2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 14
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
111 static const u16 mgmt_events[] = {
112 MGMT_EV_CONTROLLER_ERROR,
114 MGMT_EV_INDEX_REMOVED,
115 MGMT_EV_NEW_SETTINGS,
116 MGMT_EV_CLASS_OF_DEV_CHANGED,
117 MGMT_EV_LOCAL_NAME_CHANGED,
118 MGMT_EV_NEW_LINK_KEY,
119 MGMT_EV_NEW_LONG_TERM_KEY,
120 MGMT_EV_DEVICE_CONNECTED,
121 MGMT_EV_DEVICE_DISCONNECTED,
122 MGMT_EV_CONNECT_FAILED,
123 MGMT_EV_PIN_CODE_REQUEST,
124 MGMT_EV_USER_CONFIRM_REQUEST,
125 MGMT_EV_USER_PASSKEY_REQUEST,
127 MGMT_EV_DEVICE_FOUND,
129 MGMT_EV_DEVICE_BLOCKED,
130 MGMT_EV_DEVICE_UNBLOCKED,
131 MGMT_EV_DEVICE_UNPAIRED,
132 MGMT_EV_PASSKEY_NOTIFY,
135 MGMT_EV_DEVICE_ADDED,
136 MGMT_EV_DEVICE_REMOVED,
137 MGMT_EV_NEW_CONN_PARAM,
138 MGMT_EV_UNCONF_INDEX_ADDED,
139 MGMT_EV_UNCONF_INDEX_REMOVED,
140 MGMT_EV_NEW_CONFIG_OPTIONS,
141 MGMT_EV_EXT_INDEX_ADDED,
142 MGMT_EV_EXT_INDEX_REMOVED,
143 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
144 MGMT_EV_ADVERTISING_ADDED,
145 MGMT_EV_ADVERTISING_REMOVED,
146 MGMT_EV_EXT_INFO_CHANGED,
149 static const u16 mgmt_untrusted_commands[] = {
150 MGMT_OP_READ_INDEX_LIST,
152 MGMT_OP_READ_UNCONF_INDEX_LIST,
153 MGMT_OP_READ_CONFIG_INFO,
154 MGMT_OP_READ_EXT_INDEX_LIST,
155 MGMT_OP_READ_EXT_INFO,
158 static const u16 mgmt_untrusted_events[] = {
160 MGMT_EV_INDEX_REMOVED,
161 MGMT_EV_NEW_SETTINGS,
162 MGMT_EV_CLASS_OF_DEV_CHANGED,
163 MGMT_EV_LOCAL_NAME_CHANGED,
164 MGMT_EV_UNCONF_INDEX_ADDED,
165 MGMT_EV_UNCONF_INDEX_REMOVED,
166 MGMT_EV_NEW_CONFIG_OPTIONS,
167 MGMT_EV_EXT_INDEX_ADDED,
168 MGMT_EV_EXT_INDEX_REMOVED,
169 MGMT_EV_EXT_INFO_CHANGED,
172 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
174 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
175 "\x00\x00\x00\x00\x00\x00\x00\x00"
177 /* HCI to MGMT error code conversion table */
178 static u8 mgmt_status_table[] = {
180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
182 MGMT_STATUS_FAILED, /* Hardware Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
191 MGMT_STATUS_BUSY, /* Command Disallowed */
192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
193 MGMT_STATUS_REJECTED, /* Rejected Security */
194 MGMT_STATUS_REJECTED, /* Rejected Personal */
195 MGMT_STATUS_TIMEOUT, /* Host Timeout */
196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
202 MGMT_STATUS_BUSY, /* Repeated Attempts */
203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
210 MGMT_STATUS_FAILED, /* Unspecified Error */
211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
217 MGMT_STATUS_FAILED, /* Unit Link Key Used */
218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
219 MGMT_STATUS_TIMEOUT, /* Instant Passed */
220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
221 MGMT_STATUS_FAILED, /* Transaction Collision */
222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
223 MGMT_STATUS_REJECTED, /* QoS Rejected */
224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
225 MGMT_STATUS_REJECTED, /* Insufficient Security */
226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
227 MGMT_STATUS_BUSY, /* Role Switch Pending */
228 MGMT_STATUS_FAILED, /* Slot Violation */
229 MGMT_STATUS_FAILED, /* Role Switch Failed */
230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
232 MGMT_STATUS_BUSY, /* Host Busy Pairing */
233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
234 MGMT_STATUS_BUSY, /* Controller Busy */
235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
242 static u8 mgmt_status(u8 hci_status)
244 if (hci_status < ARRAY_SIZE(mgmt_status_table))
245 return mgmt_status_table[hci_status];
247 return MGMT_STATUS_FAILED;
250 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, int flag, struct sock *skip_sk)
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
271 static u8 le_addr_type(u8 mgmt_addr_type)
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
276 return ADDR_LE_DEV_RANDOM;
279 void mgmt_fill_version_info(void *ver)
281 struct mgmt_rp_read_version *rp = ver;
283 rp->version = MGMT_VERSION;
284 rp->revision = cpu_to_le16(MGMT_REVISION);
287 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
290 struct mgmt_rp_read_version rp;
292 BT_DBG("sock %p", sk);
294 mgmt_fill_version_info(&rp);
296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
300 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
303 struct mgmt_rp_read_commands *rp;
304 u16 num_commands, num_events;
308 BT_DBG("sock %p", sk);
310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
311 num_commands = ARRAY_SIZE(mgmt_commands);
312 num_events = ARRAY_SIZE(mgmt_events);
314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
315 num_events = ARRAY_SIZE(mgmt_untrusted_events);
318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
320 rp = kmalloc(rp_size, GFP_KERNEL);
324 rp->num_commands = cpu_to_le16(num_commands);
325 rp->num_events = cpu_to_le16(num_events);
327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
328 __le16 *opcode = rp->opcodes;
330 for (i = 0; i < num_commands; i++, opcode++)
331 put_unaligned_le16(mgmt_commands[i], opcode);
333 for (i = 0; i < num_events; i++, opcode++)
334 put_unaligned_le16(mgmt_events[i], opcode);
336 __le16 *opcode = rp->opcodes;
338 for (i = 0; i < num_commands; i++, opcode++)
339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
341 for (i = 0; i < num_events; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
352 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
355 struct mgmt_rp_read_index_list *rp;
361 BT_DBG("sock %p", sk);
363 read_lock(&hci_dev_list_lock);
366 list_for_each_entry(d, &hci_dev_list, list) {
367 if (d->dev_type == HCI_PRIMARY &&
368 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
372 rp_len = sizeof(*rp) + (2 * count);
373 rp = kmalloc(rp_len, GFP_ATOMIC);
375 read_unlock(&hci_dev_list_lock);
380 list_for_each_entry(d, &hci_dev_list, list) {
381 if (hci_dev_test_flag(d, HCI_SETUP) ||
382 hci_dev_test_flag(d, HCI_CONFIG) ||
383 hci_dev_test_flag(d, HCI_USER_CHANNEL))
386 /* Devices marked as raw-only are neither configured
387 * nor unconfigured controllers.
389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
392 if (d->dev_type == HCI_PRIMARY &&
393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
394 rp->index[count++] = cpu_to_le16(d->id);
395 BT_DBG("Added hci%u", d->id);
399 rp->num_controllers = cpu_to_le16(count);
400 rp_len = sizeof(*rp) + (2 * count);
402 read_unlock(&hci_dev_list_lock);
404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
412 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
413 void *data, u16 data_len)
415 struct mgmt_rp_read_unconf_index_list *rp;
421 BT_DBG("sock %p", sk);
423 read_lock(&hci_dev_list_lock);
426 list_for_each_entry(d, &hci_dev_list, list) {
427 if (d->dev_type == HCI_PRIMARY &&
428 hci_dev_test_flag(d, HCI_UNCONFIGURED))
432 rp_len = sizeof(*rp) + (2 * count);
433 rp = kmalloc(rp_len, GFP_ATOMIC);
435 read_unlock(&hci_dev_list_lock);
440 list_for_each_entry(d, &hci_dev_list, list) {
441 if (hci_dev_test_flag(d, HCI_SETUP) ||
442 hci_dev_test_flag(d, HCI_CONFIG) ||
443 hci_dev_test_flag(d, HCI_USER_CHANNEL))
446 /* Devices marked as raw-only are neither configured
447 * nor unconfigured controllers.
449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
452 if (d->dev_type == HCI_PRIMARY &&
453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
454 rp->index[count++] = cpu_to_le16(d->id);
455 BT_DBG("Added hci%u", d->id);
459 rp->num_controllers = cpu_to_le16(count);
460 rp_len = sizeof(*rp) + (2 * count);
462 read_unlock(&hci_dev_list_lock);
464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
472 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
473 void *data, u16 data_len)
475 struct mgmt_rp_read_ext_index_list *rp;
481 BT_DBG("sock %p", sk);
483 read_lock(&hci_dev_list_lock);
486 list_for_each_entry(d, &hci_dev_list, list) {
487 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
491 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
492 rp = kmalloc(rp_len, GFP_ATOMIC);
494 read_unlock(&hci_dev_list_lock);
499 list_for_each_entry(d, &hci_dev_list, list) {
500 if (hci_dev_test_flag(d, HCI_SETUP) ||
501 hci_dev_test_flag(d, HCI_CONFIG) ||
502 hci_dev_test_flag(d, HCI_USER_CHANNEL))
505 /* Devices marked as raw-only are neither configured
506 * nor unconfigured controllers.
508 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
511 if (d->dev_type == HCI_PRIMARY) {
512 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
513 rp->entry[count].type = 0x01;
515 rp->entry[count].type = 0x00;
516 } else if (d->dev_type == HCI_AMP) {
517 rp->entry[count].type = 0x02;
522 rp->entry[count].bus = d->bus;
523 rp->entry[count++].index = cpu_to_le16(d->id);
524 BT_DBG("Added hci%u", d->id);
527 rp->num_controllers = cpu_to_le16(count);
528 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
530 read_unlock(&hci_dev_list_lock);
532 /* If this command is called at least once, then all the
533 * default index and unconfigured index events are disabled
534 * and from now on only extended index events are used.
536 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
537 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
538 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
540 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
541 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
548 static bool is_configured(struct hci_dev *hdev)
550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
561 static __le32 get_missing_options(struct hci_dev *hdev)
565 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
566 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
567 options |= MGMT_OPTION_EXTERNAL_CONFIG;
569 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
570 !bacmp(&hdev->public_addr, BDADDR_ANY))
571 options |= MGMT_OPTION_PUBLIC_ADDRESS;
573 return cpu_to_le32(options);
576 static int new_options(struct hci_dev *hdev, struct sock *skip)
578 __le32 options = get_missing_options(hdev);
580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
584 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
586 __le32 options = get_missing_options(hdev);
588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
592 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
593 void *data, u16 data_len)
595 struct mgmt_rp_read_config_info rp;
598 BT_DBG("sock %p %s", sk, hdev->name);
602 memset(&rp, 0, sizeof(rp));
603 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
606 options |= MGMT_OPTION_EXTERNAL_CONFIG;
608 if (hdev->set_bdaddr)
609 options |= MGMT_OPTION_PUBLIC_ADDRESS;
611 rp.supported_options = cpu_to_le32(options);
612 rp.missing_options = get_missing_options(hdev);
614 hci_dev_unlock(hdev);
616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
620 static u32 get_supported_settings(struct hci_dev *hdev)
624 settings |= MGMT_SETTING_POWERED;
625 settings |= MGMT_SETTING_BONDABLE;
626 settings |= MGMT_SETTING_DEBUG_KEYS;
627 settings |= MGMT_SETTING_CONNECTABLE;
628 settings |= MGMT_SETTING_DISCOVERABLE;
630 if (lmp_bredr_capable(hdev)) {
631 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
632 settings |= MGMT_SETTING_FAST_CONNECTABLE;
633 settings |= MGMT_SETTING_BREDR;
634 settings |= MGMT_SETTING_LINK_SECURITY;
636 if (lmp_ssp_capable(hdev)) {
637 settings |= MGMT_SETTING_SSP;
638 settings |= MGMT_SETTING_HS;
641 if (lmp_sc_capable(hdev))
642 settings |= MGMT_SETTING_SECURE_CONN;
645 if (lmp_le_capable(hdev)) {
646 settings |= MGMT_SETTING_LE;
647 settings |= MGMT_SETTING_ADVERTISING;
648 settings |= MGMT_SETTING_SECURE_CONN;
649 settings |= MGMT_SETTING_PRIVACY;
650 settings |= MGMT_SETTING_STATIC_ADDRESS;
653 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
655 settings |= MGMT_SETTING_CONFIGURATION;
660 static u32 get_current_settings(struct hci_dev *hdev)
664 if (hdev_is_powered(hdev))
665 settings |= MGMT_SETTING_POWERED;
667 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
668 settings |= MGMT_SETTING_CONNECTABLE;
670 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
671 settings |= MGMT_SETTING_FAST_CONNECTABLE;
673 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
674 settings |= MGMT_SETTING_DISCOVERABLE;
676 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
677 settings |= MGMT_SETTING_BONDABLE;
679 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
680 settings |= MGMT_SETTING_BREDR;
682 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
683 settings |= MGMT_SETTING_LE;
685 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
686 settings |= MGMT_SETTING_LINK_SECURITY;
688 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
689 settings |= MGMT_SETTING_SSP;
691 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
692 settings |= MGMT_SETTING_HS;
694 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
695 settings |= MGMT_SETTING_ADVERTISING;
697 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
698 settings |= MGMT_SETTING_SECURE_CONN;
700 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
701 settings |= MGMT_SETTING_DEBUG_KEYS;
703 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
704 settings |= MGMT_SETTING_PRIVACY;
706 /* The current setting for static address has two purposes. The
707 * first is to indicate if the static address will be used and
708 * the second is to indicate if it is actually set.
710 * This means if the static address is not configured, this flag
711 * will never be set. If the address is configured, then if the
712 * address is actually used decides if the flag is set or not.
714 * For single mode LE only controllers and dual-mode controllers
715 * with BR/EDR disabled, the existence of the static address will
718 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
719 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
720 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
721 if (bacmp(&hdev->static_addr, BDADDR_ANY))
722 settings |= MGMT_SETTING_STATIC_ADDRESS;
728 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
730 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
733 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
734 struct hci_dev *hdev,
737 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
740 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
742 struct mgmt_pending_cmd *cmd;
744 /* If there's a pending mgmt command the flags will not yet have
745 * their final values, so check for this first.
747 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
749 struct mgmt_mode *cp = cmd->param;
751 return LE_AD_GENERAL;
752 else if (cp->val == 0x02)
753 return LE_AD_LIMITED;
755 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
756 return LE_AD_LIMITED;
757 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
758 return LE_AD_GENERAL;
764 bool mgmt_get_connectable(struct hci_dev *hdev)
766 struct mgmt_pending_cmd *cmd;
768 /* If there's a pending mgmt command the flag will not yet have
769 * it's final value, so check for this first.
771 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
773 struct mgmt_mode *cp = cmd->param;
778 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
781 static void service_cache_off(struct work_struct *work)
783 struct hci_dev *hdev = container_of(work, struct hci_dev,
785 struct hci_request req;
787 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
790 hci_req_init(&req, hdev);
794 __hci_req_update_eir(&req);
795 __hci_req_update_class(&req);
797 hci_dev_unlock(hdev);
799 hci_req_run(&req, NULL);
802 static void rpa_expired(struct work_struct *work)
804 struct hci_dev *hdev = container_of(work, struct hci_dev,
806 struct hci_request req;
810 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
812 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
815 /* The generation of a new RPA and programming it into the
816 * controller happens in the hci_req_enable_advertising()
819 hci_req_init(&req, hdev);
820 __hci_req_enable_advertising(&req);
821 hci_req_run(&req, NULL);
824 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
826 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
829 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
830 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
832 /* Non-mgmt controlled devices get this bit set
833 * implicitly so that pairing works for them, however
834 * for mgmt we require user-space to explicitly enable
837 hci_dev_clear_flag(hdev, HCI_BONDABLE);
840 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
841 void *data, u16 data_len)
843 struct mgmt_rp_read_info rp;
845 BT_DBG("sock %p %s", sk, hdev->name);
849 memset(&rp, 0, sizeof(rp));
851 bacpy(&rp.bdaddr, &hdev->bdaddr);
853 rp.version = hdev->hci_ver;
854 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
856 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
857 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
859 memcpy(rp.dev_class, hdev->dev_class, 3);
861 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
862 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
864 hci_dev_unlock(hdev);
866 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
870 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
875 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
876 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
879 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
880 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
883 name_len = strlen(hdev->dev_name);
884 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
885 hdev->dev_name, name_len);
887 name_len = strlen(hdev->short_name);
888 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
889 hdev->short_name, name_len);
894 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
895 void *data, u16 data_len)
898 struct mgmt_rp_read_ext_info *rp = (void *)buf;
901 BT_DBG("sock %p %s", sk, hdev->name);
903 memset(&buf, 0, sizeof(buf));
907 bacpy(&rp->bdaddr, &hdev->bdaddr);
909 rp->version = hdev->hci_ver;
910 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
912 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
913 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
916 eir_len = append_eir_data_to_buf(hdev, rp->eir);
917 rp->eir_len = cpu_to_le16(eir_len);
919 hci_dev_unlock(hdev);
921 /* If this command is called at least once, then the events
922 * for class of device and local name changes are disabled
923 * and only the new extended controller information event
926 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
927 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
928 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
930 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
931 sizeof(*rp) + eir_len);
934 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
937 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
940 memset(buf, 0, sizeof(buf));
942 eir_len = append_eir_data_to_buf(hdev, ev->eir);
943 ev->eir_len = cpu_to_le16(eir_len);
945 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
946 sizeof(*ev) + eir_len,
947 HCI_MGMT_EXT_INFO_EVENTS, skip);
950 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
952 __le32 settings = cpu_to_le32(get_current_settings(hdev));
954 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
958 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
960 BT_DBG("%s status 0x%02x", hdev->name, status);
962 if (hci_conn_count(hdev) == 0) {
963 cancel_delayed_work(&hdev->power_off);
964 queue_work(hdev->req_workqueue, &hdev->power_off.work);
968 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
970 struct mgmt_ev_advertising_added ev;
972 ev.instance = instance;
974 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
977 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
980 struct mgmt_ev_advertising_removed ev;
982 ev.instance = instance;
984 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
987 static void cancel_adv_timeout(struct hci_dev *hdev)
989 if (hdev->adv_instance_timeout) {
990 hdev->adv_instance_timeout = 0;
991 cancel_delayed_work(&hdev->adv_instance_expire);
995 static int clean_up_hci_state(struct hci_dev *hdev)
997 struct hci_request req;
998 struct hci_conn *conn;
1002 hci_req_init(&req, hdev);
1004 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1005 test_bit(HCI_PSCAN, &hdev->flags)) {
1007 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1010 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1012 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1013 __hci_req_disable_advertising(&req);
1015 discov_stopped = hci_req_stop_discovery(&req);
1017 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1018 /* 0x15 == Terminated due to Power Off */
1019 __hci_abort_conn(&req, conn, 0x15);
1022 err = hci_req_run(&req, clean_up_hci_complete);
1023 if (!err && discov_stopped)
1024 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1029 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1032 struct mgmt_mode *cp = data;
1033 struct mgmt_pending_cmd *cmd;
1036 BT_DBG("request for %s", hdev->name);
1038 if (cp->val != 0x00 && cp->val != 0x01)
1039 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1040 MGMT_STATUS_INVALID_PARAMS);
1044 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1045 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1050 if (!!cp->val == hdev_is_powered(hdev)) {
1051 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1055 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1062 queue_work(hdev->req_workqueue, &hdev->power_on);
1065 /* Disconnect connections, stop scans, etc */
1066 err = clean_up_hci_state(hdev);
1068 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1069 HCI_POWER_OFF_TIMEOUT);
1071 /* ENODATA means there were no HCI commands queued */
1072 if (err == -ENODATA) {
1073 cancel_delayed_work(&hdev->power_off);
1074 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1080 hci_dev_unlock(hdev);
1084 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1086 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1088 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1089 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1092 int mgmt_new_settings(struct hci_dev *hdev)
1094 return new_settings(hdev, NULL);
1099 struct hci_dev *hdev;
1103 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1105 struct cmd_lookup *match = data;
1107 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1109 list_del(&cmd->list);
1111 if (match->sk == NULL) {
1112 match->sk = cmd->sk;
1113 sock_hold(match->sk);
1116 mgmt_pending_free(cmd);
1119 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1123 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1124 mgmt_pending_remove(cmd);
1127 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1129 if (cmd->cmd_complete) {
1132 cmd->cmd_complete(cmd, *status);
1133 mgmt_pending_remove(cmd);
1138 cmd_status_rsp(cmd, data);
1141 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1143 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1144 cmd->param, cmd->param_len);
1147 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1149 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1150 cmd->param, sizeof(struct mgmt_addr_info));
1153 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1155 if (!lmp_bredr_capable(hdev))
1156 return MGMT_STATUS_NOT_SUPPORTED;
1157 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1158 return MGMT_STATUS_REJECTED;
1160 return MGMT_STATUS_SUCCESS;
1163 static u8 mgmt_le_support(struct hci_dev *hdev)
1165 if (!lmp_le_capable(hdev))
1166 return MGMT_STATUS_NOT_SUPPORTED;
1167 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1168 return MGMT_STATUS_REJECTED;
1170 return MGMT_STATUS_SUCCESS;
1173 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1175 struct mgmt_pending_cmd *cmd;
1177 BT_DBG("status 0x%02x", status);
1181 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1186 u8 mgmt_err = mgmt_status(status);
1187 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1188 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1192 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1193 hdev->discov_timeout > 0) {
1194 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1195 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1198 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1199 new_settings(hdev, cmd->sk);
1202 mgmt_pending_remove(cmd);
1205 hci_dev_unlock(hdev);
1208 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1211 struct mgmt_cp_set_discoverable *cp = data;
1212 struct mgmt_pending_cmd *cmd;
1216 BT_DBG("request for %s", hdev->name);
1218 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1219 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1221 MGMT_STATUS_REJECTED);
1223 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1224 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1225 MGMT_STATUS_INVALID_PARAMS);
1227 timeout = __le16_to_cpu(cp->timeout);
1229 /* Disabling discoverable requires that no timeout is set,
1230 * and enabling limited discoverable requires a timeout.
1232 if ((cp->val == 0x00 && timeout > 0) ||
1233 (cp->val == 0x02 && timeout == 0))
1234 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1235 MGMT_STATUS_INVALID_PARAMS);
1239 if (!hdev_is_powered(hdev) && timeout > 0) {
1240 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1241 MGMT_STATUS_NOT_POWERED);
1245 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1246 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1247 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1252 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1253 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1254 MGMT_STATUS_REJECTED);
1258 if (!hdev_is_powered(hdev)) {
1259 bool changed = false;
1261 /* Setting limited discoverable when powered off is
1262 * not a valid operation since it requires a timeout
1263 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1265 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1266 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1270 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1275 err = new_settings(hdev, sk);
1280 /* If the current mode is the same, then just update the timeout
1281 * value with the new value. And if only the timeout gets updated,
1282 * then no need for any HCI transactions.
1284 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1285 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1286 HCI_LIMITED_DISCOVERABLE)) {
1287 cancel_delayed_work(&hdev->discov_off);
1288 hdev->discov_timeout = timeout;
1290 if (cp->val && hdev->discov_timeout > 0) {
1291 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1292 queue_delayed_work(hdev->req_workqueue,
1293 &hdev->discov_off, to);
1296 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1300 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1306 /* Cancel any potential discoverable timeout that might be
1307 * still active and store new timeout value. The arming of
1308 * the timeout happens in the complete handler.
1310 cancel_delayed_work(&hdev->discov_off);
1311 hdev->discov_timeout = timeout;
1314 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1316 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1318 /* Limited discoverable mode */
1319 if (cp->val == 0x02)
1320 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1322 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1324 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1328 hci_dev_unlock(hdev);
1332 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1334 struct mgmt_pending_cmd *cmd;
1336 BT_DBG("status 0x%02x", status);
1340 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1345 u8 mgmt_err = mgmt_status(status);
1346 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1350 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1351 new_settings(hdev, cmd->sk);
1354 mgmt_pending_remove(cmd);
1357 hci_dev_unlock(hdev);
1360 static int set_connectable_update_settings(struct hci_dev *hdev,
1361 struct sock *sk, u8 val)
1363 bool changed = false;
1366 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1370 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1372 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1373 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1376 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1381 hci_req_update_scan(hdev);
1382 hci_update_background_scan(hdev);
1383 return new_settings(hdev, sk);
1389 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1392 struct mgmt_mode *cp = data;
1393 struct mgmt_pending_cmd *cmd;
1396 BT_DBG("request for %s", hdev->name);
1398 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1399 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1401 MGMT_STATUS_REJECTED);
1403 if (cp->val != 0x00 && cp->val != 0x01)
1404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1405 MGMT_STATUS_INVALID_PARAMS);
1409 if (!hdev_is_powered(hdev)) {
1410 err = set_connectable_update_settings(hdev, sk, cp->val);
1414 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1415 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1416 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1421 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1428 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1430 if (hdev->discov_timeout > 0)
1431 cancel_delayed_work(&hdev->discov_off);
1433 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1434 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1435 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1438 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1442 hci_dev_unlock(hdev);
1446 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1449 struct mgmt_mode *cp = data;
1453 BT_DBG("request for %s", hdev->name);
1455 if (cp->val != 0x00 && cp->val != 0x01)
1456 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1457 MGMT_STATUS_INVALID_PARAMS);
1462 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1464 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1466 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1471 /* In limited privacy mode the change of bondable mode
1472 * may affect the local advertising address.
1474 if (hdev_is_powered(hdev) &&
1475 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1476 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1477 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1478 queue_work(hdev->req_workqueue,
1479 &hdev->discoverable_update);
1481 err = new_settings(hdev, sk);
1485 hci_dev_unlock(hdev);
1489 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1492 struct mgmt_mode *cp = data;
1493 struct mgmt_pending_cmd *cmd;
1497 BT_DBG("request for %s", hdev->name);
1499 status = mgmt_bredr_support(hdev);
1501 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1504 if (cp->val != 0x00 && cp->val != 0x01)
1505 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1506 MGMT_STATUS_INVALID_PARAMS);
1510 if (!hdev_is_powered(hdev)) {
1511 bool changed = false;
1513 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1514 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1518 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1523 err = new_settings(hdev, sk);
1528 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1529 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1536 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1537 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1541 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1547 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1549 mgmt_pending_remove(cmd);
1554 hci_dev_unlock(hdev);
1558 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1560 struct mgmt_mode *cp = data;
1561 struct mgmt_pending_cmd *cmd;
1565 BT_DBG("request for %s", hdev->name);
1567 status = mgmt_bredr_support(hdev);
1569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1571 if (!lmp_ssp_capable(hdev))
1572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1573 MGMT_STATUS_NOT_SUPPORTED);
1575 if (cp->val != 0x00 && cp->val != 0x01)
1576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1577 MGMT_STATUS_INVALID_PARAMS);
1581 if (!hdev_is_powered(hdev)) {
1585 changed = !hci_dev_test_and_set_flag(hdev,
1588 changed = hci_dev_test_and_clear_flag(hdev,
1591 changed = hci_dev_test_and_clear_flag(hdev,
1594 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1597 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1602 err = new_settings(hdev, sk);
1607 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1608 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1613 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1614 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1618 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1624 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1625 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1626 sizeof(cp->val), &cp->val);
1628 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1630 mgmt_pending_remove(cmd);
1635 hci_dev_unlock(hdev);
1639 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1641 struct mgmt_mode *cp = data;
1646 BT_DBG("request for %s", hdev->name);
1648 status = mgmt_bredr_support(hdev);
1650 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1652 if (!lmp_ssp_capable(hdev))
1653 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1654 MGMT_STATUS_NOT_SUPPORTED);
1656 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1657 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1658 MGMT_STATUS_REJECTED);
1660 if (cp->val != 0x00 && cp->val != 0x01)
1661 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1662 MGMT_STATUS_INVALID_PARAMS);
1666 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1667 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1673 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1675 if (hdev_is_powered(hdev)) {
1676 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1677 MGMT_STATUS_REJECTED);
1681 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1684 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1689 err = new_settings(hdev, sk);
1692 hci_dev_unlock(hdev);
1696 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1698 struct cmd_lookup match = { NULL, hdev };
1703 u8 mgmt_err = mgmt_status(status);
1705 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1710 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1712 new_settings(hdev, match.sk);
1717 /* Make sure the controller has a good default for
1718 * advertising data. Restrict the update to when LE
1719 * has actually been enabled. During power on, the
1720 * update in powered_update_hci will take care of it.
1722 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1723 struct hci_request req;
1725 hci_req_init(&req, hdev);
1726 __hci_req_update_adv_data(&req, 0x00);
1727 __hci_req_update_scan_rsp_data(&req, 0x00);
1728 hci_req_run(&req, NULL);
1729 hci_update_background_scan(hdev);
1733 hci_dev_unlock(hdev);
1736 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1738 struct mgmt_mode *cp = data;
1739 struct hci_cp_write_le_host_supported hci_cp;
1740 struct mgmt_pending_cmd *cmd;
1741 struct hci_request req;
1745 BT_DBG("request for %s", hdev->name);
1747 if (!lmp_le_capable(hdev))
1748 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1749 MGMT_STATUS_NOT_SUPPORTED);
1751 if (cp->val != 0x00 && cp->val != 0x01)
1752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1753 MGMT_STATUS_INVALID_PARAMS);
1755 /* Bluetooth single mode LE only controllers or dual-mode
1756 * controllers configured as LE only devices, do not allow
1757 * switching LE off. These have either LE enabled explicitly
1758 * or BR/EDR has been previously switched off.
1760 * When trying to enable an already enabled LE, then gracefully
1761 * send a positive response. Trying to disable it however will
1762 * result into rejection.
1764 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1765 if (cp->val == 0x01)
1766 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1768 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1769 MGMT_STATUS_REJECTED);
1775 enabled = lmp_host_le_capable(hdev);
1778 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1780 if (!hdev_is_powered(hdev) || val == enabled) {
1781 bool changed = false;
1783 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1784 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1788 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1789 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1793 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1798 err = new_settings(hdev, sk);
1803 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1804 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1805 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1810 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1816 hci_req_init(&req, hdev);
1818 memset(&hci_cp, 0, sizeof(hci_cp));
1822 hci_cp.simul = 0x00;
1824 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1825 __hci_req_disable_advertising(&req);
1828 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1831 err = hci_req_run(&req, le_enable_complete);
1833 mgmt_pending_remove(cmd);
1836 hci_dev_unlock(hdev);
1840 /* This is a helper function to test for pending mgmt commands that can
1841 * cause CoD or EIR HCI commands. We can only allow one such pending
1842 * mgmt command at a time since otherwise we cannot easily track what
1843 * the current values are, will be, and based on that calculate if a new
1844 * HCI command needs to be sent and if yes with what value.
1846 static bool pending_eir_or_class(struct hci_dev *hdev)
1848 struct mgmt_pending_cmd *cmd;
1850 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1851 switch (cmd->opcode) {
1852 case MGMT_OP_ADD_UUID:
1853 case MGMT_OP_REMOVE_UUID:
1854 case MGMT_OP_SET_DEV_CLASS:
1855 case MGMT_OP_SET_POWERED:
1863 static const u8 bluetooth_base_uuid[] = {
1864 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1865 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1868 static u8 get_uuid_size(const u8 *uuid)
1872 if (memcmp(uuid, bluetooth_base_uuid, 12))
1875 val = get_unaligned_le32(&uuid[12]);
1882 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1884 struct mgmt_pending_cmd *cmd;
1888 cmd = pending_find(mgmt_op, hdev);
1892 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
1893 mgmt_status(status), hdev->dev_class, 3);
1895 mgmt_pending_remove(cmd);
1898 hci_dev_unlock(hdev);
1901 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1903 BT_DBG("status 0x%02x", status);
1905 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1908 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1910 struct mgmt_cp_add_uuid *cp = data;
1911 struct mgmt_pending_cmd *cmd;
1912 struct hci_request req;
1913 struct bt_uuid *uuid;
1916 BT_DBG("request for %s", hdev->name);
1920 if (pending_eir_or_class(hdev)) {
1921 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1926 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1932 memcpy(uuid->uuid, cp->uuid, 16);
1933 uuid->svc_hint = cp->svc_hint;
1934 uuid->size = get_uuid_size(cp->uuid);
1936 list_add_tail(&uuid->list, &hdev->uuids);
1938 hci_req_init(&req, hdev);
1940 __hci_req_update_class(&req);
1941 __hci_req_update_eir(&req);
1943 err = hci_req_run(&req, add_uuid_complete);
1945 if (err != -ENODATA)
1948 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1949 hdev->dev_class, 3);
1953 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1962 hci_dev_unlock(hdev);
1966 static bool enable_service_cache(struct hci_dev *hdev)
1968 if (!hdev_is_powered(hdev))
1971 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
1972 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1980 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1982 BT_DBG("status 0x%02x", status);
1984 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1987 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1990 struct mgmt_cp_remove_uuid *cp = data;
1991 struct mgmt_pending_cmd *cmd;
1992 struct bt_uuid *match, *tmp;
1993 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1994 struct hci_request req;
1997 BT_DBG("request for %s", hdev->name);
2001 if (pending_eir_or_class(hdev)) {
2002 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2007 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2008 hci_uuids_clear(hdev);
2010 if (enable_service_cache(hdev)) {
2011 err = mgmt_cmd_complete(sk, hdev->id,
2012 MGMT_OP_REMOVE_UUID,
2013 0, hdev->dev_class, 3);
2022 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2023 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2026 list_del(&match->list);
2032 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2033 MGMT_STATUS_INVALID_PARAMS);
2038 hci_req_init(&req, hdev);
2040 __hci_req_update_class(&req);
2041 __hci_req_update_eir(&req);
2043 err = hci_req_run(&req, remove_uuid_complete);
2045 if (err != -ENODATA)
2048 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2049 hdev->dev_class, 3);
2053 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2062 hci_dev_unlock(hdev);
2066 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2068 BT_DBG("status 0x%02x", status);
2070 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2073 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2076 struct mgmt_cp_set_dev_class *cp = data;
2077 struct mgmt_pending_cmd *cmd;
2078 struct hci_request req;
2081 BT_DBG("request for %s", hdev->name);
2083 if (!lmp_bredr_capable(hdev))
2084 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2085 MGMT_STATUS_NOT_SUPPORTED);
2089 if (pending_eir_or_class(hdev)) {
2090 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2095 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2096 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2097 MGMT_STATUS_INVALID_PARAMS);
2101 hdev->major_class = cp->major;
2102 hdev->minor_class = cp->minor;
2104 if (!hdev_is_powered(hdev)) {
2105 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2106 hdev->dev_class, 3);
2110 hci_req_init(&req, hdev);
2112 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2113 hci_dev_unlock(hdev);
2114 cancel_delayed_work_sync(&hdev->service_cache);
2116 __hci_req_update_eir(&req);
2119 __hci_req_update_class(&req);
2121 err = hci_req_run(&req, set_class_complete);
2123 if (err != -ENODATA)
2126 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2127 hdev->dev_class, 3);
2131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2140 hci_dev_unlock(hdev);
2144 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2147 struct mgmt_cp_load_link_keys *cp = data;
2148 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2149 sizeof(struct mgmt_link_key_info));
2150 u16 key_count, expected_len;
2154 BT_DBG("request for %s", hdev->name);
2156 if (!lmp_bredr_capable(hdev))
2157 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2158 MGMT_STATUS_NOT_SUPPORTED);
2160 key_count = __le16_to_cpu(cp->key_count);
2161 if (key_count > max_key_count) {
2162 BT_ERR("load_link_keys: too big key_count value %u",
2164 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2165 MGMT_STATUS_INVALID_PARAMS);
2168 expected_len = sizeof(*cp) + key_count *
2169 sizeof(struct mgmt_link_key_info);
2170 if (expected_len != len) {
2171 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2173 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2174 MGMT_STATUS_INVALID_PARAMS);
2177 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2178 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2179 MGMT_STATUS_INVALID_PARAMS);
2181 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2184 for (i = 0; i < key_count; i++) {
2185 struct mgmt_link_key_info *key = &cp->keys[i];
2187 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2188 return mgmt_cmd_status(sk, hdev->id,
2189 MGMT_OP_LOAD_LINK_KEYS,
2190 MGMT_STATUS_INVALID_PARAMS);
2195 hci_link_keys_clear(hdev);
2198 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2200 changed = hci_dev_test_and_clear_flag(hdev,
2201 HCI_KEEP_DEBUG_KEYS);
2204 new_settings(hdev, NULL);
2206 for (i = 0; i < key_count; i++) {
2207 struct mgmt_link_key_info *key = &cp->keys[i];
2209 /* Always ignore debug keys and require a new pairing if
2210 * the user wants to use them.
2212 if (key->type == HCI_LK_DEBUG_COMBINATION)
2215 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2216 key->type, key->pin_len, NULL);
2219 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2221 hci_dev_unlock(hdev);
2226 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2227 u8 addr_type, struct sock *skip_sk)
2229 struct mgmt_ev_device_unpaired ev;
2231 bacpy(&ev.addr.bdaddr, bdaddr);
2232 ev.addr.type = addr_type;
2234 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2238 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2241 struct mgmt_cp_unpair_device *cp = data;
2242 struct mgmt_rp_unpair_device rp;
2243 struct hci_conn_params *params;
2244 struct mgmt_pending_cmd *cmd;
2245 struct hci_conn *conn;
2249 memset(&rp, 0, sizeof(rp));
2250 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2251 rp.addr.type = cp->addr.type;
2253 if (!bdaddr_type_is_valid(cp->addr.type))
2254 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2255 MGMT_STATUS_INVALID_PARAMS,
2258 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2259 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2260 MGMT_STATUS_INVALID_PARAMS,
2265 if (!hdev_is_powered(hdev)) {
2266 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2267 MGMT_STATUS_NOT_POWERED, &rp,
2272 if (cp->addr.type == BDADDR_BREDR) {
2273 /* If disconnection is requested, then look up the
2274 * connection. If the remote device is connected, it
2275 * will be later used to terminate the link.
2277 * Setting it to NULL explicitly will cause no
2278 * termination of the link.
2281 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2286 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2288 err = mgmt_cmd_complete(sk, hdev->id,
2289 MGMT_OP_UNPAIR_DEVICE,
2290 MGMT_STATUS_NOT_PAIRED, &rp,
2298 /* LE address type */
2299 addr_type = le_addr_type(cp->addr.type);
2301 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2303 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2305 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2306 MGMT_STATUS_NOT_PAIRED, &rp,
2311 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2313 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2317 /* Abort any ongoing SMP pairing */
2318 smp_cancel_pairing(conn);
2320 /* Defer clearing up the connection parameters until closing to
2321 * give a chance of keeping them if a repairing happens.
2323 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2325 /* Disable auto-connection parameters if present */
2326 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2328 if (params->explicit_connect)
2329 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2331 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2334 /* If disconnection is not requested, then clear the connection
2335 * variable so that the link is not terminated.
2337 if (!cp->disconnect)
2341 /* If the connection variable is set, then termination of the
2342 * link is requested.
2345 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2347 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2351 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2358 cmd->cmd_complete = addr_cmd_complete;
2360 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2362 mgmt_pending_remove(cmd);
2365 hci_dev_unlock(hdev);
2369 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2372 struct mgmt_cp_disconnect *cp = data;
2373 struct mgmt_rp_disconnect rp;
2374 struct mgmt_pending_cmd *cmd;
2375 struct hci_conn *conn;
2380 memset(&rp, 0, sizeof(rp));
2381 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2382 rp.addr.type = cp->addr.type;
2384 if (!bdaddr_type_is_valid(cp->addr.type))
2385 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2386 MGMT_STATUS_INVALID_PARAMS,
2391 if (!test_bit(HCI_UP, &hdev->flags)) {
2392 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2393 MGMT_STATUS_NOT_POWERED, &rp,
2398 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2399 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2400 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2404 if (cp->addr.type == BDADDR_BREDR)
2405 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2408 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2409 le_addr_type(cp->addr.type));
2411 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2412 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2413 MGMT_STATUS_NOT_CONNECTED, &rp,
2418 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2424 cmd->cmd_complete = generic_cmd_complete;
2426 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2428 mgmt_pending_remove(cmd);
2431 hci_dev_unlock(hdev);
2435 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2437 switch (link_type) {
2439 switch (addr_type) {
2440 case ADDR_LE_DEV_PUBLIC:
2441 return BDADDR_LE_PUBLIC;
2444 /* Fallback to LE Random address type */
2445 return BDADDR_LE_RANDOM;
2449 /* Fallback to BR/EDR type */
2450 return BDADDR_BREDR;
2454 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2457 struct mgmt_rp_get_connections *rp;
2467 if (!hdev_is_powered(hdev)) {
2468 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2469 MGMT_STATUS_NOT_POWERED);
2474 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2475 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2479 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2480 rp = kmalloc(rp_len, GFP_KERNEL);
2487 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2488 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2490 bacpy(&rp->addr[i].bdaddr, &c->dst);
2491 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2492 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2497 rp->conn_count = cpu_to_le16(i);
2499 /* Recalculate length in case of filtered SCO connections, etc */
2500 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2502 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2508 hci_dev_unlock(hdev);
2512 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2513 struct mgmt_cp_pin_code_neg_reply *cp)
2515 struct mgmt_pending_cmd *cmd;
2518 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2523 cmd->cmd_complete = addr_cmd_complete;
2525 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2526 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2528 mgmt_pending_remove(cmd);
2533 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2536 struct hci_conn *conn;
2537 struct mgmt_cp_pin_code_reply *cp = data;
2538 struct hci_cp_pin_code_reply reply;
2539 struct mgmt_pending_cmd *cmd;
2546 if (!hdev_is_powered(hdev)) {
2547 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2548 MGMT_STATUS_NOT_POWERED);
2552 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2554 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2555 MGMT_STATUS_NOT_CONNECTED);
2559 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2560 struct mgmt_cp_pin_code_neg_reply ncp;
2562 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2564 BT_ERR("PIN code is not 16 bytes long");
2566 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2568 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2569 MGMT_STATUS_INVALID_PARAMS);
2574 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2580 cmd->cmd_complete = addr_cmd_complete;
2582 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2583 reply.pin_len = cp->pin_len;
2584 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2586 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2588 mgmt_pending_remove(cmd);
2591 hci_dev_unlock(hdev);
2595 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2598 struct mgmt_cp_set_io_capability *cp = data;
2602 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2603 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2604 MGMT_STATUS_INVALID_PARAMS);
2608 hdev->io_capability = cp->io_capability;
2610 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2611 hdev->io_capability);
2613 hci_dev_unlock(hdev);
2615 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2619 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2621 struct hci_dev *hdev = conn->hdev;
2622 struct mgmt_pending_cmd *cmd;
2624 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2625 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2628 if (cmd->user_data != conn)
2637 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2639 struct mgmt_rp_pair_device rp;
2640 struct hci_conn *conn = cmd->user_data;
2643 bacpy(&rp.addr.bdaddr, &conn->dst);
2644 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2646 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2647 status, &rp, sizeof(rp));
2649 /* So we don't get further callbacks for this connection */
2650 conn->connect_cfm_cb = NULL;
2651 conn->security_cfm_cb = NULL;
2652 conn->disconn_cfm_cb = NULL;
2654 hci_conn_drop(conn);
2656 /* The device is paired so there is no need to remove
2657 * its connection parameters anymore.
2659 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2666 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2668 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2669 struct mgmt_pending_cmd *cmd;
2671 cmd = find_pairing(conn);
2673 cmd->cmd_complete(cmd, status);
2674 mgmt_pending_remove(cmd);
2678 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2680 struct mgmt_pending_cmd *cmd;
2682 BT_DBG("status %u", status);
2684 cmd = find_pairing(conn);
2686 BT_DBG("Unable to find a pending command");
2690 cmd->cmd_complete(cmd, mgmt_status(status));
2691 mgmt_pending_remove(cmd);
2694 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2696 struct mgmt_pending_cmd *cmd;
2698 BT_DBG("status %u", status);
2703 cmd = find_pairing(conn);
2705 BT_DBG("Unable to find a pending command");
2709 cmd->cmd_complete(cmd, mgmt_status(status));
2710 mgmt_pending_remove(cmd);
2713 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2716 struct mgmt_cp_pair_device *cp = data;
2717 struct mgmt_rp_pair_device rp;
2718 struct mgmt_pending_cmd *cmd;
2719 u8 sec_level, auth_type;
2720 struct hci_conn *conn;
2725 memset(&rp, 0, sizeof(rp));
2726 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2727 rp.addr.type = cp->addr.type;
2729 if (!bdaddr_type_is_valid(cp->addr.type))
2730 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2731 MGMT_STATUS_INVALID_PARAMS,
2734 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2735 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2736 MGMT_STATUS_INVALID_PARAMS,
2741 if (!hdev_is_powered(hdev)) {
2742 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2743 MGMT_STATUS_NOT_POWERED, &rp,
2748 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2749 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2750 MGMT_STATUS_ALREADY_PAIRED, &rp,
2755 sec_level = BT_SECURITY_MEDIUM;
2756 auth_type = HCI_AT_DEDICATED_BONDING;
2758 if (cp->addr.type == BDADDR_BREDR) {
2759 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2762 u8 addr_type = le_addr_type(cp->addr.type);
2763 struct hci_conn_params *p;
2765 /* When pairing a new device, it is expected to remember
2766 * this device for future connections. Adding the connection
2767 * parameter information ahead of time allows tracking
2768 * of the slave preferred values and will speed up any
2769 * further connection establishment.
2771 * If connection parameters already exist, then they
2772 * will be kept and this function does nothing.
2774 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2776 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2777 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2779 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2780 addr_type, sec_level,
2781 HCI_LE_CONN_TIMEOUT);
2787 if (PTR_ERR(conn) == -EBUSY)
2788 status = MGMT_STATUS_BUSY;
2789 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2790 status = MGMT_STATUS_NOT_SUPPORTED;
2791 else if (PTR_ERR(conn) == -ECONNREFUSED)
2792 status = MGMT_STATUS_REJECTED;
2794 status = MGMT_STATUS_CONNECT_FAILED;
2796 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2797 status, &rp, sizeof(rp));
2801 if (conn->connect_cfm_cb) {
2802 hci_conn_drop(conn);
2803 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2804 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2808 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2811 hci_conn_drop(conn);
2815 cmd->cmd_complete = pairing_complete;
2817 /* For LE, just connecting isn't a proof that the pairing finished */
2818 if (cp->addr.type == BDADDR_BREDR) {
2819 conn->connect_cfm_cb = pairing_complete_cb;
2820 conn->security_cfm_cb = pairing_complete_cb;
2821 conn->disconn_cfm_cb = pairing_complete_cb;
2823 conn->connect_cfm_cb = le_pairing_complete_cb;
2824 conn->security_cfm_cb = le_pairing_complete_cb;
2825 conn->disconn_cfm_cb = le_pairing_complete_cb;
2828 conn->io_capability = cp->io_cap;
2829 cmd->user_data = hci_conn_get(conn);
2831 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2832 hci_conn_security(conn, sec_level, auth_type, true)) {
2833 cmd->cmd_complete(cmd, 0);
2834 mgmt_pending_remove(cmd);
2840 hci_dev_unlock(hdev);
2844 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2847 struct mgmt_addr_info *addr = data;
2848 struct mgmt_pending_cmd *cmd;
2849 struct hci_conn *conn;
2856 if (!hdev_is_powered(hdev)) {
2857 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2858 MGMT_STATUS_NOT_POWERED);
2862 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2864 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2865 MGMT_STATUS_INVALID_PARAMS);
2869 conn = cmd->user_data;
2871 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2872 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2873 MGMT_STATUS_INVALID_PARAMS);
2877 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
2878 mgmt_pending_remove(cmd);
2880 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2881 addr, sizeof(*addr));
2883 hci_dev_unlock(hdev);
2887 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2888 struct mgmt_addr_info *addr, u16 mgmt_op,
2889 u16 hci_op, __le32 passkey)
2891 struct mgmt_pending_cmd *cmd;
2892 struct hci_conn *conn;
2897 if (!hdev_is_powered(hdev)) {
2898 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2899 MGMT_STATUS_NOT_POWERED, addr,
2904 if (addr->type == BDADDR_BREDR)
2905 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2907 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
2908 le_addr_type(addr->type));
2911 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2912 MGMT_STATUS_NOT_CONNECTED, addr,
2917 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2918 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2920 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2921 MGMT_STATUS_SUCCESS, addr,
2924 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2925 MGMT_STATUS_FAILED, addr,
2931 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2937 cmd->cmd_complete = addr_cmd_complete;
2939 /* Continue with pairing via HCI */
2940 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2941 struct hci_cp_user_passkey_reply cp;
2943 bacpy(&cp.bdaddr, &addr->bdaddr);
2944 cp.passkey = passkey;
2945 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2947 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2951 mgmt_pending_remove(cmd);
2954 hci_dev_unlock(hdev);
2958 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2959 void *data, u16 len)
2961 struct mgmt_cp_pin_code_neg_reply *cp = data;
2965 return user_pairing_resp(sk, hdev, &cp->addr,
2966 MGMT_OP_PIN_CODE_NEG_REPLY,
2967 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2970 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2973 struct mgmt_cp_user_confirm_reply *cp = data;
2977 if (len != sizeof(*cp))
2978 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2979 MGMT_STATUS_INVALID_PARAMS);
2981 return user_pairing_resp(sk, hdev, &cp->addr,
2982 MGMT_OP_USER_CONFIRM_REPLY,
2983 HCI_OP_USER_CONFIRM_REPLY, 0);
2986 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2987 void *data, u16 len)
2989 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2993 return user_pairing_resp(sk, hdev, &cp->addr,
2994 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2995 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2998 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3001 struct mgmt_cp_user_passkey_reply *cp = data;
3005 return user_pairing_resp(sk, hdev, &cp->addr,
3006 MGMT_OP_USER_PASSKEY_REPLY,
3007 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3010 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3011 void *data, u16 len)
3013 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3017 return user_pairing_resp(sk, hdev, &cp->addr,
3018 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3019 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3022 static void adv_expire(struct hci_dev *hdev, u32 flags)
3024 struct adv_info *adv_instance;
3025 struct hci_request req;
3028 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3032 /* stop if current instance doesn't need to be changed */
3033 if (!(adv_instance->flags & flags))
3036 cancel_adv_timeout(hdev);
3038 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3042 hci_req_init(&req, hdev);
3043 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3048 hci_req_run(&req, NULL);
3051 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3053 struct mgmt_cp_set_local_name *cp;
3054 struct mgmt_pending_cmd *cmd;
3056 BT_DBG("status 0x%02x", status);
3060 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3067 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3068 mgmt_status(status));
3070 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3073 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3074 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3077 mgmt_pending_remove(cmd);
3080 hci_dev_unlock(hdev);
3083 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3086 struct mgmt_cp_set_local_name *cp = data;
3087 struct mgmt_pending_cmd *cmd;
3088 struct hci_request req;
3095 /* If the old values are the same as the new ones just return a
3096 * direct command complete event.
3098 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3099 !memcmp(hdev->short_name, cp->short_name,
3100 sizeof(hdev->short_name))) {
3101 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3106 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3108 if (!hdev_is_powered(hdev)) {
3109 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3111 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3116 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3117 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3118 ext_info_changed(hdev, sk);
3123 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3129 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3131 hci_req_init(&req, hdev);
3133 if (lmp_bredr_capable(hdev)) {
3134 __hci_req_update_name(&req);
3135 __hci_req_update_eir(&req);
3138 /* The name is stored in the scan response data and so
3139 * no need to udpate the advertising data here.
3141 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3142 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3144 err = hci_req_run(&req, set_name_complete);
3146 mgmt_pending_remove(cmd);
3149 hci_dev_unlock(hdev);
3153 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3156 struct mgmt_cp_set_appearance *cp = data;
3162 if (!lmp_le_capable(hdev))
3163 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3164 MGMT_STATUS_NOT_SUPPORTED);
3166 apperance = le16_to_cpu(cp->appearance);
3170 if (hdev->appearance != apperance) {
3171 hdev->appearance = apperance;
3173 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3174 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3176 ext_info_changed(hdev, sk);
3179 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3182 hci_dev_unlock(hdev);
3187 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3188 u16 opcode, struct sk_buff *skb)
3190 struct mgmt_rp_read_local_oob_data mgmt_rp;
3191 size_t rp_size = sizeof(mgmt_rp);
3192 struct mgmt_pending_cmd *cmd;
3194 BT_DBG("%s status %u", hdev->name, status);
3196 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3200 if (status || !skb) {
3201 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3202 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3206 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3208 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3209 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3211 if (skb->len < sizeof(*rp)) {
3212 mgmt_cmd_status(cmd->sk, hdev->id,
3213 MGMT_OP_READ_LOCAL_OOB_DATA,
3214 MGMT_STATUS_FAILED);
3218 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3219 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3221 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3223 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3225 if (skb->len < sizeof(*rp)) {
3226 mgmt_cmd_status(cmd->sk, hdev->id,
3227 MGMT_OP_READ_LOCAL_OOB_DATA,
3228 MGMT_STATUS_FAILED);
3232 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3233 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3235 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3236 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3239 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3240 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3243 mgmt_pending_remove(cmd);
3246 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3247 void *data, u16 data_len)
3249 struct mgmt_pending_cmd *cmd;
3250 struct hci_request req;
3253 BT_DBG("%s", hdev->name);
3257 if (!hdev_is_powered(hdev)) {
3258 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3259 MGMT_STATUS_NOT_POWERED);
3263 if (!lmp_ssp_capable(hdev)) {
3264 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3265 MGMT_STATUS_NOT_SUPPORTED);
3269 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3270 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3275 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3281 hci_req_init(&req, hdev);
3283 if (bredr_sc_enabled(hdev))
3284 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3286 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3288 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3290 mgmt_pending_remove(cmd);
3293 hci_dev_unlock(hdev);
3297 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3298 void *data, u16 len)
3300 struct mgmt_addr_info *addr = data;
3303 BT_DBG("%s ", hdev->name);
3305 if (!bdaddr_type_is_valid(addr->type))
3306 return mgmt_cmd_complete(sk, hdev->id,
3307 MGMT_OP_ADD_REMOTE_OOB_DATA,
3308 MGMT_STATUS_INVALID_PARAMS,
3309 addr, sizeof(*addr));
3313 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3314 struct mgmt_cp_add_remote_oob_data *cp = data;
3317 if (cp->addr.type != BDADDR_BREDR) {
3318 err = mgmt_cmd_complete(sk, hdev->id,
3319 MGMT_OP_ADD_REMOTE_OOB_DATA,
3320 MGMT_STATUS_INVALID_PARAMS,
3321 &cp->addr, sizeof(cp->addr));
3325 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3326 cp->addr.type, cp->hash,
3327 cp->rand, NULL, NULL);
3329 status = MGMT_STATUS_FAILED;
3331 status = MGMT_STATUS_SUCCESS;
3333 err = mgmt_cmd_complete(sk, hdev->id,
3334 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3335 &cp->addr, sizeof(cp->addr));
3336 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3337 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3338 u8 *rand192, *hash192, *rand256, *hash256;
3341 if (bdaddr_type_is_le(cp->addr.type)) {
3342 /* Enforce zero-valued 192-bit parameters as
3343 * long as legacy SMP OOB isn't implemented.
3345 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3346 memcmp(cp->hash192, ZERO_KEY, 16)) {
3347 err = mgmt_cmd_complete(sk, hdev->id,
3348 MGMT_OP_ADD_REMOTE_OOB_DATA,
3349 MGMT_STATUS_INVALID_PARAMS,
3350 addr, sizeof(*addr));
3357 /* In case one of the P-192 values is set to zero,
3358 * then just disable OOB data for P-192.
3360 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3361 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3365 rand192 = cp->rand192;
3366 hash192 = cp->hash192;
3370 /* In case one of the P-256 values is set to zero, then just
3371 * disable OOB data for P-256.
3373 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3374 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3378 rand256 = cp->rand256;
3379 hash256 = cp->hash256;
3382 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3383 cp->addr.type, hash192, rand192,
3386 status = MGMT_STATUS_FAILED;
3388 status = MGMT_STATUS_SUCCESS;
3390 err = mgmt_cmd_complete(sk, hdev->id,
3391 MGMT_OP_ADD_REMOTE_OOB_DATA,
3392 status, &cp->addr, sizeof(cp->addr));
3394 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3395 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3396 MGMT_STATUS_INVALID_PARAMS);
3400 hci_dev_unlock(hdev);
3404 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3405 void *data, u16 len)
3407 struct mgmt_cp_remove_remote_oob_data *cp = data;
3411 BT_DBG("%s", hdev->name);
3413 if (cp->addr.type != BDADDR_BREDR)
3414 return mgmt_cmd_complete(sk, hdev->id,
3415 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3416 MGMT_STATUS_INVALID_PARAMS,
3417 &cp->addr, sizeof(cp->addr));
3421 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3422 hci_remote_oob_data_clear(hdev);
3423 status = MGMT_STATUS_SUCCESS;
3427 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3429 status = MGMT_STATUS_INVALID_PARAMS;
3431 status = MGMT_STATUS_SUCCESS;
3434 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3435 status, &cp->addr, sizeof(cp->addr));
3437 hci_dev_unlock(hdev);
3441 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3443 struct mgmt_pending_cmd *cmd;
3445 BT_DBG("status %d", status);
3449 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3451 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3454 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3457 cmd->cmd_complete(cmd, mgmt_status(status));
3458 mgmt_pending_remove(cmd);
3461 hci_dev_unlock(hdev);
3464 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3465 uint8_t *mgmt_status)
3468 case DISCOV_TYPE_LE:
3469 *mgmt_status = mgmt_le_support(hdev);
3473 case DISCOV_TYPE_INTERLEAVED:
3474 *mgmt_status = mgmt_le_support(hdev);
3477 /* Intentional fall-through */
3478 case DISCOV_TYPE_BREDR:
3479 *mgmt_status = mgmt_bredr_support(hdev);
3484 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3491 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3492 u16 op, void *data, u16 len)
3494 struct mgmt_cp_start_discovery *cp = data;
3495 struct mgmt_pending_cmd *cmd;
3499 BT_DBG("%s", hdev->name);
3503 if (!hdev_is_powered(hdev)) {
3504 err = mgmt_cmd_complete(sk, hdev->id, op,
3505 MGMT_STATUS_NOT_POWERED,
3506 &cp->type, sizeof(cp->type));
3510 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3511 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3512 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3513 &cp->type, sizeof(cp->type));
3517 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3518 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3519 &cp->type, sizeof(cp->type));
3523 /* Clear the discovery filter first to free any previously
3524 * allocated memory for the UUID list.
3526 hci_discovery_filter_clear(hdev);
3528 hdev->discovery.type = cp->type;
3529 hdev->discovery.report_invalid_rssi = false;
3530 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3531 hdev->discovery.limited = true;
3533 hdev->discovery.limited = false;
3535 cmd = mgmt_pending_add(sk, op, hdev, data, len);
3541 cmd->cmd_complete = generic_cmd_complete;
3543 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3544 queue_work(hdev->req_workqueue, &hdev->discov_update);
3548 hci_dev_unlock(hdev);
3552 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3553 void *data, u16 len)
3555 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3559 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3560 void *data, u16 len)
3562 return start_discovery_internal(sk, hdev,
3563 MGMT_OP_START_LIMITED_DISCOVERY,
3567 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3570 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3574 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3575 void *data, u16 len)
3577 struct mgmt_cp_start_service_discovery *cp = data;
3578 struct mgmt_pending_cmd *cmd;
3579 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3580 u16 uuid_count, expected_len;
3584 BT_DBG("%s", hdev->name);
3588 if (!hdev_is_powered(hdev)) {
3589 err = mgmt_cmd_complete(sk, hdev->id,
3590 MGMT_OP_START_SERVICE_DISCOVERY,
3591 MGMT_STATUS_NOT_POWERED,
3592 &cp->type, sizeof(cp->type));
3596 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3597 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3598 err = mgmt_cmd_complete(sk, hdev->id,
3599 MGMT_OP_START_SERVICE_DISCOVERY,
3600 MGMT_STATUS_BUSY, &cp->type,
3605 uuid_count = __le16_to_cpu(cp->uuid_count);
3606 if (uuid_count > max_uuid_count) {
3607 BT_ERR("service_discovery: too big uuid_count value %u",
3609 err = mgmt_cmd_complete(sk, hdev->id,
3610 MGMT_OP_START_SERVICE_DISCOVERY,
3611 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3616 expected_len = sizeof(*cp) + uuid_count * 16;
3617 if (expected_len != len) {
3618 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3620 err = mgmt_cmd_complete(sk, hdev->id,
3621 MGMT_OP_START_SERVICE_DISCOVERY,
3622 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3627 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3628 err = mgmt_cmd_complete(sk, hdev->id,
3629 MGMT_OP_START_SERVICE_DISCOVERY,
3630 status, &cp->type, sizeof(cp->type));
3634 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3641 cmd->cmd_complete = service_discovery_cmd_complete;
3643 /* Clear the discovery filter first to free any previously
3644 * allocated memory for the UUID list.
3646 hci_discovery_filter_clear(hdev);
3648 hdev->discovery.result_filtering = true;
3649 hdev->discovery.type = cp->type;
3650 hdev->discovery.rssi = cp->rssi;
3651 hdev->discovery.uuid_count = uuid_count;
3653 if (uuid_count > 0) {
3654 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3656 if (!hdev->discovery.uuids) {
3657 err = mgmt_cmd_complete(sk, hdev->id,
3658 MGMT_OP_START_SERVICE_DISCOVERY,
3660 &cp->type, sizeof(cp->type));
3661 mgmt_pending_remove(cmd);
3666 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3667 queue_work(hdev->req_workqueue, &hdev->discov_update);
3671 hci_dev_unlock(hdev);
3675 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
3677 struct mgmt_pending_cmd *cmd;
3679 BT_DBG("status %d", status);
3683 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3685 cmd->cmd_complete(cmd, mgmt_status(status));
3686 mgmt_pending_remove(cmd);
3689 hci_dev_unlock(hdev);
3692 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3695 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3696 struct mgmt_pending_cmd *cmd;
3699 BT_DBG("%s", hdev->name);
3703 if (!hci_discovery_active(hdev)) {
3704 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3705 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3706 sizeof(mgmt_cp->type));
3710 if (hdev->discovery.type != mgmt_cp->type) {
3711 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3712 MGMT_STATUS_INVALID_PARAMS,
3713 &mgmt_cp->type, sizeof(mgmt_cp->type));
3717 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
3723 cmd->cmd_complete = generic_cmd_complete;
3725 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3726 queue_work(hdev->req_workqueue, &hdev->discov_update);
3730 hci_dev_unlock(hdev);
3734 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3737 struct mgmt_cp_confirm_name *cp = data;
3738 struct inquiry_entry *e;
3741 BT_DBG("%s", hdev->name);
3745 if (!hci_discovery_active(hdev)) {
3746 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3747 MGMT_STATUS_FAILED, &cp->addr,
3752 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3754 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3755 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3760 if (cp->name_known) {
3761 e->name_state = NAME_KNOWN;
3764 e->name_state = NAME_NEEDED;
3765 hci_inquiry_cache_update_resolve(hdev, e);
3768 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3769 &cp->addr, sizeof(cp->addr));
3772 hci_dev_unlock(hdev);
3776 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3779 struct mgmt_cp_block_device *cp = data;
3783 BT_DBG("%s", hdev->name);
3785 if (!bdaddr_type_is_valid(cp->addr.type))
3786 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3787 MGMT_STATUS_INVALID_PARAMS,
3788 &cp->addr, sizeof(cp->addr));
3792 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3795 status = MGMT_STATUS_FAILED;
3799 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3801 status = MGMT_STATUS_SUCCESS;
3804 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3805 &cp->addr, sizeof(cp->addr));
3807 hci_dev_unlock(hdev);
3812 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3815 struct mgmt_cp_unblock_device *cp = data;
3819 BT_DBG("%s", hdev->name);
3821 if (!bdaddr_type_is_valid(cp->addr.type))
3822 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3823 MGMT_STATUS_INVALID_PARAMS,
3824 &cp->addr, sizeof(cp->addr));
3828 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3831 status = MGMT_STATUS_INVALID_PARAMS;
3835 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3837 status = MGMT_STATUS_SUCCESS;
3840 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3841 &cp->addr, sizeof(cp->addr));
3843 hci_dev_unlock(hdev);
3848 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3851 struct mgmt_cp_set_device_id *cp = data;
3852 struct hci_request req;
3856 BT_DBG("%s", hdev->name);
3858 source = __le16_to_cpu(cp->source);
3860 if (source > 0x0002)
3861 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3862 MGMT_STATUS_INVALID_PARAMS);
3866 hdev->devid_source = source;
3867 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3868 hdev->devid_product = __le16_to_cpu(cp->product);
3869 hdev->devid_version = __le16_to_cpu(cp->version);
3871 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3874 hci_req_init(&req, hdev);
3875 __hci_req_update_eir(&req);
3876 hci_req_run(&req, NULL);
3878 hci_dev_unlock(hdev);
3883 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3886 BT_DBG("status %d", status);
3889 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3892 struct cmd_lookup match = { NULL, hdev };
3893 struct hci_request req;
3895 struct adv_info *adv_instance;
3901 u8 mgmt_err = mgmt_status(status);
3903 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3904 cmd_status_rsp, &mgmt_err);
3908 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3909 hci_dev_set_flag(hdev, HCI_ADVERTISING);
3911 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
3913 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3916 new_settings(hdev, match.sk);
3921 /* If "Set Advertising" was just disabled and instance advertising was
3922 * set up earlier, then re-enable multi-instance advertising.
3924 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
3925 list_empty(&hdev->adv_instances))
3928 instance = hdev->cur_adv_instance;
3930 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3931 struct adv_info, list);
3935 instance = adv_instance->instance;
3938 hci_req_init(&req, hdev);
3940 err = __hci_req_schedule_adv_instance(&req, instance, true);
3943 err = hci_req_run(&req, enable_advertising_instance);
3946 BT_ERR("Failed to re-configure advertising");
3949 hci_dev_unlock(hdev);
3952 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3955 struct mgmt_mode *cp = data;
3956 struct mgmt_pending_cmd *cmd;
3957 struct hci_request req;
3961 BT_DBG("request for %s", hdev->name);
3963 status = mgmt_le_support(hdev);
3965 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3968 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
3969 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3970 MGMT_STATUS_INVALID_PARAMS);
3976 /* The following conditions are ones which mean that we should
3977 * not do any HCI communication but directly send a mgmt
3978 * response to user space (after toggling the flag if
3981 if (!hdev_is_powered(hdev) ||
3982 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
3983 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
3984 hci_conn_num(hdev, LE_LINK) > 0 ||
3985 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
3986 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
3990 hdev->cur_adv_instance = 0x00;
3991 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
3992 if (cp->val == 0x02)
3993 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3995 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3997 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
3998 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4001 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4006 err = new_settings(hdev, sk);
4011 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4012 pending_find(MGMT_OP_SET_LE, hdev)) {
4013 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4018 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4024 hci_req_init(&req, hdev);
4026 if (cp->val == 0x02)
4027 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4029 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4031 cancel_adv_timeout(hdev);
4034 /* Switch to instance "0" for the Set Advertising setting.
4035 * We cannot use update_[adv|scan_rsp]_data() here as the
4036 * HCI_ADVERTISING flag is not yet set.
4038 hdev->cur_adv_instance = 0x00;
4039 __hci_req_update_adv_data(&req, 0x00);
4040 __hci_req_update_scan_rsp_data(&req, 0x00);
4041 __hci_req_enable_advertising(&req);
4043 __hci_req_disable_advertising(&req);
4046 err = hci_req_run(&req, set_advertising_complete);
4048 mgmt_pending_remove(cmd);
4051 hci_dev_unlock(hdev);
4055 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4056 void *data, u16 len)
4058 struct mgmt_cp_set_static_address *cp = data;
4061 BT_DBG("%s", hdev->name);
4063 if (!lmp_le_capable(hdev))
4064 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4065 MGMT_STATUS_NOT_SUPPORTED);
4067 if (hdev_is_powered(hdev))
4068 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4069 MGMT_STATUS_REJECTED);
4071 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4072 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4073 return mgmt_cmd_status(sk, hdev->id,
4074 MGMT_OP_SET_STATIC_ADDRESS,
4075 MGMT_STATUS_INVALID_PARAMS);
4077 /* Two most significant bits shall be set */
4078 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4079 return mgmt_cmd_status(sk, hdev->id,
4080 MGMT_OP_SET_STATIC_ADDRESS,
4081 MGMT_STATUS_INVALID_PARAMS);
4086 bacpy(&hdev->static_addr, &cp->bdaddr);
4088 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4092 err = new_settings(hdev, sk);
4095 hci_dev_unlock(hdev);
4099 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4100 void *data, u16 len)
4102 struct mgmt_cp_set_scan_params *cp = data;
4103 __u16 interval, window;
4106 BT_DBG("%s", hdev->name);
4108 if (!lmp_le_capable(hdev))
4109 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4110 MGMT_STATUS_NOT_SUPPORTED);
4112 interval = __le16_to_cpu(cp->interval);
4114 if (interval < 0x0004 || interval > 0x4000)
4115 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4116 MGMT_STATUS_INVALID_PARAMS);
4118 window = __le16_to_cpu(cp->window);
4120 if (window < 0x0004 || window > 0x4000)
4121 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4122 MGMT_STATUS_INVALID_PARAMS);
4124 if (window > interval)
4125 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4126 MGMT_STATUS_INVALID_PARAMS);
4130 hdev->le_scan_interval = interval;
4131 hdev->le_scan_window = window;
4133 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4136 /* If background scan is running, restart it so new parameters are
4139 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4140 hdev->discovery.state == DISCOVERY_STOPPED) {
4141 struct hci_request req;
4143 hci_req_init(&req, hdev);
4145 hci_req_add_le_scan_disable(&req);
4146 hci_req_add_le_passive_scan(&req);
4148 hci_req_run(&req, NULL);
4151 hci_dev_unlock(hdev);
4156 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4159 struct mgmt_pending_cmd *cmd;
4161 BT_DBG("status 0x%02x", status);
4165 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4170 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4171 mgmt_status(status));
4173 struct mgmt_mode *cp = cmd->param;
4176 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4178 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4180 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4181 new_settings(hdev, cmd->sk);
4184 mgmt_pending_remove(cmd);
4187 hci_dev_unlock(hdev);
4190 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4191 void *data, u16 len)
4193 struct mgmt_mode *cp = data;
4194 struct mgmt_pending_cmd *cmd;
4195 struct hci_request req;
4198 BT_DBG("%s", hdev->name);
4200 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4201 hdev->hci_ver < BLUETOOTH_VER_1_2)
4202 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4203 MGMT_STATUS_NOT_SUPPORTED);
4205 if (cp->val != 0x00 && cp->val != 0x01)
4206 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4207 MGMT_STATUS_INVALID_PARAMS);
4211 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4212 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4217 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4218 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4223 if (!hdev_is_powered(hdev)) {
4224 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4225 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4227 new_settings(hdev, sk);
4231 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4238 hci_req_init(&req, hdev);
4240 __hci_req_write_fast_connectable(&req, cp->val);
4242 err = hci_req_run(&req, fast_connectable_complete);
4244 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4245 MGMT_STATUS_FAILED);
4246 mgmt_pending_remove(cmd);
4250 hci_dev_unlock(hdev);
4255 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4257 struct mgmt_pending_cmd *cmd;
4259 BT_DBG("status 0x%02x", status);
4263 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4268 u8 mgmt_err = mgmt_status(status);
4270 /* We need to restore the flag if related HCI commands
4273 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4275 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4277 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4278 new_settings(hdev, cmd->sk);
4281 mgmt_pending_remove(cmd);
4284 hci_dev_unlock(hdev);
4287 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4289 struct mgmt_mode *cp = data;
4290 struct mgmt_pending_cmd *cmd;
4291 struct hci_request req;
4294 BT_DBG("request for %s", hdev->name);
4296 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4297 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4298 MGMT_STATUS_NOT_SUPPORTED);
4300 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4301 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4302 MGMT_STATUS_REJECTED);
4304 if (cp->val != 0x00 && cp->val != 0x01)
4305 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4306 MGMT_STATUS_INVALID_PARAMS);
4310 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4311 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4315 if (!hdev_is_powered(hdev)) {
4317 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4318 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4319 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4320 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4321 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4324 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4326 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4330 err = new_settings(hdev, sk);
4334 /* Reject disabling when powered on */
4336 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4337 MGMT_STATUS_REJECTED);
4340 /* When configuring a dual-mode controller to operate
4341 * with LE only and using a static address, then switching
4342 * BR/EDR back on is not allowed.
4344 * Dual-mode controllers shall operate with the public
4345 * address as its identity address for BR/EDR and LE. So
4346 * reject the attempt to create an invalid configuration.
4348 * The same restrictions applies when secure connections
4349 * has been enabled. For BR/EDR this is a controller feature
4350 * while for LE it is a host stack feature. This means that
4351 * switching BR/EDR back on when secure connections has been
4352 * enabled is not a supported transaction.
4354 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4355 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4356 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4357 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4358 MGMT_STATUS_REJECTED);
4363 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4364 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4369 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4375 /* We need to flip the bit already here so that
4376 * hci_req_update_adv_data generates the correct flags.
4378 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4380 hci_req_init(&req, hdev);
4382 __hci_req_write_fast_connectable(&req, false);
4383 __hci_req_update_scan(&req);
4385 /* Since only the advertising data flags will change, there
4386 * is no need to update the scan response data.
4388 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4390 err = hci_req_run(&req, set_bredr_complete);
4392 mgmt_pending_remove(cmd);
4395 hci_dev_unlock(hdev);
4399 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4401 struct mgmt_pending_cmd *cmd;
4402 struct mgmt_mode *cp;
4404 BT_DBG("%s status %u", hdev->name, status);
4408 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4413 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4414 mgmt_status(status));
4422 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4423 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4426 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4427 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4430 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4431 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4435 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4436 new_settings(hdev, cmd->sk);
4439 mgmt_pending_remove(cmd);
4441 hci_dev_unlock(hdev);
4444 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4445 void *data, u16 len)
4447 struct mgmt_mode *cp = data;
4448 struct mgmt_pending_cmd *cmd;
4449 struct hci_request req;
4453 BT_DBG("request for %s", hdev->name);
4455 if (!lmp_sc_capable(hdev) &&
4456 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4457 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4458 MGMT_STATUS_NOT_SUPPORTED);
4460 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4461 lmp_sc_capable(hdev) &&
4462 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4463 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4464 MGMT_STATUS_REJECTED);
4466 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4467 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4468 MGMT_STATUS_INVALID_PARAMS);
4472 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4473 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4477 changed = !hci_dev_test_and_set_flag(hdev,
4479 if (cp->val == 0x02)
4480 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4482 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4484 changed = hci_dev_test_and_clear_flag(hdev,
4486 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4489 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4494 err = new_settings(hdev, sk);
4499 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4500 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4507 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4508 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4509 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4513 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4519 hci_req_init(&req, hdev);
4520 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4521 err = hci_req_run(&req, sc_enable_complete);
4523 mgmt_pending_remove(cmd);
4528 hci_dev_unlock(hdev);
4532 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4533 void *data, u16 len)
4535 struct mgmt_mode *cp = data;
4536 bool changed, use_changed;
4539 BT_DBG("request for %s", hdev->name);
4541 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4542 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4543 MGMT_STATUS_INVALID_PARAMS);
4548 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4550 changed = hci_dev_test_and_clear_flag(hdev,
4551 HCI_KEEP_DEBUG_KEYS);
4553 if (cp->val == 0x02)
4554 use_changed = !hci_dev_test_and_set_flag(hdev,
4555 HCI_USE_DEBUG_KEYS);
4557 use_changed = hci_dev_test_and_clear_flag(hdev,
4558 HCI_USE_DEBUG_KEYS);
4560 if (hdev_is_powered(hdev) && use_changed &&
4561 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
4562 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4563 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4564 sizeof(mode), &mode);
4567 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4572 err = new_settings(hdev, sk);
4575 hci_dev_unlock(hdev);
4579 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4582 struct mgmt_cp_set_privacy *cp = cp_data;
4586 BT_DBG("request for %s", hdev->name);
4588 if (!lmp_le_capable(hdev))
4589 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4590 MGMT_STATUS_NOT_SUPPORTED);
4592 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
4593 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4594 MGMT_STATUS_INVALID_PARAMS);
4596 if (hdev_is_powered(hdev))
4597 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4598 MGMT_STATUS_REJECTED);
4602 /* If user space supports this command it is also expected to
4603 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4605 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4608 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
4609 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4610 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
4611 if (cp->privacy == 0x02)
4612 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4614 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4616 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
4617 memset(hdev->irk, 0, sizeof(hdev->irk));
4618 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
4619 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4622 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4627 err = new_settings(hdev, sk);
4630 hci_dev_unlock(hdev);
4634 static bool irk_is_valid(struct mgmt_irk_info *irk)
4636 switch (irk->addr.type) {
4637 case BDADDR_LE_PUBLIC:
4640 case BDADDR_LE_RANDOM:
4641 /* Two most significant bits shall be set */
4642 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4650 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4653 struct mgmt_cp_load_irks *cp = cp_data;
4654 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4655 sizeof(struct mgmt_irk_info));
4656 u16 irk_count, expected_len;
4659 BT_DBG("request for %s", hdev->name);
4661 if (!lmp_le_capable(hdev))
4662 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4663 MGMT_STATUS_NOT_SUPPORTED);
4665 irk_count = __le16_to_cpu(cp->irk_count);
4666 if (irk_count > max_irk_count) {
4667 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4668 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4669 MGMT_STATUS_INVALID_PARAMS);
4672 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4673 if (expected_len != len) {
4674 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4676 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4677 MGMT_STATUS_INVALID_PARAMS);
4680 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4682 for (i = 0; i < irk_count; i++) {
4683 struct mgmt_irk_info *key = &cp->irks[i];
4685 if (!irk_is_valid(key))
4686 return mgmt_cmd_status(sk, hdev->id,
4688 MGMT_STATUS_INVALID_PARAMS);
4693 hci_smp_irks_clear(hdev);
4695 for (i = 0; i < irk_count; i++) {
4696 struct mgmt_irk_info *irk = &cp->irks[i];
4698 hci_add_irk(hdev, &irk->addr.bdaddr,
4699 le_addr_type(irk->addr.type), irk->val,
4703 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4705 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4707 hci_dev_unlock(hdev);
4712 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4714 if (key->master != 0x00 && key->master != 0x01)
4717 switch (key->addr.type) {
4718 case BDADDR_LE_PUBLIC:
4721 case BDADDR_LE_RANDOM:
4722 /* Two most significant bits shall be set */
4723 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4731 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4732 void *cp_data, u16 len)
4734 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4735 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4736 sizeof(struct mgmt_ltk_info));
4737 u16 key_count, expected_len;
4740 BT_DBG("request for %s", hdev->name);
4742 if (!lmp_le_capable(hdev))
4743 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4744 MGMT_STATUS_NOT_SUPPORTED);
4746 key_count = __le16_to_cpu(cp->key_count);
4747 if (key_count > max_key_count) {
4748 BT_ERR("load_ltks: too big key_count value %u", key_count);
4749 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4750 MGMT_STATUS_INVALID_PARAMS);
4753 expected_len = sizeof(*cp) + key_count *
4754 sizeof(struct mgmt_ltk_info);
4755 if (expected_len != len) {
4756 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4758 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4759 MGMT_STATUS_INVALID_PARAMS);
4762 BT_DBG("%s key_count %u", hdev->name, key_count);
4764 for (i = 0; i < key_count; i++) {
4765 struct mgmt_ltk_info *key = &cp->keys[i];
4767 if (!ltk_is_valid(key))
4768 return mgmt_cmd_status(sk, hdev->id,
4769 MGMT_OP_LOAD_LONG_TERM_KEYS,
4770 MGMT_STATUS_INVALID_PARAMS);
4775 hci_smp_ltks_clear(hdev);
4777 for (i = 0; i < key_count; i++) {
4778 struct mgmt_ltk_info *key = &cp->keys[i];
4779 u8 type, authenticated;
4781 switch (key->type) {
4782 case MGMT_LTK_UNAUTHENTICATED:
4783 authenticated = 0x00;
4784 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4786 case MGMT_LTK_AUTHENTICATED:
4787 authenticated = 0x01;
4788 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4790 case MGMT_LTK_P256_UNAUTH:
4791 authenticated = 0x00;
4792 type = SMP_LTK_P256;
4794 case MGMT_LTK_P256_AUTH:
4795 authenticated = 0x01;
4796 type = SMP_LTK_P256;
4798 case MGMT_LTK_P256_DEBUG:
4799 authenticated = 0x00;
4800 type = SMP_LTK_P256_DEBUG;
4805 hci_add_ltk(hdev, &key->addr.bdaddr,
4806 le_addr_type(key->addr.type), type, authenticated,
4807 key->val, key->enc_size, key->ediv, key->rand);
4810 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4813 hci_dev_unlock(hdev);
4818 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
4820 struct hci_conn *conn = cmd->user_data;
4821 struct mgmt_rp_get_conn_info rp;
4824 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
4826 if (status == MGMT_STATUS_SUCCESS) {
4827 rp.rssi = conn->rssi;
4828 rp.tx_power = conn->tx_power;
4829 rp.max_tx_power = conn->max_tx_power;
4831 rp.rssi = HCI_RSSI_INVALID;
4832 rp.tx_power = HCI_TX_POWER_INVALID;
4833 rp.max_tx_power = HCI_TX_POWER_INVALID;
4836 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4837 status, &rp, sizeof(rp));
4839 hci_conn_drop(conn);
4845 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4848 struct hci_cp_read_rssi *cp;
4849 struct mgmt_pending_cmd *cmd;
4850 struct hci_conn *conn;
4854 BT_DBG("status 0x%02x", hci_status);
4858 /* Commands sent in request are either Read RSSI or Read Transmit Power
4859 * Level so we check which one was last sent to retrieve connection
4860 * handle. Both commands have handle as first parameter so it's safe to
4861 * cast data on the same command struct.
4863 * First command sent is always Read RSSI and we fail only if it fails.
4864 * In other case we simply override error to indicate success as we
4865 * already remembered if TX power value is actually valid.
4867 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4869 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4870 status = MGMT_STATUS_SUCCESS;
4872 status = mgmt_status(hci_status);
4876 BT_ERR("invalid sent_cmd in conn_info response");
4880 handle = __le16_to_cpu(cp->handle);
4881 conn = hci_conn_hash_lookup_handle(hdev, handle);
4883 BT_ERR("unknown handle (%d) in conn_info response", handle);
4887 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
4891 cmd->cmd_complete(cmd, status);
4892 mgmt_pending_remove(cmd);
4895 hci_dev_unlock(hdev);
4898 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4901 struct mgmt_cp_get_conn_info *cp = data;
4902 struct mgmt_rp_get_conn_info rp;
4903 struct hci_conn *conn;
4904 unsigned long conn_info_age;
4907 BT_DBG("%s", hdev->name);
4909 memset(&rp, 0, sizeof(rp));
4910 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4911 rp.addr.type = cp->addr.type;
4913 if (!bdaddr_type_is_valid(cp->addr.type))
4914 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4915 MGMT_STATUS_INVALID_PARAMS,
4920 if (!hdev_is_powered(hdev)) {
4921 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4922 MGMT_STATUS_NOT_POWERED, &rp,
4927 if (cp->addr.type == BDADDR_BREDR)
4928 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4931 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4933 if (!conn || conn->state != BT_CONNECTED) {
4934 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4935 MGMT_STATUS_NOT_CONNECTED, &rp,
4940 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
4941 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4942 MGMT_STATUS_BUSY, &rp, sizeof(rp));
4946 /* To avoid client trying to guess when to poll again for information we
4947 * calculate conn info age as random value between min/max set in hdev.
4949 conn_info_age = hdev->conn_info_min_age +
4950 prandom_u32_max(hdev->conn_info_max_age -
4951 hdev->conn_info_min_age);
4953 /* Query controller to refresh cached values if they are too old or were
4956 if (time_after(jiffies, conn->conn_info_timestamp +
4957 msecs_to_jiffies(conn_info_age)) ||
4958 !conn->conn_info_timestamp) {
4959 struct hci_request req;
4960 struct hci_cp_read_tx_power req_txp_cp;
4961 struct hci_cp_read_rssi req_rssi_cp;
4962 struct mgmt_pending_cmd *cmd;
4964 hci_req_init(&req, hdev);
4965 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4966 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4969 /* For LE links TX power does not change thus we don't need to
4970 * query for it once value is known.
4972 if (!bdaddr_type_is_le(cp->addr.type) ||
4973 conn->tx_power == HCI_TX_POWER_INVALID) {
4974 req_txp_cp.handle = cpu_to_le16(conn->handle);
4975 req_txp_cp.type = 0x00;
4976 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4977 sizeof(req_txp_cp), &req_txp_cp);
4980 /* Max TX power needs to be read only once per connection */
4981 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4982 req_txp_cp.handle = cpu_to_le16(conn->handle);
4983 req_txp_cp.type = 0x01;
4984 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4985 sizeof(req_txp_cp), &req_txp_cp);
4988 err = hci_req_run(&req, conn_info_refresh_complete);
4992 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4999 hci_conn_hold(conn);
5000 cmd->user_data = hci_conn_get(conn);
5001 cmd->cmd_complete = conn_info_cmd_complete;
5003 conn->conn_info_timestamp = jiffies;
5005 /* Cache is valid, just reply with values cached in hci_conn */
5006 rp.rssi = conn->rssi;
5007 rp.tx_power = conn->tx_power;
5008 rp.max_tx_power = conn->max_tx_power;
5010 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5011 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5015 hci_dev_unlock(hdev);
5019 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5021 struct hci_conn *conn = cmd->user_data;
5022 struct mgmt_rp_get_clock_info rp;
5023 struct hci_dev *hdev;
5026 memset(&rp, 0, sizeof(rp));
5027 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5032 hdev = hci_dev_get(cmd->index);
5034 rp.local_clock = cpu_to_le32(hdev->clock);
5039 rp.piconet_clock = cpu_to_le32(conn->clock);
5040 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5044 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5048 hci_conn_drop(conn);
5055 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5057 struct hci_cp_read_clock *hci_cp;
5058 struct mgmt_pending_cmd *cmd;
5059 struct hci_conn *conn;
5061 BT_DBG("%s status %u", hdev->name, status);
5065 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5069 if (hci_cp->which) {
5070 u16 handle = __le16_to_cpu(hci_cp->handle);
5071 conn = hci_conn_hash_lookup_handle(hdev, handle);
5076 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5080 cmd->cmd_complete(cmd, mgmt_status(status));
5081 mgmt_pending_remove(cmd);
5084 hci_dev_unlock(hdev);
5087 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5090 struct mgmt_cp_get_clock_info *cp = data;
5091 struct mgmt_rp_get_clock_info rp;
5092 struct hci_cp_read_clock hci_cp;
5093 struct mgmt_pending_cmd *cmd;
5094 struct hci_request req;
5095 struct hci_conn *conn;
5098 BT_DBG("%s", hdev->name);
5100 memset(&rp, 0, sizeof(rp));
5101 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5102 rp.addr.type = cp->addr.type;
5104 if (cp->addr.type != BDADDR_BREDR)
5105 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5106 MGMT_STATUS_INVALID_PARAMS,
5111 if (!hdev_is_powered(hdev)) {
5112 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5113 MGMT_STATUS_NOT_POWERED, &rp,
5118 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5119 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5121 if (!conn || conn->state != BT_CONNECTED) {
5122 err = mgmt_cmd_complete(sk, hdev->id,
5123 MGMT_OP_GET_CLOCK_INFO,
5124 MGMT_STATUS_NOT_CONNECTED,
5132 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5138 cmd->cmd_complete = clock_info_cmd_complete;
5140 hci_req_init(&req, hdev);
5142 memset(&hci_cp, 0, sizeof(hci_cp));
5143 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5146 hci_conn_hold(conn);
5147 cmd->user_data = hci_conn_get(conn);
5149 hci_cp.handle = cpu_to_le16(conn->handle);
5150 hci_cp.which = 0x01; /* Piconet clock */
5151 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5154 err = hci_req_run(&req, get_clock_info_complete);
5156 mgmt_pending_remove(cmd);
5159 hci_dev_unlock(hdev);
5163 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5165 struct hci_conn *conn;
5167 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5171 if (conn->dst_type != type)
5174 if (conn->state != BT_CONNECTED)
5180 /* This function requires the caller holds hdev->lock */
5181 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5182 u8 addr_type, u8 auto_connect)
5184 struct hci_conn_params *params;
5186 params = hci_conn_params_add(hdev, addr, addr_type);
5190 if (params->auto_connect == auto_connect)
5193 list_del_init(¶ms->action);
5195 switch (auto_connect) {
5196 case HCI_AUTO_CONN_DISABLED:
5197 case HCI_AUTO_CONN_LINK_LOSS:
5198 /* If auto connect is being disabled when we're trying to
5199 * connect to device, keep connecting.
5201 if (params->explicit_connect)
5202 list_add(¶ms->action, &hdev->pend_le_conns);
5204 case HCI_AUTO_CONN_REPORT:
5205 if (params->explicit_connect)
5206 list_add(¶ms->action, &hdev->pend_le_conns);
5208 list_add(¶ms->action, &hdev->pend_le_reports);
5210 case HCI_AUTO_CONN_DIRECT:
5211 case HCI_AUTO_CONN_ALWAYS:
5212 if (!is_connected(hdev, addr, addr_type))
5213 list_add(¶ms->action, &hdev->pend_le_conns);
5217 params->auto_connect = auto_connect;
5219 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5225 static void device_added(struct sock *sk, struct hci_dev *hdev,
5226 bdaddr_t *bdaddr, u8 type, u8 action)
5228 struct mgmt_ev_device_added ev;
5230 bacpy(&ev.addr.bdaddr, bdaddr);
5231 ev.addr.type = type;
5234 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5237 static int add_device(struct sock *sk, struct hci_dev *hdev,
5238 void *data, u16 len)
5240 struct mgmt_cp_add_device *cp = data;
5241 u8 auto_conn, addr_type;
5244 BT_DBG("%s", hdev->name);
5246 if (!bdaddr_type_is_valid(cp->addr.type) ||
5247 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5248 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5249 MGMT_STATUS_INVALID_PARAMS,
5250 &cp->addr, sizeof(cp->addr));
5252 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5253 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5254 MGMT_STATUS_INVALID_PARAMS,
5255 &cp->addr, sizeof(cp->addr));
5259 if (cp->addr.type == BDADDR_BREDR) {
5260 /* Only incoming connections action is supported for now */
5261 if (cp->action != 0x01) {
5262 err = mgmt_cmd_complete(sk, hdev->id,
5264 MGMT_STATUS_INVALID_PARAMS,
5265 &cp->addr, sizeof(cp->addr));
5269 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5274 hci_req_update_scan(hdev);
5279 addr_type = le_addr_type(cp->addr.type);
5281 if (cp->action == 0x02)
5282 auto_conn = HCI_AUTO_CONN_ALWAYS;
5283 else if (cp->action == 0x01)
5284 auto_conn = HCI_AUTO_CONN_DIRECT;
5286 auto_conn = HCI_AUTO_CONN_REPORT;
5288 /* Kernel internally uses conn_params with resolvable private
5289 * address, but Add Device allows only identity addresses.
5290 * Make sure it is enforced before calling
5291 * hci_conn_params_lookup.
5293 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5294 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5295 MGMT_STATUS_INVALID_PARAMS,
5296 &cp->addr, sizeof(cp->addr));
5300 /* If the connection parameters don't exist for this device,
5301 * they will be created and configured with defaults.
5303 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5305 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5306 MGMT_STATUS_FAILED, &cp->addr,
5311 hci_update_background_scan(hdev);
5314 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5316 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5317 MGMT_STATUS_SUCCESS, &cp->addr,
5321 hci_dev_unlock(hdev);
5325 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5326 bdaddr_t *bdaddr, u8 type)
5328 struct mgmt_ev_device_removed ev;
5330 bacpy(&ev.addr.bdaddr, bdaddr);
5331 ev.addr.type = type;
5333 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5336 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5337 void *data, u16 len)
5339 struct mgmt_cp_remove_device *cp = data;
5342 BT_DBG("%s", hdev->name);
5346 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5347 struct hci_conn_params *params;
5350 if (!bdaddr_type_is_valid(cp->addr.type)) {
5351 err = mgmt_cmd_complete(sk, hdev->id,
5352 MGMT_OP_REMOVE_DEVICE,
5353 MGMT_STATUS_INVALID_PARAMS,
5354 &cp->addr, sizeof(cp->addr));
5358 if (cp->addr.type == BDADDR_BREDR) {
5359 err = hci_bdaddr_list_del(&hdev->whitelist,
5363 err = mgmt_cmd_complete(sk, hdev->id,
5364 MGMT_OP_REMOVE_DEVICE,
5365 MGMT_STATUS_INVALID_PARAMS,
5371 hci_req_update_scan(hdev);
5373 device_removed(sk, hdev, &cp->addr.bdaddr,
5378 addr_type = le_addr_type(cp->addr.type);
5380 /* Kernel internally uses conn_params with resolvable private
5381 * address, but Remove Device allows only identity addresses.
5382 * Make sure it is enforced before calling
5383 * hci_conn_params_lookup.
5385 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5386 err = mgmt_cmd_complete(sk, hdev->id,
5387 MGMT_OP_REMOVE_DEVICE,
5388 MGMT_STATUS_INVALID_PARAMS,
5389 &cp->addr, sizeof(cp->addr));
5393 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5396 err = mgmt_cmd_complete(sk, hdev->id,
5397 MGMT_OP_REMOVE_DEVICE,
5398 MGMT_STATUS_INVALID_PARAMS,
5399 &cp->addr, sizeof(cp->addr));
5403 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5404 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5405 err = mgmt_cmd_complete(sk, hdev->id,
5406 MGMT_OP_REMOVE_DEVICE,
5407 MGMT_STATUS_INVALID_PARAMS,
5408 &cp->addr, sizeof(cp->addr));
5412 list_del(¶ms->action);
5413 list_del(¶ms->list);
5415 hci_update_background_scan(hdev);
5417 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5419 struct hci_conn_params *p, *tmp;
5420 struct bdaddr_list *b, *btmp;
5422 if (cp->addr.type) {
5423 err = mgmt_cmd_complete(sk, hdev->id,
5424 MGMT_OP_REMOVE_DEVICE,
5425 MGMT_STATUS_INVALID_PARAMS,
5426 &cp->addr, sizeof(cp->addr));
5430 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5431 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5436 hci_req_update_scan(hdev);
5438 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5439 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5441 device_removed(sk, hdev, &p->addr, p->addr_type);
5442 if (p->explicit_connect) {
5443 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5446 list_del(&p->action);
5451 BT_DBG("All LE connection parameters were removed");
5453 hci_update_background_scan(hdev);
5457 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5458 MGMT_STATUS_SUCCESS, &cp->addr,
5461 hci_dev_unlock(hdev);
5465 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5468 struct mgmt_cp_load_conn_param *cp = data;
5469 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5470 sizeof(struct mgmt_conn_param));
5471 u16 param_count, expected_len;
5474 if (!lmp_le_capable(hdev))
5475 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5476 MGMT_STATUS_NOT_SUPPORTED);
5478 param_count = __le16_to_cpu(cp->param_count);
5479 if (param_count > max_param_count) {
5480 BT_ERR("load_conn_param: too big param_count value %u",
5482 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5483 MGMT_STATUS_INVALID_PARAMS);
5486 expected_len = sizeof(*cp) + param_count *
5487 sizeof(struct mgmt_conn_param);
5488 if (expected_len != len) {
5489 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5491 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5492 MGMT_STATUS_INVALID_PARAMS);
5495 BT_DBG("%s param_count %u", hdev->name, param_count);
5499 hci_conn_params_clear_disabled(hdev);
5501 for (i = 0; i < param_count; i++) {
5502 struct mgmt_conn_param *param = &cp->params[i];
5503 struct hci_conn_params *hci_param;
5504 u16 min, max, latency, timeout;
5507 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5510 if (param->addr.type == BDADDR_LE_PUBLIC) {
5511 addr_type = ADDR_LE_DEV_PUBLIC;
5512 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5513 addr_type = ADDR_LE_DEV_RANDOM;
5515 BT_ERR("Ignoring invalid connection parameters");
5519 min = le16_to_cpu(param->min_interval);
5520 max = le16_to_cpu(param->max_interval);
5521 latency = le16_to_cpu(param->latency);
5522 timeout = le16_to_cpu(param->timeout);
5524 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5525 min, max, latency, timeout);
5527 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5528 BT_ERR("Ignoring invalid connection parameters");
5532 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5535 BT_ERR("Failed to add connection parameters");
5539 hci_param->conn_min_interval = min;
5540 hci_param->conn_max_interval = max;
5541 hci_param->conn_latency = latency;
5542 hci_param->supervision_timeout = timeout;
5545 hci_dev_unlock(hdev);
5547 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5551 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5552 void *data, u16 len)
5554 struct mgmt_cp_set_external_config *cp = data;
5558 BT_DBG("%s", hdev->name);
5560 if (hdev_is_powered(hdev))
5561 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5562 MGMT_STATUS_REJECTED);
5564 if (cp->config != 0x00 && cp->config != 0x01)
5565 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5566 MGMT_STATUS_INVALID_PARAMS);
5568 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5570 MGMT_STATUS_NOT_SUPPORTED);
5575 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
5577 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
5579 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5586 err = new_options(hdev, sk);
5588 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
5589 mgmt_index_removed(hdev);
5591 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
5592 hci_dev_set_flag(hdev, HCI_CONFIG);
5593 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5595 queue_work(hdev->req_workqueue, &hdev->power_on);
5597 set_bit(HCI_RAW, &hdev->flags);
5598 mgmt_index_added(hdev);
5603 hci_dev_unlock(hdev);
5607 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5608 void *data, u16 len)
5610 struct mgmt_cp_set_public_address *cp = data;
5614 BT_DBG("%s", hdev->name);
5616 if (hdev_is_powered(hdev))
5617 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5618 MGMT_STATUS_REJECTED);
5620 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5621 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5622 MGMT_STATUS_INVALID_PARAMS);
5624 if (!hdev->set_bdaddr)
5625 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5626 MGMT_STATUS_NOT_SUPPORTED);
5630 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5631 bacpy(&hdev->public_addr, &cp->bdaddr);
5633 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5640 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
5641 err = new_options(hdev, sk);
5643 if (is_configured(hdev)) {
5644 mgmt_index_removed(hdev);
5646 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
5648 hci_dev_set_flag(hdev, HCI_CONFIG);
5649 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5651 queue_work(hdev->req_workqueue, &hdev->power_on);
5655 hci_dev_unlock(hdev);
5659 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5660 u16 opcode, struct sk_buff *skb)
5662 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5663 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5664 u8 *h192, *r192, *h256, *r256;
5665 struct mgmt_pending_cmd *cmd;
5669 BT_DBG("%s status %u", hdev->name, status);
5671 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5675 mgmt_cp = cmd->param;
5678 status = mgmt_status(status);
5685 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5686 struct hci_rp_read_local_oob_data *rp;
5688 if (skb->len != sizeof(*rp)) {
5689 status = MGMT_STATUS_FAILED;
5692 status = MGMT_STATUS_SUCCESS;
5693 rp = (void *)skb->data;
5695 eir_len = 5 + 18 + 18;
5702 struct hci_rp_read_local_oob_ext_data *rp;
5704 if (skb->len != sizeof(*rp)) {
5705 status = MGMT_STATUS_FAILED;
5708 status = MGMT_STATUS_SUCCESS;
5709 rp = (void *)skb->data;
5711 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5712 eir_len = 5 + 18 + 18;
5716 eir_len = 5 + 18 + 18 + 18 + 18;
5726 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5733 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5734 hdev->dev_class, 3);
5737 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5738 EIR_SSP_HASH_C192, h192, 16);
5739 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5740 EIR_SSP_RAND_R192, r192, 16);
5744 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5745 EIR_SSP_HASH_C256, h256, 16);
5746 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5747 EIR_SSP_RAND_R256, r256, 16);
5751 mgmt_rp->type = mgmt_cp->type;
5752 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5754 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5755 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5756 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5757 if (err < 0 || status)
5760 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5762 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5763 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5764 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5767 mgmt_pending_remove(cmd);
5770 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5771 struct mgmt_cp_read_local_oob_ext_data *cp)
5773 struct mgmt_pending_cmd *cmd;
5774 struct hci_request req;
5777 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5782 hci_req_init(&req, hdev);
5784 if (bredr_sc_enabled(hdev))
5785 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5787 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5789 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5791 mgmt_pending_remove(cmd);
5798 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5799 void *data, u16 data_len)
5801 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5802 struct mgmt_rp_read_local_oob_ext_data *rp;
5805 u8 status, flags, role, addr[7], hash[16], rand[16];
5808 BT_DBG("%s", hdev->name);
5810 if (hdev_is_powered(hdev)) {
5812 case BIT(BDADDR_BREDR):
5813 status = mgmt_bredr_support(hdev);
5819 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5820 status = mgmt_le_support(hdev);
5824 eir_len = 9 + 3 + 18 + 18 + 3;
5827 status = MGMT_STATUS_INVALID_PARAMS;
5832 status = MGMT_STATUS_NOT_POWERED;
5836 rp_len = sizeof(*rp) + eir_len;
5837 rp = kmalloc(rp_len, GFP_ATOMIC);
5848 case BIT(BDADDR_BREDR):
5849 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5850 err = read_local_ssp_oob_req(hdev, sk, cp);
5851 hci_dev_unlock(hdev);
5855 status = MGMT_STATUS_FAILED;
5858 eir_len = eir_append_data(rp->eir, eir_len,
5860 hdev->dev_class, 3);
5863 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5864 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5865 smp_generate_oob(hdev, hash, rand) < 0) {
5866 hci_dev_unlock(hdev);
5867 status = MGMT_STATUS_FAILED;
5871 /* This should return the active RPA, but since the RPA
5872 * is only programmed on demand, it is really hard to fill
5873 * this in at the moment. For now disallow retrieving
5874 * local out-of-band data when privacy is in use.
5876 * Returning the identity address will not help here since
5877 * pairing happens before the identity resolving key is
5878 * known and thus the connection establishment happens
5879 * based on the RPA and not the identity address.
5881 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
5882 hci_dev_unlock(hdev);
5883 status = MGMT_STATUS_REJECTED;
5887 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
5888 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
5889 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5890 bacmp(&hdev->static_addr, BDADDR_ANY))) {
5891 memcpy(addr, &hdev->static_addr, 6);
5894 memcpy(addr, &hdev->bdaddr, 6);
5898 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
5899 addr, sizeof(addr));
5901 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
5906 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
5907 &role, sizeof(role));
5909 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
5910 eir_len = eir_append_data(rp->eir, eir_len,
5912 hash, sizeof(hash));
5914 eir_len = eir_append_data(rp->eir, eir_len,
5916 rand, sizeof(rand));
5919 flags = mgmt_get_adv_discov_flags(hdev);
5921 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5922 flags |= LE_AD_NO_BREDR;
5924 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
5925 &flags, sizeof(flags));
5929 hci_dev_unlock(hdev);
5931 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
5933 status = MGMT_STATUS_SUCCESS;
5936 rp->type = cp->type;
5937 rp->eir_len = cpu_to_le16(eir_len);
5939 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
5940 status, rp, sizeof(*rp) + eir_len);
5941 if (err < 0 || status)
5944 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5945 rp, sizeof(*rp) + eir_len,
5946 HCI_MGMT_OOB_DATA_EVENTS, sk);
5954 static u32 get_supported_adv_flags(struct hci_dev *hdev)
5958 flags |= MGMT_ADV_FLAG_CONNECTABLE;
5959 flags |= MGMT_ADV_FLAG_DISCOV;
5960 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
5961 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
5962 flags |= MGMT_ADV_FLAG_APPEARANCE;
5963 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
5965 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
5966 flags |= MGMT_ADV_FLAG_TX_POWER;
5971 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
5972 void *data, u16 data_len)
5974 struct mgmt_rp_read_adv_features *rp;
5977 struct adv_info *adv_instance;
5978 u32 supported_flags;
5981 BT_DBG("%s", hdev->name);
5983 if (!lmp_le_capable(hdev))
5984 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5985 MGMT_STATUS_REJECTED);
5989 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
5990 rp = kmalloc(rp_len, GFP_ATOMIC);
5992 hci_dev_unlock(hdev);
5996 supported_flags = get_supported_adv_flags(hdev);
5998 rp->supported_flags = cpu_to_le32(supported_flags);
5999 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6000 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6001 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6002 rp->num_instances = hdev->adv_instance_cnt;
6004 instance = rp->instance;
6005 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6006 *instance = adv_instance->instance;
6010 hci_dev_unlock(hdev);
6012 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6013 MGMT_STATUS_SUCCESS, rp, rp_len);
6020 static u8 calculate_name_len(struct hci_dev *hdev)
6022 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6024 return append_local_name(hdev, buf, 0);
6027 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6030 u8 max_len = HCI_MAX_AD_LENGTH;
6033 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6034 MGMT_ADV_FLAG_LIMITED_DISCOV |
6035 MGMT_ADV_FLAG_MANAGED_FLAGS))
6038 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6041 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6042 max_len -= calculate_name_len(hdev);
6044 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6051 static bool flags_managed(u32 adv_flags)
6053 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6054 MGMT_ADV_FLAG_LIMITED_DISCOV |
6055 MGMT_ADV_FLAG_MANAGED_FLAGS);
6058 static bool tx_power_managed(u32 adv_flags)
6060 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6063 static bool name_managed(u32 adv_flags)
6065 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6068 static bool appearance_managed(u32 adv_flags)
6070 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6073 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6074 u8 len, bool is_adv_data)
6079 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
6084 /* Make sure that the data is correctly formatted. */
6085 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6088 if (data[i + 1] == EIR_FLAGS &&
6089 (!is_adv_data || flags_managed(adv_flags)))
6092 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6095 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6098 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6101 if (data[i + 1] == EIR_APPEARANCE &&
6102 appearance_managed(adv_flags))
6105 /* If the current field length would exceed the total data
6106 * length, then it's invalid.
6108 if (i + cur_len >= len)
6115 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6118 struct mgmt_pending_cmd *cmd;
6119 struct mgmt_cp_add_advertising *cp;
6120 struct mgmt_rp_add_advertising rp;
6121 struct adv_info *adv_instance, *n;
6124 BT_DBG("status %d", status);
6128 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6130 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6131 if (!adv_instance->pending)
6135 adv_instance->pending = false;
6139 instance = adv_instance->instance;
6141 if (hdev->cur_adv_instance == instance)
6142 cancel_adv_timeout(hdev);
6144 hci_remove_adv_instance(hdev, instance);
6145 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6152 rp.instance = cp->instance;
6155 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6156 mgmt_status(status));
6158 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6159 mgmt_status(status), &rp, sizeof(rp));
6161 mgmt_pending_remove(cmd);
6164 hci_dev_unlock(hdev);
6167 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6168 void *data, u16 data_len)
6170 struct mgmt_cp_add_advertising *cp = data;
6171 struct mgmt_rp_add_advertising rp;
6173 u32 supported_flags;
6175 u16 timeout, duration;
6176 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6177 u8 schedule_instance = 0;
6178 struct adv_info *next_instance;
6180 struct mgmt_pending_cmd *cmd;
6181 struct hci_request req;
6183 BT_DBG("%s", hdev->name);
6185 status = mgmt_le_support(hdev);
6187 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6190 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6191 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6192 MGMT_STATUS_INVALID_PARAMS);
6194 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6195 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6196 MGMT_STATUS_INVALID_PARAMS);
6198 flags = __le32_to_cpu(cp->flags);
6199 timeout = __le16_to_cpu(cp->timeout);
6200 duration = __le16_to_cpu(cp->duration);
6202 /* The current implementation only supports a subset of the specified
6205 supported_flags = get_supported_adv_flags(hdev);
6206 if (flags & ~supported_flags)
6207 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6208 MGMT_STATUS_INVALID_PARAMS);
6212 if (timeout && !hdev_is_powered(hdev)) {
6213 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6214 MGMT_STATUS_REJECTED);
6218 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6219 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6220 pending_find(MGMT_OP_SET_LE, hdev)) {
6221 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6226 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6227 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6228 cp->scan_rsp_len, false)) {
6229 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6230 MGMT_STATUS_INVALID_PARAMS);
6234 err = hci_add_adv_instance(hdev, cp->instance, flags,
6235 cp->adv_data_len, cp->data,
6237 cp->data + cp->adv_data_len,
6240 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6241 MGMT_STATUS_FAILED);
6245 /* Only trigger an advertising added event if a new instance was
6248 if (hdev->adv_instance_cnt > prev_instance_cnt)
6249 mgmt_advertising_added(sk, hdev, cp->instance);
6251 if (hdev->cur_adv_instance == cp->instance) {
6252 /* If the currently advertised instance is being changed then
6253 * cancel the current advertising and schedule the next
6254 * instance. If there is only one instance then the overridden
6255 * advertising data will be visible right away.
6257 cancel_adv_timeout(hdev);
6259 next_instance = hci_get_next_instance(hdev, cp->instance);
6261 schedule_instance = next_instance->instance;
6262 } else if (!hdev->adv_instance_timeout) {
6263 /* Immediately advertise the new instance if no other
6264 * instance is currently being advertised.
6266 schedule_instance = cp->instance;
6269 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6270 * there is no instance to be advertised then we have no HCI
6271 * communication to make. Simply return.
6273 if (!hdev_is_powered(hdev) ||
6274 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6275 !schedule_instance) {
6276 rp.instance = cp->instance;
6277 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6278 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6282 /* We're good to go, update advertising data, parameters, and start
6285 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6292 hci_req_init(&req, hdev);
6294 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6297 err = hci_req_run(&req, add_advertising_complete);
6300 mgmt_pending_remove(cmd);
6303 hci_dev_unlock(hdev);
6308 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6311 struct mgmt_pending_cmd *cmd;
6312 struct mgmt_cp_remove_advertising *cp;
6313 struct mgmt_rp_remove_advertising rp;
6315 BT_DBG("status %d", status);
6319 /* A failure status here only means that we failed to disable
6320 * advertising. Otherwise, the advertising instance has been removed,
6321 * so report success.
6323 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6328 rp.instance = cp->instance;
6330 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6332 mgmt_pending_remove(cmd);
6335 hci_dev_unlock(hdev);
6338 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6339 void *data, u16 data_len)
6341 struct mgmt_cp_remove_advertising *cp = data;
6342 struct mgmt_rp_remove_advertising rp;
6343 struct mgmt_pending_cmd *cmd;
6344 struct hci_request req;
6347 BT_DBG("%s", hdev->name);
6351 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6352 err = mgmt_cmd_status(sk, hdev->id,
6353 MGMT_OP_REMOVE_ADVERTISING,
6354 MGMT_STATUS_INVALID_PARAMS);
6358 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6359 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6360 pending_find(MGMT_OP_SET_LE, hdev)) {
6361 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6366 if (list_empty(&hdev->adv_instances)) {
6367 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6368 MGMT_STATUS_INVALID_PARAMS);
6372 hci_req_init(&req, hdev);
6374 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6376 if (list_empty(&hdev->adv_instances))
6377 __hci_req_disable_advertising(&req);
6379 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6380 * flag is set or the device isn't powered then we have no HCI
6381 * communication to make. Simply return.
6383 if (skb_queue_empty(&req.cmd_q) ||
6384 !hdev_is_powered(hdev) ||
6385 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6386 rp.instance = cp->instance;
6387 err = mgmt_cmd_complete(sk, hdev->id,
6388 MGMT_OP_REMOVE_ADVERTISING,
6389 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6393 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6400 err = hci_req_run(&req, remove_advertising_complete);
6402 mgmt_pending_remove(cmd);
6405 hci_dev_unlock(hdev);
6410 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6411 void *data, u16 data_len)
6413 struct mgmt_cp_get_adv_size_info *cp = data;
6414 struct mgmt_rp_get_adv_size_info rp;
6415 u32 flags, supported_flags;
6418 BT_DBG("%s", hdev->name);
6420 if (!lmp_le_capable(hdev))
6421 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6422 MGMT_STATUS_REJECTED);
6424 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6425 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6426 MGMT_STATUS_INVALID_PARAMS);
6428 flags = __le32_to_cpu(cp->flags);
6430 /* The current implementation only supports a subset of the specified
6433 supported_flags = get_supported_adv_flags(hdev);
6434 if (flags & ~supported_flags)
6435 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6436 MGMT_STATUS_INVALID_PARAMS);
6438 rp.instance = cp->instance;
6439 rp.flags = cp->flags;
6440 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
6441 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
6443 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6444 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6449 static const struct hci_mgmt_handler mgmt_handlers[] = {
6450 { NULL }, /* 0x0000 (no command) */
6451 { read_version, MGMT_READ_VERSION_SIZE,
6453 HCI_MGMT_UNTRUSTED },
6454 { read_commands, MGMT_READ_COMMANDS_SIZE,
6456 HCI_MGMT_UNTRUSTED },
6457 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6459 HCI_MGMT_UNTRUSTED },
6460 { read_controller_info, MGMT_READ_INFO_SIZE,
6461 HCI_MGMT_UNTRUSTED },
6462 { set_powered, MGMT_SETTING_SIZE },
6463 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6464 { set_connectable, MGMT_SETTING_SIZE },
6465 { set_fast_connectable, MGMT_SETTING_SIZE },
6466 { set_bondable, MGMT_SETTING_SIZE },
6467 { set_link_security, MGMT_SETTING_SIZE },
6468 { set_ssp, MGMT_SETTING_SIZE },
6469 { set_hs, MGMT_SETTING_SIZE },
6470 { set_le, MGMT_SETTING_SIZE },
6471 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6472 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6473 { add_uuid, MGMT_ADD_UUID_SIZE },
6474 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6475 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6477 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6479 { disconnect, MGMT_DISCONNECT_SIZE },
6480 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6481 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6482 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6483 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6484 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6485 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6486 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6487 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6488 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6489 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6490 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6491 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6492 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6494 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6495 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6496 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6497 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6498 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6499 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6500 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6501 { set_advertising, MGMT_SETTING_SIZE },
6502 { set_bredr, MGMT_SETTING_SIZE },
6503 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6504 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6505 { set_secure_conn, MGMT_SETTING_SIZE },
6506 { set_debug_keys, MGMT_SETTING_SIZE },
6507 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6508 { load_irks, MGMT_LOAD_IRKS_SIZE,
6510 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6511 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6512 { add_device, MGMT_ADD_DEVICE_SIZE },
6513 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6514 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6516 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6518 HCI_MGMT_UNTRUSTED },
6519 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6520 HCI_MGMT_UNCONFIGURED |
6521 HCI_MGMT_UNTRUSTED },
6522 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6523 HCI_MGMT_UNCONFIGURED },
6524 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6525 HCI_MGMT_UNCONFIGURED },
6526 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6528 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6529 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6531 HCI_MGMT_UNTRUSTED },
6532 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6533 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6535 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6536 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
6537 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
6538 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6539 HCI_MGMT_UNTRUSTED },
6540 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6543 void mgmt_index_added(struct hci_dev *hdev)
6545 struct mgmt_ev_ext_index ev;
6547 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6550 switch (hdev->dev_type) {
6552 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6553 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6554 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6557 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6558 HCI_MGMT_INDEX_EVENTS);
6571 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6572 HCI_MGMT_EXT_INDEX_EVENTS);
6575 void mgmt_index_removed(struct hci_dev *hdev)
6577 struct mgmt_ev_ext_index ev;
6578 u8 status = MGMT_STATUS_INVALID_INDEX;
6580 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6583 switch (hdev->dev_type) {
6585 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6587 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6588 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6589 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6592 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6593 HCI_MGMT_INDEX_EVENTS);
6606 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6607 HCI_MGMT_EXT_INDEX_EVENTS);
6610 /* This function requires the caller holds hdev->lock */
6611 static void restart_le_actions(struct hci_dev *hdev)
6613 struct hci_conn_params *p;
6615 list_for_each_entry(p, &hdev->le_conn_params, list) {
6616 /* Needed for AUTO_OFF case where might not "really"
6617 * have been powered off.
6619 list_del_init(&p->action);
6621 switch (p->auto_connect) {
6622 case HCI_AUTO_CONN_DIRECT:
6623 case HCI_AUTO_CONN_ALWAYS:
6624 list_add(&p->action, &hdev->pend_le_conns);
6626 case HCI_AUTO_CONN_REPORT:
6627 list_add(&p->action, &hdev->pend_le_reports);
6635 void mgmt_power_on(struct hci_dev *hdev, int err)
6637 struct cmd_lookup match = { NULL, hdev };
6639 BT_DBG("err %d", err);
6644 restart_le_actions(hdev);
6645 hci_update_background_scan(hdev);
6648 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6650 new_settings(hdev, match.sk);
6655 hci_dev_unlock(hdev);
6658 void __mgmt_power_off(struct hci_dev *hdev)
6660 struct cmd_lookup match = { NULL, hdev };
6661 u8 status, zero_cod[] = { 0, 0, 0 };
6663 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6665 /* If the power off is because of hdev unregistration let
6666 * use the appropriate INVALID_INDEX status. Otherwise use
6667 * NOT_POWERED. We cover both scenarios here since later in
6668 * mgmt_index_removed() any hci_conn callbacks will have already
6669 * been triggered, potentially causing misleading DISCONNECTED
6672 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
6673 status = MGMT_STATUS_INVALID_INDEX;
6675 status = MGMT_STATUS_NOT_POWERED;
6677 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6679 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
6680 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6681 zero_cod, sizeof(zero_cod),
6682 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
6683 ext_info_changed(hdev, NULL);
6686 new_settings(hdev, match.sk);
6692 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
6694 struct mgmt_pending_cmd *cmd;
6697 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6701 if (err == -ERFKILL)
6702 status = MGMT_STATUS_RFKILLED;
6704 status = MGMT_STATUS_FAILED;
6706 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
6708 mgmt_pending_remove(cmd);
6711 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6714 struct mgmt_ev_new_link_key ev;
6716 memset(&ev, 0, sizeof(ev));
6718 ev.store_hint = persistent;
6719 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6720 ev.key.addr.type = BDADDR_BREDR;
6721 ev.key.type = key->type;
6722 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6723 ev.key.pin_len = key->pin_len;
6725 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6728 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6730 switch (ltk->type) {
6733 if (ltk->authenticated)
6734 return MGMT_LTK_AUTHENTICATED;
6735 return MGMT_LTK_UNAUTHENTICATED;
6737 if (ltk->authenticated)
6738 return MGMT_LTK_P256_AUTH;
6739 return MGMT_LTK_P256_UNAUTH;
6740 case SMP_LTK_P256_DEBUG:
6741 return MGMT_LTK_P256_DEBUG;
6744 return MGMT_LTK_UNAUTHENTICATED;
6747 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6749 struct mgmt_ev_new_long_term_key ev;
6751 memset(&ev, 0, sizeof(ev));
6753 /* Devices using resolvable or non-resolvable random addresses
6754 * without providing an identity resolving key don't require
6755 * to store long term keys. Their addresses will change the
6758 * Only when a remote device provides an identity address
6759 * make sure the long term key is stored. If the remote
6760 * identity is known, the long term keys are internally
6761 * mapped to the identity address. So allow static random
6762 * and public addresses here.
6764 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6765 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6766 ev.store_hint = 0x00;
6768 ev.store_hint = persistent;
6770 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6771 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6772 ev.key.type = mgmt_ltk_type(key);
6773 ev.key.enc_size = key->enc_size;
6774 ev.key.ediv = key->ediv;
6775 ev.key.rand = key->rand;
6777 if (key->type == SMP_LTK)
6780 /* Make sure we copy only the significant bytes based on the
6781 * encryption key size, and set the rest of the value to zeroes.
6783 memcpy(ev.key.val, key->val, key->enc_size);
6784 memset(ev.key.val + key->enc_size, 0,
6785 sizeof(ev.key.val) - key->enc_size);
6787 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6790 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
6792 struct mgmt_ev_new_irk ev;
6794 memset(&ev, 0, sizeof(ev));
6796 ev.store_hint = persistent;
6798 bacpy(&ev.rpa, &irk->rpa);
6799 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6800 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6801 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6803 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6806 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6809 struct mgmt_ev_new_csrk ev;
6811 memset(&ev, 0, sizeof(ev));
6813 /* Devices using resolvable or non-resolvable random addresses
6814 * without providing an identity resolving key don't require
6815 * to store signature resolving keys. Their addresses will change
6816 * the next time around.
6818 * Only when a remote device provides an identity address
6819 * make sure the signature resolving key is stored. So allow
6820 * static random and public addresses here.
6822 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6823 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6824 ev.store_hint = 0x00;
6826 ev.store_hint = persistent;
6828 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6829 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6830 ev.key.type = csrk->type;
6831 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6833 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6836 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6837 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6838 u16 max_interval, u16 latency, u16 timeout)
6840 struct mgmt_ev_new_conn_param ev;
6842 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6845 memset(&ev, 0, sizeof(ev));
6846 bacpy(&ev.addr.bdaddr, bdaddr);
6847 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6848 ev.store_hint = store_hint;
6849 ev.min_interval = cpu_to_le16(min_interval);
6850 ev.max_interval = cpu_to_le16(max_interval);
6851 ev.latency = cpu_to_le16(latency);
6852 ev.timeout = cpu_to_le16(timeout);
6854 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6857 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6858 u32 flags, u8 *name, u8 name_len)
6861 struct mgmt_ev_device_connected *ev = (void *) buf;
6864 bacpy(&ev->addr.bdaddr, &conn->dst);
6865 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6867 ev->flags = __cpu_to_le32(flags);
6869 /* We must ensure that the EIR Data fields are ordered and
6870 * unique. Keep it simple for now and avoid the problem by not
6871 * adding any BR/EDR data to the LE adv.
6873 if (conn->le_adv_data_len > 0) {
6874 memcpy(&ev->eir[eir_len],
6875 conn->le_adv_data, conn->le_adv_data_len);
6876 eir_len = conn->le_adv_data_len;
6879 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6882 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
6883 eir_len = eir_append_data(ev->eir, eir_len,
6885 conn->dev_class, 3);
6888 ev->eir_len = cpu_to_le16(eir_len);
6890 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6891 sizeof(*ev) + eir_len, NULL);
6894 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
6896 struct sock **sk = data;
6898 cmd->cmd_complete(cmd, 0);
6903 mgmt_pending_remove(cmd);
6906 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
6908 struct hci_dev *hdev = data;
6909 struct mgmt_cp_unpair_device *cp = cmd->param;
6911 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6913 cmd->cmd_complete(cmd, 0);
6914 mgmt_pending_remove(cmd);
6917 bool mgmt_powering_down(struct hci_dev *hdev)
6919 struct mgmt_pending_cmd *cmd;
6920 struct mgmt_mode *cp;
6922 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6933 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6934 u8 link_type, u8 addr_type, u8 reason,
6935 bool mgmt_connected)
6937 struct mgmt_ev_device_disconnected ev;
6938 struct sock *sk = NULL;
6940 /* The connection is still in hci_conn_hash so test for 1
6941 * instead of 0 to know if this is the last one.
6943 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6944 cancel_delayed_work(&hdev->power_off);
6945 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6948 if (!mgmt_connected)
6951 if (link_type != ACL_LINK && link_type != LE_LINK)
6954 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6956 bacpy(&ev.addr.bdaddr, bdaddr);
6957 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6960 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6965 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6969 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6970 u8 link_type, u8 addr_type, u8 status)
6972 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6973 struct mgmt_cp_disconnect *cp;
6974 struct mgmt_pending_cmd *cmd;
6976 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6979 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
6985 if (bacmp(bdaddr, &cp->addr.bdaddr))
6988 if (cp->addr.type != bdaddr_type)
6991 cmd->cmd_complete(cmd, mgmt_status(status));
6992 mgmt_pending_remove(cmd);
6995 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6996 u8 addr_type, u8 status)
6998 struct mgmt_ev_connect_failed ev;
7000 /* The connection is still in hci_conn_hash so test for 1
7001 * instead of 0 to know if this is the last one.
7003 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7004 cancel_delayed_work(&hdev->power_off);
7005 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7008 bacpy(&ev.addr.bdaddr, bdaddr);
7009 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7010 ev.status = mgmt_status(status);
7012 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7015 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7017 struct mgmt_ev_pin_code_request ev;
7019 bacpy(&ev.addr.bdaddr, bdaddr);
7020 ev.addr.type = BDADDR_BREDR;
7023 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7026 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7029 struct mgmt_pending_cmd *cmd;
7031 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7035 cmd->cmd_complete(cmd, mgmt_status(status));
7036 mgmt_pending_remove(cmd);
7039 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7042 struct mgmt_pending_cmd *cmd;
7044 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7048 cmd->cmd_complete(cmd, mgmt_status(status));
7049 mgmt_pending_remove(cmd);
7052 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7053 u8 link_type, u8 addr_type, u32 value,
7056 struct mgmt_ev_user_confirm_request ev;
7058 BT_DBG("%s", hdev->name);
7060 bacpy(&ev.addr.bdaddr, bdaddr);
7061 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7062 ev.confirm_hint = confirm_hint;
7063 ev.value = cpu_to_le32(value);
7065 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7069 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7070 u8 link_type, u8 addr_type)
7072 struct mgmt_ev_user_passkey_request ev;
7074 BT_DBG("%s", hdev->name);
7076 bacpy(&ev.addr.bdaddr, bdaddr);
7077 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7079 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7083 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7084 u8 link_type, u8 addr_type, u8 status,
7087 struct mgmt_pending_cmd *cmd;
7089 cmd = pending_find(opcode, hdev);
7093 cmd->cmd_complete(cmd, mgmt_status(status));
7094 mgmt_pending_remove(cmd);
7099 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7100 u8 link_type, u8 addr_type, u8 status)
7102 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7103 status, MGMT_OP_USER_CONFIRM_REPLY);
7106 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7107 u8 link_type, u8 addr_type, u8 status)
7109 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7111 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7114 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7115 u8 link_type, u8 addr_type, u8 status)
7117 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7118 status, MGMT_OP_USER_PASSKEY_REPLY);
7121 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7122 u8 link_type, u8 addr_type, u8 status)
7124 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7126 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7129 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7130 u8 link_type, u8 addr_type, u32 passkey,
7133 struct mgmt_ev_passkey_notify ev;
7135 BT_DBG("%s", hdev->name);
7137 bacpy(&ev.addr.bdaddr, bdaddr);
7138 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7139 ev.passkey = __cpu_to_le32(passkey);
7140 ev.entered = entered;
7142 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7145 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7147 struct mgmt_ev_auth_failed ev;
7148 struct mgmt_pending_cmd *cmd;
7149 u8 status = mgmt_status(hci_status);
7151 bacpy(&ev.addr.bdaddr, &conn->dst);
7152 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7155 cmd = find_pairing(conn);
7157 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7158 cmd ? cmd->sk : NULL);
7161 cmd->cmd_complete(cmd, status);
7162 mgmt_pending_remove(cmd);
7166 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7168 struct cmd_lookup match = { NULL, hdev };
7172 u8 mgmt_err = mgmt_status(status);
7173 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7174 cmd_status_rsp, &mgmt_err);
7178 if (test_bit(HCI_AUTH, &hdev->flags))
7179 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7181 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7183 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7187 new_settings(hdev, match.sk);
7193 static void clear_eir(struct hci_request *req)
7195 struct hci_dev *hdev = req->hdev;
7196 struct hci_cp_write_eir cp;
7198 if (!lmp_ext_inq_capable(hdev))
7201 memset(hdev->eir, 0, sizeof(hdev->eir));
7203 memset(&cp, 0, sizeof(cp));
7205 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7208 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7210 struct cmd_lookup match = { NULL, hdev };
7211 struct hci_request req;
7212 bool changed = false;
7215 u8 mgmt_err = mgmt_status(status);
7217 if (enable && hci_dev_test_and_clear_flag(hdev,
7219 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7220 new_settings(hdev, NULL);
7223 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7229 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7231 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7233 changed = hci_dev_test_and_clear_flag(hdev,
7236 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7239 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7242 new_settings(hdev, match.sk);
7247 hci_req_init(&req, hdev);
7249 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7250 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7251 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7252 sizeof(enable), &enable);
7253 __hci_req_update_eir(&req);
7258 hci_req_run(&req, NULL);
7261 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7263 struct cmd_lookup *match = data;
7265 if (match->sk == NULL) {
7266 match->sk = cmd->sk;
7267 sock_hold(match->sk);
7271 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7274 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7276 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7277 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7278 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7281 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7282 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7283 ext_info_changed(hdev, NULL);
7290 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7292 struct mgmt_cp_set_local_name ev;
7293 struct mgmt_pending_cmd *cmd;
7298 memset(&ev, 0, sizeof(ev));
7299 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7300 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7302 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7304 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7306 /* If this is a HCI command related to powering on the
7307 * HCI dev don't send any mgmt signals.
7309 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7313 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7314 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7315 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7318 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7322 for (i = 0; i < uuid_count; i++) {
7323 if (!memcmp(uuid, uuids[i], 16))
7330 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7334 while (parsed < eir_len) {
7335 u8 field_len = eir[0];
7342 if (eir_len - parsed < field_len + 1)
7346 case EIR_UUID16_ALL:
7347 case EIR_UUID16_SOME:
7348 for (i = 0; i + 3 <= field_len; i += 2) {
7349 memcpy(uuid, bluetooth_base_uuid, 16);
7350 uuid[13] = eir[i + 3];
7351 uuid[12] = eir[i + 2];
7352 if (has_uuid(uuid, uuid_count, uuids))
7356 case EIR_UUID32_ALL:
7357 case EIR_UUID32_SOME:
7358 for (i = 0; i + 5 <= field_len; i += 4) {
7359 memcpy(uuid, bluetooth_base_uuid, 16);
7360 uuid[15] = eir[i + 5];
7361 uuid[14] = eir[i + 4];
7362 uuid[13] = eir[i + 3];
7363 uuid[12] = eir[i + 2];
7364 if (has_uuid(uuid, uuid_count, uuids))
7368 case EIR_UUID128_ALL:
7369 case EIR_UUID128_SOME:
7370 for (i = 0; i + 17 <= field_len; i += 16) {
7371 memcpy(uuid, eir + i + 2, 16);
7372 if (has_uuid(uuid, uuid_count, uuids))
7378 parsed += field_len + 1;
7379 eir += field_len + 1;
7385 static void restart_le_scan(struct hci_dev *hdev)
7387 /* If controller is not scanning we are done. */
7388 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7391 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7392 hdev->discovery.scan_start +
7393 hdev->discovery.scan_duration))
7396 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
7397 DISCOV_LE_RESTART_DELAY);
7400 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7401 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7403 /* If a RSSI threshold has been specified, and
7404 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7405 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7406 * is set, let it through for further processing, as we might need to
7409 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7410 * the results are also dropped.
7412 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7413 (rssi == HCI_RSSI_INVALID ||
7414 (rssi < hdev->discovery.rssi &&
7415 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7418 if (hdev->discovery.uuid_count != 0) {
7419 /* If a list of UUIDs is provided in filter, results with no
7420 * matching UUID should be dropped.
7422 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7423 hdev->discovery.uuids) &&
7424 !eir_has_uuids(scan_rsp, scan_rsp_len,
7425 hdev->discovery.uuid_count,
7426 hdev->discovery.uuids))
7430 /* If duplicate filtering does not report RSSI changes, then restart
7431 * scanning to ensure updated result with updated RSSI values.
7433 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7434 restart_le_scan(hdev);
7436 /* Validate RSSI value against the RSSI threshold once more. */
7437 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7438 rssi < hdev->discovery.rssi)
7445 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7446 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7447 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7450 struct mgmt_ev_device_found *ev = (void *)buf;
7453 /* Don't send events for a non-kernel initiated discovery. With
7454 * LE one exception is if we have pend_le_reports > 0 in which
7455 * case we're doing passive scanning and want these events.
7457 if (!hci_discovery_active(hdev)) {
7458 if (link_type == ACL_LINK)
7460 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7464 if (hdev->discovery.result_filtering) {
7465 /* We are using service discovery */
7466 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7471 if (hdev->discovery.limited) {
7472 /* Check for limited discoverable bit */
7474 if (!(dev_class[1] & 0x20))
7477 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7478 if (!flags || !(flags[0] & LE_AD_LIMITED))
7483 /* Make sure that the buffer is big enough. The 5 extra bytes
7484 * are for the potential CoD field.
7486 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7489 memset(buf, 0, sizeof(buf));
7491 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7492 * RSSI value was reported as 0 when not available. This behavior
7493 * is kept when using device discovery. This is required for full
7494 * backwards compatibility with the API.
7496 * However when using service discovery, the value 127 will be
7497 * returned when the RSSI is not available.
7499 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7500 link_type == ACL_LINK)
7503 bacpy(&ev->addr.bdaddr, bdaddr);
7504 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7506 ev->flags = cpu_to_le32(flags);
7509 /* Copy EIR or advertising data into event */
7510 memcpy(ev->eir, eir, eir_len);
7512 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7514 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7517 if (scan_rsp_len > 0)
7518 /* Append scan response data to event */
7519 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7521 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7522 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7524 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7527 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7528 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7530 struct mgmt_ev_device_found *ev;
7531 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7534 ev = (struct mgmt_ev_device_found *) buf;
7536 memset(buf, 0, sizeof(buf));
7538 bacpy(&ev->addr.bdaddr, bdaddr);
7539 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7542 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7545 ev->eir_len = cpu_to_le16(eir_len);
7547 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7550 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7552 struct mgmt_ev_discovering ev;
7554 BT_DBG("%s discovering %u", hdev->name, discovering);
7556 memset(&ev, 0, sizeof(ev));
7557 ev.type = hdev->discovery.type;
7558 ev.discovering = discovering;
7560 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7563 static struct hci_mgmt_chan chan = {
7564 .channel = HCI_CHANNEL_CONTROL,
7565 .handler_count = ARRAY_SIZE(mgmt_handlers),
7566 .handlers = mgmt_handlers,
7567 .hdev_init = mgmt_init_hdev,
7572 return hci_mgmt_chan_register(&chan);
7575 void mgmt_exit(void)
7577 hci_mgmt_chan_unregister(&chan);
projects / cascardo / linux.git / blob