2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 14
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
111 static const u16 mgmt_events[] = {
112 MGMT_EV_CONTROLLER_ERROR,
114 MGMT_EV_INDEX_REMOVED,
115 MGMT_EV_NEW_SETTINGS,
116 MGMT_EV_CLASS_OF_DEV_CHANGED,
117 MGMT_EV_LOCAL_NAME_CHANGED,
118 MGMT_EV_NEW_LINK_KEY,
119 MGMT_EV_NEW_LONG_TERM_KEY,
120 MGMT_EV_DEVICE_CONNECTED,
121 MGMT_EV_DEVICE_DISCONNECTED,
122 MGMT_EV_CONNECT_FAILED,
123 MGMT_EV_PIN_CODE_REQUEST,
124 MGMT_EV_USER_CONFIRM_REQUEST,
125 MGMT_EV_USER_PASSKEY_REQUEST,
127 MGMT_EV_DEVICE_FOUND,
129 MGMT_EV_DEVICE_BLOCKED,
130 MGMT_EV_DEVICE_UNBLOCKED,
131 MGMT_EV_DEVICE_UNPAIRED,
132 MGMT_EV_PASSKEY_NOTIFY,
135 MGMT_EV_DEVICE_ADDED,
136 MGMT_EV_DEVICE_REMOVED,
137 MGMT_EV_NEW_CONN_PARAM,
138 MGMT_EV_UNCONF_INDEX_ADDED,
139 MGMT_EV_UNCONF_INDEX_REMOVED,
140 MGMT_EV_NEW_CONFIG_OPTIONS,
141 MGMT_EV_EXT_INDEX_ADDED,
142 MGMT_EV_EXT_INDEX_REMOVED,
143 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
144 MGMT_EV_ADVERTISING_ADDED,
145 MGMT_EV_ADVERTISING_REMOVED,
146 MGMT_EV_EXT_INFO_CHANGED,
149 static const u16 mgmt_untrusted_commands[] = {
150 MGMT_OP_READ_INDEX_LIST,
152 MGMT_OP_READ_UNCONF_INDEX_LIST,
153 MGMT_OP_READ_CONFIG_INFO,
154 MGMT_OP_READ_EXT_INDEX_LIST,
155 MGMT_OP_READ_EXT_INFO,
158 static const u16 mgmt_untrusted_events[] = {
160 MGMT_EV_INDEX_REMOVED,
161 MGMT_EV_NEW_SETTINGS,
162 MGMT_EV_CLASS_OF_DEV_CHANGED,
163 MGMT_EV_LOCAL_NAME_CHANGED,
164 MGMT_EV_UNCONF_INDEX_ADDED,
165 MGMT_EV_UNCONF_INDEX_REMOVED,
166 MGMT_EV_NEW_CONFIG_OPTIONS,
167 MGMT_EV_EXT_INDEX_ADDED,
168 MGMT_EV_EXT_INDEX_REMOVED,
169 MGMT_EV_EXT_INFO_CHANGED,
172 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
174 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
175 "\x00\x00\x00\x00\x00\x00\x00\x00"
177 /* HCI to MGMT error code conversion table */
178 static u8 mgmt_status_table[] = {
180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
182 MGMT_STATUS_FAILED, /* Hardware Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
191 MGMT_STATUS_BUSY, /* Command Disallowed */
192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
193 MGMT_STATUS_REJECTED, /* Rejected Security */
194 MGMT_STATUS_REJECTED, /* Rejected Personal */
195 MGMT_STATUS_TIMEOUT, /* Host Timeout */
196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
202 MGMT_STATUS_BUSY, /* Repeated Attempts */
203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
210 MGMT_STATUS_FAILED, /* Unspecified Error */
211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
217 MGMT_STATUS_FAILED, /* Unit Link Key Used */
218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
219 MGMT_STATUS_TIMEOUT, /* Instant Passed */
220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
221 MGMT_STATUS_FAILED, /* Transaction Collision */
222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
223 MGMT_STATUS_REJECTED, /* QoS Rejected */
224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
225 MGMT_STATUS_REJECTED, /* Insufficient Security */
226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
227 MGMT_STATUS_BUSY, /* Role Switch Pending */
228 MGMT_STATUS_FAILED, /* Slot Violation */
229 MGMT_STATUS_FAILED, /* Role Switch Failed */
230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
232 MGMT_STATUS_BUSY, /* Host Busy Pairing */
233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
234 MGMT_STATUS_BUSY, /* Controller Busy */
235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
242 static u8 mgmt_status(u8 hci_status)
244 if (hci_status < ARRAY_SIZE(mgmt_status_table))
245 return mgmt_status_table[hci_status];
247 return MGMT_STATUS_FAILED;
250 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, int flag, struct sock *skip_sk)
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
271 static u8 le_addr_type(u8 mgmt_addr_type)
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
276 return ADDR_LE_DEV_RANDOM;
279 void mgmt_fill_version_info(void *ver)
281 struct mgmt_rp_read_version *rp = ver;
283 rp->version = MGMT_VERSION;
284 rp->revision = cpu_to_le16(MGMT_REVISION);
287 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
290 struct mgmt_rp_read_version rp;
292 BT_DBG("sock %p", sk);
294 mgmt_fill_version_info(&rp);
296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
300 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
303 struct mgmt_rp_read_commands *rp;
304 u16 num_commands, num_events;
308 BT_DBG("sock %p", sk);
310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
311 num_commands = ARRAY_SIZE(mgmt_commands);
312 num_events = ARRAY_SIZE(mgmt_events);
314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
315 num_events = ARRAY_SIZE(mgmt_untrusted_events);
318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
320 rp = kmalloc(rp_size, GFP_KERNEL);
324 rp->num_commands = cpu_to_le16(num_commands);
325 rp->num_events = cpu_to_le16(num_events);
327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
328 __le16 *opcode = rp->opcodes;
330 for (i = 0; i < num_commands; i++, opcode++)
331 put_unaligned_le16(mgmt_commands[i], opcode);
333 for (i = 0; i < num_events; i++, opcode++)
334 put_unaligned_le16(mgmt_events[i], opcode);
336 __le16 *opcode = rp->opcodes;
338 for (i = 0; i < num_commands; i++, opcode++)
339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
341 for (i = 0; i < num_events; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
352 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
355 struct mgmt_rp_read_index_list *rp;
361 BT_DBG("sock %p", sk);
363 read_lock(&hci_dev_list_lock);
366 list_for_each_entry(d, &hci_dev_list, list) {
367 if (d->dev_type == HCI_PRIMARY &&
368 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
372 rp_len = sizeof(*rp) + (2 * count);
373 rp = kmalloc(rp_len, GFP_ATOMIC);
375 read_unlock(&hci_dev_list_lock);
380 list_for_each_entry(d, &hci_dev_list, list) {
381 if (hci_dev_test_flag(d, HCI_SETUP) ||
382 hci_dev_test_flag(d, HCI_CONFIG) ||
383 hci_dev_test_flag(d, HCI_USER_CHANNEL))
386 /* Devices marked as raw-only are neither configured
387 * nor unconfigured controllers.
389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
392 if (d->dev_type == HCI_PRIMARY &&
393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
394 rp->index[count++] = cpu_to_le16(d->id);
395 BT_DBG("Added hci%u", d->id);
399 rp->num_controllers = cpu_to_le16(count);
400 rp_len = sizeof(*rp) + (2 * count);
402 read_unlock(&hci_dev_list_lock);
404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
412 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
413 void *data, u16 data_len)
415 struct mgmt_rp_read_unconf_index_list *rp;
421 BT_DBG("sock %p", sk);
423 read_lock(&hci_dev_list_lock);
426 list_for_each_entry(d, &hci_dev_list, list) {
427 if (d->dev_type == HCI_PRIMARY &&
428 hci_dev_test_flag(d, HCI_UNCONFIGURED))
432 rp_len = sizeof(*rp) + (2 * count);
433 rp = kmalloc(rp_len, GFP_ATOMIC);
435 read_unlock(&hci_dev_list_lock);
440 list_for_each_entry(d, &hci_dev_list, list) {
441 if (hci_dev_test_flag(d, HCI_SETUP) ||
442 hci_dev_test_flag(d, HCI_CONFIG) ||
443 hci_dev_test_flag(d, HCI_USER_CHANNEL))
446 /* Devices marked as raw-only are neither configured
447 * nor unconfigured controllers.
449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
452 if (d->dev_type == HCI_PRIMARY &&
453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
454 rp->index[count++] = cpu_to_le16(d->id);
455 BT_DBG("Added hci%u", d->id);
459 rp->num_controllers = cpu_to_le16(count);
460 rp_len = sizeof(*rp) + (2 * count);
462 read_unlock(&hci_dev_list_lock);
464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
472 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
473 void *data, u16 data_len)
475 struct mgmt_rp_read_ext_index_list *rp;
481 BT_DBG("sock %p", sk);
483 read_lock(&hci_dev_list_lock);
486 list_for_each_entry(d, &hci_dev_list, list) {
487 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
491 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
492 rp = kmalloc(rp_len, GFP_ATOMIC);
494 read_unlock(&hci_dev_list_lock);
499 list_for_each_entry(d, &hci_dev_list, list) {
500 if (hci_dev_test_flag(d, HCI_SETUP) ||
501 hci_dev_test_flag(d, HCI_CONFIG) ||
502 hci_dev_test_flag(d, HCI_USER_CHANNEL))
505 /* Devices marked as raw-only are neither configured
506 * nor unconfigured controllers.
508 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
511 if (d->dev_type == HCI_PRIMARY) {
512 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
513 rp->entry[count].type = 0x01;
515 rp->entry[count].type = 0x00;
516 } else if (d->dev_type == HCI_AMP) {
517 rp->entry[count].type = 0x02;
522 rp->entry[count].bus = d->bus;
523 rp->entry[count++].index = cpu_to_le16(d->id);
524 BT_DBG("Added hci%u", d->id);
527 rp->num_controllers = cpu_to_le16(count);
528 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
530 read_unlock(&hci_dev_list_lock);
532 /* If this command is called at least once, then all the
533 * default index and unconfigured index events are disabled
534 * and from now on only extended index events are used.
536 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
537 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
538 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
540 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
541 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
548 static bool is_configured(struct hci_dev *hdev)
550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
561 static __le32 get_missing_options(struct hci_dev *hdev)
565 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
566 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
567 options |= MGMT_OPTION_EXTERNAL_CONFIG;
569 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
570 !bacmp(&hdev->public_addr, BDADDR_ANY))
571 options |= MGMT_OPTION_PUBLIC_ADDRESS;
573 return cpu_to_le32(options);
576 static int new_options(struct hci_dev *hdev, struct sock *skip)
578 __le32 options = get_missing_options(hdev);
580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
584 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
586 __le32 options = get_missing_options(hdev);
588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
592 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
593 void *data, u16 data_len)
595 struct mgmt_rp_read_config_info rp;
598 BT_DBG("sock %p %s", sk, hdev->name);
602 memset(&rp, 0, sizeof(rp));
603 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
606 options |= MGMT_OPTION_EXTERNAL_CONFIG;
608 if (hdev->set_bdaddr)
609 options |= MGMT_OPTION_PUBLIC_ADDRESS;
611 rp.supported_options = cpu_to_le32(options);
612 rp.missing_options = get_missing_options(hdev);
614 hci_dev_unlock(hdev);
616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
620 static u32 get_supported_phys(struct hci_dev *hdev)
622 u32 supported_phys = 0;
624 if (lmp_bredr_capable(hdev)) {
625 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
627 if (hdev->features[0][0] & LMP_3SLOT)
628 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
630 if (hdev->features[0][0] & LMP_5SLOT)
631 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
633 if (lmp_edr_2m_capable(hdev)) {
634 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
636 if (lmp_edr_3slot_capable(hdev))
637 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
639 if (lmp_edr_5slot_capable(hdev))
640 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
642 if (lmp_edr_3m_capable(hdev)) {
643 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
645 if (lmp_edr_3slot_capable(hdev))
646 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
648 if (lmp_edr_5slot_capable(hdev))
649 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
654 if (lmp_le_capable(hdev)) {
655 supported_phys |= MGMT_PHY_LE_1M_TX;
656 supported_phys |= MGMT_PHY_LE_1M_RX;
658 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
659 supported_phys |= MGMT_PHY_LE_2M_TX;
660 supported_phys |= MGMT_PHY_LE_2M_RX;
663 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
664 supported_phys |= MGMT_PHY_LE_CODED_TX;
665 supported_phys |= MGMT_PHY_LE_CODED_RX;
669 return supported_phys;
672 static u32 get_selected_phys(struct hci_dev *hdev)
674 u32 selected_phys = 0;
676 if (lmp_bredr_capable(hdev)) {
677 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
679 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
680 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
682 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
683 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
685 if (lmp_edr_2m_capable(hdev)) {
686 if (!(hdev->pkt_type & HCI_2DH1))
687 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
689 if (lmp_edr_3slot_capable(hdev) &&
690 !(hdev->pkt_type & HCI_2DH3))
691 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
693 if (lmp_edr_5slot_capable(hdev) &&
694 !(hdev->pkt_type & HCI_2DH5))
695 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
697 if (lmp_edr_3m_capable(hdev)) {
698 if (!(hdev->pkt_type & HCI_3DH1))
699 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
701 if (lmp_edr_3slot_capable(hdev) &&
702 !(hdev->pkt_type & HCI_3DH3))
703 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
705 if (lmp_edr_5slot_capable(hdev) &&
706 !(hdev->pkt_type & HCI_3DH5))
707 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
712 if (lmp_le_capable(hdev)) {
713 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
714 selected_phys |= MGMT_PHY_LE_1M_TX;
716 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
717 selected_phys |= MGMT_PHY_LE_1M_RX;
719 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
720 selected_phys |= MGMT_PHY_LE_2M_TX;
722 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
723 selected_phys |= MGMT_PHY_LE_2M_RX;
725 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
726 selected_phys |= MGMT_PHY_LE_CODED_TX;
728 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
729 selected_phys |= MGMT_PHY_LE_CODED_RX;
732 return selected_phys;
735 static u32 get_configurable_phys(struct hci_dev *hdev)
737 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
738 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
741 static u32 get_supported_settings(struct hci_dev *hdev)
745 settings |= MGMT_SETTING_POWERED;
746 settings |= MGMT_SETTING_BONDABLE;
747 settings |= MGMT_SETTING_DEBUG_KEYS;
748 settings |= MGMT_SETTING_CONNECTABLE;
749 settings |= MGMT_SETTING_DISCOVERABLE;
751 if (lmp_bredr_capable(hdev)) {
752 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
753 settings |= MGMT_SETTING_FAST_CONNECTABLE;
754 settings |= MGMT_SETTING_BREDR;
755 settings |= MGMT_SETTING_LINK_SECURITY;
757 if (lmp_ssp_capable(hdev)) {
758 settings |= MGMT_SETTING_SSP;
759 settings |= MGMT_SETTING_HS;
762 if (lmp_sc_capable(hdev))
763 settings |= MGMT_SETTING_SECURE_CONN;
766 if (lmp_le_capable(hdev)) {
767 settings |= MGMT_SETTING_LE;
768 settings |= MGMT_SETTING_ADVERTISING;
769 settings |= MGMT_SETTING_SECURE_CONN;
770 settings |= MGMT_SETTING_PRIVACY;
771 settings |= MGMT_SETTING_STATIC_ADDRESS;
774 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
776 settings |= MGMT_SETTING_CONFIGURATION;
778 settings |= MGMT_SETTING_PHY_CONFIGURATION;
783 static u32 get_current_settings(struct hci_dev *hdev)
787 if (hdev_is_powered(hdev))
788 settings |= MGMT_SETTING_POWERED;
790 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
791 settings |= MGMT_SETTING_CONNECTABLE;
793 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
794 settings |= MGMT_SETTING_FAST_CONNECTABLE;
796 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
797 settings |= MGMT_SETTING_DISCOVERABLE;
799 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
800 settings |= MGMT_SETTING_BONDABLE;
802 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
803 settings |= MGMT_SETTING_BREDR;
805 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
806 settings |= MGMT_SETTING_LE;
808 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
809 settings |= MGMT_SETTING_LINK_SECURITY;
811 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
812 settings |= MGMT_SETTING_SSP;
814 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
815 settings |= MGMT_SETTING_HS;
817 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
818 settings |= MGMT_SETTING_ADVERTISING;
820 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
821 settings |= MGMT_SETTING_SECURE_CONN;
823 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
824 settings |= MGMT_SETTING_DEBUG_KEYS;
826 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
827 settings |= MGMT_SETTING_PRIVACY;
829 /* The current setting for static address has two purposes. The
830 * first is to indicate if the static address will be used and
831 * the second is to indicate if it is actually set.
833 * This means if the static address is not configured, this flag
834 * will never be set. If the address is configured, then if the
835 * address is actually used decides if the flag is set or not.
837 * For single mode LE only controllers and dual-mode controllers
838 * with BR/EDR disabled, the existence of the static address will
841 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
842 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
843 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
844 if (bacmp(&hdev->static_addr, BDADDR_ANY))
845 settings |= MGMT_SETTING_STATIC_ADDRESS;
851 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
853 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
856 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
857 struct hci_dev *hdev,
860 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
863 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
865 struct mgmt_pending_cmd *cmd;
867 /* If there's a pending mgmt command the flags will not yet have
868 * their final values, so check for this first.
870 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
872 struct mgmt_mode *cp = cmd->param;
874 return LE_AD_GENERAL;
875 else if (cp->val == 0x02)
876 return LE_AD_LIMITED;
878 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
879 return LE_AD_LIMITED;
880 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
881 return LE_AD_GENERAL;
887 bool mgmt_get_connectable(struct hci_dev *hdev)
889 struct mgmt_pending_cmd *cmd;
891 /* If there's a pending mgmt command the flag will not yet have
892 * it's final value, so check for this first.
894 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
896 struct mgmt_mode *cp = cmd->param;
901 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
904 static void service_cache_off(struct work_struct *work)
906 struct hci_dev *hdev = container_of(work, struct hci_dev,
908 struct hci_request req;
910 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
913 hci_req_init(&req, hdev);
917 __hci_req_update_eir(&req);
918 __hci_req_update_class(&req);
920 hci_dev_unlock(hdev);
922 hci_req_run(&req, NULL);
925 static void rpa_expired(struct work_struct *work)
927 struct hci_dev *hdev = container_of(work, struct hci_dev,
929 struct hci_request req;
933 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
935 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
938 /* The generation of a new RPA and programming it into the
939 * controller happens in the hci_req_enable_advertising()
942 hci_req_init(&req, hdev);
943 if (ext_adv_capable(hdev))
944 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
946 __hci_req_enable_advertising(&req);
947 hci_req_run(&req, NULL);
950 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
952 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
955 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
956 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
958 /* Non-mgmt controlled devices get this bit set
959 * implicitly so that pairing works for them, however
960 * for mgmt we require user-space to explicitly enable
963 hci_dev_clear_flag(hdev, HCI_BONDABLE);
966 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
967 void *data, u16 data_len)
969 struct mgmt_rp_read_info rp;
971 BT_DBG("sock %p %s", sk, hdev->name);
975 memset(&rp, 0, sizeof(rp));
977 bacpy(&rp.bdaddr, &hdev->bdaddr);
979 rp.version = hdev->hci_ver;
980 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
982 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
983 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
985 memcpy(rp.dev_class, hdev->dev_class, 3);
987 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
988 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
990 hci_dev_unlock(hdev);
992 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
996 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1001 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1002 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1003 hdev->dev_class, 3);
1005 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1006 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1009 name_len = strlen(hdev->dev_name);
1010 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1011 hdev->dev_name, name_len);
1013 name_len = strlen(hdev->short_name);
1014 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1015 hdev->short_name, name_len);
1020 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1021 void *data, u16 data_len)
1024 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1027 BT_DBG("sock %p %s", sk, hdev->name);
1029 memset(&buf, 0, sizeof(buf));
1033 bacpy(&rp->bdaddr, &hdev->bdaddr);
1035 rp->version = hdev->hci_ver;
1036 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1038 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1039 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1042 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1043 rp->eir_len = cpu_to_le16(eir_len);
1045 hci_dev_unlock(hdev);
1047 /* If this command is called at least once, then the events
1048 * for class of device and local name changes are disabled
1049 * and only the new extended controller information event
1052 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1053 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1054 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1056 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1057 sizeof(*rp) + eir_len);
1060 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1063 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1066 memset(buf, 0, sizeof(buf));
1068 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1069 ev->eir_len = cpu_to_le16(eir_len);
1071 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1072 sizeof(*ev) + eir_len,
1073 HCI_MGMT_EXT_INFO_EVENTS, skip);
1076 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1078 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1080 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1084 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1086 BT_DBG("%s status 0x%02x", hdev->name, status);
1088 if (hci_conn_count(hdev) == 0) {
1089 cancel_delayed_work(&hdev->power_off);
1090 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1094 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1096 struct mgmt_ev_advertising_added ev;
1098 ev.instance = instance;
1100 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1103 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1106 struct mgmt_ev_advertising_removed ev;
1108 ev.instance = instance;
1110 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1113 static void cancel_adv_timeout(struct hci_dev *hdev)
1115 if (hdev->adv_instance_timeout) {
1116 hdev->adv_instance_timeout = 0;
1117 cancel_delayed_work(&hdev->adv_instance_expire);
1121 static int clean_up_hci_state(struct hci_dev *hdev)
1123 struct hci_request req;
1124 struct hci_conn *conn;
1125 bool discov_stopped;
1128 hci_req_init(&req, hdev);
1130 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1131 test_bit(HCI_PSCAN, &hdev->flags)) {
1133 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1136 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1138 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1139 __hci_req_disable_advertising(&req);
1141 discov_stopped = hci_req_stop_discovery(&req);
1143 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1144 /* 0x15 == Terminated due to Power Off */
1145 __hci_abort_conn(&req, conn, 0x15);
1148 err = hci_req_run(&req, clean_up_hci_complete);
1149 if (!err && discov_stopped)
1150 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1155 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1158 struct mgmt_mode *cp = data;
1159 struct mgmt_pending_cmd *cmd;
1162 BT_DBG("request for %s", hdev->name);
1164 if (cp->val != 0x00 && cp->val != 0x01)
1165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1166 MGMT_STATUS_INVALID_PARAMS);
1170 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1171 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1176 if (!!cp->val == hdev_is_powered(hdev)) {
1177 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1181 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1188 queue_work(hdev->req_workqueue, &hdev->power_on);
1191 /* Disconnect connections, stop scans, etc */
1192 err = clean_up_hci_state(hdev);
1194 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1195 HCI_POWER_OFF_TIMEOUT);
1197 /* ENODATA means there were no HCI commands queued */
1198 if (err == -ENODATA) {
1199 cancel_delayed_work(&hdev->power_off);
1200 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1206 hci_dev_unlock(hdev);
1210 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1212 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1214 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1215 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1218 int mgmt_new_settings(struct hci_dev *hdev)
1220 return new_settings(hdev, NULL);
1225 struct hci_dev *hdev;
1229 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1231 struct cmd_lookup *match = data;
1233 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1235 list_del(&cmd->list);
1237 if (match->sk == NULL) {
1238 match->sk = cmd->sk;
1239 sock_hold(match->sk);
1242 mgmt_pending_free(cmd);
1245 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1249 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1250 mgmt_pending_remove(cmd);
1253 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1255 if (cmd->cmd_complete) {
1258 cmd->cmd_complete(cmd, *status);
1259 mgmt_pending_remove(cmd);
1264 cmd_status_rsp(cmd, data);
1267 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1269 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1270 cmd->param, cmd->param_len);
1273 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1275 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1276 cmd->param, sizeof(struct mgmt_addr_info));
1279 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1281 if (!lmp_bredr_capable(hdev))
1282 return MGMT_STATUS_NOT_SUPPORTED;
1283 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1284 return MGMT_STATUS_REJECTED;
1286 return MGMT_STATUS_SUCCESS;
1289 static u8 mgmt_le_support(struct hci_dev *hdev)
1291 if (!lmp_le_capable(hdev))
1292 return MGMT_STATUS_NOT_SUPPORTED;
1293 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1294 return MGMT_STATUS_REJECTED;
1296 return MGMT_STATUS_SUCCESS;
1299 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1301 struct mgmt_pending_cmd *cmd;
1303 BT_DBG("status 0x%02x", status);
1307 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1312 u8 mgmt_err = mgmt_status(status);
1313 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1314 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1318 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1319 hdev->discov_timeout > 0) {
1320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1321 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1324 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1325 new_settings(hdev, cmd->sk);
1328 mgmt_pending_remove(cmd);
1331 hci_dev_unlock(hdev);
1334 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1337 struct mgmt_cp_set_discoverable *cp = data;
1338 struct mgmt_pending_cmd *cmd;
1342 BT_DBG("request for %s", hdev->name);
1344 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1345 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1346 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1347 MGMT_STATUS_REJECTED);
1349 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1350 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1351 MGMT_STATUS_INVALID_PARAMS);
1353 timeout = __le16_to_cpu(cp->timeout);
1355 /* Disabling discoverable requires that no timeout is set,
1356 * and enabling limited discoverable requires a timeout.
1358 if ((cp->val == 0x00 && timeout > 0) ||
1359 (cp->val == 0x02 && timeout == 0))
1360 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1361 MGMT_STATUS_INVALID_PARAMS);
1365 if (!hdev_is_powered(hdev) && timeout > 0) {
1366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1367 MGMT_STATUS_NOT_POWERED);
1371 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1372 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1373 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1378 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1379 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1380 MGMT_STATUS_REJECTED);
1384 if (!hdev_is_powered(hdev)) {
1385 bool changed = false;
1387 /* Setting limited discoverable when powered off is
1388 * not a valid operation since it requires a timeout
1389 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1391 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1392 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1396 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1401 err = new_settings(hdev, sk);
1406 /* If the current mode is the same, then just update the timeout
1407 * value with the new value. And if only the timeout gets updated,
1408 * then no need for any HCI transactions.
1410 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1411 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1412 HCI_LIMITED_DISCOVERABLE)) {
1413 cancel_delayed_work(&hdev->discov_off);
1414 hdev->discov_timeout = timeout;
1416 if (cp->val && hdev->discov_timeout > 0) {
1417 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1418 queue_delayed_work(hdev->req_workqueue,
1419 &hdev->discov_off, to);
1422 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1426 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1432 /* Cancel any potential discoverable timeout that might be
1433 * still active and store new timeout value. The arming of
1434 * the timeout happens in the complete handler.
1436 cancel_delayed_work(&hdev->discov_off);
1437 hdev->discov_timeout = timeout;
1440 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1442 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1444 /* Limited discoverable mode */
1445 if (cp->val == 0x02)
1446 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1448 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1450 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1454 hci_dev_unlock(hdev);
1458 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1460 struct mgmt_pending_cmd *cmd;
1462 BT_DBG("status 0x%02x", status);
1466 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1471 u8 mgmt_err = mgmt_status(status);
1472 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1476 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1477 new_settings(hdev, cmd->sk);
1480 mgmt_pending_remove(cmd);
1483 hci_dev_unlock(hdev);
1486 static int set_connectable_update_settings(struct hci_dev *hdev,
1487 struct sock *sk, u8 val)
1489 bool changed = false;
1492 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1496 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1498 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1499 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1502 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1507 hci_req_update_scan(hdev);
1508 hci_update_background_scan(hdev);
1509 return new_settings(hdev, sk);
1515 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1518 struct mgmt_mode *cp = data;
1519 struct mgmt_pending_cmd *cmd;
1522 BT_DBG("request for %s", hdev->name);
1524 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1525 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1527 MGMT_STATUS_REJECTED);
1529 if (cp->val != 0x00 && cp->val != 0x01)
1530 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1531 MGMT_STATUS_INVALID_PARAMS);
1535 if (!hdev_is_powered(hdev)) {
1536 err = set_connectable_update_settings(hdev, sk, cp->val);
1540 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1541 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1542 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1547 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1554 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1556 if (hdev->discov_timeout > 0)
1557 cancel_delayed_work(&hdev->discov_off);
1559 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1560 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1561 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1564 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1568 hci_dev_unlock(hdev);
1572 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1575 struct mgmt_mode *cp = data;
1579 BT_DBG("request for %s", hdev->name);
1581 if (cp->val != 0x00 && cp->val != 0x01)
1582 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1583 MGMT_STATUS_INVALID_PARAMS);
1588 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1590 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1592 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1597 /* In limited privacy mode the change of bondable mode
1598 * may affect the local advertising address.
1600 if (hdev_is_powered(hdev) &&
1601 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1602 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1603 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1604 queue_work(hdev->req_workqueue,
1605 &hdev->discoverable_update);
1607 err = new_settings(hdev, sk);
1611 hci_dev_unlock(hdev);
1615 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1618 struct mgmt_mode *cp = data;
1619 struct mgmt_pending_cmd *cmd;
1623 BT_DBG("request for %s", hdev->name);
1625 status = mgmt_bredr_support(hdev);
1627 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1630 if (cp->val != 0x00 && cp->val != 0x01)
1631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1632 MGMT_STATUS_INVALID_PARAMS);
1636 if (!hdev_is_powered(hdev)) {
1637 bool changed = false;
1639 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1640 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1644 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1649 err = new_settings(hdev, sk);
1654 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1662 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1663 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1667 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1673 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1675 mgmt_pending_remove(cmd);
1680 hci_dev_unlock(hdev);
1684 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1686 struct mgmt_mode *cp = data;
1687 struct mgmt_pending_cmd *cmd;
1691 BT_DBG("request for %s", hdev->name);
1693 status = mgmt_bredr_support(hdev);
1695 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1697 if (!lmp_ssp_capable(hdev))
1698 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1699 MGMT_STATUS_NOT_SUPPORTED);
1701 if (cp->val != 0x00 && cp->val != 0x01)
1702 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1703 MGMT_STATUS_INVALID_PARAMS);
1707 if (!hdev_is_powered(hdev)) {
1711 changed = !hci_dev_test_and_set_flag(hdev,
1714 changed = hci_dev_test_and_clear_flag(hdev,
1717 changed = hci_dev_test_and_clear_flag(hdev,
1720 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1723 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1728 err = new_settings(hdev, sk);
1733 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1734 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1739 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1740 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1744 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1750 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1751 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1752 sizeof(cp->val), &cp->val);
1754 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1756 mgmt_pending_remove(cmd);
1761 hci_dev_unlock(hdev);
1765 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1767 struct mgmt_mode *cp = data;
1772 BT_DBG("request for %s", hdev->name);
1774 status = mgmt_bredr_support(hdev);
1776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1778 if (!lmp_ssp_capable(hdev))
1779 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1780 MGMT_STATUS_NOT_SUPPORTED);
1782 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1783 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1784 MGMT_STATUS_REJECTED);
1786 if (cp->val != 0x00 && cp->val != 0x01)
1787 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1788 MGMT_STATUS_INVALID_PARAMS);
1792 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1793 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1799 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1801 if (hdev_is_powered(hdev)) {
1802 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1803 MGMT_STATUS_REJECTED);
1807 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1810 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1815 err = new_settings(hdev, sk);
1818 hci_dev_unlock(hdev);
1822 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1824 struct cmd_lookup match = { NULL, hdev };
1829 u8 mgmt_err = mgmt_status(status);
1831 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1836 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1838 new_settings(hdev, match.sk);
1843 /* Make sure the controller has a good default for
1844 * advertising data. Restrict the update to when LE
1845 * has actually been enabled. During power on, the
1846 * update in powered_update_hci will take care of it.
1848 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1849 struct hci_request req;
1850 hci_req_init(&req, hdev);
1851 if (ext_adv_capable(hdev)) {
1854 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1856 __hci_req_update_scan_rsp_data(&req, 0x00);
1858 __hci_req_update_adv_data(&req, 0x00);
1859 __hci_req_update_scan_rsp_data(&req, 0x00);
1861 hci_req_run(&req, NULL);
1862 hci_update_background_scan(hdev);
1866 hci_dev_unlock(hdev);
1869 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1871 struct mgmt_mode *cp = data;
1872 struct hci_cp_write_le_host_supported hci_cp;
1873 struct mgmt_pending_cmd *cmd;
1874 struct hci_request req;
1878 BT_DBG("request for %s", hdev->name);
1880 if (!lmp_le_capable(hdev))
1881 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1882 MGMT_STATUS_NOT_SUPPORTED);
1884 if (cp->val != 0x00 && cp->val != 0x01)
1885 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1886 MGMT_STATUS_INVALID_PARAMS);
1888 /* Bluetooth single mode LE only controllers or dual-mode
1889 * controllers configured as LE only devices, do not allow
1890 * switching LE off. These have either LE enabled explicitly
1891 * or BR/EDR has been previously switched off.
1893 * When trying to enable an already enabled LE, then gracefully
1894 * send a positive response. Trying to disable it however will
1895 * result into rejection.
1897 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1898 if (cp->val == 0x01)
1899 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1901 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1902 MGMT_STATUS_REJECTED);
1908 enabled = lmp_host_le_capable(hdev);
1911 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1913 if (!hdev_is_powered(hdev) || val == enabled) {
1914 bool changed = false;
1916 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1917 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1921 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1922 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1926 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1931 err = new_settings(hdev, sk);
1936 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1937 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1938 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1943 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1949 hci_req_init(&req, hdev);
1951 memset(&hci_cp, 0, sizeof(hci_cp));
1955 hci_cp.simul = 0x00;
1957 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1958 __hci_req_disable_advertising(&req);
1960 if (ext_adv_capable(hdev))
1961 __hci_req_clear_ext_adv_sets(&req);
1964 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1967 err = hci_req_run(&req, le_enable_complete);
1969 mgmt_pending_remove(cmd);
1972 hci_dev_unlock(hdev);
1976 /* This is a helper function to test for pending mgmt commands that can
1977 * cause CoD or EIR HCI commands. We can only allow one such pending
1978 * mgmt command at a time since otherwise we cannot easily track what
1979 * the current values are, will be, and based on that calculate if a new
1980 * HCI command needs to be sent and if yes with what value.
1982 static bool pending_eir_or_class(struct hci_dev *hdev)
1984 struct mgmt_pending_cmd *cmd;
1986 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1987 switch (cmd->opcode) {
1988 case MGMT_OP_ADD_UUID:
1989 case MGMT_OP_REMOVE_UUID:
1990 case MGMT_OP_SET_DEV_CLASS:
1991 case MGMT_OP_SET_POWERED:
1999 static const u8 bluetooth_base_uuid[] = {
2000 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2001 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2004 static u8 get_uuid_size(const u8 *uuid)
2008 if (memcmp(uuid, bluetooth_base_uuid, 12))
2011 val = get_unaligned_le32(&uuid[12]);
2018 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2020 struct mgmt_pending_cmd *cmd;
2024 cmd = pending_find(mgmt_op, hdev);
2028 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2029 mgmt_status(status), hdev->dev_class, 3);
2031 mgmt_pending_remove(cmd);
2034 hci_dev_unlock(hdev);
2037 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2039 BT_DBG("status 0x%02x", status);
2041 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2044 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2046 struct mgmt_cp_add_uuid *cp = data;
2047 struct mgmt_pending_cmd *cmd;
2048 struct hci_request req;
2049 struct bt_uuid *uuid;
2052 BT_DBG("request for %s", hdev->name);
2056 if (pending_eir_or_class(hdev)) {
2057 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2062 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2068 memcpy(uuid->uuid, cp->uuid, 16);
2069 uuid->svc_hint = cp->svc_hint;
2070 uuid->size = get_uuid_size(cp->uuid);
2072 list_add_tail(&uuid->list, &hdev->uuids);
2074 hci_req_init(&req, hdev);
2076 __hci_req_update_class(&req);
2077 __hci_req_update_eir(&req);
2079 err = hci_req_run(&req, add_uuid_complete);
2081 if (err != -ENODATA)
2084 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2085 hdev->dev_class, 3);
2089 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2098 hci_dev_unlock(hdev);
2102 static bool enable_service_cache(struct hci_dev *hdev)
2104 if (!hdev_is_powered(hdev))
2107 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2108 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2116 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2118 BT_DBG("status 0x%02x", status);
2120 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2123 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2126 struct mgmt_cp_remove_uuid *cp = data;
2127 struct mgmt_pending_cmd *cmd;
2128 struct bt_uuid *match, *tmp;
2129 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2130 struct hci_request req;
2133 BT_DBG("request for %s", hdev->name);
2137 if (pending_eir_or_class(hdev)) {
2138 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2143 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2144 hci_uuids_clear(hdev);
2146 if (enable_service_cache(hdev)) {
2147 err = mgmt_cmd_complete(sk, hdev->id,
2148 MGMT_OP_REMOVE_UUID,
2149 0, hdev->dev_class, 3);
2158 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2159 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2162 list_del(&match->list);
2168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2169 MGMT_STATUS_INVALID_PARAMS);
2174 hci_req_init(&req, hdev);
2176 __hci_req_update_class(&req);
2177 __hci_req_update_eir(&req);
2179 err = hci_req_run(&req, remove_uuid_complete);
2181 if (err != -ENODATA)
2184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2185 hdev->dev_class, 3);
2189 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2198 hci_dev_unlock(hdev);
2202 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2204 BT_DBG("status 0x%02x", status);
2206 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2209 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2212 struct mgmt_cp_set_dev_class *cp = data;
2213 struct mgmt_pending_cmd *cmd;
2214 struct hci_request req;
2217 BT_DBG("request for %s", hdev->name);
2219 if (!lmp_bredr_capable(hdev))
2220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2221 MGMT_STATUS_NOT_SUPPORTED);
2225 if (pending_eir_or_class(hdev)) {
2226 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2231 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2232 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2233 MGMT_STATUS_INVALID_PARAMS);
2237 hdev->major_class = cp->major;
2238 hdev->minor_class = cp->minor;
2240 if (!hdev_is_powered(hdev)) {
2241 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2242 hdev->dev_class, 3);
2246 hci_req_init(&req, hdev);
2248 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2249 hci_dev_unlock(hdev);
2250 cancel_delayed_work_sync(&hdev->service_cache);
2252 __hci_req_update_eir(&req);
2255 __hci_req_update_class(&req);
2257 err = hci_req_run(&req, set_class_complete);
2259 if (err != -ENODATA)
2262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2263 hdev->dev_class, 3);
2267 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2276 hci_dev_unlock(hdev);
2280 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2283 struct mgmt_cp_load_link_keys *cp = data;
2284 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2285 sizeof(struct mgmt_link_key_info));
2286 u16 key_count, expected_len;
2290 BT_DBG("request for %s", hdev->name);
2292 if (!lmp_bredr_capable(hdev))
2293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2294 MGMT_STATUS_NOT_SUPPORTED);
2296 key_count = __le16_to_cpu(cp->key_count);
2297 if (key_count > max_key_count) {
2298 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2300 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2301 MGMT_STATUS_INVALID_PARAMS);
2304 expected_len = sizeof(*cp) + key_count *
2305 sizeof(struct mgmt_link_key_info);
2306 if (expected_len != len) {
2307 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2309 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2310 MGMT_STATUS_INVALID_PARAMS);
2313 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2314 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2315 MGMT_STATUS_INVALID_PARAMS);
2317 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2320 for (i = 0; i < key_count; i++) {
2321 struct mgmt_link_key_info *key = &cp->keys[i];
2323 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2324 return mgmt_cmd_status(sk, hdev->id,
2325 MGMT_OP_LOAD_LINK_KEYS,
2326 MGMT_STATUS_INVALID_PARAMS);
2331 hci_link_keys_clear(hdev);
2334 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2336 changed = hci_dev_test_and_clear_flag(hdev,
2337 HCI_KEEP_DEBUG_KEYS);
2340 new_settings(hdev, NULL);
2342 for (i = 0; i < key_count; i++) {
2343 struct mgmt_link_key_info *key = &cp->keys[i];
2345 /* Always ignore debug keys and require a new pairing if
2346 * the user wants to use them.
2348 if (key->type == HCI_LK_DEBUG_COMBINATION)
2351 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2352 key->type, key->pin_len, NULL);
2355 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2357 hci_dev_unlock(hdev);
2362 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2363 u8 addr_type, struct sock *skip_sk)
2365 struct mgmt_ev_device_unpaired ev;
2367 bacpy(&ev.addr.bdaddr, bdaddr);
2368 ev.addr.type = addr_type;
2370 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2374 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2377 struct mgmt_cp_unpair_device *cp = data;
2378 struct mgmt_rp_unpair_device rp;
2379 struct hci_conn_params *params;
2380 struct mgmt_pending_cmd *cmd;
2381 struct hci_conn *conn;
2385 memset(&rp, 0, sizeof(rp));
2386 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2387 rp.addr.type = cp->addr.type;
2389 if (!bdaddr_type_is_valid(cp->addr.type))
2390 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2391 MGMT_STATUS_INVALID_PARAMS,
2394 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2395 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2396 MGMT_STATUS_INVALID_PARAMS,
2401 if (!hdev_is_powered(hdev)) {
2402 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2403 MGMT_STATUS_NOT_POWERED, &rp,
2408 if (cp->addr.type == BDADDR_BREDR) {
2409 /* If disconnection is requested, then look up the
2410 * connection. If the remote device is connected, it
2411 * will be later used to terminate the link.
2413 * Setting it to NULL explicitly will cause no
2414 * termination of the link.
2417 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2422 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2424 err = mgmt_cmd_complete(sk, hdev->id,
2425 MGMT_OP_UNPAIR_DEVICE,
2426 MGMT_STATUS_NOT_PAIRED, &rp,
2434 /* LE address type */
2435 addr_type = le_addr_type(cp->addr.type);
2437 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2438 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2440 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2441 MGMT_STATUS_NOT_PAIRED, &rp,
2446 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2448 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2453 /* Defer clearing up the connection parameters until closing to
2454 * give a chance of keeping them if a repairing happens.
2456 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2458 /* Disable auto-connection parameters if present */
2459 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2461 if (params->explicit_connect)
2462 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2464 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2467 /* If disconnection is not requested, then clear the connection
2468 * variable so that the link is not terminated.
2470 if (!cp->disconnect)
2474 /* If the connection variable is set, then termination of the
2475 * link is requested.
2478 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2480 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2484 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2491 cmd->cmd_complete = addr_cmd_complete;
2493 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2495 mgmt_pending_remove(cmd);
2498 hci_dev_unlock(hdev);
2502 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2505 struct mgmt_cp_disconnect *cp = data;
2506 struct mgmt_rp_disconnect rp;
2507 struct mgmt_pending_cmd *cmd;
2508 struct hci_conn *conn;
2513 memset(&rp, 0, sizeof(rp));
2514 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2515 rp.addr.type = cp->addr.type;
2517 if (!bdaddr_type_is_valid(cp->addr.type))
2518 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2519 MGMT_STATUS_INVALID_PARAMS,
2524 if (!test_bit(HCI_UP, &hdev->flags)) {
2525 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2526 MGMT_STATUS_NOT_POWERED, &rp,
2531 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2532 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2533 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2537 if (cp->addr.type == BDADDR_BREDR)
2538 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2541 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2542 le_addr_type(cp->addr.type));
2544 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2545 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2546 MGMT_STATUS_NOT_CONNECTED, &rp,
2551 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2557 cmd->cmd_complete = generic_cmd_complete;
2559 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2561 mgmt_pending_remove(cmd);
2564 hci_dev_unlock(hdev);
2568 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2570 switch (link_type) {
2572 switch (addr_type) {
2573 case ADDR_LE_DEV_PUBLIC:
2574 return BDADDR_LE_PUBLIC;
2577 /* Fallback to LE Random address type */
2578 return BDADDR_LE_RANDOM;
2582 /* Fallback to BR/EDR type */
2583 return BDADDR_BREDR;
2587 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2590 struct mgmt_rp_get_connections *rp;
2600 if (!hdev_is_powered(hdev)) {
2601 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2602 MGMT_STATUS_NOT_POWERED);
2607 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2608 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2612 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2613 rp = kmalloc(rp_len, GFP_KERNEL);
2620 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2621 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2623 bacpy(&rp->addr[i].bdaddr, &c->dst);
2624 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2625 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2630 rp->conn_count = cpu_to_le16(i);
2632 /* Recalculate length in case of filtered SCO connections, etc */
2633 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2635 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2641 hci_dev_unlock(hdev);
2645 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2646 struct mgmt_cp_pin_code_neg_reply *cp)
2648 struct mgmt_pending_cmd *cmd;
2651 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2656 cmd->cmd_complete = addr_cmd_complete;
2658 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2659 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2661 mgmt_pending_remove(cmd);
2666 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2669 struct hci_conn *conn;
2670 struct mgmt_cp_pin_code_reply *cp = data;
2671 struct hci_cp_pin_code_reply reply;
2672 struct mgmt_pending_cmd *cmd;
2679 if (!hdev_is_powered(hdev)) {
2680 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2681 MGMT_STATUS_NOT_POWERED);
2685 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2687 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2688 MGMT_STATUS_NOT_CONNECTED);
2692 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2693 struct mgmt_cp_pin_code_neg_reply ncp;
2695 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2697 bt_dev_err(hdev, "PIN code is not 16 bytes long");
2699 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2701 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2702 MGMT_STATUS_INVALID_PARAMS);
2707 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2713 cmd->cmd_complete = addr_cmd_complete;
2715 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2716 reply.pin_len = cp->pin_len;
2717 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2719 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2721 mgmt_pending_remove(cmd);
2724 hci_dev_unlock(hdev);
2728 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2731 struct mgmt_cp_set_io_capability *cp = data;
2735 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2736 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2737 MGMT_STATUS_INVALID_PARAMS);
2741 hdev->io_capability = cp->io_capability;
2743 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2744 hdev->io_capability);
2746 hci_dev_unlock(hdev);
2748 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2752 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2754 struct hci_dev *hdev = conn->hdev;
2755 struct mgmt_pending_cmd *cmd;
2757 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2758 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2761 if (cmd->user_data != conn)
2770 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2772 struct mgmt_rp_pair_device rp;
2773 struct hci_conn *conn = cmd->user_data;
2776 bacpy(&rp.addr.bdaddr, &conn->dst);
2777 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2779 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2780 status, &rp, sizeof(rp));
2782 /* So we don't get further callbacks for this connection */
2783 conn->connect_cfm_cb = NULL;
2784 conn->security_cfm_cb = NULL;
2785 conn->disconn_cfm_cb = NULL;
2787 hci_conn_drop(conn);
2789 /* The device is paired so there is no need to remove
2790 * its connection parameters anymore.
2792 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2799 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2801 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2802 struct mgmt_pending_cmd *cmd;
2804 cmd = find_pairing(conn);
2806 cmd->cmd_complete(cmd, status);
2807 mgmt_pending_remove(cmd);
2811 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2813 struct mgmt_pending_cmd *cmd;
2815 BT_DBG("status %u", status);
2817 cmd = find_pairing(conn);
2819 BT_DBG("Unable to find a pending command");
2823 cmd->cmd_complete(cmd, mgmt_status(status));
2824 mgmt_pending_remove(cmd);
2827 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2829 struct mgmt_pending_cmd *cmd;
2831 BT_DBG("status %u", status);
2836 cmd = find_pairing(conn);
2838 BT_DBG("Unable to find a pending command");
2842 cmd->cmd_complete(cmd, mgmt_status(status));
2843 mgmt_pending_remove(cmd);
2846 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2849 struct mgmt_cp_pair_device *cp = data;
2850 struct mgmt_rp_pair_device rp;
2851 struct mgmt_pending_cmd *cmd;
2852 u8 sec_level, auth_type;
2853 struct hci_conn *conn;
2858 memset(&rp, 0, sizeof(rp));
2859 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2860 rp.addr.type = cp->addr.type;
2862 if (!bdaddr_type_is_valid(cp->addr.type))
2863 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2864 MGMT_STATUS_INVALID_PARAMS,
2867 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2868 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2869 MGMT_STATUS_INVALID_PARAMS,
2874 if (!hdev_is_powered(hdev)) {
2875 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2876 MGMT_STATUS_NOT_POWERED, &rp,
2881 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2882 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2883 MGMT_STATUS_ALREADY_PAIRED, &rp,
2888 sec_level = BT_SECURITY_MEDIUM;
2889 auth_type = HCI_AT_DEDICATED_BONDING;
2891 if (cp->addr.type == BDADDR_BREDR) {
2892 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2895 u8 addr_type = le_addr_type(cp->addr.type);
2896 struct hci_conn_params *p;
2898 /* When pairing a new device, it is expected to remember
2899 * this device for future connections. Adding the connection
2900 * parameter information ahead of time allows tracking
2901 * of the slave preferred values and will speed up any
2902 * further connection establishment.
2904 * If connection parameters already exist, then they
2905 * will be kept and this function does nothing.
2907 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2909 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2910 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2912 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2913 addr_type, sec_level,
2914 HCI_LE_CONN_TIMEOUT);
2920 if (PTR_ERR(conn) == -EBUSY)
2921 status = MGMT_STATUS_BUSY;
2922 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2923 status = MGMT_STATUS_NOT_SUPPORTED;
2924 else if (PTR_ERR(conn) == -ECONNREFUSED)
2925 status = MGMT_STATUS_REJECTED;
2927 status = MGMT_STATUS_CONNECT_FAILED;
2929 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2930 status, &rp, sizeof(rp));
2934 if (conn->connect_cfm_cb) {
2935 hci_conn_drop(conn);
2936 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2937 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2941 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2944 hci_conn_drop(conn);
2948 cmd->cmd_complete = pairing_complete;
2950 /* For LE, just connecting isn't a proof that the pairing finished */
2951 if (cp->addr.type == BDADDR_BREDR) {
2952 conn->connect_cfm_cb = pairing_complete_cb;
2953 conn->security_cfm_cb = pairing_complete_cb;
2954 conn->disconn_cfm_cb = pairing_complete_cb;
2956 conn->connect_cfm_cb = le_pairing_complete_cb;
2957 conn->security_cfm_cb = le_pairing_complete_cb;
2958 conn->disconn_cfm_cb = le_pairing_complete_cb;
2961 conn->io_capability = cp->io_cap;
2962 cmd->user_data = hci_conn_get(conn);
2964 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2965 hci_conn_security(conn, sec_level, auth_type, true)) {
2966 cmd->cmd_complete(cmd, 0);
2967 mgmt_pending_remove(cmd);
2973 hci_dev_unlock(hdev);
2977 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2980 struct mgmt_addr_info *addr = data;
2981 struct mgmt_pending_cmd *cmd;
2982 struct hci_conn *conn;
2989 if (!hdev_is_powered(hdev)) {
2990 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2991 MGMT_STATUS_NOT_POWERED);
2995 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2997 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2998 MGMT_STATUS_INVALID_PARAMS);
3002 conn = cmd->user_data;
3004 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3005 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3006 MGMT_STATUS_INVALID_PARAMS);
3010 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3011 mgmt_pending_remove(cmd);
3013 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3014 addr, sizeof(*addr));
3016 hci_dev_unlock(hdev);
3020 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3021 struct mgmt_addr_info *addr, u16 mgmt_op,
3022 u16 hci_op, __le32 passkey)
3024 struct mgmt_pending_cmd *cmd;
3025 struct hci_conn *conn;
3030 if (!hdev_is_powered(hdev)) {
3031 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3032 MGMT_STATUS_NOT_POWERED, addr,
3037 if (addr->type == BDADDR_BREDR)
3038 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3040 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3041 le_addr_type(addr->type));
3044 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3045 MGMT_STATUS_NOT_CONNECTED, addr,
3050 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3051 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3053 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3054 MGMT_STATUS_SUCCESS, addr,
3057 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3058 MGMT_STATUS_FAILED, addr,
3064 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3070 cmd->cmd_complete = addr_cmd_complete;
3072 /* Continue with pairing via HCI */
3073 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3074 struct hci_cp_user_passkey_reply cp;
3076 bacpy(&cp.bdaddr, &addr->bdaddr);
3077 cp.passkey = passkey;
3078 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3080 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3084 mgmt_pending_remove(cmd);
3087 hci_dev_unlock(hdev);
3091 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3092 void *data, u16 len)
3094 struct mgmt_cp_pin_code_neg_reply *cp = data;
3098 return user_pairing_resp(sk, hdev, &cp->addr,
3099 MGMT_OP_PIN_CODE_NEG_REPLY,
3100 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3103 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3106 struct mgmt_cp_user_confirm_reply *cp = data;
3110 if (len != sizeof(*cp))
3111 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3112 MGMT_STATUS_INVALID_PARAMS);
3114 return user_pairing_resp(sk, hdev, &cp->addr,
3115 MGMT_OP_USER_CONFIRM_REPLY,
3116 HCI_OP_USER_CONFIRM_REPLY, 0);
3119 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3120 void *data, u16 len)
3122 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3126 return user_pairing_resp(sk, hdev, &cp->addr,
3127 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3128 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3131 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3134 struct mgmt_cp_user_passkey_reply *cp = data;
3138 return user_pairing_resp(sk, hdev, &cp->addr,
3139 MGMT_OP_USER_PASSKEY_REPLY,
3140 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3143 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3144 void *data, u16 len)
3146 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3150 return user_pairing_resp(sk, hdev, &cp->addr,
3151 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3152 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3155 static void adv_expire(struct hci_dev *hdev, u32 flags)
3157 struct adv_info *adv_instance;
3158 struct hci_request req;
3161 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3165 /* stop if current instance doesn't need to be changed */
3166 if (!(adv_instance->flags & flags))
3169 cancel_adv_timeout(hdev);
3171 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3175 hci_req_init(&req, hdev);
3176 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3181 hci_req_run(&req, NULL);
3184 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3186 struct mgmt_cp_set_local_name *cp;
3187 struct mgmt_pending_cmd *cmd;
3189 BT_DBG("status 0x%02x", status);
3193 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3200 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3201 mgmt_status(status));
3203 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3206 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3207 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3210 mgmt_pending_remove(cmd);
3213 hci_dev_unlock(hdev);
3216 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3219 struct mgmt_cp_set_local_name *cp = data;
3220 struct mgmt_pending_cmd *cmd;
3221 struct hci_request req;
3228 /* If the old values are the same as the new ones just return a
3229 * direct command complete event.
3231 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3232 !memcmp(hdev->short_name, cp->short_name,
3233 sizeof(hdev->short_name))) {
3234 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3239 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3241 if (!hdev_is_powered(hdev)) {
3242 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3244 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3249 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3250 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3251 ext_info_changed(hdev, sk);
3256 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3262 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3264 hci_req_init(&req, hdev);
3266 if (lmp_bredr_capable(hdev)) {
3267 __hci_req_update_name(&req);
3268 __hci_req_update_eir(&req);
3271 /* The name is stored in the scan response data and so
3272 * no need to udpate the advertising data here.
3274 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3275 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3277 err = hci_req_run(&req, set_name_complete);
3279 mgmt_pending_remove(cmd);
3282 hci_dev_unlock(hdev);
3286 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3289 struct mgmt_cp_set_appearance *cp = data;
3295 if (!lmp_le_capable(hdev))
3296 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3297 MGMT_STATUS_NOT_SUPPORTED);
3299 apperance = le16_to_cpu(cp->appearance);
3303 if (hdev->appearance != apperance) {
3304 hdev->appearance = apperance;
3306 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3307 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3309 ext_info_changed(hdev, sk);
3312 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3315 hci_dev_unlock(hdev);
3320 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3321 void *data, u16 len)
3323 struct mgmt_rp_get_phy_confguration rp;
3325 BT_DBG("sock %p %s", sk, hdev->name);
3329 memset(&rp, 0, sizeof(rp));
3331 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3332 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3333 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3335 hci_dev_unlock(hdev);
3337 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3341 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3343 struct mgmt_ev_phy_configuration_changed ev;
3345 memset(&ev, 0, sizeof(ev));
3347 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3349 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3353 static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3354 u16 opcode, struct sk_buff *skb)
3356 struct mgmt_pending_cmd *cmd;
3358 BT_DBG("status 0x%02x", status);
3362 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3367 mgmt_cmd_status(cmd->sk, hdev->id,
3368 MGMT_OP_SET_PHY_CONFIGURATION,
3369 mgmt_status(status));
3371 mgmt_cmd_complete(cmd->sk, hdev->id,
3372 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3375 mgmt_phy_configuration_changed(hdev, cmd->sk);
3378 mgmt_pending_remove(cmd);
3381 hci_dev_unlock(hdev);
3384 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3385 void *data, u16 len)
3387 struct mgmt_cp_set_phy_confguration *cp = data;
3388 struct hci_cp_le_set_default_phy cp_phy;
3389 struct mgmt_pending_cmd *cmd;
3390 struct hci_request req;
3391 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3392 u16 pkt_type = (HCI_DH1 | HCI_DM1);
3393 bool changed = false;
3396 BT_DBG("sock %p %s", sk, hdev->name);
3398 configurable_phys = get_configurable_phys(hdev);
3399 supported_phys = get_supported_phys(hdev);
3400 selected_phys = __le32_to_cpu(cp->selected_phys);
3402 if (selected_phys & ~supported_phys)
3403 return mgmt_cmd_status(sk, hdev->id,
3404 MGMT_OP_SET_PHY_CONFIGURATION,
3405 MGMT_STATUS_INVALID_PARAMS);
3407 unconfigure_phys = supported_phys & ~configurable_phys;
3409 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3410 return mgmt_cmd_status(sk, hdev->id,
3411 MGMT_OP_SET_PHY_CONFIGURATION,
3412 MGMT_STATUS_INVALID_PARAMS);
3414 if (selected_phys == get_selected_phys(hdev))
3415 return mgmt_cmd_complete(sk, hdev->id,
3416 MGMT_OP_SET_PHY_CONFIGURATION,
3421 if (!hdev_is_powered(hdev)) {
3422 err = mgmt_cmd_status(sk, hdev->id,
3423 MGMT_OP_SET_PHY_CONFIGURATION,
3424 MGMT_STATUS_REJECTED);
3428 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3429 err = mgmt_cmd_status(sk, hdev->id,
3430 MGMT_OP_SET_PHY_CONFIGURATION,
3435 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3436 pkt_type |= (HCI_DH3 | HCI_DM3);
3438 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3440 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3441 pkt_type |= (HCI_DH5 | HCI_DM5);
3443 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3445 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3446 pkt_type &= ~HCI_2DH1;
3448 pkt_type |= HCI_2DH1;
3450 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3451 pkt_type &= ~HCI_2DH3;
3453 pkt_type |= HCI_2DH3;
3455 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3456 pkt_type &= ~HCI_2DH5;
3458 pkt_type |= HCI_2DH5;
3460 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3461 pkt_type &= ~HCI_3DH1;
3463 pkt_type |= HCI_3DH1;
3465 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3466 pkt_type &= ~HCI_3DH3;
3468 pkt_type |= HCI_3DH3;
3470 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3471 pkt_type &= ~HCI_3DH5;
3473 pkt_type |= HCI_3DH5;
3475 if (pkt_type != hdev->pkt_type) {
3476 hdev->pkt_type = pkt_type;
3480 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3481 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
3483 mgmt_phy_configuration_changed(hdev, sk);
3485 err = mgmt_cmd_complete(sk, hdev->id,
3486 MGMT_OP_SET_PHY_CONFIGURATION,
3492 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3499 hci_req_init(&req, hdev);
3501 memset(&cp_phy, 0, sizeof(cp_phy));
3503 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3504 cp_phy.all_phys |= 0x01;
3506 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3507 cp_phy.all_phys |= 0x02;
3509 if (selected_phys & MGMT_PHY_LE_1M_TX)
3510 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3512 if (selected_phys & MGMT_PHY_LE_2M_TX)
3513 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3515 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3516 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3518 if (selected_phys & MGMT_PHY_LE_1M_RX)
3519 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3521 if (selected_phys & MGMT_PHY_LE_2M_RX)
3522 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3524 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3525 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3527 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3529 err = hci_req_run_skb(&req, set_default_phy_complete);
3531 mgmt_pending_remove(cmd);
3534 hci_dev_unlock(hdev);
3539 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3540 u16 opcode, struct sk_buff *skb)
3542 struct mgmt_rp_read_local_oob_data mgmt_rp;
3543 size_t rp_size = sizeof(mgmt_rp);
3544 struct mgmt_pending_cmd *cmd;
3546 BT_DBG("%s status %u", hdev->name, status);
3548 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3552 if (status || !skb) {
3553 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3554 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3558 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3560 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3561 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3563 if (skb->len < sizeof(*rp)) {
3564 mgmt_cmd_status(cmd->sk, hdev->id,
3565 MGMT_OP_READ_LOCAL_OOB_DATA,
3566 MGMT_STATUS_FAILED);
3570 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3571 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3573 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3575 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3577 if (skb->len < sizeof(*rp)) {
3578 mgmt_cmd_status(cmd->sk, hdev->id,
3579 MGMT_OP_READ_LOCAL_OOB_DATA,
3580 MGMT_STATUS_FAILED);
3584 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3585 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3587 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3588 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3591 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3592 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3595 mgmt_pending_remove(cmd);
3598 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3599 void *data, u16 data_len)
3601 struct mgmt_pending_cmd *cmd;
3602 struct hci_request req;
3605 BT_DBG("%s", hdev->name);
3609 if (!hdev_is_powered(hdev)) {
3610 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3611 MGMT_STATUS_NOT_POWERED);
3615 if (!lmp_ssp_capable(hdev)) {
3616 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3617 MGMT_STATUS_NOT_SUPPORTED);
3621 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3622 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3627 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3633 hci_req_init(&req, hdev);
3635 if (bredr_sc_enabled(hdev))
3636 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3638 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3640 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3642 mgmt_pending_remove(cmd);
3645 hci_dev_unlock(hdev);
3649 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3650 void *data, u16 len)
3652 struct mgmt_addr_info *addr = data;
3655 BT_DBG("%s ", hdev->name);
3657 if (!bdaddr_type_is_valid(addr->type))
3658 return mgmt_cmd_complete(sk, hdev->id,
3659 MGMT_OP_ADD_REMOTE_OOB_DATA,
3660 MGMT_STATUS_INVALID_PARAMS,
3661 addr, sizeof(*addr));
3665 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3666 struct mgmt_cp_add_remote_oob_data *cp = data;
3669 if (cp->addr.type != BDADDR_BREDR) {
3670 err = mgmt_cmd_complete(sk, hdev->id,
3671 MGMT_OP_ADD_REMOTE_OOB_DATA,
3672 MGMT_STATUS_INVALID_PARAMS,
3673 &cp->addr, sizeof(cp->addr));
3677 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3678 cp->addr.type, cp->hash,
3679 cp->rand, NULL, NULL);
3681 status = MGMT_STATUS_FAILED;
3683 status = MGMT_STATUS_SUCCESS;
3685 err = mgmt_cmd_complete(sk, hdev->id,
3686 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3687 &cp->addr, sizeof(cp->addr));
3688 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3689 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3690 u8 *rand192, *hash192, *rand256, *hash256;
3693 if (bdaddr_type_is_le(cp->addr.type)) {
3694 /* Enforce zero-valued 192-bit parameters as
3695 * long as legacy SMP OOB isn't implemented.
3697 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3698 memcmp(cp->hash192, ZERO_KEY, 16)) {
3699 err = mgmt_cmd_complete(sk, hdev->id,
3700 MGMT_OP_ADD_REMOTE_OOB_DATA,
3701 MGMT_STATUS_INVALID_PARAMS,
3702 addr, sizeof(*addr));
3709 /* In case one of the P-192 values is set to zero,
3710 * then just disable OOB data for P-192.
3712 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3713 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3717 rand192 = cp->rand192;
3718 hash192 = cp->hash192;
3722 /* In case one of the P-256 values is set to zero, then just
3723 * disable OOB data for P-256.
3725 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3726 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3730 rand256 = cp->rand256;
3731 hash256 = cp->hash256;
3734 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3735 cp->addr.type, hash192, rand192,
3738 status = MGMT_STATUS_FAILED;
3740 status = MGMT_STATUS_SUCCESS;
3742 err = mgmt_cmd_complete(sk, hdev->id,
3743 MGMT_OP_ADD_REMOTE_OOB_DATA,
3744 status, &cp->addr, sizeof(cp->addr));
3746 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
3748 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3749 MGMT_STATUS_INVALID_PARAMS);
3753 hci_dev_unlock(hdev);
3757 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3758 void *data, u16 len)
3760 struct mgmt_cp_remove_remote_oob_data *cp = data;
3764 BT_DBG("%s", hdev->name);
3766 if (cp->addr.type != BDADDR_BREDR)
3767 return mgmt_cmd_complete(sk, hdev->id,
3768 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3769 MGMT_STATUS_INVALID_PARAMS,
3770 &cp->addr, sizeof(cp->addr));
3774 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3775 hci_remote_oob_data_clear(hdev);
3776 status = MGMT_STATUS_SUCCESS;
3780 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3782 status = MGMT_STATUS_INVALID_PARAMS;
3784 status = MGMT_STATUS_SUCCESS;
3787 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3788 status, &cp->addr, sizeof(cp->addr));
3790 hci_dev_unlock(hdev);
3794 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3796 struct mgmt_pending_cmd *cmd;
3798 BT_DBG("status %d", status);
3802 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3804 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3807 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3810 cmd->cmd_complete(cmd, mgmt_status(status));
3811 mgmt_pending_remove(cmd);
3814 hci_dev_unlock(hdev);
3817 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3818 uint8_t *mgmt_status)
3821 case DISCOV_TYPE_LE:
3822 *mgmt_status = mgmt_le_support(hdev);
3826 case DISCOV_TYPE_INTERLEAVED:
3827 *mgmt_status = mgmt_le_support(hdev);
3830 /* Intentional fall-through */
3831 case DISCOV_TYPE_BREDR:
3832 *mgmt_status = mgmt_bredr_support(hdev);
3837 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3844 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3845 u16 op, void *data, u16 len)
3847 struct mgmt_cp_start_discovery *cp = data;
3848 struct mgmt_pending_cmd *cmd;
3852 BT_DBG("%s", hdev->name);
3856 if (!hdev_is_powered(hdev)) {
3857 err = mgmt_cmd_complete(sk, hdev->id, op,
3858 MGMT_STATUS_NOT_POWERED,
3859 &cp->type, sizeof(cp->type));
3863 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3864 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3865 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3866 &cp->type, sizeof(cp->type));
3870 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3871 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3872 &cp->type, sizeof(cp->type));
3876 /* Clear the discovery filter first to free any previously
3877 * allocated memory for the UUID list.
3879 hci_discovery_filter_clear(hdev);
3881 hdev->discovery.type = cp->type;
3882 hdev->discovery.report_invalid_rssi = false;
3883 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3884 hdev->discovery.limited = true;
3886 hdev->discovery.limited = false;
3888 cmd = mgmt_pending_add(sk, op, hdev, data, len);
3894 cmd->cmd_complete = generic_cmd_complete;
3896 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3897 queue_work(hdev->req_workqueue, &hdev->discov_update);
3901 hci_dev_unlock(hdev);
3905 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3906 void *data, u16 len)
3908 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3912 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3913 void *data, u16 len)
3915 return start_discovery_internal(sk, hdev,
3916 MGMT_OP_START_LIMITED_DISCOVERY,
3920 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3923 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3927 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3928 void *data, u16 len)
3930 struct mgmt_cp_start_service_discovery *cp = data;
3931 struct mgmt_pending_cmd *cmd;
3932 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3933 u16 uuid_count, expected_len;
3937 BT_DBG("%s", hdev->name);
3941 if (!hdev_is_powered(hdev)) {
3942 err = mgmt_cmd_complete(sk, hdev->id,
3943 MGMT_OP_START_SERVICE_DISCOVERY,
3944 MGMT_STATUS_NOT_POWERED,
3945 &cp->type, sizeof(cp->type));
3949 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3950 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3951 err = mgmt_cmd_complete(sk, hdev->id,
3952 MGMT_OP_START_SERVICE_DISCOVERY,
3953 MGMT_STATUS_BUSY, &cp->type,
3958 uuid_count = __le16_to_cpu(cp->uuid_count);
3959 if (uuid_count > max_uuid_count) {
3960 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
3962 err = mgmt_cmd_complete(sk, hdev->id,
3963 MGMT_OP_START_SERVICE_DISCOVERY,
3964 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3969 expected_len = sizeof(*cp) + uuid_count * 16;
3970 if (expected_len != len) {
3971 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
3973 err = mgmt_cmd_complete(sk, hdev->id,
3974 MGMT_OP_START_SERVICE_DISCOVERY,
3975 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3980 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3981 err = mgmt_cmd_complete(sk, hdev->id,
3982 MGMT_OP_START_SERVICE_DISCOVERY,
3983 status, &cp->type, sizeof(cp->type));
3987 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3994 cmd->cmd_complete = service_discovery_cmd_complete;
3996 /* Clear the discovery filter first to free any previously
3997 * allocated memory for the UUID list.
3999 hci_discovery_filter_clear(hdev);
4001 hdev->discovery.result_filtering = true;
4002 hdev->discovery.type = cp->type;
4003 hdev->discovery.rssi = cp->rssi;
4004 hdev->discovery.uuid_count = uuid_count;
4006 if (uuid_count > 0) {
4007 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4009 if (!hdev->discovery.uuids) {
4010 err = mgmt_cmd_complete(sk, hdev->id,
4011 MGMT_OP_START_SERVICE_DISCOVERY,
4013 &cp->type, sizeof(cp->type));
4014 mgmt_pending_remove(cmd);
4019 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4020 queue_work(hdev->req_workqueue, &hdev->discov_update);
4024 hci_dev_unlock(hdev);
4028 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
4030 struct mgmt_pending_cmd *cmd;
4032 BT_DBG("status %d", status);
4036 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4038 cmd->cmd_complete(cmd, mgmt_status(status));
4039 mgmt_pending_remove(cmd);
4042 hci_dev_unlock(hdev);
4045 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4048 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4049 struct mgmt_pending_cmd *cmd;
4052 BT_DBG("%s", hdev->name);
4056 if (!hci_discovery_active(hdev)) {
4057 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4058 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4059 sizeof(mgmt_cp->type));
4063 if (hdev->discovery.type != mgmt_cp->type) {
4064 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4065 MGMT_STATUS_INVALID_PARAMS,
4066 &mgmt_cp->type, sizeof(mgmt_cp->type));
4070 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4076 cmd->cmd_complete = generic_cmd_complete;
4078 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4079 queue_work(hdev->req_workqueue, &hdev->discov_update);
4083 hci_dev_unlock(hdev);
4087 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4090 struct mgmt_cp_confirm_name *cp = data;
4091 struct inquiry_entry *e;
4094 BT_DBG("%s", hdev->name);
4098 if (!hci_discovery_active(hdev)) {
4099 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4100 MGMT_STATUS_FAILED, &cp->addr,
4105 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4107 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4108 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4113 if (cp->name_known) {
4114 e->name_state = NAME_KNOWN;
4117 e->name_state = NAME_NEEDED;
4118 hci_inquiry_cache_update_resolve(hdev, e);
4121 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4122 &cp->addr, sizeof(cp->addr));
4125 hci_dev_unlock(hdev);
4129 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4132 struct mgmt_cp_block_device *cp = data;
4136 BT_DBG("%s", hdev->name);
4138 if (!bdaddr_type_is_valid(cp->addr.type))
4139 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4140 MGMT_STATUS_INVALID_PARAMS,
4141 &cp->addr, sizeof(cp->addr));
4145 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4148 status = MGMT_STATUS_FAILED;
4152 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4154 status = MGMT_STATUS_SUCCESS;
4157 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4158 &cp->addr, sizeof(cp->addr));
4160 hci_dev_unlock(hdev);
4165 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4168 struct mgmt_cp_unblock_device *cp = data;
4172 BT_DBG("%s", hdev->name);
4174 if (!bdaddr_type_is_valid(cp->addr.type))
4175 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4176 MGMT_STATUS_INVALID_PARAMS,
4177 &cp->addr, sizeof(cp->addr));
4181 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4184 status = MGMT_STATUS_INVALID_PARAMS;
4188 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4190 status = MGMT_STATUS_SUCCESS;
4193 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4194 &cp->addr, sizeof(cp->addr));
4196 hci_dev_unlock(hdev);
4201 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4204 struct mgmt_cp_set_device_id *cp = data;
4205 struct hci_request req;
4209 BT_DBG("%s", hdev->name);
4211 source = __le16_to_cpu(cp->source);
4213 if (source > 0x0002)
4214 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4215 MGMT_STATUS_INVALID_PARAMS);
4219 hdev->devid_source = source;
4220 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4221 hdev->devid_product = __le16_to_cpu(cp->product);
4222 hdev->devid_version = __le16_to_cpu(cp->version);
4224 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4227 hci_req_init(&req, hdev);
4228 __hci_req_update_eir(&req);
4229 hci_req_run(&req, NULL);
4231 hci_dev_unlock(hdev);
4236 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4239 BT_DBG("status %d", status);
4242 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4245 struct cmd_lookup match = { NULL, hdev };
4246 struct hci_request req;
4248 struct adv_info *adv_instance;
4254 u8 mgmt_err = mgmt_status(status);
4256 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4257 cmd_status_rsp, &mgmt_err);
4261 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4262 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4264 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4266 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4269 new_settings(hdev, match.sk);
4274 /* If "Set Advertising" was just disabled and instance advertising was
4275 * set up earlier, then re-enable multi-instance advertising.
4277 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4278 list_empty(&hdev->adv_instances))
4281 instance = hdev->cur_adv_instance;
4283 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4284 struct adv_info, list);
4288 instance = adv_instance->instance;
4291 hci_req_init(&req, hdev);
4293 err = __hci_req_schedule_adv_instance(&req, instance, true);
4296 err = hci_req_run(&req, enable_advertising_instance);
4299 bt_dev_err(hdev, "failed to re-configure advertising");
4302 hci_dev_unlock(hdev);
4305 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4308 struct mgmt_mode *cp = data;
4309 struct mgmt_pending_cmd *cmd;
4310 struct hci_request req;
4314 BT_DBG("request for %s", hdev->name);
4316 status = mgmt_le_support(hdev);
4318 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4321 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4322 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4323 MGMT_STATUS_INVALID_PARAMS);
4329 /* The following conditions are ones which mean that we should
4330 * not do any HCI communication but directly send a mgmt
4331 * response to user space (after toggling the flag if
4334 if (!hdev_is_powered(hdev) ||
4335 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4336 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4337 hci_conn_num(hdev, LE_LINK) > 0 ||
4338 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4339 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4343 hdev->cur_adv_instance = 0x00;
4344 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4345 if (cp->val == 0x02)
4346 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4348 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4350 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4351 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4354 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4359 err = new_settings(hdev, sk);
4364 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4365 pending_find(MGMT_OP_SET_LE, hdev)) {
4366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4371 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4377 hci_req_init(&req, hdev);
4379 if (cp->val == 0x02)
4380 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4382 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4384 cancel_adv_timeout(hdev);
4387 /* Switch to instance "0" for the Set Advertising setting.
4388 * We cannot use update_[adv|scan_rsp]_data() here as the
4389 * HCI_ADVERTISING flag is not yet set.
4391 hdev->cur_adv_instance = 0x00;
4393 if (ext_adv_capable(hdev)) {
4394 __hci_req_start_ext_adv(&req, 0x00);
4396 __hci_req_update_adv_data(&req, 0x00);
4397 __hci_req_update_scan_rsp_data(&req, 0x00);
4398 __hci_req_enable_advertising(&req);
4401 __hci_req_disable_advertising(&req);
4404 err = hci_req_run(&req, set_advertising_complete);
4406 mgmt_pending_remove(cmd);
4409 hci_dev_unlock(hdev);
4413 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4414 void *data, u16 len)
4416 struct mgmt_cp_set_static_address *cp = data;
4419 BT_DBG("%s", hdev->name);
4421 if (!lmp_le_capable(hdev))
4422 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4423 MGMT_STATUS_NOT_SUPPORTED);
4425 if (hdev_is_powered(hdev))
4426 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4427 MGMT_STATUS_REJECTED);
4429 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4430 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4431 return mgmt_cmd_status(sk, hdev->id,
4432 MGMT_OP_SET_STATIC_ADDRESS,
4433 MGMT_STATUS_INVALID_PARAMS);
4435 /* Two most significant bits shall be set */
4436 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4437 return mgmt_cmd_status(sk, hdev->id,
4438 MGMT_OP_SET_STATIC_ADDRESS,
4439 MGMT_STATUS_INVALID_PARAMS);
4444 bacpy(&hdev->static_addr, &cp->bdaddr);
4446 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4450 err = new_settings(hdev, sk);
4453 hci_dev_unlock(hdev);
4457 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4458 void *data, u16 len)
4460 struct mgmt_cp_set_scan_params *cp = data;
4461 __u16 interval, window;
4464 BT_DBG("%s", hdev->name);
4466 if (!lmp_le_capable(hdev))
4467 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4468 MGMT_STATUS_NOT_SUPPORTED);
4470 interval = __le16_to_cpu(cp->interval);
4472 if (interval < 0x0004 || interval > 0x4000)
4473 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4474 MGMT_STATUS_INVALID_PARAMS);
4476 window = __le16_to_cpu(cp->window);
4478 if (window < 0x0004 || window > 0x4000)
4479 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4480 MGMT_STATUS_INVALID_PARAMS);
4482 if (window > interval)
4483 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4484 MGMT_STATUS_INVALID_PARAMS);
4488 hdev->le_scan_interval = interval;
4489 hdev->le_scan_window = window;
4491 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4494 /* If background scan is running, restart it so new parameters are
4497 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4498 hdev->discovery.state == DISCOVERY_STOPPED) {
4499 struct hci_request req;
4501 hci_req_init(&req, hdev);
4503 hci_req_add_le_scan_disable(&req);
4504 hci_req_add_le_passive_scan(&req);
4506 hci_req_run(&req, NULL);
4509 hci_dev_unlock(hdev);
4514 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4517 struct mgmt_pending_cmd *cmd;
4519 BT_DBG("status 0x%02x", status);
4523 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4528 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4529 mgmt_status(status));
4531 struct mgmt_mode *cp = cmd->param;
4534 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4536 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4538 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4539 new_settings(hdev, cmd->sk);
4542 mgmt_pending_remove(cmd);
4545 hci_dev_unlock(hdev);
4548 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4549 void *data, u16 len)
4551 struct mgmt_mode *cp = data;
4552 struct mgmt_pending_cmd *cmd;
4553 struct hci_request req;
4556 BT_DBG("%s", hdev->name);
4558 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4559 hdev->hci_ver < BLUETOOTH_VER_1_2)
4560 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4561 MGMT_STATUS_NOT_SUPPORTED);
4563 if (cp->val != 0x00 && cp->val != 0x01)
4564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4565 MGMT_STATUS_INVALID_PARAMS);
4569 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4570 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4575 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4576 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4581 if (!hdev_is_powered(hdev)) {
4582 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4583 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4585 new_settings(hdev, sk);
4589 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4596 hci_req_init(&req, hdev);
4598 __hci_req_write_fast_connectable(&req, cp->val);
4600 err = hci_req_run(&req, fast_connectable_complete);
4602 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4603 MGMT_STATUS_FAILED);
4604 mgmt_pending_remove(cmd);
4608 hci_dev_unlock(hdev);
4613 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4615 struct mgmt_pending_cmd *cmd;
4617 BT_DBG("status 0x%02x", status);
4621 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4626 u8 mgmt_err = mgmt_status(status);
4628 /* We need to restore the flag if related HCI commands
4631 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4633 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4635 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4636 new_settings(hdev, cmd->sk);
4639 mgmt_pending_remove(cmd);
4642 hci_dev_unlock(hdev);
4645 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4647 struct mgmt_mode *cp = data;
4648 struct mgmt_pending_cmd *cmd;
4649 struct hci_request req;
4652 BT_DBG("request for %s", hdev->name);
4654 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4655 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4656 MGMT_STATUS_NOT_SUPPORTED);
4658 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4659 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4660 MGMT_STATUS_REJECTED);
4662 if (cp->val != 0x00 && cp->val != 0x01)
4663 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4664 MGMT_STATUS_INVALID_PARAMS);
4668 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4669 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4673 if (!hdev_is_powered(hdev)) {
4675 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4676 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4677 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4678 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4679 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4682 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4684 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4688 err = new_settings(hdev, sk);
4692 /* Reject disabling when powered on */
4694 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4695 MGMT_STATUS_REJECTED);
4698 /* When configuring a dual-mode controller to operate
4699 * with LE only and using a static address, then switching
4700 * BR/EDR back on is not allowed.
4702 * Dual-mode controllers shall operate with the public
4703 * address as its identity address for BR/EDR and LE. So
4704 * reject the attempt to create an invalid configuration.
4706 * The same restrictions applies when secure connections
4707 * has been enabled. For BR/EDR this is a controller feature
4708 * while for LE it is a host stack feature. This means that
4709 * switching BR/EDR back on when secure connections has been
4710 * enabled is not a supported transaction.
4712 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4713 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4714 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4715 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4716 MGMT_STATUS_REJECTED);
4721 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4722 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4727 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4733 /* We need to flip the bit already here so that
4734 * hci_req_update_adv_data generates the correct flags.
4736 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4738 hci_req_init(&req, hdev);
4740 __hci_req_write_fast_connectable(&req, false);
4741 __hci_req_update_scan(&req);
4743 /* Since only the advertising data flags will change, there
4744 * is no need to update the scan response data.
4746 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4748 err = hci_req_run(&req, set_bredr_complete);
4750 mgmt_pending_remove(cmd);
4753 hci_dev_unlock(hdev);
4757 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4759 struct mgmt_pending_cmd *cmd;
4760 struct mgmt_mode *cp;
4762 BT_DBG("%s status %u", hdev->name, status);
4766 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4771 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4772 mgmt_status(status));
4780 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4781 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4784 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4785 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4788 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4789 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4793 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4794 new_settings(hdev, cmd->sk);
4797 mgmt_pending_remove(cmd);
4799 hci_dev_unlock(hdev);
4802 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4803 void *data, u16 len)
4805 struct mgmt_mode *cp = data;
4806 struct mgmt_pending_cmd *cmd;
4807 struct hci_request req;
4811 BT_DBG("request for %s", hdev->name);
4813 if (!lmp_sc_capable(hdev) &&
4814 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4815 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4816 MGMT_STATUS_NOT_SUPPORTED);
4818 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4819 lmp_sc_capable(hdev) &&
4820 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4821 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4822 MGMT_STATUS_REJECTED);
4824 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4825 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4826 MGMT_STATUS_INVALID_PARAMS);
4830 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4831 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4835 changed = !hci_dev_test_and_set_flag(hdev,
4837 if (cp->val == 0x02)
4838 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4840 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4842 changed = hci_dev_test_and_clear_flag(hdev,
4844 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4847 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4852 err = new_settings(hdev, sk);
4857 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4858 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4865 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4866 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4867 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4871 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4877 hci_req_init(&req, hdev);
4878 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4879 err = hci_req_run(&req, sc_enable_complete);
4881 mgmt_pending_remove(cmd);
4886 hci_dev_unlock(hdev);
4890 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4891 void *data, u16 len)
4893 struct mgmt_mode *cp = data;
4894 bool changed, use_changed;
4897 BT_DBG("request for %s", hdev->name);
4899 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4900 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4901 MGMT_STATUS_INVALID_PARAMS);
4906 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4908 changed = hci_dev_test_and_clear_flag(hdev,
4909 HCI_KEEP_DEBUG_KEYS);
4911 if (cp->val == 0x02)
4912 use_changed = !hci_dev_test_and_set_flag(hdev,
4913 HCI_USE_DEBUG_KEYS);
4915 use_changed = hci_dev_test_and_clear_flag(hdev,
4916 HCI_USE_DEBUG_KEYS);
4918 if (hdev_is_powered(hdev) && use_changed &&
4919 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
4920 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4921 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4922 sizeof(mode), &mode);
4925 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4930 err = new_settings(hdev, sk);
4933 hci_dev_unlock(hdev);
4937 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4940 struct mgmt_cp_set_privacy *cp = cp_data;
4944 BT_DBG("request for %s", hdev->name);
4946 if (!lmp_le_capable(hdev))
4947 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4948 MGMT_STATUS_NOT_SUPPORTED);
4950 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
4951 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4952 MGMT_STATUS_INVALID_PARAMS);
4954 if (hdev_is_powered(hdev))
4955 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4956 MGMT_STATUS_REJECTED);
4960 /* If user space supports this command it is also expected to
4961 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4963 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4966 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
4967 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4968 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
4969 hci_adv_instances_set_rpa_expired(hdev, true);
4970 if (cp->privacy == 0x02)
4971 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4973 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4975 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
4976 memset(hdev->irk, 0, sizeof(hdev->irk));
4977 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
4978 hci_adv_instances_set_rpa_expired(hdev, false);
4979 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4982 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4987 err = new_settings(hdev, sk);
4990 hci_dev_unlock(hdev);
4994 static bool irk_is_valid(struct mgmt_irk_info *irk)
4996 switch (irk->addr.type) {
4997 case BDADDR_LE_PUBLIC:
5000 case BDADDR_LE_RANDOM:
5001 /* Two most significant bits shall be set */
5002 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5010 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5013 struct mgmt_cp_load_irks *cp = cp_data;
5014 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5015 sizeof(struct mgmt_irk_info));
5016 u16 irk_count, expected_len;
5019 BT_DBG("request for %s", hdev->name);
5021 if (!lmp_le_capable(hdev))
5022 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5023 MGMT_STATUS_NOT_SUPPORTED);
5025 irk_count = __le16_to_cpu(cp->irk_count);
5026 if (irk_count > max_irk_count) {
5027 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
5029 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5030 MGMT_STATUS_INVALID_PARAMS);
5033 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5034 if (expected_len != len) {
5035 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
5037 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5038 MGMT_STATUS_INVALID_PARAMS);
5041 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5043 for (i = 0; i < irk_count; i++) {
5044 struct mgmt_irk_info *key = &cp->irks[i];
5046 if (!irk_is_valid(key))
5047 return mgmt_cmd_status(sk, hdev->id,
5049 MGMT_STATUS_INVALID_PARAMS);
5054 hci_smp_irks_clear(hdev);
5056 for (i = 0; i < irk_count; i++) {
5057 struct mgmt_irk_info *irk = &cp->irks[i];
5059 hci_add_irk(hdev, &irk->addr.bdaddr,
5060 le_addr_type(irk->addr.type), irk->val,
5064 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5066 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5068 hci_dev_unlock(hdev);
5073 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5075 if (key->master != 0x00 && key->master != 0x01)
5078 switch (key->addr.type) {
5079 case BDADDR_LE_PUBLIC:
5082 case BDADDR_LE_RANDOM:
5083 /* Two most significant bits shall be set */
5084 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5092 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5093 void *cp_data, u16 len)
5095 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5096 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5097 sizeof(struct mgmt_ltk_info));
5098 u16 key_count, expected_len;
5101 BT_DBG("request for %s", hdev->name);
5103 if (!lmp_le_capable(hdev))
5104 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5105 MGMT_STATUS_NOT_SUPPORTED);
5107 key_count = __le16_to_cpu(cp->key_count);
5108 if (key_count > max_key_count) {
5109 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
5111 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5112 MGMT_STATUS_INVALID_PARAMS);
5115 expected_len = sizeof(*cp) + key_count *
5116 sizeof(struct mgmt_ltk_info);
5117 if (expected_len != len) {
5118 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
5120 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5121 MGMT_STATUS_INVALID_PARAMS);
5124 BT_DBG("%s key_count %u", hdev->name, key_count);
5126 for (i = 0; i < key_count; i++) {
5127 struct mgmt_ltk_info *key = &cp->keys[i];
5129 if (!ltk_is_valid(key))
5130 return mgmt_cmd_status(sk, hdev->id,
5131 MGMT_OP_LOAD_LONG_TERM_KEYS,
5132 MGMT_STATUS_INVALID_PARAMS);
5137 hci_smp_ltks_clear(hdev);
5139 for (i = 0; i < key_count; i++) {
5140 struct mgmt_ltk_info *key = &cp->keys[i];
5141 u8 type, authenticated;
5143 switch (key->type) {
5144 case MGMT_LTK_UNAUTHENTICATED:
5145 authenticated = 0x00;
5146 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5148 case MGMT_LTK_AUTHENTICATED:
5149 authenticated = 0x01;
5150 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5152 case MGMT_LTK_P256_UNAUTH:
5153 authenticated = 0x00;
5154 type = SMP_LTK_P256;
5156 case MGMT_LTK_P256_AUTH:
5157 authenticated = 0x01;
5158 type = SMP_LTK_P256;
5160 case MGMT_LTK_P256_DEBUG:
5161 authenticated = 0x00;
5162 type = SMP_LTK_P256_DEBUG;
5168 hci_add_ltk(hdev, &key->addr.bdaddr,
5169 le_addr_type(key->addr.type), type, authenticated,
5170 key->val, key->enc_size, key->ediv, key->rand);
5173 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5176 hci_dev_unlock(hdev);
5181 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5183 struct hci_conn *conn = cmd->user_data;
5184 struct mgmt_rp_get_conn_info rp;
5187 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5189 if (status == MGMT_STATUS_SUCCESS) {
5190 rp.rssi = conn->rssi;
5191 rp.tx_power = conn->tx_power;
5192 rp.max_tx_power = conn->max_tx_power;
5194 rp.rssi = HCI_RSSI_INVALID;
5195 rp.tx_power = HCI_TX_POWER_INVALID;
5196 rp.max_tx_power = HCI_TX_POWER_INVALID;
5199 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5200 status, &rp, sizeof(rp));
5202 hci_conn_drop(conn);
5208 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5211 struct hci_cp_read_rssi *cp;
5212 struct mgmt_pending_cmd *cmd;
5213 struct hci_conn *conn;
5217 BT_DBG("status 0x%02x", hci_status);
5221 /* Commands sent in request are either Read RSSI or Read Transmit Power
5222 * Level so we check which one was last sent to retrieve connection
5223 * handle. Both commands have handle as first parameter so it's safe to
5224 * cast data on the same command struct.
5226 * First command sent is always Read RSSI and we fail only if it fails.
5227 * In other case we simply override error to indicate success as we
5228 * already remembered if TX power value is actually valid.
5230 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5232 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5233 status = MGMT_STATUS_SUCCESS;
5235 status = mgmt_status(hci_status);
5239 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
5243 handle = __le16_to_cpu(cp->handle);
5244 conn = hci_conn_hash_lookup_handle(hdev, handle);
5246 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
5251 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5255 cmd->cmd_complete(cmd, status);
5256 mgmt_pending_remove(cmd);
5259 hci_dev_unlock(hdev);
5262 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5265 struct mgmt_cp_get_conn_info *cp = data;
5266 struct mgmt_rp_get_conn_info rp;
5267 struct hci_conn *conn;
5268 unsigned long conn_info_age;
5271 BT_DBG("%s", hdev->name);
5273 memset(&rp, 0, sizeof(rp));
5274 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5275 rp.addr.type = cp->addr.type;
5277 if (!bdaddr_type_is_valid(cp->addr.type))
5278 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5279 MGMT_STATUS_INVALID_PARAMS,
5284 if (!hdev_is_powered(hdev)) {
5285 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5286 MGMT_STATUS_NOT_POWERED, &rp,
5291 if (cp->addr.type == BDADDR_BREDR)
5292 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5295 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5297 if (!conn || conn->state != BT_CONNECTED) {
5298 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5299 MGMT_STATUS_NOT_CONNECTED, &rp,
5304 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5305 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5306 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5310 /* To avoid client trying to guess when to poll again for information we
5311 * calculate conn info age as random value between min/max set in hdev.
5313 conn_info_age = hdev->conn_info_min_age +
5314 prandom_u32_max(hdev->conn_info_max_age -
5315 hdev->conn_info_min_age);
5317 /* Query controller to refresh cached values if they are too old or were
5320 if (time_after(jiffies, conn->conn_info_timestamp +
5321 msecs_to_jiffies(conn_info_age)) ||
5322 !conn->conn_info_timestamp) {
5323 struct hci_request req;
5324 struct hci_cp_read_tx_power req_txp_cp;
5325 struct hci_cp_read_rssi req_rssi_cp;
5326 struct mgmt_pending_cmd *cmd;
5328 hci_req_init(&req, hdev);
5329 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5330 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5333 /* For LE links TX power does not change thus we don't need to
5334 * query for it once value is known.
5336 if (!bdaddr_type_is_le(cp->addr.type) ||
5337 conn->tx_power == HCI_TX_POWER_INVALID) {
5338 req_txp_cp.handle = cpu_to_le16(conn->handle);
5339 req_txp_cp.type = 0x00;
5340 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5341 sizeof(req_txp_cp), &req_txp_cp);
5344 /* Max TX power needs to be read only once per connection */
5345 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5346 req_txp_cp.handle = cpu_to_le16(conn->handle);
5347 req_txp_cp.type = 0x01;
5348 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5349 sizeof(req_txp_cp), &req_txp_cp);
5352 err = hci_req_run(&req, conn_info_refresh_complete);
5356 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5363 hci_conn_hold(conn);
5364 cmd->user_data = hci_conn_get(conn);
5365 cmd->cmd_complete = conn_info_cmd_complete;
5367 conn->conn_info_timestamp = jiffies;
5369 /* Cache is valid, just reply with values cached in hci_conn */
5370 rp.rssi = conn->rssi;
5371 rp.tx_power = conn->tx_power;
5372 rp.max_tx_power = conn->max_tx_power;
5374 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5375 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5379 hci_dev_unlock(hdev);
5383 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5385 struct hci_conn *conn = cmd->user_data;
5386 struct mgmt_rp_get_clock_info rp;
5387 struct hci_dev *hdev;
5390 memset(&rp, 0, sizeof(rp));
5391 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5396 hdev = hci_dev_get(cmd->index);
5398 rp.local_clock = cpu_to_le32(hdev->clock);
5403 rp.piconet_clock = cpu_to_le32(conn->clock);
5404 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5408 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5412 hci_conn_drop(conn);
5419 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5421 struct hci_cp_read_clock *hci_cp;
5422 struct mgmt_pending_cmd *cmd;
5423 struct hci_conn *conn;
5425 BT_DBG("%s status %u", hdev->name, status);
5429 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5433 if (hci_cp->which) {
5434 u16 handle = __le16_to_cpu(hci_cp->handle);
5435 conn = hci_conn_hash_lookup_handle(hdev, handle);
5440 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5444 cmd->cmd_complete(cmd, mgmt_status(status));
5445 mgmt_pending_remove(cmd);
5448 hci_dev_unlock(hdev);
5451 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5454 struct mgmt_cp_get_clock_info *cp = data;
5455 struct mgmt_rp_get_clock_info rp;
5456 struct hci_cp_read_clock hci_cp;
5457 struct mgmt_pending_cmd *cmd;
5458 struct hci_request req;
5459 struct hci_conn *conn;
5462 BT_DBG("%s", hdev->name);
5464 memset(&rp, 0, sizeof(rp));
5465 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5466 rp.addr.type = cp->addr.type;
5468 if (cp->addr.type != BDADDR_BREDR)
5469 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5470 MGMT_STATUS_INVALID_PARAMS,
5475 if (!hdev_is_powered(hdev)) {
5476 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5477 MGMT_STATUS_NOT_POWERED, &rp,
5482 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5483 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5485 if (!conn || conn->state != BT_CONNECTED) {
5486 err = mgmt_cmd_complete(sk, hdev->id,
5487 MGMT_OP_GET_CLOCK_INFO,
5488 MGMT_STATUS_NOT_CONNECTED,
5496 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5502 cmd->cmd_complete = clock_info_cmd_complete;
5504 hci_req_init(&req, hdev);
5506 memset(&hci_cp, 0, sizeof(hci_cp));
5507 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5510 hci_conn_hold(conn);
5511 cmd->user_data = hci_conn_get(conn);
5513 hci_cp.handle = cpu_to_le16(conn->handle);
5514 hci_cp.which = 0x01; /* Piconet clock */
5515 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5518 err = hci_req_run(&req, get_clock_info_complete);
5520 mgmt_pending_remove(cmd);
5523 hci_dev_unlock(hdev);
5527 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5529 struct hci_conn *conn;
5531 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5535 if (conn->dst_type != type)
5538 if (conn->state != BT_CONNECTED)
5544 /* This function requires the caller holds hdev->lock */
5545 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5546 u8 addr_type, u8 auto_connect)
5548 struct hci_conn_params *params;
5550 params = hci_conn_params_add(hdev, addr, addr_type);
5554 if (params->auto_connect == auto_connect)
5557 list_del_init(¶ms->action);
5559 switch (auto_connect) {
5560 case HCI_AUTO_CONN_DISABLED:
5561 case HCI_AUTO_CONN_LINK_LOSS:
5562 /* If auto connect is being disabled when we're trying to
5563 * connect to device, keep connecting.
5565 if (params->explicit_connect)
5566 list_add(¶ms->action, &hdev->pend_le_conns);
5568 case HCI_AUTO_CONN_REPORT:
5569 if (params->explicit_connect)
5570 list_add(¶ms->action, &hdev->pend_le_conns);
5572 list_add(¶ms->action, &hdev->pend_le_reports);
5574 case HCI_AUTO_CONN_DIRECT:
5575 case HCI_AUTO_CONN_ALWAYS:
5576 if (!is_connected(hdev, addr, addr_type))
5577 list_add(¶ms->action, &hdev->pend_le_conns);
5581 params->auto_connect = auto_connect;
5583 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5589 static void device_added(struct sock *sk, struct hci_dev *hdev,
5590 bdaddr_t *bdaddr, u8 type, u8 action)
5592 struct mgmt_ev_device_added ev;
5594 bacpy(&ev.addr.bdaddr, bdaddr);
5595 ev.addr.type = type;
5598 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5601 static int add_device(struct sock *sk, struct hci_dev *hdev,
5602 void *data, u16 len)
5604 struct mgmt_cp_add_device *cp = data;
5605 u8 auto_conn, addr_type;
5608 BT_DBG("%s", hdev->name);
5610 if (!bdaddr_type_is_valid(cp->addr.type) ||
5611 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5612 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5613 MGMT_STATUS_INVALID_PARAMS,
5614 &cp->addr, sizeof(cp->addr));
5616 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5617 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5618 MGMT_STATUS_INVALID_PARAMS,
5619 &cp->addr, sizeof(cp->addr));
5623 if (cp->addr.type == BDADDR_BREDR) {
5624 /* Only incoming connections action is supported for now */
5625 if (cp->action != 0x01) {
5626 err = mgmt_cmd_complete(sk, hdev->id,
5628 MGMT_STATUS_INVALID_PARAMS,
5629 &cp->addr, sizeof(cp->addr));
5633 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5638 hci_req_update_scan(hdev);
5643 addr_type = le_addr_type(cp->addr.type);
5645 if (cp->action == 0x02)
5646 auto_conn = HCI_AUTO_CONN_ALWAYS;
5647 else if (cp->action == 0x01)
5648 auto_conn = HCI_AUTO_CONN_DIRECT;
5650 auto_conn = HCI_AUTO_CONN_REPORT;
5652 /* Kernel internally uses conn_params with resolvable private
5653 * address, but Add Device allows only identity addresses.
5654 * Make sure it is enforced before calling
5655 * hci_conn_params_lookup.
5657 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5658 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5659 MGMT_STATUS_INVALID_PARAMS,
5660 &cp->addr, sizeof(cp->addr));
5664 /* If the connection parameters don't exist for this device,
5665 * they will be created and configured with defaults.
5667 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5669 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5670 MGMT_STATUS_FAILED, &cp->addr,
5675 hci_update_background_scan(hdev);
5678 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5680 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5681 MGMT_STATUS_SUCCESS, &cp->addr,
5685 hci_dev_unlock(hdev);
5689 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5690 bdaddr_t *bdaddr, u8 type)
5692 struct mgmt_ev_device_removed ev;
5694 bacpy(&ev.addr.bdaddr, bdaddr);
5695 ev.addr.type = type;
5697 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5700 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5701 void *data, u16 len)
5703 struct mgmt_cp_remove_device *cp = data;
5706 BT_DBG("%s", hdev->name);
5710 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5711 struct hci_conn_params *params;
5714 if (!bdaddr_type_is_valid(cp->addr.type)) {
5715 err = mgmt_cmd_complete(sk, hdev->id,
5716 MGMT_OP_REMOVE_DEVICE,
5717 MGMT_STATUS_INVALID_PARAMS,
5718 &cp->addr, sizeof(cp->addr));
5722 if (cp->addr.type == BDADDR_BREDR) {
5723 err = hci_bdaddr_list_del(&hdev->whitelist,
5727 err = mgmt_cmd_complete(sk, hdev->id,
5728 MGMT_OP_REMOVE_DEVICE,
5729 MGMT_STATUS_INVALID_PARAMS,
5735 hci_req_update_scan(hdev);
5737 device_removed(sk, hdev, &cp->addr.bdaddr,
5742 addr_type = le_addr_type(cp->addr.type);
5744 /* Kernel internally uses conn_params with resolvable private
5745 * address, but Remove Device allows only identity addresses.
5746 * Make sure it is enforced before calling
5747 * hci_conn_params_lookup.
5749 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5750 err = mgmt_cmd_complete(sk, hdev->id,
5751 MGMT_OP_REMOVE_DEVICE,
5752 MGMT_STATUS_INVALID_PARAMS,
5753 &cp->addr, sizeof(cp->addr));
5757 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5760 err = mgmt_cmd_complete(sk, hdev->id,
5761 MGMT_OP_REMOVE_DEVICE,
5762 MGMT_STATUS_INVALID_PARAMS,
5763 &cp->addr, sizeof(cp->addr));
5767 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5768 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5769 err = mgmt_cmd_complete(sk, hdev->id,
5770 MGMT_OP_REMOVE_DEVICE,
5771 MGMT_STATUS_INVALID_PARAMS,
5772 &cp->addr, sizeof(cp->addr));
5776 list_del(¶ms->action);
5777 list_del(¶ms->list);
5779 hci_update_background_scan(hdev);
5781 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5783 struct hci_conn_params *p, *tmp;
5784 struct bdaddr_list *b, *btmp;
5786 if (cp->addr.type) {
5787 err = mgmt_cmd_complete(sk, hdev->id,
5788 MGMT_OP_REMOVE_DEVICE,
5789 MGMT_STATUS_INVALID_PARAMS,
5790 &cp->addr, sizeof(cp->addr));
5794 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5795 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5800 hci_req_update_scan(hdev);
5802 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5803 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5805 device_removed(sk, hdev, &p->addr, p->addr_type);
5806 if (p->explicit_connect) {
5807 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5810 list_del(&p->action);
5815 BT_DBG("All LE connection parameters were removed");
5817 hci_update_background_scan(hdev);
5821 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5822 MGMT_STATUS_SUCCESS, &cp->addr,
5825 hci_dev_unlock(hdev);
5829 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5832 struct mgmt_cp_load_conn_param *cp = data;
5833 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5834 sizeof(struct mgmt_conn_param));
5835 u16 param_count, expected_len;
5838 if (!lmp_le_capable(hdev))
5839 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5840 MGMT_STATUS_NOT_SUPPORTED);
5842 param_count = __le16_to_cpu(cp->param_count);
5843 if (param_count > max_param_count) {
5844 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
5846 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5847 MGMT_STATUS_INVALID_PARAMS);
5850 expected_len = sizeof(*cp) + param_count *
5851 sizeof(struct mgmt_conn_param);
5852 if (expected_len != len) {
5853 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
5855 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5856 MGMT_STATUS_INVALID_PARAMS);
5859 BT_DBG("%s param_count %u", hdev->name, param_count);
5863 hci_conn_params_clear_disabled(hdev);
5865 for (i = 0; i < param_count; i++) {
5866 struct mgmt_conn_param *param = &cp->params[i];
5867 struct hci_conn_params *hci_param;
5868 u16 min, max, latency, timeout;
5871 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5874 if (param->addr.type == BDADDR_LE_PUBLIC) {
5875 addr_type = ADDR_LE_DEV_PUBLIC;
5876 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5877 addr_type = ADDR_LE_DEV_RANDOM;
5879 bt_dev_err(hdev, "ignoring invalid connection parameters");
5883 min = le16_to_cpu(param->min_interval);
5884 max = le16_to_cpu(param->max_interval);
5885 latency = le16_to_cpu(param->latency);
5886 timeout = le16_to_cpu(param->timeout);
5888 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5889 min, max, latency, timeout);
5891 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5892 bt_dev_err(hdev, "ignoring invalid connection parameters");
5896 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5899 bt_dev_err(hdev, "failed to add connection parameters");
5903 hci_param->conn_min_interval = min;
5904 hci_param->conn_max_interval = max;
5905 hci_param->conn_latency = latency;
5906 hci_param->supervision_timeout = timeout;
5909 hci_dev_unlock(hdev);
5911 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5915 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5916 void *data, u16 len)
5918 struct mgmt_cp_set_external_config *cp = data;
5922 BT_DBG("%s", hdev->name);
5924 if (hdev_is_powered(hdev))
5925 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5926 MGMT_STATUS_REJECTED);
5928 if (cp->config != 0x00 && cp->config != 0x01)
5929 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5930 MGMT_STATUS_INVALID_PARAMS);
5932 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5933 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5934 MGMT_STATUS_NOT_SUPPORTED);
5939 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
5941 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
5943 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5950 err = new_options(hdev, sk);
5952 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
5953 mgmt_index_removed(hdev);
5955 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
5956 hci_dev_set_flag(hdev, HCI_CONFIG);
5957 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5959 queue_work(hdev->req_workqueue, &hdev->power_on);
5961 set_bit(HCI_RAW, &hdev->flags);
5962 mgmt_index_added(hdev);
5967 hci_dev_unlock(hdev);
5971 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5972 void *data, u16 len)
5974 struct mgmt_cp_set_public_address *cp = data;
5978 BT_DBG("%s", hdev->name);
5980 if (hdev_is_powered(hdev))
5981 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5982 MGMT_STATUS_REJECTED);
5984 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5985 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5986 MGMT_STATUS_INVALID_PARAMS);
5988 if (!hdev->set_bdaddr)
5989 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5990 MGMT_STATUS_NOT_SUPPORTED);
5994 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5995 bacpy(&hdev->public_addr, &cp->bdaddr);
5997 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6004 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6005 err = new_options(hdev, sk);
6007 if (is_configured(hdev)) {
6008 mgmt_index_removed(hdev);
6010 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6012 hci_dev_set_flag(hdev, HCI_CONFIG);
6013 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6015 queue_work(hdev->req_workqueue, &hdev->power_on);
6019 hci_dev_unlock(hdev);
6023 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6024 u16 opcode, struct sk_buff *skb)
6026 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6027 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6028 u8 *h192, *r192, *h256, *r256;
6029 struct mgmt_pending_cmd *cmd;
6033 BT_DBG("%s status %u", hdev->name, status);
6035 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6039 mgmt_cp = cmd->param;
6042 status = mgmt_status(status);
6049 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6050 struct hci_rp_read_local_oob_data *rp;
6052 if (skb->len != sizeof(*rp)) {
6053 status = MGMT_STATUS_FAILED;
6056 status = MGMT_STATUS_SUCCESS;
6057 rp = (void *)skb->data;
6059 eir_len = 5 + 18 + 18;
6066 struct hci_rp_read_local_oob_ext_data *rp;
6068 if (skb->len != sizeof(*rp)) {
6069 status = MGMT_STATUS_FAILED;
6072 status = MGMT_STATUS_SUCCESS;
6073 rp = (void *)skb->data;
6075 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6076 eir_len = 5 + 18 + 18;
6080 eir_len = 5 + 18 + 18 + 18 + 18;
6090 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6097 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6098 hdev->dev_class, 3);
6101 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6102 EIR_SSP_HASH_C192, h192, 16);
6103 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6104 EIR_SSP_RAND_R192, r192, 16);
6108 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6109 EIR_SSP_HASH_C256, h256, 16);
6110 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6111 EIR_SSP_RAND_R256, r256, 16);
6115 mgmt_rp->type = mgmt_cp->type;
6116 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6118 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6119 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6120 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6121 if (err < 0 || status)
6124 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6126 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6127 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6128 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6131 mgmt_pending_remove(cmd);
6134 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6135 struct mgmt_cp_read_local_oob_ext_data *cp)
6137 struct mgmt_pending_cmd *cmd;
6138 struct hci_request req;
6141 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6146 hci_req_init(&req, hdev);
6148 if (bredr_sc_enabled(hdev))
6149 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6151 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6153 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6155 mgmt_pending_remove(cmd);
6162 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6163 void *data, u16 data_len)
6165 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6166 struct mgmt_rp_read_local_oob_ext_data *rp;
6169 u8 status, flags, role, addr[7], hash[16], rand[16];
6172 BT_DBG("%s", hdev->name);
6174 if (hdev_is_powered(hdev)) {
6176 case BIT(BDADDR_BREDR):
6177 status = mgmt_bredr_support(hdev);
6183 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6184 status = mgmt_le_support(hdev);
6188 eir_len = 9 + 3 + 18 + 18 + 3;
6191 status = MGMT_STATUS_INVALID_PARAMS;
6196 status = MGMT_STATUS_NOT_POWERED;
6200 rp_len = sizeof(*rp) + eir_len;
6201 rp = kmalloc(rp_len, GFP_ATOMIC);
6212 case BIT(BDADDR_BREDR):
6213 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6214 err = read_local_ssp_oob_req(hdev, sk, cp);
6215 hci_dev_unlock(hdev);
6219 status = MGMT_STATUS_FAILED;
6222 eir_len = eir_append_data(rp->eir, eir_len,
6224 hdev->dev_class, 3);
6227 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6228 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6229 smp_generate_oob(hdev, hash, rand) < 0) {
6230 hci_dev_unlock(hdev);
6231 status = MGMT_STATUS_FAILED;
6235 /* This should return the active RPA, but since the RPA
6236 * is only programmed on demand, it is really hard to fill
6237 * this in at the moment. For now disallow retrieving
6238 * local out-of-band data when privacy is in use.
6240 * Returning the identity address will not help here since
6241 * pairing happens before the identity resolving key is
6242 * known and thus the connection establishment happens
6243 * based on the RPA and not the identity address.
6245 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6246 hci_dev_unlock(hdev);
6247 status = MGMT_STATUS_REJECTED;
6251 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6252 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6253 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6254 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6255 memcpy(addr, &hdev->static_addr, 6);
6258 memcpy(addr, &hdev->bdaddr, 6);
6262 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6263 addr, sizeof(addr));
6265 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6270 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6271 &role, sizeof(role));
6273 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6274 eir_len = eir_append_data(rp->eir, eir_len,
6276 hash, sizeof(hash));
6278 eir_len = eir_append_data(rp->eir, eir_len,
6280 rand, sizeof(rand));
6283 flags = mgmt_get_adv_discov_flags(hdev);
6285 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6286 flags |= LE_AD_NO_BREDR;
6288 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6289 &flags, sizeof(flags));
6293 hci_dev_unlock(hdev);
6295 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6297 status = MGMT_STATUS_SUCCESS;
6300 rp->type = cp->type;
6301 rp->eir_len = cpu_to_le16(eir_len);
6303 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6304 status, rp, sizeof(*rp) + eir_len);
6305 if (err < 0 || status)
6308 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6309 rp, sizeof(*rp) + eir_len,
6310 HCI_MGMT_OOB_DATA_EVENTS, sk);
6318 static u32 get_supported_adv_flags(struct hci_dev *hdev)
6322 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6323 flags |= MGMT_ADV_FLAG_DISCOV;
6324 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6325 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6326 flags |= MGMT_ADV_FLAG_APPEARANCE;
6327 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
6329 /* In extended adv TX_POWER returned from Set Adv Param
6330 * will be always valid.
6332 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
6333 ext_adv_capable(hdev))
6334 flags |= MGMT_ADV_FLAG_TX_POWER;
6336 if (ext_adv_capable(hdev)) {
6337 flags |= MGMT_ADV_FLAG_SEC_1M;
6339 if (hdev->le_features[1] & HCI_LE_PHY_2M)
6340 flags |= MGMT_ADV_FLAG_SEC_2M;
6342 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
6343 flags |= MGMT_ADV_FLAG_SEC_CODED;
6349 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6350 void *data, u16 data_len)
6352 struct mgmt_rp_read_adv_features *rp;
6355 struct adv_info *adv_instance;
6356 u32 supported_flags;
6359 BT_DBG("%s", hdev->name);
6361 if (!lmp_le_capable(hdev))
6362 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6363 MGMT_STATUS_REJECTED);
6367 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
6368 rp = kmalloc(rp_len, GFP_ATOMIC);
6370 hci_dev_unlock(hdev);
6374 supported_flags = get_supported_adv_flags(hdev);
6376 rp->supported_flags = cpu_to_le32(supported_flags);
6377 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6378 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6379 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6380 rp->num_instances = hdev->adv_instance_cnt;
6382 instance = rp->instance;
6383 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6384 *instance = adv_instance->instance;
6388 hci_dev_unlock(hdev);
6390 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6391 MGMT_STATUS_SUCCESS, rp, rp_len);
6398 static u8 calculate_name_len(struct hci_dev *hdev)
6400 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6402 return append_local_name(hdev, buf, 0);
6405 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6408 u8 max_len = HCI_MAX_AD_LENGTH;
6411 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6412 MGMT_ADV_FLAG_LIMITED_DISCOV |
6413 MGMT_ADV_FLAG_MANAGED_FLAGS))
6416 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6419 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6420 max_len -= calculate_name_len(hdev);
6422 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6429 static bool flags_managed(u32 adv_flags)
6431 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6432 MGMT_ADV_FLAG_LIMITED_DISCOV |
6433 MGMT_ADV_FLAG_MANAGED_FLAGS);
6436 static bool tx_power_managed(u32 adv_flags)
6438 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6441 static bool name_managed(u32 adv_flags)
6443 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6446 static bool appearance_managed(u32 adv_flags)
6448 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6451 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6452 u8 len, bool is_adv_data)
6457 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
6462 /* Make sure that the data is correctly formatted. */
6463 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6466 if (data[i + 1] == EIR_FLAGS &&
6467 (!is_adv_data || flags_managed(adv_flags)))
6470 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6473 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6476 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6479 if (data[i + 1] == EIR_APPEARANCE &&
6480 appearance_managed(adv_flags))
6483 /* If the current field length would exceed the total data
6484 * length, then it's invalid.
6486 if (i + cur_len >= len)
6493 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6496 struct mgmt_pending_cmd *cmd;
6497 struct mgmt_cp_add_advertising *cp;
6498 struct mgmt_rp_add_advertising rp;
6499 struct adv_info *adv_instance, *n;
6502 BT_DBG("status %d", status);
6506 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6508 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6509 if (!adv_instance->pending)
6513 adv_instance->pending = false;
6517 instance = adv_instance->instance;
6519 if (hdev->cur_adv_instance == instance)
6520 cancel_adv_timeout(hdev);
6522 hci_remove_adv_instance(hdev, instance);
6523 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6530 rp.instance = cp->instance;
6533 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6534 mgmt_status(status));
6536 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6537 mgmt_status(status), &rp, sizeof(rp));
6539 mgmt_pending_remove(cmd);
6542 hci_dev_unlock(hdev);
6545 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6546 void *data, u16 data_len)
6548 struct mgmt_cp_add_advertising *cp = data;
6549 struct mgmt_rp_add_advertising rp;
6551 u32 supported_flags, phy_flags;
6553 u16 timeout, duration;
6554 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6555 u8 schedule_instance = 0;
6556 struct adv_info *next_instance;
6558 struct mgmt_pending_cmd *cmd;
6559 struct hci_request req;
6561 BT_DBG("%s", hdev->name);
6563 status = mgmt_le_support(hdev);
6565 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6568 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6570 MGMT_STATUS_INVALID_PARAMS);
6572 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6573 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6574 MGMT_STATUS_INVALID_PARAMS);
6576 flags = __le32_to_cpu(cp->flags);
6577 timeout = __le16_to_cpu(cp->timeout);
6578 duration = __le16_to_cpu(cp->duration);
6580 /* The current implementation only supports a subset of the specified
6581 * flags. Also need to check mutual exclusiveness of sec flags.
6583 supported_flags = get_supported_adv_flags(hdev);
6584 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK;
6585 if (flags & ~supported_flags ||
6586 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
6587 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6588 MGMT_STATUS_INVALID_PARAMS);
6592 if (timeout && !hdev_is_powered(hdev)) {
6593 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6594 MGMT_STATUS_REJECTED);
6598 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6599 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6600 pending_find(MGMT_OP_SET_LE, hdev)) {
6601 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6606 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6607 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6608 cp->scan_rsp_len, false)) {
6609 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6610 MGMT_STATUS_INVALID_PARAMS);
6614 err = hci_add_adv_instance(hdev, cp->instance, flags,
6615 cp->adv_data_len, cp->data,
6617 cp->data + cp->adv_data_len,
6620 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6621 MGMT_STATUS_FAILED);
6625 /* Only trigger an advertising added event if a new instance was
6628 if (hdev->adv_instance_cnt > prev_instance_cnt)
6629 mgmt_advertising_added(sk, hdev, cp->instance);
6631 if (hdev->cur_adv_instance == cp->instance) {
6632 /* If the currently advertised instance is being changed then
6633 * cancel the current advertising and schedule the next
6634 * instance. If there is only one instance then the overridden
6635 * advertising data will be visible right away.
6637 cancel_adv_timeout(hdev);
6639 next_instance = hci_get_next_instance(hdev, cp->instance);
6641 schedule_instance = next_instance->instance;
6642 } else if (!hdev->adv_instance_timeout) {
6643 /* Immediately advertise the new instance if no other
6644 * instance is currently being advertised.
6646 schedule_instance = cp->instance;
6649 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6650 * there is no instance to be advertised then we have no HCI
6651 * communication to make. Simply return.
6653 if (!hdev_is_powered(hdev) ||
6654 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6655 !schedule_instance) {
6656 rp.instance = cp->instance;
6657 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6658 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6662 /* We're good to go, update advertising data, parameters, and start
6665 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6672 hci_req_init(&req, hdev);
6674 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6677 err = hci_req_run(&req, add_advertising_complete);
6680 mgmt_pending_remove(cmd);
6683 hci_dev_unlock(hdev);
6688 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6691 struct mgmt_pending_cmd *cmd;
6692 struct mgmt_cp_remove_advertising *cp;
6693 struct mgmt_rp_remove_advertising rp;
6695 BT_DBG("status %d", status);
6699 /* A failure status here only means that we failed to disable
6700 * advertising. Otherwise, the advertising instance has been removed,
6701 * so report success.
6703 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6708 rp.instance = cp->instance;
6710 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6712 mgmt_pending_remove(cmd);
6715 hci_dev_unlock(hdev);
6718 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6719 void *data, u16 data_len)
6721 struct mgmt_cp_remove_advertising *cp = data;
6722 struct mgmt_rp_remove_advertising rp;
6723 struct mgmt_pending_cmd *cmd;
6724 struct hci_request req;
6727 BT_DBG("%s", hdev->name);
6731 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6732 err = mgmt_cmd_status(sk, hdev->id,
6733 MGMT_OP_REMOVE_ADVERTISING,
6734 MGMT_STATUS_INVALID_PARAMS);
6738 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6739 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6740 pending_find(MGMT_OP_SET_LE, hdev)) {
6741 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6746 if (list_empty(&hdev->adv_instances)) {
6747 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6748 MGMT_STATUS_INVALID_PARAMS);
6752 hci_req_init(&req, hdev);
6754 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6756 if (list_empty(&hdev->adv_instances))
6757 __hci_req_disable_advertising(&req);
6759 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6760 * flag is set or the device isn't powered then we have no HCI
6761 * communication to make. Simply return.
6763 if (skb_queue_empty(&req.cmd_q) ||
6764 !hdev_is_powered(hdev) ||
6765 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6766 hci_req_purge(&req);
6767 rp.instance = cp->instance;
6768 err = mgmt_cmd_complete(sk, hdev->id,
6769 MGMT_OP_REMOVE_ADVERTISING,
6770 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6774 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6781 err = hci_req_run(&req, remove_advertising_complete);
6783 mgmt_pending_remove(cmd);
6786 hci_dev_unlock(hdev);
6791 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6792 void *data, u16 data_len)
6794 struct mgmt_cp_get_adv_size_info *cp = data;
6795 struct mgmt_rp_get_adv_size_info rp;
6796 u32 flags, supported_flags;
6799 BT_DBG("%s", hdev->name);
6801 if (!lmp_le_capable(hdev))
6802 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6803 MGMT_STATUS_REJECTED);
6805 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6806 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6807 MGMT_STATUS_INVALID_PARAMS);
6809 flags = __le32_to_cpu(cp->flags);
6811 /* The current implementation only supports a subset of the specified
6814 supported_flags = get_supported_adv_flags(hdev);
6815 if (flags & ~supported_flags)
6816 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6817 MGMT_STATUS_INVALID_PARAMS);
6819 rp.instance = cp->instance;
6820 rp.flags = cp->flags;
6821 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
6822 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
6824 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6825 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6830 static const struct hci_mgmt_handler mgmt_handlers[] = {
6831 { NULL }, /* 0x0000 (no command) */
6832 { read_version, MGMT_READ_VERSION_SIZE,
6834 HCI_MGMT_UNTRUSTED },
6835 { read_commands, MGMT_READ_COMMANDS_SIZE,
6837 HCI_MGMT_UNTRUSTED },
6838 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6840 HCI_MGMT_UNTRUSTED },
6841 { read_controller_info, MGMT_READ_INFO_SIZE,
6842 HCI_MGMT_UNTRUSTED },
6843 { set_powered, MGMT_SETTING_SIZE },
6844 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6845 { set_connectable, MGMT_SETTING_SIZE },
6846 { set_fast_connectable, MGMT_SETTING_SIZE },
6847 { set_bondable, MGMT_SETTING_SIZE },
6848 { set_link_security, MGMT_SETTING_SIZE },
6849 { set_ssp, MGMT_SETTING_SIZE },
6850 { set_hs, MGMT_SETTING_SIZE },
6851 { set_le, MGMT_SETTING_SIZE },
6852 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6853 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6854 { add_uuid, MGMT_ADD_UUID_SIZE },
6855 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6856 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6858 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6860 { disconnect, MGMT_DISCONNECT_SIZE },
6861 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6862 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6863 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6864 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6865 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6866 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6867 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6868 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6869 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6870 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6871 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6872 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6873 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6875 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6876 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6877 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6878 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6879 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6880 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6881 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6882 { set_advertising, MGMT_SETTING_SIZE },
6883 { set_bredr, MGMT_SETTING_SIZE },
6884 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6885 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6886 { set_secure_conn, MGMT_SETTING_SIZE },
6887 { set_debug_keys, MGMT_SETTING_SIZE },
6888 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6889 { load_irks, MGMT_LOAD_IRKS_SIZE,
6891 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6892 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6893 { add_device, MGMT_ADD_DEVICE_SIZE },
6894 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6895 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6897 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6899 HCI_MGMT_UNTRUSTED },
6900 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6901 HCI_MGMT_UNCONFIGURED |
6902 HCI_MGMT_UNTRUSTED },
6903 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6904 HCI_MGMT_UNCONFIGURED },
6905 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6906 HCI_MGMT_UNCONFIGURED },
6907 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6909 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6910 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6912 HCI_MGMT_UNTRUSTED },
6913 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6914 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6916 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6917 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
6918 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
6919 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6920 HCI_MGMT_UNTRUSTED },
6921 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6922 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
6923 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
6926 void mgmt_index_added(struct hci_dev *hdev)
6928 struct mgmt_ev_ext_index ev;
6930 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6933 switch (hdev->dev_type) {
6935 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6936 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6937 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6940 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6941 HCI_MGMT_INDEX_EVENTS);
6954 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6955 HCI_MGMT_EXT_INDEX_EVENTS);
6958 void mgmt_index_removed(struct hci_dev *hdev)
6960 struct mgmt_ev_ext_index ev;
6961 u8 status = MGMT_STATUS_INVALID_INDEX;
6963 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6966 switch (hdev->dev_type) {
6968 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6970 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6971 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6972 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6975 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6976 HCI_MGMT_INDEX_EVENTS);
6989 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6990 HCI_MGMT_EXT_INDEX_EVENTS);
6993 /* This function requires the caller holds hdev->lock */
6994 static void restart_le_actions(struct hci_dev *hdev)
6996 struct hci_conn_params *p;
6998 list_for_each_entry(p, &hdev->le_conn_params, list) {
6999 /* Needed for AUTO_OFF case where might not "really"
7000 * have been powered off.
7002 list_del_init(&p->action);
7004 switch (p->auto_connect) {
7005 case HCI_AUTO_CONN_DIRECT:
7006 case HCI_AUTO_CONN_ALWAYS:
7007 list_add(&p->action, &hdev->pend_le_conns);
7009 case HCI_AUTO_CONN_REPORT:
7010 list_add(&p->action, &hdev->pend_le_reports);
7018 void mgmt_power_on(struct hci_dev *hdev, int err)
7020 struct cmd_lookup match = { NULL, hdev };
7022 BT_DBG("err %d", err);
7027 restart_le_actions(hdev);
7028 hci_update_background_scan(hdev);
7031 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7033 new_settings(hdev, match.sk);
7038 hci_dev_unlock(hdev);
7041 void __mgmt_power_off(struct hci_dev *hdev)
7043 struct cmd_lookup match = { NULL, hdev };
7044 u8 status, zero_cod[] = { 0, 0, 0 };
7046 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7048 /* If the power off is because of hdev unregistration let
7049 * use the appropriate INVALID_INDEX status. Otherwise use
7050 * NOT_POWERED. We cover both scenarios here since later in
7051 * mgmt_index_removed() any hci_conn callbacks will have already
7052 * been triggered, potentially causing misleading DISCONNECTED
7055 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7056 status = MGMT_STATUS_INVALID_INDEX;
7058 status = MGMT_STATUS_NOT_POWERED;
7060 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7062 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
7063 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7064 zero_cod, sizeof(zero_cod),
7065 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7066 ext_info_changed(hdev, NULL);
7069 new_settings(hdev, match.sk);
7075 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7077 struct mgmt_pending_cmd *cmd;
7080 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7084 if (err == -ERFKILL)
7085 status = MGMT_STATUS_RFKILLED;
7087 status = MGMT_STATUS_FAILED;
7089 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7091 mgmt_pending_remove(cmd);
7094 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7097 struct mgmt_ev_new_link_key ev;
7099 memset(&ev, 0, sizeof(ev));
7101 ev.store_hint = persistent;
7102 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7103 ev.key.addr.type = BDADDR_BREDR;
7104 ev.key.type = key->type;
7105 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7106 ev.key.pin_len = key->pin_len;
7108 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7111 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7113 switch (ltk->type) {
7116 if (ltk->authenticated)
7117 return MGMT_LTK_AUTHENTICATED;
7118 return MGMT_LTK_UNAUTHENTICATED;
7120 if (ltk->authenticated)
7121 return MGMT_LTK_P256_AUTH;
7122 return MGMT_LTK_P256_UNAUTH;
7123 case SMP_LTK_P256_DEBUG:
7124 return MGMT_LTK_P256_DEBUG;
7127 return MGMT_LTK_UNAUTHENTICATED;
7130 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7132 struct mgmt_ev_new_long_term_key ev;
7134 memset(&ev, 0, sizeof(ev));
7136 /* Devices using resolvable or non-resolvable random addresses
7137 * without providing an identity resolving key don't require
7138 * to store long term keys. Their addresses will change the
7141 * Only when a remote device provides an identity address
7142 * make sure the long term key is stored. If the remote
7143 * identity is known, the long term keys are internally
7144 * mapped to the identity address. So allow static random
7145 * and public addresses here.
7147 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7148 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7149 ev.store_hint = 0x00;
7151 ev.store_hint = persistent;
7153 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7154 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7155 ev.key.type = mgmt_ltk_type(key);
7156 ev.key.enc_size = key->enc_size;
7157 ev.key.ediv = key->ediv;
7158 ev.key.rand = key->rand;
7160 if (key->type == SMP_LTK)
7163 /* Make sure we copy only the significant bytes based on the
7164 * encryption key size, and set the rest of the value to zeroes.
7166 memcpy(ev.key.val, key->val, key->enc_size);
7167 memset(ev.key.val + key->enc_size, 0,
7168 sizeof(ev.key.val) - key->enc_size);
7170 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7173 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
7175 struct mgmt_ev_new_irk ev;
7177 memset(&ev, 0, sizeof(ev));
7179 ev.store_hint = persistent;
7181 bacpy(&ev.rpa, &irk->rpa);
7182 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7183 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7184 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7186 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7189 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7192 struct mgmt_ev_new_csrk ev;
7194 memset(&ev, 0, sizeof(ev));
7196 /* Devices using resolvable or non-resolvable random addresses
7197 * without providing an identity resolving key don't require
7198 * to store signature resolving keys. Their addresses will change
7199 * the next time around.
7201 * Only when a remote device provides an identity address
7202 * make sure the signature resolving key is stored. So allow
7203 * static random and public addresses here.
7205 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7206 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7207 ev.store_hint = 0x00;
7209 ev.store_hint = persistent;
7211 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7212 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7213 ev.key.type = csrk->type;
7214 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7216 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7219 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7220 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7221 u16 max_interval, u16 latency, u16 timeout)
7223 struct mgmt_ev_new_conn_param ev;
7225 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7228 memset(&ev, 0, sizeof(ev));
7229 bacpy(&ev.addr.bdaddr, bdaddr);
7230 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7231 ev.store_hint = store_hint;
7232 ev.min_interval = cpu_to_le16(min_interval);
7233 ev.max_interval = cpu_to_le16(max_interval);
7234 ev.latency = cpu_to_le16(latency);
7235 ev.timeout = cpu_to_le16(timeout);
7237 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7240 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7241 u32 flags, u8 *name, u8 name_len)
7244 struct mgmt_ev_device_connected *ev = (void *) buf;
7247 bacpy(&ev->addr.bdaddr, &conn->dst);
7248 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7250 ev->flags = __cpu_to_le32(flags);
7252 /* We must ensure that the EIR Data fields are ordered and
7253 * unique. Keep it simple for now and avoid the problem by not
7254 * adding any BR/EDR data to the LE adv.
7256 if (conn->le_adv_data_len > 0) {
7257 memcpy(&ev->eir[eir_len],
7258 conn->le_adv_data, conn->le_adv_data_len);
7259 eir_len = conn->le_adv_data_len;
7262 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7265 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7266 eir_len = eir_append_data(ev->eir, eir_len,
7268 conn->dev_class, 3);
7271 ev->eir_len = cpu_to_le16(eir_len);
7273 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7274 sizeof(*ev) + eir_len, NULL);
7277 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7279 struct sock **sk = data;
7281 cmd->cmd_complete(cmd, 0);
7286 mgmt_pending_remove(cmd);
7289 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7291 struct hci_dev *hdev = data;
7292 struct mgmt_cp_unpair_device *cp = cmd->param;
7294 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7296 cmd->cmd_complete(cmd, 0);
7297 mgmt_pending_remove(cmd);
7300 bool mgmt_powering_down(struct hci_dev *hdev)
7302 struct mgmt_pending_cmd *cmd;
7303 struct mgmt_mode *cp;
7305 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7316 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7317 u8 link_type, u8 addr_type, u8 reason,
7318 bool mgmt_connected)
7320 struct mgmt_ev_device_disconnected ev;
7321 struct sock *sk = NULL;
7323 /* The connection is still in hci_conn_hash so test for 1
7324 * instead of 0 to know if this is the last one.
7326 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7327 cancel_delayed_work(&hdev->power_off);
7328 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7331 if (!mgmt_connected)
7334 if (link_type != ACL_LINK && link_type != LE_LINK)
7337 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
7339 bacpy(&ev.addr.bdaddr, bdaddr);
7340 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7343 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
7348 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7352 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7353 u8 link_type, u8 addr_type, u8 status)
7355 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7356 struct mgmt_cp_disconnect *cp;
7357 struct mgmt_pending_cmd *cmd;
7359 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7362 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
7368 if (bacmp(bdaddr, &cp->addr.bdaddr))
7371 if (cp->addr.type != bdaddr_type)
7374 cmd->cmd_complete(cmd, mgmt_status(status));
7375 mgmt_pending_remove(cmd);
7378 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7379 u8 addr_type, u8 status)
7381 struct mgmt_ev_connect_failed ev;
7383 /* The connection is still in hci_conn_hash so test for 1
7384 * instead of 0 to know if this is the last one.
7386 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7387 cancel_delayed_work(&hdev->power_off);
7388 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7391 bacpy(&ev.addr.bdaddr, bdaddr);
7392 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7393 ev.status = mgmt_status(status);
7395 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7398 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7400 struct mgmt_ev_pin_code_request ev;
7402 bacpy(&ev.addr.bdaddr, bdaddr);
7403 ev.addr.type = BDADDR_BREDR;
7406 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7409 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7412 struct mgmt_pending_cmd *cmd;
7414 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7418 cmd->cmd_complete(cmd, mgmt_status(status));
7419 mgmt_pending_remove(cmd);
7422 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7425 struct mgmt_pending_cmd *cmd;
7427 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7431 cmd->cmd_complete(cmd, mgmt_status(status));
7432 mgmt_pending_remove(cmd);
7435 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7436 u8 link_type, u8 addr_type, u32 value,
7439 struct mgmt_ev_user_confirm_request ev;
7441 BT_DBG("%s", hdev->name);
7443 bacpy(&ev.addr.bdaddr, bdaddr);
7444 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7445 ev.confirm_hint = confirm_hint;
7446 ev.value = cpu_to_le32(value);
7448 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7452 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7453 u8 link_type, u8 addr_type)
7455 struct mgmt_ev_user_passkey_request ev;
7457 BT_DBG("%s", hdev->name);
7459 bacpy(&ev.addr.bdaddr, bdaddr);
7460 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7462 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7466 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7467 u8 link_type, u8 addr_type, u8 status,
7470 struct mgmt_pending_cmd *cmd;
7472 cmd = pending_find(opcode, hdev);
7476 cmd->cmd_complete(cmd, mgmt_status(status));
7477 mgmt_pending_remove(cmd);
7482 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7483 u8 link_type, u8 addr_type, u8 status)
7485 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7486 status, MGMT_OP_USER_CONFIRM_REPLY);
7489 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7490 u8 link_type, u8 addr_type, u8 status)
7492 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7494 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7497 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7498 u8 link_type, u8 addr_type, u8 status)
7500 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7501 status, MGMT_OP_USER_PASSKEY_REPLY);
7504 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7505 u8 link_type, u8 addr_type, u8 status)
7507 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7509 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7512 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7513 u8 link_type, u8 addr_type, u32 passkey,
7516 struct mgmt_ev_passkey_notify ev;
7518 BT_DBG("%s", hdev->name);
7520 bacpy(&ev.addr.bdaddr, bdaddr);
7521 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7522 ev.passkey = __cpu_to_le32(passkey);
7523 ev.entered = entered;
7525 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7528 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7530 struct mgmt_ev_auth_failed ev;
7531 struct mgmt_pending_cmd *cmd;
7532 u8 status = mgmt_status(hci_status);
7534 bacpy(&ev.addr.bdaddr, &conn->dst);
7535 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7538 cmd = find_pairing(conn);
7540 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7541 cmd ? cmd->sk : NULL);
7544 cmd->cmd_complete(cmd, status);
7545 mgmt_pending_remove(cmd);
7549 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7551 struct cmd_lookup match = { NULL, hdev };
7555 u8 mgmt_err = mgmt_status(status);
7556 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7557 cmd_status_rsp, &mgmt_err);
7561 if (test_bit(HCI_AUTH, &hdev->flags))
7562 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7564 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7566 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7570 new_settings(hdev, match.sk);
7576 static void clear_eir(struct hci_request *req)
7578 struct hci_dev *hdev = req->hdev;
7579 struct hci_cp_write_eir cp;
7581 if (!lmp_ext_inq_capable(hdev))
7584 memset(hdev->eir, 0, sizeof(hdev->eir));
7586 memset(&cp, 0, sizeof(cp));
7588 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7591 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7593 struct cmd_lookup match = { NULL, hdev };
7594 struct hci_request req;
7595 bool changed = false;
7598 u8 mgmt_err = mgmt_status(status);
7600 if (enable && hci_dev_test_and_clear_flag(hdev,
7602 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7603 new_settings(hdev, NULL);
7606 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7612 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7614 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7616 changed = hci_dev_test_and_clear_flag(hdev,
7619 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7622 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7625 new_settings(hdev, match.sk);
7630 hci_req_init(&req, hdev);
7632 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7633 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7634 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7635 sizeof(enable), &enable);
7636 __hci_req_update_eir(&req);
7641 hci_req_run(&req, NULL);
7644 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7646 struct cmd_lookup *match = data;
7648 if (match->sk == NULL) {
7649 match->sk = cmd->sk;
7650 sock_hold(match->sk);
7654 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7657 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7659 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7660 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7661 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7664 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7665 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7666 ext_info_changed(hdev, NULL);
7673 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7675 struct mgmt_cp_set_local_name ev;
7676 struct mgmt_pending_cmd *cmd;
7681 memset(&ev, 0, sizeof(ev));
7682 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7683 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7685 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7687 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7689 /* If this is a HCI command related to powering on the
7690 * HCI dev don't send any mgmt signals.
7692 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7696 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7697 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7698 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7701 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7705 for (i = 0; i < uuid_count; i++) {
7706 if (!memcmp(uuid, uuids[i], 16))
7713 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7717 while (parsed < eir_len) {
7718 u8 field_len = eir[0];
7725 if (eir_len - parsed < field_len + 1)
7729 case EIR_UUID16_ALL:
7730 case EIR_UUID16_SOME:
7731 for (i = 0; i + 3 <= field_len; i += 2) {
7732 memcpy(uuid, bluetooth_base_uuid, 16);
7733 uuid[13] = eir[i + 3];
7734 uuid[12] = eir[i + 2];
7735 if (has_uuid(uuid, uuid_count, uuids))
7739 case EIR_UUID32_ALL:
7740 case EIR_UUID32_SOME:
7741 for (i = 0; i + 5 <= field_len; i += 4) {
7742 memcpy(uuid, bluetooth_base_uuid, 16);
7743 uuid[15] = eir[i + 5];
7744 uuid[14] = eir[i + 4];
7745 uuid[13] = eir[i + 3];
7746 uuid[12] = eir[i + 2];
7747 if (has_uuid(uuid, uuid_count, uuids))
7751 case EIR_UUID128_ALL:
7752 case EIR_UUID128_SOME:
7753 for (i = 0; i + 17 <= field_len; i += 16) {
7754 memcpy(uuid, eir + i + 2, 16);
7755 if (has_uuid(uuid, uuid_count, uuids))
7761 parsed += field_len + 1;
7762 eir += field_len + 1;
7768 static void restart_le_scan(struct hci_dev *hdev)
7770 /* If controller is not scanning we are done. */
7771 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7774 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7775 hdev->discovery.scan_start +
7776 hdev->discovery.scan_duration))
7779 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
7780 DISCOV_LE_RESTART_DELAY);
7783 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7784 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7786 /* If a RSSI threshold has been specified, and
7787 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7788 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7789 * is set, let it through for further processing, as we might need to
7792 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7793 * the results are also dropped.
7795 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7796 (rssi == HCI_RSSI_INVALID ||
7797 (rssi < hdev->discovery.rssi &&
7798 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7801 if (hdev->discovery.uuid_count != 0) {
7802 /* If a list of UUIDs is provided in filter, results with no
7803 * matching UUID should be dropped.
7805 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7806 hdev->discovery.uuids) &&
7807 !eir_has_uuids(scan_rsp, scan_rsp_len,
7808 hdev->discovery.uuid_count,
7809 hdev->discovery.uuids))
7813 /* If duplicate filtering does not report RSSI changes, then restart
7814 * scanning to ensure updated result with updated RSSI values.
7816 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7817 restart_le_scan(hdev);
7819 /* Validate RSSI value against the RSSI threshold once more. */
7820 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7821 rssi < hdev->discovery.rssi)
7828 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7829 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7830 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7833 struct mgmt_ev_device_found *ev = (void *)buf;
7836 /* Don't send events for a non-kernel initiated discovery. With
7837 * LE one exception is if we have pend_le_reports > 0 in which
7838 * case we're doing passive scanning and want these events.
7840 if (!hci_discovery_active(hdev)) {
7841 if (link_type == ACL_LINK)
7843 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7847 if (hdev->discovery.result_filtering) {
7848 /* We are using service discovery */
7849 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7854 if (hdev->discovery.limited) {
7855 /* Check for limited discoverable bit */
7857 if (!(dev_class[1] & 0x20))
7860 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7861 if (!flags || !(flags[0] & LE_AD_LIMITED))
7866 /* Make sure that the buffer is big enough. The 5 extra bytes
7867 * are for the potential CoD field.
7869 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7872 memset(buf, 0, sizeof(buf));
7874 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7875 * RSSI value was reported as 0 when not available. This behavior
7876 * is kept when using device discovery. This is required for full
7877 * backwards compatibility with the API.
7879 * However when using service discovery, the value 127 will be
7880 * returned when the RSSI is not available.
7882 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7883 link_type == ACL_LINK)
7886 bacpy(&ev->addr.bdaddr, bdaddr);
7887 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7889 ev->flags = cpu_to_le32(flags);
7892 /* Copy EIR or advertising data into event */
7893 memcpy(ev->eir, eir, eir_len);
7895 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7897 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7900 if (scan_rsp_len > 0)
7901 /* Append scan response data to event */
7902 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7904 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7905 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7907 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7910 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7911 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7913 struct mgmt_ev_device_found *ev;
7914 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7917 ev = (struct mgmt_ev_device_found *) buf;
7919 memset(buf, 0, sizeof(buf));
7921 bacpy(&ev->addr.bdaddr, bdaddr);
7922 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7925 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7928 ev->eir_len = cpu_to_le16(eir_len);
7930 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7933 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7935 struct mgmt_ev_discovering ev;
7937 BT_DBG("%s discovering %u", hdev->name, discovering);
7939 memset(&ev, 0, sizeof(ev));
7940 ev.type = hdev->discovery.type;
7941 ev.discovering = discovering;
7943 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7946 static struct hci_mgmt_chan chan = {
7947 .channel = HCI_CHANNEL_CONTROL,
7948 .handler_count = ARRAY_SIZE(mgmt_handlers),
7949 .handlers = mgmt_handlers,
7950 .hdev_init = mgmt_init_hdev,
7955 return hci_mgmt_chan_register(&chan);
7958 void mgmt_exit(void)
7960 hci_mgmt_chan_unregister(&chan);
OSDN Git Service
