2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 13
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
111 static const u16 mgmt_events[] = {
112 MGMT_EV_CONTROLLER_ERROR,
114 MGMT_EV_INDEX_REMOVED,
115 MGMT_EV_NEW_SETTINGS,
116 MGMT_EV_CLASS_OF_DEV_CHANGED,
117 MGMT_EV_LOCAL_NAME_CHANGED,
118 MGMT_EV_NEW_LINK_KEY,
119 MGMT_EV_NEW_LONG_TERM_KEY,
120 MGMT_EV_DEVICE_CONNECTED,
121 MGMT_EV_DEVICE_DISCONNECTED,
122 MGMT_EV_CONNECT_FAILED,
123 MGMT_EV_PIN_CODE_REQUEST,
124 MGMT_EV_USER_CONFIRM_REQUEST,
125 MGMT_EV_USER_PASSKEY_REQUEST,
127 MGMT_EV_DEVICE_FOUND,
129 MGMT_EV_DEVICE_BLOCKED,
130 MGMT_EV_DEVICE_UNBLOCKED,
131 MGMT_EV_DEVICE_UNPAIRED,
132 MGMT_EV_PASSKEY_NOTIFY,
135 MGMT_EV_DEVICE_ADDED,
136 MGMT_EV_DEVICE_REMOVED,
137 MGMT_EV_NEW_CONN_PARAM,
138 MGMT_EV_UNCONF_INDEX_ADDED,
139 MGMT_EV_UNCONF_INDEX_REMOVED,
140 MGMT_EV_NEW_CONFIG_OPTIONS,
141 MGMT_EV_EXT_INDEX_ADDED,
142 MGMT_EV_EXT_INDEX_REMOVED,
143 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
144 MGMT_EV_ADVERTISING_ADDED,
145 MGMT_EV_ADVERTISING_REMOVED,
146 MGMT_EV_EXT_INFO_CHANGED,
149 static const u16 mgmt_untrusted_commands[] = {
150 MGMT_OP_READ_INDEX_LIST,
152 MGMT_OP_READ_UNCONF_INDEX_LIST,
153 MGMT_OP_READ_CONFIG_INFO,
154 MGMT_OP_READ_EXT_INDEX_LIST,
155 MGMT_OP_READ_EXT_INFO,
158 static const u16 mgmt_untrusted_events[] = {
160 MGMT_EV_INDEX_REMOVED,
161 MGMT_EV_NEW_SETTINGS,
162 MGMT_EV_CLASS_OF_DEV_CHANGED,
163 MGMT_EV_LOCAL_NAME_CHANGED,
164 MGMT_EV_UNCONF_INDEX_ADDED,
165 MGMT_EV_UNCONF_INDEX_REMOVED,
166 MGMT_EV_NEW_CONFIG_OPTIONS,
167 MGMT_EV_EXT_INDEX_ADDED,
168 MGMT_EV_EXT_INDEX_REMOVED,
169 MGMT_EV_EXT_INFO_CHANGED,
172 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
174 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
175 "\x00\x00\x00\x00\x00\x00\x00\x00"
177 /* HCI to MGMT error code conversion table */
178 static u8 mgmt_status_table[] = {
180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
182 MGMT_STATUS_FAILED, /* Hardware Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
191 MGMT_STATUS_BUSY, /* Command Disallowed */
192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
193 MGMT_STATUS_REJECTED, /* Rejected Security */
194 MGMT_STATUS_REJECTED, /* Rejected Personal */
195 MGMT_STATUS_TIMEOUT, /* Host Timeout */
196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
202 MGMT_STATUS_BUSY, /* Repeated Attempts */
203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
210 MGMT_STATUS_FAILED, /* Unspecified Error */
211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
217 MGMT_STATUS_FAILED, /* Unit Link Key Used */
218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
219 MGMT_STATUS_TIMEOUT, /* Instant Passed */
220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
221 MGMT_STATUS_FAILED, /* Transaction Collision */
222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
223 MGMT_STATUS_REJECTED, /* QoS Rejected */
224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
225 MGMT_STATUS_REJECTED, /* Insufficient Security */
226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
227 MGMT_STATUS_BUSY, /* Role Switch Pending */
228 MGMT_STATUS_FAILED, /* Slot Violation */
229 MGMT_STATUS_FAILED, /* Role Switch Failed */
230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
232 MGMT_STATUS_BUSY, /* Host Busy Pairing */
233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
234 MGMT_STATUS_BUSY, /* Controller Busy */
235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
242 static u8 mgmt_status(u8 hci_status)
244 if (hci_status < ARRAY_SIZE(mgmt_status_table))
245 return mgmt_status_table[hci_status];
247 return MGMT_STATUS_FAILED;
250 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, int flag, struct sock *skip_sk)
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
271 static u8 le_addr_type(u8 mgmt_addr_type)
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
276 return ADDR_LE_DEV_RANDOM;
279 void mgmt_fill_version_info(void *ver)
281 struct mgmt_rp_read_version *rp = ver;
283 rp->version = MGMT_VERSION;
284 rp->revision = cpu_to_le16(MGMT_REVISION);
287 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
290 struct mgmt_rp_read_version rp;
292 BT_DBG("sock %p", sk);
294 mgmt_fill_version_info(&rp);
296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
300 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
303 struct mgmt_rp_read_commands *rp;
304 u16 num_commands, num_events;
308 BT_DBG("sock %p", sk);
310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
311 num_commands = ARRAY_SIZE(mgmt_commands);
312 num_events = ARRAY_SIZE(mgmt_events);
314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
315 num_events = ARRAY_SIZE(mgmt_untrusted_events);
318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
320 rp = kmalloc(rp_size, GFP_KERNEL);
324 rp->num_commands = cpu_to_le16(num_commands);
325 rp->num_events = cpu_to_le16(num_events);
327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
328 __le16 *opcode = rp->opcodes;
330 for (i = 0; i < num_commands; i++, opcode++)
331 put_unaligned_le16(mgmt_commands[i], opcode);
333 for (i = 0; i < num_events; i++, opcode++)
334 put_unaligned_le16(mgmt_events[i], opcode);
336 __le16 *opcode = rp->opcodes;
338 for (i = 0; i < num_commands; i++, opcode++)
339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
341 for (i = 0; i < num_events; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
352 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
355 struct mgmt_rp_read_index_list *rp;
361 BT_DBG("sock %p", sk);
363 read_lock(&hci_dev_list_lock);
366 list_for_each_entry(d, &hci_dev_list, list) {
367 if (d->dev_type == HCI_PRIMARY &&
368 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
372 rp_len = sizeof(*rp) + (2 * count);
373 rp = kmalloc(rp_len, GFP_ATOMIC);
375 read_unlock(&hci_dev_list_lock);
380 list_for_each_entry(d, &hci_dev_list, list) {
381 if (hci_dev_test_flag(d, HCI_SETUP) ||
382 hci_dev_test_flag(d, HCI_CONFIG) ||
383 hci_dev_test_flag(d, HCI_USER_CHANNEL))
386 /* Devices marked as raw-only are neither configured
387 * nor unconfigured controllers.
389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
392 if (d->dev_type == HCI_PRIMARY &&
393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
394 rp->index[count++] = cpu_to_le16(d->id);
395 BT_DBG("Added hci%u", d->id);
399 rp->num_controllers = cpu_to_le16(count);
400 rp_len = sizeof(*rp) + (2 * count);
402 read_unlock(&hci_dev_list_lock);
404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
412 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
413 void *data, u16 data_len)
415 struct mgmt_rp_read_unconf_index_list *rp;
421 BT_DBG("sock %p", sk);
423 read_lock(&hci_dev_list_lock);
426 list_for_each_entry(d, &hci_dev_list, list) {
427 if (d->dev_type == HCI_PRIMARY &&
428 hci_dev_test_flag(d, HCI_UNCONFIGURED))
432 rp_len = sizeof(*rp) + (2 * count);
433 rp = kmalloc(rp_len, GFP_ATOMIC);
435 read_unlock(&hci_dev_list_lock);
440 list_for_each_entry(d, &hci_dev_list, list) {
441 if (hci_dev_test_flag(d, HCI_SETUP) ||
442 hci_dev_test_flag(d, HCI_CONFIG) ||
443 hci_dev_test_flag(d, HCI_USER_CHANNEL))
446 /* Devices marked as raw-only are neither configured
447 * nor unconfigured controllers.
449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
452 if (d->dev_type == HCI_PRIMARY &&
453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
454 rp->index[count++] = cpu_to_le16(d->id);
455 BT_DBG("Added hci%u", d->id);
459 rp->num_controllers = cpu_to_le16(count);
460 rp_len = sizeof(*rp) + (2 * count);
462 read_unlock(&hci_dev_list_lock);
464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
472 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
473 void *data, u16 data_len)
475 struct mgmt_rp_read_ext_index_list *rp;
481 BT_DBG("sock %p", sk);
483 read_lock(&hci_dev_list_lock);
486 list_for_each_entry(d, &hci_dev_list, list) {
487 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
491 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
492 rp = kmalloc(rp_len, GFP_ATOMIC);
494 read_unlock(&hci_dev_list_lock);
499 list_for_each_entry(d, &hci_dev_list, list) {
500 if (hci_dev_test_flag(d, HCI_SETUP) ||
501 hci_dev_test_flag(d, HCI_CONFIG) ||
502 hci_dev_test_flag(d, HCI_USER_CHANNEL))
505 /* Devices marked as raw-only are neither configured
506 * nor unconfigured controllers.
508 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
511 if (d->dev_type == HCI_PRIMARY) {
512 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
513 rp->entry[count].type = 0x01;
515 rp->entry[count].type = 0x00;
516 } else if (d->dev_type == HCI_AMP) {
517 rp->entry[count].type = 0x02;
522 rp->entry[count].bus = d->bus;
523 rp->entry[count++].index = cpu_to_le16(d->id);
524 BT_DBG("Added hci%u", d->id);
527 rp->num_controllers = cpu_to_le16(count);
528 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
530 read_unlock(&hci_dev_list_lock);
532 /* If this command is called at least once, then all the
533 * default index and unconfigured index events are disabled
534 * and from now on only extended index events are used.
536 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
537 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
538 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
540 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
541 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
548 static bool is_configured(struct hci_dev *hdev)
550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
561 static __le32 get_missing_options(struct hci_dev *hdev)
565 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
566 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
567 options |= MGMT_OPTION_EXTERNAL_CONFIG;
569 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
570 !bacmp(&hdev->public_addr, BDADDR_ANY))
571 options |= MGMT_OPTION_PUBLIC_ADDRESS;
573 return cpu_to_le32(options);
576 static int new_options(struct hci_dev *hdev, struct sock *skip)
578 __le32 options = get_missing_options(hdev);
580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
584 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
586 __le32 options = get_missing_options(hdev);
588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
592 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
593 void *data, u16 data_len)
595 struct mgmt_rp_read_config_info rp;
598 BT_DBG("sock %p %s", sk, hdev->name);
602 memset(&rp, 0, sizeof(rp));
603 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
606 options |= MGMT_OPTION_EXTERNAL_CONFIG;
608 if (hdev->set_bdaddr)
609 options |= MGMT_OPTION_PUBLIC_ADDRESS;
611 rp.supported_options = cpu_to_le32(options);
612 rp.missing_options = get_missing_options(hdev);
614 hci_dev_unlock(hdev);
616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
620 static u32 get_supported_settings(struct hci_dev *hdev)
624 settings |= MGMT_SETTING_POWERED;
625 settings |= MGMT_SETTING_BONDABLE;
626 settings |= MGMT_SETTING_DEBUG_KEYS;
627 settings |= MGMT_SETTING_CONNECTABLE;
628 settings |= MGMT_SETTING_DISCOVERABLE;
630 if (lmp_bredr_capable(hdev)) {
631 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
632 settings |= MGMT_SETTING_FAST_CONNECTABLE;
633 settings |= MGMT_SETTING_BREDR;
634 settings |= MGMT_SETTING_LINK_SECURITY;
636 if (lmp_ssp_capable(hdev)) {
637 settings |= MGMT_SETTING_SSP;
638 settings |= MGMT_SETTING_HS;
641 if (lmp_sc_capable(hdev))
642 settings |= MGMT_SETTING_SECURE_CONN;
645 if (lmp_le_capable(hdev)) {
646 settings |= MGMT_SETTING_LE;
647 settings |= MGMT_SETTING_ADVERTISING;
648 settings |= MGMT_SETTING_SECURE_CONN;
649 settings |= MGMT_SETTING_PRIVACY;
650 settings |= MGMT_SETTING_STATIC_ADDRESS;
653 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
655 settings |= MGMT_SETTING_CONFIGURATION;
660 static u32 get_current_settings(struct hci_dev *hdev)
664 if (hdev_is_powered(hdev))
665 settings |= MGMT_SETTING_POWERED;
667 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
668 settings |= MGMT_SETTING_CONNECTABLE;
670 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
671 settings |= MGMT_SETTING_FAST_CONNECTABLE;
673 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
674 settings |= MGMT_SETTING_DISCOVERABLE;
676 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
677 settings |= MGMT_SETTING_BONDABLE;
679 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
680 settings |= MGMT_SETTING_BREDR;
682 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
683 settings |= MGMT_SETTING_LE;
685 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
686 settings |= MGMT_SETTING_LINK_SECURITY;
688 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
689 settings |= MGMT_SETTING_SSP;
691 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
692 settings |= MGMT_SETTING_HS;
694 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
695 settings |= MGMT_SETTING_ADVERTISING;
697 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
698 settings |= MGMT_SETTING_SECURE_CONN;
700 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
701 settings |= MGMT_SETTING_DEBUG_KEYS;
703 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
704 settings |= MGMT_SETTING_PRIVACY;
706 /* The current setting for static address has two purposes. The
707 * first is to indicate if the static address will be used and
708 * the second is to indicate if it is actually set.
710 * This means if the static address is not configured, this flag
711 * will never be set. If the address is configured, then if the
712 * address is actually used decides if the flag is set or not.
714 * For single mode LE only controllers and dual-mode controllers
715 * with BR/EDR disabled, the existence of the static address will
718 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
719 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
720 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
721 if (bacmp(&hdev->static_addr, BDADDR_ANY))
722 settings |= MGMT_SETTING_STATIC_ADDRESS;
728 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
730 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
733 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
734 struct hci_dev *hdev,
737 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
740 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
742 struct mgmt_pending_cmd *cmd;
744 /* If there's a pending mgmt command the flags will not yet have
745 * their final values, so check for this first.
747 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
749 struct mgmt_mode *cp = cmd->param;
751 return LE_AD_GENERAL;
752 else if (cp->val == 0x02)
753 return LE_AD_LIMITED;
755 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
756 return LE_AD_LIMITED;
757 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
758 return LE_AD_GENERAL;
764 bool mgmt_get_connectable(struct hci_dev *hdev)
766 struct mgmt_pending_cmd *cmd;
768 /* If there's a pending mgmt command the flag will not yet have
769 * it's final value, so check for this first.
771 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
773 struct mgmt_mode *cp = cmd->param;
778 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
781 static void service_cache_off(struct work_struct *work)
783 struct hci_dev *hdev = container_of(work, struct hci_dev,
785 struct hci_request req;
787 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
790 hci_req_init(&req, hdev);
794 __hci_req_update_eir(&req);
795 __hci_req_update_class(&req);
797 hci_dev_unlock(hdev);
799 hci_req_run(&req, NULL);
802 static void rpa_expired(struct work_struct *work)
804 struct hci_dev *hdev = container_of(work, struct hci_dev,
806 struct hci_request req;
810 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
812 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
815 /* The generation of a new RPA and programming it into the
816 * controller happens in the hci_req_enable_advertising()
819 hci_req_init(&req, hdev);
820 __hci_req_enable_advertising(&req);
821 hci_req_run(&req, NULL);
824 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
826 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
829 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
830 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
832 /* Non-mgmt controlled devices get this bit set
833 * implicitly so that pairing works for them, however
834 * for mgmt we require user-space to explicitly enable
837 hci_dev_clear_flag(hdev, HCI_BONDABLE);
840 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
841 void *data, u16 data_len)
843 struct mgmt_rp_read_info rp;
845 BT_DBG("sock %p %s", sk, hdev->name);
849 memset(&rp, 0, sizeof(rp));
851 bacpy(&rp.bdaddr, &hdev->bdaddr);
853 rp.version = hdev->hci_ver;
854 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
856 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
857 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
859 memcpy(rp.dev_class, hdev->dev_class, 3);
861 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
862 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
864 hci_dev_unlock(hdev);
866 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
870 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
873 eir[eir_len++] = sizeof(type) + data_len;
874 eir[eir_len++] = type;
875 memcpy(&eir[eir_len], data, data_len);
881 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
882 void *data, u16 data_len)
884 struct mgmt_rp_read_ext_info *rp;
889 BT_DBG("sock %p %s", sk, hdev->name);
893 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
894 eir_len = eir_append_data(buff, eir_len,
898 name_len = strlen(hdev->dev_name);
899 eir_len = eir_append_data(buff, eir_len, EIR_NAME_COMPLETE,
900 hdev->dev_name, name_len);
902 name_len = strlen(hdev->short_name);
903 eir_len = eir_append_data(buff, eir_len, EIR_NAME_SHORT,
904 hdev->short_name, name_len);
906 rp = kzalloc(sizeof(*rp) + eir_len, GFP_KERNEL);
910 rp->eir_len = cpu_to_le16(eir_len);
911 memcpy(rp->eir, buff, eir_len);
913 bacpy(&rp->bdaddr, &hdev->bdaddr);
915 rp->version = hdev->hci_ver;
916 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
918 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
919 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
921 hci_dev_unlock(hdev);
923 /* If this command is called at least once, then the events
924 * for class of device and local name changes are disabled
925 * and only the new extended controller information event
928 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
929 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
930 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
932 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
933 sizeof(*rp) + eir_len);
936 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
938 struct mgmt_ev_ext_info_changed ev;
940 ev.eir_len = cpu_to_le16(0);
942 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, &ev,
943 sizeof(ev), HCI_MGMT_EXT_INFO_EVENTS, skip);
946 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
948 __le32 settings = cpu_to_le32(get_current_settings(hdev));
950 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
954 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
956 BT_DBG("%s status 0x%02x", hdev->name, status);
958 if (hci_conn_count(hdev) == 0) {
959 cancel_delayed_work(&hdev->power_off);
960 queue_work(hdev->req_workqueue, &hdev->power_off.work);
964 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
966 struct mgmt_ev_advertising_added ev;
968 ev.instance = instance;
970 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
973 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
976 struct mgmt_ev_advertising_removed ev;
978 ev.instance = instance;
980 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
983 static void cancel_adv_timeout(struct hci_dev *hdev)
985 if (hdev->adv_instance_timeout) {
986 hdev->adv_instance_timeout = 0;
987 cancel_delayed_work(&hdev->adv_instance_expire);
991 static int clean_up_hci_state(struct hci_dev *hdev)
993 struct hci_request req;
994 struct hci_conn *conn;
998 hci_req_init(&req, hdev);
1000 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1001 test_bit(HCI_PSCAN, &hdev->flags)) {
1003 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1006 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1008 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1009 __hci_req_disable_advertising(&req);
1011 discov_stopped = hci_req_stop_discovery(&req);
1013 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1014 /* 0x15 == Terminated due to Power Off */
1015 __hci_abort_conn(&req, conn, 0x15);
1018 err = hci_req_run(&req, clean_up_hci_complete);
1019 if (!err && discov_stopped)
1020 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1025 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1028 struct mgmt_mode *cp = data;
1029 struct mgmt_pending_cmd *cmd;
1032 BT_DBG("request for %s", hdev->name);
1034 if (cp->val != 0x00 && cp->val != 0x01)
1035 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1036 MGMT_STATUS_INVALID_PARAMS);
1040 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1041 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1046 if (!!cp->val == hdev_is_powered(hdev)) {
1047 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1051 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1058 queue_work(hdev->req_workqueue, &hdev->power_on);
1061 /* Disconnect connections, stop scans, etc */
1062 err = clean_up_hci_state(hdev);
1064 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1065 HCI_POWER_OFF_TIMEOUT);
1067 /* ENODATA means there were no HCI commands queued */
1068 if (err == -ENODATA) {
1069 cancel_delayed_work(&hdev->power_off);
1070 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1076 hci_dev_unlock(hdev);
1080 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1082 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1084 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1085 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1088 int mgmt_new_settings(struct hci_dev *hdev)
1090 return new_settings(hdev, NULL);
1095 struct hci_dev *hdev;
1099 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1101 struct cmd_lookup *match = data;
1103 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1105 list_del(&cmd->list);
1107 if (match->sk == NULL) {
1108 match->sk = cmd->sk;
1109 sock_hold(match->sk);
1112 mgmt_pending_free(cmd);
1115 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1119 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1120 mgmt_pending_remove(cmd);
1123 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1125 if (cmd->cmd_complete) {
1128 cmd->cmd_complete(cmd, *status);
1129 mgmt_pending_remove(cmd);
1134 cmd_status_rsp(cmd, data);
1137 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1139 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1140 cmd->param, cmd->param_len);
1143 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1145 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1146 cmd->param, sizeof(struct mgmt_addr_info));
1149 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1151 if (!lmp_bredr_capable(hdev))
1152 return MGMT_STATUS_NOT_SUPPORTED;
1153 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1154 return MGMT_STATUS_REJECTED;
1156 return MGMT_STATUS_SUCCESS;
1159 static u8 mgmt_le_support(struct hci_dev *hdev)
1161 if (!lmp_le_capable(hdev))
1162 return MGMT_STATUS_NOT_SUPPORTED;
1163 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1164 return MGMT_STATUS_REJECTED;
1166 return MGMT_STATUS_SUCCESS;
1169 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1171 struct mgmt_pending_cmd *cmd;
1173 BT_DBG("status 0x%02x", status);
1177 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1182 u8 mgmt_err = mgmt_status(status);
1183 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1184 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1188 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1189 hdev->discov_timeout > 0) {
1190 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1191 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1194 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1195 new_settings(hdev, cmd->sk);
1198 mgmt_pending_remove(cmd);
1201 hci_dev_unlock(hdev);
1204 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1207 struct mgmt_cp_set_discoverable *cp = data;
1208 struct mgmt_pending_cmd *cmd;
1212 BT_DBG("request for %s", hdev->name);
1214 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1215 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1216 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1217 MGMT_STATUS_REJECTED);
1219 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1221 MGMT_STATUS_INVALID_PARAMS);
1223 timeout = __le16_to_cpu(cp->timeout);
1225 /* Disabling discoverable requires that no timeout is set,
1226 * and enabling limited discoverable requires a timeout.
1228 if ((cp->val == 0x00 && timeout > 0) ||
1229 (cp->val == 0x02 && timeout == 0))
1230 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1231 MGMT_STATUS_INVALID_PARAMS);
1235 if (!hdev_is_powered(hdev) && timeout > 0) {
1236 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1237 MGMT_STATUS_NOT_POWERED);
1241 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1242 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1243 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1248 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1249 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1250 MGMT_STATUS_REJECTED);
1254 if (!hdev_is_powered(hdev)) {
1255 bool changed = false;
1257 /* Setting limited discoverable when powered off is
1258 * not a valid operation since it requires a timeout
1259 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1261 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1262 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1266 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1271 err = new_settings(hdev, sk);
1276 /* If the current mode is the same, then just update the timeout
1277 * value with the new value. And if only the timeout gets updated,
1278 * then no need for any HCI transactions.
1280 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1281 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1282 HCI_LIMITED_DISCOVERABLE)) {
1283 cancel_delayed_work(&hdev->discov_off);
1284 hdev->discov_timeout = timeout;
1286 if (cp->val && hdev->discov_timeout > 0) {
1287 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1288 queue_delayed_work(hdev->req_workqueue,
1289 &hdev->discov_off, to);
1292 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1296 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1302 /* Cancel any potential discoverable timeout that might be
1303 * still active and store new timeout value. The arming of
1304 * the timeout happens in the complete handler.
1306 cancel_delayed_work(&hdev->discov_off);
1307 hdev->discov_timeout = timeout;
1310 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1312 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1314 /* Limited discoverable mode */
1315 if (cp->val == 0x02)
1316 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1318 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1320 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1324 hci_dev_unlock(hdev);
1328 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1330 struct mgmt_pending_cmd *cmd;
1332 BT_DBG("status 0x%02x", status);
1336 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1341 u8 mgmt_err = mgmt_status(status);
1342 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1346 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1347 new_settings(hdev, cmd->sk);
1350 mgmt_pending_remove(cmd);
1353 hci_dev_unlock(hdev);
1356 static int set_connectable_update_settings(struct hci_dev *hdev,
1357 struct sock *sk, u8 val)
1359 bool changed = false;
1362 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1366 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1368 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1369 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1372 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1377 hci_req_update_scan(hdev);
1378 hci_update_background_scan(hdev);
1379 return new_settings(hdev, sk);
1385 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1388 struct mgmt_mode *cp = data;
1389 struct mgmt_pending_cmd *cmd;
1392 BT_DBG("request for %s", hdev->name);
1394 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1395 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1396 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1397 MGMT_STATUS_REJECTED);
1399 if (cp->val != 0x00 && cp->val != 0x01)
1400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1401 MGMT_STATUS_INVALID_PARAMS);
1405 if (!hdev_is_powered(hdev)) {
1406 err = set_connectable_update_settings(hdev, sk, cp->val);
1410 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1411 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1412 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1417 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1424 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1426 if (hdev->discov_timeout > 0)
1427 cancel_delayed_work(&hdev->discov_off);
1429 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1430 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1431 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1434 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1438 hci_dev_unlock(hdev);
1442 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1445 struct mgmt_mode *cp = data;
1449 BT_DBG("request for %s", hdev->name);
1451 if (cp->val != 0x00 && cp->val != 0x01)
1452 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1453 MGMT_STATUS_INVALID_PARAMS);
1458 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1460 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1462 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1467 /* In limited privacy mode the change of bondable mode
1468 * may affect the local advertising address.
1470 if (hdev_is_powered(hdev) &&
1471 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1472 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1473 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1474 queue_work(hdev->req_workqueue,
1475 &hdev->discoverable_update);
1477 err = new_settings(hdev, sk);
1481 hci_dev_unlock(hdev);
1485 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1488 struct mgmt_mode *cp = data;
1489 struct mgmt_pending_cmd *cmd;
1493 BT_DBG("request for %s", hdev->name);
1495 status = mgmt_bredr_support(hdev);
1497 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1500 if (cp->val != 0x00 && cp->val != 0x01)
1501 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1502 MGMT_STATUS_INVALID_PARAMS);
1506 if (!hdev_is_powered(hdev)) {
1507 bool changed = false;
1509 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1510 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1514 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1519 err = new_settings(hdev, sk);
1524 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1525 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1532 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1533 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1537 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1543 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1545 mgmt_pending_remove(cmd);
1550 hci_dev_unlock(hdev);
1554 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1556 struct mgmt_mode *cp = data;
1557 struct mgmt_pending_cmd *cmd;
1561 BT_DBG("request for %s", hdev->name);
1563 status = mgmt_bredr_support(hdev);
1565 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1567 if (!lmp_ssp_capable(hdev))
1568 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1569 MGMT_STATUS_NOT_SUPPORTED);
1571 if (cp->val != 0x00 && cp->val != 0x01)
1572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1573 MGMT_STATUS_INVALID_PARAMS);
1577 if (!hdev_is_powered(hdev)) {
1581 changed = !hci_dev_test_and_set_flag(hdev,
1584 changed = hci_dev_test_and_clear_flag(hdev,
1587 changed = hci_dev_test_and_clear_flag(hdev,
1590 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1593 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1598 err = new_settings(hdev, sk);
1603 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1604 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1609 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1610 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1614 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1620 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1621 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1622 sizeof(cp->val), &cp->val);
1624 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1626 mgmt_pending_remove(cmd);
1631 hci_dev_unlock(hdev);
1635 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1637 struct mgmt_mode *cp = data;
1642 BT_DBG("request for %s", hdev->name);
1644 status = mgmt_bredr_support(hdev);
1646 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1648 if (!lmp_ssp_capable(hdev))
1649 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1650 MGMT_STATUS_NOT_SUPPORTED);
1652 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1653 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1654 MGMT_STATUS_REJECTED);
1656 if (cp->val != 0x00 && cp->val != 0x01)
1657 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1658 MGMT_STATUS_INVALID_PARAMS);
1662 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1663 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1669 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1671 if (hdev_is_powered(hdev)) {
1672 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1673 MGMT_STATUS_REJECTED);
1677 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1680 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1685 err = new_settings(hdev, sk);
1688 hci_dev_unlock(hdev);
1692 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1694 struct cmd_lookup match = { NULL, hdev };
1699 u8 mgmt_err = mgmt_status(status);
1701 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1706 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1708 new_settings(hdev, match.sk);
1713 /* Make sure the controller has a good default for
1714 * advertising data. Restrict the update to when LE
1715 * has actually been enabled. During power on, the
1716 * update in powered_update_hci will take care of it.
1718 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1719 struct hci_request req;
1721 hci_req_init(&req, hdev);
1722 __hci_req_update_adv_data(&req, 0x00);
1723 __hci_req_update_scan_rsp_data(&req, 0x00);
1724 hci_req_run(&req, NULL);
1725 hci_update_background_scan(hdev);
1729 hci_dev_unlock(hdev);
1732 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1734 struct mgmt_mode *cp = data;
1735 struct hci_cp_write_le_host_supported hci_cp;
1736 struct mgmt_pending_cmd *cmd;
1737 struct hci_request req;
1741 BT_DBG("request for %s", hdev->name);
1743 if (!lmp_le_capable(hdev))
1744 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1745 MGMT_STATUS_NOT_SUPPORTED);
1747 if (cp->val != 0x00 && cp->val != 0x01)
1748 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1749 MGMT_STATUS_INVALID_PARAMS);
1751 /* Bluetooth single mode LE only controllers or dual-mode
1752 * controllers configured as LE only devices, do not allow
1753 * switching LE off. These have either LE enabled explicitly
1754 * or BR/EDR has been previously switched off.
1756 * When trying to enable an already enabled LE, then gracefully
1757 * send a positive response. Trying to disable it however will
1758 * result into rejection.
1760 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1761 if (cp->val == 0x01)
1762 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1764 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1765 MGMT_STATUS_REJECTED);
1771 enabled = lmp_host_le_capable(hdev);
1774 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1776 if (!hdev_is_powered(hdev) || val == enabled) {
1777 bool changed = false;
1779 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1780 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1784 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1785 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1789 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1794 err = new_settings(hdev, sk);
1799 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1800 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1801 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1806 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1812 hci_req_init(&req, hdev);
1814 memset(&hci_cp, 0, sizeof(hci_cp));
1818 hci_cp.simul = 0x00;
1820 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1821 __hci_req_disable_advertising(&req);
1824 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1827 err = hci_req_run(&req, le_enable_complete);
1829 mgmt_pending_remove(cmd);
1832 hci_dev_unlock(hdev);
1836 /* This is a helper function to test for pending mgmt commands that can
1837 * cause CoD or EIR HCI commands. We can only allow one such pending
1838 * mgmt command at a time since otherwise we cannot easily track what
1839 * the current values are, will be, and based on that calculate if a new
1840 * HCI command needs to be sent and if yes with what value.
1842 static bool pending_eir_or_class(struct hci_dev *hdev)
1844 struct mgmt_pending_cmd *cmd;
1846 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1847 switch (cmd->opcode) {
1848 case MGMT_OP_ADD_UUID:
1849 case MGMT_OP_REMOVE_UUID:
1850 case MGMT_OP_SET_DEV_CLASS:
1851 case MGMT_OP_SET_POWERED:
1859 static const u8 bluetooth_base_uuid[] = {
1860 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1861 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1864 static u8 get_uuid_size(const u8 *uuid)
1868 if (memcmp(uuid, bluetooth_base_uuid, 12))
1871 val = get_unaligned_le32(&uuid[12]);
1878 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1880 struct mgmt_pending_cmd *cmd;
1884 cmd = pending_find(mgmt_op, hdev);
1888 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
1889 mgmt_status(status), hdev->dev_class, 3);
1891 mgmt_pending_remove(cmd);
1894 hci_dev_unlock(hdev);
1897 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1899 BT_DBG("status 0x%02x", status);
1901 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1904 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1906 struct mgmt_cp_add_uuid *cp = data;
1907 struct mgmt_pending_cmd *cmd;
1908 struct hci_request req;
1909 struct bt_uuid *uuid;
1912 BT_DBG("request for %s", hdev->name);
1916 if (pending_eir_or_class(hdev)) {
1917 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1922 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1928 memcpy(uuid->uuid, cp->uuid, 16);
1929 uuid->svc_hint = cp->svc_hint;
1930 uuid->size = get_uuid_size(cp->uuid);
1932 list_add_tail(&uuid->list, &hdev->uuids);
1934 hci_req_init(&req, hdev);
1936 __hci_req_update_class(&req);
1937 __hci_req_update_eir(&req);
1939 err = hci_req_run(&req, add_uuid_complete);
1941 if (err != -ENODATA)
1944 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1945 hdev->dev_class, 3);
1949 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1958 hci_dev_unlock(hdev);
1962 static bool enable_service_cache(struct hci_dev *hdev)
1964 if (!hdev_is_powered(hdev))
1967 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
1968 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1976 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1978 BT_DBG("status 0x%02x", status);
1980 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1983 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1986 struct mgmt_cp_remove_uuid *cp = data;
1987 struct mgmt_pending_cmd *cmd;
1988 struct bt_uuid *match, *tmp;
1989 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1990 struct hci_request req;
1993 BT_DBG("request for %s", hdev->name);
1997 if (pending_eir_or_class(hdev)) {
1998 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2003 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2004 hci_uuids_clear(hdev);
2006 if (enable_service_cache(hdev)) {
2007 err = mgmt_cmd_complete(sk, hdev->id,
2008 MGMT_OP_REMOVE_UUID,
2009 0, hdev->dev_class, 3);
2018 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2019 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2022 list_del(&match->list);
2028 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2029 MGMT_STATUS_INVALID_PARAMS);
2034 hci_req_init(&req, hdev);
2036 __hci_req_update_class(&req);
2037 __hci_req_update_eir(&req);
2039 err = hci_req_run(&req, remove_uuid_complete);
2041 if (err != -ENODATA)
2044 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2045 hdev->dev_class, 3);
2049 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2058 hci_dev_unlock(hdev);
2062 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2064 BT_DBG("status 0x%02x", status);
2066 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2069 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2072 struct mgmt_cp_set_dev_class *cp = data;
2073 struct mgmt_pending_cmd *cmd;
2074 struct hci_request req;
2077 BT_DBG("request for %s", hdev->name);
2079 if (!lmp_bredr_capable(hdev))
2080 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2081 MGMT_STATUS_NOT_SUPPORTED);
2085 if (pending_eir_or_class(hdev)) {
2086 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2091 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2092 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2093 MGMT_STATUS_INVALID_PARAMS);
2097 hdev->major_class = cp->major;
2098 hdev->minor_class = cp->minor;
2100 if (!hdev_is_powered(hdev)) {
2101 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2102 hdev->dev_class, 3);
2106 hci_req_init(&req, hdev);
2108 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2109 hci_dev_unlock(hdev);
2110 cancel_delayed_work_sync(&hdev->service_cache);
2112 __hci_req_update_eir(&req);
2115 __hci_req_update_class(&req);
2117 err = hci_req_run(&req, set_class_complete);
2119 if (err != -ENODATA)
2122 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2123 hdev->dev_class, 3);
2127 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2136 hci_dev_unlock(hdev);
2140 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2143 struct mgmt_cp_load_link_keys *cp = data;
2144 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2145 sizeof(struct mgmt_link_key_info));
2146 u16 key_count, expected_len;
2150 BT_DBG("request for %s", hdev->name);
2152 if (!lmp_bredr_capable(hdev))
2153 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2154 MGMT_STATUS_NOT_SUPPORTED);
2156 key_count = __le16_to_cpu(cp->key_count);
2157 if (key_count > max_key_count) {
2158 BT_ERR("load_link_keys: too big key_count value %u",
2160 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2161 MGMT_STATUS_INVALID_PARAMS);
2164 expected_len = sizeof(*cp) + key_count *
2165 sizeof(struct mgmt_link_key_info);
2166 if (expected_len != len) {
2167 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2169 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2170 MGMT_STATUS_INVALID_PARAMS);
2173 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2174 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2175 MGMT_STATUS_INVALID_PARAMS);
2177 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2180 for (i = 0; i < key_count; i++) {
2181 struct mgmt_link_key_info *key = &cp->keys[i];
2183 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2184 return mgmt_cmd_status(sk, hdev->id,
2185 MGMT_OP_LOAD_LINK_KEYS,
2186 MGMT_STATUS_INVALID_PARAMS);
2191 hci_link_keys_clear(hdev);
2194 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2196 changed = hci_dev_test_and_clear_flag(hdev,
2197 HCI_KEEP_DEBUG_KEYS);
2200 new_settings(hdev, NULL);
2202 for (i = 0; i < key_count; i++) {
2203 struct mgmt_link_key_info *key = &cp->keys[i];
2205 /* Always ignore debug keys and require a new pairing if
2206 * the user wants to use them.
2208 if (key->type == HCI_LK_DEBUG_COMBINATION)
2211 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2212 key->type, key->pin_len, NULL);
2215 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2217 hci_dev_unlock(hdev);
2222 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2223 u8 addr_type, struct sock *skip_sk)
2225 struct mgmt_ev_device_unpaired ev;
2227 bacpy(&ev.addr.bdaddr, bdaddr);
2228 ev.addr.type = addr_type;
2230 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2234 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2237 struct mgmt_cp_unpair_device *cp = data;
2238 struct mgmt_rp_unpair_device rp;
2239 struct hci_conn_params *params;
2240 struct mgmt_pending_cmd *cmd;
2241 struct hci_conn *conn;
2245 memset(&rp, 0, sizeof(rp));
2246 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2247 rp.addr.type = cp->addr.type;
2249 if (!bdaddr_type_is_valid(cp->addr.type))
2250 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2251 MGMT_STATUS_INVALID_PARAMS,
2254 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2255 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2256 MGMT_STATUS_INVALID_PARAMS,
2261 if (!hdev_is_powered(hdev)) {
2262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2263 MGMT_STATUS_NOT_POWERED, &rp,
2268 if (cp->addr.type == BDADDR_BREDR) {
2269 /* If disconnection is requested, then look up the
2270 * connection. If the remote device is connected, it
2271 * will be later used to terminate the link.
2273 * Setting it to NULL explicitly will cause no
2274 * termination of the link.
2277 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2282 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2284 err = mgmt_cmd_complete(sk, hdev->id,
2285 MGMT_OP_UNPAIR_DEVICE,
2286 MGMT_STATUS_NOT_PAIRED, &rp,
2294 /* LE address type */
2295 addr_type = le_addr_type(cp->addr.type);
2297 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2299 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2301 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2302 MGMT_STATUS_NOT_PAIRED, &rp,
2307 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2309 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2313 /* Abort any ongoing SMP pairing */
2314 smp_cancel_pairing(conn);
2316 /* Defer clearing up the connection parameters until closing to
2317 * give a chance of keeping them if a repairing happens.
2319 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2321 /* Disable auto-connection parameters if present */
2322 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2324 if (params->explicit_connect)
2325 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2327 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2330 /* If disconnection is not requested, then clear the connection
2331 * variable so that the link is not terminated.
2333 if (!cp->disconnect)
2337 /* If the connection variable is set, then termination of the
2338 * link is requested.
2341 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2343 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2347 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2354 cmd->cmd_complete = addr_cmd_complete;
2356 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2358 mgmt_pending_remove(cmd);
2361 hci_dev_unlock(hdev);
2365 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2368 struct mgmt_cp_disconnect *cp = data;
2369 struct mgmt_rp_disconnect rp;
2370 struct mgmt_pending_cmd *cmd;
2371 struct hci_conn *conn;
2376 memset(&rp, 0, sizeof(rp));
2377 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2378 rp.addr.type = cp->addr.type;
2380 if (!bdaddr_type_is_valid(cp->addr.type))
2381 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2382 MGMT_STATUS_INVALID_PARAMS,
2387 if (!test_bit(HCI_UP, &hdev->flags)) {
2388 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2389 MGMT_STATUS_NOT_POWERED, &rp,
2394 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2395 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2396 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2400 if (cp->addr.type == BDADDR_BREDR)
2401 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2404 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2405 le_addr_type(cp->addr.type));
2407 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2408 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2409 MGMT_STATUS_NOT_CONNECTED, &rp,
2414 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2420 cmd->cmd_complete = generic_cmd_complete;
2422 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2424 mgmt_pending_remove(cmd);
2427 hci_dev_unlock(hdev);
2431 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2433 switch (link_type) {
2435 switch (addr_type) {
2436 case ADDR_LE_DEV_PUBLIC:
2437 return BDADDR_LE_PUBLIC;
2440 /* Fallback to LE Random address type */
2441 return BDADDR_LE_RANDOM;
2445 /* Fallback to BR/EDR type */
2446 return BDADDR_BREDR;
2450 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2453 struct mgmt_rp_get_connections *rp;
2463 if (!hdev_is_powered(hdev)) {
2464 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2465 MGMT_STATUS_NOT_POWERED);
2470 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2471 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2475 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2476 rp = kmalloc(rp_len, GFP_KERNEL);
2483 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2484 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2486 bacpy(&rp->addr[i].bdaddr, &c->dst);
2487 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2488 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2493 rp->conn_count = cpu_to_le16(i);
2495 /* Recalculate length in case of filtered SCO connections, etc */
2496 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2498 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2504 hci_dev_unlock(hdev);
2508 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2509 struct mgmt_cp_pin_code_neg_reply *cp)
2511 struct mgmt_pending_cmd *cmd;
2514 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2519 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2520 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2522 mgmt_pending_remove(cmd);
2527 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2530 struct hci_conn *conn;
2531 struct mgmt_cp_pin_code_reply *cp = data;
2532 struct hci_cp_pin_code_reply reply;
2533 struct mgmt_pending_cmd *cmd;
2540 if (!hdev_is_powered(hdev)) {
2541 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2542 MGMT_STATUS_NOT_POWERED);
2546 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2548 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2549 MGMT_STATUS_NOT_CONNECTED);
2553 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2554 struct mgmt_cp_pin_code_neg_reply ncp;
2556 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2558 BT_ERR("PIN code is not 16 bytes long");
2560 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2562 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2563 MGMT_STATUS_INVALID_PARAMS);
2568 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2574 cmd->cmd_complete = addr_cmd_complete;
2576 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2577 reply.pin_len = cp->pin_len;
2578 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2580 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2582 mgmt_pending_remove(cmd);
2585 hci_dev_unlock(hdev);
2589 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2592 struct mgmt_cp_set_io_capability *cp = data;
2596 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2597 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2598 MGMT_STATUS_INVALID_PARAMS);
2602 hdev->io_capability = cp->io_capability;
2604 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2605 hdev->io_capability);
2607 hci_dev_unlock(hdev);
2609 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2613 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2615 struct hci_dev *hdev = conn->hdev;
2616 struct mgmt_pending_cmd *cmd;
2618 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2619 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2622 if (cmd->user_data != conn)
2631 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2633 struct mgmt_rp_pair_device rp;
2634 struct hci_conn *conn = cmd->user_data;
2637 bacpy(&rp.addr.bdaddr, &conn->dst);
2638 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2640 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2641 status, &rp, sizeof(rp));
2643 /* So we don't get further callbacks for this connection */
2644 conn->connect_cfm_cb = NULL;
2645 conn->security_cfm_cb = NULL;
2646 conn->disconn_cfm_cb = NULL;
2648 hci_conn_drop(conn);
2650 /* The device is paired so there is no need to remove
2651 * its connection parameters anymore.
2653 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2660 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2662 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2663 struct mgmt_pending_cmd *cmd;
2665 cmd = find_pairing(conn);
2667 cmd->cmd_complete(cmd, status);
2668 mgmt_pending_remove(cmd);
2672 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2674 struct mgmt_pending_cmd *cmd;
2676 BT_DBG("status %u", status);
2678 cmd = find_pairing(conn);
2680 BT_DBG("Unable to find a pending command");
2684 cmd->cmd_complete(cmd, mgmt_status(status));
2685 mgmt_pending_remove(cmd);
2688 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2690 struct mgmt_pending_cmd *cmd;
2692 BT_DBG("status %u", status);
2697 cmd = find_pairing(conn);
2699 BT_DBG("Unable to find a pending command");
2703 cmd->cmd_complete(cmd, mgmt_status(status));
2704 mgmt_pending_remove(cmd);
2707 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2710 struct mgmt_cp_pair_device *cp = data;
2711 struct mgmt_rp_pair_device rp;
2712 struct mgmt_pending_cmd *cmd;
2713 u8 sec_level, auth_type;
2714 struct hci_conn *conn;
2719 memset(&rp, 0, sizeof(rp));
2720 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2721 rp.addr.type = cp->addr.type;
2723 if (!bdaddr_type_is_valid(cp->addr.type))
2724 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2725 MGMT_STATUS_INVALID_PARAMS,
2728 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2729 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2730 MGMT_STATUS_INVALID_PARAMS,
2735 if (!hdev_is_powered(hdev)) {
2736 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2737 MGMT_STATUS_NOT_POWERED, &rp,
2742 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2743 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2744 MGMT_STATUS_ALREADY_PAIRED, &rp,
2749 sec_level = BT_SECURITY_MEDIUM;
2750 auth_type = HCI_AT_DEDICATED_BONDING;
2752 if (cp->addr.type == BDADDR_BREDR) {
2753 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2756 u8 addr_type = le_addr_type(cp->addr.type);
2757 struct hci_conn_params *p;
2759 /* When pairing a new device, it is expected to remember
2760 * this device for future connections. Adding the connection
2761 * parameter information ahead of time allows tracking
2762 * of the slave preferred values and will speed up any
2763 * further connection establishment.
2765 * If connection parameters already exist, then they
2766 * will be kept and this function does nothing.
2768 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2770 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2771 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2773 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2774 addr_type, sec_level,
2775 HCI_LE_CONN_TIMEOUT);
2781 if (PTR_ERR(conn) == -EBUSY)
2782 status = MGMT_STATUS_BUSY;
2783 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2784 status = MGMT_STATUS_NOT_SUPPORTED;
2785 else if (PTR_ERR(conn) == -ECONNREFUSED)
2786 status = MGMT_STATUS_REJECTED;
2788 status = MGMT_STATUS_CONNECT_FAILED;
2790 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2791 status, &rp, sizeof(rp));
2795 if (conn->connect_cfm_cb) {
2796 hci_conn_drop(conn);
2797 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2798 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2802 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2805 hci_conn_drop(conn);
2809 cmd->cmd_complete = pairing_complete;
2811 /* For LE, just connecting isn't a proof that the pairing finished */
2812 if (cp->addr.type == BDADDR_BREDR) {
2813 conn->connect_cfm_cb = pairing_complete_cb;
2814 conn->security_cfm_cb = pairing_complete_cb;
2815 conn->disconn_cfm_cb = pairing_complete_cb;
2817 conn->connect_cfm_cb = le_pairing_complete_cb;
2818 conn->security_cfm_cb = le_pairing_complete_cb;
2819 conn->disconn_cfm_cb = le_pairing_complete_cb;
2822 conn->io_capability = cp->io_cap;
2823 cmd->user_data = hci_conn_get(conn);
2825 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2826 hci_conn_security(conn, sec_level, auth_type, true)) {
2827 cmd->cmd_complete(cmd, 0);
2828 mgmt_pending_remove(cmd);
2834 hci_dev_unlock(hdev);
2838 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2841 struct mgmt_addr_info *addr = data;
2842 struct mgmt_pending_cmd *cmd;
2843 struct hci_conn *conn;
2850 if (!hdev_is_powered(hdev)) {
2851 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2852 MGMT_STATUS_NOT_POWERED);
2856 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2858 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2859 MGMT_STATUS_INVALID_PARAMS);
2863 conn = cmd->user_data;
2865 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2866 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2867 MGMT_STATUS_INVALID_PARAMS);
2871 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
2872 mgmt_pending_remove(cmd);
2874 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2875 addr, sizeof(*addr));
2877 hci_dev_unlock(hdev);
2881 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2882 struct mgmt_addr_info *addr, u16 mgmt_op,
2883 u16 hci_op, __le32 passkey)
2885 struct mgmt_pending_cmd *cmd;
2886 struct hci_conn *conn;
2891 if (!hdev_is_powered(hdev)) {
2892 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2893 MGMT_STATUS_NOT_POWERED, addr,
2898 if (addr->type == BDADDR_BREDR)
2899 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2901 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
2902 le_addr_type(addr->type));
2905 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2906 MGMT_STATUS_NOT_CONNECTED, addr,
2911 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2912 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2914 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2915 MGMT_STATUS_SUCCESS, addr,
2918 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2919 MGMT_STATUS_FAILED, addr,
2925 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2931 cmd->cmd_complete = addr_cmd_complete;
2933 /* Continue with pairing via HCI */
2934 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2935 struct hci_cp_user_passkey_reply cp;
2937 bacpy(&cp.bdaddr, &addr->bdaddr);
2938 cp.passkey = passkey;
2939 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2941 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2945 mgmt_pending_remove(cmd);
2948 hci_dev_unlock(hdev);
2952 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2953 void *data, u16 len)
2955 struct mgmt_cp_pin_code_neg_reply *cp = data;
2959 return user_pairing_resp(sk, hdev, &cp->addr,
2960 MGMT_OP_PIN_CODE_NEG_REPLY,
2961 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2964 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2967 struct mgmt_cp_user_confirm_reply *cp = data;
2971 if (len != sizeof(*cp))
2972 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2973 MGMT_STATUS_INVALID_PARAMS);
2975 return user_pairing_resp(sk, hdev, &cp->addr,
2976 MGMT_OP_USER_CONFIRM_REPLY,
2977 HCI_OP_USER_CONFIRM_REPLY, 0);
2980 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2981 void *data, u16 len)
2983 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2987 return user_pairing_resp(sk, hdev, &cp->addr,
2988 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2989 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2992 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2995 struct mgmt_cp_user_passkey_reply *cp = data;
2999 return user_pairing_resp(sk, hdev, &cp->addr,
3000 MGMT_OP_USER_PASSKEY_REPLY,
3001 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3004 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3005 void *data, u16 len)
3007 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3011 return user_pairing_resp(sk, hdev, &cp->addr,
3012 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3013 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3016 static void adv_expire(struct hci_dev *hdev, u32 flags)
3018 struct adv_info *adv_instance;
3019 struct hci_request req;
3022 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3026 /* stop if current instance doesn't need to be changed */
3027 if (!(adv_instance->flags & flags))
3030 cancel_adv_timeout(hdev);
3032 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3036 hci_req_init(&req, hdev);
3037 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3042 hci_req_run(&req, NULL);
3045 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3047 struct mgmt_cp_set_local_name *cp;
3048 struct mgmt_pending_cmd *cmd;
3050 BT_DBG("status 0x%02x", status);
3054 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3061 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3062 mgmt_status(status));
3064 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3067 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3068 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3071 mgmt_pending_remove(cmd);
3074 hci_dev_unlock(hdev);
3077 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3080 struct mgmt_cp_set_local_name *cp = data;
3081 struct mgmt_pending_cmd *cmd;
3082 struct hci_request req;
3089 /* If the old values are the same as the new ones just return a
3090 * direct command complete event.
3092 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3093 !memcmp(hdev->short_name, cp->short_name,
3094 sizeof(hdev->short_name))) {
3095 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3100 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3102 if (!hdev_is_powered(hdev)) {
3103 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3105 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3110 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3111 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3112 ext_info_changed(hdev, sk);
3117 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3123 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3125 hci_req_init(&req, hdev);
3127 if (lmp_bredr_capable(hdev)) {
3128 __hci_req_update_name(&req);
3129 __hci_req_update_eir(&req);
3132 /* The name is stored in the scan response data and so
3133 * no need to udpate the advertising data here.
3135 if (lmp_le_capable(hdev))
3136 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3138 err = hci_req_run(&req, set_name_complete);
3140 mgmt_pending_remove(cmd);
3143 hci_dev_unlock(hdev);
3147 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3150 struct mgmt_cp_set_appearance *cp = data;
3156 apperance = le16_to_cpu(cp->appearance);
3160 if (hdev->appearance != apperance) {
3161 hdev->appearance = apperance;
3163 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3164 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3167 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3170 hci_dev_unlock(hdev);
3175 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3176 u16 opcode, struct sk_buff *skb)
3178 struct mgmt_rp_read_local_oob_data mgmt_rp;
3179 size_t rp_size = sizeof(mgmt_rp);
3180 struct mgmt_pending_cmd *cmd;
3182 BT_DBG("%s status %u", hdev->name, status);
3184 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3188 if (status || !skb) {
3189 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3190 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3194 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3196 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3197 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3199 if (skb->len < sizeof(*rp)) {
3200 mgmt_cmd_status(cmd->sk, hdev->id,
3201 MGMT_OP_READ_LOCAL_OOB_DATA,
3202 MGMT_STATUS_FAILED);
3206 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3207 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3209 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3211 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3213 if (skb->len < sizeof(*rp)) {
3214 mgmt_cmd_status(cmd->sk, hdev->id,
3215 MGMT_OP_READ_LOCAL_OOB_DATA,
3216 MGMT_STATUS_FAILED);
3220 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3221 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3223 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3224 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3227 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3228 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3231 mgmt_pending_remove(cmd);
3234 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3235 void *data, u16 data_len)
3237 struct mgmt_pending_cmd *cmd;
3238 struct hci_request req;
3241 BT_DBG("%s", hdev->name);
3245 if (!hdev_is_powered(hdev)) {
3246 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3247 MGMT_STATUS_NOT_POWERED);
3251 if (!lmp_ssp_capable(hdev)) {
3252 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3253 MGMT_STATUS_NOT_SUPPORTED);
3257 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3258 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3263 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3269 hci_req_init(&req, hdev);
3271 if (bredr_sc_enabled(hdev))
3272 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3274 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3276 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3278 mgmt_pending_remove(cmd);
3281 hci_dev_unlock(hdev);
3285 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3286 void *data, u16 len)
3288 struct mgmt_addr_info *addr = data;
3291 BT_DBG("%s ", hdev->name);
3293 if (!bdaddr_type_is_valid(addr->type))
3294 return mgmt_cmd_complete(sk, hdev->id,
3295 MGMT_OP_ADD_REMOTE_OOB_DATA,
3296 MGMT_STATUS_INVALID_PARAMS,
3297 addr, sizeof(*addr));
3301 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3302 struct mgmt_cp_add_remote_oob_data *cp = data;
3305 if (cp->addr.type != BDADDR_BREDR) {
3306 err = mgmt_cmd_complete(sk, hdev->id,
3307 MGMT_OP_ADD_REMOTE_OOB_DATA,
3308 MGMT_STATUS_INVALID_PARAMS,
3309 &cp->addr, sizeof(cp->addr));
3313 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3314 cp->addr.type, cp->hash,
3315 cp->rand, NULL, NULL);
3317 status = MGMT_STATUS_FAILED;
3319 status = MGMT_STATUS_SUCCESS;
3321 err = mgmt_cmd_complete(sk, hdev->id,
3322 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3323 &cp->addr, sizeof(cp->addr));
3324 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3325 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3326 u8 *rand192, *hash192, *rand256, *hash256;
3329 if (bdaddr_type_is_le(cp->addr.type)) {
3330 /* Enforce zero-valued 192-bit parameters as
3331 * long as legacy SMP OOB isn't implemented.
3333 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3334 memcmp(cp->hash192, ZERO_KEY, 16)) {
3335 err = mgmt_cmd_complete(sk, hdev->id,
3336 MGMT_OP_ADD_REMOTE_OOB_DATA,
3337 MGMT_STATUS_INVALID_PARAMS,
3338 addr, sizeof(*addr));
3345 /* In case one of the P-192 values is set to zero,
3346 * then just disable OOB data for P-192.
3348 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3349 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3353 rand192 = cp->rand192;
3354 hash192 = cp->hash192;
3358 /* In case one of the P-256 values is set to zero, then just
3359 * disable OOB data for P-256.
3361 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3362 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3366 rand256 = cp->rand256;
3367 hash256 = cp->hash256;
3370 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3371 cp->addr.type, hash192, rand192,
3374 status = MGMT_STATUS_FAILED;
3376 status = MGMT_STATUS_SUCCESS;
3378 err = mgmt_cmd_complete(sk, hdev->id,
3379 MGMT_OP_ADD_REMOTE_OOB_DATA,
3380 status, &cp->addr, sizeof(cp->addr));
3382 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3383 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3384 MGMT_STATUS_INVALID_PARAMS);
3388 hci_dev_unlock(hdev);
3392 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3393 void *data, u16 len)
3395 struct mgmt_cp_remove_remote_oob_data *cp = data;
3399 BT_DBG("%s", hdev->name);
3401 if (cp->addr.type != BDADDR_BREDR)
3402 return mgmt_cmd_complete(sk, hdev->id,
3403 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3404 MGMT_STATUS_INVALID_PARAMS,
3405 &cp->addr, sizeof(cp->addr));
3409 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3410 hci_remote_oob_data_clear(hdev);
3411 status = MGMT_STATUS_SUCCESS;
3415 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3417 status = MGMT_STATUS_INVALID_PARAMS;
3419 status = MGMT_STATUS_SUCCESS;
3422 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3423 status, &cp->addr, sizeof(cp->addr));
3425 hci_dev_unlock(hdev);
3429 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3431 struct mgmt_pending_cmd *cmd;
3433 BT_DBG("status %d", status);
3437 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3439 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3442 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3445 cmd->cmd_complete(cmd, mgmt_status(status));
3446 mgmt_pending_remove(cmd);
3449 hci_dev_unlock(hdev);
3452 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3453 uint8_t *mgmt_status)
3456 case DISCOV_TYPE_LE:
3457 *mgmt_status = mgmt_le_support(hdev);
3461 case DISCOV_TYPE_INTERLEAVED:
3462 *mgmt_status = mgmt_le_support(hdev);
3465 /* Intentional fall-through */
3466 case DISCOV_TYPE_BREDR:
3467 *mgmt_status = mgmt_bredr_support(hdev);
3472 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3479 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3480 u16 op, void *data, u16 len)
3482 struct mgmt_cp_start_discovery *cp = data;
3483 struct mgmt_pending_cmd *cmd;
3487 BT_DBG("%s", hdev->name);
3491 if (!hdev_is_powered(hdev)) {
3492 err = mgmt_cmd_complete(sk, hdev->id, op,
3493 MGMT_STATUS_NOT_POWERED,
3494 &cp->type, sizeof(cp->type));
3498 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3499 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3500 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3501 &cp->type, sizeof(cp->type));
3505 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3506 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3507 &cp->type, sizeof(cp->type));
3511 /* Clear the discovery filter first to free any previously
3512 * allocated memory for the UUID list.
3514 hci_discovery_filter_clear(hdev);
3516 hdev->discovery.type = cp->type;
3517 hdev->discovery.report_invalid_rssi = false;
3518 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3519 hdev->discovery.limited = true;
3521 hdev->discovery.limited = false;
3523 cmd = mgmt_pending_add(sk, op, hdev, data, len);
3529 cmd->cmd_complete = generic_cmd_complete;
3531 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3532 queue_work(hdev->req_workqueue, &hdev->discov_update);
3536 hci_dev_unlock(hdev);
3540 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3541 void *data, u16 len)
3543 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3547 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3548 void *data, u16 len)
3550 return start_discovery_internal(sk, hdev,
3551 MGMT_OP_START_LIMITED_DISCOVERY,
3555 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3558 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3562 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3563 void *data, u16 len)
3565 struct mgmt_cp_start_service_discovery *cp = data;
3566 struct mgmt_pending_cmd *cmd;
3567 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3568 u16 uuid_count, expected_len;
3572 BT_DBG("%s", hdev->name);
3576 if (!hdev_is_powered(hdev)) {
3577 err = mgmt_cmd_complete(sk, hdev->id,
3578 MGMT_OP_START_SERVICE_DISCOVERY,
3579 MGMT_STATUS_NOT_POWERED,
3580 &cp->type, sizeof(cp->type));
3584 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3585 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3586 err = mgmt_cmd_complete(sk, hdev->id,
3587 MGMT_OP_START_SERVICE_DISCOVERY,
3588 MGMT_STATUS_BUSY, &cp->type,
3593 uuid_count = __le16_to_cpu(cp->uuid_count);
3594 if (uuid_count > max_uuid_count) {
3595 BT_ERR("service_discovery: too big uuid_count value %u",
3597 err = mgmt_cmd_complete(sk, hdev->id,
3598 MGMT_OP_START_SERVICE_DISCOVERY,
3599 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3604 expected_len = sizeof(*cp) + uuid_count * 16;
3605 if (expected_len != len) {
3606 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3608 err = mgmt_cmd_complete(sk, hdev->id,
3609 MGMT_OP_START_SERVICE_DISCOVERY,
3610 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3615 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3616 err = mgmt_cmd_complete(sk, hdev->id,
3617 MGMT_OP_START_SERVICE_DISCOVERY,
3618 status, &cp->type, sizeof(cp->type));
3622 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3629 cmd->cmd_complete = service_discovery_cmd_complete;
3631 /* Clear the discovery filter first to free any previously
3632 * allocated memory for the UUID list.
3634 hci_discovery_filter_clear(hdev);
3636 hdev->discovery.result_filtering = true;
3637 hdev->discovery.type = cp->type;
3638 hdev->discovery.rssi = cp->rssi;
3639 hdev->discovery.uuid_count = uuid_count;
3641 if (uuid_count > 0) {
3642 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3644 if (!hdev->discovery.uuids) {
3645 err = mgmt_cmd_complete(sk, hdev->id,
3646 MGMT_OP_START_SERVICE_DISCOVERY,
3648 &cp->type, sizeof(cp->type));
3649 mgmt_pending_remove(cmd);
3654 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3655 queue_work(hdev->req_workqueue, &hdev->discov_update);
3659 hci_dev_unlock(hdev);
3663 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
3665 struct mgmt_pending_cmd *cmd;
3667 BT_DBG("status %d", status);
3671 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3673 cmd->cmd_complete(cmd, mgmt_status(status));
3674 mgmt_pending_remove(cmd);
3677 hci_dev_unlock(hdev);
3680 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3683 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3684 struct mgmt_pending_cmd *cmd;
3687 BT_DBG("%s", hdev->name);
3691 if (!hci_discovery_active(hdev)) {
3692 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3693 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3694 sizeof(mgmt_cp->type));
3698 if (hdev->discovery.type != mgmt_cp->type) {
3699 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3700 MGMT_STATUS_INVALID_PARAMS,
3701 &mgmt_cp->type, sizeof(mgmt_cp->type));
3705 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
3711 cmd->cmd_complete = generic_cmd_complete;
3713 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3714 queue_work(hdev->req_workqueue, &hdev->discov_update);
3718 hci_dev_unlock(hdev);
3722 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3725 struct mgmt_cp_confirm_name *cp = data;
3726 struct inquiry_entry *e;
3729 BT_DBG("%s", hdev->name);
3733 if (!hci_discovery_active(hdev)) {
3734 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3735 MGMT_STATUS_FAILED, &cp->addr,
3740 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3742 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3743 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3748 if (cp->name_known) {
3749 e->name_state = NAME_KNOWN;
3752 e->name_state = NAME_NEEDED;
3753 hci_inquiry_cache_update_resolve(hdev, e);
3756 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3757 &cp->addr, sizeof(cp->addr));
3760 hci_dev_unlock(hdev);
3764 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3767 struct mgmt_cp_block_device *cp = data;
3771 BT_DBG("%s", hdev->name);
3773 if (!bdaddr_type_is_valid(cp->addr.type))
3774 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3775 MGMT_STATUS_INVALID_PARAMS,
3776 &cp->addr, sizeof(cp->addr));
3780 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3783 status = MGMT_STATUS_FAILED;
3787 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3789 status = MGMT_STATUS_SUCCESS;
3792 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3793 &cp->addr, sizeof(cp->addr));
3795 hci_dev_unlock(hdev);
3800 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3803 struct mgmt_cp_unblock_device *cp = data;
3807 BT_DBG("%s", hdev->name);
3809 if (!bdaddr_type_is_valid(cp->addr.type))
3810 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3811 MGMT_STATUS_INVALID_PARAMS,
3812 &cp->addr, sizeof(cp->addr));
3816 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3819 status = MGMT_STATUS_INVALID_PARAMS;
3823 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3825 status = MGMT_STATUS_SUCCESS;
3828 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3829 &cp->addr, sizeof(cp->addr));
3831 hci_dev_unlock(hdev);
3836 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3839 struct mgmt_cp_set_device_id *cp = data;
3840 struct hci_request req;
3844 BT_DBG("%s", hdev->name);
3846 source = __le16_to_cpu(cp->source);
3848 if (source > 0x0002)
3849 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3850 MGMT_STATUS_INVALID_PARAMS);
3854 hdev->devid_source = source;
3855 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3856 hdev->devid_product = __le16_to_cpu(cp->product);
3857 hdev->devid_version = __le16_to_cpu(cp->version);
3859 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3862 hci_req_init(&req, hdev);
3863 __hci_req_update_eir(&req);
3864 hci_req_run(&req, NULL);
3866 hci_dev_unlock(hdev);
3871 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3874 BT_DBG("status %d", status);
3877 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3880 struct cmd_lookup match = { NULL, hdev };
3881 struct hci_request req;
3883 struct adv_info *adv_instance;
3889 u8 mgmt_err = mgmt_status(status);
3891 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3892 cmd_status_rsp, &mgmt_err);
3896 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3897 hci_dev_set_flag(hdev, HCI_ADVERTISING);
3899 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
3901 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3904 new_settings(hdev, match.sk);
3909 /* If "Set Advertising" was just disabled and instance advertising was
3910 * set up earlier, then re-enable multi-instance advertising.
3912 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
3913 list_empty(&hdev->adv_instances))
3916 instance = hdev->cur_adv_instance;
3918 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3919 struct adv_info, list);
3923 instance = adv_instance->instance;
3926 hci_req_init(&req, hdev);
3928 err = __hci_req_schedule_adv_instance(&req, instance, true);
3931 err = hci_req_run(&req, enable_advertising_instance);
3934 BT_ERR("Failed to re-configure advertising");
3937 hci_dev_unlock(hdev);
3940 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3943 struct mgmt_mode *cp = data;
3944 struct mgmt_pending_cmd *cmd;
3945 struct hci_request req;
3949 BT_DBG("request for %s", hdev->name);
3951 status = mgmt_le_support(hdev);
3953 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3956 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
3957 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3958 MGMT_STATUS_INVALID_PARAMS);
3964 /* The following conditions are ones which mean that we should
3965 * not do any HCI communication but directly send a mgmt
3966 * response to user space (after toggling the flag if
3969 if (!hdev_is_powered(hdev) ||
3970 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
3971 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
3972 hci_conn_num(hdev, LE_LINK) > 0 ||
3973 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
3974 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
3978 hdev->cur_adv_instance = 0x00;
3979 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
3980 if (cp->val == 0x02)
3981 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3983 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3985 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
3986 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3989 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3994 err = new_settings(hdev, sk);
3999 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4000 pending_find(MGMT_OP_SET_LE, hdev)) {
4001 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4006 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4012 hci_req_init(&req, hdev);
4014 if (cp->val == 0x02)
4015 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4017 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4019 cancel_adv_timeout(hdev);
4022 /* Switch to instance "0" for the Set Advertising setting.
4023 * We cannot use update_[adv|scan_rsp]_data() here as the
4024 * HCI_ADVERTISING flag is not yet set.
4026 hdev->cur_adv_instance = 0x00;
4027 __hci_req_update_adv_data(&req, 0x00);
4028 __hci_req_update_scan_rsp_data(&req, 0x00);
4029 __hci_req_enable_advertising(&req);
4031 __hci_req_disable_advertising(&req);
4034 err = hci_req_run(&req, set_advertising_complete);
4036 mgmt_pending_remove(cmd);
4039 hci_dev_unlock(hdev);
4043 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4044 void *data, u16 len)
4046 struct mgmt_cp_set_static_address *cp = data;
4049 BT_DBG("%s", hdev->name);
4051 if (!lmp_le_capable(hdev))
4052 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4053 MGMT_STATUS_NOT_SUPPORTED);
4055 if (hdev_is_powered(hdev))
4056 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4057 MGMT_STATUS_REJECTED);
4059 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4060 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4061 return mgmt_cmd_status(sk, hdev->id,
4062 MGMT_OP_SET_STATIC_ADDRESS,
4063 MGMT_STATUS_INVALID_PARAMS);
4065 /* Two most significant bits shall be set */
4066 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4067 return mgmt_cmd_status(sk, hdev->id,
4068 MGMT_OP_SET_STATIC_ADDRESS,
4069 MGMT_STATUS_INVALID_PARAMS);
4074 bacpy(&hdev->static_addr, &cp->bdaddr);
4076 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4080 err = new_settings(hdev, sk);
4083 hci_dev_unlock(hdev);
4087 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4088 void *data, u16 len)
4090 struct mgmt_cp_set_scan_params *cp = data;
4091 __u16 interval, window;
4094 BT_DBG("%s", hdev->name);
4096 if (!lmp_le_capable(hdev))
4097 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4098 MGMT_STATUS_NOT_SUPPORTED);
4100 interval = __le16_to_cpu(cp->interval);
4102 if (interval < 0x0004 || interval > 0x4000)
4103 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4104 MGMT_STATUS_INVALID_PARAMS);
4106 window = __le16_to_cpu(cp->window);
4108 if (window < 0x0004 || window > 0x4000)
4109 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4110 MGMT_STATUS_INVALID_PARAMS);
4112 if (window > interval)
4113 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4114 MGMT_STATUS_INVALID_PARAMS);
4118 hdev->le_scan_interval = interval;
4119 hdev->le_scan_window = window;
4121 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4124 /* If background scan is running, restart it so new parameters are
4127 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4128 hdev->discovery.state == DISCOVERY_STOPPED) {
4129 struct hci_request req;
4131 hci_req_init(&req, hdev);
4133 hci_req_add_le_scan_disable(&req);
4134 hci_req_add_le_passive_scan(&req);
4136 hci_req_run(&req, NULL);
4139 hci_dev_unlock(hdev);
4144 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4147 struct mgmt_pending_cmd *cmd;
4149 BT_DBG("status 0x%02x", status);
4153 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4158 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4159 mgmt_status(status));
4161 struct mgmt_mode *cp = cmd->param;
4164 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4166 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4168 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4169 new_settings(hdev, cmd->sk);
4172 mgmt_pending_remove(cmd);
4175 hci_dev_unlock(hdev);
4178 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4179 void *data, u16 len)
4181 struct mgmt_mode *cp = data;
4182 struct mgmt_pending_cmd *cmd;
4183 struct hci_request req;
4186 BT_DBG("%s", hdev->name);
4188 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4189 hdev->hci_ver < BLUETOOTH_VER_1_2)
4190 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4191 MGMT_STATUS_NOT_SUPPORTED);
4193 if (cp->val != 0x00 && cp->val != 0x01)
4194 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4195 MGMT_STATUS_INVALID_PARAMS);
4199 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4200 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4205 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4206 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4211 if (!hdev_is_powered(hdev)) {
4212 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4213 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4215 new_settings(hdev, sk);
4219 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4226 hci_req_init(&req, hdev);
4228 __hci_req_write_fast_connectable(&req, cp->val);
4230 err = hci_req_run(&req, fast_connectable_complete);
4232 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4233 MGMT_STATUS_FAILED);
4234 mgmt_pending_remove(cmd);
4238 hci_dev_unlock(hdev);
4243 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4245 struct mgmt_pending_cmd *cmd;
4247 BT_DBG("status 0x%02x", status);
4251 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4256 u8 mgmt_err = mgmt_status(status);
4258 /* We need to restore the flag if related HCI commands
4261 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4263 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4265 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4266 new_settings(hdev, cmd->sk);
4269 mgmt_pending_remove(cmd);
4272 hci_dev_unlock(hdev);
4275 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4277 struct mgmt_mode *cp = data;
4278 struct mgmt_pending_cmd *cmd;
4279 struct hci_request req;
4282 BT_DBG("request for %s", hdev->name);
4284 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4285 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4286 MGMT_STATUS_NOT_SUPPORTED);
4288 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4289 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4290 MGMT_STATUS_REJECTED);
4292 if (cp->val != 0x00 && cp->val != 0x01)
4293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4294 MGMT_STATUS_INVALID_PARAMS);
4298 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4299 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4303 if (!hdev_is_powered(hdev)) {
4305 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4306 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4307 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4308 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4309 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4312 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4314 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4318 err = new_settings(hdev, sk);
4322 /* Reject disabling when powered on */
4324 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4325 MGMT_STATUS_REJECTED);
4328 /* When configuring a dual-mode controller to operate
4329 * with LE only and using a static address, then switching
4330 * BR/EDR back on is not allowed.
4332 * Dual-mode controllers shall operate with the public
4333 * address as its identity address for BR/EDR and LE. So
4334 * reject the attempt to create an invalid configuration.
4336 * The same restrictions applies when secure connections
4337 * has been enabled. For BR/EDR this is a controller feature
4338 * while for LE it is a host stack feature. This means that
4339 * switching BR/EDR back on when secure connections has been
4340 * enabled is not a supported transaction.
4342 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4343 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4344 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4345 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4346 MGMT_STATUS_REJECTED);
4351 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4352 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4357 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4363 /* We need to flip the bit already here so that
4364 * hci_req_update_adv_data generates the correct flags.
4366 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4368 hci_req_init(&req, hdev);
4370 __hci_req_write_fast_connectable(&req, false);
4371 __hci_req_update_scan(&req);
4373 /* Since only the advertising data flags will change, there
4374 * is no need to update the scan response data.
4376 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4378 err = hci_req_run(&req, set_bredr_complete);
4380 mgmt_pending_remove(cmd);
4383 hci_dev_unlock(hdev);
4387 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4389 struct mgmt_pending_cmd *cmd;
4390 struct mgmt_mode *cp;
4392 BT_DBG("%s status %u", hdev->name, status);
4396 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4401 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4402 mgmt_status(status));
4410 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4411 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4414 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4415 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4418 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4419 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4423 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4424 new_settings(hdev, cmd->sk);
4427 mgmt_pending_remove(cmd);
4429 hci_dev_unlock(hdev);
4432 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4433 void *data, u16 len)
4435 struct mgmt_mode *cp = data;
4436 struct mgmt_pending_cmd *cmd;
4437 struct hci_request req;
4441 BT_DBG("request for %s", hdev->name);
4443 if (!lmp_sc_capable(hdev) &&
4444 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4445 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4446 MGMT_STATUS_NOT_SUPPORTED);
4448 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4449 lmp_sc_capable(hdev) &&
4450 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4451 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4452 MGMT_STATUS_REJECTED);
4454 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4455 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4456 MGMT_STATUS_INVALID_PARAMS);
4460 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4461 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4465 changed = !hci_dev_test_and_set_flag(hdev,
4467 if (cp->val == 0x02)
4468 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4470 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4472 changed = hci_dev_test_and_clear_flag(hdev,
4474 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4477 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4482 err = new_settings(hdev, sk);
4487 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4488 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4495 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4496 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4497 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4501 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4507 hci_req_init(&req, hdev);
4508 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4509 err = hci_req_run(&req, sc_enable_complete);
4511 mgmt_pending_remove(cmd);
4516 hci_dev_unlock(hdev);
4520 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4521 void *data, u16 len)
4523 struct mgmt_mode *cp = data;
4524 bool changed, use_changed;
4527 BT_DBG("request for %s", hdev->name);
4529 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4530 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4531 MGMT_STATUS_INVALID_PARAMS);
4536 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4538 changed = hci_dev_test_and_clear_flag(hdev,
4539 HCI_KEEP_DEBUG_KEYS);
4541 if (cp->val == 0x02)
4542 use_changed = !hci_dev_test_and_set_flag(hdev,
4543 HCI_USE_DEBUG_KEYS);
4545 use_changed = hci_dev_test_and_clear_flag(hdev,
4546 HCI_USE_DEBUG_KEYS);
4548 if (hdev_is_powered(hdev) && use_changed &&
4549 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
4550 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4551 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4552 sizeof(mode), &mode);
4555 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4560 err = new_settings(hdev, sk);
4563 hci_dev_unlock(hdev);
4567 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4570 struct mgmt_cp_set_privacy *cp = cp_data;
4574 BT_DBG("request for %s", hdev->name);
4576 if (!lmp_le_capable(hdev))
4577 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4578 MGMT_STATUS_NOT_SUPPORTED);
4580 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
4581 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4582 MGMT_STATUS_INVALID_PARAMS);
4584 if (hdev_is_powered(hdev))
4585 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4586 MGMT_STATUS_REJECTED);
4590 /* If user space supports this command it is also expected to
4591 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4593 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4596 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
4597 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4598 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
4599 if (cp->privacy == 0x02)
4600 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4602 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4604 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
4605 memset(hdev->irk, 0, sizeof(hdev->irk));
4606 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
4607 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4610 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4615 err = new_settings(hdev, sk);
4618 hci_dev_unlock(hdev);
4622 static bool irk_is_valid(struct mgmt_irk_info *irk)
4624 switch (irk->addr.type) {
4625 case BDADDR_LE_PUBLIC:
4628 case BDADDR_LE_RANDOM:
4629 /* Two most significant bits shall be set */
4630 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4638 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4641 struct mgmt_cp_load_irks *cp = cp_data;
4642 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4643 sizeof(struct mgmt_irk_info));
4644 u16 irk_count, expected_len;
4647 BT_DBG("request for %s", hdev->name);
4649 if (!lmp_le_capable(hdev))
4650 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4651 MGMT_STATUS_NOT_SUPPORTED);
4653 irk_count = __le16_to_cpu(cp->irk_count);
4654 if (irk_count > max_irk_count) {
4655 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4656 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4657 MGMT_STATUS_INVALID_PARAMS);
4660 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4661 if (expected_len != len) {
4662 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4664 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4665 MGMT_STATUS_INVALID_PARAMS);
4668 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4670 for (i = 0; i < irk_count; i++) {
4671 struct mgmt_irk_info *key = &cp->irks[i];
4673 if (!irk_is_valid(key))
4674 return mgmt_cmd_status(sk, hdev->id,
4676 MGMT_STATUS_INVALID_PARAMS);
4681 hci_smp_irks_clear(hdev);
4683 for (i = 0; i < irk_count; i++) {
4684 struct mgmt_irk_info *irk = &cp->irks[i];
4686 hci_add_irk(hdev, &irk->addr.bdaddr,
4687 le_addr_type(irk->addr.type), irk->val,
4691 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4693 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4695 hci_dev_unlock(hdev);
4700 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4702 if (key->master != 0x00 && key->master != 0x01)
4705 switch (key->addr.type) {
4706 case BDADDR_LE_PUBLIC:
4709 case BDADDR_LE_RANDOM:
4710 /* Two most significant bits shall be set */
4711 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4719 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4720 void *cp_data, u16 len)
4722 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4723 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4724 sizeof(struct mgmt_ltk_info));
4725 u16 key_count, expected_len;
4728 BT_DBG("request for %s", hdev->name);
4730 if (!lmp_le_capable(hdev))
4731 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4732 MGMT_STATUS_NOT_SUPPORTED);
4734 key_count = __le16_to_cpu(cp->key_count);
4735 if (key_count > max_key_count) {
4736 BT_ERR("load_ltks: too big key_count value %u", key_count);
4737 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4738 MGMT_STATUS_INVALID_PARAMS);
4741 expected_len = sizeof(*cp) + key_count *
4742 sizeof(struct mgmt_ltk_info);
4743 if (expected_len != len) {
4744 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4746 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4747 MGMT_STATUS_INVALID_PARAMS);
4750 BT_DBG("%s key_count %u", hdev->name, key_count);
4752 for (i = 0; i < key_count; i++) {
4753 struct mgmt_ltk_info *key = &cp->keys[i];
4755 if (!ltk_is_valid(key))
4756 return mgmt_cmd_status(sk, hdev->id,
4757 MGMT_OP_LOAD_LONG_TERM_KEYS,
4758 MGMT_STATUS_INVALID_PARAMS);
4763 hci_smp_ltks_clear(hdev);
4765 for (i = 0; i < key_count; i++) {
4766 struct mgmt_ltk_info *key = &cp->keys[i];
4767 u8 type, authenticated;
4769 switch (key->type) {
4770 case MGMT_LTK_UNAUTHENTICATED:
4771 authenticated = 0x00;
4772 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4774 case MGMT_LTK_AUTHENTICATED:
4775 authenticated = 0x01;
4776 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4778 case MGMT_LTK_P256_UNAUTH:
4779 authenticated = 0x00;
4780 type = SMP_LTK_P256;
4782 case MGMT_LTK_P256_AUTH:
4783 authenticated = 0x01;
4784 type = SMP_LTK_P256;
4786 case MGMT_LTK_P256_DEBUG:
4787 authenticated = 0x00;
4788 type = SMP_LTK_P256_DEBUG;
4793 hci_add_ltk(hdev, &key->addr.bdaddr,
4794 le_addr_type(key->addr.type), type, authenticated,
4795 key->val, key->enc_size, key->ediv, key->rand);
4798 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4801 hci_dev_unlock(hdev);
4806 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
4808 struct hci_conn *conn = cmd->user_data;
4809 struct mgmt_rp_get_conn_info rp;
4812 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
4814 if (status == MGMT_STATUS_SUCCESS) {
4815 rp.rssi = conn->rssi;
4816 rp.tx_power = conn->tx_power;
4817 rp.max_tx_power = conn->max_tx_power;
4819 rp.rssi = HCI_RSSI_INVALID;
4820 rp.tx_power = HCI_TX_POWER_INVALID;
4821 rp.max_tx_power = HCI_TX_POWER_INVALID;
4824 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4825 status, &rp, sizeof(rp));
4827 hci_conn_drop(conn);
4833 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4836 struct hci_cp_read_rssi *cp;
4837 struct mgmt_pending_cmd *cmd;
4838 struct hci_conn *conn;
4842 BT_DBG("status 0x%02x", hci_status);
4846 /* Commands sent in request are either Read RSSI or Read Transmit Power
4847 * Level so we check which one was last sent to retrieve connection
4848 * handle. Both commands have handle as first parameter so it's safe to
4849 * cast data on the same command struct.
4851 * First command sent is always Read RSSI and we fail only if it fails.
4852 * In other case we simply override error to indicate success as we
4853 * already remembered if TX power value is actually valid.
4855 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4857 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4858 status = MGMT_STATUS_SUCCESS;
4860 status = mgmt_status(hci_status);
4864 BT_ERR("invalid sent_cmd in conn_info response");
4868 handle = __le16_to_cpu(cp->handle);
4869 conn = hci_conn_hash_lookup_handle(hdev, handle);
4871 BT_ERR("unknown handle (%d) in conn_info response", handle);
4875 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
4879 cmd->cmd_complete(cmd, status);
4880 mgmt_pending_remove(cmd);
4883 hci_dev_unlock(hdev);
4886 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4889 struct mgmt_cp_get_conn_info *cp = data;
4890 struct mgmt_rp_get_conn_info rp;
4891 struct hci_conn *conn;
4892 unsigned long conn_info_age;
4895 BT_DBG("%s", hdev->name);
4897 memset(&rp, 0, sizeof(rp));
4898 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4899 rp.addr.type = cp->addr.type;
4901 if (!bdaddr_type_is_valid(cp->addr.type))
4902 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4903 MGMT_STATUS_INVALID_PARAMS,
4908 if (!hdev_is_powered(hdev)) {
4909 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4910 MGMT_STATUS_NOT_POWERED, &rp,
4915 if (cp->addr.type == BDADDR_BREDR)
4916 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4919 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4921 if (!conn || conn->state != BT_CONNECTED) {
4922 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4923 MGMT_STATUS_NOT_CONNECTED, &rp,
4928 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
4929 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4930 MGMT_STATUS_BUSY, &rp, sizeof(rp));
4934 /* To avoid client trying to guess when to poll again for information we
4935 * calculate conn info age as random value between min/max set in hdev.
4937 conn_info_age = hdev->conn_info_min_age +
4938 prandom_u32_max(hdev->conn_info_max_age -
4939 hdev->conn_info_min_age);
4941 /* Query controller to refresh cached values if they are too old or were
4944 if (time_after(jiffies, conn->conn_info_timestamp +
4945 msecs_to_jiffies(conn_info_age)) ||
4946 !conn->conn_info_timestamp) {
4947 struct hci_request req;
4948 struct hci_cp_read_tx_power req_txp_cp;
4949 struct hci_cp_read_rssi req_rssi_cp;
4950 struct mgmt_pending_cmd *cmd;
4952 hci_req_init(&req, hdev);
4953 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4954 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4957 /* For LE links TX power does not change thus we don't need to
4958 * query for it once value is known.
4960 if (!bdaddr_type_is_le(cp->addr.type) ||
4961 conn->tx_power == HCI_TX_POWER_INVALID) {
4962 req_txp_cp.handle = cpu_to_le16(conn->handle);
4963 req_txp_cp.type = 0x00;
4964 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4965 sizeof(req_txp_cp), &req_txp_cp);
4968 /* Max TX power needs to be read only once per connection */
4969 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4970 req_txp_cp.handle = cpu_to_le16(conn->handle);
4971 req_txp_cp.type = 0x01;
4972 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4973 sizeof(req_txp_cp), &req_txp_cp);
4976 err = hci_req_run(&req, conn_info_refresh_complete);
4980 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4987 hci_conn_hold(conn);
4988 cmd->user_data = hci_conn_get(conn);
4989 cmd->cmd_complete = conn_info_cmd_complete;
4991 conn->conn_info_timestamp = jiffies;
4993 /* Cache is valid, just reply with values cached in hci_conn */
4994 rp.rssi = conn->rssi;
4995 rp.tx_power = conn->tx_power;
4996 rp.max_tx_power = conn->max_tx_power;
4998 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4999 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5003 hci_dev_unlock(hdev);
5007 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5009 struct hci_conn *conn = cmd->user_data;
5010 struct mgmt_rp_get_clock_info rp;
5011 struct hci_dev *hdev;
5014 memset(&rp, 0, sizeof(rp));
5015 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5020 hdev = hci_dev_get(cmd->index);
5022 rp.local_clock = cpu_to_le32(hdev->clock);
5027 rp.piconet_clock = cpu_to_le32(conn->clock);
5028 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5032 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5036 hci_conn_drop(conn);
5043 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5045 struct hci_cp_read_clock *hci_cp;
5046 struct mgmt_pending_cmd *cmd;
5047 struct hci_conn *conn;
5049 BT_DBG("%s status %u", hdev->name, status);
5053 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5057 if (hci_cp->which) {
5058 u16 handle = __le16_to_cpu(hci_cp->handle);
5059 conn = hci_conn_hash_lookup_handle(hdev, handle);
5064 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5068 cmd->cmd_complete(cmd, mgmt_status(status));
5069 mgmt_pending_remove(cmd);
5072 hci_dev_unlock(hdev);
5075 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5078 struct mgmt_cp_get_clock_info *cp = data;
5079 struct mgmt_rp_get_clock_info rp;
5080 struct hci_cp_read_clock hci_cp;
5081 struct mgmt_pending_cmd *cmd;
5082 struct hci_request req;
5083 struct hci_conn *conn;
5086 BT_DBG("%s", hdev->name);
5088 memset(&rp, 0, sizeof(rp));
5089 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5090 rp.addr.type = cp->addr.type;
5092 if (cp->addr.type != BDADDR_BREDR)
5093 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5094 MGMT_STATUS_INVALID_PARAMS,
5099 if (!hdev_is_powered(hdev)) {
5100 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5101 MGMT_STATUS_NOT_POWERED, &rp,
5106 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5107 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5109 if (!conn || conn->state != BT_CONNECTED) {
5110 err = mgmt_cmd_complete(sk, hdev->id,
5111 MGMT_OP_GET_CLOCK_INFO,
5112 MGMT_STATUS_NOT_CONNECTED,
5120 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5126 cmd->cmd_complete = clock_info_cmd_complete;
5128 hci_req_init(&req, hdev);
5130 memset(&hci_cp, 0, sizeof(hci_cp));
5131 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5134 hci_conn_hold(conn);
5135 cmd->user_data = hci_conn_get(conn);
5137 hci_cp.handle = cpu_to_le16(conn->handle);
5138 hci_cp.which = 0x01; /* Piconet clock */
5139 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5142 err = hci_req_run(&req, get_clock_info_complete);
5144 mgmt_pending_remove(cmd);
5147 hci_dev_unlock(hdev);
5151 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5153 struct hci_conn *conn;
5155 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5159 if (conn->dst_type != type)
5162 if (conn->state != BT_CONNECTED)
5168 /* This function requires the caller holds hdev->lock */
5169 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5170 u8 addr_type, u8 auto_connect)
5172 struct hci_conn_params *params;
5174 params = hci_conn_params_add(hdev, addr, addr_type);
5178 if (params->auto_connect == auto_connect)
5181 list_del_init(¶ms->action);
5183 switch (auto_connect) {
5184 case HCI_AUTO_CONN_DISABLED:
5185 case HCI_AUTO_CONN_LINK_LOSS:
5186 /* If auto connect is being disabled when we're trying to
5187 * connect to device, keep connecting.
5189 if (params->explicit_connect)
5190 list_add(¶ms->action, &hdev->pend_le_conns);
5192 case HCI_AUTO_CONN_REPORT:
5193 if (params->explicit_connect)
5194 list_add(¶ms->action, &hdev->pend_le_conns);
5196 list_add(¶ms->action, &hdev->pend_le_reports);
5198 case HCI_AUTO_CONN_DIRECT:
5199 case HCI_AUTO_CONN_ALWAYS:
5200 if (!is_connected(hdev, addr, addr_type))
5201 list_add(¶ms->action, &hdev->pend_le_conns);
5205 params->auto_connect = auto_connect;
5207 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5213 static void device_added(struct sock *sk, struct hci_dev *hdev,
5214 bdaddr_t *bdaddr, u8 type, u8 action)
5216 struct mgmt_ev_device_added ev;
5218 bacpy(&ev.addr.bdaddr, bdaddr);
5219 ev.addr.type = type;
5222 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5225 static int add_device(struct sock *sk, struct hci_dev *hdev,
5226 void *data, u16 len)
5228 struct mgmt_cp_add_device *cp = data;
5229 u8 auto_conn, addr_type;
5232 BT_DBG("%s", hdev->name);
5234 if (!bdaddr_type_is_valid(cp->addr.type) ||
5235 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5236 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5237 MGMT_STATUS_INVALID_PARAMS,
5238 &cp->addr, sizeof(cp->addr));
5240 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5241 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5242 MGMT_STATUS_INVALID_PARAMS,
5243 &cp->addr, sizeof(cp->addr));
5247 if (cp->addr.type == BDADDR_BREDR) {
5248 /* Only incoming connections action is supported for now */
5249 if (cp->action != 0x01) {
5250 err = mgmt_cmd_complete(sk, hdev->id,
5252 MGMT_STATUS_INVALID_PARAMS,
5253 &cp->addr, sizeof(cp->addr));
5257 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5262 hci_req_update_scan(hdev);
5267 addr_type = le_addr_type(cp->addr.type);
5269 if (cp->action == 0x02)
5270 auto_conn = HCI_AUTO_CONN_ALWAYS;
5271 else if (cp->action == 0x01)
5272 auto_conn = HCI_AUTO_CONN_DIRECT;
5274 auto_conn = HCI_AUTO_CONN_REPORT;
5276 /* Kernel internally uses conn_params with resolvable private
5277 * address, but Add Device allows only identity addresses.
5278 * Make sure it is enforced before calling
5279 * hci_conn_params_lookup.
5281 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5282 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5283 MGMT_STATUS_INVALID_PARAMS,
5284 &cp->addr, sizeof(cp->addr));
5288 /* If the connection parameters don't exist for this device,
5289 * they will be created and configured with defaults.
5291 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5293 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5294 MGMT_STATUS_FAILED, &cp->addr,
5299 hci_update_background_scan(hdev);
5302 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5304 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5305 MGMT_STATUS_SUCCESS, &cp->addr,
5309 hci_dev_unlock(hdev);
5313 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5314 bdaddr_t *bdaddr, u8 type)
5316 struct mgmt_ev_device_removed ev;
5318 bacpy(&ev.addr.bdaddr, bdaddr);
5319 ev.addr.type = type;
5321 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5324 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5325 void *data, u16 len)
5327 struct mgmt_cp_remove_device *cp = data;
5330 BT_DBG("%s", hdev->name);
5334 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5335 struct hci_conn_params *params;
5338 if (!bdaddr_type_is_valid(cp->addr.type)) {
5339 err = mgmt_cmd_complete(sk, hdev->id,
5340 MGMT_OP_REMOVE_DEVICE,
5341 MGMT_STATUS_INVALID_PARAMS,
5342 &cp->addr, sizeof(cp->addr));
5346 if (cp->addr.type == BDADDR_BREDR) {
5347 err = hci_bdaddr_list_del(&hdev->whitelist,
5351 err = mgmt_cmd_complete(sk, hdev->id,
5352 MGMT_OP_REMOVE_DEVICE,
5353 MGMT_STATUS_INVALID_PARAMS,
5359 hci_req_update_scan(hdev);
5361 device_removed(sk, hdev, &cp->addr.bdaddr,
5366 addr_type = le_addr_type(cp->addr.type);
5368 /* Kernel internally uses conn_params with resolvable private
5369 * address, but Remove Device allows only identity addresses.
5370 * Make sure it is enforced before calling
5371 * hci_conn_params_lookup.
5373 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5374 err = mgmt_cmd_complete(sk, hdev->id,
5375 MGMT_OP_REMOVE_DEVICE,
5376 MGMT_STATUS_INVALID_PARAMS,
5377 &cp->addr, sizeof(cp->addr));
5381 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5384 err = mgmt_cmd_complete(sk, hdev->id,
5385 MGMT_OP_REMOVE_DEVICE,
5386 MGMT_STATUS_INVALID_PARAMS,
5387 &cp->addr, sizeof(cp->addr));
5391 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5392 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5393 err = mgmt_cmd_complete(sk, hdev->id,
5394 MGMT_OP_REMOVE_DEVICE,
5395 MGMT_STATUS_INVALID_PARAMS,
5396 &cp->addr, sizeof(cp->addr));
5400 list_del(¶ms->action);
5401 list_del(¶ms->list);
5403 hci_update_background_scan(hdev);
5405 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5407 struct hci_conn_params *p, *tmp;
5408 struct bdaddr_list *b, *btmp;
5410 if (cp->addr.type) {
5411 err = mgmt_cmd_complete(sk, hdev->id,
5412 MGMT_OP_REMOVE_DEVICE,
5413 MGMT_STATUS_INVALID_PARAMS,
5414 &cp->addr, sizeof(cp->addr));
5418 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5419 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5424 hci_req_update_scan(hdev);
5426 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5427 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5429 device_removed(sk, hdev, &p->addr, p->addr_type);
5430 if (p->explicit_connect) {
5431 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5434 list_del(&p->action);
5439 BT_DBG("All LE connection parameters were removed");
5441 hci_update_background_scan(hdev);
5445 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5446 MGMT_STATUS_SUCCESS, &cp->addr,
5449 hci_dev_unlock(hdev);
5453 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5456 struct mgmt_cp_load_conn_param *cp = data;
5457 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5458 sizeof(struct mgmt_conn_param));
5459 u16 param_count, expected_len;
5462 if (!lmp_le_capable(hdev))
5463 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5464 MGMT_STATUS_NOT_SUPPORTED);
5466 param_count = __le16_to_cpu(cp->param_count);
5467 if (param_count > max_param_count) {
5468 BT_ERR("load_conn_param: too big param_count value %u",
5470 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5471 MGMT_STATUS_INVALID_PARAMS);
5474 expected_len = sizeof(*cp) + param_count *
5475 sizeof(struct mgmt_conn_param);
5476 if (expected_len != len) {
5477 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5479 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5480 MGMT_STATUS_INVALID_PARAMS);
5483 BT_DBG("%s param_count %u", hdev->name, param_count);
5487 hci_conn_params_clear_disabled(hdev);
5489 for (i = 0; i < param_count; i++) {
5490 struct mgmt_conn_param *param = &cp->params[i];
5491 struct hci_conn_params *hci_param;
5492 u16 min, max, latency, timeout;
5495 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5498 if (param->addr.type == BDADDR_LE_PUBLIC) {
5499 addr_type = ADDR_LE_DEV_PUBLIC;
5500 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5501 addr_type = ADDR_LE_DEV_RANDOM;
5503 BT_ERR("Ignoring invalid connection parameters");
5507 min = le16_to_cpu(param->min_interval);
5508 max = le16_to_cpu(param->max_interval);
5509 latency = le16_to_cpu(param->latency);
5510 timeout = le16_to_cpu(param->timeout);
5512 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5513 min, max, latency, timeout);
5515 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5516 BT_ERR("Ignoring invalid connection parameters");
5520 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5523 BT_ERR("Failed to add connection parameters");
5527 hci_param->conn_min_interval = min;
5528 hci_param->conn_max_interval = max;
5529 hci_param->conn_latency = latency;
5530 hci_param->supervision_timeout = timeout;
5533 hci_dev_unlock(hdev);
5535 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5539 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5540 void *data, u16 len)
5542 struct mgmt_cp_set_external_config *cp = data;
5546 BT_DBG("%s", hdev->name);
5548 if (hdev_is_powered(hdev))
5549 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5550 MGMT_STATUS_REJECTED);
5552 if (cp->config != 0x00 && cp->config != 0x01)
5553 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5554 MGMT_STATUS_INVALID_PARAMS);
5556 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5557 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5558 MGMT_STATUS_NOT_SUPPORTED);
5563 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
5565 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
5567 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5574 err = new_options(hdev, sk);
5576 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
5577 mgmt_index_removed(hdev);
5579 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
5580 hci_dev_set_flag(hdev, HCI_CONFIG);
5581 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5583 queue_work(hdev->req_workqueue, &hdev->power_on);
5585 set_bit(HCI_RAW, &hdev->flags);
5586 mgmt_index_added(hdev);
5591 hci_dev_unlock(hdev);
5595 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5596 void *data, u16 len)
5598 struct mgmt_cp_set_public_address *cp = data;
5602 BT_DBG("%s", hdev->name);
5604 if (hdev_is_powered(hdev))
5605 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5606 MGMT_STATUS_REJECTED);
5608 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5609 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5610 MGMT_STATUS_INVALID_PARAMS);
5612 if (!hdev->set_bdaddr)
5613 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5614 MGMT_STATUS_NOT_SUPPORTED);
5618 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5619 bacpy(&hdev->public_addr, &cp->bdaddr);
5621 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5628 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
5629 err = new_options(hdev, sk);
5631 if (is_configured(hdev)) {
5632 mgmt_index_removed(hdev);
5634 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
5636 hci_dev_set_flag(hdev, HCI_CONFIG);
5637 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5639 queue_work(hdev->req_workqueue, &hdev->power_on);
5643 hci_dev_unlock(hdev);
5647 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5648 u16 opcode, struct sk_buff *skb)
5650 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5651 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5652 u8 *h192, *r192, *h256, *r256;
5653 struct mgmt_pending_cmd *cmd;
5657 BT_DBG("%s status %u", hdev->name, status);
5659 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5663 mgmt_cp = cmd->param;
5666 status = mgmt_status(status);
5673 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5674 struct hci_rp_read_local_oob_data *rp;
5676 if (skb->len != sizeof(*rp)) {
5677 status = MGMT_STATUS_FAILED;
5680 status = MGMT_STATUS_SUCCESS;
5681 rp = (void *)skb->data;
5683 eir_len = 5 + 18 + 18;
5690 struct hci_rp_read_local_oob_ext_data *rp;
5692 if (skb->len != sizeof(*rp)) {
5693 status = MGMT_STATUS_FAILED;
5696 status = MGMT_STATUS_SUCCESS;
5697 rp = (void *)skb->data;
5699 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5700 eir_len = 5 + 18 + 18;
5704 eir_len = 5 + 18 + 18 + 18 + 18;
5714 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5721 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5722 hdev->dev_class, 3);
5725 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5726 EIR_SSP_HASH_C192, h192, 16);
5727 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5728 EIR_SSP_RAND_R192, r192, 16);
5732 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5733 EIR_SSP_HASH_C256, h256, 16);
5734 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5735 EIR_SSP_RAND_R256, r256, 16);
5739 mgmt_rp->type = mgmt_cp->type;
5740 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5742 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5743 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5744 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5745 if (err < 0 || status)
5748 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5750 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5751 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5752 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5755 mgmt_pending_remove(cmd);
5758 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5759 struct mgmt_cp_read_local_oob_ext_data *cp)
5761 struct mgmt_pending_cmd *cmd;
5762 struct hci_request req;
5765 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5770 hci_req_init(&req, hdev);
5772 if (bredr_sc_enabled(hdev))
5773 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5775 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5777 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5779 mgmt_pending_remove(cmd);
5786 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5787 void *data, u16 data_len)
5789 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5790 struct mgmt_rp_read_local_oob_ext_data *rp;
5793 u8 status, flags, role, addr[7], hash[16], rand[16];
5796 BT_DBG("%s", hdev->name);
5798 if (hdev_is_powered(hdev)) {
5800 case BIT(BDADDR_BREDR):
5801 status = mgmt_bredr_support(hdev);
5807 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5808 status = mgmt_le_support(hdev);
5812 eir_len = 9 + 3 + 18 + 18 + 3;
5815 status = MGMT_STATUS_INVALID_PARAMS;
5820 status = MGMT_STATUS_NOT_POWERED;
5824 rp_len = sizeof(*rp) + eir_len;
5825 rp = kmalloc(rp_len, GFP_ATOMIC);
5836 case BIT(BDADDR_BREDR):
5837 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5838 err = read_local_ssp_oob_req(hdev, sk, cp);
5839 hci_dev_unlock(hdev);
5843 status = MGMT_STATUS_FAILED;
5846 eir_len = eir_append_data(rp->eir, eir_len,
5848 hdev->dev_class, 3);
5851 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5852 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5853 smp_generate_oob(hdev, hash, rand) < 0) {
5854 hci_dev_unlock(hdev);
5855 status = MGMT_STATUS_FAILED;
5859 /* This should return the active RPA, but since the RPA
5860 * is only programmed on demand, it is really hard to fill
5861 * this in at the moment. For now disallow retrieving
5862 * local out-of-band data when privacy is in use.
5864 * Returning the identity address will not help here since
5865 * pairing happens before the identity resolving key is
5866 * known and thus the connection establishment happens
5867 * based on the RPA and not the identity address.
5869 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
5870 hci_dev_unlock(hdev);
5871 status = MGMT_STATUS_REJECTED;
5875 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
5876 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
5877 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5878 bacmp(&hdev->static_addr, BDADDR_ANY))) {
5879 memcpy(addr, &hdev->static_addr, 6);
5882 memcpy(addr, &hdev->bdaddr, 6);
5886 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
5887 addr, sizeof(addr));
5889 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
5894 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
5895 &role, sizeof(role));
5897 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
5898 eir_len = eir_append_data(rp->eir, eir_len,
5900 hash, sizeof(hash));
5902 eir_len = eir_append_data(rp->eir, eir_len,
5904 rand, sizeof(rand));
5907 flags = mgmt_get_adv_discov_flags(hdev);
5909 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5910 flags |= LE_AD_NO_BREDR;
5912 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
5913 &flags, sizeof(flags));
5917 hci_dev_unlock(hdev);
5919 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
5921 status = MGMT_STATUS_SUCCESS;
5924 rp->type = cp->type;
5925 rp->eir_len = cpu_to_le16(eir_len);
5927 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
5928 status, rp, sizeof(*rp) + eir_len);
5929 if (err < 0 || status)
5932 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5933 rp, sizeof(*rp) + eir_len,
5934 HCI_MGMT_OOB_DATA_EVENTS, sk);
5942 static u32 get_supported_adv_flags(struct hci_dev *hdev)
5946 flags |= MGMT_ADV_FLAG_CONNECTABLE;
5947 flags |= MGMT_ADV_FLAG_DISCOV;
5948 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
5949 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
5950 flags |= MGMT_ADV_FLAG_APPEARANCE;
5951 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
5953 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
5954 flags |= MGMT_ADV_FLAG_TX_POWER;
5959 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
5960 void *data, u16 data_len)
5962 struct mgmt_rp_read_adv_features *rp;
5965 struct adv_info *adv_instance;
5966 u32 supported_flags;
5969 BT_DBG("%s", hdev->name);
5971 if (!lmp_le_capable(hdev))
5972 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5973 MGMT_STATUS_REJECTED);
5977 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
5978 rp = kmalloc(rp_len, GFP_ATOMIC);
5980 hci_dev_unlock(hdev);
5984 supported_flags = get_supported_adv_flags(hdev);
5986 rp->supported_flags = cpu_to_le32(supported_flags);
5987 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
5988 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
5989 rp->max_instances = HCI_MAX_ADV_INSTANCES;
5990 rp->num_instances = hdev->adv_instance_cnt;
5992 instance = rp->instance;
5993 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
5994 *instance = adv_instance->instance;
5998 hci_dev_unlock(hdev);
6000 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6001 MGMT_STATUS_SUCCESS, rp, rp_len);
6008 static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data)
6010 u8 max_len = HCI_MAX_AD_LENGTH;
6013 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6014 MGMT_ADV_FLAG_LIMITED_DISCOV |
6015 MGMT_ADV_FLAG_MANAGED_FLAGS))
6018 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6021 /* at least 1 byte of name should fit in */
6022 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6025 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6032 static bool flags_managed(u32 adv_flags)
6034 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6035 MGMT_ADV_FLAG_LIMITED_DISCOV |
6036 MGMT_ADV_FLAG_MANAGED_FLAGS);
6039 static bool tx_power_managed(u32 adv_flags)
6041 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6044 static bool name_managed(u32 adv_flags)
6046 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6049 static bool appearance_managed(u32 adv_flags)
6051 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6054 static bool tlv_data_is_valid(u32 adv_flags, u8 *data, u8 len, bool is_adv_data)
6059 max_len = tlv_data_max_len(adv_flags, is_adv_data);
6064 /* Make sure that the data is correctly formatted. */
6065 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6068 if (data[i + 1] == EIR_FLAGS && flags_managed(adv_flags))
6071 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6074 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6077 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6080 if (data[i + 1] == EIR_APPEARANCE &&
6081 appearance_managed(adv_flags))
6084 /* If the current field length would exceed the total data
6085 * length, then it's invalid.
6087 if (i + cur_len >= len)
6094 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6097 struct mgmt_pending_cmd *cmd;
6098 struct mgmt_cp_add_advertising *cp;
6099 struct mgmt_rp_add_advertising rp;
6100 struct adv_info *adv_instance, *n;
6103 BT_DBG("status %d", status);
6107 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6109 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6110 if (!adv_instance->pending)
6114 adv_instance->pending = false;
6118 instance = adv_instance->instance;
6120 if (hdev->cur_adv_instance == instance)
6121 cancel_adv_timeout(hdev);
6123 hci_remove_adv_instance(hdev, instance);
6124 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6131 rp.instance = cp->instance;
6134 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6135 mgmt_status(status));
6137 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6138 mgmt_status(status), &rp, sizeof(rp));
6140 mgmt_pending_remove(cmd);
6143 hci_dev_unlock(hdev);
6146 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6147 void *data, u16 data_len)
6149 struct mgmt_cp_add_advertising *cp = data;
6150 struct mgmt_rp_add_advertising rp;
6152 u32 supported_flags;
6154 u16 timeout, duration;
6155 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6156 u8 schedule_instance = 0;
6157 struct adv_info *next_instance;
6159 struct mgmt_pending_cmd *cmd;
6160 struct hci_request req;
6162 BT_DBG("%s", hdev->name);
6164 status = mgmt_le_support(hdev);
6166 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6169 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6170 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6171 MGMT_STATUS_INVALID_PARAMS);
6173 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6174 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6175 MGMT_STATUS_INVALID_PARAMS);
6177 flags = __le32_to_cpu(cp->flags);
6178 timeout = __le16_to_cpu(cp->timeout);
6179 duration = __le16_to_cpu(cp->duration);
6181 /* The current implementation only supports a subset of the specified
6184 supported_flags = get_supported_adv_flags(hdev);
6185 if (flags & ~supported_flags)
6186 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6187 MGMT_STATUS_INVALID_PARAMS);
6191 if (timeout && !hdev_is_powered(hdev)) {
6192 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6193 MGMT_STATUS_REJECTED);
6197 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6198 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6199 pending_find(MGMT_OP_SET_LE, hdev)) {
6200 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6205 if (!tlv_data_is_valid(flags, cp->data, cp->adv_data_len, true) ||
6206 !tlv_data_is_valid(flags, cp->data + cp->adv_data_len,
6207 cp->scan_rsp_len, false)) {
6208 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6209 MGMT_STATUS_INVALID_PARAMS);
6213 err = hci_add_adv_instance(hdev, cp->instance, flags,
6214 cp->adv_data_len, cp->data,
6216 cp->data + cp->adv_data_len,
6219 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6220 MGMT_STATUS_FAILED);
6224 /* Only trigger an advertising added event if a new instance was
6227 if (hdev->adv_instance_cnt > prev_instance_cnt)
6228 mgmt_advertising_added(sk, hdev, cp->instance);
6230 if (hdev->cur_adv_instance == cp->instance) {
6231 /* If the currently advertised instance is being changed then
6232 * cancel the current advertising and schedule the next
6233 * instance. If there is only one instance then the overridden
6234 * advertising data will be visible right away.
6236 cancel_adv_timeout(hdev);
6238 next_instance = hci_get_next_instance(hdev, cp->instance);
6240 schedule_instance = next_instance->instance;
6241 } else if (!hdev->adv_instance_timeout) {
6242 /* Immediately advertise the new instance if no other
6243 * instance is currently being advertised.
6245 schedule_instance = cp->instance;
6248 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6249 * there is no instance to be advertised then we have no HCI
6250 * communication to make. Simply return.
6252 if (!hdev_is_powered(hdev) ||
6253 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6254 !schedule_instance) {
6255 rp.instance = cp->instance;
6256 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6257 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6261 /* We're good to go, update advertising data, parameters, and start
6264 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6271 hci_req_init(&req, hdev);
6273 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6276 err = hci_req_run(&req, add_advertising_complete);
6279 mgmt_pending_remove(cmd);
6282 hci_dev_unlock(hdev);
6287 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6290 struct mgmt_pending_cmd *cmd;
6291 struct mgmt_cp_remove_advertising *cp;
6292 struct mgmt_rp_remove_advertising rp;
6294 BT_DBG("status %d", status);
6298 /* A failure status here only means that we failed to disable
6299 * advertising. Otherwise, the advertising instance has been removed,
6300 * so report success.
6302 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6307 rp.instance = cp->instance;
6309 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6311 mgmt_pending_remove(cmd);
6314 hci_dev_unlock(hdev);
6317 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6318 void *data, u16 data_len)
6320 struct mgmt_cp_remove_advertising *cp = data;
6321 struct mgmt_rp_remove_advertising rp;
6322 struct mgmt_pending_cmd *cmd;
6323 struct hci_request req;
6326 BT_DBG("%s", hdev->name);
6330 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6331 err = mgmt_cmd_status(sk, hdev->id,
6332 MGMT_OP_REMOVE_ADVERTISING,
6333 MGMT_STATUS_INVALID_PARAMS);
6337 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6338 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6339 pending_find(MGMT_OP_SET_LE, hdev)) {
6340 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6345 if (list_empty(&hdev->adv_instances)) {
6346 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6347 MGMT_STATUS_INVALID_PARAMS);
6351 hci_req_init(&req, hdev);
6353 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6355 if (list_empty(&hdev->adv_instances))
6356 __hci_req_disable_advertising(&req);
6358 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6359 * flag is set or the device isn't powered then we have no HCI
6360 * communication to make. Simply return.
6362 if (skb_queue_empty(&req.cmd_q) ||
6363 !hdev_is_powered(hdev) ||
6364 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6365 rp.instance = cp->instance;
6366 err = mgmt_cmd_complete(sk, hdev->id,
6367 MGMT_OP_REMOVE_ADVERTISING,
6368 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6372 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6379 err = hci_req_run(&req, remove_advertising_complete);
6381 mgmt_pending_remove(cmd);
6384 hci_dev_unlock(hdev);
6389 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6390 void *data, u16 data_len)
6392 struct mgmt_cp_get_adv_size_info *cp = data;
6393 struct mgmt_rp_get_adv_size_info rp;
6394 u32 flags, supported_flags;
6397 BT_DBG("%s", hdev->name);
6399 if (!lmp_le_capable(hdev))
6400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6401 MGMT_STATUS_REJECTED);
6403 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6405 MGMT_STATUS_INVALID_PARAMS);
6407 flags = __le32_to_cpu(cp->flags);
6409 /* The current implementation only supports a subset of the specified
6412 supported_flags = get_supported_adv_flags(hdev);
6413 if (flags & ~supported_flags)
6414 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6415 MGMT_STATUS_INVALID_PARAMS);
6417 rp.instance = cp->instance;
6418 rp.flags = cp->flags;
6419 rp.max_adv_data_len = tlv_data_max_len(flags, true);
6420 rp.max_scan_rsp_len = tlv_data_max_len(flags, false);
6422 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6423 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6428 static const struct hci_mgmt_handler mgmt_handlers[] = {
6429 { NULL }, /* 0x0000 (no command) */
6430 { read_version, MGMT_READ_VERSION_SIZE,
6432 HCI_MGMT_UNTRUSTED },
6433 { read_commands, MGMT_READ_COMMANDS_SIZE,
6435 HCI_MGMT_UNTRUSTED },
6436 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6438 HCI_MGMT_UNTRUSTED },
6439 { read_controller_info, MGMT_READ_INFO_SIZE,
6440 HCI_MGMT_UNTRUSTED },
6441 { set_powered, MGMT_SETTING_SIZE },
6442 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6443 { set_connectable, MGMT_SETTING_SIZE },
6444 { set_fast_connectable, MGMT_SETTING_SIZE },
6445 { set_bondable, MGMT_SETTING_SIZE },
6446 { set_link_security, MGMT_SETTING_SIZE },
6447 { set_ssp, MGMT_SETTING_SIZE },
6448 { set_hs, MGMT_SETTING_SIZE },
6449 { set_le, MGMT_SETTING_SIZE },
6450 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6451 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6452 { add_uuid, MGMT_ADD_UUID_SIZE },
6453 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6454 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6456 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6458 { disconnect, MGMT_DISCONNECT_SIZE },
6459 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6460 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6461 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6462 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6463 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6464 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6465 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6466 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6467 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6468 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6469 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6470 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6471 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6473 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6474 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6475 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6476 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6477 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6478 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6479 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6480 { set_advertising, MGMT_SETTING_SIZE },
6481 { set_bredr, MGMT_SETTING_SIZE },
6482 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6483 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6484 { set_secure_conn, MGMT_SETTING_SIZE },
6485 { set_debug_keys, MGMT_SETTING_SIZE },
6486 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6487 { load_irks, MGMT_LOAD_IRKS_SIZE,
6489 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6490 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6491 { add_device, MGMT_ADD_DEVICE_SIZE },
6492 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6493 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6495 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6497 HCI_MGMT_UNTRUSTED },
6498 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6499 HCI_MGMT_UNCONFIGURED |
6500 HCI_MGMT_UNTRUSTED },
6501 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6502 HCI_MGMT_UNCONFIGURED },
6503 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6504 HCI_MGMT_UNCONFIGURED },
6505 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6507 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6508 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6510 HCI_MGMT_UNTRUSTED },
6511 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6512 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6514 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6515 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
6516 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
6517 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6518 HCI_MGMT_UNTRUSTED },
6519 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6522 void mgmt_index_added(struct hci_dev *hdev)
6524 struct mgmt_ev_ext_index ev;
6526 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6529 switch (hdev->dev_type) {
6531 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6532 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6533 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6536 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6537 HCI_MGMT_INDEX_EVENTS);
6550 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6551 HCI_MGMT_EXT_INDEX_EVENTS);
6554 void mgmt_index_removed(struct hci_dev *hdev)
6556 struct mgmt_ev_ext_index ev;
6557 u8 status = MGMT_STATUS_INVALID_INDEX;
6559 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6562 switch (hdev->dev_type) {
6564 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6566 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6567 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6568 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6571 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6572 HCI_MGMT_INDEX_EVENTS);
6585 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6586 HCI_MGMT_EXT_INDEX_EVENTS);
6589 /* This function requires the caller holds hdev->lock */
6590 static void restart_le_actions(struct hci_dev *hdev)
6592 struct hci_conn_params *p;
6594 list_for_each_entry(p, &hdev->le_conn_params, list) {
6595 /* Needed for AUTO_OFF case where might not "really"
6596 * have been powered off.
6598 list_del_init(&p->action);
6600 switch (p->auto_connect) {
6601 case HCI_AUTO_CONN_DIRECT:
6602 case HCI_AUTO_CONN_ALWAYS:
6603 list_add(&p->action, &hdev->pend_le_conns);
6605 case HCI_AUTO_CONN_REPORT:
6606 list_add(&p->action, &hdev->pend_le_reports);
6614 void mgmt_power_on(struct hci_dev *hdev, int err)
6616 struct cmd_lookup match = { NULL, hdev };
6618 BT_DBG("err %d", err);
6623 restart_le_actions(hdev);
6624 hci_update_background_scan(hdev);
6627 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6629 new_settings(hdev, match.sk);
6634 hci_dev_unlock(hdev);
6637 void __mgmt_power_off(struct hci_dev *hdev)
6639 struct cmd_lookup match = { NULL, hdev };
6640 u8 status, zero_cod[] = { 0, 0, 0 };
6642 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6644 /* If the power off is because of hdev unregistration let
6645 * use the appropriate INVALID_INDEX status. Otherwise use
6646 * NOT_POWERED. We cover both scenarios here since later in
6647 * mgmt_index_removed() any hci_conn callbacks will have already
6648 * been triggered, potentially causing misleading DISCONNECTED
6651 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
6652 status = MGMT_STATUS_INVALID_INDEX;
6654 status = MGMT_STATUS_NOT_POWERED;
6656 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6658 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
6659 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6660 zero_cod, sizeof(zero_cod),
6661 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
6662 ext_info_changed(hdev, NULL);
6665 new_settings(hdev, match.sk);
6671 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
6673 struct mgmt_pending_cmd *cmd;
6676 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6680 if (err == -ERFKILL)
6681 status = MGMT_STATUS_RFKILLED;
6683 status = MGMT_STATUS_FAILED;
6685 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
6687 mgmt_pending_remove(cmd);
6690 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6693 struct mgmt_ev_new_link_key ev;
6695 memset(&ev, 0, sizeof(ev));
6697 ev.store_hint = persistent;
6698 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6699 ev.key.addr.type = BDADDR_BREDR;
6700 ev.key.type = key->type;
6701 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6702 ev.key.pin_len = key->pin_len;
6704 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6707 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6709 switch (ltk->type) {
6712 if (ltk->authenticated)
6713 return MGMT_LTK_AUTHENTICATED;
6714 return MGMT_LTK_UNAUTHENTICATED;
6716 if (ltk->authenticated)
6717 return MGMT_LTK_P256_AUTH;
6718 return MGMT_LTK_P256_UNAUTH;
6719 case SMP_LTK_P256_DEBUG:
6720 return MGMT_LTK_P256_DEBUG;
6723 return MGMT_LTK_UNAUTHENTICATED;
6726 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6728 struct mgmt_ev_new_long_term_key ev;
6730 memset(&ev, 0, sizeof(ev));
6732 /* Devices using resolvable or non-resolvable random addresses
6733 * without providing an identity resolving key don't require
6734 * to store long term keys. Their addresses will change the
6737 * Only when a remote device provides an identity address
6738 * make sure the long term key is stored. If the remote
6739 * identity is known, the long term keys are internally
6740 * mapped to the identity address. So allow static random
6741 * and public addresses here.
6743 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6744 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6745 ev.store_hint = 0x00;
6747 ev.store_hint = persistent;
6749 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6750 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6751 ev.key.type = mgmt_ltk_type(key);
6752 ev.key.enc_size = key->enc_size;
6753 ev.key.ediv = key->ediv;
6754 ev.key.rand = key->rand;
6756 if (key->type == SMP_LTK)
6759 /* Make sure we copy only the significant bytes based on the
6760 * encryption key size, and set the rest of the value to zeroes.
6762 memcpy(ev.key.val, key->val, key->enc_size);
6763 memset(ev.key.val + key->enc_size, 0,
6764 sizeof(ev.key.val) - key->enc_size);
6766 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6769 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
6771 struct mgmt_ev_new_irk ev;
6773 memset(&ev, 0, sizeof(ev));
6775 ev.store_hint = persistent;
6777 bacpy(&ev.rpa, &irk->rpa);
6778 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6779 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6780 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6782 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6785 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6788 struct mgmt_ev_new_csrk ev;
6790 memset(&ev, 0, sizeof(ev));
6792 /* Devices using resolvable or non-resolvable random addresses
6793 * without providing an identity resolving key don't require
6794 * to store signature resolving keys. Their addresses will change
6795 * the next time around.
6797 * Only when a remote device provides an identity address
6798 * make sure the signature resolving key is stored. So allow
6799 * static random and public addresses here.
6801 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6802 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6803 ev.store_hint = 0x00;
6805 ev.store_hint = persistent;
6807 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6808 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6809 ev.key.type = csrk->type;
6810 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6812 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6815 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6816 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6817 u16 max_interval, u16 latency, u16 timeout)
6819 struct mgmt_ev_new_conn_param ev;
6821 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6824 memset(&ev, 0, sizeof(ev));
6825 bacpy(&ev.addr.bdaddr, bdaddr);
6826 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6827 ev.store_hint = store_hint;
6828 ev.min_interval = cpu_to_le16(min_interval);
6829 ev.max_interval = cpu_to_le16(max_interval);
6830 ev.latency = cpu_to_le16(latency);
6831 ev.timeout = cpu_to_le16(timeout);
6833 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6836 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6837 u32 flags, u8 *name, u8 name_len)
6840 struct mgmt_ev_device_connected *ev = (void *) buf;
6843 bacpy(&ev->addr.bdaddr, &conn->dst);
6844 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6846 ev->flags = __cpu_to_le32(flags);
6848 /* We must ensure that the EIR Data fields are ordered and
6849 * unique. Keep it simple for now and avoid the problem by not
6850 * adding any BR/EDR data to the LE adv.
6852 if (conn->le_adv_data_len > 0) {
6853 memcpy(&ev->eir[eir_len],
6854 conn->le_adv_data, conn->le_adv_data_len);
6855 eir_len = conn->le_adv_data_len;
6858 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6861 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
6862 eir_len = eir_append_data(ev->eir, eir_len,
6864 conn->dev_class, 3);
6867 ev->eir_len = cpu_to_le16(eir_len);
6869 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6870 sizeof(*ev) + eir_len, NULL);
6873 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
6875 struct sock **sk = data;
6877 cmd->cmd_complete(cmd, 0);
6882 mgmt_pending_remove(cmd);
6885 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
6887 struct hci_dev *hdev = data;
6888 struct mgmt_cp_unpair_device *cp = cmd->param;
6890 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6892 cmd->cmd_complete(cmd, 0);
6893 mgmt_pending_remove(cmd);
6896 bool mgmt_powering_down(struct hci_dev *hdev)
6898 struct mgmt_pending_cmd *cmd;
6899 struct mgmt_mode *cp;
6901 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6912 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6913 u8 link_type, u8 addr_type, u8 reason,
6914 bool mgmt_connected)
6916 struct mgmt_ev_device_disconnected ev;
6917 struct sock *sk = NULL;
6919 /* The connection is still in hci_conn_hash so test for 1
6920 * instead of 0 to know if this is the last one.
6922 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6923 cancel_delayed_work(&hdev->power_off);
6924 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6927 if (!mgmt_connected)
6930 if (link_type != ACL_LINK && link_type != LE_LINK)
6933 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6935 bacpy(&ev.addr.bdaddr, bdaddr);
6936 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6939 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6944 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6948 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6949 u8 link_type, u8 addr_type, u8 status)
6951 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6952 struct mgmt_cp_disconnect *cp;
6953 struct mgmt_pending_cmd *cmd;
6955 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6958 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
6964 if (bacmp(bdaddr, &cp->addr.bdaddr))
6967 if (cp->addr.type != bdaddr_type)
6970 cmd->cmd_complete(cmd, mgmt_status(status));
6971 mgmt_pending_remove(cmd);
6974 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6975 u8 addr_type, u8 status)
6977 struct mgmt_ev_connect_failed ev;
6979 /* The connection is still in hci_conn_hash so test for 1
6980 * instead of 0 to know if this is the last one.
6982 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6983 cancel_delayed_work(&hdev->power_off);
6984 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6987 bacpy(&ev.addr.bdaddr, bdaddr);
6988 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6989 ev.status = mgmt_status(status);
6991 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
6994 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
6996 struct mgmt_ev_pin_code_request ev;
6998 bacpy(&ev.addr.bdaddr, bdaddr);
6999 ev.addr.type = BDADDR_BREDR;
7002 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7005 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7008 struct mgmt_pending_cmd *cmd;
7010 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7014 cmd->cmd_complete(cmd, mgmt_status(status));
7015 mgmt_pending_remove(cmd);
7018 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7021 struct mgmt_pending_cmd *cmd;
7023 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7027 cmd->cmd_complete(cmd, mgmt_status(status));
7028 mgmt_pending_remove(cmd);
7031 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7032 u8 link_type, u8 addr_type, u32 value,
7035 struct mgmt_ev_user_confirm_request ev;
7037 BT_DBG("%s", hdev->name);
7039 bacpy(&ev.addr.bdaddr, bdaddr);
7040 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7041 ev.confirm_hint = confirm_hint;
7042 ev.value = cpu_to_le32(value);
7044 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7048 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7049 u8 link_type, u8 addr_type)
7051 struct mgmt_ev_user_passkey_request ev;
7053 BT_DBG("%s", hdev->name);
7055 bacpy(&ev.addr.bdaddr, bdaddr);
7056 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7058 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7062 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7063 u8 link_type, u8 addr_type, u8 status,
7066 struct mgmt_pending_cmd *cmd;
7068 cmd = pending_find(opcode, hdev);
7072 cmd->cmd_complete(cmd, mgmt_status(status));
7073 mgmt_pending_remove(cmd);
7078 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7079 u8 link_type, u8 addr_type, u8 status)
7081 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7082 status, MGMT_OP_USER_CONFIRM_REPLY);
7085 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7086 u8 link_type, u8 addr_type, u8 status)
7088 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7090 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7093 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7094 u8 link_type, u8 addr_type, u8 status)
7096 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7097 status, MGMT_OP_USER_PASSKEY_REPLY);
7100 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7101 u8 link_type, u8 addr_type, u8 status)
7103 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7105 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7108 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7109 u8 link_type, u8 addr_type, u32 passkey,
7112 struct mgmt_ev_passkey_notify ev;
7114 BT_DBG("%s", hdev->name);
7116 bacpy(&ev.addr.bdaddr, bdaddr);
7117 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7118 ev.passkey = __cpu_to_le32(passkey);
7119 ev.entered = entered;
7121 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7124 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7126 struct mgmt_ev_auth_failed ev;
7127 struct mgmt_pending_cmd *cmd;
7128 u8 status = mgmt_status(hci_status);
7130 bacpy(&ev.addr.bdaddr, &conn->dst);
7131 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7134 cmd = find_pairing(conn);
7136 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7137 cmd ? cmd->sk : NULL);
7140 cmd->cmd_complete(cmd, status);
7141 mgmt_pending_remove(cmd);
7145 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7147 struct cmd_lookup match = { NULL, hdev };
7151 u8 mgmt_err = mgmt_status(status);
7152 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7153 cmd_status_rsp, &mgmt_err);
7157 if (test_bit(HCI_AUTH, &hdev->flags))
7158 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7160 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7162 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7166 new_settings(hdev, match.sk);
7172 static void clear_eir(struct hci_request *req)
7174 struct hci_dev *hdev = req->hdev;
7175 struct hci_cp_write_eir cp;
7177 if (!lmp_ext_inq_capable(hdev))
7180 memset(hdev->eir, 0, sizeof(hdev->eir));
7182 memset(&cp, 0, sizeof(cp));
7184 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7187 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7189 struct cmd_lookup match = { NULL, hdev };
7190 struct hci_request req;
7191 bool changed = false;
7194 u8 mgmt_err = mgmt_status(status);
7196 if (enable && hci_dev_test_and_clear_flag(hdev,
7198 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7199 new_settings(hdev, NULL);
7202 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7208 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7210 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7212 changed = hci_dev_test_and_clear_flag(hdev,
7215 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7218 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7221 new_settings(hdev, match.sk);
7226 hci_req_init(&req, hdev);
7228 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7229 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7230 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7231 sizeof(enable), &enable);
7232 __hci_req_update_eir(&req);
7237 hci_req_run(&req, NULL);
7240 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7242 struct cmd_lookup *match = data;
7244 if (match->sk == NULL) {
7245 match->sk = cmd->sk;
7246 sock_hold(match->sk);
7250 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7253 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7255 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7256 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7257 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7260 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7261 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7262 ext_info_changed(hdev, NULL);
7269 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7271 struct mgmt_cp_set_local_name ev;
7272 struct mgmt_pending_cmd *cmd;
7277 memset(&ev, 0, sizeof(ev));
7278 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7279 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7281 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7283 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7285 /* If this is a HCI command related to powering on the
7286 * HCI dev don't send any mgmt signals.
7288 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7292 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7293 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7294 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7297 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7301 for (i = 0; i < uuid_count; i++) {
7302 if (!memcmp(uuid, uuids[i], 16))
7309 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7313 while (parsed < eir_len) {
7314 u8 field_len = eir[0];
7321 if (eir_len - parsed < field_len + 1)
7325 case EIR_UUID16_ALL:
7326 case EIR_UUID16_SOME:
7327 for (i = 0; i + 3 <= field_len; i += 2) {
7328 memcpy(uuid, bluetooth_base_uuid, 16);
7329 uuid[13] = eir[i + 3];
7330 uuid[12] = eir[i + 2];
7331 if (has_uuid(uuid, uuid_count, uuids))
7335 case EIR_UUID32_ALL:
7336 case EIR_UUID32_SOME:
7337 for (i = 0; i + 5 <= field_len; i += 4) {
7338 memcpy(uuid, bluetooth_base_uuid, 16);
7339 uuid[15] = eir[i + 5];
7340 uuid[14] = eir[i + 4];
7341 uuid[13] = eir[i + 3];
7342 uuid[12] = eir[i + 2];
7343 if (has_uuid(uuid, uuid_count, uuids))
7347 case EIR_UUID128_ALL:
7348 case EIR_UUID128_SOME:
7349 for (i = 0; i + 17 <= field_len; i += 16) {
7350 memcpy(uuid, eir + i + 2, 16);
7351 if (has_uuid(uuid, uuid_count, uuids))
7357 parsed += field_len + 1;
7358 eir += field_len + 1;
7364 static void restart_le_scan(struct hci_dev *hdev)
7366 /* If controller is not scanning we are done. */
7367 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7370 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7371 hdev->discovery.scan_start +
7372 hdev->discovery.scan_duration))
7375 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
7376 DISCOV_LE_RESTART_DELAY);
7379 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7380 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7382 /* If a RSSI threshold has been specified, and
7383 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7384 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7385 * is set, let it through for further processing, as we might need to
7388 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7389 * the results are also dropped.
7391 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7392 (rssi == HCI_RSSI_INVALID ||
7393 (rssi < hdev->discovery.rssi &&
7394 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7397 if (hdev->discovery.uuid_count != 0) {
7398 /* If a list of UUIDs is provided in filter, results with no
7399 * matching UUID should be dropped.
7401 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7402 hdev->discovery.uuids) &&
7403 !eir_has_uuids(scan_rsp, scan_rsp_len,
7404 hdev->discovery.uuid_count,
7405 hdev->discovery.uuids))
7409 /* If duplicate filtering does not report RSSI changes, then restart
7410 * scanning to ensure updated result with updated RSSI values.
7412 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7413 restart_le_scan(hdev);
7415 /* Validate RSSI value against the RSSI threshold once more. */
7416 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7417 rssi < hdev->discovery.rssi)
7424 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7425 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7426 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7429 struct mgmt_ev_device_found *ev = (void *)buf;
7432 /* Don't send events for a non-kernel initiated discovery. With
7433 * LE one exception is if we have pend_le_reports > 0 in which
7434 * case we're doing passive scanning and want these events.
7436 if (!hci_discovery_active(hdev)) {
7437 if (link_type == ACL_LINK)
7439 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7443 if (hdev->discovery.result_filtering) {
7444 /* We are using service discovery */
7445 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7450 if (hdev->discovery.limited) {
7451 /* Check for limited discoverable bit */
7453 if (!(dev_class[1] & 0x20))
7456 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7457 if (!flags || !(flags[0] & LE_AD_LIMITED))
7462 /* Make sure that the buffer is big enough. The 5 extra bytes
7463 * are for the potential CoD field.
7465 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7468 memset(buf, 0, sizeof(buf));
7470 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7471 * RSSI value was reported as 0 when not available. This behavior
7472 * is kept when using device discovery. This is required for full
7473 * backwards compatibility with the API.
7475 * However when using service discovery, the value 127 will be
7476 * returned when the RSSI is not available.
7478 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7479 link_type == ACL_LINK)
7482 bacpy(&ev->addr.bdaddr, bdaddr);
7483 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7485 ev->flags = cpu_to_le32(flags);
7488 /* Copy EIR or advertising data into event */
7489 memcpy(ev->eir, eir, eir_len);
7491 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7493 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7496 if (scan_rsp_len > 0)
7497 /* Append scan response data to event */
7498 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7500 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7501 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7503 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7506 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7507 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7509 struct mgmt_ev_device_found *ev;
7510 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7513 ev = (struct mgmt_ev_device_found *) buf;
7515 memset(buf, 0, sizeof(buf));
7517 bacpy(&ev->addr.bdaddr, bdaddr);
7518 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7521 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7524 ev->eir_len = cpu_to_le16(eir_len);
7526 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7529 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7531 struct mgmt_ev_discovering ev;
7533 BT_DBG("%s discovering %u", hdev->name, discovering);
7535 memset(&ev, 0, sizeof(ev));
7536 ev.type = hdev->discovery.type;
7537 ev.discovering = discovering;
7539 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7542 static struct hci_mgmt_chan chan = {
7543 .channel = HCI_CHANNEL_CONTROL,
7544 .handler_count = ARRAY_SIZE(mgmt_handlers),
7545 .handlers = mgmt_handlers,
7546 .hdev_init = mgmt_init_hdev,
7551 return hci_mgmt_chan_register(&chan);
7554 void mgmt_exit(void)
7556 hci_mgmt_chan_unregister(&chan);