.
7877 flags = __le32_to_cpu(cp->flags);
7878 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
7879 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
7882 /* If this advertisement was previously advertising and we
7883 * failed to update it, we signal that it has been removed and
7884 * delete its structure
7886 if (!adv_instance->pending)
7887 mgmt_advertising_removed(cmd->sk, hdev, cp->instance);
7889 hci_remove_adv_instance(hdev, cp->instance);
7891 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
7892 mgmt_status(status));
7895 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
7896 mgmt_status(status), &rp, sizeof(rp));
7901 mgmt_pending_remove(cmd);
7903 hci_dev_unlock(hdev);
7906 static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev,
7907 void *data, u16 data_len)
7909 struct mgmt_cp_add_ext_adv_params *cp = data;
7910 struct mgmt_rp_add_ext_adv_params rp;
7911 struct mgmt_pending_cmd *cmd = NULL;
7912 struct adv_info *adv_instance;
7913 struct hci_request req;
7914 u32 flags, min_interval, max_interval;
7915 u16 timeout, duration;
7920 BT_DBG("%s", hdev->name);
7922 status = mgmt_le_support(hdev);
7924 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7927 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
7928 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7929 MGMT_STATUS_INVALID_PARAMS);
7931 /* The purpose of breaking add_advertising into two separate MGMT calls
7932 * for params and data is to allow more parameters to be added to this
7933 * structure in the future. For this reason, we verify that we have the
7934 * bare minimum structure we know of when the interface was defined. Any
7935 * extra parameters we don't know about will be ignored in this request.
7937 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE)
7938 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7939 MGMT_STATUS_INVALID_PARAMS);
7941 flags = __le32_to_cpu(cp->flags);
7943 if (!requested_adv_flags_are_valid(hdev, flags))
7944 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7945 MGMT_STATUS_INVALID_PARAMS);
7949 /* In new interface, we require that we are powered to register */
7950 if (!hdev_is_powered(hdev)) {
7951 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7952 MGMT_STATUS_REJECTED);
7956 if (adv_busy(hdev)) {
7957 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7962 /* Parse defined parameters from request, use defaults otherwise */
7963 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ?
7964 __le16_to_cpu(cp->timeout) : 0;
7966 duration = (flags & MGMT_ADV_PARAM_DURATION) ?
7967 __le16_to_cpu(cp->duration) :
7968 hdev->def_multi_adv_rotation_duration;
7970 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
7971 __le32_to_cpu(cp->min_interval) :
7972 hdev->le_adv_min_interval;
7974 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
7975 __le32_to_cpu(cp->max_interval) :
7976 hdev->le_adv_max_interval;
7978 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ?
7980 HCI_ADV_TX_POWER_NO_PREFERENCE;
7982 /* Create advertising instance with no advertising or response data */
7983 err = hci_add_adv_instance(hdev, cp->instance, flags,
7984 0, NULL, 0, NULL, timeout, duration,
7985 tx_power, min_interval, max_interval);
7988 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7989 MGMT_STATUS_FAILED);
7993 /* Submit request for advertising params if ext adv available */
7994 if (ext_adv_capable(hdev)) {
7995 hci_req_init(&req, hdev);
7996 adv_instance = hci_find_adv_instance(hdev, cp->instance);
7998 /* Updating parameters of an active instance will return a
7999 * Command Disallowed error, so we must first disable the
8000 * instance if it is active.
8002 if (!adv_instance->pending)
8003 __hci_req_disable_ext_adv_instance(&req, cp->instance);
8005 __hci_req_setup_ext_adv_instance(&req, cp->instance);
8007 err = hci_req_run(&req, add_ext_adv_params_complete);
8010 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_EXT_ADV_PARAMS,
8011 hdev, data, data_len);
8014 hci_remove_adv_instance(hdev, cp->instance);
8019 rp.instance = cp->instance;
8020 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE;
8021 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8022 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8023 err = mgmt_cmd_complete(sk, hdev->id,
8024 MGMT_OP_ADD_EXT_ADV_PARAMS,
8025 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8029 hci_dev_unlock(hdev);
8034 static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data,
8037 struct mgmt_cp_add_ext_adv_data *cp = data;
8038 struct mgmt_rp_add_ext_adv_data rp;
8039 u8 schedule_instance = 0;
8040 struct adv_info *next_instance;
8041 struct adv_info *adv_instance;
8043 struct mgmt_pending_cmd *cmd;
8044 struct hci_request req;
8046 BT_DBG("%s", hdev->name);
8050 adv_instance = hci_find_adv_instance(hdev, cp->instance);
8052 if (!adv_instance) {
8053 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8054 MGMT_STATUS_INVALID_PARAMS);
8058 /* In new interface, we require that we are powered to register */
8059 if (!hdev_is_powered(hdev)) {
8060 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8061 MGMT_STATUS_REJECTED);
8062 goto clear_new_instance;
8065 if (adv_busy(hdev)) {
8066 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8068 goto clear_new_instance;
8071 /* Validate new data */
8072 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data,
8073 cp->adv_data_len, true) ||
8074 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data +
8075 cp->adv_data_len, cp->scan_rsp_len, false)) {
8076 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8077 MGMT_STATUS_INVALID_PARAMS);
8078 goto clear_new_instance;
8081 /* Set the data in the advertising instance */
8082 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len,
8083 cp->data, cp->scan_rsp_len,
8084 cp->data + cp->adv_data_len);
8086 /* We're good to go, update advertising data, parameters, and start
8090 hci_req_init(&req, hdev);
8092 hci_req_add(&req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
8094 if (ext_adv_capable(hdev)) {
8095 __hci_req_update_adv_data(&req, cp->instance);
8096 __hci_req_update_scan_rsp_data(&req, cp->instance);
8097 __hci_req_enable_ext_advertising(&req, cp->instance);
8100 /* If using software rotation, determine next instance to use */
8102 if (hdev->cur_adv_instance == cp->instance) {
8103 /* If the currently advertised instance is being changed
8104 * then cancel the current advertising and schedule the
8105 * next instance. If there is only one instance then the
8106 * overridden advertising data will be visible right
8109 cancel_adv_timeout(hdev);
8111 next_instance = hci_get_next_instance(hdev,
8114 schedule_instance = next_instance->instance;
8115 } else if (!hdev->adv_instance_timeout) {
8116 /* Immediately advertise the new instance if no other
8117 * instance is currently being advertised.
8119 schedule_instance = cp->instance;
8122 /* If the HCI_ADVERTISING flag is set or there is no instance to
8123 * be advertised then we have no HCI communication to make.
8126 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
8127 !schedule_instance) {
8128 if (adv_instance->pending) {
8129 mgmt_advertising_added(sk, hdev, cp->instance);
8130 adv_instance->pending = false;
8132 rp.instance = cp->instance;
8133 err = mgmt_cmd_complete(sk, hdev->id,
8134 MGMT_OP_ADD_EXT_ADV_DATA,
8135 MGMT_STATUS_SUCCESS, &rp,
8140 err = __hci_req_schedule_adv_instance(&req, schedule_instance,
8144 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data,
8148 goto clear_new_instance;
8152 err = hci_req_run(&req, add_advertising_complete);
8155 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8156 MGMT_STATUS_FAILED);
8157 mgmt_pending_remove(cmd);
8158 goto clear_new_instance;
8161 /* We were successful in updating data, so trigger advertising_added
8162 * event if this is an instance that wasn't previously advertising. If
8163 * a failure occurs in the requests we initiated, we will remove the
8164 * instance again in add_advertising_complete
8166 if (adv_instance->pending)
8167 mgmt_advertising_added(sk, hdev, cp->instance);
8172 hci_remove_adv_instance(hdev, cp->instance);
8175 hci_dev_unlock(hdev);
8180 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
8183 struct mgmt_pending_cmd *cmd;
8184 struct mgmt_cp_remove_advertising *cp;
8185 struct mgmt_rp_remove_advertising rp;
8187 bt_dev_dbg(hdev, "status %u", status);
8191 /* A failure status here only means that we failed to disable
8192 * advertising. Otherwise, the advertising instance has been removed,
8193 * so report success.
8195 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
8200 rp.instance = cp->instance;
8202 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
8204 mgmt_pending_remove(cmd);
8207 hci_dev_unlock(hdev);
8210 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
8211 void *data, u16 data_len)
8213 struct mgmt_cp_remove_advertising *cp = data;
8214 struct mgmt_rp_remove_advertising rp;
8215 struct mgmt_pending_cmd *cmd;
8216 struct hci_request req;
8219 bt_dev_dbg(hdev, "sock %p", sk);
8221 /* Enabling the experimental LL Privay support disables support for
8224 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
8225 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
8226 MGMT_STATUS_NOT_SUPPORTED);
8230 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
8231 err = mgmt_cmd_status(sk, hdev->id,
8232 MGMT_OP_REMOVE_ADVERTISING,
8233 MGMT_STATUS_INVALID_PARAMS);
8237 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
8238 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
8239 pending_find(MGMT_OP_SET_LE, hdev)) {
8240 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
8245 if (list_empty(&hdev->adv_instances)) {
8246 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
8247 MGMT_STATUS_INVALID_PARAMS);
8251 hci_req_init(&req, hdev);
8253 /* If we use extended advertising, instance is disabled and removed */
8254 if (ext_adv_capable(hdev)) {
8255 __hci_req_disable_ext_adv_instance(&req, cp->instance);
8256 __hci_req_remove_ext_adv_instance(&req, cp->instance);
8259 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
8261 if (list_empty(&hdev->adv_instances))
8262 __hci_req_disable_advertising(&req);
8264 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
8265 * flag is set or the device isn't powered then we have no HCI
8266 * communication to make. Simply return.
8268 if (skb_queue_empty(&req.cmd_q) ||
8269 !hdev_is_powered(hdev) ||
8270 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
8271 hci_req_purge(&req);
8272 rp.instance = cp->instance;
8273 err = mgmt_cmd_complete(sk, hdev->id,
8274 MGMT_OP_REMOVE_ADVERTISING,
8275 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8279 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
8286 err = hci_req_run(&req, remove_advertising_complete);
8288 mgmt_pending_remove(cmd);
8291 hci_dev_unlock(hdev);
8296 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
8297 void *data, u16 data_len)
8299 struct mgmt_cp_get_adv_size_info *cp = data;
8300 struct mgmt_rp_get_adv_size_info rp;
8301 u32 flags, supported_flags;
8304 bt_dev_dbg(hdev, "sock %p", sk);
8306 if (!lmp_le_capable(hdev))
8307 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8308 MGMT_STATUS_REJECTED);
8310 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
8311 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8312 MGMT_STATUS_INVALID_PARAMS);
8314 flags = __le32_to_cpu(cp->flags);
8316 /* The current implementation only supports a subset of the specified
8319 supported_flags = get_supported_adv_flags(hdev);
8320 if (flags & ~supported_flags)
8321 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8322 MGMT_STATUS_INVALID_PARAMS);
8324 rp.instance = cp->instance;
8325 rp.flags = cp->flags;
8326 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8327 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8329 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8330 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8335 static const struct hci_mgmt_handler mgmt_handlers[] = {
8336 { NULL }, /* 0x0000 (no command) */
8337 { read_version, MGMT_READ_VERSION_SIZE,
8339 HCI_MGMT_UNTRUSTED },
8340 { read_commands, MGMT_READ_COMMANDS_SIZE,
8342 HCI_MGMT_UNTRUSTED },
8343 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
8345 HCI_MGMT_UNTRUSTED },
8346 { read_controller_info, MGMT_READ_INFO_SIZE,
8347 HCI_MGMT_UNTRUSTED },
8348 { set_powered, MGMT_SETTING_SIZE },
8349 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
8350 { set_connectable, MGMT_SETTING_SIZE },
8351 { set_fast_connectable, MGMT_SETTING_SIZE },
8352 { set_bondable, MGMT_SETTING_SIZE },
8353 { set_link_security, MGMT_SETTING_SIZE },
8354 { set_ssp, MGMT_SETTING_SIZE },
8355 { set_hs, MGMT_SETTING_SIZE },
8356 { set_le, MGMT_SETTING_SIZE },
8357 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
8358 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
8359 { add_uuid, MGMT_ADD_UUID_SIZE },
8360 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
8361 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
8363 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
8365 { disconnect, MGMT_DISCONNECT_SIZE },
8366 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
8367 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
8368 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
8369 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
8370 { pair_device, MGMT_PAIR_DEVICE_SIZE },
8371 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
8372 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
8373 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
8374 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
8375 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
8376 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
8377 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
8378 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
8380 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
8381 { start_discovery, MGMT_START_DISCOVERY_SIZE },
8382 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
8383 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
8384 { block_device, MGMT_BLOCK_DEVICE_SIZE },
8385 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
8386 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
8387 { set_advertising, MGMT_SETTING_SIZE },
8388 { set_bredr, MGMT_SETTING_SIZE },
8389 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
8390 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
8391 { set_secure_conn, MGMT_SETTING_SIZE },
8392 { set_debug_keys, MGMT_SETTING_SIZE },
8393 { set_privacy, MGMT_SET_PRIVACY_SIZE },
8394 { load_irks, MGMT_LOAD_IRKS_SIZE,
8396 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
8397 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
8398 { add_device, MGMT_ADD_DEVICE_SIZE },
8399 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
8400 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
8402 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
8404 HCI_MGMT_UNTRUSTED },
8405 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
8406 HCI_MGMT_UNCONFIGURED |
8407 HCI_MGMT_UNTRUSTED },
8408 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
8409 HCI_MGMT_UNCONFIGURED },
8410 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
8411 HCI_MGMT_UNCONFIGURED },
8412 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
8414 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
8415 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
8417 HCI_MGMT_UNTRUSTED },
8418 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
8419 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
8421 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
8422 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
8423 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
8424 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
8425 HCI_MGMT_UNTRUSTED },
8426 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
8427 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
8428 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
8429 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
8431 { set_wideband_speech, MGMT_SETTING_SIZE },
8432 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE,
8433 HCI_MGMT_UNTRUSTED },
8434 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE,
8435 HCI_MGMT_UNTRUSTED |
8436 HCI_MGMT_HDEV_OPTIONAL },
8437 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE,
8439 HCI_MGMT_HDEV_OPTIONAL },
8440 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE,
8441 HCI_MGMT_UNTRUSTED },
8442 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE,
8444 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE,
8445 HCI_MGMT_UNTRUSTED },
8446 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE,
8448 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE },
8449 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE },
8450 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE },
8451 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE,
8453 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE },
8454 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE,
8456 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE,
8458 { add_adv_patterns_monitor_rssi,
8459 MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE,
8463 void mgmt_index_added(struct hci_dev *hdev)
8465 struct mgmt_ev_ext_index ev;
8467 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8470 switch (hdev->dev_type) {
8472 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
8473 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
8474 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
8477 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
8478 HCI_MGMT_INDEX_EVENTS);
8491 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
8492 HCI_MGMT_EXT_INDEX_EVENTS);
8495 void mgmt_index_removed(struct hci_dev *hdev)
8497 struct mgmt_ev_ext_index ev;
8498 u8 status = MGMT_STATUS_INVALID_INDEX;
8500 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8503 switch (hdev->dev_type) {
8505 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8507 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
8508 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
8509 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
8512 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
8513 HCI_MGMT_INDEX_EVENTS);
8526 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
8527 HCI_MGMT_EXT_INDEX_EVENTS);
8530 /* This function requires the caller holds hdev->lock */
8531 static void restart_le_actions(struct hci_dev *hdev)
8533 struct hci_conn_params *p;
8535 list_for_each_entry(p, &hdev->le_conn_params, list) {
8536 /* Needed for AUTO_OFF case where might not "really"
8537 * have been powered off.
8539 list_del_init(&p->action);
8541 switch (p->auto_connect) {
8542 case HCI_AUTO_CONN_DIRECT:
8543 case HCI_AUTO_CONN_ALWAYS:
8544 list_add(&p->action, &hdev->pend_le_conns);
8546 case HCI_AUTO_CONN_REPORT:
8547 list_add(&p->action, &hdev->pend_le_reports);
8555 void mgmt_power_on(struct hci_dev *hdev, int err)
8557 struct cmd_lookup match = { NULL, hdev };
8559 bt_dev_dbg(hdev, "err %d", err);
8564 restart_le_actions(hdev);
8565 hci_update_background_scan(hdev);
8568 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8570 new_settings(hdev, match.sk);
8575 hci_dev_unlock(hdev);
8578 void __mgmt_power_off(struct hci_dev *hdev)
8580 struct cmd_lookup match = { NULL, hdev };
8581 u8 status, zero_cod[] = { 0, 0, 0 };
8583 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8585 /* If the power off is because of hdev unregistration let
8586 * use the appropriate INVALID_INDEX status. Otherwise use
8587 * NOT_POWERED. We cover both scenarios here since later in
8588 * mgmt_index_removed() any hci_conn callbacks will have already
8589 * been triggered, potentially causing misleading DISCONNECTED
8592 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
8593 status = MGMT_STATUS_INVALID_INDEX;
8595 status = MGMT_STATUS_NOT_POWERED;
8597 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8599 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
8600 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8601 zero_cod, sizeof(zero_cod),
8602 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
8603 ext_info_changed(hdev, NULL);
8606 new_settings(hdev, match.sk);
8612 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
8614 struct mgmt_pending_cmd *cmd;
8617 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
8621 if (err == -ERFKILL)
8622 status = MGMT_STATUS_RFKILLED;
8624 status = MGMT_STATUS_FAILED;
8626 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
8628 mgmt_pending_remove(cmd);
8631 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
8634 struct mgmt_ev_new_link_key ev;
8636 memset(&ev, 0, sizeof(ev));
8638 ev.store_hint = persistent;
8639 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8640 ev.key.addr.type = BDADDR_BREDR;
8641 ev.key.type = key->type;
8642 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
8643 ev.key.pin_len = key->pin_len;
8645 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
8648 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
8650 switch (ltk->type) {
8652 case SMP_LTK_RESPONDER:
8653 if (ltk->authenticated)
8654 return MGMT_LTK_AUTHENTICATED;
8655 return MGMT_LTK_UNAUTHENTICATED;
8657 if (ltk->authenticated)
8658 return MGMT_LTK_P256_AUTH;
8659 return MGMT_LTK_P256_UNAUTH;
8660 case SMP_LTK_P256_DEBUG:
8661 return MGMT_LTK_P256_DEBUG;
8664 return MGMT_LTK_UNAUTHENTICATED;
8667 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
8669 struct mgmt_ev_new_long_term_key ev;
8671 memset(&ev, 0, sizeof(ev));
8673 /* Devices using resolvable or non-resolvable random addresses
8674 * without providing an identity resolving key don't require
8675 * to store long term keys. Their addresses will change the
8678 * Only when a remote device provides an identity address
8679 * make sure the long term key is stored. If the remote
8680 * identity is known, the long term keys are internally
8681 * mapped to the identity address. So allow static random
8682 * and public addresses here.
8684 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8685 (key->bdaddr.b[5] & 0xc0) != 0xc0)
8686 ev.store_hint = 0x00;
8688 ev.store_hint = persistent;
8690 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8691 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
8692 ev.key.type = mgmt_ltk_type(key);
8693 ev.key.enc_size = key->enc_size;
8694 ev.key.ediv = key->ediv;
8695 ev.key.rand = key->rand;
8697 if (key->type == SMP_LTK)
8698 ev.key.initiator = 1;
8700 /* Make sure we copy only the significant bytes based on the
8701 * encryption key size, and set the rest of the value to zeroes.
8703 memcpy(ev.key.val, key->val, key->enc_size);
8704 memset(ev.key.val + key->enc_size, 0,
8705 sizeof(ev.key.val) - key->enc_size);
8707 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
8710 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
8712 struct mgmt_ev_new_irk ev;
8714 memset(&ev, 0, sizeof(ev));
8716 ev.store_hint = persistent;
8718 bacpy(&ev.rpa, &irk->rpa);
8719 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
8720 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
8721 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
8723 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
8726 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
8729 struct mgmt_ev_new_csrk ev;
8731 memset(&ev, 0, sizeof(ev));
8733 /* Devices using resolvable or non-resolvable random addresses
8734 * without providing an identity resolving key don't require
8735 * to store signature resolving keys. Their addresses will change
8736 * the next time around.
8738 * Only when a remote device provides an identity address
8739 * make sure the signature resolving key is stored. So allow
8740 * static random and public addresses here.
8742 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8743 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
8744 ev.store_hint = 0x00;
8746 ev.store_hint = persistent;
8748 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
8749 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
8750 ev.key.type = csrk->type;
8751 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
8753 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
8756 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
8757 u8 bdaddr_type, u8 store_hint, u16 min_interval,
8758 u16 max_interval, u16 latency, u16 timeout)
8760 struct mgmt_ev_new_conn_param ev;
8762 if (!hci_is_identity_address(bdaddr, bdaddr_type))
8765 memset(&ev, 0, sizeof(ev));
8766 bacpy(&ev.addr.bdaddr, bdaddr);
8767 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
8768 ev.store_hint = store_hint;
8769 ev.min_interval = cpu_to_le16(min_interval);
8770 ev.max_interval = cpu_to_le16(max_interval);
8771 ev.latency = cpu_to_le16(latency);
8772 ev.timeout = cpu_to_le16(timeout);
8774 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
8777 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
8778 u8 *name, u8 name_len)
8781 struct mgmt_ev_device_connected *ev = (void *) buf;
8785 bacpy(&ev->addr.bdaddr, &conn->dst);
8786 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8789 flags |= MGMT_DEV_FOUND_INITIATED_CONN;
8791 ev->flags = __cpu_to_le32(flags);
8793 /* We must ensure that the EIR Data fields are ordered and
8794 * unique. Keep it simple for now and avoid the problem by not
8795 * adding any BR/EDR data to the LE adv.
8797 if (conn->le_adv_data_len > 0) {
8798 memcpy(&ev->eir[eir_len],
8799 conn->le_adv_data, conn->le_adv_data_len);
8800 eir_len = conn->le_adv_data_len;
8803 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
8806 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
8807 eir_len = eir_append_data(ev->eir, eir_len,
8809 conn->dev_class, 3);
8812 ev->eir_len = cpu_to_le16(eir_len);
8814 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
8815 sizeof(*ev) + eir_len, NULL);
8818 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8820 struct sock **sk = data;
8822 cmd->cmd_complete(cmd, 0);
8827 mgmt_pending_remove(cmd);
8830 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
8832 struct hci_dev *hdev = data;
8833 struct mgmt_cp_unpair_device *cp = cmd->param;
8835 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
8837 cmd->cmd_complete(cmd, 0);
8838 mgmt_pending_remove(cmd);
8841 bool mgmt_powering_down(struct hci_dev *hdev)
8843 struct mgmt_pending_cmd *cmd;
8844 struct mgmt_mode *cp;
8846 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
8857 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
8858 u8 link_type, u8 addr_type, u8 reason,
8859 bool mgmt_connected)
8861 struct mgmt_ev_device_disconnected ev;
8862 struct sock *sk = NULL;
8864 /* The connection is still in hci_conn_hash so test for 1
8865 * instead of 0 to know if this is the last one.
8867 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8868 cancel_delayed_work(&hdev->power_off);
8869 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8872 if (!mgmt_connected)
8875 if (link_type != ACL_LINK && link_type != LE_LINK)
8878 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
8880 bacpy(&ev.addr.bdaddr, bdaddr);
8881 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8884 /* Report disconnects due to suspend */
8885 if (hdev->suspended)
8886 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND;
8888 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8893 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8897 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
8898 u8 link_type, u8 addr_type, u8 status)
8900 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
8901 struct mgmt_cp_disconnect *cp;
8902 struct mgmt_pending_cmd *cmd;
8904 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8907 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8913 if (bacmp(bdaddr, &cp->addr.bdaddr))
8916 if (cp->addr.type != bdaddr_type)
8919 cmd->cmd_complete(cmd, mgmt_status(status));
8920 mgmt_pending_remove(cmd);
8923 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8924 u8 addr_type, u8 status)
8926 struct mgmt_ev_connect_failed ev;
8928 /* The connection is still in hci_conn_hash so test for 1
8929 * instead of 0 to know if this is the last one.
8931 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8932 cancel_delayed_work(&hdev->power_off);
8933 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8936 bacpy(&ev.addr.bdaddr, bdaddr);
8937 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8938 ev.status = mgmt_status(status);
8940 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
8943 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
8945 struct mgmt_ev_pin_code_request ev;
8947 bacpy(&ev.addr.bdaddr, bdaddr);
8948 ev.addr.type = BDADDR_BREDR;
8951 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
8954 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8957 struct mgmt_pending_cmd *cmd;
8959 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
8963 cmd->cmd_complete(cmd, mgmt_status(status));
8964 mgmt_pending_remove(cmd);
8967 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8970 struct mgmt_pending_cmd *cmd;
8972 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
8976 cmd->cmd_complete(cmd, mgmt_status(status));
8977 mgmt_pending_remove(cmd);
8980 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8981 u8 link_type, u8 addr_type, u32 value,
8984 struct mgmt_ev_user_confirm_request ev;
8986 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
8988 bacpy(&ev.addr.bdaddr, bdaddr);
8989 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8990 ev.confirm_hint = confirm_hint;
8991 ev.value = cpu_to_le32(value);
8993 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
8997 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8998 u8 link_type, u8 addr_type)
9000 struct mgmt_ev_user_passkey_request ev;
9002 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
9004 bacpy(&ev.addr.bdaddr, bdaddr);
9005 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9007 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
9011 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9012 u8 link_type, u8 addr_type, u8 status,
9015 struct mgmt_pending_cmd *cmd;
9017 cmd = pending_find(opcode, hdev);
9021 cmd->cmd_complete(cmd, mgmt_status(status));
9022 mgmt_pending_remove(cmd);
9027 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9028 u8 link_type, u8 addr_type, u8 status)
9030 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9031 status, MGMT_OP_USER_CONFIRM_REPLY);
9034 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9035 u8 link_type, u8 addr_type, u8 status)
9037 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9039 MGMT_OP_USER_CONFIRM_NEG_REPLY);
9042 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9043 u8 link_type, u8 addr_type, u8 status)
9045 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9046 status, MGMT_OP_USER_PASSKEY_REPLY);
9049 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9050 u8 link_type, u8 addr_type, u8 status)
9052 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9054 MGMT_OP_USER_PASSKEY_NEG_REPLY);
9057 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
9058 u8 link_type, u8 addr_type, u32 passkey,
9061 struct mgmt_ev_passkey_notify ev;
9063 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
9065 bacpy(&ev.addr.bdaddr, bdaddr);
9066 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9067 ev.passkey = __cpu_to_le32(passkey);
9068 ev.entered = entered;
9070 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
9073 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
9075 struct mgmt_ev_auth_failed ev;
9076 struct mgmt_pending_cmd *cmd;
9077 u8 status = mgmt_status(hci_status);
9079 bacpy(&ev.addr.bdaddr, &conn->dst);
9080 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
9083 cmd = find_pairing(conn);
9085 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
9086 cmd ? cmd->sk : NULL);
9089 cmd->cmd_complete(cmd, status);
9090 mgmt_pending_remove(cmd);
9094 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
9096 struct cmd_lookup match = { NULL, hdev };
9100 u8 mgmt_err = mgmt_status(status);
9101 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
9102 cmd_status_rsp, &mgmt_err);
9106 if (test_bit(HCI_AUTH, &hdev->flags))
9107 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
9109 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
9111 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
9115 new_settings(hdev, match.sk);
9121 static void clear_eir(struct hci_request *req)
9123 struct hci_dev *hdev = req->hdev;
9124 struct hci_cp_write_eir cp;
9126 if (!lmp_ext_inq_capable(hdev))
9129 memset(hdev->eir, 0, sizeof(hdev->eir));
9131 memset(&cp, 0, sizeof(cp));
9133 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
9136 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
9138 struct cmd_lookup match = { NULL, hdev };
9139 struct hci_request req;
9140 bool changed = false;
9143 u8 mgmt_err = mgmt_status(status);
9145 if (enable && hci_dev_test_and_clear_flag(hdev,
9147 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
9148 new_settings(hdev, NULL);
9151 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
9157 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
9159 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9161 changed = hci_dev_test_and_clear_flag(hdev,
9164 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
9167 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
9170 new_settings(hdev, match.sk);
9175 hci_req_init(&req, hdev);
9177 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
9178 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
9179 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
9180 sizeof(enable), &enable);
9181 __hci_req_update_eir(&req);
9186 hci_req_run(&req, NULL);
9189 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
9191 struct cmd_lookup *match = data;
9193 if (match->sk == NULL) {
9194 match->sk = cmd->sk;
9195 sock_hold(match->sk);
9199 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
9202 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
9204 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
9205 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
9206 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
9209 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
9210 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
9211 ext_info_changed(hdev, NULL);
9218 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
9220 struct mgmt_cp_set_local_name ev;
9221 struct mgmt_pending_cmd *cmd;
9226 memset(&ev, 0, sizeof(ev));
9227 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
9228 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
9230 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
9232 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
9234 /* If this is a HCI command related to powering on the
9235 * HCI dev don't send any mgmt signals.
9237 if (pending_find(MGMT_OP_SET_POWERED, hdev))
9241 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
9242 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
9243 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
9246 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
9250 for (i = 0; i < uuid_count; i++) {
9251 if (!memcmp(uuid, uuids[i], 16))
9258 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
9262 while (parsed < eir_len) {
9263 u8 field_len = eir[0];
9270 if (eir_len - parsed < field_len + 1)
9274 case EIR_UUID16_ALL:
9275 case EIR_UUID16_SOME:
9276 for (i = 0; i + 3 <= field_len; i += 2) {
9277 memcpy(uuid, bluetooth_base_uuid, 16);
9278 uuid[13] = eir[i + 3];
9279 uuid[12] = eir[i + 2];
9280 if (has_uuid(uuid, uuid_count, uuids))
9284 case EIR_UUID32_ALL:
9285 case EIR_UUID32_SOME:
9286 for (i = 0; i + 5 <= field_len; i += 4) {
9287 memcpy(uuid, bluetooth_base_uuid, 16);
9288 uuid[15] = eir[i + 5];
9289 uuid[14] = eir[i + 4];
9290 uuid[13] = eir[i + 3];
9291 uuid[12] = eir[i + 2];
9292 if (has_uuid(uuid, uuid_count, uuids))
9296 case EIR_UUID128_ALL:
9297 case EIR_UUID128_SOME:
9298 for (i = 0; i + 17 <= field_len; i += 16) {
9299 memcpy(uuid, eir + i + 2, 16);
9300 if (has_uuid(uuid, uuid_count, uuids))
9306 parsed += field_len + 1;
9307 eir += field_len + 1;
9313 static void restart_le_scan(struct hci_dev *hdev)
9315 /* If controller is not scanning we are done. */
9316 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
9319 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
9320 hdev->discovery.scan_start +
9321 hdev->discovery.scan_duration))
9324 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
9325 DISCOV_LE_RESTART_DELAY);
9328 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
9329 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
9331 /* If a RSSI threshold has been specified, and
9332 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
9333 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
9334 * is set, let it through for further processing, as we might need to
9337 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
9338 * the results are also dropped.
9340 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
9341 (rssi == HCI_RSSI_INVALID ||
9342 (rssi < hdev->discovery.rssi &&
9343 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
9346 if (hdev->discovery.uuid_count != 0) {
9347 /* If a list of UUIDs is provided in filter, results with no
9348 * matching UUID should be dropped.
9350 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
9351 hdev->discovery.uuids) &&
9352 !eir_has_uuids(scan_rsp, scan_rsp_len,
9353 hdev->discovery.uuid_count,
9354 hdev->discovery.uuids))
9358 /* If duplicate filtering does not report RSSI changes, then restart
9359 * scanning to ensure updated result with updated RSSI values.
9361 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
9362 restart_le_scan(hdev);
9364 /* Validate RSSI value against the RSSI threshold once more. */
9365 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
9366 rssi < hdev->discovery.rssi)
9373 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9374 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
9375 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
9378 struct mgmt_ev_device_found *ev = (void *)buf;
9381 /* Don't send events for a non-kernel initiated discovery. With
9382 * LE one exception is if we have pend_le_reports > 0 in which
9383 * case we're doing passive scanning and want these events.
9385 if (!hci_discovery_active(hdev)) {
9386 if (link_type == ACL_LINK)
9388 if (link_type == LE_LINK &&
9389 list_empty(&hdev->pend_le_reports) &&
9390 !hci_is_adv_monitoring(hdev)) {
9395 if (hdev->discovery.result_filtering) {
9396 /* We are using service discovery */
9397 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
9402 if (hdev->discovery.limited) {
9403 /* Check for limited discoverable bit */
9405 if (!(dev_class[1] & 0x20))
9408 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
9409 if (!flags || !(flags[0] & LE_AD_LIMITED))
9414 /* Make sure that the buffer is big enough. The 5 extra bytes
9415 * are for the potential CoD field.
9417 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
9420 memset(buf, 0, sizeof(buf));
9422 /* In case of device discovery with BR/EDR devices (pre 1.2), the
9423 * RSSI value was reported as 0 when not available. This behavior
9424 * is kept when using device discovery. This is required for full
9425 * backwards compatibility with the API.
9427 * However when using service discovery, the value 127 will be
9428 * returned when the RSSI is not available.
9430 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
9431 link_type == ACL_LINK)
9434 bacpy(&ev->addr.bdaddr, bdaddr);
9435 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9437 ev->flags = cpu_to_le32(flags);
9440 /* Copy EIR or advertising data into event */
9441 memcpy(ev->eir, eir, eir_len);
9443 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9445 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9448 if (scan_rsp_len > 0)
9449 /* Append scan response data to event */
9450 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
9452 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
9453 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
9455 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
9458 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9459 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
9461 struct mgmt_ev_device_found *ev;
9462 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
9465 ev = (struct mgmt_ev_device_found *) buf;
9467 memset(buf, 0, sizeof(buf));
9469 bacpy(&ev->addr.bdaddr, bdaddr);
9470 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9473 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
9476 ev->eir_len = cpu_to_le16(eir_len);
9478 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
9481 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
9483 struct mgmt_ev_discovering ev;
9485 bt_dev_dbg(hdev, "discovering %u", discovering);
9487 memset(&ev, 0, sizeof(ev));
9488 ev.type = hdev->discovery.type;
9489 ev.discovering = discovering;
9491 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
9494 void mgmt_suspending(struct hci_dev *hdev, u8 state)
9496 struct mgmt_ev_controller_suspend ev;
9498 ev.suspend_state = state;
9499 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL);
9502 void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr,
9505 struct mgmt_ev_controller_resume ev;
9507 ev.wake_reason = reason;
9509 bacpy(&ev.addr.bdaddr, bdaddr);
9510 ev.addr.type = addr_type;
9512 memset(&ev.addr, 0, sizeof(ev.addr));
9515 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL);
9518 static struct hci_mgmt_chan chan = {
9519 .channel = HCI_CHANNEL_CONTROL,
9520 .handler_count = ARRAY_SIZE(mgmt_handlers),
9521 .handlers = mgmt_handlers,
9522 .hdev_init = mgmt_init_hdev,
9527 return hci_mgmt_chan_register(&chan);
9530 void mgmt_exit(void)
9532 hci_mgmt_chan_unregister(&chan);
projects / linux-2.6-microblaze.git / blob